How Rackspace Leverages AWS Systems Manager

by Josh Garner, Product Architect, Rackspace Technology

At Rackspace, managing over 100,000 virtual machines (VMs) across multiple platforms — primarily within our private cloud powered by VMware and OpenStack® — requires sophisticated tools. One of the primary technologies we’ve adopted to meet these needs is AWS Systems Manager (SSM). This tool enables us to manage, patch and secure our Virtual Machine Management (VMM) services across multicloud and hybrid environments, streamlining processes and strengthening security.

Rackspace required a modern solution for VM management to meet the demands of scalable, secure and auditable operations. Traditional methods were no longer sufficient due to the complexity of private cloud environments. After a thorough evaluation, we chose AWS Systems Manager for its flexibility, security and automation features.

Passport: secure VM management at its core

The Passport system is a key component of secure virtual machine management. This innovative system underpins our zero-trust operating model, helping to tightly control, audit and secure access to customer VMs. Using the SSM agent, the Passport system facilitates secure access without requiring traditional login credentials or passwords, thereby significantly reducing the attack surface.

How Passport works:

1. Access control: Only authorized Rackspace employees have access to customer devices, and user groups are updated monthly to keep permissions aligned with access requirements.

2. On-demand credentialing: When access is needed, a Rackspace employee submits a request, and Passport provisions temporary credentials via AWS Systems Manager.

3. Secure connection: Using a one-liner command provided through Passport, the Rackspace employee establishes an encrypted SSH or RDP tunnel from their workstation directly to the VM through the SSM agent.

4. Auditable and secure access: The entire process is logged for auditing purposes, helping to maintain compliance with security policies and providing a clear trail of access events.

Passport VMM Diagram

Passport minimizes unauthorized entry and provides comprehensive auditing. Encrypted tunnels and on-demand credentials enhance security and flexibility, supporting efficient VM management.

Future uses for private cloud: expanding AWS systems manager capabilities

While Passport remains the cornerstone of secure VM access, Rackspace aims to further leverage the full capabilities of AWS Systems Manager in future iterations of our private cloud offerings. Some of the key enhancements we are exploring include:

  • Advanced monitoring: Integrating more sophisticated monitoring tools into the VMM system to provide deeper insights into VM performance and security health.
  • Automated patching: Expanding the current patching capabilities to allow for automated updates with minimal downtime across VM environments.
  • Integrated antivirus solutions: Implementing built-in antivirus and malware protection to enhance the security of customer VMs across private cloud platforms.

These enhancements build upon the foundation provided by the AWS Systems Manager, as Rackspace continues to enhance security, efficiency and automation for its private cloud customers.

Driving innovation and security with AWS Systems Manager

The adoption of AWS Systems Manager has helped Rackspace modernize its virtual machine management approach. The Passport system exemplifies the innovative and customer-focused solutions that guide the company’s efforts, providing secure, auditable and efficient access to VMs across multi-cloud and hybrid environments. As Rackspace continues to evolve, we will explore new ways to leverage the advanced features of AWS Systems Manager to support private cloud customers in achieving their security and operational goals.

 

Additional resources:

Explore Virtual Machine Management pricing.