OCTANE is:
- A cIAP (Cloud Internet Access Point). Mainly, it is a security product between Internet and your public application hosted in your private zone
- The acronym (with imagination and goodwill) of Opensource cIAP Nextgen
- A Societe Generale Open Source project developped within Public Cloud
- Feature Team (Cloud Center Of Excellence) by:
- Aubin LAGORCE for Openstack
- Eric BOUTEVILLE for AWS
- Is currently available for AWS & Openstack
OCTANE can:
- Securly expose a WebSite to Internet
- Protect you against intrusions (SQL injection, cross-site scripting (XSS), file inclusion...) & virus
- Limit you against deny of service
- Detect malicious activities or policy violations
- Securly connect your external users to your internal zone
- Collect all the logs and provide metrics, search and analytics
- Be easly derivated on other x86 (GCP, Bare-Metal, etc.) platform in order to have the same Internet Access Point in a multi-cloud context
There are several layers (from the most exposed -Internet- to the less exposed -Internal-) :
- Redundant load-balancers
- Redundant filtering layer
- Redundant reverse-proxies
- Redundant proxies with SSL terminaison
- Redundant WAF or TCP relay (it depends on the protocol used)
- Redundant Antivirus & IDS
- Redundant VPN
- Redundant firewalls
Those functionnalities are deployed by:
- The Openstack orchestration heat template aims to build the Openstack infrastructure
- The Ansible playbook will configure all software components
For further details, a more complete READme is available in each directory.
- Common referential (LDAP/other), this will permit to link users to domains/VPN.
- API to manage web exposition
This project has been created in 2019 by Aubin LAGORCE and Product Owned by Yannick NEFF based on the work of Eric BOUTEVILLE, for its AWS implementation.