.. _protected_application_environments-jails:

Protected Application Environments (Jails)
------------------------------------------

.. index:: app;app install nrs



.. _19.1|DOC-230:
.. _12.5(1)|DOC-230:
   

|VOSS Automate| runs the service providing applications in secured jail
environments. This has significant value for the security and
reliability of the system. It prevents applications from
cross-interfering which makes the system more stable and reliable. In
terms of security it effectively confines all services to dedicated and
separate mini file systems with predictable content. In the event that
an attacker were to gain access to the system through a vulnerability in
a service he would therefore not gain access to the platform but only to
the small confined jail in which the service was running. In that
environment only the jail itself is vulnerable and this can be very
easily restored if damaged. The underlying system cannot be accessed
from the jailed environment.    

The VOSS system does not allow direct root access over ssh.
If root access is required for debugging purposes, there is a tool called NRS.
This tool requires the user to log in as a user with install privileges,
who has to run **app install nrs**. The tool generates a key, which can only
be deciphered by VOSS. VOSS uses this key to then gain root access
in order to proceed with debugging.

 


.. |VOSS Automate| replace:: VOSS Automate
.. |Unified CM| replace:: Unified CM