“Dome9 aims to make sure you close the (cloud) barn door before the horse bolts – not after”
Lori MacVittie, Security Evangelist
Secure Access LeaseWith Dome9, all your cloud servers are fully protected by default. To gain access to a server, the admin requests a secure access lease, which by default provides access for 1 hour, for a specific server and protocol, connecting from a specific IP. Dome9 Central notifies the Dome9 Agent on your cloud server that there is a new policy to enforce (e.g., Allow SSH from IP address 78.111.23.124). The Agent then opens the designated port, enabling the identified user to gain access and carry out his tasks. After the lease expires (default is 1 hour), Dome9 Central notifies the Dome9 Agent to close the cloud server port.
|
Secure Access Lease InvitationsDome9 Central can generate invitations for secure, third-party access. Secure access lease invitations are one-time access passes for a specific port on a cloud server. The invitation grants the recipient secure access to the specified port without the need to log in or authenticate through Dome9 Central. Once the secure access lease invitation has been activated, Dome9 Central automatically configures the cloud server firewall with the new policy (e.g., allow 1 hour MySQL access to a specific cloud server, from a unique IP). Secure access lease invitations are time-limited (max. 24 hours) so cloud servers are secure by default. |
Multi-tiered AdministrationDome9 offers several tiers of administration. Super-users have full control over all cloud servers managed in Dome9 Central. The super user can grant partial or limited access to delegated administrators, and limit that access to a predefined set of machines. A super user, for example, can grant a developer RDP access to a specific staging server, and not to any production machines. |
Consolidated Cloud Security ManagementDome9 centrally manages the cloud security configurations of multiple environments (e.g., Rackspace, EC2, GoGrid, etc.) through its unified manager, Dome9 Central. Whether it’s Linux IPTables, Windows GUI based Firewalls, and/or EC2 Security Groups, cloud security policy management is consolidated in Dome9 Central. |
Account Activity AuditingDome9 auditing provides full, account-level visibility and logging of user activity. Advanced filters help you drill down to see when users have logged on to Dome9 Central, changed cloud security policies, sent secure access invitations, and accessed cloud servers. |
Multi-Platform Security GroupsDome9 Security Groups provides group-based policy management across multiple servers and clouds. Consolidate management of multiple cloud servers under an umbrella ‘Group’ profile and then, when you add a server to a Dome9 Security Group, its policy is automatically inherited from the Group profile. Learn More. |