Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Licensing and hosting in our own cloud

Basil Baluta
Basil Baluta September 5, 2017

Hi Atlassian,

We are a server licensed customer of several of your products for our internal development operations.

We are planning to move our internal development infrastructure into the cloud. As part of that we are investigating hosting of JIRA, BitBucket and Confluence in Amazon AWS. Do you have any issues with us hosting a licensed JIRA/BitBucket/Confluence server in a cloud?

Also, as a matter of policy, to protect our data, we are planning to run a vulnerability test on all tools deployed in our cloud environment. Are there any issues with running a vulnerability test within our environment against our servers running a licensed version of your software?     

Basil

Answer
Watch
Like Be the first to like this
498 views

2 answers

2 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 5, 2017

I'm not an Atlassian, but I can answer.

You can run Server versions of the Atlassian stack anywhere you want

Two caveats on that:

  • The hardware/VM has to be capable of doing it.  For example, don't try JIRA on a Raspberry Pi 1.  It does work, technically, but it's slower than me leaving a decent pub when I'm still thirsty.
  • Check the "supported platforms" doc for each system.  Whilst you don't have to run on a supported platform, you do if you want to be fully supported (i.e. yell at Atlassian for help).  AWS generally provides quite a lot of configurations that fall well within "supported platforms"

You should not find any issues running your vulnerability tests against a licenced Atlassian application.  If, however, you have any nagging doubt, then your commercial licence comes with "developer" licences.  You can use those instead, without compromising your production licences in any way.

View More Comments
Basil Baluta
Basil Baluta September 5, 2017

Thanks Nic,

I believe we have the OS container worked out, but I a concerned if somehow we would be violating Atlassians Acceptable Use terms in the legal agreements by running a vulnerability scan against their software, licensed appropriately, in our servers on a cloud.

Like
Gaston Valente
Gaston Valente
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 5, 2017

Basil,

There's no problem, atlassian promotes the reporting of security issues with a number of programs.

you can check https://www.atlassian.com/trust/security

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 5, 2017

I'm guessing you are reading https://www.atlassian.com/legal/acceptable-use-policy ?

You're absolutely right that running your security scans against their software on their serves breaches the AUP.

But... that applies to their servers, not yours.  You can do what you want with your servers, even if they're running Atlassian software.  In fact, Atlassian would support you doing it - if security testing is something you want to do against your servers, you absolutely should do it.  I am aware of a number of sites hosting Atlassian software who run some pretty heavy and hardcore security checks on their own stuff regularly and very frequently (and I'm not going to pretend Atlassian always passes every test).

Like
Reply
0 votes
Gaston Valente
Gaston Valente
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 5, 2017

Basil,

i think that hosting jira on aws follows the same licensing scheme than the server version.

regarding the vulnerability test, can you specify which tool are you using? I have no experience in that field but by knowing the tool maybe someone can help

View More Comments
Basil Baluta
Basil Baluta September 5, 2017

Its a third party recommended by Amazon, but let's say for the sake of this discussion its a stock vulnerability testing suite for network and web applications recommended by security standards organizations. Tools like Nessus, OpenVAS, Rapid7, etc.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events