- Developer Tools
Daniil Kulchenko, November 17, 2011
Stackato, our private PaaS platform, makes heavy use of LXC (Linux Containers) to provide a secure, isolated environment for your apps in the cloud. In the age where data security is vital and business-damaging hacks are commonplace, it's becoming increasingly more important to properly secure web applications from malicious attacks.
Each of your apps running with Stackato gets its own partitioned space on your server. What does this mean? From the perspective of your web app, all that is visible of the server is your app's files and processes, and nothing else. The apps can't access other apps running on the same server; can't tamper with your server's configuration; can't mess with hardware, install rogue software, stop other processes, or hack your mail server to send spam to your colleagues (or worse, users!). You get the picture. Stackato ensures that each app has access to everything it needs to operate, and nothing else. Naturally, this means that if someone does manage to hack your app, they won't get far.
At the same time, the LXC infrastructure ensures that all of your apps get a fair share of CPU, and that no one app can grab the entire processor for itself. Also, to prevent an app from going rogue and taking up all of your server's RAM, the Stackato client allows you to set a RAM allocation per-app, ensuring that your server (and your other apps) stay running even if one app is misconfigured. Stackato uses LXC to ensure that no app will go over the RAM limit you set.
(If you're interested in the low-level details of how LXC allows you to keep tight control over your apps, I recommend our article exploring the technical side of setting up LXC, specifically the "Setting resource limits" section.)
Deploy your apps with Stackato and rest easy knowing that your servers and apps are protected from both malicious activity as well as accidental resource-hogging bugs that would otherwise cripple your servers and potentially cause costly downtime and user frustration.
Subscribe to ActiveState Blogs by Email
Share this post: