Public cloud services often come with a huge library of templates for virtual machines, but using these can be risky.

These image library templates are created by the provider themselves, by software partners who use the library as a form of promotion, or by members of their user community who upload an image that they think will be of interest to others.

Unfortunately, in that latter group are those who either by accident or by design leave back door access (perhaps with a poorly protected admin account), install Trojan horse software, fail to identify viruses or create insecure default configurations in the template.

With leading providers like Amazon issuing security advisories on templates, infrastructure admins managing cloud services for their IT and development teams are concerned about their exposure to security issues. This is backed up by research: in 2012 Researchers at France’s Eurecom technology institute, Northeastern University and the security firm SecludIT discovered that 22% of the 5000 machine images tested were still set up to allow a login by whoever set up the virtual machine’s software.

Users who work with these templates can put their data and platform security at risk, and they may also find they’re not using the software vendor’s best practise for configuring their solution. This can present problems for later upgrades, for application performance, and in solving dependencies in the underlying operating system and supporting software.

With the updated Abiquo Appliance Library, delivered with both the Abiquo Provider Edition for service providers and the Abiquo anyCloud service, cloud administrators can take control over the virtual machine templates available to their users, ensuring that they only deploy templates that have been tested and approved.

In the Abiquo Console, admins pick from public or private libraries to build a collection of tested and certified templates for their team for each public cloud region. By using Abiquo’s built-in template search, testing these templates, then adding them to the anyCloud App Library cloud admins can ensure that team members using anyCloud as their public cloud management system can only create virtual machines from these approved templates.

Abiquo even lets the cloud admin change the icon and description to clearly identify the template to team members.

Abiquo's remote search screen

 

See detailed instructions on the Abiquo wiki

O