Cloud & NFV Consulting
Joscor Consulting offers experience and insight into your organization’s cloud strategy. We are experts in planning and implementing at-scale OpenStack and NFV solutions.
Cloud Automation & Strategy
We have experience with OpenStack (Red Hat and Canonical), AWS, Azure, and more, both at the IT administrator level and at the developer and integration level. There’s nothing more daunting that trying to move production services to a new environment and manage costs at the same time. We understand the pros and cons of major cloud providers, how to automate and orchestrate application workloads and virtual infrastructure, and we have valuable experience needed to help your business avoid common cloud migration pitfalls.
Authentication Security
Modern security requires a modern way of logging in. Unfortunately, administrators and end-users are slow to break out of the horribly insecure practice of using (relatively) simple usernames and passwords to access critical systems. There are many great solutions on the market that address this exact issue and we’ve worked with a lot of them. Your service could have the strongest SSL / TLS, the most reviewed and tested code, but if your authentication scheme is weak, your entire service becomes inherently weak.
We can audit your current authentication system and, after also reviewing the level of data security needed, provide solutions ranging from Two-Factor Authentication products / services to seamless, controllable API authentication methods such as OAuth or SAML.
Defensive Programming
No one likes being vendor-locked due to incomprehensible code. We’re darn proud of the software and solutions we make and we write all of our code expecting others to be updating and reviewing it later.
We focus on 4 core programming values:
- Cleanliness – Code should be easy to understand and have obvious context at all times.
- Preparedness – Never underestimate users; Code for the worst.
- Exposure – All code is production-ready and continuously reviewed.
- Scalable – Code must be elastic and be able to easily grow with the business.
Security Auditing
The starting point of any security consultation is a baseline security audit. This is where we can find out how your service is built, where its weaknesses and strengths are, and how to begin forging a strategy to improve your overall information security.
Identifying potential security issues is one of the most important steps your business can take to minimize risk. If you don’t know where and how you can be attacked, you stand little chance in actually enhancing security in any meaningful way. There are plenty of tools and frameworks that can be used to “increase security” of A-Z but none of them are 100% effective nor cover all attack vectors. It’s of paramount importance to understand how you can be attacked so proper remediation can be implemented and provide real protection.
Our Blog
Managed OwnCloud
Introducing Managed OwnCloud, a cutting-edge hosted and managed solution built on OwnCloud Infinite Scale, designed to meet the needs of businesses seeking a secure, high-performance, and seamlessly integrated file sharing platform. Our Managed OwnCloud offering...
Use OpenStack CLI with Cloud Configuration file (SAML federation)
Recently, I needed to build a project for OpenStack that required that I not know the end-user's authentication method. I had used the clouds.yaml (cloud configuration file) approach before, so I thought I'd give it a go and test it out with a few...
Use OpenStack CLI with SAML 2.0 ECP
If you're using SAML 2.0 Enhanced Client or Proxy (ECP) with OpenStack Keystone, it may not be obvious how to use the mainstream OpenStack client to authenticate. The example RC file below will hopefully shed some light on how to get started....
Remove GoDaddy’s WordPress plugin
When you create a managed WordPress instance with GoDaddy, they gift you a few “system plugins” that can’t be easily removed. So, let’s remove them!
Robinhood alternate web interface
Robinhood UI project I've published a new Github project that demonstrates how to build applications and services against the unpublished Robinhood Finance API. Unfortunately, Robinhood doesn't make their API information publicly available (you have to request it and...