Building a Secure Private Cloud Infrastructure with Open Source Tools

Quotes
Quotes

In this blog post, I will walk you through a project I undertook during my final semester—a capstone project focused on building a secure private cloud infrastructure using open-source tools. This project showcases how OpenNebula, coupled with tools like Wazuh, TrueNAS, and React, can be used to create a robust and secure cloud environment.

Project Overview

The objective of this project was to design and implement a private cloud infrastructure that prioritizes security, scalability, and redundancy. Below are the key components and technologies I used:

  1. OpenNebula: For orchestrating the frontend and backend nodes.

  2. SCSI Storage Devices: For scalable and reliable storage.

  3. Windows Server: To manage access control and user accounts.

  4. Wazuh: For comprehensive security event monitoring.

  5. React: To deploy a demonstration application.

  6. TrueNAS: For creating a backup server to secure data.

Step-by-Step Installation Guide

1. Setting Up the OpenNebula Environment

a. Installing the Frontend Node

The frontend node acts as the central management hub for the cloud environment.

Install the necessary OpenNebula packages on your chosen Linux distribution (Ubuntu/Debian recommended):

  1. sudo apt update sudo apt install opennebula opennebula-sunstone

  2. Configure OpenNebula by editing the oned.conf and sunstone-server.conf files as needed.

  3. Start the OpenNebula services:

    • sudo systemctl start opennebula

    • sudo systemctl start opennebula-sunstone

  4. Access the Sunstone web interface via http://<your-frontend-ip>:9869.

b. Adding Backend Nodes

To ensure redundancy, I created two backend nodes.

  1. Install the OpenNebula node package on the backend machines:

    • sudo apt install opennebula-node

  2. Configure SSH authentication between the frontend and backend nodes.

  3. Add the backend nodes to OpenNebula via the Sunstone interface or CLI.

2. Configuring SCSI Storage

  1. Attach a SCSI storage device to the backend nodes.

  2. Format the storage and mount it on the backend nodes.

    • sudo mkfs.ext4 /dev/<scsi-device>

    • sudo mount /dev/<scsi-device> /mnt/opennebula-storage

  3. Integrate the storage into OpenNebula by defining it in the datastore.conf file.

3. Setting Up a Windows Server for Access Control

  1. Deploy a Windows Server virtual machine using the OpenNebula Sunstone interface.

  2. Configure Active Directory for user account and group management.

  3. Set up policies to control access to resources and define user roles.

4. Implementing Wazuh for Security Event Monitoring

a. Setting Up the Wazuh Manager

  1. Deploy a virtual machine in OpenNebula to act as the Wazuh Manager.

  2. Install Wazuh Manager on the VM:

    • sudo apt update sudo apt install wazuh-manager

  3. Access the Wazuh web interface to monitor security events.

b. Installing Wazuh Agents

  1. Install Wazuh agents on all nodes and VMs:

    • sudo apt install wazuh-agent

  2. Register the agents with the Wazuh Manager.

  3. Configure security policies to monitor logins, file changes, and other key events.

5. Hosting a React Application for Demonstration

  1. Deploy a Linux virtual machine in OpenNebula.

  2. Install Node.js and npm:

    • sudo apt update sudo apt install nodejs npm

  3. Clone a React video player app repository or create your own.

    • git clone <your-react-app-repo>

    • cd <your-react-app> npm install npm start

  4. Access the application via the VM’s public IP address.

6. Setting Up TrueNAS as a Backup Server

  1. Deploy a TrueNAS server on a physical or virtual machine.

  2. Configure the TrueNAS storage pool.

  3. Set up a backup job for OpenNebula:

    • Define OpenNebula directories to back up.

    • Schedule periodic backups to the TrueNAS server.

Key Features and Highlights

  1. Redundancy: By using two backend nodes, the infrastructure ensures high availability.

  2. Security: The integration of Wazuh provides real-time monitoring and alerting for potential threats.

  3. Scalability: The use of SCSI storage and OpenNebula’s capabilities enables seamless scalability.

  4. Ease of Use: The React-based demonstration app showcases how easy it is to host applications on this platform.

  5. Data Protection: TrueNAS ensures that backups are secure and easily recoverable.

Conclusion

This project highlights the power and flexibility of open-source tools in building a secure and scalable private cloud. OpenNebula serves as the backbone, while tools like Wazuh and TrueNAS add layers of security and data protection.

I hope this guide inspires you to explore private cloud infrastructures and their potential in your projects. If you have any questions or would like more details, feel free to reach out or leave a comment below!

pravink8122@gmail.com
+1 365-883-3237

Pravin Kumar Kumaravel Ananthi