instance protection
55 views
Skip to first unread message
Roman Gershman
Sep 25, 2016, 9:35:33 AM9/25/16
to gce-discussion, Zacharya Haitin, Alexander Ivanov
Hi,
Amazon has "termination protection" feature in its web console.
What are security measures in google cloud that can help protecting business-critical instances against accidental or unauthorized termination?
Faizan (Google Cloud Support)
Sep 26, 2016, 5:09:18 PM9/26/16
to gce-discussion, zacha...@ubimo.com, alex...@ubimo.com
Hello Roman,
This feature is currently not available for GCE instances. As such, can you please file a feature request through compute engine issue tracker[1]. Once done let me know I'll go ahead and forward it to the product engineering team.
Faizan
Roman Gershman
Sep 27, 2016, 1:50:17 AM9/27/16
to Faizan (Google Cloud Support), gce-discussion, Zacharya Haitin, Alexander Ivanov
--
© 2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to a topic in the Google Groups "gce-discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gce-discussion/fRSvuWqrR8k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/c4767660-cf67-4c74-8fa8-0aececb19ee2%40googlegroups.com.
Roman Gershman | Architect | Ubimo
Paul Nash
Sep 27, 2016, 2:29:50 AM9/27/16
to Roman Gershman, Faizan (Google Cloud Support), gce-discussion, Zacharya Haitin, Alexander Ivanov
Thanks, Roman, appreciate your feature request. This item is on our backlog for future consideration, however I want to make a few comments, and would welcome feedback that you or others might have.
First, you refer to termination protection as a security feature, but in fact the idea here as I understand it really isn't security, but merely "mistaken deletion protection." To that end it does have some value, but there are other possibly dangerous mutations that could take down your service even if the instance couldn't be mistakenly deleted.
So one point of view is that you what you really should want here is in fact security features - removing the permissions of most users to make disruptive changes under normal conditions. Another point of view, still quite valid, is "please just give me the simple flag!" :) Another approach would be more than one flag, protecting against different kinds of operations that might be mistakenly done.
We believe this whole area can use some innovation, as fundamentally it's about designing prudent safety checks on your ops procedures. Would love to hear your thoughts on whether you would want granular flags, or a more security/IAM-based approach, or something different.
Thanks,
-P
On Mon, Sep 26, 2016 at 10:49 PM, Roman Gershman <ro...@ubimo.com> wrote:
On Tue, Sep 27, 2016 at 12:09 AM, 'Faizan (Google Cloud Support)' via gce-discussion <gce-discussion@googlegroups.com> wrote:
Hello Roman,This feature is currently not available for GCE instances. As such, can you please file a feature request through compute engine issue tracker[1]. Once done let me know I'll go ahead and forward it to the product engineering team.Faizan[1] https://code.google.com/p/google-compute-engine/issues/
On Sunday, September 25, 2016 at 9:35:33 AM UTC-4, Roman Gershman wrote:Hi,Amazon has "termination protection" feature in its web console.What are security measures in google cloud that can help protecting business-critical instances against accidental or unauthorized termination?
--
© 2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to a topic in the Google Groups "gce-discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gce-discussion/fRSvuWqrR8k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/c4767660-cf67-4c74-8fa8-0aececb19ee2%40googlegroups.com.
--Roman Gershman | Architect | Ubimo
--
© 2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/CACUhVYVyy%2BpTQh0SX7L0rAaYHkm%3DSe_JcWYWQQxPxdV0Utkabw%40mail.gmail.com.
Roman Gershman
Sep 27, 2016, 4:08:47 AM9/27/16
to Paul Nash, Faizan (Google Cloud Support), gce-discussion, Zacharya Haitin, Alexander Ivanov
Hi,
Yes, you are right - I opened an issue for 2 different features: safety protection (like with a gun) and access restriction.
And actually safety protection which is the simplest one is in fact most desirable by us:
From our experience, once people use UI console to manage their instances it's just matter of time when your most valuable instance is deleted by accident. It has happened to us and once we learned about "Termination Protection" in EC2 we found it as a very *VERY* valuable tool.
Roman
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/CACUhVYVyy%2BpTQh0SX7L0rAaYHkm%3DSe_JcWYWQQxPxdV0Utkabw%40mail.gmail.com.
--
© 2016 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to a topic in the Google Groups "gce-discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/gce-discussion/fRSvuWqrR8k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/CAH3YVZzg1h6hRxG9n1b_217td9v-z0%3D1hrhKqM%2B7fAqmUa9xcg%40mail.gmail.com.
Paul Nash
Sep 27, 2016, 4:36:45 AM9/27/16
to Roman Gershman, Faizan (Google Cloud Support), gce-discussion, Zacharya Haitin, Alexander Ivanov
Thanks Roman, I appreciate your time to share your experiences. We'll keep your comments in mind as we are planning upcoming development schedules, and I'm sure we can address this in a future release (but I can't promise a timeframe right now, sorry).
Thx,
-P
Reply all
Reply to author
Forward
0 new messages