openstack
/
security-doc
Code Issues Proposed changes
security-doc/security-guide/source/locale/id/LC_MESSAGES/security-guide.po

19754 lines
935 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2015, OpenStack contributors
# This file is distributed under the same license as the Security Guide package.
#
# Translators:
# OpenStack Infra <zanata@openstack.org>, 2015. #zanata
# suhartono <cloudsuhartono@gmail.com>, 2017. #zanata
# suhartono <cloudsuhartono@gmail.com>, 2018. #zanata
# suhartono <cloudsuhartono@gmail.com>, 2019. #zanata
msgid ""
msgstr ""
"Project-Id-Version: openstacksecurityguide\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2019-01-18 09:42+0000\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"PO-Revision-Date: 2019-01-18 03:25+0000\n"
"Last-Translator: suhartono <cloudsuhartono@gmail.com>\n"
"Language: id\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Generator: Zanata 4.3.3\n"
"Language-Team: Indonesian\n"
msgid ""
"\"... any information about an individual maintained by an agency, including "
"(1) any information that can be used to distinguish or trace an individual's "
"identity, such as name, social security number, date and place of birth, "
"mother's maiden name, or biometric records; and (2) any other information "
"that is linked or linkable to an individual, such as medical, educational, "
"financial, and employment information...\""
msgstr ""
"\"... informasi tentang seseorang yang dipelihara oleh agen, termasuk (1) "
"informasi apa pun yang dapat digunakan untuk membedakan atau melacak "
"identitas individu, seperti nama, nomor jaminan sosial, tanggal dan tempat "
"lahir, nama gadis ibu, Atau catatan biometrik; dan (2) informasi lain yang "
"terkait atau dapat dihubungkan dengan individu, seperti informasi medis, "
"pendidikan, keuangan, dan pekerjaan ... \""
msgid ""
"\"Anchor is a public key infrastructure (PKI) service, which uses automated "
"certificate request validation to automate issuing decisions. Certificates "
"are issued for short time periods (typically 12-48 hours) to avoid the "
"flawed revocation issues associated with CRLs and OCSP.\""
msgstr ""
"\"Anchor adalah layanan public key infrastructure (PKI), yang menggunakan "
"validasi permintaan sertifikat otomatis untuk mengotomatisasi keputusan "
"penerbitan. Sertifikat dikeluarkan untuk periode waktu yang singkat "
"(biasanya 12-48 jam) untuk menghindari masalah flawed revocation (pembatalan "
"cacat) yang terkait dengan CRL dan OCSP.\""
msgid ""
"\"The `Federal Risk and Authorization Management Program <http://www.fedramp."
"gov>`_ (FedRAMP) is a government-wide program that provides a standardized "
"approach to security assessment, authorization, and continuous monitoring "
"for cloud products and services\". NIST 800-53 is the basis for both FISMA "
"and FedRAMP which mandates security controls specifically selected to "
"provide protection in cloud environments. FedRAMP can be extremely intensive "
"from specificity around security controls, and the volume of documentation "
"required to meet government standards."
msgstr ""
"\"The `Federal Risk and Authorization Management Program <http://www.fedramp."
"gov>`_ (FedRAMP) adalah program pemerintah yang menyediakan pendekatan "
"standar untuk penilaian keamanan, otorisasi, dan pemantauan berkelanjutan "
"untuk produk dan layanan awan. \"NIST 800-53 adalah basis untuk FISMA dan "
"FedRAMP yang mengamanatkan kontrol keamanan yang secara khusus dipilih untuk "
"memberikan perlindungan di awan. Lingkungan FedRAMP bisa sangat intensif "
"dari spesifisitas seputar kontrol keamanan, dan volume dokumentasi yang "
"dibutuhkan untuk memenuhi standar pemerintah."
msgid ""
"\"The sanitization process removes information from the media such that the "
"information cannot be retrieved or reconstructed. Sanitization techniques, "
"including clearing, purging, cryptographic erase, and destruction, prevent "
"the disclosure of information to unauthorized individuals when such media is "
"reused or released for disposal.\" `NIST Special Publication 800-53 Revision "
"4 <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4."
"pdf>`__"
msgstr ""
"\"The sanitization process removes information from the media such that the "
"information cannot be retrieved or reconstructed. Sanitization techniques, "
"including clearing, purging, cryptographic erase, and destruction, prevent "
"the disclosure of information to unauthorized individuals when such media is "
"reused or released for disposal.\" `NIST Special Publication 800-53 Revision "
"4 <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4."
"pdf>`__"
msgid "**Adam Hyde**"
msgstr "**Adam Hyde**"
msgid "**Andrew Hay**, CloudPassage"
msgstr "**Andrew Hay**, CloudPassage"
msgid "**Ben de Bont**, HP"
msgstr "**Ben de Bont**, HP"
msgid "**Bryan D. Payne**, Nebula"
msgstr "**Bryan D. Payne**, Nebula"
msgid "**Cody Bunch**, Rackspace"
msgstr "**Cody Bunch**, Rackspace"
msgid "**Eric Lopez**, VMware"
msgstr "**Eric Lopez**, VMware"
msgid "**Eric Windisch**, Cloudscaling"
msgstr "**Eric Windisch**, Cloudscaling"
msgid "**Example. Access instances through a custom network namespace**"
msgstr "**Example. Access instances through a custom network namespace**"
msgid "**Example. Access instances through a specified relay machine**"
msgstr "**Example. Access instances through a specified relay machine**"
msgid "**Example. Allow all methods to all users (default policy)**"
msgstr "**Example. Allow all methods to all users (default policy)**"
msgid "**Example. Configuring TLS access to the controller**"
msgstr "**Example. Configuring TLS access to the controller**"
msgid "**Example. Configuring for a proxy domain named “dp_proxy”**"
msgstr "**Example. Configuring for a proxy domain named “dp_proxy”**"
msgid "**Example. Disallow image registry manipulations to non-admin users**"
msgstr "**Example. Disallow image registry manipulations to non-admin users**"
msgid "**Example. Enabling rootwrap usage and showing the default command**"
msgstr "**Example. Enabling rootwrap usage and showing the default command**"
msgid ""
"**Example. Setting the log level higher than warning and specifying an "
"output file.**"
msgstr ""
"**Example. Setting the log level higher than warning and specifying an "
"output file.**"
msgid "**Fail:** If TLS is not enabled on the HTTP server."
msgstr "**Fail:** Jika TLS tidak diaktifkan pada server HTTP."
msgid ""
"**Fail:** If ``admin_token`` under ``[DEFAULT]`` section is set and "
"``AdminTokenAuthMiddleware`` exists in ``keystone-paste.ini``."
msgstr ""
"**Fail:** Jika ``admin_token`` di bawah bagian ``[DEFAULT] `` disetel dan "
"``AdminTokenAuthMiddleware`` ada di ``keystone-paste.ini``."
msgid ""
"**Fail:** If ``insecure_debug`` under ``[DEFAULT]`` section in ``/etc/"
"keystone/keystone.conf`` is true."
msgstr ""
"**Fail:** Jika ``insecure_debug`` di bawah bagian ``[DEFAULT] `` di ``/etc/"
"keystone/keystone.conf`` benar adanya."
msgid "**Fail:** If permissions are not set to at least 640."
msgstr "**Fail:** Jika izin tidak diatur ke setidaknya 640."
msgid "**Fail:** If permissions are set greater than 640."
msgstr "**Fail:** Jika permission ditetapkan lebih besar dari 640."
msgid ""
"**Fail:** If the above commands do not return any output, it is possible "
"that the user and group ownership may have been set to any user other than "
"root or any group other than barbican."
msgstr ""
"**Fail:** Jika perintah di atas tidak mengembalikan output apapun, "
"kemungkinan kepemilikan pengguna dan grup mungkin telah ditetapkan ke "
"pengguna selain root atau grup selain barbican."
msgid ""
"**Fail:** If the above commands do not return any output, the user and group "
"ownership might have set to any user other than ``root`` or any group other "
"than ``nova``."
msgstr ""
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun, "
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
"``root`` atau grup selain ``nova``."
msgid "**Fail:** If the above commands do not return any output."
msgstr "**Fail:** Jika perintah di atas tidak mengembalikan output apapun."
msgid ""
"**Fail:** If the above commands does not return any output as the user and "
"group ownership might have set to any user other than root or any group "
"other than cinder."
msgstr ""
"**Fail:** Jika perintah di atas tidak mengembalikan output apapun karena "
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
"root atau grup selain cinder."
msgid ""
"**Fail:** If the above commands does not return any output as the user and "
"group ownership might have set to any user other than root or any group "
"other than horizon."
msgstr ""
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
"kepemilikan user dan grup mungkin telah ditetapkan ke user selain root atau "
"grup selain horizon."
msgid ""
"**Fail:** If the above commands does not return any output as the user and "
"group ownership might have set to any user other than root or any group "
"other than manila."
msgstr ""
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
"root atau grup selain manila."
msgid ""
"**Fail:** If the above commands does not return any output as the user and "
"group ownership might have set to any user other than root or any group "
"other than neutron."
msgstr ""
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
"root atau grup selain neutron."
msgid ""
"**Fail:** If the above commands does not return any output as the user or "
"group ownership might have set to any user other than keystone."
msgstr ""
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
"pengguna atau kepemilikan grup mungkin telah ditetapkan ke pengguna selain "
"keystone."
msgid ""
"**Fail:** If the parameter ``authtoken`` is missing under the ``pipeline:"
"barbican-api-keystone`` section in ``barbican-api-paste.ini``."
msgstr ""
"**Fail:** Jika parameternya ``authtoken`` hilang di bawah bagian ``pipeline:"
"barbican-api-keystone`` dalam ``barbican-api-paste.ini``."
msgid ""
"**Fail:** If value of parameter ``CSRF_COOKIE_SECURE`` in ``/etc/openstack-"
"dashboard/local_settings.py`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter ``CSRF_COOKIE_SECURE`` di ```/etc/openstack-"
"dashboard/local_settings.py`` diatur ke ``False``."
msgid ""
"**Fail:** If value of parameter ``DISABLE_PASSWORD_REVEAL`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter ``DISABLE_PASSWORD_REVEAL`` di ``/etc/"
"openstack-dashboard/local_settings.py`` diatur ke ``False``."
msgid ""
"**Fail:** If value of parameter ``DISALLOW_IFRAME_EMBED`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter ``DISALLOW_IFRAME_EMBED`` di ``/etc/openstack-"
"dashboard/local_settings.py`` diatur ke ``False``."
msgid ""
"**Fail:** If value of parameter ``ENFORCE_PASSWORD_CHECK`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter `` ENFORCE_PASSWORD_CHECK`` di ``/etc/"
"openstack-dashboard/local_settings.py`` diatur ke ``False``."
msgid ""
"**Fail:** If value of parameter ``PASSWORD_AUTOCOMPLETE`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``on``."
msgstr ""
"**Fail:** Jika nilai parameter ``PASSWORD_AUTOCOMPLETE`` di ``/etc/openstack-"
"dashboard/local_settings.py`` diatur ke ``on``."
msgid ""
"**Fail:** If value of parameter ``PASSWORD_VALIDATOR`` in ``/etc/openstack-"
"dashboard/local_settings.py`` is set to allow all `\"regex\": '.*'`"
msgstr ""
"**Fail:** Jika nilai parameter ``PASSWORD_VALIDATOR`` di ``/etc/openstack-"
"dashboard/local_settings.py`` disetel untuk mengizinkan semua `\" regex \": "
"'. *'`"
msgid ""
"**Fail:** If value of parameter ``SECURE_PROXY_SSL_HEADER`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is not set to "
"``'HTTP_X_FORWARDED_PROTO', 'https'`` or commented out."
msgstr ""
"**Fail:** Jika nilai parameter ``SECURE_PROXY_SSL_HEADER`` di ``/etc/"
"openstack-dashboard/local_settings.py`` tidak disetel ke "
"``'HTTP_X_FORWARDED_PROTO', 'https'`` atau berkomentar."
msgid ""
"**Fail:** If value of parameter ``SESSION_COOKIE_HTTPONLY`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter ``SESSION_COOKIE_HTTPONLY`` di ``/etc/"
"openstack-dashboard/local_settings.py`` diatur ke ``False``."
msgid ""
"**Fail:** If value of parameter ``SESSION_COOKIE_SECURE`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter ``SESSION_COOKIE_SECURE`` di ``/etc/openstack-"
"dashboard/local_settings.py`` diatur ke ``False``."
msgid ""
"**Fail:** If value of parameter ``api_insecure`` under ``[glance]`` section "
"in ``/etc/nova/nova.conf`` is set to ``True``, or if value of parameter "
"``api_servers`` under ``[glance]`` section in ``/etc/nova/nova.conf`` is set "
"to a value that does not start with ``https://``."
msgstr ""
"**Fail:** Jika nilai parameter ``api_insecure`` di bawah bagian ``[glance] "
"`` di ``/etc/nova/nova.conf`` diatur ke ``True``, atau jika nilai parameter "
"``api_servers`` di bawah bagian ``[glance]`` di ``/etc/nova/nova.conf`` "
"diatur ke nilai yang tidak dimulai dengan ``https://``."
msgid ""
"**Fail:** If value of parameter ``auth_protocol`` under "
"``[keystone_authtoken]`` section in ``barbican.conf`` is set to ``http``, or "
"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
"section in ``barbican.conf`` is not set to Identity API endpoint starting "
"with ``https://`` or value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``barbican.conf`` is set to "
"``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_protocol`` di bawah bagian "
"``[keystone_authtoken]``dalam ``barbican.conf`` diatur ke ``http``, atau "
"jika nilai parameter ``identity_uri`` di bawah bagian "
"``[keystone_authtoken]`` dalam ``barbican.conf`` tidak disetel ke Identity "
"API endpoint yang dimulai dengan ``https://`` atau nilai parameter "
"``insecure`` dibawah bagian ``[keystone_authtoken]`` yang sama dalam "
"``barbican.conf`` yang sama diatur ke ``True``."
msgid ""
"**Fail:** If value of parameter ``auth_protocol`` under "
"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``http``, or "
"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
"section in ``manila.conf`` is not set to Identity API endpoint starting with "
"``https://`` or value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to "
"``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_protocol`` dibawah bagian "
"``[keystone_authtoken]`` dalam ``manila.conf`` diatur ke ``http``, atau jika "
"nilai parameter ``identity_uri`` dibawah bagian ``[keystone_authtoken]`` "
"dalam ``manila.conf`` tidak disetel ke titik akhir API Identitas yang "
"dimulai dengan ``https://`` atau nilai parameter ``insecure`` dibawah bagian "
"``[keystone_authtoken]`` yang sama dalam ``manila.conf`` yang sama diatur ke "
"``True``."
msgid ""
"**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section in ``/etc/glance/glance-api.conf`` is set to ``noauth`` or value of "
"parameter ``auth_strategy`` under ``[DEFAULT]`` section in ``/etc/glance/"
"glance- registry.conf`` is set to ``noauth``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_strategy`` dibawah bagian "
"``[DEFAULT]`` di ``/etc/glance/glance-api.conf`` dieter ke ``noauth`` atau "
"nilai parameter ``auth_strategy`` dibawah bagian ``[DEFAULT]`` di ``/etc/"
"glance/glance- registry.conf`` diatur ke ``noauth``."
msgid ""
"**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section is set to ``noauth`` or ``noauth2``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_strategy`` di bawah bagian ``[DEFAULT] "
"`` diatur ke ``noauth`` atau ``noauth2``."
msgid ""
"**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section is set to ``noauth``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_strategy`` di bawah bagian `` "
"[DEFAULT] `` diatur ke ``noauth``."
msgid ""
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/cinder/cinder.conf`` is not set to Identity API endpoint "
"starting with ``https://`` or value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``/etc/cinder/cinder.conf`` is "
"set to ``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken] `` di ``/etc/cinder/cinder.conf`` tidak disetel ke "
"Identity API endpoint yang dimulai dengan ``https://`` atau nilai dari "
"parameter ``insecure`` di bawah bagian ``[keystone_authtoken] `` yang sama "
"di ``/etc/cinder/cinder.conf`` yang sama diatur ke ``True``."
msgid ""
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/glance/glance-api.conf`` is not set to Identity API "
"endpoint starting with ``https://``, or value of parameter ``insecure`` "
"under the same ``[keystone_authtoken]`` section in the same ``/etc/glance/"
"glance-api.conf`` is set to ``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken]`` di ``/etc/glance/glance-api.conf`` tidak disetel ke "
"endpoint API Identity yang dimulai dengan ``https://``, atau nilai parameter "
"``insecure``di bawah bagian ``[keystone_authtoken]`` yang sama di bagian ``/"
"etc/glance/glance-api.conf`` yang sama diatur ke ``True``."
msgid ""
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/neutron/neutron.conf`` is not set to Identity API endpoint "
"starting with ``https://`` or value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``/etc/neutron/neutron.conf`` "
"is set to ``True``."
msgstr ""
"**Fail:**Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken]`` dalam ``/etc/neutron/neutron.conf`` tidak diatur ke "
"Identity API endpoint yang dimulai dengan ``https://`` atau nilai parameter "
"``insecure`` di bawah bagian ``[keystone_authtoken]`` yang sama dalam bagian "
"yang sama ``/etc/neutron/neutron.conf`` diatur ke ``True``."
msgid ""
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/nova/nova.conf`` is not set to Identity API endpoint "
"starting with ``https://`` or value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``/etc/nova/nova.conf`` is set "
"to ``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken]`` di ``/etc/nova/nova.conf`` tidak disetel ke "
"endpoint API Identity yang dimulai dengan ``https://`` atau nilai dari "
"parameter ``insecure`` di bawah bagian ``[keystone_authtoken] `` yang sama "
"di dalam ``/etc/nova/nova.conf`` yang sama diatur ke ``True``."
msgid ""
"**Fail:** If value of parameter ``backend`` under ``[key_manager]`` section "
"in ``/etc/cinder/cinder.conf`` is not set, or if the value of parameter "
"``backend`` under ``[key_manager]`` section in ``/etc/nova/nova.conf`` is "
"not set, or if the instructions in the documentation referenced above are "
"not properly followed."
msgstr ""
"**Fail:** Jika nilai parameter ``backend`` di bawah bagian ``[key_manager]`` "
"di ``/etc/cinder/cinder.conf`` tidak diatur, atau jika nilai parameter "
"``backend`` di bawah bagian ``[key_manager]`` di ``/etc/nova/nova.conf`` "
"tidak diatur, atau jika petunjuk dalam dokumentasi yang disebutkan di atas "
"tidak diikuti dengan benar."
msgid ""
"**Fail:** If value of parameter ``cinder_api_insecure`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``cinder_api_insecure`` di bawah bagian "
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``True``."
msgid ""
"**Fail:** If value of parameter ``copy_from`` in ``/etc/glance/policy.json`` "
"is not set."
msgstr ""
"**Fail:** Jika nilai parameter ``copy_from`` di ``/etc/glance/policy.json``` "
"tidak diatur."
msgid ""
"**Fail:** If value of parameter ``glance_api_insecure`` under ``[DEFAULT]`` "
"section in ``/etc/cinder/cinder.conf`` is set to ``True`` or the value of "
"parameter ``glance_api_servers`` is set to a value that does not start with "
"``https://``."
msgstr ""
"**Fail:** Jika nilai parameter ``glance_api_insecure`` di bawah bagian "
"``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` disetel ke ``True`` atau nilai "
"parameter ``glance_api_servers`` adalah disetel ke nilai yang tidak dimulai "
"dengan ``https:// ``."
msgid ""
"**Fail:** If value of parameter ``hash_algorithm`` under ``[token]``\\ "
"section is set to MD5."
msgstr ""
"**Fail:** Jika nilai parameter ``hash_algorithm`` di bawah bagian ``[token] "
"``\\ diatur ke MD5."
msgid "**Fail:** If value of parameter ``max_request_body_size`` is not set."
msgstr ""
"**Fail:** Jika nilai parameter ``max_request_body_size`` tidak disetel."
msgid ""
"**Fail:** If value of parameter ``max_request_body_size`` under "
"``[oslo_middleware]`` section in ``manila.conf`` is not set to ``114688``, "
"or if value of parameter ``osapi_max_request_body_size`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is not set to ``114688``."
msgstr ""
"**Fail:** Jika nilai parameter ``max_request_body_size`` di bawah bagian "
"``[oslo_middleware] `` di ``manila.conf`` tidak diatur ke ``114688``, atau "
"jika nilai parameter ``osapi_max_request_body_size`` di bawah ``[ DEFAULT] "
"`` di ``manila.conf`` tidak diatur ke ``114688``."
msgid ""
"**Fail:** If value of parameter ``nas_secure_file_permissions`` under "
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is set to ``False`` and "
"if value of parameter ``nas_secure_file_operations`` under ``[DEFAULT]`` "
"section in ``/etc/cinder/cinder.conf`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter ``nas_secure_file_permissions`` di bawah "
"bagian ``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` diatur ke `` False`` "
"dan jika nilai parameter ``nas_secure_file_operations`` di bawah bagian "
"``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``False``."
msgid ""
"**Fail:** If value of parameter ``neutron_api_insecure`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``neutron_api_insecure`` di bawah bagian "
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``True``."
msgid ""
"**Fail:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
"section in ``/etc/cinder/cinder.conf`` is set to ``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``nova_api_insecure`` di bawah bagian "
"``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` disetel ke ``True``."
msgid ""
"**Fail:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``True``."
msgstr ""
"**Fail:** Jika nilai parameter ``nova_api_insecure`` di bawah bagian `` "
"DEFAULT] `` di ``manila.conf`` disetel ke ``True``."
msgid ""
"**Fail:** If value of parameter ``osapi_max_request_body_size`` under "
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is not set to "
"``114688`` or if value of parameter ``max_request_body_size`` under "
"``[oslo_middleware]`` section in ``/etc/cinder/cinder.conf`` is not set to "
"``114688``."
msgstr ""
"**Fail:** Jika nilai parameter ``osapi_max_request_body_size`` di bawah "
"bagian ``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` tidak diatur ke "
"``114688`` atau jika nilai parameter ``max_request_body_size`` di bawah "
"bagian ``[oslo_middleware]`` di ``/etc/cinder/cinder.conf`` tidak diatur ke "
"``114688``."
msgid ""
"**Fail:** If value of parameter ``provider`` under ``[token]`` section is "
"set to uuid."
msgstr ""
"**Fail:** Jika nilai parameter ``provider`` di bawah bagian ``[token] `` "
"diatur ke uuid."
msgid ""
"**Fail:** If value of parameter ``use_ssl`` under ``[DEFAULT]`` section in "
"``/etc/neutron/neutron.conf`` is set to ``False``."
msgstr ""
"**Fail:** Jika nilai parameter ``use_ssl`` di bawah bagian ``[DEFAULT]`` di "
"``/etc/neutron/neutron.conf`` diatur ke ``False``."
msgid "**Flat network in share servers back-end mode**"
msgstr "**Flat network in share servers back-end mode**"
msgid "**Gregg Tally**, Johns Hopkins University Applied Physics Laboratory"
msgstr "**Gregg Tally**, Johns Hopkins University Applied Physics Laboratory"
msgid "**Keith Basil**, Red Hat"
msgstr "**Keith Basil**, Red Hat"
msgid "**Malini Bhandaru**, Intel"
msgstr "**Malini Bhandaru**, Intel"
msgid "**Nathanael Burton**, National Security Agency"
msgstr "**Nathanael Burton**, National Security Agency"
msgid ""
"**Pass:** If 1) the value of parameter ``backend`` under the "
"``[key_manager]`` section in ``/etc/cinder/cinder.conf`` is set, 2) the "
"value of parameter ``backend`` under ``[key_manager]`` in ``/etc/nova/nova."
"conf`` is set, and 3) if the instructions in the documentation referenced "
"above are properly followed."
msgstr ""
"** Pass:** Jika 1) nilai parameter ``backend`` di bawah bagian "
"``[key_manager]`` di ``/etc/cinder/cinder.conf`` disetel, 2) nilai parameter "
"``backend`` di bawah ``[key_manager] `` di ``/etc/nova/nova.conf`` disetel, "
"dan 3) jika petunjuk dalam dokumentasi yang disebutkan di atas diikuti "
"dengan benar."
msgid "**Pass:** If TLS is enabled on the HTTP server."
msgstr "**Pass:** Jika TLS diaktifkan pada server HTTP."
msgid ""
"**Pass:** If ``admin_token`` under ``[DEFAULT]`` section in ``/etc/keystone/"
"keystone.conf`` is disabled. And, ``AdminTokenAuthMiddleware`` under "
"``[filter:admin_token_auth]`` is deleted from ``/etc/keystone/keystone-paste."
"ini``"
msgstr ""
"**Pass:** Jika ``admin_token`` di bawah bagian ``[DEFAULT]`` di ``/etc/"
"keystone/keystone.conf`` dinonaktifkan. Dan, ``AdminTokenAuthMiddleware`` di "
"bawah ``[filter:admin_token_auth]`` dihapus dari ``/etc/keystone/keystone-"
"paste.ini``"
msgid ""
"**Pass:** If ``insecure_debug`` under ``[DEFAULT]`` section in ``/etc/"
"keystone/keystone.conf`` is false."
msgstr ""
"**Pass:**Jika ``insecure_debug`` di bawah bagian `` [DEFAULT] `` di ```/etc/"
"keystone/keystone.conf`` adalah salah."
msgid "**Pass:** If permissions are set to 640 or stricter."
msgstr "**Pass:** Jika izin diatur ke 640 atau lebih ketat."
msgid ""
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
"o=\". Note that with :ref:`check_block_01` and permissions set to 640, root "
"has read/write access and cinder has read access to these configuration "
"files. The access rights can also be validated using the following command. "
"This command will only be available on your system if it supports ACLs."
msgstr ""
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
"diterjemahkan menjadi owner r/w, group r, dan no rights to others yaitu \"u "
"= rw, g = r, o =\". Perhatikan bahwa dengan :ref:`check_block_01` dan hak "
"akses diatur ke 640, root telah read/write akses dan cinder telah membaca "
"akses ke file konfigurasi ini. Hak akses juga dapat divalidasi dengan "
"menggunakan perintah berikut. Perintah ini hanya akan tersedia di sistem "
"Anda jika mendukung ACL."
msgid ""
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
"o=\". Note that with :ref:`check_dashboard_01` and permissions set to 640, "
"root has read/write access and horizon has read access to these "
"configuration files. The access rights can also be validated using the "
"following command. This command will only be available on your system if it "
"supports ACLs."
msgstr ""
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
"diterjemahkan menjadi owner r/w, group r, dan tidak ada hak kepada orang "
"lain yaitu \"u=rw,g=r,o=\". Perhatikan bahwa dengan :ref: "
"`check_dashboard_01` dan izin diset ke 640, root telah membaca/menulis akses "
"dan horizon telah membaca akses ke file konfigurasi ini. Hak akses juga "
"dapat divalidasi dengan menggunakan perintah berikut. Perintah ini hanya "
"akan tersedia di sistem Anda jika mendukung ACL."
msgid ""
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
"o=\". Note that with :ref:`check_neutron_01` and permissions set to 640, "
"root has read/write access and neutron has read access to these "
"configuration files. The access rights can also be validated using the "
"following command. This command will only be available on your system if it "
"supports ACLs."
msgstr ""
"**Pass:**Jika izin diatur ke 640 atau lebih ketat. Izin dari 640 "
"diterjemahkan menjadi owner r/w, group r, dan no rights to others i.e. "
"\"u=rw,g=r,o=\". Perhatikan bahwa dengan :ref: `check_neutron_01` dan hak "
"akses diatur ke 640, root mempunyai akses membaca/menulis dan neutron "
"mempunyai akses membaca ke file konfigurasi ini. Hak akses juga dapat "
"divalidasi dengan menggunakan perintah berikut. Perintah ini hanya akan "
"tersedia di sistem Anda jika mendukung ACL."
msgid ""
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
"o=\". Note that with :ref:`check_shared_fs_01` and permissions set to 640, "
"root has read/write access and manila has read access to these configuration "
"files. The access rights can also be validated using the following command. "
"This command will only be available on your system if it supports ACLs."
msgstr ""
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Izin dari 640 "
"diterjemahkan ke dalam owner r/w, group r, dan no rights to others i.e. "
"\"u=rw,g=r,o=\". Perhatikan bahwa dengan :ref:`check_shared_fs_01` dan izin "
"diatur ke 640, root mempunyai akses read/write dan manila telah membaca "
"akses ke file konfigurasi ini. Hak akses juga dapat divalidasi dengan "
"menggunakan perintah berikut. Perintah ini hanya akan tersedia di sistem "
"Anda jika mendukung ACL."
msgid ""
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
"translates into owner r/w, group r, and no rights to others, for example "
"\"u=rw,g=r,o=\"."
msgstr ""
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
"diterjemahkan menjadi owner r/w, group r, dan no rights to others, sebagai "
"contoh \"u=rw,g=r,o=\"."
msgid ""
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
"translates into owner r/w, group r, and no rights to others. For example, "
"\"u=rw,g=r,o=\"."
msgstr ""
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
"diterjemahkan menjadi owner r/w, group r, dan tidak ada hak orang lain. "
"Misalnya, \"u=rw,g=r,o=\"."
msgid ""
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
"translates into owner r/w, group r, and no rights to others. For example, "
"``u=rw,g=r,o=``."
msgstr ""
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
"diterjemahkan menjadi owner r/w, group r, dan tidak ada hak orang lain. "
"Misalnya, ``u=rw,g=r,o=``."
msgid ""
"**Pass:** If the parameter ``authtoken`` is listed under the ``pipeline:"
"barbican-api-keystone`` section in ``barbican-api-paste.ini``."
msgstr ""
"**Pass:** Jika parameternya ``authtoken`` terdaftar di bawah bagian "
"``pipeline:barbican-api-keystone`` dalam ``barbican-api-paste.ini``."
msgid ""
"**Pass:** If user and group ownership of all these config files is set to "
"``root`` and ``nova`` respectively. The above commands show output of ``root "
"nova``."
msgstr ""
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
"diset masing-masing ke ``root`` dan ``nova``. Perintah di atas menunjukkan "
"output dari ``root nova``."
msgid ""
"**Pass:** If user and group ownership of all these config files is set to "
"keystone. The above commands show output of keystone keystone."
msgstr ""
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
"diatur ke keystone. Perintah di atas menunjukkan output dari keystone."
msgid ""
"**Pass:** If user and group ownership of all these config files is set to "
"root and barbican respectively. The above commands show output of root / "
"barbican."
msgstr ""
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
"diset ke root dan barbican. Perintah di atas menunjukkan output dari root / "
"barbican."
msgid ""
"**Pass:** If user and group ownership of all these config files is set to "
"root and cinder respectively. The above commands show output of root cinder."
msgstr ""
"** Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi "
"ini diset ke root dan cinder. Perintah di atas menunjukkan output dari root "
"cinder."
msgid ""
"**Pass:** If user and group ownership of all these config files is set to "
"root and manila respectively. The above commands show output of root manila."
msgstr ""
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
"diset ke root dan manila masing-masing. Perintah di atas menunjukkan output "
"dari manila root."
msgid ""
"**Pass:** If user and group ownership of all these config files is set to "
"root and neutron respectively. The above commands show output of root "
"neutron."
msgstr ""
"**Pass:**Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
"diset ke root dan neutron. Perintah di atas menunjukkan output dari root "
"neutron."
msgid ""
"**Pass:** If user and group ownership of all these configuration files is "
"set to root and glance respectively. The above commands show output of root "
"glance."
msgstr ""
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
"disetel masing masing ke root dan glance. Perintah di atas menunjukkan "
"output dari root glance."
msgid ""
"**Pass:** If user and group ownership of the config file is set to root and "
"horizon respectively. The above commands show output of root horizon."
msgstr ""
"**Pass:** Jika kepemilikan pengguna dan grup dari file konfigurasi diset ke "
"root dan horizon masing-masing. Perintah di atas menunjukkan output dari "
"root horizon."
msgid ""
"**Pass:** If value of parameter ``CSRF_COOKIE_SECURE`` in ``/etc/openstack-"
"dashboard/local_settings.py`` is set to ``True``."
msgstr ""
"**Pass:** Jika nilai parameter ``CSRF_COOKIE_SECURE`` di ``/etc/openstack-"
"dashboard/local_settings.py`` disetel ke ``True``."
msgid ""
"**Pass:** If value of parameter ``DISABLE_PASSWORD_REVEAL`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``True``."
msgstr ""
"**Pass:** Jika nilai parameter ``DISABLE_PASSWORD_REVEAL`` di ``/etc/"
"openstack-dashboard/local_settings.py`` diatur ke ``True``."
msgid ""
"**Pass:** If value of parameter ``DISALLOW_IFRAME_EMBED`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``True``."
msgstr ""
"**Pass: ** Jika nilai parameter ``DISALLOW_IFRAME_EMBED`` di ``/etc/"
"openstack-dashboard/local_settings.py`` diatur ke ``True``."
msgid ""
"**Pass:** If value of parameter ``ENFORCE_PASSWORD_CHECK`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``True``."
msgstr ""
"**Pass:** Jika nilai parameter ``ENFORCE_PASSWORD_CHECK`` di ``/etc/"
"openstack-dashboard/local_settings.py`` disetel ke ``True``."
msgid ""
"**Pass:** If value of parameter ``PASSWORD_AUTOCOMPLETE`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``off``."
msgstr ""
"**Pass:**Jika nilai parameter ``PASSWORD_AUTOCOMPLETE`` di ``/etc/openstack-"
"dashboard/local_settings.py`` diatur ke ``off``."
msgid ""
"**Pass:** If value of parameter ``PASSWORD_VALIDATOR`` in ``/etc/openstack-"
"dashboard/local_settings.py`` is set to any value outside of the defaul "
"allow all `\"regex\": '.*',`"
msgstr ""
"**Pass:** Jika nilai parameter ``PASSWORD_VALIDATOR`` di ``/etc/openstack-"
"dashboard/local_settings.py`` diatur ke nilai apapun di luar defaul "
"mengizinkan semua `\" regex \": '. *',`"
msgid ""
"**Pass:** If value of parameter ``SECURE_PROXY_SSL_HEADER`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to "
"``'HTTP_X_FORWARDED_PROTO', 'https'``"
msgstr ""
"**Pass:** Jika nilai parameter `` SECURE_PROXY_SSL_HEADER`` di ``/etc/"
"openstack-dashboard/local_settings.py`` diatur ke "
"``'HTTP_X_FORWARDED_PROTO', 'https'``"
msgid ""
"**Pass:** If value of parameter ``SESSION_COOKIE_HTTPONLY`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``True``."
msgstr ""
"**Pass:** Jika nilai parameter ``SESSION_COOKIE_HTTPONLY`` di ``/etc/"
"openstack-dashboard/local_settings.py`` diatur ke ``True``."
msgid ""
"**Pass:** If value of parameter ``SESSION_COOKIE_SECURE`` in ``/etc/"
"openstack-dashboard/local_settings.py`` is set to ``True``."
msgstr ""
"**Pass:** Jika nilai parameter ``SESSION_COOKIE_SECURE`` di ``/etc/openstack-"
"dashboard/local_settings.py`` disetel ke ``True``."
msgid ""
"**Pass:** If value of parameter ``api_insecure`` under ``[glance]`` section "
"in ``/etc/nova/nova.conf`` is set to ``False`` and value of parameter "
"``api_servers`` under ``[glance]`` section in ``/etc/nova/nova.conf`` is set "
"to a value starting with ``https://``."
msgstr ""
"**Pass:** Jika nilai parameter ``api_insecure`` di bawah bagian ``[glance] "
"`` di ``/etc/nova/nova.conf`` diatur ke ``False`` dan nilai parameter "
"``api_servers`` di bawah bagian ``[glance]``` dalam ``/etc/nova/nova.conf`` "
"diatur ke nilai yang dimulai dengan ``https://``."
msgid ""
"**Pass:** If value of parameter ``auth_protocol`` under "
"``[keystone_authtoken]`` section in ``barbican.conf`` is set to ``https``, "
"or if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
"section in ``barbican.conf`` is set to Identity API endpoint starting with "
"``https://`` and value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``barbican.conf`` is set to "
"``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_protocol`` di bawah bagian "
"``[keystone_authtoken] `` di ``barbican.conf`` diatur ke ``https``, atau "
"jika nilai parameter ``identity_uri`` di bawah ``[keystone_authtoken ]`` di "
"``barbican.conf`` disetel ke Identity API endpoint yang dimulai dengan "
"``https: // `` dan nilai parameter ``insecure`` di bawah bagian "
"``[keystone_authtoken]`` yang sama dalam ``barbican.conf`` yang sama diatur "
"ke ``False``."
msgid ""
"**Pass:** If value of parameter ``auth_protocol`` under "
"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``https``, or "
"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
"section in ``manila.conf`` is set to Identity API endpoint starting with "
"``https://`` and value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to "
"``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_protocol`` dibawah bagian "
"``[keystone_authtoken]`` dalam ``manila.conf`` diatur ke ``https``, atau "
"jika nilai parameter ``identity_uri`` dibawah bagian "
"``[keystone_authtoken]`` dalam ``manila.conf`` diatur ke Identity API "
"endpoint yang dimulai dengan ``https://`` dan nilai parameter ``insecure`` "
"dibawah bagian ``[keystone_authtoken]`` yang sama dalam ``manila.conf`` "
"yang sama diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section in ``/etc/cinder/cinder.conf`` is set to ``keystone``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian "
"``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``keystone``."
msgid ""
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section in ``/etc/glance/glance-api.conf`` is set to ``keystone`` and value "
"of parameter ``auth_strategy`` under ``[DEFAULT]`` section in ``/etc/glance /"
"glance-registry.conf`` is set to ``keystone``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_strategy`` dibawah bagian "
"``[DEFAULT]`` di ``/etc/glance/glance-api.conf`` diatur ke ``keystone`` dan "
"nilai parameter ``auth_strategy`` dibawah bagian ``[DEFAULT]`` di ``/etc/"
"glance /glance-registry.conf`` diatur ke ``keystone``."
msgid ""
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section in ``/etc/neutron/neutron.conf`` is set to ``keystone``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian "
"``[DEFAULT]`` di ``/etc/neutron/neutron.conf`` diatur ke ``keystone``."
msgid ""
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section in ``/etc/nova/nova.conf`` is set to ``keystone``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian ``[DEFAULT] "
"`` di ``/etc/nova/nova.conf`` diatur ke `keystone``."
msgid ""
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``keystone``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian "
"``[DEFAULT]`` dalam ``manila.conf`` diatur ke ``keystone``."
msgid ""
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/cinder/cinder.conf`` is set to Identity API endpoint "
"starting with ``https://`` and value of parameter ``insecure`` under the "
"same ``[keystone_authtoken]`` section in the same ``/etc/cinder/cinder."
"conf`` is set to ``False``."
msgstr ""
"**Pass: ** Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken] `` di ``/etc/cinder/cinder.conf`` diatur ke Identity "
"API endpoint yang dimulai dengan ``https://`` dan nilai parameter "
"``insecure`` di bawah bagian ``[keystone_authtoken]`` yang sama di ``/etc/"
"cinder/cinder.conf`` yang sama diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/glance/glance-api.conf`` is set to the Identity API "
"endpoint starting with ``https://``, and the value of the parameter "
"``insecure`` is under the same ``[keystone_authtoken]`` section in the same "
"``/etc/glance/glance-registry.conf`` is set to ``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken]`` di ``/etc/glance/glance-api.conf`` diatur ke "
"endpoint API Identity yang dimulai dengan ``https://``, dan nilai parameter "
"``insecure`` berada di bawah bagian ``[keystone_authtoken]`` yang sama di "
"bagian ``/etc/glance/glance-registry.conf`` yang sama diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/neutron/neutron.conf`` is set to Identity API endpoint "
"starting with ``https://`` and value of parameter ``insecure`` under the "
"same ``[keystone_authtoken]`` section in the same ``/etc/neutron/neutron."
"conf`` is set to ``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken]`` dalam ``/etc/neutron/neutron.conf`` diatur ke "
"Identity API endpoint yang dimulai dengan ``https://`` dan nilai parameter "
"``insecure`` di bawah bagian ``[keystone_authtoken]`` yang sama dalam bagian "
"yang sama ``/etc/neutron/neutron.conf`` diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
"section in ``/etc/nova/nova.conf`` is set to Identity API endpoint starting "
"with ``https://`` and value of parameter ``insecure`` under the same "
"``[keystone_authtoken]`` section in the same ``/etc/nova/nova.conf`` is set "
"to ``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``auth_uri`` di bawah bagian "
"``[keystone_authtoken]`` di ``/etc/nova/nova.conf`` disetel ke endpoint API "
"Identity yang dimulai dengan ``https://`` dan nilai dari parameter "
"``insecure`` di bawah bagian ` `[keystone_authtoken]` ` yang sama di ```/etc/"
"nova/nova.conf`` yang sama diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``cinder_api_insecure`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``cinder_api_insecure`` di bawah bagian "
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``copy_from`` in ``/etc/glance/policy.json`` "
"is set to a restricted value, for example ``role:admin``."
msgstr ""
"**Pass:* Jika nilai parameter ``copy_from`` di ``/etc/glance/policy.json`` "
"diatur ke nilai yang dibatasi, misalnya ``role: admin``."
msgid ""
"**Pass:** If value of parameter ``glance_api_insecure`` under ``[DEFAULT]`` "
"section in ``/etc/cinder/cinder.conf`` is set to ``False`` and value of "
"parameter ``glance_api_servers`` is set to a value starting with ``https://"
"``."
msgstr ""
"**Pass:** Jika nilai parameter ``glance_api_insecure`` di bawah bagian "
"``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` disetel ke ``False`` dan nilai "
"parameter ``glance_api_servers`` disetel ke nilai yang diawali dengan "
"``https:// ``."
msgid ""
"**Pass:** If value of parameter ``hash_algorithm`` under ``[token]`` section "
"in ``/etc/keystone/keystone.conf`` is set to SHA256."
msgstr ""
"**Pass:** Jika nilai parameter ``hash_algorithm`` di bawah bagian ``[token] "
"`` di ``/etc/keystone/keystone.conf`` diatur ke SHA256."
msgid ""
"**Pass:** If value of parameter ``max_request_body_size`` in ``/etc/keystone/"
"keystone.conf`` is set to default (114688) or some reasonable value based on "
"your environment."
msgstr ""
"**Pass:** Jika nilai parameter ``max_request_body_size`` di ``/etc/keystone/"
"keystone.conf`` diatur ke default (114688) atau beberapa nilai wajar "
"berdasarkan lingkungan Anda."
msgid ""
"**Pass:** If value of parameter ``max_request_body_size`` under "
"``[oslo_middleware]`` section in ``manila.conf`` is set to ``114688``, or if "
"value of parameter ``osapi_max_request_body_size`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``114688``. The parameter "
"``osapi_max_request_body_size`` under ``[DEFAULT]`` is deprecated and it is "
"better to use [oslo_middleware]/``max_request_body_size``."
msgstr ""
"**Pass:** Jika nilai parameter ``max_request_body_size`` di bagian "
"``[oslo_middleware] `` di ``manila.conf`` diatur ke ``114688``, atau jika "
"nilai parameter ``osapi_max_request_body_size`` di bawah bagian ``[DEFAULT ] "
"`` dalam ``manila.conf`` diatur ke ``114688``. Parameter "
"``osapi_max_request_body_size`` di bawah ``[DEFAULT] `` sudah tidak berlaku "
"lagi dan lebih baik menggunakan [oslo_middleware]/``max_request_body_size``."
msgid ""
"**Pass:** If value of parameter ``nas_secure_file_permissions`` under "
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is set to ``auto``. "
"When set to ``auto``, a check is done during cinder startup to determine if "
"there are existing cinder volumes, no volumes will set the option to "
"``True``, and use secure file permissions. The detection of existing volumes "
"will set the option to ``False``, and use the current insecure method of "
"handling file permissions. If value of parameter "
"``nas_secure_file_operations`` under ``[DEFAULT]`` section in ``/etc/cinder/"
"cinder.conf`` is set to ``auto``. When set to \"auto\", a check is done "
"during cinder startup to determine if there are existing cinder volumes, no "
"volumes will set the option to ``True``, be secure and do NOT run as the "
"``root`` user. The detection of existing volumes will set the option to "
"``False``, and use the current method of running operations as the ``root`` "
"user. For new installations, a \"marker file\" is written so that subsequent "
"restarts of cinder will know what the original determination had been."
msgstr ""
"**Pass:** Jika nilai parameter ``nas_secure_file_permissions`` di bawah "
"bagian ``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``auto``. Bila "
"diatur ke ``auto``, sebuah cek dilakukan saat startup cinder untuk "
"menentukan apakah ada volume pengaman yang ada, tidak ada volume yang akan "
"mengatur pilihan ke ``True``, dan menggunakan hak akses file yang aman. "
"Deteksi volume yang ada akan mengatur pilihan ke ``False``, dan gunakan "
"metode penanganan berkas yang tidak aman saat ini. Jika nilai parameter "
"``nas_secure_file_operations`` di bawah bagian ``[DEFAULT] `` di ``/etc/"
"cinder/cinder.conf`` diatur ke ``auto``. Bila disetel ke \"auto\", cek "
"dilakukan saat startup cinder untuk menentukan apakah ada volume cinder yang "
"ada, tidak ada volume yang akan mengatur pilihan ke ``True``, menjadi aman "
"dan TIDAK dijalankan sebagai pengguna ``root`` . Deteksi volume yang ada "
"akan mengatur pilihan ke ``False``, dan gunakan metode operasi berjalan saat "
"ini sebagai pengguna ``root``. Untuk instalasi baru, sebuah \"marker file\" "
"ditulis sehingga restarts cinder berikutnya akan tahu apa tekad semula."
msgid ""
"**Pass:** If value of parameter ``neutron_api_insecure`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``False``."
msgstr ""
"**Pass:**Jika nilai parameter ``neutron_api_insecure`` di bawah bagian "
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
"section in ``/etc/cinder/cinder.conf`` is set to ``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``nova_api_insecure`` di bawah bagian "
"``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
"section in ``manila.conf`` is set to ``False``."
msgstr ""
"**Pass:** Jika nilai parameter ``nova_api_insecure`` dibawah bagian "
"``[DEFAULT]`` dalam ``manila.conf`` diatur ke ``False``."
msgid ""
"**Pass:** If value of parameter ``osapi_max_request_body_size`` under "
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is set to ``114688`` or "
"if value of parameter ``max_request_body_size`` under ``[oslo_middleware]`` "
"section in ``/etc/cinder/cinder.conf`` is set to ``114688``."
msgstr ""
"**Pass:** Jika nilai parameter ``osapi_max_request_body_size`` di bawah "
"bagian ``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``114688`` "
"atau jika nilai parameter ``max_request_body_size`` di bagian bawah "
"``[oslo_middleware]`` di ``/etc/cinder/cinder.conf`` diatur ke ``114688``."
msgid ""
"**Pass:** If value of parameter ``provider`` under ``[token]`` section in ``/"
"etc/keystone/keystone.conf`` is set to fernet."
msgstr ""
"**Pass:**Jika nilai parameter ``provider`` di bawah bagian ``[token] `` di "
"``/etc/keystone/keystone.conf`` diatur ke fernet."
msgid ""
"**Pass:** If value of parameter ``use_ssl`` under ``[DEFAULT]`` section in "
"``/etc/neutron/neutron.conf`` is set to ``True``."
msgstr ""
"**Pass:** Jika nilai parameter ``use_ssl`` di bawah bagian ``[DEFAULT]`` di "
"``/etc/neutron/neutron.conf``diatur ke ``True``."
msgid "**Robert Clark**, HP"
msgstr "**Robert Clark**, HP"
msgid "**Segmented network in share servers back-end mode**"
msgstr "**Segmented network in share servers back-end mode**"
msgid "**Shawn Wells**, Red Hat"
msgstr "**Shawn Wells**, Red Hat"
msgid "**Vibha Fauver**"
msgstr "**Vibha Fauver**"
msgid ""
"**cert**. Authenticates an instance by a TLS certificate. Specify the TLS "
"identity as the IDENTKEY. A valid value is any string up to 64 characters "
"long in the common name (CN) of the certificate."
msgstr ""
"**cert**. Mengotentikasi sebuah instance dari sertifikat TLS. Tentukan "
"identitas TLS sebagai IDENTKEY. Nilai yang valid adalah string yang memiliki "
"panjang hingga 64 karakter dalam common name (CN) dari sertifikat."
msgid ""
"**ip**. Authenticates an instance by its IP address. A valid format is XX.XX."
"XX.XX or XX.XX.XX.XX/XX. For example 0.0.0.0/0."
msgstr ""
"**ip**. Mengotentikasi sebuah instance dari alamat IP-nya. Format yang valid "
"adalah XX.XX.XX.XX atau XX.XX.XX.XX / XX. Misalnya 0.0.0.0/0."
msgid "**no share servers mode**"
msgstr "**no share servers mode**"
msgid "**option**: 'cipher = aes-xts-plain64'"
msgstr "**option**: 'cipher = aes-xts-plain64'"
msgid "**option**: 'enabled = false'"
msgstr "**option**: 'enabled = false'"
msgid "**option**: 'key_size = 512'"
msgstr "**option**: 'key_size = 512'"
msgid "**ro**. Read-only (RO) access."
msgstr "**ro**. Akses Read-only (RO)."
msgid "**rw**. Read and write (RW) access. This is the default value."
msgstr "**rw**. Akses Read dan write (RW). Ini adalah nilai default."
msgid "**share servers mode**"
msgstr "**share servers mode**"
msgid ""
"**user**. Authenticates by a specified user or group name. A valid value is "
"an alphanumeric string that can contain some special characters and is from "
"4 to 32 characters long."
msgstr ""
"**user**. Mengotentikasi pengguna tertentu atau nama grup. Nilai yang valid "
"adalah string alfanumerik yang dapat berisi beberapa karakter khusus dan "
"terdiri dari 4 hingga 32 karakter."
msgid ""
"*Code injection*: If memory or disk transfers are not handled securely, then "
"an attacker could manipulate executables, either on disk or in memory, "
"during the migration."
msgstr ""
"*Code injection*: Jika transfer memori atau disk tidak ditangani dengan "
"aman, maka penyerang dapat memanipulasi file executable, baik pada disk atau "
"memori selama migrasi berlangsung."
msgid "*Data exposure*: Memory or disk transfers must be handled securely."
msgstr ""
"*Data exposure*: Transfer memori atau disk harus ditangani dengan aman."
msgid ""
"*Data manipulation*: If memory or disk transfers are not handled securely, "
"then an attacker could manipulate user data during the migration."
msgstr ""
"*Data manipulation*: Jika transfer memori atau disk tidak ditangani dengan "
"aman, maka penyerang dapat memanipulasi data pengguna selama migrasi "
"berlangsung."
msgid ""
"*Denial of Service (DoS)*: If something fails during the migration process, "
"the instance could be lost."
msgstr ""
"*Denial of Service (DoS)*: Jika sesuatu gagal selama proses migrasi, "
"instance bisa hilang."
msgid "*Middleware configuration* - persisted in paste.ini"
msgstr "*Middleware configuration* - bertahan di paste.ini"
msgid "*RBAC rulesets* - persisted in policy.json"
msgstr "*RBAC rulesets* - bertahan di policy.json"
msgid "*RabbitMQ Credentials* - persisted in barbican.conf"
msgstr "*RabbitMQ Credentials* - bertahan di barbican.conf"
msgid "*RabbitMQ credentials*:"
msgstr "*RabbitMQ credentials*:"
msgid ""
"*Secret data* - Passphrases, Encryption Keys, RSA Keys - persisted in "
"Database [PKCS#11] or HSM [KMIP] or [KMIP, Dogtag]"
msgstr ""
"*Secret data* - Passphrases, Encryption Keys, RSA Keys - bertahan di "
"Database [PKCS#11] atau HSM [KMIP] or [KMIP, Dogtag]"
msgid "*keystone Event Queue Credentials* - persisted in barbican.conf"
msgstr "*keystone Event Queue Credentials* - bertahan di barbican.conf"
msgid "*keystone credentials*:"
msgstr "*keystone credentials*:"
msgid "1024, 2048, or 3072 bits"
msgstr "1024, 2048, atau 3072 bits"
msgid "128, 192, or 256 bit"
msgstr "128, 192, atau 256 bit"
msgid "128, 192, or 256 bits"
msgstr "128, 192, or 256 bits"
msgid "168 bits"
msgstr "168 bits"
msgid "22/tcp"
msgstr "22/tcp"
msgid "3260/tcp"
msgstr "3260/tcp"
msgid "3306/tcp"
msgstr "3306/tcp"
msgid "443/tcp"
msgstr "443/tcp"
msgid "53/tcp"
msgstr "53/tcp"
msgid "5672/tcp"
msgstr "5672/tcp"
msgid "6000"
msgstr "6000"
msgid "6001"
msgstr "6001"
msgid "6002"
msgstr "6002"
msgid "873"
msgstr "873"
msgid ":doc:`Block Storage service checklist <block-storage/checklist>`"
msgstr ":doc:`Block Storage service checklist <block-storage/checklist>`"
msgid ":doc:`Compute service checklist <compute/checklist>`"
msgstr ":doc:`Compute service checklist <compute/checklist>`"
msgid ":doc:`Dashboard checklist <dashboard/checklist>`"
msgstr ":doc:`Dashboard checklist <dashboard/checklist>`"
msgid ":doc:`Identity service checklist <identity/checklist>`"
msgstr ":doc:`Identity service checklist <identity/checklist>`"
msgid ":doc:`Networking service checklist <networking/checklist>`"
msgstr ":doc:`Networking service checklist <networking/checklist>`"
msgid ""
":doc:`Shared File Systems service checklist <shared-file-systems/checklist>`"
msgstr ""
":doc:`Shared File Systems service checklist <shared-file-systems/checklist>`"
msgid ""
":term:`Discretionary Access Control (DAC)` restricts access to file system "
"objects based on :term:`ACL <access control list (ACL)>` that include the "
"standard UNIX permissions for user, groups, and others. Access control "
"mechanisms also protect IPC objects from unauthorized access. The system "
"includes the ext4 file system, which supports POSIX ACLs. This allows "
"defining access rights to files within this type of file system down to the "
"granularity of a single user."
msgstr ""
":term:`Discretionary Access Control (DAC)` membatasi akses ke objek sistem "
"file berdasarkan :term:`ACL <access control list (ACL)>` yang termasuk izin "
"UNIX standar untuk pengguna, grup, dan lainnya. Mekanisme kontrol akses juga "
"melindungi objek IPC dari akses yang tidak sah. Sistem ini mencakup sistem "
"file ext4, yang mendukung POSIX ACLs. Hal ini memungkinkan hak akses "
"menentukan ke file dalam jenis sistem file ini sampai ke perincian satu "
"pengguna."
msgid ""
":term:`Federated Identity<federated identity>` is a mechanism to establish "
"trusts between Identity Providers and Service Providers (SP), in this case, "
"between Identity Providers and the services provided by an OpenStack Cloud."
msgstr ""
":term:`Federated Identity<federated identity>` adalah mekanisme untuk "
"membangun kepercayaan antara Identity Providers dan Service Providers (SP), "
"dalam hal ini, antara Identity Providers dan layanan yang diberikan oleh "
"OpenStack Cloud."
msgid ":term:`Secure shell (SSH)<secure shell (SSH)>`"
msgstr ":term:`Secure shell (SSH)<secure shell (SSH)>`"
msgid ""
"A **real production use case** that shows the purpose of a share types and "
"access to them is a situation when you have two back ends: cheap LVM as a "
"public storage and expensive Ceph as a private storage. In this case you can "
"grant access to certain tenants and make the access with ``user/group`` "
"authentication method."
msgstr ""
"**real production use case** yang menunjukkan tujuan dari jenis share dan "
"akses ke mereka adalah situasi saat Anda memiliki dua tujuan: LVM murah "
"sebagai penyimpanan publik dan Ceph mahal sebagai penyimpanan privat. Dalam "
"hal ini Anda dapat memberikan akses ke penyewa tertentu dan membuat akses "
"dengan metode otentikasi ``user/group`` ."
msgid ""
"A *bridge* is a component that exists inside more than one security domain. "
"Any component that bridges security domains with different trust levels or "
"authentication requirements must be carefully configured. These bridges are "
"often the weak points in network architecture. A bridge should always be "
"configured to meet the security requirements of the highest trust level of "
"any of the domains it is bridging. In many cases the security controls for "
"bridges should be a primary concern due to the likelihood of attack."
msgstr ""
"*bridge* adalah komponen yang ada di dalam lebih dari satu domain keamanan. "
"Setiap komponen yang menjembatani domain keamanan dengan tingkat kepercayaan "
"atau persyaratan otentikasi yang berbeda harus dikonfigurasi dengan saksama. "
"Jembatan ini sering menjadi titik lemah dalam arsitektur jaringan. Jembatan "
"harus selalu dikonfigurasi untuk memenuhi persyaratan keamanan tingkat "
"kepercayaan tertinggi dari domain mana pun yang menjembataninya. Dalam "
"banyak kasus, kontrol keamanan untuk jembatan harus menjadi perhatian utama "
"karena kemungkinan serangan."
msgid ""
"A *security service* is the Shared File Systems service (manila) entity that "
"abstracts a set of options that defines a security domain for a particular "
"shared file system protocol, such as an Active Directory domain or a "
"Kerberos domain. The security service contains all of the information "
"necessary for the Shared File Systems to create a server that joins a given "
"domain."
msgstr ""
"A *security service * adalah entitas Shared File Systems (manila) yang "
"abstract (memisahkan) satu set pilihan yang mendefinisikan domain keamanan "
"untuk protokol sistem file bersama tertentu, seperti domain Active Directory "
"atau domain Kerberos. Layanan keamanan berisi semua informasi yang "
"diperlukan untuk Shared File Systems untuk membuat server yang bergabung "
"dengan domain tertentu."
msgid ""
"A Certificate Revocation List (CRL) is a list of certificate serial numbers "
"that have been revoked. End entities presenting these certificates should "
"not be trusted in a PKI model. Revocation can happen because of several "
"reasons for example, key compromise, CA compromise."
msgstr ""
"Certificate Revocation List (CRL) adalah daftar nomor seri sertifikat yang "
"telah dicabut. Entitas akhir yang mempresentasikan sertifikat ini tidak "
"boleh dipercaya dalam model PKI. Pencabutan bisa terjadi karena beberapa "
"alasan misalnya, kompromi kunci, kompromi CA."
msgid "A DNS IP address that is used inside the tenant network."
msgstr "Alamat IP DNS yang digunakan di dalam jaringan penyewa."
msgid ""
"A bare metal server driver for Compute was under development and has since "
"moved into a separate project called `ironic <https://wiki.openstack.org/"
"wiki/Ironic>`__. At the time of this writing, ironic does not appear to "
"address sanitization of tenant data resident the physical hardware."
msgstr ""
"Driver server bare metal untuk Compute sedang dalam pengembangan dan sejak "
"pindah ke proyek terpisah yang disebut 'ironis <https://wiki.openstack.org/"
"wiki/Ironic> `__. Pada saat penulisan ini, ironis nampaknya tidak membahas "
"sanitasi data penyewa yang menampung perangkat keras fisik."
msgid "A brief description of the purpose of the interface."
msgstr "Uraian singkat tentang tujuan antarmuka."
msgid ""
"A cloud architect should decide what devices to make available to cloud "
"users. Anything that is not needed should be removed from QEMU. This step "
"requires recompiling QEMU after modifying the options passed to the QEMU "
"configure script. For a complete list of up-to-date options simply run :"
"command:`./configure --help` from within the QEMU source directory. Decide "
"what is needed for your deployment, and disable the remaining options."
msgstr ""
"Arsitek awan harus menentukan perangkat apa yang tersedia bagi pengguna "
"cloud. Apa pun yang tidak dibutuhkan harus dihapus dari QEMU. Langkah ini "
"memerlukan rekam ulang QEMU setelah memodifikasi opsi yang dilewatkan ke "
"skrip konfigurasi QEMU. Untuk daftar opsi up-to-date yang lengkap, cukup "
"jalankan :command:`./configure --help` dari dalam direktori sumber QEMU. "
"Tentukan apa yang dibutuhkan untuk penerapan Anda, dan nonaktifkan opsi yang "
"tersisa."
msgid ""
"A cloud can be abstracted as a collection of logical components by virtue of "
"their function, users, and shared security concerns, which we call security "
"domains. Threat actors and vectors are classified based on their motivation "
"and access to resources. Our goal is to provide you a sense of the security "
"concerns with respect to each domain depending on your risk/vulnerability "
"protection objectives."
msgstr ""
"Awan dapat diabstraksikan sebagai kumpulan komponen logis berdasarkan "
"fungsi, pengguna, dan masalah keamanan bersama, yang disebut domain "
"keamanan. Aktor dan vektor ancaman digolongkan berdasarkan motivasi dan "
"akses terhadap sumber daya. Tujuan kami adalah memberi Anda rasa "
"kekhawatiran keamanan sehubungan dengan setiap domain tergantung pada tujuan "
"perlindungan risiko/kerentanan Anda."
msgid ""
"A cloud deployment is a living system. Machines age and fail, software "
"becomes outdated, vulnerabilities are discovered. When errors or omissions "
"are made in configuration, or when software fixes must be applied, these "
"changes must be made in a secure, but convenient, fashion. These changes are "
"typically solved through configuration management."
msgstr ""
"Pengerahan awan merupakan sistem kehidupan. Mesin menjadi menua dan gagal, "
"perangkat lunak menjadi usang, kerentanan akan ditemukan. Bila terjadi "
"kesalahan atau kelalaian dalam konfigurasi, atau bila perbaikan perangkat "
"lunak harus diterapkan, perubahan ini harus dilakukan dengan cara yang aman "
"namun nyaman. Perubahan ini biasanya diselesaikan melalui manajemen "
"konfigurasi."
msgid ""
"A cloud will always have bugs. Some of these will be security problems. For "
"this reason, it is critically important to be prepared to apply security "
"updates and general software updates. This involves smart use of "
"configuration management tools, which are discussed below. This also "
"involves knowing when an upgrade is necessary."
msgstr ""
"Awan akan selalu memiliki bug. Beberapa di antaranya akan menjadi masalah "
"keamanan. Untuk alasan ini, sangat penting untuk bersiap menerapkan "
"pembaruan keamanan dan pembaruan perangkat lunak umum. Ini melibatkan "
"penggunaan alat manajemen konfigurasi yang cerdas, yang akan dibahas di "
"bawah ini. Ini juga melibatkan mengetahui kapan upgrade diperlukan."
msgid ""
"A cloud will host many virtual instances, and monitoring these instances "
"goes beyond hardware monitoring and log files which may just contain CRUD "
"events."
msgstr ""
"Awan akan meng-host banyak instance virtual, dan memantau instance ini "
"melampaui pemantauan perangkat keras dan file log yang mungkin berisi "
"kejadian CRUD."
msgid ""
"A common reason to perform a security review on an OpenStack project is to "
"enable that project to achieve the *vulnerability:managed* governance tag. "
"The OpenStack Vulnerability Management Team (VMT) applies the `vulnerability:"
"managed tag <https://governance.openstack.org/reference/tags/"
"vulnerability_managed.html>`_ to projects where the report reception and "
"disclosure of vulnerabilities is managed by the VMT. One of the requirements "
"for gaining the tag is that some form of security review, audit or threat "
"analysis has been performed on the project."
msgstr ""
"Alasan umum untuk melakukan tinjauan keamanan pada proyek OpenStack adalah "
"untuk memungkinkan proyek tersebut mencapai tag pengelolaan *vulnerability:"
"managed* . OpenStack Vulnerability Management Team (VMT) menerapkan "
"`vulnerability:managed tag <https://governance.openstack.org/reference/tags/"
"vulnerability_managed.html>`_ untuk proyek di mana laporan penerimaan dan "
"pengungkapan kerentanan dikelola oleh VMT. Salah satu persyaratan untuk "
"mendapatkan tag adalah beberapa bentuk tinjauan keamanan, audit atau "
"analisis ancaman telah dilakukan pada proyek."
msgid ""
"A complete tutorial on secure boot deployment is beyond the scope of this "
"book. Instead, here we provide a framework for how to integrate secure boot "
"technologies with the typical node provisioning process. For additional "
"details, cloud architects should refer to the related specifications and "
"software configuration manuals."
msgstr ""
"Tutorial lengkap tentang penerapan booting aman berada di luar cakupan buku "
"ini. Sebagai gantinya, di sini kami menyediakan kerangka kerja bagaimana "
"mengintegrasikan teknologi boot aman dengan proses penyediaan node tipikal. "
"Untuk rincian tambahan, arsitek awan harus mengacu pada spesifikasi dan "
"manual konfigurasi perangkat lunak yang terkait."
msgid ""
"A compromised application running within a VM attacks the hypervisor to "
"access or control another virtual machine and its resources. This is a "
"threat vector unique to virtualization and represents considerable risk as a "
"multitude of virtual machine file images could be compromised due to "
"vulnerability in a single application. This virtual network attack is a "
"major concern as the administrative techniques for protecting real networks "
"do not directly apply to the virtual environment."
msgstr ""
"Aplikasi yang disusupi yang berjalan di dalam VM menyerang hypervisor untuk "
"mengakses atau mengendalikan mesin virtual lain dan sumber dayanya. Ini "
"adalah vektor ancaman yang unik untuk virtualisasi dan merupakan risiko yang "
"cukup besar karena banyak image file mesin virtual dapat dikompromikan "
"karena kerentanan dalam satu aplikasi. Serangan jaringan virtual ini menjadi "
"perhatian utama karena teknik administratif untuk melindungi jaringan "
"sebenarnya tidak langsung diterapkan ke lingkungan virtual."
msgid ""
"A compromised application running within a virtual machine attacks the "
"hypervisor to access underlying resources. For example, when a virtual "
"machine is able to access the hypervisor OS, physical devices, or other "
"applications. This threat vector represents considerable risk as a "
"compromise on a hypervisor can infect the physical hardware as well as "
"exposing other virtual machines and network segments."
msgstr ""
"Aplikasi yang disusupi yang berjalan di dalam mesin virtual menyerang "
"hypervisor untuk mengakses sumber daya yang mendasarinya. Misalnya, ketika "
"mesin virtual mampu mengakses hypervisor OS, perangkat fisik, atau aplikasi "
"lainnya. Vektor ancaman ini merupakan risiko yang cukup besar karena "
"kompromi pada hypervisor dapat menginfeksi perangkat keras fisik serta "
"membeberkan mesin virtual dan segmen jaringan lainnya."
msgid ""
"A directory service that Microsoft developed for Windows domain networks. "
"Uses LDAP, Microsoft's version of Kerberos, and DNS."
msgstr ""
"Layanan direktori yang dikembangkan Microsoft untuk domain Windows. "
"Menggunakan LDAP, versi Microsoft Kerberos, dan DNS."
msgid ""
"A directory service, such as LDAP, RADIUS and Active Directory, which allows "
"users to login with a user name and password, is a typical source of "
"authentication tokens (e.g. passwords) at an :term:`identity provider`."
msgstr ""
"Layanan direktori, seperti LDAP, RADIUS dan Active Directory, yang "
"memungkinkan pengguna masuk dengan nama pengguna dan kata sandi, merupakan "
"sumber khas token otentikasi (misalnya kata sandi) pada sebuah :term:"
"`identity provider`."
msgid "A domain of a security service."
msgstr "Sebuah domain dari sebuah layanan keamanan."
msgid ""
"A federated user may request a :term:`scoped token`, by using the unscoped "
"token. A project or domain may be specified by either ID or name. An ID is "
"sufficient to uniquely identify a project or domain. For example,"
msgstr ""
"Seorang pengguna federasi dapat meminta :term:`scoped token`, dengan "
"menggunakan unscoped token. Sebuah proyek atau domain dapat ditentukan oleh "
"ID atau nama. ID cukup untuk mengidentifikasi suatu proyek atau domain "
"secara unik. Sebagai contoh,"
msgid ""
"A hardware infection occurs when an instance makes a malicious modification "
"to the firmware or some other part of a device. As this device is used by "
"other instances or the host OS, the malicious code can spread into those "
"systems. The end result is that one instance can run code outside of its "
"security domain. This is a significant breach as it is harder to reset the "
"state of physical hardware than virtual hardware, and can lead to additional "
"exposure such as access to the management network."
msgstr ""
"Sebuah infeksi perangkat keras terjadi ketika sebuah instance membuat "
"modifikasi berbahaya ke firmware atau bagian lain dari perangkat. Karena "
"perangkat ini digunakan oleh instance lain atau host OS, kode berbahaya "
"dapat menyebar ke sistem tersebut. Hasil akhirnya adalah satu instance dapat "
"menjalankan kode di luar domain keamanannya. Ini adalah pelanggaran yang "
"signifikan karena lebih sulit untuk mengatur ulang keadaan perangkat keras "
"fisik daripada perangkat keras virtual, dan dapat menyebabkan pembukaan "
"(exposure) tambahan seperti akses ke jaringan manajemen."
msgid ""
"A hybrid cloud is defined by NIST as a composition of two or more distinct "
"cloud infrastructures, such as private, community, or public, that remain "
"unique entities, but are bound together by standardized or proprietary "
"technology that enables data and application portability, such as cloud "
"bursting for load balancing between clouds. For example, an online retailer "
"might present their advertising and catalogue on a public cloud that allows "
"for elastic provisioning. This would enable them to handle seasonal loads in "
"a flexible, cost-effective fashion. Once a customer begins to process their "
"order, they are transferred to a more secure private cloud that is PCI "
"compliant."
msgstr ""
"Sebuah awan hibrida didefinisikan oleh NIST sebagai komposisi dari dua atau "
"lebih infrastruktur awan yang berbeda, seperti private, community, atau "
"public, yang tetap merupakan entitas unik, namun terikat bersama oleh "
"teknologi standar atau proprietary yang memungkinkan portabilitas data dan "
"aplikasi, seperti cloud bursting untuk load balancing antara awan. Misalnya, "
"peritel online dapat menampilkan iklan dan katalog mereka di awan publik "
"yang memungkinkan penyediaan elastis. Ini akan memungkinkan mereka menangani "
"beban musiman dengan cara yang fleksibel dan hemat biaya. Begitu pelanggan "
"mulai memproses pesanan mereka, mereka akan ditransfer ke awan pribadi yang "
"lebih aman yang sesuai dengan PCI."
msgid ""
"A hypervisor runs independent virtual machines. This hypervisor can run in "
"an operating system or directly on the hardware (called baremetal). Updates "
"to the hypervisor are not propagated down to the virtual machines. For "
"example, if a deployment is using XenServer and has a set of Debian virtual "
"machines, an update to XenServer will not update anything running on the "
"Debian virtual machines."
msgstr ""
"Sebuah hypervisor menjalankan mesin virtual independen. Hypervisor ini bisa "
"berjalan di sistem operasi atau langsung pada perangkat keras (disebut "
"baremetal). Pembaruan hypervisor tidak disebarkan ke mesin virtual. "
"Misalnya, jika penggelaran menggunakan XenServer dan memiliki satu set mesin "
"virtual Debian, pembaruan ke XenServer tidak akan memperbarui apa pun yang "
"berjalan di mesin virtual Debian."
msgid ""
"A list of known plug-ins provided by the open source community or by SDN "
"companies that work with OpenStack Networking is available at `OpenStack "
"neutron plug-ins and drivers wiki page <https://wiki.openstack.org/wiki/"
"Neutron_Plugins_and_Drivers>`__."
msgstr ""
"Daftar plug-in yang diketahui disediakan oleh komunitas open source atau "
"oleh perusahaan SDN yang bekerja dengan OpenStack Networking tersedia di "
"`OpenStack neutron plug-ins and drivers wiki page <https://wiki.openstack."
"org/wiki/Neutron_Plugins_and_Drivers>`__."
msgid ""
"A list of the components of the deployed project excluding external "
"entities. Each component should be named and have a brief description of its "
"purpose, and be labeled with the primary technology used (e.g. Python, "
"MySQL, RabbitMQ)."
msgstr ""
"Daftar komponen proyek yang dikerahkan tidak termasuk entitas eksternal. "
"Setiap komponen harus diberi nama dan memiliki deskripsi singkat tentang "
"tujuannya, dan diberi label dengan teknologi utama yang digunakan (misalnya "
"Python, MySQL, RabbitMQ)."
msgid ""
"A list of the expected primary users of the implemented architecture and "
"their use-cases. 'Users' can either be actors or other services within "
"OpenStack."
msgstr ""
"Daftar pengguna primer yang diharapkan dari arsitektur yang diterapkan dan "
"use-case nya. 'Users' bisa jadi aktor atau layanan lainnya di dalam "
"OpenStack."
msgid ""
"A local directory can also be used (``local``), but is considered insecure "
"and not suitable for a production enviroment."
msgstr ""
"Direktori lokal juga dapat digunakan (``local``), namun dianggap tidak aman "
"dan tidak sesuai untuk lingkungan produksi."
msgid ""
"A mutual authentication network protocol using 'tickets' to secure "
"communication between client and server. The Kerberos ticket-granting ticket "
"can be used to securely provide tickets for a given service."
msgstr ""
"Protokol jaringan otentikasi bersama menggunakan 'tickets' untuk mengamankan "
"komunikasi antara client dan server. Tiket Kerberos ticket-granting dapat "
"digunakan untuk menyediakan tiket secara aman dengan layanan yang ada."
msgid ""
"A network topology should be provided with highlights specifically calling "
"out the data flows and bridging points between the security domains. Network "
"ingress and egress points should be identified along with any OpenStack "
"logical system boundaries. Multiple diagrams might be needed to provide "
"complete visual coverage of the system. A network topology document should "
"include virtual networks created on behalf of tenants by the system along "
"with virtual machine instances and gateways created by OpenStack."
msgstr ""
"Topologi jaringan harus dilengkapi dengan highlight (sorotan) yang secara "
"khusus memanggil arus data dan bridging point (titik penjembatan) di antara "
"domain keamanan. Network ingress dan egress point harus diidentifikasi "
"bersamaan dengan batasan sistem logis OpenStack manapun. Beberapa diagram "
"mungkin diperlukan untuk menyediakan cakupan visual lengkap dari sistem. "
"Dokumen topologi jaringan harus mencakup jaringan virtual yang dibuat atas "
"nama penyewa oleh sistem beserta instance mesin virtual dan gateway yang "
"dibuat oleh OpenStack."
msgid ""
"A notable difference in the attack surface of public clouds is that they "
"must provide internet access to their services. Instance connectivity, "
"access to files over the internet and the ability to interact with the cloud "
"controlling fabric such as the API endpoints and dashboard are must-haves "
"for the public cloud."
msgstr ""
"Perbedaan yang mencolok di permukaan serangan awan publik adalah mereka "
"harus menyediakan akses internet ke layanan mereka. Instance connectivity, "
"akses ke file melalui internet dan kemampuan untuk berinteraksi dengan cloud "
"controlling fabric seperti API endpoint dan dasbor menjadi harus dimiliki "
"(must-have) bagi awan publik."
msgid "A password for a user, if you specify a user name."
msgstr "Kata sandi untuk pengguna, jika Anda menentukan nama pengguna."
msgid ""
"A policy engine and its configuration file, ``policy.json``, within "
"OpenStack Networking provides a method to provide finer grained "
"authorization of users on project networking methods and objects. The "
"OpenStack Networking policy definitions affect network availability, network "
"security and overall OpenStack security. Cloud architects and operators "
"should carefully evaluate their policy towards user and project access to "
"administration of network resources. For a more detailed explanation of "
"OpenStack Networking policy definition, please refer to the `Authentication "
"and authorization section <https://docs.openstack.org/admin-guide/"
"networking_auth.html>`__ in the OpenStack Administrator Guide."
msgstr ""
"Sebuah mesin kebijakan dan file konfigurasinya, ``policy.json``, di dalam "
"OpenStack Networking menyediakan metode untuk memberikan otorisasi pengguna "
"yang lebih halus mengenai metode dan objek jaringan proyek. Definisi "
"kebijakan OpenStack Networking mempengaruhi ketersediaan jaringan, keamanan "
"jaringan dan keamanan OpenStack secara keseluruhan. Arsitek dan operator "
"awan harus hati-hati mengevaluasi kebijakan mereka terhadap akses pengguna "
"dan proyek untuk administrasi sumber daya jaringan. Untuk penjelasan lebih "
"rinci tentang definisi kebijakan OpenStack Networking, lihat `Authentication "
"and authorization section <https://docs.openstack.org/admin-guide/"
"networking_auth.html> `__ di Panduan Administrator OpenStack."
msgid ""
"A policy rule determines under which circumstances the API call is "
"permitted. The ``/etc/manila/policy.json`` file has rules where action is "
"always permitted, when the rule is an empty string: ``\"\"``; the rules "
"based on the user role or rules; rules with boolean expressions. Below is a "
"snippet of the ``policy.json`` file for the Shared File Systems service. "
"From one OpenStack release to another it can be changed."
msgstr ""
"Aturan kebijakan menentukan keadaan yang diizinkan API diizinkan. File ``/"
"etc/manila/policy.json`` memiliki aturan di mana tindakan selalu diizinkan, "
"bila aturan adalah string kosong: ``\"\"``; aturan berdasarkan peran atau "
"aturan pengguna; aturan dengan ekspresi boolean. Berikut adalah cuplikan "
"dari file ``policy.json`` untuk layanan Shared File Systems. Dari satu rilis "
"OpenStack ke yang lain itu bisa diubah."
msgid ""
"A production quality cloud should always use tools to automate configuration "
"and deployment. This eliminates human error, and allows the cloud to scale "
"much more rapidly. Automation also helps with continuous integration and "
"testing."
msgstr ""
"Awan kualitas produksi harus selalu menggunakan alat untuk mengotomatisasi "
"konfigurasi dan penyebaran. Ini menghilangkan kesalahan manusia, dan "
"memungkinkan awan untuk skala jauh lebih cepat. Otomasi juga membantu dengan "
"integrasi dan pengujian terus menerus."
msgid ""
"A proxy node should have at least two interfaces (physical or virtual): one "
"public and one private. Firewalls or service binding might protect the "
"public interface. The public facing service is an HTTP web server that "
"processes end-point client requests, authenticates them, and performs the "
"appropriate action. The private interface does not require any listening "
"services, but is instead used to establish outgoing connections to storage "
"nodes on the private storage network."
msgstr ""
"Sebuah node proxy harus memiliki setidaknya dua antarmuka (fisik atau "
"virtual): satu publik dan satu pribadi. Firewall atau layanan yang mengikat "
"bisa melindungi antarmuka publik. Layanan yang dihadapi publik adalah server "
"web HTTP yang memproses permintaan klien end-point, mengotentikasi mereka, "
"dan melakukan tindakan yang sesuai. Antarmuka pribadi tidak memerlukan "
"layanan listening, namun digunakan untuk membuat koneksi keluar ke node "
"penyimpanan pada jaringan penyimpanan pribadi."
msgid ""
"A risk assessment framework identifies risks within an organization or "
"service, and specifies ownership of these risks, along with implementation "
"and mitigation strategies. Risks apply to all areas of the service, from "
"technical controls to environmental disaster scenarios and human elements. "
"For example, a malicious insider. Risks can be rated using a variety of "
"mechanisms. For example, likelihood versus impact. An OpenStack deployment "
"risk assessment can include control gaps."
msgstr ""
"Kerangka penilaian risiko mengidentifikasi risiko di dalam organisasi atau "
"layanan, dan menentukan kepemilikan risiko ini, bersamaan dengan strategi "
"implementasi dan mitigasi. Risiko berlaku untuk semua area layanan, mulai "
"dari kontrol teknis hingga skenario bencana lingkungan dan elemen manusia. "
"Misalnya orang jahat. Resiko dapat dinilai dengan menggunakan berbagai "
"mekanisme. Misalnya, likelihood versus impact. Penilaian risiko pengerahan "
"OpenStack dapat mencakup kesenjangan kontrol."
msgid ""
"A security domain comprises users, applications, servers or networks that "
"share common trust requirements and expectations within a system. Typically "
"they have the same :term:`authentication` and :term:`authorization` (AuthN/"
"Z) requirements and users."
msgstr ""
"Sebuah domain keamanan terdiri dari pengguna, aplikasi, server atau jaringan "
"yang berbagi persyaratan dan harapan kepercayaan bersama dalam sebuah "
"sistem. Biasanya mereka memiliki persyaratan yang sama :term: "
"`authentication` dan :term:` authorization` (AuthN/Z) dan pengguna."
msgid ""
"A security group is a container for security group rules. Security groups "
"and their rules allow administrators and projects the ability to specify the "
"type of traffic and direction (ingress/egress) that is allowed to pass "
"through a virtual interface port. When a virtual interface port is created "
"in OpenStack Networking it is associated with a security group. For further "
"details on the default behavior of port security groups, reference the "
"`Networking Security Group Behavior <https://wiki.openstack.org/wiki/Neutron/"
"SecurityGroups#Behavior>`__ documentation. Rules can be added to the default "
"security group in order to change the behavior on a per-deployment basis."
msgstr ""
"Grup keamanan adalah wadah untuk aturan kelompok keamanan. Grup keamanan dan "
"peraturan mereka mengizinkan administrator dan memproyeksikan kemampuan "
"untuk menentukan jenis lalu lintas dan arah (ingress/egress) yang diizinkan "
"melewati port antarmuka virtual. Bila port antarmuka virtual dibuat di "
"OpenStack Networking, ini terkait dengan grup keamanan. Untuk rincian lebih "
"lanjut tentang perilaku grup keamanan port default, rujuk dokumentasi "
"`Networking Security Group Behavior <https://wiki.openstack.org/wiki/Neutron/"
"SecurityGroups#Behavior>`__. Aturan dapat ditambahkan ke grup keamanan "
"default untuk mengubah perilaku berdasarkan per-penyebaran."
msgid ""
"A separate database administrator (DBA) account should be created and "
"protected that has full privileges to create/drop databases, create user "
"accounts, and update user privileges. This simple means of separation of "
"responsibility helps prevent accidental misconfiguration, lowers risk and "
"lowers scope of compromise."
msgstr ""
"database administrator (DBA) terpisah harus dibuat dan dilindungi yang "
"memiliki hak penuh untuk create/drop databases, create user accounts, dan "
"update user privileges. Cara pemisahan tanggung jawab yang sederhana ini "
"membantu mencegah kesalahan konfigurasi yang tidak disengaja, mengurangi "
"risiko dan menurunkan cakupan bahaya (compromise)."
msgid ""
"A share can be *public* or *private*. This is a level of visibility for the "
"share that defines whether other tenants can or cannot see the share. By "
"default, all shares are created as private. While creating a share, use key "
"``--public`` to make your share public for other tenants to see it in a list "
"of shares and see its detailed information."
msgstr ""
"Share bisa *public* atau *private*. Ini adalah tingkat visibilitas untuk "
"share yang menentukan apakah penyewa lain dapat atau tidak dapat melihat "
"share nya. Secara default, semua share dibuat sebagai private. Sambil "
"menciptakan share, gunakan key ``--public``untuk membuat share public Anda "
"untuk penyewa lain melihatnya dalam daftar share dan melihat informasi "
"rincinya."
msgid ""
"A share driver in the Shared File Systems service is a Python class that can "
"be set for the back end and run in it to manage share operations, some of "
"which are vendor-specific. The back end is an instance of manila-share "
"service. There are a big number of share drivers created by different "
"vendors in the Shared File Systems service. Each share driver supports one "
"or more back end modes: *share servers* and *no share servers*. An "
"administrator chooses which mode is used by specifying it in ``manila.conf`` "
"configuration file. An option ``driver_handles_share_servers`` is used for "
"it."
msgstr ""
"Share driver dalam layanan Shared File Systems adalah kelas Python yang "
"dapat diatur untuk back end dan berjalan di dalamnya untuk mengelola operasi "
"share, beberapa di antaranya vendor-specific. Back end adalah instance dari "
"layanan manila-share. Ada sejumlah besar share driver yang dibuat oleh "
"vendor yang berbeda dalam layanan Shared File Systems. Setiap share driveri "
"mendukung satu atau beberapa mode back end: *share servers* dan *no share "
"servers *. Administrator memilih mode mana yang digunakan dengan "
"menentukannya di file konfigurasi ``manila.conf```. Pilihan "
"``driver_handles_share_servers`` digunakan untuk itu."
msgid ""
"A share is a remote, mountable file system. You can mount a share to and "
"access a share from several hosts by several users at a time."
msgstr ""
"Share adalah sistem berkas yang dapat di mount dan jauh. Anda dapat me-mount "
"share dan mengakses share dari beberapa host oleh beberapa pengguna "
"sekaligus."
msgid ""
"A share type is an administrator-defined \"type of service\", comprised of a "
"tenant visible description, and a list of non-tenant-visible key-value pairs "
"- extra specifications. The manila-scheduler uses extra specifications to "
"make scheduling decisions, and drivers control the share creation."
msgstr ""
"Jenis share adalah \"type of service\" yang administrator-defined, terdiri "
"dari deskripsi yang terlihat oleh penyewa, dan daftar non-tenant-visible key-"
"value pairs - extra specifications. Manila-scheduler menggunakan spesifikasi "
"tambahan untuk membuat keputusan penjadwalan, dan driver mengendalikan "
"penciptaan share."
msgid ""
"A standard OpenStack Networking setup has up to four distinct physical data "
"center networks:"
msgstr ""
"Penyiapan OpenStack Networking standar memiliki hingga empat jaringan data "
"center fisik yang berbeda:"
msgid ""
"A system entity that provides services to principals or other system "
"entities, in this case, OpenStack Identity is the Service Provider."
msgstr ""
"Entitas sistem yang memberikan layanan kepada prinsipal atau entitas sistem "
"lainnya, dalam hal ini, OpenStack Identity adalah Service Provider."
msgid "A table example is provided below:"
msgstr "Contoh tabel disediakan di bawah ini:"
msgid ""
"A third non supported method is Fixed/Hardcoded keys. It is known that some "
"OpenStack services have the option to specify keys in their configuration "
"files. This is the least secure way to operate and we do not recommend this "
"for any sort of production environment."
msgstr ""
"Metode ketiga yang tidak didukung adalah kunci Fixed/Hardcoded. Diketahui "
"bahwa beberapa layanan OpenStack memiliki pilihan untuk menentukan kunci "
"pada file konfigurasi mereka. Ini adalah cara yang paling aman untuk "
"dioperasikan dan kami tidak merekomendasikan hal ini untuk lingkungan "
"produksi apapun."
msgid ""
"A threat actor is an abstract way to refer to a class of adversary that you "
"may attempt to defend against. The more capable the actor, the more "
"expensive the security controls that are required for successful attack "
"mitigation and prevention. Security is a tradeoff between cost, usability "
"and defense. In some cases it will not be possible to secure a cloud "
"deployment against all of the threat actors we describe here. Those "
"deploying an OpenStack cloud will have to decide where the balance lies for "
"their deployment/usage."
msgstr ""
"Aktor ancaman adalah cara abstrak untuk merujuk pada kelas musuh yang "
"mungkin Anda coba pertahankan. Aktor yang lebih mumpuni, semakin mahal "
"kontrol keamanan yang dibutuhkan untuk keberhasilan mitigasi dan pencegahan "
"serangan. Keamanan adalah tradeoff antara biaya, kegunaan dan pertahanan. "
"Dalam beberapa kasus, tidak mungkin untuk mengamankan penyebaran awan "
"terhadap semua aktor ancaman yang kami jelaskan di sini. Mereka yang "
"mengerahkan awan OpenStack harus membuat keputusan di mana keseimbangannya "
"terletak pada penerapan/penggunaannya (deployment/usage)."
msgid "A user or group name that is used by a tenant."
msgstr "Nama pengguna atau grup yang digunakan oleh penyewa."
msgid ""
"A volume encryption feature in OpenStack supports privacy on a per-tenant "
"basis. As of the Kilo release, the following features are supported:"
msgstr ""
"Fitur enkripsi volume di OpenStack mendukung privasi secara per-penyewa. "
"Pada rilis Kilo, fitur berikut didukung:"
msgid "AES"
msgstr "AES"
msgid "AMQP"
msgstr "AMQP"
msgid ""
"AMQP based solutions (Qpid and RabbitMQ) support transport-level security "
"using TLS. ZeroMQ messaging does not natively support TLS, but transport-"
"level security is possible using labelled IPsec or CIPSO network labels."
msgstr ""
"Solusi berbasis AMQP (Qpid and RabbitMQ) mendukung keamanan tingkat "
"transportasi menggunakan TLS. Pesan ZeroMQ tidak mendukung TLS, namun "
"keamanan tingkat transportasi dimungkinkan menggunakan label jaringan CIPSO "
"atau labelled IPsec."
msgid "AMQP message service"
msgstr "AMQP message service"
msgid "API endpoint configuration recommendations"
msgstr "Rekomendasi konfigurasi API endpoint"
msgid "API endpoint process isolation and policy"
msgstr "Isolasi dan kebijakan proses endpoint API"
msgid "API endpoint rate-limiting"
msgstr "API endpoint rate-limiting"
msgid "API endpoints"
msgstr "API endpoints"
msgid "API network"
msgstr "Jaringan API"
msgid "Abstract"
msgstr "Abstrak"
msgid "Access and log reviews"
msgstr "Akses dan tinjauan log"
msgid "Access control lists"
msgstr "Daftar kontrol akses (access control list)"
msgid ""
"Access to keystone credentials or plaintext secrets is considered a total "
"security failure of the system - this interface must have robust "
"confidentiality and integrity controls."
msgstr ""
"Akses ke kredensial keystone atau rahasia plaintext dianggap sebagai "
"kegagalan keamanan total sistem - antarmuka ini harus memiliki kontrol "
"kerahasiaan dan integritas yang kuat."
msgid ""
"According to NIST, a public cloud is one in which the infrastructure is open "
"to the general public for consumption. OpenStack public clouds are typically "
"run by a :term:`service provider` and can be consumed by individuals, "
"corporations, or any paying customer. A public-cloud provider might expose a "
"full set of features such as software-defined networking or block storage, "
"in addition to multiple instance types."
msgstr ""
"Menurut NIST, awan publik adalah infrastruktur yang terbuka bagi masyarakat "
"umum untuk dikonsumsi. Awan publik OpenStack biasanya dijalankan oleh :term:"
"`service provider` dan dapat dikonsumsi oleh individu, perusahaan, atau "
"pelanggan yang membayar. Penyedia awan publik mungkin mengekspos serangkaian "
"fitur lengkap seperti jaringan yang didefinisikan perangkat lunak atau "
"penyimpanan blok, dan juga beberapa jenis instance."
msgid ""
"According to a :ref:`policy.json <shared_fs_policies>` file, an "
"administrator and the users as share owners can manage access to shares by "
"means of creating access rules. Using :command:`manila access-allow`, :"
"command:`manila access-deny` and :command:`manila access-list` commands, you "
"can grant, deny and list access to a specified share correspondingly."
msgstr ""
"Menurut file :ref:`policy.json <shared_fs_policies>`, administrator dan "
"pengguna sebagai pemilik share dapat mengelola akses ke share dengan cara "
"membuat aturan akses. Menggunakan perintah :command:`manila access-allow`, :"
"command:`manila access-deny` dan :command:`manila access-list`, Anda dapat "
"memberi, menolak, dan mendaftar akses ke share tertentu."
msgid "Account and container custom user metadata values"
msgstr "Account dan container custom user metadata values"
msgid "Account service"
msgstr "Layanan Account"
msgid "Account, container, and object names"
msgstr "Account, container, dan object names"
msgid "Acknowledgements"
msgstr "Ucapan Terima Kasih"
msgid "Act as a reference for auditors when evaluating OpenStack deployments."
msgstr ""
"Bertindak sebagai referensi bagi auditor saat mengevaluasi penerapan "
"OpenStack."
msgid ""
"Acting alone, these attackers come in many guises, such as rogue or "
"malicious employees, disaffected customers, or small-scale industrial "
"espionage."
msgstr ""
"Bertindak sendiri, penyerang ini datang dalam banyak samaran, seperti "
"karyawan nakal atau jahat, pelanggan yang tidak puas, atau spionase industri "
"skala kecil."
msgid ""
"Actions may be taken to mitigate potential malicious activity such as "
"blacklisting an IP address, recommending the strengthening of user "
"passwords, or de-activating a user account if it is deemed dormant."
msgstr ""
"Tindakan dapat dilakukan untuk mengurangi potensi aktivitas berbahaya "
"seperti memasukkan alamat IP ke daftar hitam, merekomendasikan penguatan "
"kata sandi pengguna, atau menonaktifkan akun pengguna jika dianggap tidak "
"aktif."
msgid "Active Directory"
msgstr "Active Directory"
msgid "Active developer and user communities"
msgstr "Pengembang aktif dan komunitas pengguna"
msgid ""
"Adam facilitated this Book Sprint. He also founded the Book Sprint "
"methodology and is the most experienced Book Sprint facilitator around. Adam "
"founded FLOSS Manuals—a community of some 3,000 individuals developing Free "
"Manuals about Free Software. He is also the founder and project manager for "
"Booktype, an open source project for writing, editing, and publishing books "
"online and in print."
msgstr ""
"Adam memfasilitasi Book Sprint Ini. Dia juga mendirikan metodologi Book "
"Sprint dan merupakan fasilitator Book Sprint yang paling berpengalaman. Adam "
"mendirikan FLOSS Manuals - sebuah komunitas yang terdiri dari sekitar 3.000 "
"individu yang mengembangkan Free Manuals tentang Free Software. Dia juga "
"pendiri dan manajer proyek untuk Booktype, sebuah proyek open source untuk "
"menulis, mengedit, dan menerbitkan buku secara online dan dicetak."
msgid "Add Identity Providers, Mappings and Protocols."
msgstr "Tambahkan Identity Provider, Pemetaan dan Protokol."
msgid "Add ``WSGIScriptAlias`` directive to your vhost configuration:"
msgstr ""
"Tambahkan directive (petunjuk) `WSGIScriptAlias`` ke konfigurasi vhost Anda:"
msgid ""
"Add the Federation extension driver to the ``[federation]`` section in the "
"``keystone.conf`` file. For example:"
msgstr ""
"Tambahkan driver ekstensi Federation ke bagian ``[federation]`` di file "
"``keystone.conf``. Sebagai contoh:"
msgid ""
"Add the ``federation_extension`` middleware to the ``api_v3`` pipeline in "
"the ``keystone-paste.ini`` file. For example:"
msgstr ""
"Tambahkan middleware ``federation_extension` ke pipa ``api_v3`` di file "
"``keystone-paste.ini``. Sebagai contoh:"
msgid ""
"Add the saml2 authentication method to the ``[auth]`` section in ``keystone."
"conf`` file:"
msgstr ""
"Tambahkan metode otentikasi saml2 ke bagian ``[auth]`` di file `keystone."
"conf``:"
msgid "Add two ``<Location>`` directives to the ``wsgi-keystone.conf`` file:"
msgstr ""
"Tambahkan dua directive ``<Location> `` ke file ``wsgi-keystone.conf``:"
msgid ""
"Adding it in a different location requires you set up your SELinux policy "
"accordingly."
msgstr ""
"Menambahkannya di lokasi yang berbeda mengharuskan Anda mengatur kebijakan "
"SELinux Anda sesuai dengan itu."
msgid "Additional security features"
msgstr "Fitur keamanan tambahan"
msgid ""
"Additionally, it is possible for tenants of a bare metal system to modify "
"system firmware. TPM technology, described in :ref:`management-secure-"
"bootstrapping`, provides a solution for detecting unauthorized firmware "
"changes."
msgstr ""
"Selain itu, dimungkinkan bagi penyewa sistem bare metal untuk memodifikasi "
"firmware sistem. Teknologi TPM, dijelaskan dalam :ref: `manajemen-aman-"
"bootstrapping`, menyediakan solusi untuk mendeteksi perubahan firmware yang "
"tidak sah."
msgid ""
"Additionally, the following security-related criteria are highly encouraged "
"to be evaluated when selecting a hypervisor for OpenStack deployments: * Has "
"the hypervisor undergone Common Criteria certification? If so, to what "
"levels? * Is the underlying cryptography certified by a third-party?"
msgstr ""
"Selain itu, kriteria terkait keamanan berikut sangat dianjurkan untuk "
"dievaluasi saat memilih hypervisor untuk penerapan OpenStack: * Has the "
"hypervisor undergone Common Criteria certification? If so, to what levels? "
"* Apakah kriptografi yang mendasari disertifikasi oleh pihak ketiga?"
msgid ""
"Additionally, when combined with a version control system such as Git or "
"SVN, you can track changes to your environment over time and re-mediate "
"unauthorized changes that may occur. For example, a ``nova.conf`` file or "
"other configuration file falls out of compliance with your standard, your "
"configuration management tool can revert or replace the file and bring your "
"configuration back into a known state. Finally a configuration management "
"tool can also be used to deploy updates; simplifying the security patch "
"process. These tools have a broad range of capabilities that are useful in "
"this space. The key point for securing your cloud is to choose a tool for "
"configuration management and use it."
msgstr ""
"Selain itu, bila digabungkan dengan sistem kontrol versi seperti Git atau "
"SVN, Anda dapat melacak perubahan pada lingkungan Anda dari waktu ke waktu "
"dan memediasi kembali perubahan yang tidak sah yang mungkin terjadi. "
"Misalnya, file ``nova.conf`` atau file konfigurasi lainnya tidak sesuai "
"dengan standar Anda, alat manajemen konfigurasi Anda dapat mengembalikan "
"atau mengganti file dan membawa konfigurasi Anda kembali ke keadaan yang "
"sudah diketahui. Akhirnya alat manajemen konfigurasi juga bisa digunakan "
"untuk menyebarkan update; menyederhanakan proses patch keamanan. Alat ini "
"memiliki berbagai kemampuan yang berguna di ruang ini. Titik kunci untuk "
"mengamankan awan Anda adalah memilih alat untuk pengelolaan konfigurasi dan "
"menggunakannya."
msgid "Address Space Layout Randomization (ASLR)"
msgstr "Address Space Layout Randomization (ASLR)"
msgid ""
"Adds a set of rules to map Federation protocol attributes to Identity API "
"objects. An Identity Provider has exactly one mapping specified per protocol."
msgstr ""
"Menambahkan seperangkat aturan untuk memetakan atribut protokol Federasi ke "
"objek Identity API. Identity Provider memiliki tepat satu pemetaan yang "
"ditentukan per protokol."
msgid "Administrative users"
msgstr "Pengguna administratif"
msgid ""
"Administrators can enable instance signature verification by setting the "
"``verify_glance_signatures`` flag to ``True`` in the ``/etc/nova/nova.conf`` "
"file. When enabled, the Compute service automatically validates the signed "
"instance when it is retrieved from the Image service. If this verification "
"fails, the boot won't occur. The OpenStack Operations Guide provides "
"guidance on how to create and upload a signed image, and how to use this "
"feature. For more information, see `Adding Signed Images <https://docs."
"openstack.org/operations-guide/ops-user-facing-operations.html#adding-signed-"
"images>`_ in the Operations Guide."
msgstr ""
"Administrator dapat mengaktifkan verifikasi instance signature dengan "
"mengatur flag ``verify_glance_signatures`` ke ``True`` dalam file ``/etc/"
"nova/nova.conf``. Saat diaktifkan, layanan Compute secara otomatis "
"memvalidasi instance yang ditandatangani ketika diambil dari layanan Image. "
"Jika verifikasi ini gagal, boot tidak akan terjadi. OpenStack Operations "
"Guide memberikan panduan tentang cara membuat dan mengunggah image yang "
"ditandatangani, dan cara menggunakan fitur ini. Untuk informasi lebih "
"lanjut, lihat`Adding Signed Images <https://docs.openstack.org/operations-"
"guide/ops-user-facing-operations.html#adding-signed-images>`_ di Operations "
"Guide."
msgid ""
"Administrators care about security services: they configure the server side "
"of such security services."
msgstr ""
"Administrator peduli dengan layanan keamanan: mereka mengkonfigurasi sisi "
"server dari layanan keamanan semacam itu."
msgid ""
"Administrators must perform command and control over the cloud for various "
"operational functions. It is important these command and control facilities "
"are understood and secured."
msgstr ""
"Administrator harus melakukan perintah dan kontrol atas awan untuk berbagai "
"fungsi operasional. Penting agar fasilitas komando dan kontrol ini dipahami "
"dan dijamin."
msgid ""
"After a share network is created, the Shared File Systems service retrieves "
"network information determined by a network provider: network type, "
"segmentation identifier if the network uses segmentation and IP block in "
"CIDR notation from which to allocate the network."
msgstr ""
"Setelah jaringan berbagi dibuat, layanan Shared File Systems mengambil "
"informasi jaringan yang ditentukan oleh penyedia jaringan: jenis jaringan, "
"identifikasi segmentasi jika jaringan menggunakan segmentasi dan blok IP "
"dalam nota CIDR untuk mengalokasikan jaringan."
msgid ""
"After completing these initial certifications, the remaining certifications "
"are more deployment specific. For example, clouds processing credit card "
"transactions will need PCI-DSS, clouds storing health care information "
"require HIPAA, and clouds within the federal government may require FedRAMP/"
"FISMA, and ITAR, certifications."
msgstr ""
"Setelah menyelesaikan sertifikasi awal ini, sisa sertifikasi lebih spesifik. "
"Misalnya, pemrosesan transaksi kartu kredit cloud memerlukan PCI-DSS, cloud "
"yang menyimpan informasi perawatan kesehatan memerlukan HIPAA, dan cloud di "
"dalam pemerintah federal mungkin memerlukan sertifikasi FedRAMP / FISMA, dan "
"ITAR."
msgid ""
"After creating a share and getting its export location, users have no "
"permissions to mount it and operate with files. The Shared File System "
"service requires to explicitly grant access to the new share."
msgstr ""
"Setelah membuat bagian dan mendapatkan lokasi ekspornya, pengguna tidak "
"memiliki izin untuk memasangnya dan mengoperasikannya dengan file. Layanan "
"Shared File System mengharuskan untuk secara eksplisit memberikan akses ke "
"bagian baru."
msgid ""
"After the rule has status ``active`` we can connect to the ``10.254.0.3`` "
"host again and check the ``/etc/exports`` file and see that the line with "
"rule was added:"
msgstr ""
"Setelah aturan memiliki status ``active`` kita dapat terhubung ke host "
"``10.254.0.3`` lagi dan memeriksa file ``/etc/exports`` dan melihat bahwa "
"baris dengan aturan telah ditambahkan:"
msgid ""
"After you are notified of a security update, the next step is to determine "
"how critical this update is to a given cloud deployment. In this case, it is "
"useful to have a pre-defined policy. Existing vulnerability rating systems "
"such as the common vulnerability scoring system (CVSS) v2 do not properly "
"account for cloud deployments."
msgstr ""
"Setelah diberi tahu tentang pembaruan keamanan, langkah selanjutnya adalah "
"menentukan seberapa kritis pembaruan ini terhadap penerapan awan yang "
"diberikan. Dalam kasus ini, berguna untuk memiliki kebijakan yang telah "
"ditentukan sebelumnya. Sistem pemeringkatan kerentanan yang ada seperti "
"common vulnerability scoring system (CVSS) v2 tidak memperhitungkan "
"penyebaran awan dengan baik."
msgid "Algorithm"
msgstr "Algoritma"
msgid ""
"Aligning the information system with in-scope standards and regulations "
"involves internal tasks which must be conducted before a formal assessment. "
"Auditors may be involved at this state to conduct gap analysis, provide "
"guidance, and increase the likelihood of successful certification."
msgstr ""
"Menyelaraskan sistem informasi dengan standar dan peraturan di dalam lingkup "
"melibatkan tugas internal yang harus dilakukan sebelum penilaian formal. "
"Auditor mungkin dilibatkan dalam keadaan ini untuk melakukan analisis gap, "
"memberikan panduan, dan meningkatkan kemungkinan sertifikasi yang berhasil."
msgid ""
"All SSH daemons have private host keys and, upon connection, offer a host "
"key fingerprint. This host key fingerprint is the hash of an unsigned public "
"key. It is important these host key fingerprints are known in advance of "
"making SSH connections to those hosts. Verification of host key fingerprints "
"is instrumental in detecting man-in-the-middle attacks."
msgstr ""
"Semua daemon SSH memiliki private host key dan, setelah koneksi, tawarkan "
"host key fingerprint. Host key fingerprint. ini adalah hash dari public key "
"yang tidak ditandai. Pentingnya host key fingerprint ini diketahui sebelum "
"membuat koneksi SSH ke host tersebut. Verifikasi host key fingerprint sangat "
"berperan dalam mendeteksi serangan man-in-the-middle."
msgid ""
"All bugs, OSSAs and OSSNs are publicly disseminated through the openstack-"
"discuss mailing list with the [security] topic in the subject line. We "
"recommend subscribing to this list as well as mail filtering rules that "
"ensure OSSNs, OSSAs, and other important advisories are not missed. The "
"openstack-discuss mailinglist is managed through `http://lists.openstack.org/"
"cgi-bin/mailman/listinfo/openstack-discuss <http://lists.openstack.org/cgi-"
"bin/mailman/listinfo/openstack-discuss>`_. The openstack-discuss uses tags "
"as defined in the `Project Team Guide <https://docs.openstack.org/project-"
"team-guide/open-community.html#mailing-lists>`_."
msgstr ""
"Semua bug, OSSA, dan OSSN disebarluaskan kepada publik melalui mailing list "
"openstack-mendiskusikan dengan topik [security] di baris subjek. Kami "
"menyarankan untuk berlangganan list ini serta aturan penyaringan surat yang "
"memastikan OSSN, OSSA, dan nasihat penting lainnya tidak dilewatkan. Milis "
"openstack-mendiskusikan dikelola melalui`http://lists.openstack.org/cgi-bin/"
"mailman/listinfo/openstack-discuss <http://lists.openstack.org/cgi-bin/"
"mailman/listinfo/openstack-discuss>`_. The openstack-discuss menggunakan tag "
"seperti yang didefinisikan dalam `Project Team Guide <https://docs.openstack."
"org/project-team-guide/open-community.html#mailing-lists>`_."
msgid ""
"All bugs, OSSAs and OSSNs are publicly disseminated through the openstack-"
"discuss mailinglist with the [security] topic in the subject line. We "
"recommend subscribing to this list as well as mail filtering rules that "
"ensure OSSNs, OSSAs, and other important advisories are not missed. The "
"openstack-discuss mailinglist is managed through `OpenStack Development "
"Mailing List <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-"
"discuss>`_. The openstack-discuss uses tags as defined in the `Project Team "
"Guide <https://docs.openstack.org/project-team-guide/open-community."
"html#mailing-lists>`_."
msgstr ""
"Semua bug, OSSA dan OSSN disebarluaskan kepada publik melalui mailinglist "
"openstack-discuss dengan topik [security] di baris subjek. Kami menyarankan "
"untuk berlangganan mailinglist ini serta aturan penyaringan mail yang "
"memastikan OSSN, OSSA, dan nasihat penting lainnya tidak dilewatkan. Milis "
"openstack-discuss dikelola melalui `OpenStack Development Mailing List "
"<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss>` _. "
"The openstack-discuss menggunakan tag sebagaimana didefinisikan dalam "
"`Project Team Guide <https://docs.openstack.org/project-team-guide/open-"
"community.html#mailing-lists>` _."
msgid "All custom user metadata names"
msgstr "All custom user metadata names"
msgid ""
"All custom user object metadata values. For example, metadata sent using ``X-"
"Object-Meta-`` prefixed headers with PUT or POST requests"
msgstr ""
"Semua nilai metadata objek pengguna khusus. Misalnya, metadata dikirim "
"menggunakan header header ``X-Object-Meta-`` yang diawali dengan permintaan "
"PUT atau POST"
msgid "All database communications be isolated to a management network"
msgstr "Semua komunikasi database diisolasi ke jaringan manajemen"
msgid ""
"All domains should be secured with TLS, including the management domain "
"services and intra-service communications. TLS provides the mechanisms to "
"ensure authentication, non-repudiation, confidentiality, and integrity of "
"user communications to the OpenStack services and between the OpenStack "
"services themselves."
msgstr ""
"Semua domain harus diamankan dengan TLS, termasuk layanan domain manajemen "
"dan komunikasi intra-layanan. TLS menyediakan mekanisme untuk memastikan "
"otentikasi, non-penolakan, kerahasiaan, dan integritas komunikasi pengguna "
"terhadap layanan OpenStack dan antara layanan OpenStack itu sendiri."
msgid "All entry points into a system"
msgstr "Semua titik masuk (entry point) masuk ke sistem"
msgid ""
"All of the above are valid concerns, but none of them prevent SSL/TLS from "
"being used on the management network. Let's consider the next deployment "
"model."
msgstr ""
"Semua hal di atas adalah masalah yang valid, namun tidak ada satupun yang "
"mencegah SSL/TLS digunakan pada jaringan manajemen. Mari pertimbangkan model "
"penerapan berikutnya."
msgid ""
"All of the services within an OpenStack project access a single database. "
"There are presently no reference policies for creating table or row based "
"access restrictions to the database."
msgstr ""
"Semua layanan dalam proyek OpenStack mengakses database tunggal. Saat ini "
"tidak ada kebijakan referensi untuk membuat batasan akses berbasis tabel "
"atau baris ke database."
msgid ""
"All share drivers that use the OpenStack Compute service do not use network "
"plug-ins. In Mitaka release it is Windows and Generic drivers. These share "
"drives have other options and use different approach."
msgstr ""
"Semua driver share yang menggunakan layanan OpenStack Compute tidak "
"menggunakan plug-in jaringan. Di Mitaka rilis itu adalah driver Windows dan "
"Generic. Drive berbagi ini memiliki pilihan lain dan menggunakan pendekatan "
"yang berbeda."
msgid "Allow confined virtual guests to interact with the sanlock."
msgstr "Biarkan virtual gues terbatas untuk berinteraksi dengan sanlock."
msgid "Allow virt to manage CIFS mounted files."
msgstr "Izinkan virt untuk mengelola file yang dipasang CIFS."
msgid "Allow virt to manage NFS mounted files."
msgstr "Izinkan virt untuk mengelola file yang dipasang NFS."
msgid "Allow virt to manage device configuration (PCI)."
msgstr "Izinkan virt untuk mengatur konfigurasi perangkat (PCI)."
msgid "Allow virt to read FUSE mounted files."
msgstr "Izinkan virt untuk membaca file yang dipasang FUSE."
msgid "Allow virt to use USB devices."
msgstr "Izinkan virt untuk menggunakan perangkat USB."
msgid "Allow virt to use serial or parallel communication ports."
msgstr "Izinkan virt untuk menggunakan port komunikasi serial atau paralel."
msgid "Allow virtual machine to interact with the X Window System."
msgstr "Biarkan mesin virtual berinteraksi dengan X Window System."
msgid "Allowed hosts"
msgstr "Host yang diizinkan"
msgid "Allows a regular expression to validate user password complexity."
msgstr ""
"Mengizinkan ekspresi reguler untuk memvalidasi kompleksitas kata sandi "
"pengguna."
msgid ""
"Allows a user to authenticate with the Identity service to exchange the :"
"term:`unscoped token` for a :term:`scoped token`, by providing a project ID "
"or a domain ID."
msgstr ""
"Memungkinkan pengguna untuk melakukan otentikasi dengan layanan Identity "
"untuk pertukaran :term:`unscoped token` untuk :term:`scoped token`, dengan "
"menyediakan ID proyek atau ID domain."
msgid ""
"Allows a user to use all OpenStack services apart from the Identity service."
msgstr ""
"Memungkinkan pengguna untuk menggunakan semua layanan OpenStack selain dari "
"layanan Identity."
msgid "Allows secure login to nodes and guest VMs"
msgstr "Mengizinkan login yang aman ke node dan VM tamu"
msgid ""
"Also known as Data Execution Prevention (DEP), ensures that data sections of "
"the executable can not be executed."
msgstr ""
"Juga dikenal sebagai Data Execution Prevention (DEP), memastikan bahwa "
"bagian data executable tidak dapat dijalankan."
msgid ""
"Also of note is the Identity service. Users of the Data processing service "
"will need appropriate roles in their projects to allow the provisioning of "
"instances for their clusters. Installations that use the proxy domain "
"configuration require special consideration. See :ref:`data-processing-proxy-"
"domains`. Specifically, the Data processing service will need the ability to "
"create users within the proxy domain."
msgstr ""
"Yang juga diperhatikan adalah layanan Identitas. Pengguna layanan pengolahan "
"data memerlukan peran yang sesuai dalam proyek mereka untuk memungkinkan "
"penyediaan instance untuk cluster mereka. Instalasi yang menggunakan "
"konfigurasi domain proxy memerlukan pertimbangan khusus. Lihat :ref:`data-"
"processing-proxy-domains`. Secara khusus, layanan pengolahan data memerlukan "
"kemampuan untuk membuat pengguna dalam domain proxy."
msgid ""
"Alternate measures to provide data privacy, in the creation and destruction "
"of ephemeral storage, will be somewhat dependent on the chosen hypervisor "
"and the OpenStack Compute plug-in."
msgstr ""
"Langkah alternatif untuk memberikan privasi data, dalam penciptaan dan "
"penghancuran penyimpanan sementara, akan tergantung pada hypervisor yang "
"dipilih dan plug-in OpenStack Compute."
msgid ""
"Although SPICE has many advantages over VNC, the spice-html5 browser "
"integration currently does not allow administrators to take advantage of the "
"benefits. To take advantage of SPICE features like multi-monitor, USB pass "
"through, we recommend administrators use a standalone SPICE client within "
"the management network."
msgstr ""
"Meski SPICE memiliki banyak kelebihan dibanding VNC, integrasi browser spice-"
"html5 saat ini tidak memungkinkan administrator memanfaatkan keuntungannya. "
"Untuk memanfaatkan fitur SPICE seperti multi-monitor, melewati USB, "
"sebaiknya administrator menggunakan klien SPICE mandiri di dalam jaringan "
"manajemen."
msgid ""
"Although we recommend using the OpenStack Volume Encryption feature, Block "
"Storage supports a large variety of alternative back-ends for supplying "
"mountable volumes, and some of these may also provide volume encryption. "
"Since there are so many `back-ends <https://docs.openstack.org/cinder/latest/"
"drivers.html>`_, and since information from each vendor must be obtained, it "
"is outside the scope of this guide to specify recommendations for "
"implementing encryption in any of them."
msgstr ""
"Meskipun kami merekomendasikan penggunaan fitur OpenStack Volume Encryption, "
"Block Storage mendukung beragam alternatif back-end untuk memasok volume "
"mountable, dan beberapa di antaranya juga menyediakan enkripsi volume. "
"Karena ada begitu banyak `back-ends <https://docs.openstack.org/cinder/"
"latest/drivers.html>`_, dan karena informasi dari masing-masing vendor harus "
"diperoleh, di luar ruang lingkup panduan ini untuk menentukan rekomendasi "
"untuk menerapkan enkripsi di dalamnya."
msgid ""
"Although you may desire to break these domains down further (we later "
"discuss where this may be appropriate), we generally refer to four distinct "
"security domains which form the bare minimum that is required to deploy any "
"OpenStack cloud securely. These security domains are:"
msgstr ""
"Meskipun Anda mungkin ingin memecah domain ini lebih jauh (kami kemudian "
"membahas di mana hal ini mungkin sesuai), biasanya kami mengacu pada empat "
"domain keamanan yang berbeda yang membentuk standar minimum yang diperlukan "
"untuk menyebarkan awan OpenStack dengan aman. Domain keamanan ini adalah:"
msgid "An IP address or host name of a security service."
msgstr "Alamat IP atau nama host dari sebuah layanan keamanan."
msgid ""
"An Information Security Management System (ISMS) is a comprehensive set of "
"policies and processes that an organization creates and maintains to manage "
"risk to information assets. The most common ISMS for cloud deployments is "
"`ISO/IEC 27001/2 <http://www.27000.org/iso-27001.htm>`_, which creates a "
"solid foundation of security controls and practices for achieving more "
"stringent compliance certifications. This standard was updated in 2013 to "
"reflect the growing use of cloud services and places more emphasis on "
"measuring and evaluating how well an organization's ISMS is performing."
msgstr ""
"An Information Security Management System (ISMS) adalah seperangkat "
"kebijakan dan proses yang komprehensif yang diciptakan dan dikelola oleh "
"sebuah organisasi untuk mengelola risiko terhadap aset informasi. ISMS yang "
"paling umum untuk pengerahan awan adalah `ISO/IEC 27001/2 <http://www.27000."
"org/iso-27001.htm>`_, yang menciptakan fondasi yang kuat dari kontrol "
"keamanan dan praktik untuk mencapai sertifikasi kepatuhan yang lebih ketat. "
"Standar ini diperbarui pada tahun 2013 untuk mencerminkan meningkatnya "
"penggunaan layanan awan dan tempat-tempat yang lebih menekankan pada "
"pengukuran dan evaluasi seberapa baik kinerja ISMS organisasi."
msgid ""
"An Object Storage account is not a user account or credential. The following "
"explains the relations:"
msgstr ""
"Akun Object Storage bukanlah akun pengguna atau kredensial. Berikut ini "
"menjelaskan hubungan:"
msgid ""
"An Object Storage installation does not have to be on the Internet and could "
"also be a private cloud with the public switch a part of the organization's "
"internal network infrastructure."
msgstr ""
"Instalasi Object Storage tidak harus ada di Internet dan juga bisa menjadi "
"awan private dengan tombol publik sebagai bagian dari infrastruktur jaringan "
"internal organisasi."
msgid ""
"An OpenStack deployment may require compliance activities for many purposes, "
"such as regulatory and legal requirements, customer need, privacy "
"considerations, and security best practices. The Compliance function is "
"important for the business and its customers. Compliance means adhering to "
"regulations, specifications, standards and laws. It is also used when "
"describing an organizations status regarding assessments, audits, and "
"certifications. Compliance, when done correctly, unifies and strengthens the "
"other security topics discussed in this guide."
msgstr ""
"Penyebaran OpenStack mungkin memerlukan aktivitas kepatuhan untuk berbagai "
"tujuan, seperti persyaratan peraturan dan hukum, kebutuhan pelanggan, "
"pertimbangan privasi, dan praktik terbaik keamanan. Fungsi Kepatuhan penting "
"bagi bisnis dan pelanggannya. Kepatuhan berarti mematuhi peraturan, "
"spesifikasi, standar dan undang-undang. Ini juga digunakan saat "
"menggambarkan status organisasi mengenai penilaian, audit, dan sertifikasi. "
"Kepatuhan, bila dilakukan dengan benar, menyatukan dan memperkuat topik "
"keamanan lainnya yang dibahas dalam panduan ini."
msgid ""
"An OpenStack deployment will likely need to demonstrate compliance with an "
"organization's Privacy Policy, with the U.S.-E.U. Safe Harbor framework, the "
"ISO/IEC 29100:2011 privacy framework or with other privacy-specific "
"guidelines. In the U.S. the AICPA has `defined 10 privacy areas of focus "
"<http://www.aicpa.org/interestareas/informationtechnology/resources/privacy/"
"generallyacceptedprivacyprinciples/>`_, OpenStack deployments within a "
"commercial environment may desire to attest to some or all of these "
"principles."
msgstr ""
"Penyebaran OpenStack kemungkinan akan perlu menunjukkan kepatuhan terhadap "
"Privacy Policy organisasi, dengan A.S.-E.U. Kerangka kerja Safe Harbor, "
"kerangka privasi ISO/IEC 29100: 2011 atau dengan pedoman khusus privasi "
"lainnya. Di A.S., AICPA memiliki `defined 10 privacy areas of focus <http://"
"www.aicpa.org/interestareas/informationtechnology/resources/privacy/"
"generallyacceptedprivacyprinciples/>`_, Penyebaran OpenStack dalam "
"lingkungan komersial mungkin ingin membuktikan beberapa atau semua prinsip "
"ini."
msgid ""
"An administrator and users as share owners can manage the :ref:`access to "
"the shares <shared_fs_share_acl>` by creating access rules with "
"authentication though an IP address, user, group, or TLS certificates. "
"Authentication methods depend on which share driver and security service you "
"configure and use."
msgstr ""
"Administrator dan pengguna sebagai pemilik share dapat mengelola :ref:"
"`access to the shares <shared_fs_share_acl>` dengan membuat aturan akses "
"dengan otentikasi meskipun sertifikat alamat IP, pengguna, grup, atau TLS. "
"Metode otentikasi bergantung pada share driver dan layanan keamanan yang "
"Anda konfigurasikan dan gunakan."
msgid ""
"An administrator can create and delete share types, and also manage extra "
"specifications that give them meaning inside the Shared File Systems "
"service. Tenants can list the share types and can use them to create new "
"shares. For details of managing the share types, see `Shared File Systems "
"API <https://developer.openstack.org/api-ref-share-v2.html#share-type>`_ and "
"`Share types managing <https://docs.openstack.org/admin-guide/"
"shared_file_systems_share_types.html>`_ documentation."
msgstr ""
"Administrator dapat membuat dan menghapus jenis share, dan juga mengelola "
"spesifikasi tambahan yang memberi arti di dalam layanan Shared File Systems. "
"Penyewa dapat mencantumkan jenis share dan dapat menggunakannya untuk "
"membuat share baru. Untuk detail mengelola jenis share, lihat `Shared File "
"Systems API <https://developer.openstack.org/api-ref-share-v2.html#share-"
"type>`_ dan dokumentasi `Share types managing <https://docs.openstack.org/"
"admin-guide/shared_file_systems_share_types.html>`_."
msgid ""
"An administrator rather than a share driver manages the bare metal storage "
"with some net interface insteadof the presence of the share servers."
msgstr ""
"Administrator bukannya share driver mengelola penyimpanan bare metal dengan "
"beberapa net interface bukannya keberadaan share server."
msgid "An agreed set of findings and/or defects"
msgstr "Kumpulan temuan dan/atau cacat yang disepakati"
msgid ""
"An audit has four distinct phases, though most stakeholders and control "
"owners will only participate in one or two. The four phases are Planning, "
"Fieldwork, Reporting and Wrap-up. Each of these phases is discussed below."
msgstr ""
"Audit memiliki empat tahap yang berbeda, walaupun sebagian besar pemangku "
"kepentingan dan pemilik kontrol hanya akan berpartisipasi dalam satu atau "
"dua. Keempat tahapan tersebut adalah Planning, Fieldwork, Reporting and Wrap-"
"up. Masing-masing tahap ini dibahas di bawah ini."
msgid ""
"An authoritative list of software components may be critical when assessing "
"the impact of a compromise or vulnerability in a library, application or "
"class of software."
msgstr ""
"Daftar komponen perangkat lunak yang otoritatif mungkin penting saat menilai "
"dampak kompromi atau kerentanan di perpustakaan, aplikasi atau kelas "
"perangkat lunak."
msgid ""
"An encrypted tunnel is created between libvirtd processes on both source and "
"destination hosts."
msgstr ""
"Terowongan terenkripsi dibuat antara proses libvirtd pada host sumber dan "
"tujuan."
msgid ""
"An ephemeral disk encryption feature addresses data privacy. The ephemeral "
"disk is a temporary work space used by the virtual host operating system. "
"Without encryption, sensitive user information could be accessed on this "
"disk, and vestigial information could remain after the disk is unmounted. As "
"of the Kilo release, the following ephemeral disk encryption features are "
"supported:"
msgstr ""
"Fitur enkripsi disk fana (singkat) membahas privasi data. Disk fana adalah "
"ruang kerja sementara yang digunakan oleh sistem operasi virtual host. Tanpa "
"enkripsi, informasi pengguna yang sensitif dapat diakses pada disk ini, dan "
"informasi sisa bisa tetap ada setelah disk tidak terpasang. Pada rilis Kilo, "
"fitur enkripsi disk darurat berikut didukung:"
msgid ""
"An example diagram from the OpenStack Object Storage Administration Guide "
"(2013)"
msgstr ""
"Diagram contoh dari OpenStack Object Storage Administration Guide (2013)"
msgid ""
"An example of those secrets that require keystone authentication are "
"passwords and keys owned by specific projects. These include, for instance, "
"encryption keys for a project's encrypted cinder volumes or signing keys for "
"a project's glance images."
msgstr ""
"Contoh dari rahasia yang memerlukan otentikasi keystone adalah password dan "
"kunci yang dimiliki oleh proyek tertentu. Ini termasuk, misalnya, kunci "
"enkripsi untuk volume cinder terenkripsi proyek atau signing key untuk "
"glance image proyek."
msgid ""
"An exception process is an important component of an ISMS. When certain "
"actions are not compliant with security policies that an organization has "
"defined, they must be logged. Appropriate justification, description and "
"mitigation details need to be included, and signed off by appropriate "
"authorities. OpenStack default configurations may vary in meeting various "
"compliance criteria, areas that fail to meet compliance requirements should "
"be logged, with potential fixes considered for contribution to the community."
msgstr ""
"Proses pengecualian adalah komponen penting dari ISMS. Bila tindakan "
"tertentu tidak sesuai dengan kebijakan keamanan yang ditetapkan organisasi, "
"mereka harus masuk log. Pembenaran yang tepat, deskripsi dan rincian "
"mitigasi perlu disertakan, dan ditandatangani oleh pihak berwenang yang "
"pantas. Konfigurasi default OpenStack dapat bervariasi dalam memenuhi "
"berbagai kriteria kepatuhan, area yang gagal memenuhi persyaratan kepatuhan "
"harus dicatat, dengan potensi perbaikan dianggap sebagai kontribusi bagi "
"masyarakat."
msgid ""
"An existing security service entity can be associated with share network "
"entities that inform the Shared File Systems service about security and "
"network configuration for a group of shares. You can also see the list of "
"all security services for a specified share network and disassociate them "
"from a share network."
msgstr ""
"Entitas layanan keamanan yang ada dapat dikaitkan dengan entitas jaringan "
"share yang menginformasikan layanan Shared File Systems tentang keamanan dan "
"konfigurasi jaringan untuk sekelompok share. Anda juga dapat melihat daftar "
"semua layanan keamanan untuk jaringan share tertentu dan melepaskannya dari "
"jaringan share."
msgid ""
"An optional system to which a CA delegates certain management functions, "
"this includes functions such as, authentication of end entities before they "
"are issued a certificate by a CA."
msgstr ""
"Sistem opsional dimana CA mendelegasikan fungsi manajemen tertentu, ini "
"mencakup fungsi seperti, otentikasi entitas akhir sebelum dikeluarkan "
"sertifikat oleh CA."
msgid ""
"An optional system to which a CA delegates the publication of certificate "
"revocation lists."
msgstr ""
"Sistem opsional dimana CA mendelegasikan publikasi daftar pencabutan "
"sertifikat."
msgid "An overview of all services running within the cloud infrastructure."
msgstr "Ikhtisar semua layanan yang berjalan di dalam infrastruktur awan."
msgid ""
"Andrew Hay is the Director of Applied Security Research at CloudPassage, "
"Inc. where he leads the security research efforts for the company and its "
"server security products purpose-built for dynamic public, private, and "
"hybrid cloud hosting environments."
msgstr ""
"Andrew Hay adalah Direktur Applied Security Research di CloudPassage, Inc. "
"di mana dia memimpin upaya penelitian keamanan untuk perusahaan dan produk "
"keamanan server yang dibuat khusus untuk lingkungan hosting awan publik, "
"private, dan hibrida yang dinamis."
msgid ""
"Annual, role-specific, security training is a mandatory requirement for "
"almost all compliance certifications and attestations. To optimize the "
"effectiveness of security training, a common method is to provide role "
"specific training, for example to developers, operational personnel, and non-"
"technical employees. Additional cloud security or OpenStack security "
"training based on this hardening guide would be ideal."
msgstr ""
"Pelatihan keamanan ,role-specific, tahunan adalah persyaratan wajib untuk "
"hampir semua sertifikasi kepatuhan dan pengesahan. Untuk mengoptimalkan "
"efektivitas pelatihan keamanan, metode yang umum adalah memberikan pelatihan "
"khusus peran, misalnya kepada pengembang, personil operasional, dan pegawai "
"non-teknis. Keamanan awan tambahan atau pelatihan keamanan OpenStack "
"berdasarkan panduan pengerasan ini akan ideal."
msgid "Another as a private interface with access to the storage nodes."
msgstr "Lain sebagai antarmuka pribadi dengan akses ke node penyimpanan."
msgid ""
"Another feature in OpenStack Networking is Load-Balancer-as-a-service "
"(LBaaS). The LBaaS reference implementation is based on HA-Proxy. There are "
"third-party plug-ins in development for extensions in OpenStack Networking "
"to provide extensive L4-L7 functionality for virtual interface ports."
msgstr ""
"Fitur lain di OpenStack Networking adalah Load-Balancer-as-a-service "
"(LBaaS). Implementasi referensi LBaaS didasarkan pada HA-Proxy. Ada plug-in "
"pihak ketiga dalam pengembangan untuk ekstensi di OpenStack Networking untuk "
"menyediakan fungsionalitas L4-L7 yang luas untuk port antarmuka virtual."
msgid ""
"Another thing to look into when selecting a hypervisor platform is the "
"availability of specific security features. In particular, features. For "
"example, Xen Server's XSM or Xen Security Modules, sVirt, Intel TXT, or "
"AppArmor."
msgstr ""
"Hal lain yang perlu diperhatikan saat memilih platform hypervisor adalah "
"tersedianya fitur keamanan tertentu. Secara khusus, fitur. Misalnya, Xen "
"Server XSM atau Xen Security Modules, sVirt, Intel TXT, atau AppArmor."
msgid "Ansible"
msgstr "Ansible"
msgid ""
"Any changes to ``/etc/manila/policy.json`` are effective immediately, which "
"allows new policies to be implemented while the Shared File Systems service "
"is running. Manual modification of the policy can have unexpected side "
"effects and is not encouraged. For details, see `The policy.json file "
"<https://docs.openstack.org/ocata/config-reference/policy-json-file.html>`_."
msgstr ""
"Setiap perubahan pada ``/etc/manila/policy.json`` berlaku efektif, yang "
"memungkinkan kebijakan baru diterapkan sementara layanan Shared File Systems "
"berjalan. Modifikasi manual dari kebijakan tersebut dapat menimbulkan efek "
"samping yang tidak diharapkan dan tidak dianjurkan. Untuk detailnya, lihat "
"`The policy.json file <https://docs.openstack.org/ocata/config-reference/"
"policy-json-file.html>`_."
msgid "Any data assets in transit across that interface"
msgstr "Aset data apa pun yang transit di antarmuka itu"
msgid ""
"Any data or metadata not included in the list above are not encrypted, "
"including:"
msgstr ""
"Data atau metadata yang tidak termasuk dalam daftar di atas tidak "
"dienkripsi, termasuk:"
msgid ""
"Any domains without a domain-specific configuration file will use options in "
"the primary ``keystone.conf`` file."
msgstr ""
"Setiap domain tanpa file konfigurasi domain-specific akan menggunakan opsi "
"di file `keystone.conf`` utama."
msgid "Apache"
msgstr "Apache"
msgid "AppArmor"
msgstr "AppArmor"
msgid ""
"AppArmor profiles for OpenStack services do not currently exist, but the "
"OpenStack-Ansible project handles this by `applying AppArmor profiles to "
"each container`_ that runs an OpenStack service."
msgstr ""
"Profil AppArmor untuk layanan OpenStack saat ini tidak ada, namun proyek "
"OpenStack-Ansible menangani hal ini dengan `applying AppArmor profiles to "
"each container`_ yang menjalankan layanan OpenStack."
msgid ""
"AppArmor.net, AppArmor Main Page. 2011. `http://wiki.apparmor.net/index.php/"
"Main_Page <http://wiki.apparmor.net/index.php/Main_Page>`_"
msgstr ""
"AppArmor.net, AppArmor Main Page. 2011. `http://wiki.apparmor.net/index.php/"
"Main_Page <http://wiki.apparmor.net/index.php/Main_Page>`_"
msgid "Appendix"
msgstr "Lampiran"
msgid ""
"Application events such as start or stop events that were unscheduled would "
"also be events to monitor and examine for possible security implications."
msgstr ""
"Event aplikasi seperti memulai atau menghentikan event yang tidak terjadwal "
"juga merupakan event untuk memantau dan memeriksa kemungkinan implikasi "
"keamanan."
msgid ""
"Applications store and retrieve data in Object Storage via an industry-"
"standard HTTP RESTful API. Back end components of Object Storage follow the "
"same RESTful model, although some APIs, such as those managing durability, "
"are kept private to the cluster. For more details on the API see the "
"`OpenStack Storage API <https://developer.openstack.org/api-ref/object-"
"storage/>`_."
msgstr ""
"Aplikasi menyimpan dan mengambil data di Object Storage melalui industry-"
"standard HTTP RESTful API. Komponen back end dari Object Storage mengikuti "
"model RESTful yang sama, meskipun beberapa API, seperti yang mengatur daya "
"tahan, dijaga tetap tertutup oleh cluster. Untuk detail lebih lanjut tentang "
"API lihat `OpenStack Storage API <https://developer.openstack.org/api-ref/"
"object-storage/>`_."
msgid ""
"Apply checks :ref:`check_shared_fs_01` and :ref:`check_shared_fs_02` from "
"the checklist to verify that permissions are set properly."
msgstr ""
"Terapkan cek :ref:`check_shared_fs_01` dan :ref:`check_shared_fs_02` dari "
"checklist untuk memverifikasi bahwa izin ditetapkan dengan benar."
msgid ""
"Appropriate logging is implemented to monitor for unauthorized use, incident "
"response and forensics. We highly recommend selected audit subsystems be "
"Common Criteria certified, which provides non-attestable event records in "
"most countries."
msgstr ""
"Logging yang tepat diimplementasikan untuk memantau penggunaan yang tidak "
"sah, respon kejadian dan forensik. Kami sangat merekomendasikan subsistem "
"audit terpilih menjadi Common Criteria yang disertifikasi, yang menyediakan "
"rekaman acara yang tidak dapat dikesampingkan (non-attestable) di sebagian "
"besar negara."
msgid "Architecture"
msgstr "Arsitektur"
msgid "Architecture diagram"
msgstr "Diagram arsitektur"
msgid "Architecture page guidance"
msgstr "Panduan halaman arsitektur"
msgid ""
"Artho, Yagi, Iijima, Kuniyasu Suzaki. Memory Deduplication as a Threat to "
"the Guest OS. 2011. `https://staff.aist.go.jp/c.artho/papers/EuroSec2011-"
"suzaki.pdf <https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf>`_"
msgstr ""
"Artho, Yagi, Iijima, Kuniyasu Suzaki. Memory Deduplication sebagai Threat "
"bagi Guest OS. 2011. `https://staff.aist.go.jp/c.artho/papers/EuroSec2011-"
"suzaki.pdf <https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf>`_"
msgid ""
"As OpenStack adoption continues to grow and the product matures, security "
"has become a priority. The OpenStack Security Group has recognized the need "
"for a comprehensive and authoritative security guide. The **OpenStack "
"Security Guide** has been written to provide an overview of security best "
"practices, guidelines, and recommendations for increasing the security of an "
"OpenStack deployment. The authors bring their expertise from deploying and "
"securing OpenStack in a variety of environments."
msgstr ""
"Seiring adopsi OpenStack terus berkembang dan produknya akan matang, "
"keamanan menjadi prioritas. Grup Keamanan OpenStack telah mengenali "
"kebutuhan akan panduan keamanan komprehensif dan berwibawa. **OpenStack "
"Security Guide** telah ditulis untuk memberikan gambaran umum tentang "
"praktik terbaik keamanan, pedoman, dan rekomendasi untuk meningkatkan "
"keamanan penerapan OpenStack. Penulis membawa keahlian mereka untuk "
"menerapkan dan mengamankan OpenStack di berbagai lingkungan."
msgid ""
"As OpenStack is a popular open source project, much of the codebase and "
"architecture has been scrutinized by individual contributors, organizations, "
"and enterprises. This can be advantageous from a security perspective, "
"however the need for security reviews is still a critical consideration for "
"service providers, as deployments vary, and security is not always the "
"primary concern for contributors. A comprehensive security review process "
"may include architectural review, threat modeling, source code analysis and "
"penetration testing. There are many techniques and recommendations for "
"conducting security reviews that can be found publicly posted. A well-tested "
"example is the `Microsoft SDL <http://www.microsoft.com/security/sdl/process/"
"release.aspx>`_, created as part of the Microsoft Trustworthy Computing "
"Initiative."
msgstr ""
"Karena OpenStack adalah proyek open source yang populer, sebagian besar "
"basis kode dan arsitektur telah diteliti oleh kontributor, organisasi, dan "
"perusahaan individual. Hal ini dapat menguntungkan dari perspektif keamanan, "
"namun kebutuhan akan tinjauan keamanan masih merupakan pertimbangan penting "
"bagi penyedia layanan, karena penerapannya berbeda-beda, dan keamanan tidak "
"selalu menjadi perhatian utama kontributor. Proses tinjauan keamanan yang "
"komprehensif dapat mencakup tinjauan arsitektural, pemodelan ancaman, "
"analisis kode sumber dan pengujian penetrasi. Ada banyak teknik dan "
"rekomendasi untuk melakukan tinjauan keamanan yang dapat ditemukan di "
"publikasikan. Contoh yang teruji dengan baik adalah `Microsoft SDL <http://"
"www.microsoft.com/security/sdl/process/release.aspx>` _, dibuat sebagai "
"bagian dari Microsoft Trustworthy Computing Initiative."
msgid ""
"As a cloud administrator, the dashboard provides an overall view of the size "
"and state of your cloud. You can create users and tenants/projects, assign "
"users to tenant/projects and set limits on the resources available for them."
msgstr ""
"Sebagai administrator awan, dasbor memberikan tampilan keseluruhan tentang "
"ukuran dan keadaan awan Anda. Anda dapat membuat pengguna dan penyewa / "
"proyek, menetapkan pengguna ke penyewa / proyek dan menetapkan batasan pada "
"sumber daya yang tersedia untuk mereka."
msgid ""
"As a general practice, live migration traffic should be restricted to the "
"management security domain, see :doc:`../introduction/security-boundaries-"
"and-threats`. With live migration traffic, due to its plain text nature and "
"the fact that you are transferring the contents of disk and memory of a "
"running instance, it is recommended you further separate live migration "
"traffic onto a dedicated network. Isolating the traffic to a dedicated "
"network can reduce the risk of exposure."
msgstr ""
"Sebagai praktik umum, lalu lintas migrasi langsung harus dibatasi pada "
"domain keamanan manajemen, lihat :doc:`../introduction/security-boundaries-"
"and-threats`. Dengan lalu lintas migrasi langsung, karena sifat teksnya yang "
"biasa dan kenyataan bahwa Anda mentransfer isi disk dan memori instance yang "
"berjalan, sebaiknya Anda memisahkan lalu lintas migrasi langsung ke jaringan "
"dedicated. Mengisolasi lalu lintas ke jaringan dedicated dapat mengurangi "
"risiko terkena exposure (pembukaan)."
msgid ""
"As a web service, OpenStack API is susceptible to familiar web site attack "
"vectors such as denial of service attacks."
msgstr ""
"Sebagai layanan web, API OpenStack rentan terhadap vektor serangan situs web "
"yang familiar seperti serangan penolakan layanan (denial of service)."
msgid ""
"As an OpenStack virtual machine is a server image able to be replicated "
"across hosts, best practice in logging applies similarly between physical "
"and virtual hosts. Operating system-level and application-level events "
"should be logged, including access events to hosts and data, user additions "
"and removals, changes in privilege, and others as dictated by the "
"environment. Ideally, you can configure these logs to export to a log "
"aggregator that collects log events, correlates them for analysis, and "
"stores them for reference or further action. One common tool to do this is "
"an `ELK stack, or Elasticsearch, Logstash, and Kibana <https://www.elastic."
"co/>`_."
msgstr ""
"Sebagai mesin virtual OpenStack adalah image server yang dapat direplikasi "
"di host, praktik terbaik dalam logging berlaku serupa antara host fisik dan "
"virtual. Tingkat sistem operasi dan tingkat aplikasi harus dicatat, termasuk "
"aktivitas akses ke host dan data, penambahan dan kepindahan pengguna, "
"perubahan hak istimewa, dan lainnya seperti yang didikte oleh lingkungan. "
"Idealnya, Anda dapat mengonfigurasi log ini untuk diekspor ke agregator log "
"yang mengumpulkan peristiwa log, mengkorelasikannya untuk analisis, dan "
"menyimpannya untuk referensi atau tindakan lebih lanjut. Salah satu alat "
"yang umum dilakukan adalah `ELK stack, atau Elasticsearch, Logstash, dan "
"Kibana <https://www.elastic.co/>` _."
msgid ""
"As an administrator, you can connect through SSH to a host with "
"``10.254.0.3`` IP address, check the ``/etc/exports`` file on it and see "
"that it is empty:"
msgstr ""
"Sebagai administrator, Anda dapat terhubung melalui SSH ke host dengan "
"alamat IP ``10.254.0.3``, periksa file ``/etc/exports`` di dalamnya dan "
"lihat isinya kosong:"
msgid ""
"As an administrator, you can create share types that enable the scheduler to "
"filter back ends before you create a share. Share types have extra "
"specifications that you can set for the scheduler to filter and weigh back "
"ends so that an appropriate one is selected for a user that requests share "
"creation. Shares and share types can be created as public or private. This "
"level of visibility defines whether other tenants are able to see these "
"objects and operate with them, or not. An administrator can add :ref:`access "
"to the private share types <shared_fs_share_types_acl>` for specific users "
"or tenants in the Identity service. Thus users which you have granted access "
"can see available share types and create shares using them."
msgstr ""
"Sebagai administrator, Anda dapat membuat jenis share yang memungkinkan "
"penjadwal memfilter kembali sebelum Anda membuat share. Jenis share memiliki "
"spesifikasi tambahan dimana Anda dapat menetapkan penjadwal penyaringan dan "
"pembobotan back end sehingga share yang sesuai dipilih untuk pengguna yang "
"meminta pembuatan share. Share dan tipe share bisa dibuat sebagai publik "
"atau privat. Tingkat visibilitas ini mendefinisikan apakah penyewa lain "
"dapat melihat object ini dan beroperasi dengan mereka, atau tidak. "
"Administrator bisa menambahkan :ref:`access to the private share types "
"<shared_fs_share_types_acl>` untuk pengguna atau penyewa tertentu dalam "
"layanan Identity. Dengan demikian pengguna yang telah Anda berikan akses "
"dapat melihat jenis share yang tersedia dan membuat share yang "
"menggunakannya."
msgid ""
"As an alternative to VNC, OpenStack provides remote desktop access to guest "
"virtual machines using the Simple Protocol for Independent Computing "
"Environments (SPICE) protocol."
msgstr ""
"Sebagai alternatif untuk VNC, OpenStack menyediakan akses remote desktop ke "
"mesin virtual tamu menggunakan protokol Simple Protocol for Independent "
"Computing Environments (SPICE)."
msgid ""
"As an example, being an administrator user in admin tenant, you can create a "
"private share type named ``my_type`` and see it in the list. In the console "
"examples the logging in and out is omitted, and environment variables are "
"provided to show the current logged in user."
msgstr ""
"Sebagai contoh, sebagai pengguna administrator di penyewa admin, Anda dapat "
"membuat jenis share privat bernama ``my_type`` dan melihatnya dalam daftar. "
"Dalam contoh konsol, log in dan out dihilangkan, dan variabel lingkungan "
"disediakan untuk menunjukkan pengguna yang masuk saat ini."
msgid ""
"As is the case for VNC, at this time we recommend using SPICE from the "
"management network in addition to limiting use to few individuals."
msgstr ""
"Seperti kasus VNC, saat ini kami merekomendasikan penggunaan SPICE dari "
"jaringan manajemen selain membatasi penggunaan beberapa individu."
msgid ""
"As part of your hypervisor selection process, you must consider a number of "
"important factors to help increase your security posture. Specifically, you "
"must become familiar with these areas:"
msgstr ""
"Sebagai bagian dari proses seleksi hypervisor Anda, Anda harus "
"mempertimbangkan sejumlah faktor penting untuk membantu meningkatkan postur "
"keamanan Anda. Secara khusus, Anda harus terbiasa dengan area ini:"
msgid ""
"As technology has advanced the number of secret things that need to be "
"protected has increased beyond key materials to include certificate pairs, "
"API keys, system passwords, signing keys and so on. This increase has "
"created a need for a more scalable approach to key management, and resulted "
"in the creation of a number of software services that provide scalable "
"dynamic key management. This chapter describes the services that exist today "
"and focus on those that are able to be integrated into OpenStack clouds."
msgstr ""
"Sebagai teknologi telah maju, jumlah hal rahasia yang perlu dilindungi telah "
"meningkat melampaui materi kunci untuk memasukkan pasangan sertifikat, kunci "
"API, password sistem, kunci tanda tangan dan sebagainya. Peningkatan ini "
"telah menciptakan kebutuhan akan pendekatan yang lebih terukur untuk "
"manajemen kunci, dan menghasilkan pembuatan sejumlah layanan perangkat lunak "
"yang memberikan manajemen kunci dinamis terukur. Bab ini menjelaskan layanan "
"yang ada saat ini dan berfokus pada perangkat yang dapat diintegrasikan ke "
"dalam awan OpenStack."
msgid ""
"As the security requirements of organizations deploying this service will "
"vary based on their specific needs, we recommend that operators focus on "
"data privacy, cluster management, and end-user applications as a starting "
"point for evaluating the needs of their users. These decisions will help "
"guide the process of configuring user access to the service. For an expanded "
"discussion on data privacy see :doc:`../tenant-data`."
msgstr ""
"Karena persyaratan keamanan dari organisasi yang menerapkan layanan ini akan "
"bervariasi berdasarkan kebutuhan spesifik mereka, kami merekomendasikan agar "
"operator fokus pada privasi data, pengelolaan cluster, dan aplikasi pengguna "
"akhir sebagai titik awal untuk mengevaluasi kebutuhan pengguna mereka. "
"Keputusan ini akan membantu memandu proses konfigurasi akses pengguna ke "
"layanan. Untuk diskusi yang diperluas tentang privasi data lihat :doc:`../"
"tenant-data`."
msgid ""
"As with hardware, all software components within the OpenStack deployment "
"should be documented. Examples include:"
msgstr ""
"Seperti perangkat keras, semua komponen perangkat lunak dalam penyebaran "
"OpenStack harus didokumentasikan. Contohnya meliputi:"
msgid ""
"As with most things, there are trade-offs. The main trade-off is going to be "
"between security and performance. Encryption has a cost, but so does being "
"hacked. The security and performance requirements are going to be different "
"for every deployment, so how SSL/TLS is used will ultimately be an "
"individual decision."
msgstr ""
"Seperti kebanyakan hal, ada trade-off. Trade-off utama akan terjadi antara "
"keamanan dan kinerja. Enkripsi memiliki biaya, tapi begitu juga diretas. "
"Persyaratan keamanan dan kinerja akan berbeda untuk setiap penyebaran, jadi "
"bagaimana SSL/TLS digunakan pada akhirnya akan menjadi keputusan individual."
msgid ""
"As with the OpenStack Operations Guide, we followed the book sprint "
"methodology. The book sprint process allows for rapid development and "
"production of large bodies of written work. Coordinators from the OpenStack "
"Security Group re-enlisted the services of Adam Hyde as facilitator. "
"Corporate support was obtained and the project was formally announced during "
"the OpenStack summit in Portland, Oregon."
msgstr ""
"Seperti halnya OpenStack Operations Guide, kami mengikuti metodologi sprint "
"buku ini. Proses sprint buku memungkinkan perkembangan pesat dan produksi "
"benda besar karya tulis. Koordinator dari OpenStack Security Group kembali "
"mendaftarkan layanan Adam Hyde sebagai fasilitator. Dukungan perusahaan "
"diperoleh dan proyek tersebut diumumkan secara resmi saat KTT OpenStack di "
"Portland, Oregon."
msgid "Assets in flight"
msgstr "Assets in flight"
msgid ""
"Assets in flight: User keystone credentials, plaintext secrets, HTTP verb, "
"secret ID, path"
msgstr ""
"Assets in flight: Kredensial keystone pengguna, rahasia plaintext, kata "
"kerja HTTP, ID rahasia, jalur"
msgid ""
"At each level, you have ACLs that dictate who has what type of access. ACLs "
"are interpreted based on what authentication system is in use. The two most "
"common types of authentication providers used are Identity service "
"(keystone) and TempAuth. Custom authentication providers are also possible. "
"See :ref:`object_storage_authentication` for more information."
msgstr ""
"Pada setiap tingkat, Anda memiliki ACL yang mendikte siapa yang memiliki "
"jenis akses apa. ACL ditafsirkan berdasarkan sistem autentikasi yang "
"digunakan. Dua jenis penyedia otentikasi yang paling umum digunakan adalah "
"layanan Identity (keystone) dan TempAuth. Penyedia otentikasi kustom juga "
"dimungkinkan. Lihat :ref: `object_storage_authentication` untuk informasi "
"lebih lanjut."
msgid ""
"At its most basic, authentication is the process of confirming identity - "
"that a user is actually who they claim to be. A familiar example is "
"providing a username and password when logging in to a system."
msgstr ""
"Yang paling dasar, autentikasi adalah proses konfirmasi identitas - bahwa "
"pengguna sebenarnya adalah orang yang mereka klaim. Contoh yang familiar "
"adalah menyediakan username dan password saat login ke sebuah sistem."
msgid ""
"At the opposite end of the spectrum is the private cloud. As NIST defines "
"it, a private cloud is provisioned for exclusive use by a single "
"organization comprising multiple consumers, such as business units. The "
"cloud may be owned, managed, and operated by the organization, a third-"
"party, or some combination of them, and it may exist on or off premises. "
"Private-cloud use cases are diverse and, as such, their individual security "
"concerns vary."
msgstr ""
"Di ujung spektrum (opposite end) yang berlawanan adalah awan pribadi. "
"Sebagai NIST mendefinisikannya, awan pribadi ditetapkan untuk penggunaan "
"eksklusif oleh satu organisasi yang terdiri dari beberapa konsumen, seperti "
"unit bisnis. Awan dapat dimiliki, dikelola, dan dioperasikan oleh "
"organisasi, pihak ketiga, atau beberapa kombinasi dari keduanya, dan mungkin "
"ada di dalam atau di luar lokasi. Kasus penggunaan awan pribadi beragam dan, "
"karena itu, masalah keamanan individual mereka beragam."
msgid ""
"At the time of this writing, very few clouds are using secure boot "
"technologies in a production environment. As a result, these technologies "
"are still somewhat immature. We recommend planning carefully in terms of "
"hardware selection. For example, ensure that you have a TPM and Intel TXT "
"support. Then verify how the node hardware vendor populates the PCR values. "
"For example, which values will be available for validation. Typically the "
"PCR values listed under the software context in the table above are the ones "
"that a cloud architect has direct control over. But even these may change as "
"the software in the cloud is upgraded. Configuration management should be "
"linked into the PCR policy engine to ensure that the validation is always up "
"to date."
msgstr ""
"Pada saat penulisan ini, sedikit awan menggunakan teknologi boot aman di "
"lingkungan produksi. Akibatnya, teknologi ini masih belum matang. Sebaiknya "
"rencanakan dengan hati-hati dalam hal pemilihan perangkat keras. Misalnya, "
"pastikan Anda memiliki dukungan TPM dan Intel TXT. Kemudian verifikasi "
"bagaimana vendor perangkat keras node memasangkan nilai PCR. Misalnya, nilai "
"mana yang akan tersedia untuk validasi. Biasanya nilai PCR yang tercantum "
"dalam konteks perangkat lunak pada tabel di atas adalah yang arsitek awan "
"memiliki kontrol langsung. Tetapi bahkan ini mungkin berubah karena "
"perangkat lunak di awan ditingkatkan. Manajemen konfigurasi harus "
"dihubungkan ke dalam mesin kebijakan PCR untuk memastikan validasi selalu up "
"to date."
msgid ""
"At this point the SAML Assertion can be sent to the Service Provider "
"keystone, and a valid OpenStack token, issued by a Service Provider "
"keystone, will be returned."
msgstr ""
"Pada titik ini, SAML Assertion dapat dikirim ke Service Provider keystone, "
"dan token OpenStack yang valid, yang dikeluarkan oleh Service Provider "
"keystone akan dikembalikan."
msgid ""
"At this point we know that the node has booted with the correct kernel and "
"underlying components. The next step is to harden the operating system and "
"it starts with a set of industry-accepted hardening controls. The following "
"guides are good examples:"
msgstr ""
"Pada titik ini kita tahu bahwa node telah boot dengan kernel yang benar dan "
"komponen yang mendasarinya. Langkah selanjutnya adalah mengeraskan sistem "
"operasi dan dimulai dengan seperangkat kontrol pengerasan yang diterima "
"industri. Panduan berikut adalah contoh yang baik:"
msgid ""
"At this time, live migration is enabled in OpenStack by default. Live "
"migrations can be disabled by adding the following lines to the nova "
"``policy.json`` file:"
msgstr ""
"Pada saat ini, migrasi langsung diaktifkan di OpenStack secara default. "
"Migrasi langsung dapat dinonaktifkan dengan menambahkan baris berikut ke "
"file nova `policy.json``:"
msgid ""
"At various stages of the live migration process the contents of an instances "
"run time memory and disk are transmitted over the network in plain text. "
"Thus there are several risks that need to be addressed when using live "
"migration. The following in-exhaustive list details some of these risks:"
msgstr ""
"Pada berbagai tahap proses migrasi langsung, isi instance menjalankan memori "
"dan disk waktu dikirimkan melalui jaringan dalam teks biasa. Dengan demikian "
"ada beberapa risiko yang perlu diperhatikan saat menggunakan migrasi "
"langsung. Berikut daftar lengkap rincian beberapa dari risiko ini:"
msgid "Attack types"
msgstr "Jenis serangan"
msgid "Attacker position / Privilege level"
msgstr "Posisi penyerang / tingkat privilege"
msgid "Audit"
msgstr "Audit"
msgid "Audit reference"
msgstr "Referensi Audit"
msgid "Auth services"
msgstr "Layanan Auth"
msgid ""
"Authenticate externally and generate an :term:`unscoped token` in Identity "
"service."
msgstr ""
"Mengautentikasi secara eksternal dan menghasilkan sebuah :term:`unscoped "
"token` dalam layanan Identity."
msgid "Authentication"
msgstr "Otentikasi"
msgid ""
"Authentication and authorization policy in OpenStack may be delegated to "
"another service. A typical use case is an organization that seeks to deploy "
"a private cloud and already has a database of employees and users in an LDAP "
"system. Using this as the authentication authority, requests to the Identity "
"service are delegated to the LDAP system, which will then authorize or deny "
"based on its policies. Upon successful authentication, the Identity service "
"then generates a token that is used for access to authorized services."
msgstr ""
"Kebijakan otentikasi dan otorisasi di OpenStack dapat didelegasikan ke "
"layanan lain. Kasus penggunaan yang khas adalah organisasi yang berusaha "
"menyebarkan awan pribadi dan sudah memiliki database karyawan dan pengguna "
"dalam sistem LDAP. Dengan menggunakan ini sebagai otoritas otentikasi, "
"permintaan ke layanan Identitas didelegasikan ke sistem LDAP, yang kemudian "
"akan memberi otorisasi atau menolak berdasarkan kebijakannya. Setelah "
"otentikasi berhasil, layanan Identitas kemudian menghasilkan token yang "
"digunakan untuk akses ke layanan resmi."
msgid "Authentication configuration example: Qpid"
msgstr "Contoh konfigurasi otentikasi: Qpid"
msgid "Authentication configuration example: RabbitMQ"
msgstr "Contoh konfigurasi otentikasi: RabbitMQ"
msgid ""
"Authentication does not take place at the storage nodes. If you are able to "
"connect to a storage node on one of these ports, you can access or modify "
"data without authentication. In order to secure against this issue you "
"should follow the recommendations given previously about using a private "
"storage network."
msgstr ""
"Otentikasi tidak terjadi pada node penyimpanan. Jika Anda dapat terhubung ke "
"node penyimpanan di salah satu port ini, Anda dapat mengakses atau "
"memodifikasi data tanpa otentikasi. Untuk mengatasi masalah ini, Anda harus "
"mengikuti rekomendasi yang diberikan sebelumnya tentang penggunaan jaringan "
"penyimpanan pribadi."
msgid ""
"Authentication is an integral part of any real world OpenStack deployment "
"and so careful thought should be given to this aspect of system design. A "
"complete treatment of this topic is beyond the scope of this guide however "
"some key topics are presented in the following sections."
msgstr ""
"Otentikasi adalah bagian integral dari pengerahan OpenStack dunia nyata dan "
"pemikiran hati-hati harus diberikan pada aspek perancangan sistem ini. "
"Perlakuan lengkap terhadap topik ini berada di luar cakupan panduan ini "
"namun beberapa topik utama dipresentasikan pada bagian berikut."
msgid "Authentication methods"
msgstr "Metode otentikasi"
msgid "Authentication service"
msgstr "Layanan Authentication"
msgid "Authentication with X.509 certificates"
msgstr "Otentikasi dengan sertifikat X.509"
msgid "Authentication, key exchange"
msgstr "Otentikasi, pertukaran kunci"
msgid "Authentication?"
msgstr "Otentikasi?"
msgid "Authorization"
msgstr "Otorisasi"
msgid ""
"Automated vulnerability scanning/exploitation. Non-targeted attacks. Often "
"only a nuisance, compromise by one of these actors presents a major risk to "
"an organization's reputation."
msgstr ""
"Pemindaian/eksploitasi kerentanan otomatis. Serangan yang tidak ditargetkan. "
"Seringkali hanya gangguan, kompromi oleh salah satu aktor ini menghadirkan "
"risiko besar bagi reputasi sebuah organisasi."
msgid ""
"Availability Failure Impact: barbican could no longer create new secrets "
"without access to the queue."
msgstr ""
"Availability Failure Impact: barbican tidak bisa lagi menciptakan rahasia "
"baru tanpa akses ke antrian."
msgid ""
"Availability Failure Impact: barbican will not be able to validate user "
"credentials and fail. DoS."
msgstr ""
"Availability Failure Impact: barbican tidak akan bisa memvalidasi kredensial "
"pengguna dan gagal. DoS."
msgid "Availability of expertise"
msgstr "Ketersediaan keahlian"
msgid "Backup and disaster recovery"
msgstr "Backup dan pemulihan bencana"
msgid "Barbican"
msgstr "Barbican"
msgid "Barbican Role Based Access Control"
msgstr "Barbican Role Based Access Control"
msgid ""
"Barbican depends on the use of Hardware Security Module (HSM) appliance."
msgstr ""
"Barbican tergantung pada penggunaan alat Hardware Security Module (HSM)."
msgid ""
"Barbican has a number of back-end plugins that can be used to securely store "
"secrets in local databases or in HSMs."
msgstr ""
"Barbican memiliki sejumlah plugin back-end yang dapat digunakan untuk "
"menyimpan rahasia dengan aman di database lokal atau di HSM."
msgid ""
"Barbican has multiple pluggable back-ends which can communicate with "
"software and hardware based security modules using PKCS#11 or KMIP."
msgstr ""
"Barbican memiliki beberapa pluggable back-ends yang dapat berkomunikasi "
"dengan modul keamanan berbasis perangkat lunak dan perangkat keras "
"menggunakan PKCS#11 atau KMIP."
msgid ""
"Barbican is a REST API designed for the secure storage, provisioning and "
"management of secrets such as passwords, encryption keys and X.509 "
"certificates. It is aimed at being useful for all environments, including "
"large ephemeral clouds."
msgstr ""
"Barbican adalah REST API yang dirancang untuk penyimpanan, penyediaan dan "
"pengelolaan rahasia seperti password, kunci enkripsi dan sertifikat X.509. "
"Hal ini bertujuan berguna untuk semua lingkungan, termasuk awan fana yang "
"besar."
msgid ""
"Barbican is an OpenStack service that is multi-tenant aware and that uses "
"Keystone tokens for authentication. This means that access to secrets is "
"controlled via OpenStack policies for tenants and RBAC roles."
msgstr ""
"Barbican adalah layanan OpenStack yang menjaga multi-tenant dan menggunakan "
"token Keystone untuk otentikasi. Ini berarti bahwa akses terhadap rahasia "
"dikendalikan melalui kebijakan OpenStack untuk tenant dan peran RBAC."
msgid ""
"Barbican is integrated with several OpenStack features, either directly or "
"as a back end of `Castellan <https://wiki.openstack.org/wiki/Castellan>`_."
msgstr ""
"Barbican terintegrasi dengan beberapa fitur OpenStack, baik secara langsung "
"maupun sebagai back end `Castellan <https://wiki.openstack.org/wiki/"
"Castellan>`_."
msgid ""
"Barbican is often used as a key management system to enable use cases such "
"as Image signature verification, Volume encryption. These use cases are "
"outlined in the :doc:`secrets-management-use-cases`"
msgstr ""
"Barbican sering digunakan sebagai sistem manajemen kunci untuk memungkinkan "
"penggunaan kasus seperti verifikasi tanda tangan Image, enkripsi Volume. "
"Kasus penggunaan ini diuraikan di :doc:`secrets-management-use-cases`"
msgid "Bare metal server sanitization"
msgstr "Sanitasi server Bare Metal"
msgid ""
"Based upon system security category as defined in FIPS 199, an organization "
"utilizes FIPS 200 to identify specific security control requirements for the "
"information system. For example, if a system is categorized as \"moderate\" "
"a requirement may be introduced to mandate \"secure passwords\"."
msgstr ""
"Berdasarkan kategori keamanan sistem sebagaimana didefinisikan dalam FIPS "
"199, sebuah organisasi menggunakan FIPS 200 untuk mengidentifikasi "
"persyaratan pengendalian keamanan spesifik untuk sistem informasi. Misalnya, "
"jika sebuah sistem dikategorikan \"moderate\", sebuah persyaratan dapat "
"dikenalkan untuk mengamanatkan \"secure passwords\"."
msgid "Basic web server configuration"
msgstr "Konfigurasi server web dasar"
msgid ""
"Because API endpoints typically bridge multiple security domains, you must "
"pay particular attention to the compartmentalization of the API processes. "
"See :ref:`Bridging_security_domains` for additional information in this area."
msgstr ""
"Karena endpoint API biasanya menjembatani beberapa domain keamanan, Anda "
"harus memberi perhatian khusus pada kompartementalisasi proses API. Lihat: "
"ref: `Bridging_security_domains` untuk informasi tambahan di area ini."
msgid ""
"Because most management commands flow through the message queuing system, "
"message-queue security is a primary security concern for any OpenStack "
"deployment, and is discussed in detail later in this guide."
msgstr ""
"Karena sebagian besar perintah manajemen mengalir melalui sistem antrian "
"pesan, keamanan message-queue merupakan masalah keamanan utama untuk "
"penyebaran OpenStack, dan akan dibahas secara rinci nanti dalam panduan ini."
msgid ""
"Before an instance is created, a host for the image instantiation must be "
"selected. This selection is performed by the ``nova-scheduler`` which "
"determines how to dispatch compute and volume requests."
msgstr ""
"Sebelum sebuah instance dibuat, host untuk image instantiation harus "
"dipilih. Pilihan ini dilakukan oleh ``nova-scheduler`` yang menentukan "
"bagaimana mengirim dan menghitung permintaan volume."
msgid ""
"Before attempting to federate multiple Identity service deployments, you "
"must setup certain configuration options in the ``keystone.conf`` file."
msgstr ""
"Sebelum mencoba memasukkan beberapa pengerahan layanan Identity, Anda harus "
"menyiapkan beberapa opsi konfigurasi di file ``keystone.conf``."
msgid ""
"Before deployment, consider the TLS libraries that the queuing servers use. "
"Qpid uses Mozilla's NSS library, whereas RabbitMQ uses Erlang's TLS module "
"which uses OpenSSL."
msgstr ""
"Sebelum diterapkan, pertimbangkan perpustakaan TLS yang digunakan oleh "
"server antrian. Qpid menggunakan perpustakaan NSS milik Mozilla, sedangkan "
"RabbitMQ menggunakan modul TLS Erlang yang menggunakan OpenSSL."
msgid ""
"Before we delve into the configurations, we briefly discuss the ciphers' "
"configuration element and its format. A more exhaustive treatment on "
"available ciphers and the OpenSSL cipher list format can be found at: "
"`ciphers <https://www.openssl.org/docs/apps/ciphers.html>`_."
msgstr ""
"Sebelum kita menyelidiki konfigurasi, kita membahas secara singkat elemen "
"konfigurasi dan formatnya. Perlakuan yang lebih lengkap pada ciphers yang "
"tersedia dan format daftar sandi OpenSSL dapat ditemukan di: `ciphers "
"<https://www.openssl.org/docs/apps/ciphers.html>`_."
msgid ""
"Being able to detect the load on the OpenStack servers also enables "
"responding by way of introducing additional servers for load balancing to "
"ensure high availability."
msgstr ""
"Mampu mendeteksi beban pada server OpenStack juga memungkinkan untuk "
"merespons dengan cara menambahkan server tambahan untuk load balancing guna "
"memastikan ketersediaan yang tinggi."
msgid ""
"Below is an example of an NFS share with the Generic driver. After the share "
"was created it has export location ``10.254.0.3:/shares/share-b2874f8d-"
"d428-4a5c-b056-e6af80a995de``. If you try to mount it on the host with "
"``10.254.0.4`` IP address, you'll get a *\"Permission denied\"* message."
msgstr ""
"Berikut adalah contoh pembagian NFS dengan driver Generik. Setelah share itu "
"dibuat, ia memiliki lokasi ekspor ``10.254.0.3:/shares/share-b2874f8d-"
"d428-4a5c-b056-e6af80a995de``. Jika Anda mencoba me-mountnya di host dengan "
"alamat IP ``10.254.0.4``, Anda akan mendapatkan pesan *\"Permission denied"
"\"*."
msgid ""
"Below we provide sample recommended configuration settings for enabling TLS "
"in some of the more popular web servers/TLS terminators."
msgstr ""
"Di bawah ini kami menyediakan contoh pengaturan konfigurasi yang "
"direkomendasikan untuk mengaktifkan TLS di beberapa web servers/TLS "
"terminators yang lebih populer."
msgid ""
"Ben de Bont is the CSO for HP Cloud Services. Prior to his current role Ben "
"led the information security group at MySpace and the incident response team "
"at MSN Security. Ben holds a master's degree in Computer Science from the "
"Queensland University of Technology."
msgstr ""
"Ben de Bont adalah CSO untuk HP Cloud Services. Sebelum perannya saat ini, "
"Ben memimpin kelompok keamanan informasi di MySpace dan tim respons insiden "
"di MSN Security. Ben meraih gelar master di bidang Ilmu Komputer dari "
"Queensland University of Technology."
msgid ""
"Besides already described services you can see two other entities on the "
"image: ``python-manilaclient`` and ``storage controller``."
msgstr ""
"Selain sudah dijelaskan layanan Anda bisa melihat dua entitas lain pada "
"image: ``python-manilaclient`` dan ``storage controller``."
msgid "Bibliography"
msgstr "Bibliografi"
msgid "Bibliography:"
msgstr "Bibliografi:"
msgid "Block Storage"
msgstr "Block Storage"
msgid "Block Storage (optional)"
msgstr "Block Storage (optional)"
msgid "Block Storage performance and backends"
msgstr "Performa Block Storage dan backend"
msgid "Block Storage volume data"
msgstr "Data volume Block Storage"
msgid "Booleans"
msgstr "Booleans"
msgid ""
"Both RabbitMQ and Qpid are Advanced Message Queuing Protocol (AMQP) "
"frameworks, which provide message queues for peer-to-peer communication. "
"Queue implementations are typically deployed as a centralized or "
"decentralized pool of queue servers. ZeroMQ provides direct peer-to-peer "
"communication through TCP sockets."
msgstr ""
"RabbitMQ dan Qpid adalah kerangka protokol Advanced Message Queuing Protocol "
"(AMQP), yang menyediakan antrian pesan untuk komunikasi peer-to-peer. "
"Implementasi antrian biasanya digunakan sebagai server antrian terpusat atau "
"terdesentralisasi. ZeroMQ menyediakan komunikasi peer-to-peer langsung "
"melalui soket TCP."
msgid ""
"Both approaches provide `Perfect Forward Secrecy (PFS) <https://en.wikipedia."
"org/wiki/Forward_secrecy>`_. See :ref:`secure-communication-perfect-forward-"
"secrecy` for additional discussion on properly configuring PFS."
msgstr ""
"Kedua pendekatan itu memberikan `Perfect Forward Secrecy (PFS) <https://en."
"wikipedia.org/wiki/Forward_secrecy>`_. Lihat :ref:`secure-communication-"
"perfect-forward-secrecy` untuk diskusi tambahan tentang konfigurasi PFS "
"dengan benar."
msgid ""
"Both the horizon web service and the OpenStack API it uses to communicate "
"with the back end are susceptible to web attack vectors such as denial of "
"service and must be monitored."
msgstr ""
"Baik layanan web cakrawala maupun API OpenStack yang digunakannya untuk "
"berkomunikasi dengan back end rentan terhadap vektor serangan web seperti "
"penolakan layanan (denial of service) dan harus dipantau."
msgid "Bridging security domains"
msgstr "Menjembatani domain keamanan"
msgid ""
"Browser-based access to the OpenStack cloud, whether through the dashboard "
"or other applications, introduces additional considerations. Modern browsers "
"all support some form of password storage and autofilling of credentials for "
"remembered sites. This can be useful when using strong passwords that cannot "
"be easily remembered or typed, but may cause the browser to become the weak "
"link if the physical security of the client is compromised. If the browser's "
"password store itself is not protected by a strong password, or if the "
"password store is allowed to remain unlocked for the duration of the "
"session, unauthorized access to your system can be easily obtained."
msgstr ""
"Akses berbasis browser ke awan OpenStack, baik melalui dashboard maupun "
"aplikasi lainnya, memperkenalkan pertimbangan tambahan. Browser modern semua "
"mendukung beberapa bentuk penyimpanan kata sandi dan autofilling kredensial "
"untuk situs yang diingat. Ini bisa berguna saat menggunakan kata kunci kuat "
"yang tidak mudah diingat atau diketik, namun bisa menyebabkan browser "
"menjadi lemah jika keamanan fisik klien terganggu. Jika penyimpanan kata "
"kunci browser itu sendiri tidak dilindungi oleh kata sandi yang kuat, atau "
"jika penyimpanan kata sandi diizinkan tetap tidak terkunci selama sesi "
"berlangsung, akses yang tidak sah ke sistem Anda dapat diperoleh dengan "
"mudah."
msgid ""
"By default, Quality of Service (QoS) policies and rules are managed by the "
"cloud administrator, which results in tenants being unable to create "
"specific QoS rules, or to attach specific ports to policies. In some use "
"cases, such as some telecommunications applications, the administrator may "
"trust the tenants and therefore let them create and attach their own "
"policies to ports. This can be achieved by modifying the ``policy.json`` "
"file and `specific documentation <https://specs.openstack.org/openstack/"
"neutron-specs/specs/liberty/qos-api-extension.html>`_. will be released with "
"the extension."
msgstr ""
"Secara default, kebijakan dan aturan Quality of Service (QoS) dikelola oleh "
"administrator awan, yang mengakibatkan penyewa tidak dapat membuat aturan "
"QoS tertentu, atau untuk melampirkan port tertentu ke kebijakan. Dalam "
"beberapa kasus penggunaan, seperti beberapa aplikasi telekomunikasi, "
"administrator dapat mempercayai penyewa dan karena itu membiarkan mereka "
"membuat dan melampirkan kebijakan mereka sendiri ke port. Hal ini dapat "
"dicapai dengan memodifikasi file `policy.json` dan `specific documentation "
"<https://specs.openstack.org/openstack/neutron-specs/specs/liberty/qos-api-"
"extension.html>`_. akan dirilis dengan ekstensi."
msgid ""
"By default, each of the OpenStack services and their processes access the "
"database using a shared set of credentials. This makes auditing database "
"operations and revoking access privileges from a service and its processes "
"to the database particularly difficult."
msgstr ""
"Secara default, masing-masing layanan OpenStack dan prosesnya mengakses "
"database menggunakan sekumpulan kredensial bersama. Hal ini membuat operasi "
"database auditing dan mencabut hak akses dari sebuah layanan dan prosesnya "
"ke database sangat sulit dilakukan."
msgid ""
"By default, share types are created as public. While creating a share type, "
"use ``--is_public`` parameter set to ``False`` to make your share type "
"private which will prevent other tenants from seeing it in a list of share "
"types and creating new shares with it. On the other hand, *public* share "
"types are available to every tenant in a cloud."
msgstr ""
"Secara default, jenis share dibuat sebagai publik. Saat membuat jenis share, "
"gunakan parameter ``--is_public`` yang disetel ke ``False`` untuk menjadikan "
"tipe share Anda pribadi yang akan mencegah penyewa lain melihatnya di daftar "
"jenis share dan membuat share baru dengannya. Di sisi lain, jenis share "
"*public* tersedia untuk setiap penyewa di awan."
msgid ""
"By default, the Shared File Systems API service listens only on the port "
"``8786`` with ``tcp6`` type that supports both IPv4 and IPv6."
msgstr ""
"Secara default, layanan Shared File Systems API hanya mendengarkan pada port "
"``8786`` dengan tipe ``tcp6`` yang mendukung IPv4 dan IPv6."
msgid ""
"By default, the remote desktop traffic is not encrypted. TLS can be enabled "
"to encrypt the VNC traffic. Refer to :doc:`../secure-communication/"
"introduction-to-ssl-and-tls` for appropriate recommendations."
msgstr ""
"Secara default, lalu lintas desktop jarak jauh tidak dienkripsi. TLS dapat "
"diaktifkan untuk mengenkripsi lalu lintas VNC. Lihat :doc:`../secure-"
"communication/introduction-to-ssl-and-tls` untuk rekomendasi yang tepat."
msgid ""
"By default, when a share is created and has its export location, the Shared "
"File Systems service expects that nobody can access the share by mounting "
"it. Please note that the share driver you use can change this configuration, "
"or it can be directly changed on the share storage. To ensure access to the "
"share, check the mounting config for the export protocol."
msgstr ""
"Secara default, bila share dibuat dan memiliki lokasi ekspor, layanan Shared "
"File Systems mengharapkan tidak ada yang dapat mengakses share dengan "
"mounting. Harap dicatat bahwa share driver yang Anda gunakan dapat mengubah "
"konfigurasi ini, atau bisa langsung diubah pada penyimpanan share. Untuk "
"memastikan akses ke share, periksa konfigurasi pemasangan untuk protokol "
"ekspor."
msgid ""
"By their nature, public clouds are exposed to a higher degree of risk. As a "
"consumer of a public cloud, you should validate that your selected provider "
"has the necessary certifications, attestations, and other regulatory "
"considerations. As a public cloud provider, depending on your target "
"customers, you might be subject to one or more regulations. Additionally, "
"even if not required to meet regulatory requirements, a provider should "
"ensure tenant isolation as well as protecting management infrastructure from "
"external attacks."
msgstr ""
"Menurut sifatnya, awan publik terkena tingkat risiko yang lebih tinggi. "
"Sebagai konsumen awan publik, Anda harus memvalidasi bahwa penyedia pilihan "
"Anda memiliki sertifikasi, atestasi, dan pertimbangan peraturan lainnya yang "
"diperlukan. Sebagai penyedia awan publik, bergantung pada target pelanggan "
"Anda, Anda mungkin dikenai satu atau lebih peraturan. Selain itu, meski "
"tidak diharuskan memenuhi persyaratan peraturan, penyedia harus memastikan "
"isolasi penyewa sekaligus melindungi infrastruktur manajemen dari serangan "
"luar."
msgid ""
"By using the previously returned token, the user can issue requests to the "
"list projects and domains that are accessible."
msgstr ""
"Dengan menggunakan token yang sebelumnya dikembalikan, pengguna dapat "
"mengeluarkan permintaan ke daftar proyek dan domain yang dapat diakses."
msgid ""
"CA is a trusted entity, both by the end party and the party that relies upon "
"the certificate for certification policies, management handling, and "
"certificate issuance."
msgstr ""
"CA adalah entitas terpercaya, baik oleh end party maupun party yang "
"bergantung pada sertifikat untuk kebijakan sertifikasi, penanganan "
"manajemen, dan penerbitan sertifikat."
msgid ""
"CIS regularly publishes security benchmarks as well as automated tools that "
"apply those security controls automatically. These benchmarks are published "
"under a `Creative Commons license <https://creativecommons.org/licenses/by-"
"nc-sa/4.0/legalcode>`_ that has some limitations."
msgstr ""
"CIS secara teratur menerbitkan tolok ukur keamanan serta alat otomatis yang "
"menerapkan kontrol keamanan secara otomatis. Tolok ukur ini dipublikasikan "
"di bawah `Creative Commons license <https://creativecommons.org/licenses/by-"
"nc-sa/4.0/legalcode>`_ yang memiliki beberapa keterbatasan."
msgid "CRL issuer"
msgstr "CRL issuer"
msgid ""
"CSRF (Cross-site request forgery) is an attack which forces an end user to "
"execute unauthorized commands on a web application in which he/she is "
"currently authenticated. A successful CSRF exploit can compromise end user "
"data and operations. If the targeted end user has admin privileges, this can "
"compromise the entire web application."
msgstr ""
"CSRF (Cross-site request forgery) adalah serangan yang memaksa end user "
"untuk menjalankan perintah yang tidak sah pada aplikasi web yang saat ini "
"dia otentikasi. Eksploitasi CSRF yang berhasil dapat membahayakan data dan "
"operasi end user. Jika end user yang ditargetkan memiliki hak istimewa "
"admin, ini dapat membahayakan keseluruhan aplikasi web."
msgid "Capabilities"
msgstr "Capabilities"
msgid ""
"Careful consideration should be given to potential outbound abuse from a "
"cloud deployment. Whether public or private, clouds tend to have lots of "
"resource available. An attacker who has established a point of presence "
"within the cloud, either through hacking or entitled access, such as rogue "
"employee, can bring these resources to bear against the internet at large. "
"Clouds with compute services make for ideal DDoS and brute force engines. "
"The issue is more pressing for public clouds as their users are largely "
"unaccountable, and can quickly spin up numerous disposable instances for "
"outbound attacks. Major damage can be inflicted upon a company's reputation "
"if it becomes known for hosting malicious software or launching attacks on "
"other networks. Methods of prevention include egress security groups, "
"outbound traffic inspection, customer education and awareness, and fraud and "
"abuse mitigation strategies."
msgstr ""
"Pertimbangan yang cermat harus diberikan pada penyalahgunaan outbound "
"potensial dari penyebaran awan. Apakah publik atau private, awan cenderung "
"memiliki banyak sumber daya yang tersedia. Seorang penyerang yang telah "
"memiliki titik kehadiran (point of presence) di dalam awan, baik melalui "
"akses hacking atau berhak, seperti pegawai nakal, dapat membawa sumber daya "
"ini untuk menghadapi internet secara keseluruhan. Awan dengan layanan "
"komputasi membuat mesin DDoS dan brute force ideal. Masalahnya lebih "
"mendesak untuk awan publik karena pengguna mereka sebagian besar tidak "
"bertanggung jawab, dan dengan cepat dapat memutar banyak disposable instance "
"sekali pakai untuk serangan keluar. Kerusakan besar dapat ditimbulkan atas "
"reputasi perusahaan jika diketahui meng-host perangkat lunak berbahaya atau "
"meluncurkan serangan ke jaringan lain. Metode pencegahan meliputi kelompok "
"keamanan egress, inspeksi lalu lintas keluar, edukasi dan kesadaran "
"pelanggan, dan strategi mitigasi penyalahgunaan dan penyalahgunaan."
msgid "Castellan"
msgstr "Castellan"
msgid ""
"Castellan is a generic Key Manager interface developed by the Barbican team. "
"It enables projects to use a configurable key manager that can be deployment "
"specific."
msgstr ""
"Castellan adalah antarmuka Key Manager generik yang dikembangkan oleh tim "
"Barbican. Ini memungkinkan proyek menggunakan manajer kunci yang dapat "
"dikonfigurasi yang dapat diterapkan secara spesifik."
msgid "Certificate Repository"
msgstr "Certificate Repository"
msgid "Certificate Revocation Lists (CRL)"
msgstr "Certificate Revocation Lists (CRL)"
msgid ""
"Certificates used to support TLS on internet facing cloud endpoints (or "
"customer interfaces where the customer is not expected to have installed "
"anything other than standard operating system provided certificate bundles) "
"should be provisioned using Certificate Authorities that are installed in "
"the operating system certificate bundle. Typical well known vendors include "
"Let's Encrypt, Verisign and Thawte but many others exist."
msgstr ""
"Sertifikat yang digunakan untuk mendukung TLS di internet yang menghadapi "
"endpoint awan (atau antarmuka pelanggan yang tidak diharapkan pelanggannya "
"telah menginstal apa pun selain kumpulan berkas sistem operasi standar yang "
"disediakan) harus disediakan menggunakan Certificate Authorities yang "
"terpasang dalam berkas sertifikat sistem operasi. Vendor terkenal yang "
"terkenal termasuk Let's Encrypt, Verisign dan Thawte tapi ada banyak lainnya."
msgid "Certification Authority (:term:`CA <certificate authority (CA)>`)"
msgstr "Certification Authority (:term:`CA <certificate authority (CA)>`)"
msgid "Certification and compliance statements"
msgstr "Pernyataan sertifikasi dan kepatuhan"
msgid "Certification authorities"
msgstr "Otoritas sertifikasi"
msgid "Certifications and attestations"
msgstr "Sertifikasi dan pengesahan"
msgid ""
"Check-Block-01: Is user/group ownership of config files set to root/cinder?"
msgstr ""
"Check-Block-01: Apakah user/group ownership dari file konfigurasi diset ke "
"root/cinder?"
msgid "Check-Block-02: Are strict permissions set for configuration files?"
msgstr "Check-Block-02: Apakah izin ketat diatur untuk file konfigurasi?"
msgid "Check-Block-03: Is keystone used for authentication?"
msgstr "Check-Block-03: Apakah keystone digunakan untuk otentikasi?"
msgid "Check-Block-04: Is TLS enabled for authentication?"
msgstr "Check-Block-04: Apakah TLS diaktifkan untuk otentikasi?"
msgid "Check-Block-05: Does cinder communicate with nova over TLS?"
msgstr "Check-Block-05: Apakah cinder berkomunikasi dengan nova over TLS?"
msgid "Check-Block-06: Does cinder communicate with glance over TLS?"
msgstr ""
"Check-Block-06: Apakah cinder berkomunikasi dengan melirik (glance over) TLS?"
msgid "Check-Block-07: Is NAS operating in a secure environment?"
msgstr "Check-Block-07: Apakah NAS beroperasi di lingkungan yang aman?"
msgid ""
"Check-Block-08: Is max size for the body of a request set to default "
"(114688)?"
msgstr ""
"Check-Block-08: Apakah ukuran maks untuk body permintaan ditetapkan ke "
"default (114688)?"
msgid "Check-Block-09: Is the volume encryption feature enabled?"
msgstr "Check-Block-09: Apakah fitur encryption volume diaktifkan?"
msgid ""
"Check-Compute-01: Is user/group ownership of config files set to root/nova?"
msgstr ""
"Check-Compute-01: Apakah kepemilikan user/group dari file konfigurasi diatur "
"ke root/nova?"
msgid "Check-Compute-02: Are strict permissions set for configuration files?"
msgstr "Check-Compute-02: Apakah izin ketat diatur untuk file konfigurasi?"
msgid "Check-Compute-03: Is keystone used for authentication?"
msgstr "Check-Compute-03: Apakah keystone digunakan untuk otentikasi?"
msgid "Check-Compute-04: Is secure protocol used for authentication?"
msgstr "Check-Compute-04: Apakah protokol aman digunakan untuk otentikasi?"
msgid "Check-Compute-05: Does Nova communicate with Glance securely?"
msgstr "Check-Compute-05: Apakah Nova berkomunikasi dengan Glance dengan aman?"
msgid "Check-Dashboard-01: Is user/group of config files set to root/horizon?"
msgstr ""
"Check-Dashboard-01: Apakah user/grup file konfigurasi diset ke root/horizon?"
msgid ""
"Check-Dashboard-02: Are strict permissions set for horizon configuration "
"files?"
msgstr ""
"Check-Dashboard-02: Apakah izin ketat diatur untuk file konfigurasi horizon?"
msgid ""
"Check-Dashboard-03: Is ``DISALLOW_IFRAME_EMBED`` parameter set to ``True``?"
msgstr ""
"Check-Dashboard-03: Apakah parameter ``DISALLOW_IFRAME_EMBED`` disetel ke `` "
"True``?"
msgid ""
"Check-Dashboard-04: Is ``CSRF_COOKIE_SECURE`` parameter set to ``True``?"
msgstr ""
"Check-Dashboard-04: Apakah parameter ``CSRF_COOKIE_SECURE`` disetel ke "
"``True``?"
msgid ""
"Check-Dashboard-05: Is ``SESSION_COOKIE_SECURE`` parameter set to ``True``?"
msgstr ""
"Check-Dashboard-05: Apakah parameter ``SESSION_COOKIE_SECURE`` disetel ke "
"``True``?"
msgid ""
"Check-Dashboard-06: Is ``SESSION_COOKIE_HTTPONLY`` parameter set to ``True``?"
msgstr ""
"Check-Dashboard-06: Apakah parameter ``SESSION_COOKIE_HTTPONLY`` disetel ke "
"``True``?"
msgid "Check-Dashboard-07: Is ``PASSWORD_AUTOCOMPLETE`` set to ``False``?"
msgstr ""
"Check-Dashboard-07: Apakah ``PASSWORD_AUTOCOMPLETE`` disetel ke ``False``?"
msgid "Check-Dashboard-08: Is ``DISABLE_PASSWORD_REVEAL`` set to ``True``?"
msgstr ""
"Check-Dashboard-08: Apakah ``DISABLE_PASSWORD_REVEAL`` disetel ke ``True``?"
msgid "Check-Dashboard-09: Is ``ENFORCE_PASSWORD_CHECK`` set to ``True``?"
msgstr ""
"Check-Dashboard-09: Apakah ``ENFORCE_PASSWORD_CHECK`` disetel ke ``True``?"
msgid "Check-Dashboard-10: Is ``PASSWORD_VALIDATOR`` configured?"
msgstr "Check-Dashboard-10: Apakah ``PASSWORD_VALIDATOR`` dikonfigurasi?"
msgid "Check-Dashboard-11: Is ``SECURE_PROXY_SSL_HEADER`` configured?"
msgstr "Check-Dashboard-11: Apakah ``SECURE_PROXY_SSL_HEADER`` dikonfigurasi?"
msgid ""
"Check-Identity-01: Is user/group ownership of config files set to keystone?"
msgstr ""
"Check-Identity-01: Apakah kepemilikan user/group dari file konfigurasi "
"diatur ke keystone?"
msgid ""
"Check-Identity-02: Are strict permissions set for Identity configuration "
"files?"
msgstr ""
"Check-Identity-02: Apakah izin ketat ditetapkan untuk file konfigurasi "
"Identity?"
msgid "Check-Identity-03: is TLS enabled for Identity?"
msgstr "Check-Identity-03: Apakah TLS diaktifkan untuk Identity?"
msgid ""
"Check-Identity-04: Does Identity use strong hashing algorithms for PKI "
"tokens?"
msgstr ""
"Check-Identity-04: Apakah Identity menggunakan algoritma hashing yang kuat "
"untuk token PKI?"
msgid ""
"Check-Identity-05: Is ``max_request_body_size`` set to default (114688)?"
msgstr ""
"Check-Identity-05: Apakah ``max_request_body_size`` disetel ke default "
"(114688)?"
msgid ""
"Check-Identity-06: Disable admin token in ``/etc/keystone/keystone.conf``"
msgstr ""
"Check-Identity-06:Nonaktifkan token admin masuk ``/etc/keystone/keystone."
"conf``"
msgid ""
"Check-Identity-07: insecure_debug false in ``/etc/keystone/keystone.conf``"
msgstr ""
"Check-Identity-07: Insecure_debug salah di ``/etc/keystone/keystone.conf``"
msgid "Check-Identity-08: Use fernet token in ``/etc/keystone/keystone.conf``"
msgstr ""
"Check-Identity-08: Gunakan token fernet di ``/etc/keystone/keystone.conf``"
msgid ""
"Check-Image-01: Is user/group ownership of config files set to root/glance?"
msgstr ""
"Check-Image-01: Apakah kepemilikan user/group dari file konfigurasi diset ke "
"root/glance?"
msgid "Check-Image-02: Are strict permissions set for configuration files?"
msgstr "Check-Image-02: Apakah izin ketat diatur untuk file konfigurasi?"
msgid "Check-Image-03: Is keystone used for authentication?"
msgstr "Check-Image-03: Apakah keystone digunakan untuk otentikasi?"
msgid "Check-Image-04: Is TLS enabled for authentication?"
msgstr "Check-Image-04: Apakah TLS diaktifkan untuk otentikasi?"
msgid "Check-Image-05: Are masked port scans prevented?"
msgstr "Check-Image-05: Apakah scan port tertutup (masked) dicegah?"
msgid ""
"Check-Key-Manager-01: Is the ownership of config files set to root/barbican?"
msgstr ""
"Check-Key-Manager-01: Apakah kepemilikan file konfigurasi diset ke root/"
"barbican?"
msgid ""
"Check-Key-Manager-02: Are strict permissions set for configuration files?"
msgstr "Check-Key-Manager-02: Apakah izin ketat diatur untuk file konfigurasi?"
msgid "Check-Key-Manager-03: Is OpenStack Identity used for authentication?"
msgstr ""
"Check-Key-Manager-03: Apakah OpenStack Identity digunakan untuk otentikasi?"
msgid "Check-Key-Manager-04: Is TLS enabled for authentication?"
msgstr "Check-Key-Manager-04: Apakah TLS diaktifkan untuk otentikasi?"
msgid ""
"Check-Neutron-01: Is user/group ownership of config files set to root/"
"neutron?"
msgstr ""
"Check-Neutron-01: Apakah kepemilikan user/group dari file konfigurasi diset "
"ke root/neutron?"
msgid "Check-Neutron-02: Are strict permissions set for configuration files?"
msgstr "Check-Neutron-02: Apakah izin ketat diatur untuk file konfigurasi?"
msgid "Check-Neutron-03: Is keystone used for authentication?"
msgstr "Check-Neutron-03: Apakah keystone digunakan untuk otentikasi?"
msgid "Check-Neutron-04: Is secure protocol used for authentication?"
msgstr "Check-Neutron-04: Apakah protokol aman digunakan untuk otentikasi?"
msgid "Check-Neutron-05: Is TLS enabled on Neutron API server?"
msgstr "Check-Neutron-05: Apakah TLS diaktifkan pada server API Neutron?"
msgid ""
"Check-Shared-01: Is user/group ownership of config files set to root/manila?"
msgstr ""
"Check-Shared-01: Apakah user/group kepemilikan file konfigurasi diset ke "
"root/manila?"
msgid "Check-Shared-02: Are strict permissions set for configuration files?"
msgstr "Check-Shared-02: Apakah ada izin ketat diatur untuk file konfigurasi?"
msgid "Check-Shared-03: Is OpenStack Identity used for authentication?"
msgstr "Check-Shared-03: Apakah OpenStack Identity digunakan untuk otentikasi?"
msgid "Check-Shared-04: Is TLS enabled for authentication?"
msgstr "Check-Shared-04: Apakah TLS diaktifkan untuk otentikasi?"
msgid ""
"Check-Shared-05: Does Shared File Systems contact with Compute over TLS?"
msgstr ""
"Check-Shared-05: Apakah Shared File Systems kontak dengan Compute over TLS?"
msgid ""
"Check-Shared-06: Does Shared File Systems contact with Networking over TLS?"
msgstr ""
"Check-Shared-06: Apakah Shared File Systems kontak dengan Networking over "
"TLS?"
msgid ""
"Check-Shared-07: Does Shared File Systems contact with Block Storage over "
"TLS?"
msgstr ""
"Check-Shared-07: Apakah Shared File Systems kontak dengan Block Storage over "
"TLS?"
msgid ""
"Check-Shared-08: Is max size for the request body set to default (114688)?"
msgstr ""
"Check-Shared-08: Apakah ukuran maksimal untuk badan permintaan diatur ke "
"default (114688)?"
msgid "Checklist"
msgstr "Daftar periksa"
msgid "Chef"
msgstr "Chef"
msgid ""
"Cinder supports an NFS driver which works differently than a traditional "
"block storage driver. The NFS driver does not actually allow an instance to "
"access a storage device at the block level. Instead, files are created on an "
"NFS share and mapped to instances, which emulates a block device. Cinder "
"supports secure configuration for such files by controlling the file "
"permissions when cinder volumes are created. Cinder configuration can also "
"control whether file operations are run as the root user or the current "
"OpenStack process user."
msgstr ""
"Cinder mendukung driver NFS yang bekerja berbeda dari driver penyimpanan "
"blok tradisional. Driver NFS sebenarnya tidak mengizinkan sebuah instance "
"untuk mengakses perangkat penyimpanan di tingkat blok. Sebagai gantinya, "
"file dibuat pada pembagian NFS dan dipetakan ke instance, yang mengemulasi "
"perangkat blokir. Cinder mendukung konfigurasi yang aman untuk file seperti "
"itu dengan mengendalikan hak akses file saat volume cinder dibuat. "
"Konfigurasi cinder juga dapat mengontrol apakah operasi file dijalankan "
"sebagai pengguna root atau pengguna proses OpenStack saat ini."
msgid "Cinder volume data"
msgstr "Data volume Cinder"
msgid ""
"Cipher string options are separated by \":\", while \"!\" provides negation "
"of the immediately following element. Element order indicates preference "
"unless overridden by qualifiers such as HIGH. Let us take a closer look at "
"the elements in the above sample strings."
msgstr ""
"Pilihan string cipher dipisahkan oleh \":\", while \"!\" memberikan "
"penolakan dari elemen berikut ini. Urutan elemen menunjukkan preferensi "
"kecuali diganti oleh kualifikasi seperti HIGH. Mari kita lihat lebih dekat "
"unsur-unsur dalam contoh string di atas."
msgid ""
"Cipher suites using the `RSA <https://en.wikipedia.org/wiki/RSA_"
"%28cryptosystem%29>`_ exchange, authentication or either respectively."
msgstr ""
"Cipher suite menggunakan `RSA <https://en.wikipedia.org/wiki/RSA_"
"%28cryptosystem%29>`_ pertukaran, otentikasi atau masing-masing."
msgid ""
"Client authentication with TLS requires certificates be issued to services. "
"These certificates can be signed by an external or internal certificate "
"authority. OpenStack services check the validity of certificate signatures "
"against trusted CAs by default and connections will fail if the signature is "
"not valid or the CA is not trusted. Cloud deployers may use self-signed "
"certificates. In this case, the validity check must be disabled or the "
"certificate should be marked as trusted. To disable validation of self-"
"signed certificates, set ``insecure=False`` in the ``[filter:authtoken]`` "
"section in the ``/etc/nova/api.paste.ini`` file. This setting also disables "
"certificates for other components."
msgstr ""
"Otentikasi klien dengan TLS mengharuskan sertifikat dikeluarkan untuk "
"layanan. Sertifikat ini dapat ditandatangani oleh otoritas sertifikat "
"eksternal atau internal. Layanan OpenStack memeriksa validitas tanda tangan "
"sertifikat terhadap CA yang terpercaya secara default dan koneksi akan gagal "
"jika tanda tangan tidak valid atau CA tidak dipercaya. Penyebar awan dapat "
"menggunakan sertifikat yang ditandatangani sendiri. Dalam kasus ini, "
"pemeriksaan validitas harus dinonaktifkan atau sertifikat harus ditandai "
"sebagai terpercaya. Untuk menonaktifkan validasi sertifikat self-signed, set "
"``insecure = False`` di bagian ``[filter: authtoken]`` di file ``/etc/nova/"
"api.paste.ini``. Pengaturan ini juga menonaktifkan sertifikat untuk komponen "
"lainnya."
msgid "Client->API Process *[TLS]*:"
msgstr "Client->API Process *[TLS]*:"
msgid ""
"Clients' configuration data for authentication and authorization can be "
"stored by :ref:`security services <shared_fs_security_services>`. Such "
"protocols as LDAP, Kerberos, or Microsoft Active Directory authentication "
"service can be configured and used."
msgstr ""
"Data konfigurasi klien untuk otentikasi dan otorisasi dapat disimpan oleh :"
"ref:`security services <shared_fs_security_services>`. Protokol seperti "
"layanan otentikasi LDAP, Kerberos, atau Microsoft Active Directory dapat "
"dikonfigurasi dan digunakan."
msgid "Cloud admin"
msgstr "Cloud admin"
msgid ""
"Cloud administrators must define a user with the role of admin for each "
"service, as described in the `OpenStack Administrator Guide <https://docs."
"openstack.org/admin-guide/index.html>`__. This service account provides the "
"service with the authorization to authenticate users."
msgstr ""
"Administrator awan harus menentukan pengguna dengan peran admin untuk setiap "
"layanan, seperti yang dijelaskan di `OpenStack Administrator Guide <https://"
"docs.openstack.org/admin-guide/index.html>`__. Akun layanan ini menyediakan "
"layanan dengan otorisasi untuk mengotentikasi pengguna."
msgid ""
"Cloud administrators will use the administrative APIs to manage resource "
"quotas."
msgstr ""
"Cloud administrator akan menggunakan API administratif untuk mengelola kuota "
"sumber daya."
msgid "Cloud types"
msgstr "Tipe awan"
msgid "Cloud user"
msgstr "Cloud user"
msgid ""
"Clouds without stringent compliance requirements for written documentation "
"might benefit from having a Configuration Management Database (CMDB). CMDBs "
"are normally used for hardware asset tracking and overall life-cycle "
"management. By leveraging a CMDB, an organization can quickly identify cloud "
"infrastructure hardware such as compute nodes, storage nodes, or network "
"devices. A CMDB can assist in identifying assets that exist on the network "
"which may have vulnerabilities due to inadequate maintenance, inadequate "
"protection, or being displaced and forgotten. An OpenStack provisioning "
"system can provide some basic CMDB functions if the underlying hardware "
"supports the necessary auto-discovery features."
msgstr ""
"Awan (Cloud) tanpa persyaratan kepatuhan yang ketat untuk dokumentasi "
"tertulis mungkin akan mendapat manfaat dari memiliki Configuration "
"Management Database (CMDB). CMDB biasanya digunakan untuk pelacakan aset "
"perangkat keras dan pengelolaan siklus hidup secara keseluruhan. Dengan "
"memanfaatkan CMDB, sebuah organisasi dapat dengan cepat mengidentifikasi "
"perangkat keras infrastruktur awan seperti komputasi node, node penyimpanan, "
"atau perangkat jaringan. CMDB dapat membantu mengidentifikasi aset yang ada "
"pada jaringan yang mungkin memiliki kerentanan karena pemeliharaan yang "
"tidak memadai, perlindungan yang tidak memadai, atau dipindahkan dan "
"dilupakan. Sistem provisioning OpenStack dapat menyediakan beberapa fungsi "
"dasar CMDB jika perangkat keras yang mendasari mendukung fitur penemuan "
"otomatis yang diperlukan."
msgid ""
"Cody Bunch is a Private Cloud architect with Rackspace. Cody has co-authored "
"an update to \"The OpenStack Cookbook\" as well as books on VMware "
"automation."
msgstr ""
"Cody Bunch adalah arsitek Private Cloud dengan Rackspace. Cody telah turut "
"menulis pembaruan untuk \"The OpenStack Cookbook\" dan juga buku tentang "
"otomatisasi VMware."
msgid ""
"Collection of containers; not user accounts or authentication. Which users "
"are associated with the account and how they may access it depends on the "
"authentication system used. See :ref:`Object_Storage_authentication`."
msgstr ""
"Koleksi kontainer; bukan akun pengguna atau autentikasi. Pengguna mana yang "
"terkait dengan akun dan bagaimana mereka dapat mengaksesnya bergantung pada "
"sistem autentikasi yang digunakan. Lihat :ref: "
"`Object_Storage_authentication`."
msgid ""
"Collection of objects. Metadata on the container is available for ACLs. The "
"meaning of ACLs is dependent on the authentication system used."
msgstr ""
"Koleksi obyek. Metadata pada kontainer tersedia untuk ACL. Arti ACL "
"tergantung pada sistem otentikasi yang digunakan."
msgid ""
"Combining configuration management and security auditing tools creates a "
"powerful combination. The auditing tools will highlight deployment concerns. "
"And the configuration management tools simplify the process of changing each "
"system to address the audit concerns. Used together in this fashion, these "
"tools help to maintain a cloud that satisfies security requirements ranging "
"from basic hardening to compliance validation."
msgstr ""
"Menggabungkan alat manajemen konfigurasi dan keamanan audit menciptakan "
"kombinasi yang hebat. Alat audit akan menyoroti masalah penerapan. Dan alat "
"manajemen konfigurasi menyederhanakan proses perubahan setiap sistem untuk "
"mengatasi masalah audit. Digunakan bersamaan dengan cara ini, alat ini "
"membantu menjaga awan yang memenuhi persyaratan keamanan mulai dari "
"pengerasan (hardening) dasar sampai validasi kepatuhan."
msgid ""
"Command line interface to interact with the Shared File Systems service via "
"``manila-api`` and also a Python module to interact programmatically with "
"the Shared File Systems service."
msgstr ""
"Antarmuka command line untuk berinteraksi dengan layanan Shared File Systems "
"melalui ``manila-api`` dan juga modul Python untuk berinteraksi secara "
"terprogram dengan layanan Shared File Systems."
msgid "Commercial standards"
msgstr "Standar komersial"
msgid "Common Criteria"
msgstr "Kriteria Umum"
msgid ""
"Common Criteria is an internationally standardized software evaluation "
"process, used by governments and commercial companies to validate software "
"technologies perform as advertised. In the government sector, NSTISSP No. 11 "
"mandates that U.S. Government agencies only procure software which has been "
"Common Criteria certified, a policy which has been in place since July 2002."
msgstr ""
"Kriteria umum adalah proses evaluasi perangkat lunak yang distandarkan "
"secara internasional, yang digunakan oleh pemerintah dan perusahaan "
"komersial untuk memvalidasi kinerja teknologi perangkat lunak seperti yang "
"diiklankan. Di sektor pemerintah, NSTISSP No. 11 mengamanatkan bahwa "
"instansi Pemerintah A.S. hanya menyediakan perangkat lunak yang telah "
"disertifikasi oleh Common Criteria (kriteria umum), sebuah kebijakan yang "
"telah ada sejak Juli 2002."
msgid "Common control frameworks"
msgstr "Kerangka kerja kontrol yang umum"
msgid "Common criteria"
msgstr "Kriteria umum (Common Criteria)"
msgid ""
"Common feature that applications use to provide users a convenience is to "
"cache the password locally in the browser (on the client machine) and having "
"it 'pre-typed' in all subsequent requests. While this feature can be "
"perceived as extremely friendly for the average user, at the same time, it "
"introduces a flaw, as the user account becomes easily accessible to anyone "
"that uses the same account on the client machine and thus may lead to "
"compromise of the user account."
msgstr ""
"Fitur umum yang digunakan untuk memberikan kenyamanan bagi pengguna adalah "
"meng-cache kata sandi secara lokal di browser (di mesin klien) dan "
"memilikinya 'pre-typed'' di semua permintaan berikutnya. Meskipun fitur ini "
"dapat dianggap sangat ramah bagi pengguna rata-rata, pada saat bersamaan, ia "
"memperkenalkan kekurangan, karena akun pengguna mudah diakses oleh siapa "
"saja yang menggunakan akun yang sama di mesin klien dan karenanya dapat "
"menyebabkan kompromi terhadap akun pengguna."
msgid ""
"Common solutions for providing rate-limiting are :term:`Nginx`, HAProxy, "
"OpenRepose, or Apache Modules such as mod_ratelimit, mod_qos, or "
"mod_security."
msgstr ""
"Solusi umum untuk memberikan rate-limiting adalah :term:`Nginx`, HAProxy, "
"OpenRepose, atau Modul Apache seperti mod_ratelimit, mod_qos, atau "
"mod_security."
msgid ""
"Commonly, implementers add middleware to extend OpenStack's base "
"functionality. We recommend implementers make careful consideration of the "
"potential exposure introduced by the addition of non-standard software "
"components to their HTTP request pipeline."
msgstr ""
"Umumnya, pelaksana menambahkan middleware untuk memperluas fungsionalitas "
"dasar OpenStack. Sebaiknya pelaksana membuat pertimbangan cermat terhadap "
"paparan potensial yang diperkenalkan oleh penambahan komponen perangkat "
"lunak non-standar ke pipeline permintaan HTTP mereka."
msgid "Community cloud"
msgstr "Awan komunitas"
msgid ""
"Compared to PKI and PKIZ tokens, fernet tokens are smaller in size; usually "
"kept under a 250 byte limit. For PKI and PKIZ tokens, bigger service "
"catalogs will result in longer token lengths. This pattern does not exist "
"with fernet tokens because the contents of the encrypted payload is kept to "
"minimum."
msgstr ""
"Dibandingkan token PKI dan PKIZ, token fernet berukuran lebih kecil; "
"Biasanya disimpan di bawah batas 250 byte. Untuk token PKI dan PKIZ, katalog "
"layanan yang lebih besar akan menghasilkan panjang token yang lebih panjang. "
"Pola ini tidak ada dengan token fernet karena isi muatan terenkripsi dijaga "
"seminimal mungkin."
msgid "Compartmentalize"
msgstr "Kompartementalisasi"
msgid "Compiler hardening"
msgstr "Pengerasan kompilator"
msgid ""
"Compiler hardening makes it more difficult to attack the QEMU process. "
"However, if an attacker does succeed, you want to limit the impact of the "
"attack. Mandatory access controls accomplish this by restricting the "
"privileges on QEMU process to only what is needed. This can be accomplished "
"by using sVirt, SELinux, or AppArmor. When using sVirt, SELinux is "
"configured to run each QEMU process under a separate security context. "
"AppArmor can be configured to provide similar functionality. We provide more "
"details on sVirt and instance isolation in the section below :ref:`hardening-"
"the-virtualization-layers-svirt-selinux-and-virtualization`."
msgstr ""
"Pengerasan kompilator membuatnya lebih sulit untuk menyerang proses QEMU. "
"Namun, jika penyerang berhasil, Anda ingin membatasi dampak serangan "
"tersebut. Kontrol akses wajib melakukan hal ini dengan membatasi hak "
"istimewa pada proses QEMU hanya dengan apa yang dibutuhkan. Hal ini bisa "
"dilakukan dengan menggunakan sVirt, SELinux, atau AppArmor. Saat menggunakan "
"sVirt, SELinux dikonfigurasi untuk menjalankan setiap proses QEMU di bawah "
"konteks keamanan yang terpisah. AppArmor dapat dikonfigurasi untuk "
"menyediakan fungsionalitas serupa. Kami memberikan rincian lebih lanjut "
"tentang isolasi sVirt dan instance di bagian di bawah ini :ref:`hardening-"
"the-virtualization-layers-svirt-selinux-and-virtualization`."
msgid "Compliance"
msgstr "Kepatuhan"
msgid "Compliance activities"
msgstr "Aktivitas Kepatuhan"
msgid ""
"Compliance and security are not exclusive, and must be addressed together. "
"OpenStack deployments are unlikely to satisfy compliance requirements "
"without security hardening. The listing below provides an OpenStack "
"architect foundational knowledge and guidance to achieve compliance against "
"commercial and government certifications and standards."
msgstr ""
"Kepatuhan dan keamanan tidak eksklusif, dan harus diatasi bersama. Penerapan "
"OpenStack tidak mungkin memenuhi persyaratan kepatuhan tanpa pengerasan "
"keamanan. Daftar di bawah ini memberi pengetahuan dan panduan dasar bagi "
"para pendiri OpenStack untuk mendapatkan kepatuhan terhadap standar dan "
"sertifikasi pemerintah dan komersial."
msgid "Compliance maintenance"
msgstr "Pemeliharaan Kepatuhan"
msgid "Compliance overview"
msgstr "Ikhtisar Kepatuhan"
msgid "Components"
msgstr "Komponen"
msgid ""
"Components, services, and applications within the OpenStack ecosystem or "
"dependencies of OpenStack are implemented or can be configured to use TLS "
"libraries. The TLS and HTTP services within OpenStack are typically "
"implemented using OpenSSL which has a module that has been validated for "
"FIPS 140-2. However, keep in mind that each application or service can still "
"introduce weaknesses in how they use the OpenSSL libraries."
msgstr ""
"Komponen, layanan, dan aplikasi dalam ekosistem OpenStack atau dependensi "
"OpenStack diimplementasikan atau dapat dikonfigurasi untuk menggunakan "
"perpustakaan TLS. Layanan TLS dan HTTP dalam OpenStack biasanya "
"diimplementasikan dengan menggunakan OpenSSL yang memiliki modul yang telah "
"divalidasi untuk FIPS 140-2. Namun, perlu diingat bahwa setiap aplikasi atau "
"layanan masih dapat mengenalkan kelemahan dalam bagaimana mereka menggunakan "
"perpustakaan OpenSSL."
msgid ""
"Comprehensive privacy management requires significant preparation, thought "
"and investment. Additional complications are introduced when building global "
"OpenStack clouds, for example navigating the differences between U.S. and "
"more restrictive E.U. privacy laws. In addition, extra care needs to be "
"taken when dealing with sensitive PII that may include information such as "
"credit card numbers or medical records. This sensitive data is not only "
"subject to privacy laws but also regulatory and governmental regulations. By "
"deferring to established best practices, including those published by "
"governments, a holistic privacy management policy may be created and "
"practiced for OpenStack deployments."
msgstr ""
"Manajemen privasi yang komprehensif memerlukan persiapan, pemikiran dan "
"investasi yang signifikan. Komplikasi tambahan diperkenalkan saat membangun "
"awan OpenStack global, misalnya menavigasi perbedaan hukum privasi antara A."
"S. dan E.U yang lebih ketat. Selain itu, perhatian ekstra perlu dilakukan "
"saat menangani PII sensitif yang mungkin mencakup informasi seperti nomor "
"kartu kredit atau catatan medis. Data sensitif ini tidak hanya tunduk pada "
"hukum privasi tapi juga regulasi dan peraturan pemerintah. Dengan menunda "
"praktik terbaik yang telah ditetapkan, termasuk yang dipublikasikan oleh "
"pemerintah, kebijakan pengelolaan privasi holistik dapat dibuat dan "
"dipraktekkan untuk penerapan OpenStack."
msgid "Compute"
msgstr "Compute"
msgid ""
"Compute API SSL endpoint in Apache, which you must pair with a short WSGI "
"script."
msgstr ""
"Komputasi endpoint SSL API di Apache, yang harus Anda pasangkan dengan skrip "
"WSGI singkat."
msgid "Compute API endpoints"
msgstr "Compute API endpoints"
msgid "Compute instance ephemeral filesystem storage"
msgstr "Komputasi instance penyimpanan filesystem fana"
msgid "Compute instance ephemeral storage"
msgstr "Komputasi instance penyimpanan sementara"
msgid "Compute instance memory"
msgstr "Komputasi memori instance"
msgid ""
"Compute instances store and retrieve block storage via industry-standard "
"storage protocols such as iSCSI, ATA over Ethernet, or Fibre-Channel. These "
"resources are managed and configured via OpenStack native standard HTTP "
"RESTful API. For more details on the API see the `OpenStack Block Storage "
"documentation <http://developer.openstack.org/api-ref-blockstorage-v2."
"html>`__."
msgstr ""
"Menghitung instance menyimpan dan mengambil penyimpanan blok melalui "
"protokol penyimpanan industry-standard seperti iSCSI, ATA over Ethernet, "
"atau Fiber-Channel. Sumber daya ini dikelola dan dikonfigurasi melalui "
"OpenStack native standard HTTP RESTful API. Untuk detail lebih lanjut "
"tentang API lihat `OpenStack Block Storage documentation <http://developer."
"openstack.org/api-ref-blockstorage-v2.html> `__."
msgid ""
"Compute security is critical for an OpenStack deployment. Hardening "
"techniques should include support for strong instance isolation, secure "
"communication between Compute sub-components, and resiliency of public-"
"facing API endpoints."
msgstr ""
"Keamanan Compute sangat penting untuk pengerahan OpenStack. Teknik "
"pengerasan (hardening) harus mencakup dukungan untuk isolasi instance yang "
"kuat, komunikasi yang aman antara sub-komponen Compute, dan ketahanan "
"endpoint API yang dihadapi publik."
msgid "Compute soft delete feature"
msgstr "Komputasi fitur penghapusan soft"
msgid "Compute, storage, or other resource nodes"
msgstr "Compute, storage, atau node sumber daya lainnya"
msgid ""
"Computer Security Resource Centre. Guide to Security for Full Virtualization "
"Technologies. 2011. `http://csrc.nist.gov/publications/nistpubs/800-125/"
"SP800-125-final.pdf <http://csrc.nist.gov/publications/nistpubs/800-125/"
"SP800-125-final.pdf>`_"
msgstr ""
"Computer Security Resource Centre. Guide to Security for Full Virtualization "
"Technologies. 2011. `http://csrc.nist.gov/publications/nistpubs/800-125/"
"SP800-125-final.pdf <http://csrc.nist.gov/publications/nistpubs/800-125/"
"SP800-125-final.pdf>`_"
msgid ""
"Confidentiality Failure Impact: An attacker could add new tasks to the queue "
"which would be executed by workers. User quotas could be exhausted by an "
"attacker. DoS. User would be unable to create genuine secrets."
msgstr ""
"Confidentiality Failure Impact: Seorang penyerang bisa menambahkan tugas "
"baru ke antrian yang akan dilakukan oleh pekerja. Kuota pengguna bisa habis "
"oleh penyerang. DoS. Pengguna tidak akan bisa menciptakan rahasia asli."
msgid ""
"Confidentially Failure Impact: A malicious user might be able to abuse other "
"OpenStack services (depending on keystone role configurations) but barbican "
"is unaffected. If the service account for token validation also has barbican "
"admin privileges, then a malicious user could manipulate barbican admin "
"functions."
msgstr ""
"Confidentially Failure Impact: Pengguna jahat mungkin dapat menyalahgunakan "
"layanan OpenStack lainnya (tergantung pada konfigurasi peran keystone) namun "
"barbican tidak terpengaruh. Jika akun layanan untuk validasi token juga "
"memiliki hak adminican admin, maka pengguna jahat dapat memanipulasi fungsi "
"admin barbican."
msgid "Config option"
msgstr "Opsi konfig"
msgid "Configuration and hardening"
msgstr "Konfigurasi dan pengerasan"
msgid "Configuration example #1: (MySQL)"
msgstr "Configuration example #1: (MySQL)"
msgid "Configuration example #1: nova"
msgstr "Contoh konfigurasi #1: nova"
msgid "Configuration example #2: (PostgreSQL)"
msgstr "Configuration example #2: (PostgreSQL)"
msgid "Configuration example #2: cinder"
msgstr "Contoh konfigurasi #2: cinder"
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues causing a "
"denial of service to the other end users. Thus user and group ownership of "
"such critical configuration files must be set to that component owner."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tanpa sengaja memodifikasi atau menghapus parameter atau "
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang menyebabkan "
"penolakan layanan kepada pengguna akhir lainnya. Dengan demikian kepemilikan "
"pengguna dan kelompok dari file konfigurasi kritis tersebut harus ditetapkan "
"ke pemilik komponen tersebut."
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues causing a "
"denial of service to the other end users. Thus user ownership of such "
"critical configuration files must be set to root and group ownership must be "
"set to horizon."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tanpa sengaja memodifikasi atau menghapus parameter atau "
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang menyebabkan "
"penolakan layanan kepada end user lainnya. Dengan demikian kepemilikan "
"pengguna terhadap file konfigurasi kritis tersebut harus disetel ke "
"kepemilikan root dan grup harus disetel ke horizon."
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues causing a "
"denial of service to the other end users. Thus user ownership of such "
"critical configuration files must be set to root and group ownership must be "
"set to neutron."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tanpa sengaja memodifikasi atau menghapus parameter atau "
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang menyebabkan "
"penolakan layanan kepada pengguna akhir lainnya. Dengan demikian kepemilikan "
"pengguna terhadap file konfigurasi kritis tersebut harus diset ke root "
"(akar) dan kepemilikan kelompok harus disetel ke neutron."
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally, modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues causing a "
"denial of service to the other end users. User ownership of such critical "
"configuration files must be set to ``root`` and group ownership must be set "
"to ``nova``."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
"file itu sendiri, maka hal itu akan menyebabkan masalah ketersediaan parah "
"yang menyebabkan penolakan layanan kepada end user lainnya. Kepemilikan "
"pengguna terhadap file konfigurasi kritis tersebut harus disetel ke ``root`` "
"dan kepemilikan grup harus disetel ke ``nova``."
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally, modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues resulting in "
"a denial of service to the other end users. Therefore, user ownership of "
"such critical configuration files must be set to ``root`` and group "
"ownership must be set to ``glance``."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
"file itu sendiri, maka hal itu akan menyebabkan masalah ketersediaan yang "
"mengakibatkan penolakan layanan kepada end user lainnya. Oleh karena itu, "
"kepemilikan pengguna atas file konfigurasi kritis tersebut harus disetel ke "
"``root`` dan kepemilikan grup harus disetel ke ``glance``."
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally, modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues resulting in "
"a denial of service to the other end users. Thus user ownership of such "
"critical configuration files must be set to root and group ownership must be "
"set to cinder."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
"file itu sendiri, maka hal itu akan menyebabkan masalah ketersediaan yang "
"mengakibatkan penolakan layanan kepada end user lainnya. Dengan demikian "
"kepemilikan pengguna terhadap file konfigurasi kritis tersebut harus disetel "
"ke kepemilikan root dan grup harus disetel ke cinder."
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally, modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues resulting in "
"a denial of service to the other end users. Thus user ownership of such "
"critical configuration files must be set to root and group ownership must be "
"set to manila."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang "
"mengakibatkan penolakan layanan kepada pengguna akhir lainnya. Dengan "
"demikian kepemilikan pengguna terhadap file konfigurasi kritis tersebut "
"harus diset ke akar dan kepemilikan kelompok harus disetel ke manila."
msgid ""
"Configuration files contain critical parameters and information required for "
"smooth functioning of the component. If an unprivileged user, either "
"intentionally or accidentally, modifies or deletes any of the parameters or "
"the file itself then it would cause severe availability issues resulting in "
"a denial of service to the other end users. User ownership of such critical "
"configuration files must be set to root and group ownership must be set to "
"barbican."
msgstr ""
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang "
"mengakibatkan penolakan layanan kepada end user lainnya. Kepemilikan "
"pengguna terhadap file konfigurasi kritis tersebut harus disetel ke "
"kepemilikan root dan grup harus disetel ke barbican."
msgid "Configuration management"
msgstr "Manajemen konfigurasi"
msgid ""
"Configuration management and security auditing tools will introduce another "
"layer of complexity into the cloud. This complexity brings additional "
"security concerns with it. We view this as an acceptable risk trade-off, "
"given their security benefits. Securing the operational use of these tools "
"is beyond the scope of this guide."
msgstr ""
"Alat manajemen konfigurasi dan keamanan audit akan mengenalkan lapisan "
"kompleksitas lain ke dalam awan. Kompleksitas ini membawa masalah keamanan "
"tambahan dengannya. Kami menganggap ini sebagai trade-off risiko yang dapat "
"diterima, mengingat manfaat keamanan mereka. Mengamankan penggunaan "
"operasional alat ini berada di luar cakupan panduan ini."
msgid "Configuration options"
msgstr "Pilihan konfigurasi"
msgid "Configure Apache to use a Federation capable authentication method."
msgstr ""
"Mengkonfigurasi Apache untuk menggunakan metode otentikasi yang mampu dengan "
"Federation."
msgid ""
"Configure HTTP requests to the dashboard domain to redirect to the fully "
"qualified HTTPS URL."
msgstr ""
"Konfigurasikan permintaan HTTP ke domain dasbor untuk mengalihkan ke URL "
"HTTPS yang memenuhi syarat."
msgid "Configure applications for internal URLs"
msgstr "Konfigurasikan aplikasi untuk URL internal"
msgid "Configure internal URLs in the Identity service catalog"
msgstr "Konfigurasikan URL internal dalam katalog layanan Identitas"
msgid ""
"Configure the Identity service virtual host and adjust the config to "
"properly handle SAML2 workflow."
msgstr ""
"Konfigurasikan virtual host layanan Identity dan sesuaikan konfigurasi agar "
"benar menangani alur kerja SAML2."
msgid ""
"Configure the ``ALLOWED_HOSTS`` setting with the fully qualified host "
"name(s) that are served by the OpenStack dashboard. Once this setting is "
"provided, if the value in the \"Host:\" header of an incoming HTTP request "
"does not match any of the values in this list an error will be raised and "
"the requestor will not be able to proceed. Failing to configure this option, "
"or the use of wild card characters in the specified host names, will cause "
"the dashboard to be vulnerable to security breaches associated with fake "
"HTTP Host headers."
msgstr ""
"Konfigurasikan pengaturan ``ALLOWED_HOSTS` dengan nama host yang memenuhi "
"syarat yang dilayani oleh dasbor OpenStack. Setelah pengaturan ini "
"diberikan, jika nilai pada header \"Host:\" dari permintaan HTTP yang masuk "
"tidak sesuai dengan salah satu nilai dalam daftar ini, kesalahan akan "
"diajukan dan peminta tidak dapat melanjutkan. Gagal mengkonfigurasi opsi "
"ini, atau penggunaan karakter wild card dalam nama host yang ditentukan, "
"akan menyebabkan dasbor rentan terhadap pelanggaran keamanan yang terkait "
"dengan header Host HTTP palsu."
msgid ""
"Configure your Service Provider by editing ``/etc/shibboleth/shibboleth2."
"xml``."
msgstr ""
"Konfigurasikan Service Provider Anda dengan mengedit ``/etc/shibboleth/"
"shibboleth2.xml``."
msgid ""
"Configure your web server to send a restrictive CORS header with each "
"response, allowing only the dashboard domain and protocol:"
msgstr ""
"Konfigurasikan server web Anda untuk mengirim header CORS yang terbatas "
"dengan setiap respons, sehingga hanya mengizinkan protokol dan domain dasbor:"
msgid "Configuring Federation"
msgstr "Mengkonfigurasi Federation"
msgid "Configuring Identity service for Federation"
msgstr "Mengkonfigurasi layanan Identity untuk Federation"
msgid ""
"Configuring TLS servers for perfect forward secrecy requires careful "
"planning around key size, session IDs, and session tickets. In addition, for "
"multi-server deployments, shared state is also an important consideration. "
"The example configurations for Apache and :term:`Nginx` above disable the "
"session tickets options to help mitigate some of these concerns. Real-world "
"deployments may desire to enable this feature for improved performance. This "
"can be done securely, but would require special consideration around key "
"management. Such configurations are beyond the scope of this guide. We "
"suggest reading `How to botch TLS forward secrecy by ImperialViolet <https://"
"www.imperialviolet.org/2013/06/27/botchingpfs.html>`_ as a starting place "
"for understanding the problem space."
msgstr ""
"Mengkonfigurasi server TLS untuk kerahasiaan baik yang sempurna memerlukan "
"perencanaan yang hati-hati seputar ukuran kunci, ID sesi, dan tiket sesi. "
"Selain itu, untuk penyebaran multi-server, shared state (keadaan berbagi) "
"juga merupakan pertimbangan penting. Contoh konfigurasi untuk Apache dan :"
"term:`Nginx` di atas menonaktifkan pilihan tiket sesi untuk membantu "
"mengurangi beberapa masalah ini. Penyebaran dunia nyata mungkin ingin "
"mengaktifkan fitur ini untuk meningkatkan kinerja. Hal ini dapat dilakukan "
"dengan aman, namun memerlukan pertimbangan khusus seputar manajemen kunci. "
"Konfigurasi seperti itu berada di luar jangkauan panduan ini. Kami "
"menyarankan untuk membaca `How to botch TLS forward secrecy by "
"ImperialViolet <https://www.imperialviolet.org/2013/06/27/botchingpfs."
"html>`_ sebagai tempat awal untuk memahami masalah ruang."
msgid ""
"Consider the supportability of the hardware on which the software will run. "
"Additionally, consider the additional features available in the hardware and "
"how those features are supported by the software you choose."
msgstr ""
"Pertimbangkan dukungan perangkat keras yang akan dijalankan perangkat lunak. "
"Selain itu, pertimbangkan fitur tambahan yang tersedia di perangkat keras "
"dan bagaimana fitur tersebut didukung oleh perangkat lunak yang Anda pilih."
msgid ""
"Considered by this guide as the most capable adversary. Intelligence "
"services and other state actors can bring tremendous resources to bear on a "
"target. They have capabilities beyond that of any other actor. It is very "
"difficult to defend against these actors without incredibly stringent "
"controls in place, both human and technical."
msgstr ""
"Dianggap oleh panduan ini sebagai musuh yang paling cakap. Layanan intelijen "
"(intelligence service) dan aktor negara lainnya dapat membawa sumber daya "
"yang luar biasa untuk menghasilkan target. Mereka memiliki kemampuan di luar "
"kemampuan aktor lainnya. Sangat sulit untuk mempertahankan diri terhadap "
"aktor-aktor ini tanpa kontrol yang sangat ketat, baik manusia maupun teknis."
msgid "Container service"
msgstr "Layanan Container"
msgid ""
"Contains information about a user as provided by an IdP. It is an indication "
"that a user has been authenticated."
msgstr ""
"Berisi informasi tentang pengguna seperti yang diberikan oleh IdP. Ini "
"adalah indikasi bahwa pengguna telah diautentikasi."
msgid ""
"Contains information that dictates which Mapping rules to use for an "
"incoming request made by an IdP. An IdP may support multiple protocols. "
"There are three major protocols for :term:`federated identity`: OpenID, "
"SAML, and OAuth."
msgstr ""
"Berisi informasi yang menentukan aturan Mapping yang akan digunakan untuk "
"permintaan masuk yang dilakukan oleh IdP. IdP dapat mendukung beberapa "
"protokol. Ada tiga protokol utama untuk :term:`federated identity`: OpenID, "
"SAML, dan OAuth."
msgid "Contents"
msgstr "Isi"
msgid "Context"
msgstr "Context"
msgid "Continuous systems management"
msgstr "Manajemen sistem kontinu"
msgid "Control plane"
msgstr "Control plane"
msgid "Control selection:"
msgstr "Pilihan kontrol:"
msgid "Control tailoring:"
msgstr "Kontrol menyesuaikan:"
msgid "Controller network access to clusters"
msgstr "Akses jaringan pengontrol ke cluster"
msgid "Cookies"
msgstr "Cookies"
msgid ""
"Copy the ``httpd/wsgi-keystone.conf`` file to the appropriate location for "
"your Apache server, for example, ``/etc/httpd/conf.d/wsgi-keystone.conf`` "
"file."
msgstr ""
"Salin file ``httpd/wsgi-keystone.conf`` ke lokasi yang sesuai untuk server "
"Apache Anda, misalnya, file ``/etc/httpd/conf.d/wsgi-keystone.conf``."
msgid ""
"Core Root of Trust Measurement (CRTM), BIOS code, Host platform extensions"
msgstr ""
"Core Root of Trust Measurement (CRTM), BIOS code, Host platform extensions"
msgid "Create Identity groups and assign roles."
msgstr "Buat kelompok Identity dan tetapkan peran."
msgid "Create a VM:"
msgstr "Buat VM:"
msgid ""
"Create a new region for the :term:`service provider`, for example, create a "
"new region with an ``ID`` of BETA, and ``URL`` of https://beta.com/"
"Shibboleth.sso/SAML2/POST. This URL will be used when creating a :term:`SAML "
"assertion` for BETA, and signed by the current keystone Identity Provider."
msgstr ""
"Buat wilayah baru untuk :term:`service provider`, misalnya, membuat daerah "
"baru dengan ``ID`` dari BETA, dan ``URL`` dari https://beta.com/Shibboleth."
"sso/SAML2/POST. URL ini akan digunakan saat membuat :term:`SAML assertion` "
"untuk BETA, dan ditandatangani oleh Identity Provider keystone saat ini."
msgid "Create a region for the Service Provider"
msgstr "Buat wilayah untuk Service Provider"
msgid "Create an encrypted volume and attach it to your VM:"
msgstr "Buat volume terenkripsi dan tempelkan ke VM Anda:"
msgid ""
"Create and manage security groups through dashboard. The security groups "
"allows L3-L4 packet filtering for security policies to protect virtual "
"machines."
msgstr ""
"Buat dan kelola grup keamanan melalui dasbor. Kelompok keamanan memungkinkan "
"penyaringan paket L3-L4 untuk kebijakan keamanan guna melindungi mesin "
"virtual."
msgid ""
"Create the Federation extension tables if using the provided SQL back end. "
"For example:"
msgstr ""
"Buat tabel ekstensi Federation jika menggunakan SQL back yang disediakan. "
"Sebagai contoh:"
msgid ""
"Create the directory ``/var/www/cgi-bin/keystone/``. Then link the files "
"``main`` and ``admin`` to the ``keystone.py`` file in this directory."
msgstr ""
"Buat direktori ``/var/www/cgi-bin/keystone/``. Kemudian tautkan file "
"``main`` dan ``admin`` ke file ``keystone.py`` di direktori ini."
msgid ""
"Creating unique database user accounts per OpenStack service endpoint "
"(illustrated below)"
msgstr ""
"Membuat akun pengguna database unik per endpoint layanan OpenStack "
"(diilustrasikan di bawah)"
msgid ""
"Creation and usage of encrypted LVM ephemeral disks (note: At this time "
"OpenStack Compute service only supports encrypting ephemeral disks in the "
"LVM format)"
msgstr ""
"Penciptaan dan penggunaan disk fana LVM yang dienkripsi (catatan: Saat ini "
"layanan OpenStack Compute hanya mendukung penyandian disk fana dalam format "
"LVM)"
msgid ""
"Creation and usage of encrypted volume types, initiated through the "
"dashboard or a command line interface"
msgstr ""
"Penciptaan dan penggunaan tipe volume terenkripsi, dimulai melalui dasbor "
"atau antarmuka command line."
msgid "Critical"
msgstr "Critical"
msgid "Critical / high"
msgstr "Critical / high"
msgid "Cross Origin Resource Sharing (CORS)"
msgstr "Cross Origin Resource Sharing (CORS)"
msgid "Cross Site Request Forgery (CSRF)"
msgstr "Cross Site Request Forgery (CSRF)"
msgid "Cross Site Scripting (XSS)"
msgstr "Cross Site Scripting (XSS)"
msgid "Cross-Frame Scripting (XFS)"
msgstr "Cross-Frame Scripting (XFS)"
msgid "Crypto plugins"
msgstr "Plugin kripto"
msgid ""
"Crypto plugins store secrets as encrypted blobs within the Barbican "
"database. The plugin is invoked to encrypt the secret on secret storage, and "
"decrypt the secret on secret retrieval. There are two flavors of storage "
"plugins currently available: the Simple Crypto plugin and the PKCS#11 crypto "
"plugin."
msgstr ""
"Plugin Crypto menyimpan rahasia sebagai gumpalan terenkripsi di dalam "
"database Barbican. Plugin ini dipanggil untuk mengenkripsi rahasia pada "
"penyimpanan rahasia, dan mendekripsi rahasia pada pengambilan kembali secara "
"rahasia. Ada dua atribut plugin penyimpanan yang tersedia saat ini: plugin "
"Simple Crypto dan plugin kripto PKCS # 11."
msgid "Cryptographic algorithms, cipher modes, and protocols"
msgstr "Algoritma kriptografi, mode cipher, dan protokol"
msgid "Cryptographic separation of external and internal environments"
msgstr "Pemisahan kriptografi lingkungan eksternal dan internal"
msgid "Cryptography standards"
msgstr "Standar kriptografi"
msgid ""
"Currently, Barbican is the only available back-end for Castellan. There are, "
"however, several back-ends that are being developed, including KMIP, Dogtag, "
"Hashicorp Vault and Custodia. For those deployers who do not wish to deploy "
"Barbican and have relatively simple key management needs, using one of these "
"back-ends could be a viable alternative. What would be lacking though is "
"multi-tenancy and tenant-policy enforcement when retrieving the secrets, as "
"well as any of the extra features mentioned above."
msgstr ""
"Saat ini, Barbican adalah satu-satunya back-end yang tersedia untuk "
"Castellan. Namun ada beberapa back-end yang sedang dikembangkan, termasuk "
"KMIP, Dogtag, Hashicorp Vault and Custodia. Bagi para pelaksana yang tidak "
"ingin menerapkan Barbican dan memiliki kebutuhan pengelolaan kunci yang "
"relatif sederhana, gunakan salah satu dari back-end ini bisa menjadi "
"alternatif yang tepat. Bagaimanapun ada yang kurang seperti penegakan tenant-"
"policy dan multi-tenancy ketika mengambil rahasia, serta fitur tambahan yang "
"disebutkan di atas."
msgid ""
"Currently, Vault and Custodia plugins are being developed for the Queens "
"cycle."
msgstr ""
"Saat ini, plugin Vault dan Custodia sedang dikembangkan untuk siklus Queens."
msgid ""
"Currently, the CLI supports the Enhanced Client or Proxy (ECP), (the non-"
"browser) support for ``keystoneclient`` from an API perspective. So, if you "
"are using the ``keystoneclient``, you can create a client instance and use "
"the SAML authorization plugin. There is no support for dashboard available "
"presently. With the upcoming OpenStack releases, Federated Identity should "
"be supported with both CLI and the dashboard."
msgstr ""
"Saat ini, CLI mendukung Enhanced Client atau Proxy (ECP), (non-browser) "
"mendukung ``keystoneclient`` dari perspektif API. Jadi, jika Anda "
"menggunakan ``keystoneclient``, Anda dapat membuat instance klien dan "
"menggunakan plugin otorisasi SAML. Tidak ada dukungan untuk dasbor yang "
"tersedia saat ini. Dengan rilis OpenStack yang akan datang, Federated "
"Identity harus didukung dengan CLI dan dasbor."
msgid "Custom criteria"
msgstr "Kriteria khusus"
msgid "Custom network topologies"
msgstr "Topologi jaringan kustom"
msgid "DEB packages:"
msgstr "DEB packages:"
msgid "DHCP agent (*neutron-dhcp-agent*)"
msgstr "Agen DHCP (*neutron-dhcp-agent*)"
msgid "DNS services"
msgstr "DNS services"
msgid "DSA"
msgstr "DSA"
msgid "Dashboard"
msgstr "Dasbor"
msgid ""
"Dashboard indication of volume encryption status. Includes indication that a "
"volume is encrypted, and includes the encryption parameters such as "
"algorithm and key size"
msgstr ""
"Indikasi status enkripsi volume Dashboard. Termasuk indikasi bahwa volume "
"dienkripsi, dan termasuk parameter enkripsi seperti algoritma dan ukuran "
"kunci"
msgid ""
"Dashboard provides tools for developers to avoid creating XSS "
"vulnerabilities, but they only work if developers use them correctly. Audit "
"any custom dashboards, paying particular attention to use of the "
"``mark_safe`` function, use of ``is_safe`` with custom template tags, the "
"``safe`` template tag, anywhere auto escape is turned off, and any "
"JavaScript which might evaluate improperly escaped data."
msgstr ""
"Dasbor menyediakan alat bagi pengembang untuk menghindari kerentanan XSS, "
"namun hanya berfungsi jika pengembang menggunakannya dengan benar. Mengaudit "
"setiap dasbor kustom, memperhatikan penggunaan fungsi ``mark_safe``, "
"penggunaan ``is_safe`` dengan tag template khusus, tag template ``safe``, di "
"mana saja pelarian otomatis (auto escape) dimatikan, dan JavaScript apa pun "
"yang bisa mengevaluasi data lolos (escaped data) dengan tidak semestinya."
msgid ""
"Dashboard's default configuration uses `django_compressor <http://django-"
"compressor.readthedocs.org/>`_ to compress and minify CSS and JavaScript "
"content before serving it. This process should be statically done before "
"deploying the dashboard, rather than using the default in-request dynamic "
"compression and copying the resulting files along with deployed code or to "
"the CDN server. Compression should be done in a non-production build "
"environment. If this is not practical, we recommend disabling resource "
"compression entirely. Online compression dependencies (less, Node.js) should "
"not be installed on production machines."
msgstr ""
"Konfigurasi default dasbor menggunakan `django_compressor <http://django-"
"compressor.readthedocs.org/>`_ untuk memampatkan dan memperkecil isi CSS dan "
"JavaScript sebelum menayangkannya. Proses ini harus dilakukan secara statis "
"sebelum menerapkan dasbor, daripada menggunakan kompresi dinamis dalam "
"permintaan default dan menyalin file yang dihasilkan beserta kode yang "
"dikerahkan atau ke server CDN. Kompresi harus dilakukan di lingkungan "
"pembangun non produksi. Jika ini tidak praktis, sebaiknya nonaktifkan "
"kompresi sumber daya sepenuhnya. Ketergantungan kompresi online (less, Node."
"js) tidak boleh dipasang pada mesin produksi."
msgid "Data"
msgstr "Data"
msgid ""
"Data Classification defines a method for classifying and handling "
"information, often to protect customer information from accidental or "
"deliberate theft, loss, or inappropriate disclosure. Most commonly, this "
"involves classifying information as sensitive or non-sensitive, or as "
"personally identifiable information (PII). Depending on the context of the "
"deployment various other classifying criteria may be used (government, "
"health-care). The underlying principle is that data classifications are "
"clearly defined and in-use. The most common protective mechanisms include "
"industry standard encryption technologies."
msgstr ""
"Klasifikasi Data mendefinisikan metode untuk mengklasifikasi dan menangani "
"informasi, seringkali untuk melindungi informasi pelanggan dari pencurian, "
"kehilangan, atau pengungkapan yang tidak disengaja atau disengaja. Paling "
"umum, ini mengklasifikasikan informasi sebagai informasi sensitif atau tidak "
"sensitif, atau sebagai personally identifiable information (PII). Bergantung "
"pada konteks penerapan berbagai kriteria klasifikasi lainnya dapat digunakan "
"(government, health-care). Prinsip dasarnya adalah klasifikasi data "
"didefinisikan secara jelas dan digunakan. Mekanisme perlindungan yang paling "
"umum termasuk teknologi enkripsi standar industri."
msgid "Data asset impact analysis"
msgstr "Analisis dampak aset data"
msgid "Data assets"
msgstr "Aset data"
msgid ""
"Data assets are user data, high-value data, configuration items, "
"authorization tokens or other items that an attacker may target. The set of "
"data items will vary between projects, but in general it should be "
"considered as classes of data which are vital to the intended operation of "
"the project. The level of detail required is somewhat dependent on the "
"context. Data can usually be grouped, such as 'user data', 'secret data', or "
"'configuration files', but may be singular, like 'admin identity token' or "
"'user identity token', or 'database configuration file'."
msgstr ""
"Aset data adalah data pengguna, data bernilai tinggi, item konfigurasi, "
"token otorisasi atau item lain yang mungkin ditargetkan oleh penyerang. "
"Kumpulan item data akan bervariasi antar proyek, namun secara umum harus "
"dianggap sebagai kelas data yang sangat penting untuk pengoperasian proyek "
"yang dimaksud. Tingkat detail yang dibutuhkan agak tergantung pada "
"konteksnya. Data biasanya dapat dikelompokkan, seperti 'user data', 'secret "
"data', atau 'configuration files', namun mungkin tunggal, seperti 'admin "
"identity token' atau 'user identity token', atau 'database configuration "
"file'."
msgid ""
"Data assets should include a statement of where that asset is persisted."
msgstr "Aset data harus mencakup pernyataan di mana aset tersebut bertahan."
msgid "Data classification"
msgstr "Klasifikasi Data"
msgid "Data disposal"
msgstr "Pembuangan data"
msgid "Data encryption"
msgstr "Enkripsi data"
msgid "Data formats and transformations"
msgstr "Format dan transformasi data"
msgid "Data not securely erased"
msgstr "Data tidak terhapus secara aman"
msgid "Data passed to OpenStack Compute's configuration-drive extension"
msgstr "Data dikirimkan ke ekstensi configuration-drive OpenStack Compute"
msgid "Data privacy concerns"
msgstr "Masalah privasi data"
msgid "Data processing"
msgstr "Pengolahan data"
msgid "Data processing interacts directly with several openstack services:"
msgstr ""
"Pengolahan data berinteraksi langsung dengan beberapa layanan openstack:"
msgid ""
"Data processing resources (clusters, jobs, and data sources) are segregated "
"by projects defined within the Identity service. These resources are shared "
"within a project and it is important to understand the access needs of those "
"who are using the service. Activities within projects (for example launching "
"clusters, uploading jobs, etc.) can be restricted further through the use of "
"role-based access controls."
msgstr ""
"Sumber daya pengolahan data (clusters, jobs, and data sources) dipisahkan "
"oleh proyek yang didefinisikan dalam layanan Identitas. Sumber daya ini "
"dibagi dalam sebuah proyek dan penting untuk memahami kebutuhan akses mereka "
"yang menggunakan layanan ini. Kegiatan dalam proyek (misalnya, launching "
"clusters, uploading jobs, dll.) dapat dibatasi lebih jauh melalui penggunaan "
"role-based access control."
msgid "Data processing service"
msgstr "Layanan pengolahan data"
msgid "Data residency"
msgstr "Data residensi"
msgid ""
"Database (MySQL): MySQL database to store barbican state data related to its "
"managed entities and their metadata."
msgstr ""
"Database (MySQL): Database MySQL untuk menyimpan barbican state data yang "
"terkait dengan entitas yang dikelola dan metadata mereka."
msgid "Database access control"
msgstr "Kontrol akses Database"
msgid "Database authentication and access control"
msgstr "Database otentikasi dan kontrol akses"
msgid "Database back end considerations"
msgstr "Pertimbangan back end database"
msgid "Database server"
msgstr "Server Database"
msgid "Database server IP address binding"
msgstr "Alamat IP server database mengikat"
msgid "Database transport"
msgstr "Transportasi database"
msgid "Database transport security"
msgstr "Keamanan transportasi database"
msgid "Databases"
msgstr "Databases"
msgid "Debug"
msgstr "Debug"
msgid "Default setting is True."
msgstr "Pengaturan default menjadi True."
msgid ""
"Demonstration to a neutral third-party that system security controls are "
"implemented and operating effectively, in compliance with in-scope standards "
"and regulations, is required before many information systems achieve "
"certified status. Many certifications require periodic audits to ensure "
"continued certification, considered part of an overarching continuous "
"monitoring practice."
msgstr ""
"Demonstrasi kepada pihak ketiga yang netral bahwa kontrol keamanan sistem "
"diimplementasikan dan beroperasi secara efektif, sesuai dengan standar dan "
"peraturan di dalam ruang, diperlukan sebelum banyak sistem informasi "
"mendapatkan status bersertifikat. Banyak sertifikasi memerlukan audit "
"berkala untuk memastikan sertifikasi lanjutan, yang dianggap sebagai bagian "
"dari keseluruhan praktik pemantauan berkelanjutan."
msgid ""
"Denial of Service refers to an exploited vulnerability that may cause "
"service or system disruption. This includes both distributed attacks to "
"overwhelm network resources, and single-user attacks that are typically "
"caused through resource allocation bugs or input induced system failure "
"flaws."
msgstr ""
"Denial of Service mengacu pada kerentanan yang dieksploitasi yang dapat "
"menyebabkan gangguan layanan atau sistem. Ini termasuk serangan "
"terdistribusi untuk membanjiri sumber daya jaringan, dan serangan pengguna "
"tunggal yang biasanya disebabkan oleh bug alokasi sumber daya atau "
"kekurangan kegagalan sistem yang disebabkan masukan."
msgid "Denial of service"
msgstr "Denial of service"
msgid ""
"Depending on the strategy selected, in the event of a failure the node will "
"either fail to boot or it can report the failure back to another entity in "
"the cloud. For secure boot, the node will fail to boot and a provisioning "
"service within the management security domain must recognize this and log "
"the event. For boot attestation, the node will already be running when the "
"failure is detected. In this case the node should be immediately quarantined "
"by disabling its network access. Then the event should be analyzed for the "
"root cause. In either case, policy should dictate how to proceed after a "
"failure. A cloud may automatically attempt to re-provision a node a certain "
"number of times. Or it may immediately notify a cloud administrator to "
"investigate the problem. The right policy here will be deployment and "
"failure mode specific."
msgstr ""
"Bergantung pada strategi yang dipilih, jika terjadi kegagalan, node akan "
"gagal booting atau dapat melaporkan kegagalan kembali ke entitas lain di "
"awan. Untuk boot aman, node terjadi gagal booting dan kemudian layanan "
"provisioning dalam domain keamanan manajemen harus mengenali ini dan "
"mencatat kejadian. Untuk pengesahan booting, node sudah akan berjalan saat "
"failure terdeteksi. Dalam hal ini node harus segera dikarantina dengan "
"menonaktifkan akses jaringannya. Maka event tersebut harus dianalisis untuk "
"akar permasalahannya. Dalam kasus tersebut, kebijakan harus mendikte "
"bagaimana melanjutkan setelah kegagalan. Awan secara otomatis dapat mencoba "
"menyediakan kembali node beberapa kali. Atau mungkin segera memberitahu "
"administrator awan untuk menyelidiki masalahnya. Kebijakan yang tepat disini "
"akan bersifat deployment dan failure mode yang spesifik."
msgid ""
"Deploy automated testing tools to ensure that the cloud remains compliant "
"over time."
msgstr ""
"Terapkan alat uji otomatis untuk memastikan bahwa awan tetap sesuai dengan "
"waktu."
msgid ""
"Deploy the dashboard behind a secure :term:`HTTPS <Hypertext Transfer "
"Protocol Secure (HTTPS)>` server by using a valid, trusted certificate from "
"a recognized certificate authority (CA). Private organization-issued "
"certificates are only appropriate when the root of trust is pre-installed in "
"all user browsers."
msgstr ""
"Terapkan dasbor di belakang yang aman :term:`HTTPS <Hypertext Transfer "
"Protocol Secure (HTTPS)>` server dengan menggunakan sertifikat terpercaya "
"dan valid dari certificate authority (CA) yang dikenali. Sertifikat yang "
"diterbitkan oleh organisasi private hanya sesuai bila akar kepercayaan telah "
"terinstal di semua browser pengguna."
msgid ""
"Deployers or users of OpenStack with strong security requirements may want "
"to consider deploying these technologies. Not all are applicable in every "
"situation. In some cases, technologies may be ruled out for use in a cloud "
"because of prescriptive business requirements. Similarly some technologies "
"inspect instance data such as run state which may be undesirable to the "
"users of the system."
msgstr ""
"Deployer atau pengguna OpenStack dengan persyaratan keamanan yang kuat "
"mungkin ingin mempertimbangkan penggelaran teknologi ini. Tidak semua bisa "
"diterapkan dalam setiap situasi. Dalam beberapa kasus, teknologi mungkin "
"dikesampingkan untuk digunakan di awan karena persyaratan bisnis yang "
"ditentukan. Demikian pula beberapa teknologi memeriksa data instance seperti "
"run state yang mungkin tidak diinginkan pengguna sistem."
msgid "Deploying the updates"
msgstr "Menyebarkan pembaruan"
msgid "Deployment"
msgstr "Pengerahan "
msgid "Description"
msgstr "Deskripsi"
msgid ""
"Destination libvirtd host copies the instances back to an underlying "
"hypervisor."
msgstr ""
"Tujuan libvirtd host menyalin instance kembali ke hypervisor yang "
"mendasarinya."
msgid "Destroy cloud system media that cannot be sanitized."
msgstr "Hancurkan media sistem cloud yang tidak bisa di sanitasi."
msgid ""
"Detecting the absence of log generation is an event of high value. Such an "
"event would indicate a service failure or even an intruder who has "
"temporarily switched off logging or modified the log level to hide their "
"tracks."
msgstr ""
"Mendeteksi tidak adanya generasi log adalah peristiwa bernilai tinggi. "
"Peristiwa semacam itu akan menunjukkan kegagalan layanan atau bahkan "
"penyusup yang mematikan sementara logging atau memodifikasi tingkat log "
"untuk menyembunyikan jejak mereka."
msgid "Determine accessible resources."
msgstr "Tentukan sumber daya yang dapat diakses."
msgid "Determining audit scope"
msgstr "Menentukan cakupan audit"
msgid ""
"Determining audit scope, specifically what controls are needed and how to "
"design or modify an OpenStack deployment to satisfy them, should be the "
"initial planning step."
msgstr ""
"Menentukan lingkup audit, khususnya kontrol apa yang dibutuhkan dan "
"bagaimana merancang atau memodifikasi penyebaran OpenStack untuk memuaskan "
"mereka, seharusnya hal ini merupakan langkah perencanaan awal."
msgid ""
"Different authentication services are supported by different share drivers. "
"For details of supporting of features by different drivers, see `Manila "
"share features support mapping <https://docs.openstack.org/manila/latest/"
"contributor/share_back_ends_feature_support_mapping.html>`_. Support for a "
"specific authentication service by a driver does not mean that it can be "
"configured with any shared file system protocol. Supported shared file "
"systems protocols are NFS, CIFS, GlusterFS, and HDFS. See the driver "
"vendor's documentation for information on a specific driver and its "
"configuration for security services."
msgstr ""
"Layanan otentikasi yang berbeda didukung oleh driver share yang berbeda. "
"Untuk rincian dukungan fitur oleh driver yang berbeda, lihat `Manila share "
"features support mapping <https://docs.openstack.org/manila/latest/"
"contributor/share_back_ends_feature_support_mapping.html>`_. Dukungan untuk "
"layanan otentikasi tertentu oleh driver tidak berarti dapat dikonfigurasi "
"dengan protokol sistem file shared. Protokol sistem file shared yang "
"didukung adalah NFS, CIFS, GlusterFS, dan HDFS. Lihat dokumentasi vendor "
"driver untuk mendapatkan informasi mengenai driver khusus dan konfigurasinya "
"untuk layanan keamanan."
msgid ""
"Different drivers support different access options depending on which shared "
"file system protocol is used. Supported shared file system protocols are "
"NFS, CIFS, GlusterFS, and HDFS. For example, the Generic (Block Storage as a "
"back end) driver does not support user and certificate authentication "
"methods. It also does not support any of the security services, such as "
"LDAP, Kerberos, or Active Directory. For details of features supported by "
"different drivers, see `Manila share features support mapping <https://docs."
"openstack.org/manila/latest/contributor/"
"share_back_ends_feature_support_mapping.html>`_."
msgstr ""
"Driver yang berbeda mendukung pilihan akses yang berbeda tergantung pada "
"protokol sistem file bersama yang digunakan. Protokol sistem file bersama "
"yang didukung adalah NFS, CIFS, GlusterFS, dan HDFS. Misalnya, driver "
"Generic (Block Storage as a back end) tidak mendukung metode otentikasi "
"pengguna dan sertifikat. Ini juga tidak mendukung layanan keamanan apa pun, "
"seperti LDAP, Kerberos, atau Active Directory. Untuk rincian fitur yang "
"didukung oleh driver yang berbeda, lihat `Manila share features support "
"mapping <https://docs.openstack.org/manila/latest/contributor/"
"share_back_ends_feature_support_mapping.html>`_."
msgid "Digital Certificates"
msgstr "Digital Certificates"
msgid ""
"Direct memory access (DMA) is a feature that permits certain hardware "
"devices to access arbitrary physical memory addresses in the host computer. "
"Often video cards have this capability. However, an instance should not be "
"given arbitrary physical memory access because this would give it full view "
"of both the host system and other instances running on the same node. "
"Hardware vendors use an input/output memory management unit (IOMMU) to "
"manage DMA access in these situations. We recommend cloud architects should "
"ensure that the hypervisor is configured to utilize this hardware feature."
msgstr ""
"Direct memory access (DMA) adalah fitur yang memungkinkan perangkat keras "
"tertentu mengakses alamat memori fisik secara acak di komputer host. "
"Seringkali kartu video memiliki kemampuan ini. Namun, sebuah instance tidak "
"boleh diberikan akses memori fisik yang acak karena ini akan memberikan "
"tampilan penuh dari kedua sistem host dan instance lainnya yang berjalan "
"pada node yang sama. Vendor perangkat keras menggunakan input/output memory "
"management unit (IOMMU) untuk mengelola akses DMA dalam situasi ini. Kami "
"merekomendasikan arsitek awan harus memastikan bahwa hypervisor "
"dikonfigurasi untuk memanfaatkan fitur perangkat keras ini."
msgid "Disable live migration"
msgstr "Nonaktifkan migrasi langsung"
msgid "Disabling ``admin_token`` means it has a value of ``<none>``."
msgstr "Menonaktifkan ``admin_token`` berarti memiliki nilai ``<none>``."
msgid "Disallows clear text."
msgstr "Tidak mengizinkan teks yang jelas."
msgid ""
"Disallows export encryption algorithms, which by design tend to be weak, "
"typically using 40 and 56 bit keys."
msgstr ""
"Tidak mengizinkan algoritma enkripsi ekspor, yang menurut desainnya "
"cenderung lemah, biasanya menggunakan kunci 40 dan 56 bit."
msgid ""
"Disallows low (56 or 64 bit long keys) and medium (128 bit long keys) "
"ciphers because of their vulnerability to brute force attacks (example 2-"
"DES). This rule still permits Triple Data Encryption Standard (Triple DES) "
"also known as Triple Data Encryption Algorithm (TDEA) and the Advanced "
"Encryption Standard (AES), each of which has keys greater than equal to 128 "
"bits and thus more secure."
msgstr ""
"Larang (56 or 64 bit long keys) rendah dan ciphers (128 bit long keys) "
"menengah karena kerentanannya terhadap serangan brute force (contoh 2-DES). "
"Aturan ini masih mengizinkan Triple Data Encryption Standard (Triple DES) "
"yang juga dikenal sebagai Triple Data Encryption Algorithm (TDEA) dan "
"Advanced Encryption Standard (AES), yang masing-masing memiliki kunci lebih "
"besar dari pada 128 bit dan lebih aman."
msgid ""
"Disaster Recovery (DR) and Business Continuity Planning (BCP) plans are "
"common requirements for ISMS and compliance activities. These plans must be "
"periodically tested as well as documented. In OpenStack, key areas are found "
"in the management security domain, and anywhere that single points of "
"failure (SPOFs) can be identified."
msgstr ""
"Disaster Recovery (DR) dan rencana Business Continuity Planning (BCP) adalah "
"persyaratan umum untuk ISMS dan kegiatan kepatuhan. Rencana ini harus diuji "
"secara berkala dan juga terdokumentasi. Di OpenStack, area utama ditemukan "
"di domain keamanan manajemen, dan di manapun single points of failure "
"(SPOFs) dapat diidentifikasi."
msgid "Discretionary Access Control"
msgstr "Discretionary Access Control"
msgid ""
"Discuss common control frameworks and certification resources to achieve "
"industry certifications or regulator attestations."
msgstr ""
"Diskusikan kerangka kerja pengendalian bersama dan sumber sertifikasi untuk "
"mendapatkan sertifikasi industri atau pengesahan regulator."
msgid "Discuss upcoming security features"
msgstr "Diskusikan fitur keamanan yang akan datang"
msgid ""
"Django has dedicated middleware for cross-site request forgery (CSRF). For "
"further details, see the `Django documentation <https://docs.djangoproject."
"com/>`_."
msgstr ""
"Django telah mendedikasikan middleware untuk cross-site request forgery "
"(CSRF). Untuk keterangan lebih lanjut, lihat `Django documentation <https://"
"docs.djangoproject.com/>`_."
msgid ""
"Django media settings are documented in the `Django documentation <https://"
"docs.djangoproject.com/>`_."
msgstr ""
"Pengaturan media Django didokumentasikan di `Django documentation <https://"
"docs.djangoproject.com/>`_."
msgid ""
"Documentation should provide a general description of the OpenStack "
"environment and cover all systems used (for example, production, "
"development, or test). Documenting system components, networks, services, "
"and software often provides the bird's-eye view needed to thoroughly cover "
"and consider security concerns, attack vectors, and possible security domain "
"bridging points. A system inventory may need to capture ephemeral resources "
"such as virtual machines or virtual disk volumes that would otherwise be "
"persistent resources in a traditional IT system."
msgstr ""
"Dokumentasi harus memberikan gambaran umum tentang lingkungan OpenStack dan "
"mencakup semua sistem yang digunakan (misalnya, produksi, pengembangan, atau "
"pengujian). Mendokumentasikan komponen sistem, jaringan, layanan, dan "
"perangkat lunak sering kali memberikan pandangan bird's-eye (mata burung) "
"untuk menutupi dan mempertimbangkan masalah keamanan, vektor serangan, dan "
"kemungkinan poin penjembatan domain keamanan. Inventarisasi sistem mungkin "
"perlu menangkap sumber daya singkat seperti mesin virtual atau volume disk "
"virtual yang jika tidak, sumber daya persisten akan ada dalam sistem "
"Teknologi Informasi tradisional."
msgid "Dogtag plugin"
msgstr "Plugin Dogtag"
msgid "Domain names"
msgstr "Nama domain"
msgid "Domain names, dashboard upgrades, and basic web server configuration"
msgstr "Nama domain, upgrade dasbor, dan konfigurasi server web dasar"
msgid ""
"Domain-specific authentication drivers allow the Identity service to be "
"configured for multiple domains using domain-specific configuration files. "
"Enabling the drivers and setting the domain-specific configuration file "
"location occur in the ``[identity]`` section of the ``keystone.conf`` file:"
msgstr ""
"Driver otentikasi domain-specific memungkinkan layanan Identity "
"dikonfigurasi untuk beberapa domain menggunakan file konfigurasi domain-"
"specific. Mengaktifkan driver dan menyetel lokasi file konfigurasi domain-"
"specific terjadi di bagian ``[identity] `` pada file ``keystone.conf``:"
msgid "Domains"
msgstr "Domain-domain"
msgid ""
"Domains are high-level containers for projects, users and groups. As such, "
"they can be used to centrally manage all keystone-based identity components. "
"With the introduction of account domains, server, storage and other "
"resources can now be logically grouped into multiple projects (previously "
"called tenants) which can themselves be grouped under a master account-like "
"container. In addition, multiple users can be managed within an account "
"domain and assigned roles that vary for each project."
msgstr ""
"Domain adalah wadah tingkat tinggi untuk proyek, pengguna, dan grup. Dengan "
"demikian, mereka dapat digunakan untuk mengelola semua komponen identity "
"keystone-based secara terpusat. Dengan diperkenalkannya domain akun, server, "
"penyimpanan dan sumber daya lainnya sekarang dapat dikelompokkan secara "
"logis ke dalam beberapa proyek (yang sebelumnya disebut tenant) yang dapat "
"dikelompokkan dalam wadah seperti akun induk. Selain itu, beberapa pengguna "
"dapat dikelola dalam domain akun dan peran yang ditetapkan berbeda untuk "
"setiap proyek."
msgid ""
"Dr. Bryan D. Payne is the Director of Security Research at Nebula and co-"
"founder of the OpenStack Security Group (OSSG). Prior to joining Nebula, he "
"worked at Sandia National Labs, the National Security Agency, BAE Systems, "
"and IBM Research. He graduated with a Ph.D. in Computer Science from the "
"Georgia Tech College of Computing, specializing in systems security. Bryan "
"was the editor and lead for the OpenStack Security Guide, responsible for "
"its continued growth for the two years after it was written."
msgstr ""
"Dr. Bryan D. Payne adalah Director of Security Research di Nebula dan salah "
"satu pendiri OpenStack Security Group (OSSG). Sebelum bergabung dengan "
"Nebula, dia bekerja di Sandia National Labs, National Security Agency, BAE "
"Systems, dan IBM Research. Dia lulus dengan gelar Ph.D. dalam Ilmu Komputer "
"dari Georgia Tech College of Computing, yang mengkhususkan diri dalam "
"keamanan sistem. Bryan adalah editor dan memimpin untuk OpenStack Security "
"Guide, bertanggung jawab atas pertumbuhannya yang terus berlanjut selama dua "
"tahun setelah ditulis."
msgid ""
"Drivers that support the GlusterFS protocol can be used with authentication "
"via TLS certificates."
msgstr ""
"Driver yang mendukung protokol GlusterFS dapat digunakan dengan otentikasi "
"melalui sertifikat TLS."
msgid ""
"Due to the published vulnerabilities in the Secure Sockets Layer (SSL) "
"protocols, we strongly recommend that TLS is used in preference to SSL, and "
"that SSL is disabled in all cases, unless compatibility with obsolete "
"browsers or libraries is required."
msgstr ""
"Karena kerentanan yang dipublikasikan dalam protokol Secure Sockets Layer "
"(SSL), kami sangat menyarankan agar TLS digunakan untuk preferensi SSL, dan "
"SSL dinonaktifkan dalam semua kasus, kecuali kompatibilitas dengan browser "
"usang atau perpustakaan diperlukan."
msgid ""
"Due to the risk and complexities associated with PCI passthrough, it should "
"be disabled by default. If enabled for a specific need, you will need to "
"have appropriate processes in place to ensure the hardware is clean before "
"re-issue."
msgstr ""
"Karena risiko dan kompleksitas yang terkait dengan PCI passthrough, harus "
"dinonaktifkan secara default. Jika diaktifkan untuk kebutuhan tertentu, Anda "
"harus memiliki proses yang sesuai untuk memastikan perangkat keras bersih "
"sebelum diterbitkan ulang."
msgid ""
"Due to the time constraints around a book sprint, the team chose to use KVM "
"as the hypervisor in our example implementations and architectures."
msgstr ""
"Karena kendala waktu seputar sprint buku, tim memilih untuk menggunakan KVM "
"sebagai hypervisor dalam implementasi dan arsitektur contoh kami."
msgid ""
"During the design of an OpenStack Networking infrastructure it is important "
"that you understand the current features and limitations of available "
"network services. Understanding the boundaries of your virtual and physical "
"networks will assist in adding required security controls in your "
"environment."
msgstr ""
"Selama perancangan infrastruktur OpenStack Networking, penting bagi Anda "
"untuk memahami fitur dan keterbatasan layanan jaringan yang ada saat ini. "
"Memahami batas jaringan virtual dan fisik Anda akan membantu menambahkan "
"kontrol keamanan yang diperlukan di lingkungan Anda."
msgid ""
"During the sprint we also had help from Anne Gentle, Warren Wang, Paul "
"McMillan, Brian Schott and Lorin Hochstein."
msgstr ""
"Selama sprint kami juga mendapat bantuan Anne Gentle, Warren Wang, Paul "
"McMillan, Brian Schott dan Lorin Hochstein."
msgid "ESXi"
msgstr "ESXi"
msgid ""
"Each KVM-based virtual machine is a process which is labeled by SELinux, "
"effectively establishing a security boundary around each virtual machine. "
"This security boundary is monitored and enforced by the Linux kernel, "
"restricting the virtual machine's access to resources outside of its "
"boundary, such as host machine data files or other VMs."
msgstr ""
"Setiap mesin virtual berbasis KVM adalah proses yang diberi label oleh "
"SELinux, yang secara efektif menetapkan batas keamanan di sekitar setiap "
"mesin virtual. Batas keamanan ini dipantau dan diterapkan oleh kernel Linux, "
"membatasi akses mesin virtual ke sumber daya di luar batasnya, seperti file "
"data mesin host atau VM lainnya."
msgid ""
"Each OpenStack deployment embraces a wide variety of technologies, spanning "
"Linux distributions, database systems, messaging queues, OpenStack "
"components themselves, access control policies, logging services, security "
"monitoring tools, and much more. It should come as no surprise that the "
"security issues involved are equally diverse, and their in-depth analysis "
"would require several guides. We strive to find a balance, providing enough "
"context to understand OpenStack security issues and their handling, and "
"provide external references for further information. The guide could be read "
"from start to finish or used like a reference."
msgstr ""
"Setiap pengerahan OpenStack mencakup beragam teknologi, mencakup distribusi "
"Linux, sistem database, antrian pesan, komponen OpenStack sendiri, kebijakan "
"kontrol akses, layanan logging, alat pemantauan keamanan, dan banyak lagi. "
"Tidak mengherankan jika masalah keamanan yang terlibat sama beragamnya, dan "
"analisis mendalam mereka memerlukan beberapa panduan. Kami berusaha untuk "
"menemukan keseimbangan, memberikan konteks yang cukup untuk memahami masalah "
"keamanan OpenStack dan penanganannya, dan memberikan referensi eksternal "
"untuk informasi lebih lanjut. Panduan bisa dibaca dari awal sampai akhir "
"atau digunakan seperti referensi."
msgid ""
"Each OpenStack service defines the access policies for its resources in an "
"associated policy file. A resource, for example, could be API access, the "
"ability to attach to a volume, or to fire up instances. The policy rules are "
"specified in JSON format and the file is called ``policy.json``. The syntax "
"and format of this file is discussed in the `Configuration Reference "
"<https://docs.openstack.org/ocata/config-reference/policy-json-file.html>`__."
msgstr ""
"Setiap layanan OpenStack mendefinisikan kebijakan akses untuk sumber dayanya "
"dalam file kebijakan terkait. Sumber daya, misalnya, bisa berupa akses API, "
"kemampuan untuk mengkaitkan volume, atau untuk mengaktifkan instance. Aturan "
"kebijakan ditentukan dalam format JSON dan file tersebut disebut ``policy."
"json``. Sintaks dan format file ini dibahas di `Configuration Reference "
"<https://docs.openstack.org/ocata/config-reference/policy-json-file.html>`__."
msgid ""
"Each TPM has at least 24 PCRs. The TCG Generic Server Specification, v1.0, "
"March 2005, defines the PCR assignments for boot-time integrity "
"measurements. The table below shows a typical PCR configuration. The context "
"indicates if the values are determined based on the node hardware (firmware) "
"or the software provisioned onto the node. Some values are influenced by "
"firmware versions, disk sizes, and other low-level information. Therefore, "
"it is important to have good practices in place around configuration "
"management to ensure that each system deployed is configured exactly as "
"desired."
msgstr ""
"Setiap TPM memiliki setidaknya 24 PCR. Spesifikasi Server Generik TCG, v1.0, "
"Maret 2005, mendefinisikan tugas PCR untuk pengukuran integritas waktu "
"booting. Tabel di bawah menunjukkan konfigurasi PCR yang khas. Konteksnya "
"menunjukkan jika nilai ditentukan berdasarkan perangkat keras node "
"(firmware) atau perangkat lunak yang ada pada node. Beberapa nilai "
"dipengaruhi oleh versi firmware, ukuran disk, dan informasi tingkat rendah "
"lainnya. Oleh karena itu, penting untuk memiliki praktik yang baik di tempat "
"seputar pengelolaan konfigurasi untuk memastikan bahwa setiap sistem yang "
"digunakan dikonfigurasi sesuai keinginan."
msgid ""
"Each manufacturer must provide the BIOS and firmware code for their servers. "
"Different servers, hypervisors, and operating systems will choose to "
"populate different PCRs. In most real world deployments, it will be "
"impossible to validate every PCR against a known good quantity (\"golden "
"measurement\"). Experience has shown that, even within a single vendor's "
"product line, the measurement process for a given PCR may not be consistent. "
"We recommend establishing a baseline for each server and monitoring the PCR "
"values for unexpected changes. Third-party software may be available to "
"assist in the TPM provisioning and monitoring process, depending upon your "
"chosen hypervisor solution."
msgstr ""
"Setiap pabrikan harus menyediakan kode BIOS dan firmware untuk server "
"mereka. Server yang berbeda, hypervisor, dan sistem operasi akan memilih "
"untuk mengisi PCR yang berbeda. Dalam kebanyakan penyebaran dunia nyata, "
"tidak mungkin memvalidasi setiap PCR terhadap kuantitas yang diketahui "
"(\"golden measurement\"). Pengalaman menunjukkan bahwa, bahkan dalam lini "
"produk vendor tunggal, proses pengukuran untuk PCR tertentu mungkin tidak "
"konsisten. Sebaiknya buat baseline untuk setiap server dan pantau nilai PCR "
"untuk perubahan yang tidak diharapkan. Perangkat lunak pihak ketiga mungkin "
"tersedia untuk membantu proses pengadaan dan pemantauan TPM, tergantung pada "
"solusi hypervisor yang Anda pilih."
msgid ""
"Each of the core OpenStack services (Compute, Identity, Networking, Block "
"Storage) store state and configuration information in databases. In this "
"chapter, we discuss how databases are used currently in OpenStack. We also "
"explore security concerns, and the security ramifications of database back "
"end choices."
msgstr ""
"Masing-masing layanan OpenStack inti (Compute, Identity, Networking, Block "
"Storage) menyimpan informasi keadaan dan konfigurasi di database. Pada bab "
"ini, kita membahas bagaimana database digunakan saat ini di OpenStack. Kami "
"juga mengeksplorasi masalah keamanan, dan konsekuensi keamanan dari pilihan "
"back end database."
msgid ""
"Each project may present an inconsistent way of defining target API "
"endpoints. Future releases of OpenStack seek to resolve these "
"inconsistencies through consistent use of the Identity service catalog."
msgstr ""
"Setiap proyek dapat menunjukkan cara yang tidak konsisten untuk menentukan "
"endpoint API target. Rilis OpenStack di masa depan berusaha untuk mengatasi "
"ketidakkonsistenan ini melalui penggunaan katalog layanan Identitas secara "
"konsisten."
msgid ""
"Each project provides a number of services which send and consume messages. "
"Each binary which sends a message is expected to consume messages, if only "
"replies, from the queue."
msgstr ""
"Setiap proyek menyediakan sejumlah layanan yang mengirim dan mengkonsumsi "
"pesan. Setiap biner yang mengirimkan pesan diharapkan bisa mengkonsumsi "
"pesan dari antrian, jika hanya menjawab."
msgid "Each share driver supports at least one of the possible driver modes:"
msgstr ""
"Setiap share driveri mendukung setidaknya satu dari mode driver yang mungkin:"
msgid ""
"Employ multi-factor authentication for network access to privileged user "
"accounts. The Identity service supports external authentication services "
"through the Apache web server that can provide this functionality. Servers "
"may also enforce client-side authentication using certificates."
msgstr ""
"Mempekerjakan otentikasi multi-faktor untuk akses jaringan ke akun pengguna "
"istimewa. Layanan Identitas mendukung layanan otentikasi eksternal melalui "
"server web Apache yang dapat menyediakan fungsionalitas ini. Server juga "
"dapat menegakkan otentikasi sisi klien menggunakan sertifikat."
msgid ""
"Enable TLS support. Install ``mod_nss`` according to your distribution, then "
"apply the following patch and restart HTTPD:"
msgstr ""
"Aktifkan dukungan TLS. Install ``mod_nss`` sesuai distribusinya, lalu "
"terapkan patch berikut dan restart HTTPD:"
msgid "Enable ``OS-FEDERATION`` extension:"
msgstr "Aktifkan ekstensi ``OS-FEDERATION``:"
msgid ""
"Enable encryption and select parameters such as encryption algorithm and key "
"size"
msgstr ""
"Aktifkan enkripsi dan pilih parameter seperti algoritma enkripsi dan ukuran "
"kunci"
msgid "Enable the Identity service virtual host:"
msgstr "Aktifkan virtual host layanan Identity:"
msgid "Enable the ``ssl`` and ``shib2`` modules:"
msgstr "Aktifkan modul ``ssl`` dan ``shib2``:"
msgid "Enabling Federation"
msgstr "Mengaktifkan Federasi"
msgid "Encrypted live migration"
msgstr "Migrasi langsung terenkripsi"
msgid "Encryption / decryption"
msgstr "Enkripsi / Dekripsi"
msgid ""
"Encryption of data at rest is implemented by middleware that may be included "
"in the proxy server WSGI pipeline. The feature is internal to a swift "
"cluster and not exposed through the API. Clients are unaware that data is "
"encrypted by this feature internally to the swift service; internally "
"encrypted data should never be returned to clients through the swift API."
msgstr ""
"Enkripsi data saat istirahat diimplementasikan oleh middleware yang mungkin "
"disertakan dalam pipeline WSGI server proxy. Fitur ini bersifat internal ke "
"cluster cepat dan tidak terpapar melalui API. Klien tidak menyadari bahwa "
"data dienkripsi oleh fitur ini secara internal ke layanan cepat; Data yang "
"dienkripsi secara internal tidak boleh dikembalikan ke klien melalui API "
"cepat."
msgid "End entity"
msgstr "End entity"
msgid "End users"
msgstr "Pengguna akhir (end user)"
msgid ""
"End users will use the system to store sensitive data, such as passphrases "
"encryption keys, etc."
msgstr ""
"End user akan menggunakan sistem untuk menyimpan data sensitif, seperti "
"kunci enkripsi frase, dll."
msgid ""
"Ensure only authenticated users and backup clients have access to the backup "
"server."
msgstr ""
"Pastikan hanya pengguna terotentikasi dan klien cadangan yang memiliki akses "
"ke server cadangan."
msgid ""
"Ensure that the .rc file which has your credential information is secured."
msgstr ""
"Pastikan file .rc yang memiliki informasi kredensial Anda telah diamankan."
msgid ""
"Ensure that the network interfaces are on their own private(management or a "
"separate) network. Segregate management domains with firewalls or other "
"network gear."
msgstr ""
"Pastikan bahwa antarmuka jaringan berada pada jaringan pribadi mereka "
"(manajemen atau yang terpisah). Pisahkan domain manajemen dengan firewall "
"atau peralatan jaringan lainnya."
msgid ""
"Ensure that the system has the fewest number of packages installed and "
"services running as possible. Removing unneeded packages makes patching "
"easier and it reduces the number of items on the system which could lead to "
"a breach. Stopping unneeded services shrinks the attack surface on the "
"system and makes it more difficult to attack."
msgstr ""
"Pastikan bahwa sistem memiliki jumlah paket terinstal dan layanan yang "
"paling sedikit yang mungkin dijalankan. Melepaskan paket yang tidak "
"dibutuhkan membuat tambalan lebih mudah dan mengurangi jumlah item pada "
"sistem yang dapat menyebabkan pelanggaran. Menghentikan layanan yang tidak "
"dibutuhkan mengecilkan permukaan serangan pada sistem dan membuatnya lebih "
"sulit diserang."
msgid ""
"Ensure your end users that the node has been properly sanitized of their "
"data prior to re-provisioning. Additionally, prior to reusing a node, you "
"must provide assurances that the hardware has not been tampered or otherwise "
"compromised."
msgstr ""
"Pastikan end user Anda bahwa nodus telah benar dibersihkan data mereka "
"sebelum re-provisioning. Selain itu, sebelum menggunakan kembali sebuah "
"node, Anda harus memberikan jaminan bahwa perangkat keras belum dirusak atau "
"dikompromikan."
msgid ""
"Ensure your iptables have the default policy filtering network traffic, and "
"consider examining the existing rule set to understand each rule and "
"determine if the policy needs to be expanded upon."
msgstr ""
"Pastikan iptables Anda memiliki kebijakan default yang memfilter lalu lintas "
"jaringan, dan pertimbangkan untuk memeriksa peraturan yang ada agar dapat "
"memahami setiap peraturan dan menentukan apakah kebijakan tersebut perlu "
"diperluas."
msgid "Entropy to instances"
msgstr "Entropy ke instance"
msgid "Environment based filters"
msgstr "Filter berbasis lingkungan"
msgid ""
"Ephemeral Diffie-Hellman (abbreviated either as EDH or DHE) uses prime field "
"groups."
msgstr ""
"Ephemeral Diffie-Hellman (disingkat sebagai EDH ataupun DHE) menggunakan "
"kelompok field utama"
msgid ""
"Ephemeral Elliptic Curve Diffie-Hellman (abbreviated as EECDH and ECDHE)."
msgstr "Ephemeral Elliptic Curve Diffie-Hellman (disingkat EECDH dan ECDHE)."
msgid ""
"Ephemeral Elliptic Curves require the server to be configured with a named "
"curve, and provide better security than prime field groups and at lower "
"computational cost. However, prime field groups are more widely implemented, "
"and thus typically both are included in list."
msgstr ""
"Ephemeral Elliptic Curves meminta server untuk dikonfigurasi dengan kurva "
"bernama, dan memberikan keamanan yang lebih baik daripada kelompok lapangan "
"utama dan dengan biaya komputasi yang lebih rendah. Namun, kelompok field "
"utama lebih banyak diimplementasikan, dan dengan demikian biasanya keduanya "
"termasuk dalam daftar."
msgid "Ephemeral disk encryption"
msgstr "Enkripsi disk sesaat"
msgid ""
"Ephemeral disk encryption is supported by back-end key storage for enhanced "
"security (for example, an HSM or a KMIP server can be used as a barbican "
"back-end secret store)"
msgstr ""
"Enkripsi disk ephemeral didukung oleh penyimpanan kunci back-end untuk "
"keamanan yang ditingkatkan (misalnya, server HSM atau KMIP dapat digunakan "
"sebagai penyimpanan rahasia back-end barbican)"
msgid ""
"Eric Lopez is Senior Solution Architect at VMware's Networking and Security "
"Business Unit where he helps customers implement OpenStack and VMware NSX "
"(formerly known as Nicira's Network Virtualization Platform). Prior to "
"joining VMware (through the company's acquisition of Nicira), he worked for "
"Q1 Labs, Symantec, Vontu, and Brightmail. He has a B.S in Electrical "
"Engineering/Computer Science and Nuclear Engineering from U.C. Berkeley and "
"MBA from the University of San Francisco."
msgstr ""
"Eric Lopez adalah Senior Solution Architect di VMware's Networking and "
"Security Business Unit dimana dia membantu pelanggan menerapkan OpenStack "
"dan VMware NSX (sebelumnya dikenal sebagai Platform Virtualisasi Jaringan "
"Nicira). Sebelum bergabung dengan VMware (melalui akuisisi Nicira "
"perusahaan), dia bekerja untuk Lab Q1, Symantec, Vontu, dan Brightmail. Dia "
"memiliki B.S di Teknik Elektro/Ilmu Komputer dan Teknik Nuklir dari U.C. "
"Berkeley dan MBA dari University of San Francisco."
msgid ""
"Eric Windisch is a Principal Engineer at Cloudscaling where he has been "
"contributing to OpenStack for over two years. Eric has been in the trenches "
"of hostile environments, building tenant isolation and infrastructure "
"security through more than a decade of experience in the web hosting "
"industry. He has been building cloud computing infrastructure and automation "
"since 2007."
msgstr ""
"Eric Windisch adalah seorang Principal Engineer di Cloudscaling dimana dia "
"telah berkontribusi pada OpenStack selama lebih dari dua tahun. Eric telah "
"berada di parit (trench) lingkungan yang tidak bersahabat, membangun isolasi "
"penyewa dan keamanan infrastruktur melalui lebih dari satu dekade pengalaman "
"di industri web hosting. Dia telah membangun infrastruktur komputasi awan "
"dan otomasi sejak 2007."
msgid "Establish formal access control policies"
msgstr "Menetapkan kebijakan kontrol akses formal"
msgid ""
"Even with ``prevent_arp_spoofing`` enabled, flat networking does not provide "
"a complete level of project isolation, as all project traffic is still sent "
"to the same VLAN."
msgstr ""
"Even dengan ``prevent_arp_spoofing`` diaktifkan, jaringan flat (datar) tidak "
"menyediakan tingkat isolasi proyek yang lengkap, karena semua lalu lintas "
"proyek masih dikirim ke VLAN yang sama."
msgid ""
"Event monitoring is a more pro-active approach to securing an environment, "
"providing real-time detection and response. Several tools exist which can "
"aid in monitoring."
msgstr ""
"Pemantauan kejadian adalah pendekatan yang lebih proaktif untuk mengamankan "
"lingkungan, memberikan deteksi dan respons real-time. Beberapa alat ada yang "
"bisa membantu dalam pemantauan."
msgid ""
"Examine your attributes map in the ``/etc/shibboleth/attributes-map.xml`` "
"file and adjust your requirements if needed. For more information see "
"`Shibboleth Attributes <https://wiki.shibboleth.net/confluence/display/SHIB2/"
"NativeSPAddAttribute>`__."
msgstr ""
"Periksa peta atribut Anda di file ``/etc/shibboleth/attributes-map.xml`` dan "
"sesuaikan kebutuhan Anda jika diperlukan. Untuk informasi lebih lanjut lihat "
"`Shibboleth Attributes <https://wiki.shibboleth.net/confluence/display/SHIB2/"
"NativeSPAddAttribute>`__."
msgid ""
"Example of RHEL 6 CCE-26976-1 which will help implement NIST 800-53 Section "
"*AC-19(d)* in Oz."
msgstr ""
"Contoh RHEL 6 CCE-26976-1 yang akan membantu mengimplementasikan NIST 800-53 "
"Section * AC-19 (d) * di Oz."
msgid ""
"Example of a ``:sql_connection`` string for X.509 certificate authentication "
"to MySQL:"
msgstr ""
"Contoh string ``:sql_connection`` untuk otentikasi sertifikat X.509 ke MySQL:"
msgid "Example of a ``:sql_connection`` string to MySQL:"
msgstr "Contoh string ``:sql_connection`` ke MySQL:"
msgid "Examples"
msgstr "Contoh"
msgid ""
"Examples of secrets that does not require a keystone token to access are "
"passwords for service users in service configuration files, or encryption "
"keys that do not belong to any particular project."
msgstr ""
"Contoh rahasia yang tidak memerlukan keystone token untuk diakses adalah "
"password untuk pengguna layanan dalam file konfigurasi layanan, atau kunci "
"enkripsi yang tidak termasuk dalam proyek tertentu."
msgid "Exception process"
msgstr "Proses Pengecualian"
msgid "Explanation"
msgstr "Penjelasan"
msgid ""
"Exposes all OpenStack APIs, including the OpenStack Networking API, to "
"tenants. The IP addresses on this network should be reachable by anyone on "
"the Internet. This may be the same network as the external network, as it is "
"possible to create a subnet for the external network that uses IP allocation "
"ranges to use only less than the full range of IP addresses in an IP block. "
"This network is considered the Public Security Domain."
msgstr ""
"Explose (bukalah) semua API OpenStack, termasuk OpenStack Networking API,ke "
"penyewa. Alamat IP pada jaringan ini harus dapat dijangkau oleh siapapun di "
"Internet. Ini mungkin jaringan yang sama dengan jaringan eksternal, karena "
"memungkinkan untuk membuat subnet untuk jaringan eksternal yang menggunakan "
"rentang alokasi IP untuk penggunaan hanya kurang dari kisaran penuh alamat "
"IP dalam blok IP. Jaringan ini dianggap sebagai Public Security Domain."
msgid "External"
msgstr "External"
msgid "External audit"
msgstr "Audit eksternal"
msgid "External authentication methods"
msgstr "Metode otentikasi eksternal"
msgid "External dependencies and associated security assumptions"
msgstr "Ketergantungan eksternal dan asumsi keamanan yang terkait"
msgid ""
"External dependencies are items outside of the control of the service that "
"are required for its operation, and may impact the service if they were "
"compromised or became unavailable. These items are usually outside the "
"control of the developer but within the control of the deployer, or they may "
"be operated by a third party. Appliances should be regarded as external "
"dependencies."
msgstr ""
"Ketergantungan eksternal adalah item di luar kendali layanan yang diperlukan "
"untuk pengoperasiannya, dan mungkin berdampak pada layanan jika disusupi "
"atau tidak tersedia. Item ini biasanya berada di luar kendali pengembang "
"namun berada dalam kendali pengirim, atau mungkin dioperasikan oleh pihak "
"ketiga. Peralatan harus dianggap sebagai dependensi eksternal."
msgid "External dependencies of the project"
msgstr "Ketergantungan eksternal proyek"
msgid "External network"
msgstr "Jaringan eksternal "
msgid "FIPS 140-2"
msgstr "FIPS 140-2"
msgid "FISMA"
msgstr "FISMA"
msgid ""
"FW-as-a-Service (FWaaS) is considered an experimental feature for the Kilo "
"release of OpenStack Networking. FWaaS addresses the need to manage and "
"leverage the rich set of security features provided by typical firewall "
"products which are typically far more comprehensive than what is currently "
"provided by security groups. Both Freescale and Intel developed third-party "
"plug-ins as extensions in OpenStack Networking to support this component in "
"the Kilo release. For more details on the administration of FWaaS, see "
"`Firewall-as-a-Service (FWaaS) overview <https://docs.openstack.org/admin-"
"guide/networking-introduction.html#firewall-as-a-service-fwaas-overview>`__ "
"in the OpenStack Administrator Guide."
msgstr ""
"FW-as-a-Service (FWaaS) dianggap sebagai fitur eksperimental untuk rilis "
"Kilo OpenStack Networking. FWaaS menangani kebutuhan untuk mengelola dan "
"memanfaatkan sekumpulan fitur keamanan yang kaya yang disediakan oleh produk "
"firewall biasa yang biasanya jauh lebih komprehensif daripada yang saat ini "
"disediakan oleh kelompok keamanan. Baik Freescale dan Intel mengembangkan "
"plug-in pihak ketiga sebagai ekstensi di OpenStack Networking untuk "
"mendukung komponen ini dalam rilis Kilo. Untuk rincian lebih lanjut tentang "
"administrasi FWaaS, lihat ikhtisar \"Firewall-as-a-Service (FWaaS) <https://"
"docs.openstack.org/admin-guide/networking-introduction.html#firewall-as-a-"
"service -fwaas-overview> `__ di OpenStack Administrator Guide."
msgid "Fail securely"
msgstr "Gagal dengan aman"
msgid ""
"False positives occur when the security monitoring tool produces a security "
"alert for a benign event. Due to the nature of security monitoring tools, "
"false positives will most certainly occur from time to time. Typically a "
"cloud administrator can tune security monitoring tools to reduce the false "
"positives, but this may also reduce the overall detection rate at the same "
"time. These classic trade-offs must be understood and accounted for when "
"setting up a security monitoring system in the cloud."
msgstr ""
"Positif palsu ((false positive) terjadi saat alat pemantau keamanan "
"menghasilkan peringatan keamanan untuk peristiwa jinak. Karena sifat alat "
"pemantauan keamanan, false positive pasti terjadi dari waktu ke waktu. "
"Biasanya administrator awan dapat menyetel alat pemantauan keamanan untuk "
"mengurangi false positive, namun ini juga dapat mengurangi tingkat deteksi "
"keseluruhan secara bersamaan. Trade-off klasik ini harus dipahami dan "
"dipertanggungjawabkan saat membuat sistem pemantauan keamanan di awan."
msgid ""
"Features in this table might not be applicable to all hypervisors or "
"directly mappable between hypervisors."
msgstr ""
"Fitur dalam tabel ini mungkin tidak berlaku untuk semua hypervisors atau "
"secara langsung dapat dipetakan di antara hypervisors."
msgid "FedRAMP"
msgstr "FedRAMP"
msgid ""
"Federated Identity provides a way to securely use existing credentials to "
"access cloud resources such as servers, volumes, and databases, across "
"multiple endpoints provided in multiple authorized clouds using a single set "
"of credentials, without having to provision additional identities or log in "
"multiple times. The credential is maintained by the user's Identity Provider."
msgstr ""
"Federated Identity menyediakan cara untuk dengan aman menggunakan kredensial "
"yang ada untuk mengakses sumber daya awan seperti server, volume, dan "
"database, di beberapa endpoint yang disediakan di beberapa awan resmi "
"menggunakan sekumpulan kredensial tunggal, tanpa harus memberikan identitas "
"tambahan atau masuk beberapa kali. Kredensial dikelola oleh Identity "
"Provider pengguna."
msgid "Federated keystone"
msgstr "Federated keystone"
msgid ""
"Federated users are not mirrored in the Identity service back end (for "
"example, using the SQL driver). The external IdP is responsible for "
"authenticating users, and communicates the result of the authentication to "
"Identity service using SAML assertions. Identity service maps the SAML "
"assertions to keystone user groups and assignments created in Identity "
"service."
msgstr ""
"Pengguna Federasi tidak tercermin dalam layana Identity back end (misalnya, "
"menggunakan driver SQL). IdP eksternal bertanggung jawab untuk "
"mengotentikasi pengguna, dan mengkomunikasikan hasil otentikasi ke layanan "
"Identity menggunakan pernyataan SAML. Layanan Identity memetakan pernyataan "
"SAML ke kelompok pengguna utama dan tugas yang dibuat di layanan Identity."
msgid "Fernet tokens"
msgstr "Token Fernet"
msgid ""
"Fernet tokens are the supported token provider for Pike (default). Fernet is "
"a secure messaging format explicitly designed for use in API tokens. They "
"are non-persistent (no need to be persisted to a database), lightweight "
"(fall in range of 180 to 240 bytes) and reduce the operational overhead "
"required to run a cloud. Authentication and authorization metadata is neatly "
"bundled into a message packed payload, which is then encrypted and signed in "
"as a fernet token."
msgstr ""
"Token Fernet adalah penyedia token yang didukung untuk Pike (default). "
"Fernet adalah format pesan aman yang dirancang secara eksplisit untuk "
"digunakan dalam token API. Mereka tidak gigih (tidak perlu bertahan ke "
"database), ringan (jatuh dalam kisaran 180 sampai 240 byte) dan mengurangi "
"biaya operasional yang diperlukan untuk menjalankan awan. Otentikasi dan "
"metadata otorisasi dibendel rapi ke dalam pesan muatan (payload) yang "
"dikemas, yang kemudian dienkripsi dan ditandatangani sebagai token fernet."
msgid "File integrity management (FIM)"
msgstr "File integrity management (FIM)"
msgid ""
"File integrity management (FIM) is the method of ensuring that files such as "
"sensitive system or application configuration files are not corrupted or "
"changed to allow unauthorized access or malicious behavior. This can be done "
"through a utility such as Samhain that will create a checksum hash of the "
"specified resource and then validate that hash at regular intervals, or "
"through a tool such as DMVerity that can take a hash of block devices and "
"will validate those hashes as they are accessed by the system before they "
"are presented to the user."
msgstr ""
"File integrity management (FIM) adalah metode untuk memastikan bahwa file "
"seperti sistem sensitif atau file konfigurasi aplikasi tidak rusak atau "
"diubah untuk memungkinkan akses yang tidak sah atau perilaku jahat. Hal ini "
"dapat dilakukan melalui utilitas seperti Samhain yang akan membuat hash "
"checksum dari sumber daya yang ditentukan dan kemudian memvalidasi hash "
"secara berkala, atau melalui tool seperti DMVerity yang dapat mengambil hash "
"dari perangkat blok dan akan memvalidasi hash tersebut sebagai mereka "
"diakses oleh sistem sebelum dipresentasikan kepada pengguna."
msgid "File permissions"
msgstr "Izin file"
msgid ""
"File system objects, memory, and IPC objects are cleared before they can be "
"reused by a process belonging to a different user."
msgstr ""
"Objek sistem file, memori, dan objek IPC dihapus sebelum dapat digunakan "
"kembali oleh proses yang dimiliki oleh pengguna yang berbeda."
msgid ""
"Filesystem storage is a more secure solution for ephemeral block storage "
"devices than LVM as dirty extents cannot be provisioned to users. However, "
"it is important to be mindful that user data is not destroyed, so it is "
"suggested to encrypt the backing filesystem."
msgstr ""
"Penyimpanan filesystem adalah solusi yang lebih aman untuk perangkat "
"penyimpanan blok sementara daripada LVM karena luapan limbah (dirty extent) "
"tidak dapat disediakan oleh pengguna. Namun, penting untuk diperhatikan "
"bahwa data pengguna tidak dihancurkan, jadi disarankan untuk mengenkripsi "
"filesystem backing."
msgid "Filter schedulers fall under four main categories:"
msgstr "Penjadwal filter termasuk dalam empat kategori utama:"
msgid ""
"Finally, the node kernel should have a mechanism to validate that the rest "
"of the node starts in a known good state. This provides the necessary link "
"from the boot validation process to validating the entire system. The steps "
"for doing this will be deployment specific. As an example, a kernel module "
"could verify a hash over the blocks comprising the file system before "
"mounting it using `dm-verity <https://gitlab.com/cryptsetup/cryptsetup/wikis/"
"DMVerity>`__."
msgstr ""
"Akhirnya, kernel node harus memiliki mekanisme untuk memvalidasi bahwa sisa "
"node dimulai dalam keadaan baik yang diketahui. Ini menyediakan link yang "
"diperlukan dari proses validasi booting untuk memvalidasi keseluruhan "
"sistem. Langkah-langkah untuk melakukan hal ini adalah penerapan yang "
"spesifik. Sebagai contoh, modul kernel dapat memverifikasi hash di atas blok "
"yang terdiri dari sistem file sebelum memasangnya `dm-verity <https://gitlab."
"com/cryptsetup/cryptsetup/wikis/DMVerity>`__."
msgid "Firewalls"
msgstr "Firewall"
msgid "Firewalls and other host-based security controls"
msgstr "Firewall dan kontrol keamanan berbasis host lainnya"
msgid "Flat network in *share servers* back-end mode"
msgstr "Jaringan datar di *share servers* mode back-end"
msgid "Flat vs segmented networking"
msgstr "Jaringan datar vs tersegmentasi"
msgid "For SQL, in ``/etc/keystone/keystone.conf`` , set:"
msgstr "Untuk SQL, di ``/etc/keystone/keystone.conf`` , set:"
msgid "For ``memcached``, in ``/etc/keystone/keystone.conf``, set:"
msgstr "Untuk ``memcached``, di ``/etc/keystone/keystone.conf``, set:"
msgid ""
"For a distribution appropriate place, it should probably be copied to ``/usr/"
"share/openstack/keystone/httpd/keystone.py``."
msgstr ""
"Untuk tempat distribusi yang sesuai, mungkin sebaiknya disalin ``/usr/share/"
"openstack/keystone/httpd/keystone.py``."
msgid "For additional configuration information see:"
msgstr "Untuk informasi konfigurasi tambahan lihat:"
msgid ""
"For additional information see the `OpenStack Administrator Guide <https://"
"docs.openstack.org/admin-guide/networking.html>`__."
msgstr ""
"Untuk informasi tambahan lihat `OpenStack Administrator Guide <https://docs."
"openstack.org/admin-guide/networking.html>`__."
msgid ""
"For announcements regarding security relevant changes, subscribe to the "
"`OpenStack Announce mailing list <http://lists.openstack.org/cgi-bin/mailman/"
"listinfo/openstack-announce>`__. The security notifications are also posted "
"through the downstream packages, for example, through Linux distributions "
"that you may be subscribed to as part of the package updates."
msgstr ""
"Untuk pengumuman terkait perubahan keamanan yang relevan, berlangganan ke "
"`OpenStack Announce mailing list <http://lists.openstack.org/cgi-bin/mailman/"
"listinfo/openstack-announce>`__. Pemberitahuan keamanan juga diposting "
"melalui paket hilir, misalnya melalui distribusi Linux yang mungkin Anda "
"andalkan sebagai bagian dari pembaruan paket."
msgid ""
"For authentication and authorization of clients, the Shared File Systems "
"Storage service can optionally be configured with different network "
"authentication protocols. Supported authentication protocols are LDAP, "
"Kerberos, and Microsoft Active directory authentication service."
msgstr ""
"Untuk otentikasi dan otorisasi klien, layanan Shared File Systems Storage "
"dapat dikonfigurasi secara opsional dengan protokol otentikasi jaringan yang "
"berbeda. Protokol otentikasi yang didukung adalah layanan otentikasi "
"direktori LDAP, Kerberos, dan Microsoft Active."
msgid ""
"For commercial deployments of OpenStack, we recommend SOC 1/2 is combined "
"with ISO 2700 1/2 to be considered as a starting point for OpenStack "
"certification activities. The required security activities mandated by these "
"certifications facilitate a foundation of security best practices and common "
"control criteria that can assist in achieving more stringent compliance "
"activities, including government attestations and certifications."
msgstr ""
"Untuk penyebaran komersial OpenStack, kami merekomendasikan SOC 1/2 "
"dikombinasikan dengan ISO 2700 1/2 untuk dianggap sebagai titik awal untuk "
"kegiatan sertifikasi OpenStack. Kegiatan keamanan yang dibutuhkan yang "
"diamanatkan oleh sertifikasi ini memfasilitasi landasan praktik terbaik "
"keamanan dan kriteria kontrol bersama yang dapat membantu dalam mencapai "
"aktivitas kepatuhan yang lebih ketat, termasuk pengesahan dan sertifikasi "
"pemerintah."
msgid "For configuration information see:"
msgstr "Untuk informasi konfigurasi, lihat:"
msgid ""
"For details of managing security services via API, see the `Security "
"services API <https://developer.openstack.org/api-ref-share-v2.html#share-"
"security-services>`_. You also can manage security services via python-"
"manilaclient, see `Security services CLI managing <https://docs.openstack."
"org/admin-guide/shared_file_systems_security_services.html>`_."
msgstr ""
"Untuk rincian pengelolaan layanan keamanan melalui API, lihat `Security "
"services API <https://developer.openstack.org/api-ref-share-v2.html#share-"
"security-services>`_. Anda juga bisa mengelola layanan keamanan via python-"
"manilaclient, lihat `Security services CLI managing <https://docs.openstack."
"org/admin-guide/shared_file_systems_security_services.html>`_."
msgid "For example,"
msgstr "Sebagai contoh,"
msgid "For example, in ``/etc/neutron/plugins/ml2/openvswitch_agent.ini``:"
msgstr "Misalnya, di ``/etc/neutron/plugins/ml2/openvswitch_agent.ini``:"
msgid ""
"For example, the following URL would be considered protected by ``mod_shib`` "
"and Apache, as such a request made to the URL would be redirected to the "
"Identity Provider, to start the SAML authentication procedure."
msgstr ""
"Misalnya, URL berikut akan dianggap dilindungi oleh ``mod_shib`` dan Apache, "
"karena permintaan yang dibuat pada URL akan dialihkan ke Identity Provider, "
"untuk memulai prosedur otentikasi SAML."
msgid "For example:"
msgstr "Sebagai contoh:"
msgid ""
"For further details, see the `Django documentation <https://docs."
"djangoproject.com/>`_."
msgstr ""
"Untuk keterangan lebih lanjut, lihat `Django documentation <https://docs."
"djangoproject.com/>`_."
msgid ""
"For information about the current state of feature support, see `OpenStack "
"Hypervisor Support Matrix <https://wiki.openstack.org/wiki/"
"HypervisorSupportMatrix>`__."
msgstr ""
"Untuk informasi tentang status terkini dari dukungan fitur, lihat `OpenStack "
"Hypervisor Support Matrix <https://wiki.openstack.org/wiki/"
"HypervisorSupportMatrix>`__."
msgid ""
"For installations in which the controller will have limited access to all "
"the instances of a cluster, due to limits on floating IP addresses or "
"security rules, indirect access may be configured. This allows some "
"instances to be designated as proxy gateways to the other instances of the "
"cluster."
msgstr ""
"Untuk instalasi di mana pengendali akan memiliki akses terbatas ke semua "
"instance cluster karena batasan pada alamat IP mengambang (floating IP "
"address) atau peraturan keamanan, akses tidak langsung dapat dikonfigurasi. "
"Hal ini memungkinkan beberapa instance ditunjuk sebagai gateway proxy ke "
"instance cluster lainnya."
msgid ""
"For instance, analyzing the access logs of Identity service or its "
"replacement authentication system would alert us to failed logins, "
"frequency, origin IP, whether the events are restricted to select accounts "
"and other pertinent information. Log analysis supports detection."
msgstr ""
"Misalnya, menganalisis log akses dari layanan Identity atau sistem "
"autentikasi penggantiannya akan mengingatkan kita pada login, frekuensi, IP "
"asal yang salah, apakah kejadian dibatasi untuk memilih akun dan informasi "
"terkait lainnya. Analisis log mendukung deteksi."
msgid ""
"For more details on setting up a certificate manager for Magnum, see the "
"`Container Infrastructure Management service <https://docs.openstack.org/"
"magnum/latest/install/>`_ documentation."
msgstr ""
"Untuk rincian lebih lanjut tentang membuat manajer sertifikat untuk Magnum, "
"lihat dokumentasi `Container Infrastructure Management service <https://docs."
"openstack.org/magnum/latest/install/>`_."
msgid ""
"For more details on the service see the `OpenStack Glance documentation "
"<https://docs.openstack.org/glance/latest/>`__."
msgstr ""
"Untuk rincian lebih lanjut tentang layanan ini, lihat `OpenStack Glance "
"documentation <https://docs.openstack.org/glance/latest/>`__."
msgid ""
"For more details see `FedRAMP <http://www.gsa.gov/portal/category/102371>`_."
msgstr ""
"Untuk lebih jelasnya lihat `FedRAMP <http://www.gsa.gov/portal/"
"category/102371>`_."
msgid "For more details see `ISO 27001 <http://www.27000.org/iso-27001.htm>`_."
msgstr ""
"Untuk lebih jelasnya lihat `ISO 27001 <http://www.27000.org/iso-27001.htm>`_."
msgid ""
"For more details see `PCI security standards <https://www."
"pcisecuritystandards.org/security_standards/>`_."
msgstr ""
"Untuk lebih jelasnya lihat `PCI security standards <https://www."
"pcisecuritystandards.org/security_standards/>`_."
msgid ""
"For more details see `The International Traffic in Arms Regulations (ITAR) "
"<https://www.pmddtc.state.gov/regulations_laws/itar.html>`_."
msgstr ""
"Untuk lebih jelasnya lihat `The International Traffic in Arms Regulations "
"(ITAR) <https://www.pmddtc.state.gov/regulations_laws/itar.html>`_."
msgid ""
"For more details see the `AICPA Report on Controls at a Service Organization "
"Relevant to Security, Availability, Processing Integrity, Confidentiality or "
"Privacy <http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/"
"Pages/AICPASOC2Report.aspx>`_."
msgstr ""
"Untuk lebih jelasnya lihat `AICPA Report on Controls at a Service "
"Organization Relevant to Security, Availability, Processing Integrity, "
"Confidentiality or Privacy <http://www.aicpa.org/InterestAreas/FRC/"
"AssuranceAdvisoryServices/Pages/AICPASOC2Report.aspx>`_."
msgid ""
"For more details see the `AICPA Report on Controls at a Service Organization "
"Relevant to User Entities' Internal Control over Financial Reporting <http://"
"www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/"
"AICPASOC1Report.aspx>`_."
msgstr ""
"Untuk lebih jelasnya lihat `AICPA Report on Controls at a Service "
"Organization Relevant to User Entities' Internal Control over Financial "
"Reporting <http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/"
"Pages/AICPASOC1Report.aspx>`_."
msgid ""
"For more details see the `AICPA Trust Services Report for Service "
"Organizations <http://www.aicpa.org/InterestAreas/FRC/"
"AssuranceAdvisoryServices/Pages/AICPASOC3Report.aspx>`_."
msgstr ""
"Untuk lebih jelasnya lihat `AICPA Trust Services Report for Service "
"Organizations <http://www.aicpa.org/InterestAreas/FRC/"
"AssuranceAdvisoryServices/Pages/AICPASOC3Report.aspx>`_."
msgid ""
"For more details see the `Health Insurance Portability And Accountability "
"Act <https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-"
"Simplification/HIPAAGenInfo/downloads/HIPAALaw.pdf>`_."
msgstr ""
"Untuk lebih jelasnya lihat `Health Insurance Portability And Accountability "
"Act <https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-"
"Simplification/HIPAAGenInfo/downloads/HIPAALaw.pdf>`_."
msgid ""
"For more details, see `How to create a TLS Loadbalancer <https://wiki."
"openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer>`_ and "
"`Deploy a TLS-terminated HTTPS load balancer <https://docs.openstack.org/"
"octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-"
"load-balancer>`_."
msgstr ""
"Untuk lebih jelasnya, lihat `How to create a TLS Loadbalancer <https://wiki."
"openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer>`_ dan "
"`Deploy a TLS-terminated HTTPS load balancer <https://docs.openstack.org/"
"octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-"
"load-balancer>`_."
msgid ""
"For more details, see `Object Encryption <https://docs.openstack.org/swift/"
"pike/overview_encryption.html>`_ within the official swift documentation."
msgstr ""
"Untuk lebih jelasnya, lihat `Object Encryption <https://docs.openstack.org/"
"swift/pike/overview_encryption.html>`_ dalam dokumentasi swift resmi."
msgid ""
"For more details, see the `Data Encryption section <https://docs.openstack."
"org/security-guide/tenant-data/data-encryption.html>`_. and `Volume "
"encryption <https://docs.openstack.org/ocata/config-reference/block-storage/"
"volume-encryption.html>`_."
msgstr ""
"Untuk lebih jelasnya, lihat `Data Encryption section <https://docs.openstack."
"org/security-guide/tenant-data/data-encryption.html>`_. and `Volume "
"encryption <https://docs.openstack.org/ocata/config-reference/block-storage/"
"volume-encryption.html>`_."
msgid ""
"For more details, see the `Ephemeral disk encryption documentation <https://"
"docs.openstack.org/security-guide/tenant-data/data-encryption.html#ephemeral-"
"disk-encryption>`_."
msgstr ""
"Untuk lebih jelasnya, lihat `Ephemeral disk encryption documentation "
"<https://docs.openstack.org/security-guide/tenant-data/data-encryption."
"html#ephemeral-disk-encryption>`_."
msgid ""
"For more details, see the `Trusted Images documentation <https://docs."
"openstack.org/security-guide/instance-management/security-services-for-"
"instances.html#trusted-images/>`_."
msgstr ""
"Untuk lebih jelasnya, lihat `Trusted Images documentation <https://docs."
"openstack.org/security-guide/instance-management/security-services-for-"
"instances.html#trusted-images/>`_."
msgid ""
"For more information about Paste Deploy, see `Python Paste Deployment "
"documentation <http://pythonpaste.org/deploy/>`__."
msgstr ""
"Untuk informasi lebih lanjut tentang Paste Deploy, lihat `Python Paste "
"Deployment documentation <http://pythonpaste.org/deploy/>`__."
msgid ""
"For more information about the ``lvm_type`` parameter, see sections `LVM "
"<https://docs.openstack.org/cinder/latest/configuration/block-storage/"
"drivers/lvm-volume-driver.html>`__ and `Oversubscription in thin "
"provisioning <https://docs.openstack.org/cinder/latest/admin/blockstorage-"
"over-subscription.html>`__ of the *cinder* project documentation."
msgstr ""
"Untuk informasi lebih lanjut tentang parameter ``lvm_type``, lihat bagian "
"`LVM <https://docs.openstack.org/cinder/latest/configuration/block-storage/"
"drivers/lvm-volume-driver.html>` __ dan `Oversubscription in thin "
"provisioning <https://docs.openstack.org/cinder/latest/admin/blockstorage-"
"over-subscription.html>` __ dari dokumentasi proyek *cinder*."
msgid ""
"For more information about the ``volume_clear`` parameter, see section "
"`Cinder Configuration Options <https://docs.openstack.org/cinder/latest/"
"sample_config.html>`__ of the *cinder* project documentation."
msgstr ""
"Untuk informasi lebih lanjut tentang parameter ``volume_clear``, lihat "
"bagian `Cinder Configuration Options <https://docs.openstack.org/cinder/"
"latest/sample_config.html>` __ dari dokumentasi proyek *cinder*."
msgid "For more information on RabbitMQ SSL configuration see:"
msgstr "Untuk informasi lebih lanjut tentang konfigurasi SSL RabbitMQ lihat:"
msgid ""
"For more information on the deployment, operation, or implementation of "
"Object Storage encryption, see the swift Developer Documentation on `Object "
"Encryption <https://docs.openstack.org/swift/latest/overview_encryption."
"html>`_."
msgstr ""
"Untuk informasi lebih lanjut tentang penerapan, pengoperasian, atau "
"penerapan enkripsi Obyek Penyimpanan, lihat Dokumentasi Pengembang yang "
"cepat pada `Object Encryption <https://docs.openstack.org/swift/latest/"
"overview_encryption.html>`_."
msgid ""
"For more information on the rootwrap project, please see the official "
"documentation: `https://wiki.openstack.org/wiki/Rootwrap <https://wiki."
"openstack.org/wiki/Rootwrap>`_"
msgstr ""
"Untuk informasi lebih lanjut tentang proyek rootwrap, silakan lihat "
"dokumentasi resmi :`https://wiki.openstack.org/wiki/Rootwrap <https://wiki."
"openstack.org/wiki/Rootwrap>`_"
msgid ""
"For more information, see `Shibboleth Service Provider Configuration "
"<https://wiki.shibboleth.net/confluence/display/SHIB2/Configuration>`__."
msgstr ""
"Untuk informasi lebih lanjut, lihat `Shibboleth Service Provider "
"Configuration <https://wiki.shibboleth.net/confluence/display/SHIB2/"
"Configuration>`__."
msgid ""
"For more information, see the `Sahara advanced configuration guide <https://"
"docs.openstack.org/sahara/latest/admin/advanced-configuration-guide."
"html#external-key-manager-usage>`_."
msgstr ""
"Untuk informasi lebih lanjut, lihat `Sahara advanced configuration guide "
"<https://docs.openstack.org/sahara/latest/admin/advanced-configuration-guide."
"html#external-key-manager-usage>`_."
msgid ""
"For production environments we recommend controlling the security groups "
"manually and creating a set of group rules that are appropriate for the "
"installation. In this manner the operator can ensure that the default "
"security group will contain all the appropriate rules. For an expanded "
"discussion of security groups please see :ref:`networking-security-groups`."
msgstr ""
"Untuk lingkungan produksi sebaiknya Anda mengendalikan kelompok keamanan "
"secara manual dan membuat seperangkat aturan kelompok yang sesuai untuk "
"pemasangan. Dengan cara ini, operator dapat memastikan bahwa grup keamanan "
"default akan berisi semua peraturan yang sesuai. Untuk diskusi kelompok "
"keamanan yang diperluas, lihat :ref:`networking-security-groups`."
msgid ""
"For publicly facing services, the threats are pretty straightforward. Users "
"will be authenticating against horizon and keystone with their username and "
"password. Users will also be accessing the API endpoints for other services "
"using their keystone tokens. If this network traffic is unencrypted, "
"passwords and tokens can be intercepted by an attacker using a man-in-the-"
"middle attack. The attacker can then use these valid credentials to perform "
"malicious operations. All real deployments should be using SSL/TLS to "
"protect publicly facing services."
msgstr ""
"Untuk layanan yang dihadapi publik, ancamannya sangat mudah. Pengguna akan "
"melakukan otentikasi terhadap horizon dan keystone dengan nama pengguna dan "
"kata sandinya. Pengguna juga akan mengakses API endpoint untuk layanan lain "
"menggunakan token kunci mereka. Jika lalu lintas jaringan ini tidak "
"terenkripsi, kata sandi dan tanda dapat dicegat oleh penyerang menggunakan "
"serangan man-in-the-middle. Penyerang kemudian dapat menggunakan kredensial "
"yang valid ini untuk melakukan operasi berbahaya. Semua penerapan sebenarnya "
"harus menggunakan SSL/TLS untuk melindungi layanan yang dihadapi secara "
"publik."
msgid ""
"For services that are deployed on management networks, the threats aren't so "
"clear due to the bridging of security domains with network security. There "
"is always the chance that an administrator with access to the management "
"network decides to do something malicious. SSL/TLS isn't going to help in "
"this situation if the attacker is allowed to access the private key. Not "
"everyone on the management network would be allowed to access the private "
"key of course, so there is still value in using SSL/TLS to protect yourself "
"from internal attackers. Even if everyone that is allowed to access your "
"management network is 100% trusted, there is still a threat that an "
"unauthorized user gains access to your internal network by exploiting a "
"misconfiguration or software vulnerability. One must keep in mind that you "
"have users running their own code on instances in the OpenStack Compute "
"nodes, which are deployed on the management network. If a vulnerability "
"allows them to break out of the hypervisor, they will have access to your "
"management network. Using SSL/TLS on the management network can minimize the "
"damage that an attacker can cause."
msgstr ""
"Untuk layanan yang dikerahkan di jaringan manajemen, ancamannya tidak begitu "
"jelas karena menjembatani domain keamanan dengan keamanan jaringan. Selalu "
"ada kemungkinan administrator dengan akses ke jaringan manajemen memutuskan "
"untuk melakukan sesuatu yang jahat. SSL/TLS tidak akan membantu dalam "
"situasi ini jika penyerang diizinkan untuk mengakses kunci privat. Tidak "
"semua orang di jaringan manajemen akan diizinkan untuk mengakses kunci "
"privat tentunya, jadi masih ada nilai dalam menggunakan SSL/TLS untuk "
"melindungi diri dari penyerang internal. Bahkan jika setiap orang yang "
"diizinkan mengakses jaringan manajemen Anda 100% dipercaya, masih ada "
"ancaman bahwa pengguna yang tidak berwenang mendapatkan akses ke jaringan "
"internal Anda dengan memanfaatkan kerentanan misconfiguration atau perangkat "
"lunak. Kita harus ingat bahwa Anda memiliki pengguna yang menjalankan kode "
"mereka sendiri pada instance di node OpenStack Compute, yang digunakan pada "
"jaringan manajemen. Jika kerentanan memungkinkan mereka keluar dari "
"hypervisor, mereka akan memiliki akses ke jaringan manajemen Anda. "
"Menggunakan SSL/TLS pada jaringan manajemen dapat meminimalkan kerusakan "
"yang dapat menyebabkan penyerang."
msgid ""
"For situations where the fixed and floating IP addresses do not provide the "
"functionality required the controller can provide access through two "
"alternate methods: custom network topologies and indirect access. The custom "
"network topologies feature allows the controller to access the instances "
"through a supplied shell command in the configuration file. Indirect access "
"is used to specify instances that can be used as proxy gateways by the user "
"during cluster provisioning. These options are discussed with examples of "
"usage in :doc:`configuration-and-hardening`."
msgstr ""
"Untuk situasi di mana alamat IP tetap dan mengambang tidak menyediakan "
"fungsionalitas yang dibutuhkan, controller dapat menyediakan akses melalui "
"dua metode alternatif: topologi jaringan custom dan akses tidak langsung. "
"Fitur topologi jaringan custom memungkinkan controller mengakses instance "
"melalui perintah shell yang disediakan pada file konfigurasi. Akses tidak "
"langsung digunakan untuk menentukan instance yang dapat digunakan sebagai "
"gateway proxy oleh pengguna selama pemberian klaster. Pilihan ini dibahas "
"dengan contoh penggunaan di :doc:`configuration-and-hardening`."
msgid ""
"For storage of secrets, it's strongly recommended to a Hardware Security "
"Modules (HSMs). HSMs can come in multiple forms. The traditional device is a "
"rack mounted appliance such as the one `shown in the following blog post "
"<https://vakwetu.wordpress.com/2015/11/30/barbican-and-dogtagipa/>`_."
msgstr ""
"Untuk penyimpanan rahasia, sangat disarankan ke Hardware Security Modules "
"(HSMs). HSM bisa datang dalam berbagai bentuk. Perangkat tradisional adalah "
"alat yang dipasang rak seperti yang ditunjukkan pada entri blog berikut "
"<https://vakwetu.wordpress.com/2015/11/30/barbican-and-dogtagipa/> `_."
msgid ""
"For these and other hypervisors, we recommend referring to hypervisor-"
"specific documentation."
msgstr ""
"Untuk hypervisor ini dan lainnya, sebaiknya rujuk ke dokumentasi khusus "
"hypervisor."
msgid "Forensics and incident response"
msgstr "Respon forensik dan insiden"
msgid ""
"Fortunately, a cloud architect may address these issues by providing a high "
"quality source of entropy to the cloud instances. This can be done by having "
"enough hardware random number generators (HRNG) in the cloud to support the "
"instances. In this case, \"enough\" is somewhat domain specific. For "
"everyday operations, a modern HRNG is likely to produce enough entropy to "
"support 50-100 compute nodes. High bandwidth HRNGs, such as the RdRand "
"instruction available with Intel Ivy Bridge and newer processors could "
"potentially handle more nodes. For a given cloud, an architect needs to "
"understand the application requirements to ensure that sufficient entropy is "
"available."
msgstr ""
"Untungnya, seorang arsitek awan dapat mengatasi masalah ini dengan "
"menyediakan sumber entropi berkualitas tinggi ke awan. Hal ini dapat "
"dilakukan dengan memiliki cukup banyak hardware random number generator "
"(HRNG) di awan untuk mendukung kejadian tersebut. Dalam hal ini, \"enough\" "
"agak spesifik domain. Untuk operasi sehari-hari, HRNG modern kemungkinan "
"menghasilkan entropi yang cukup untuk menopang 50-100 node. HRNG dengan "
"bandwidth tinggi, seperti instruksi RdRand yang tersedia dengan Intel Ivy "
"Bridge dan prosesor yang lebih baru berpotensi menangani lebih banyak node. "
"Untuk awan yang ada, seorang arsitek perlu memahami persyaratan aplikasi "
"untuk memastikan entropi yang memadai tersedia."
msgid "Frequently Asked Questions"
msgstr "Pertanyaan yang Sering Diajukan"
msgid ""
"From the Kilo release onward the data processing controller allows direct "
"TLS connections, which we recommend. Enabling this behavior requires some "
"small adjustments to the controller configuration file."
msgstr ""
"Dari pelepasan Kilo dan pengontrol pengolah data memungkinkan koneksi TLS "
"langsung, yang kami rekomendasikan. Mengaktifkan perilaku ini memerlukan "
"sedikit penyesuaian pada file konfigurasi controller."
msgid "From->To *[Transport]*:"
msgstr "From->To *[Transport]*:"
msgid "Front-end caching"
msgstr "Caching front-end"
msgid "Front-end caching and session back end"
msgstr "Caching front-end dan sesi back end"
msgid ""
"Fully hardening a system is a challenging process and it may require a "
"substantial amount of changes to some systems. Some of these changes could "
"impact production workloads. If a system cannot be fully hardened, the "
"following two changes are highly recommended to increase security without "
"large disruptions:"
msgstr ""
"Pengerasan sistem secara keseluruhan adalah proses yang menantang dan "
"mungkin memerlukan sejumlah besar perubahan pada beberapa sistem. Beberapa "
"perubahan ini bisa berdampak pada beban kerja produksi. Jika sistem tidak "
"dapat sepenuhnya dikeraskan, dua perubahan berikut sangat dianjurkan untuk "
"meningkatkan keamanan tanpa gangguan besar:"
msgid ""
"Further, the quality of community, as it surrounds an open source hypervisor "
"like KVM or Xen, has a direct impact on the timeliness of bug fixes and "
"security updates. When investigating both commercial and open source "
"hypervisors, you must look into their release and support cycles as well as "
"the time delta between the announcement of a bug or security issue and a "
"patch or response. Lastly, the supported capabilities of OpenStack compute "
"vary depending on the hypervisor chosen. See the `OpenStack Hypervisor "
"Support Matrix <https://wiki.openstack.org/wiki/HypervisorSupportMatrix>`_ "
"for OpenStack compute feature support by hypervisor."
msgstr ""
"Selanjutnya, kualitas komunitas, karena ia mengelilingi hypervisor open "
"source seperti KVM atau Xen, memiliki dampak langsung pada ketepatan waktu "
"perbaikan bug dan pembaruan keamanan. Saat menyelidiki hypervisors komersial "
"dan open source, Anda harus melihat siklus rilis dan dukungan serta delta "
"waktu antara pengumuman bug atau masalah keamanan dan patch atau respons. "
"Terakhir, kemampuan OpenStack yang didukung bervariasi tergantung pada "
"hypervisor yang dipilih. Lihat `OpenStack Hypervisor Support Matrix <https://"
"wiki.openstack.org/wiki/HypervisorSupportMatrix>`_ untuk dukungan fitur "
"komputasi OpenStack dengan hypervisor."
msgid ""
"Futher information can be found in the `Django documentation <https://docs."
"djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header/>`_."
msgstr ""
"Informasi lebih lanjut dapat ditemukan di `Django documentation <https://"
"docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header/>`_."
msgid "Future"
msgstr "Masa depan"
msgid "GUEST"
msgstr "GUEST"
msgid ""
"General data disposal and sanitization guidelines as adopted from NIST "
"recommended security controls. Cloud operators should:"
msgstr ""
"Petunjuk pembuangan dan sanitasi data umum yang diadopsi dari kontrol "
"keamanan NIST yang direkomendasikan. Operator awan harus:"
msgid "General security information"
msgstr "Informasi keamanan umum"
msgid "General service security"
msgstr "Keamanan layanan umum"
msgid "Generate metadata"
msgstr "Buat metadata"
msgid "Get a scoped token."
msgstr "Dapatkan scoped token."
msgid ""
"Given the complexity of the OpenStack components and the number of "
"deployment possibilities, you must take care to ensure that each component "
"gets the appropriate configuration of TLS certificates, keys, and CAs. "
"Subsequent sections discuss the following services:"
msgstr ""
"Mengingat kompleksitas komponen OpenStack dan jumlah kemungkinan penyebaran, "
"Anda harus berhati-hati untuk memastikan bahwa setiap komponen mendapatkan "
"konfigurasi TLS certificates, keys, and CAs yang sesuai. Bagian selanjutnya "
"membahas layanan berikut:"
msgid ""
"Given the risks around access to the database, we strongly recommend that "
"unique database user accounts be created per node needing access to the "
"database. Doing this facilitates better analysis and auditing for ensuring "
"compliance or in the event of a compromise of a node allows you to isolate "
"the compromised host by removing access for that node to the database upon "
"detection. When creating these per service endpoint database user accounts, "
"care should be taken to ensure that they are configured to require TLS. "
"Alternatively, for increased security it is recommended that the database "
"accounts be configured using X.509 certificate authentication in addition to "
"user names and passwords."
msgstr ""
"Mengingat risiko seputar akses ke database, kami sangat menyarankan agar "
"akun pengguna database unik dibuat per node yang memerlukan akses ke "
"database. Melakukan hal ini memudahkan analisis dan audit yang lebih baik "
"untuk memastikan kepatuhan atau jika kompromi sebuah node memungkinkan Anda "
"untuk mengisolasi host yang dikompromikan dengan menghapus akses node "
"tersebut ke database pada saat deteksi. Saat membuat akun pengguna database "
"endpoint per layanan ini, perhatian harus dilakukan untuk memastikan bahwa "
"mereka dikonfigurasi untuk mewajibkan TLS. Sebagai alternatif, untuk "
"keamanan yang meningkat, disarankan agar akun database dikonfigurasi "
"menggunakan otentikasi sertifikat X.509 selain nama pengguna dan kata sandi."
msgid "Government standards"
msgstr "Standar Pemerintah"
msgid "Granular access control"
msgstr "Kontrol akses Granular"
msgid ""
"Gregg Tally is the Chief Engineer at JHU/APL's Cyber Systems Group within "
"the Asymmetric Operations Department. He works primarily in systems security "
"engineering. Previously, he has worked at SPARTA, McAfee, and Trusted "
"Information Systems where he was involved in cyber security research "
"projects."
msgstr ""
"Gregg Tally adalah Chief Engineer di JHU/APL's Cyber Systems Group di dalam "
"Asymmetric Operations Department. Dia bekerja terutama dalam rekayasa "
"keamanan sistem. Sebelumnya, dia pernah bekerja di SPARTA, McAfee, dan "
"Trusted Information Systems dimana dia terlibat dalam proyek penelitian "
"keamanan cyber."
msgid "Guest"
msgstr "Guest"
msgid "Guest VMs"
msgstr "Guest VMs"
msgid "Guest network"
msgstr "Guest network (jaringan tamu)"
msgid "HIPAA / HITECH"
msgstr "HIPAA / HITECH"
msgid ""
"HIPAA is not a certification, rather a guide for protecting healthcare data. "
"Similar to the PCI-DSS, the most important issues with both PCI and HIPPA is "
"that a breach of credit card information, and health data, does not occur. "
"In the instance of a breach, the cloud provider will be scrutinized for "
"compliance with PCI and HIPPA controls. If proven compliant, the provider "
"can be expected to immediately implement remedial controls, breach "
"notification responsibilities, and significant expenditure on additional "
"compliance activities. If not compliant, the cloud provider can expect on-"
"site audit teams, fines, potential loss of merchant ID (PCI), and massive "
"reputation impact."
msgstr ""
"HIPAA bukan sertifikasi, melainkan panduan untuk melindungi data kesehatan. "
"Serupa dengan PCI-DSS, masalah yang paling penting dengan PCI dan HIPPA "
"adalah pelanggaran informasi kartu kredit, dan data kesehatan, tidak "
"terjadi. Dalam kasus pelanggaran, penyedia awan akan diteliti untuk mematuhi "
"kontrol PCI dan HIPPA. Jika terbukti memenuhi syarat, provider dapat "
"diharapkan segera menerapkan remedial controls, melanggar notifikasi "
"pemberitahuan, dan pengeluaran yang signifikan untuk kegiatan kepatuhan "
"tambahan. Jika tidak memenuhi syarat, penyedia awan dapat terancam on-site "
"audit team, denda, potensi kehilangan merchant ID (PCI), dan dampak reputasi "
"besar."
msgid "HTTP Strict Transport Security (HSTS)"
msgstr "HTTP Strict Transport Security (HSTS)"
msgid "HTTP listening port"
msgstr "HTTP listening port"
msgid "HTTP strict transport security"
msgstr "Keamanan transportasi ketat HTTP"
msgid "HTTPS"
msgstr "HTTPS"
msgid "HTTPS, HSTS, XSS, and SSRF"
msgstr "HTTPS, HSTS, XSS, and SSRF"
msgid ""
"Harden QEMU using compiler hardening options. Modern compilers provide a "
"variety of compile time options to improve the security of the resulting "
"binaries. These features include relocation read-only (RELRO), stack "
"canaries, never execute (NX), position independent executable (PIE), and "
"address space layout randomization (ASLR)."
msgstr ""
"Harden QEMU menggunakan opsi pengerasan kompiler. Kompiler modern "
"menyediakan berbagai opsi waktu kompilasi untuk meningkatkan keamanan binari "
"yang dihasilkan. Fitur-fitur ini termasuk relocation read-only (RELRO), "
"stack canaries, never execute (NX), position independent executable (PIE), "
"dan address space layout randomization (ASLR)."
msgid "Hardening Compute deployments"
msgstr "Pengerasan Pengerahan Compute"
msgid "Hardening the virtualization layers"
msgstr "Pengerasan lapisan virtualisasi"
msgid ""
"Hardens the data sections of an executable. Both full and partial RELRO "
"modes are supported by gcc. For QEMU full RELRO is your best choice. This "
"will make the global offset table read-only and place various internal data "
"sections before the program data section in the resulting executable."
msgstr ""
"Hardens bagian data dari executable. Baik mode RELRO penuh maupun parsial "
"didukung oleh gcc. Untuk QEMU full RELRO adalah pilihan terbaik anda. Ini "
"akan membuat tabel offset global hanya bisa dibaca dan menempatkan berbagai "
"bagian data internal sebelum bagian data program dieksekusi."
msgid "Hardware"
msgstr "Hardware"
msgid "Hardware concerns"
msgstr "Masalah perangkat keras"
msgid "Hardware inventory"
msgstr "Inventarisasi perangkat keras"
msgid ""
"Having a share as remote mountable instance of a file system, you can manage "
"access to a specified share, and list permissions for a specified share."
msgstr ""
"Dengan memiliki share sebagai instance sistem file yang dapat di mount jauh, "
"Anda dapat mengatur akses ke bagian tertentu, dan mendaftarkan perizinan "
"untuk bagian tertentu."
msgid ""
"Here are a few important use cases to consider when implementing log "
"aggregation, analysis and monitoring. These use cases can be implemented and "
"monitored through various applications, tools or scripts. There are open "
"source and commercial solutions and some operators develop their own in-"
"house solutions. These tools and scripts can generate events that can be "
"sent to administrators through email or viewed in the integrated dashboard. "
"It is important to consider additional use cases that may apply to your "
"specific network and what you may consider anomalous behavior."
msgstr ""
"Berikut adalah beberapa kasus penggunaan penting yang perlu dipertimbangkan "
"saat menerapkan agregasi, analisis dan pemantauan log. Kasus penggunaan ini "
"dapat diimplementasikan dan dipantau melalui berbagai aplikasi, peralatan "
"atau skrip. Ada solusi open source dan komersial dan beberapa operator "
"mengembangkan solusi in-house mereka sendiri. Alat dan skrip ini dapat "
"menghasilkan event (kejadian) yang dapat dikirim ke administrator melalui "
"email atau dilihat di dasbor terpadu. Penting untuk mempertimbangkan kasus "
"penggunaan tambahan yang mungkin berlaku untuk jaringan spesifik Anda dan "
"apa yang mungkin Anda anggap sebagai perilaku anomali."
msgid "High"
msgstr "High"
msgid "Higher impact"
msgstr "Dampak lebih tinggi"
msgid ""
"Highlight security concerns and potential mitigations in present day "
"OpenStack"
msgstr ""
"Sorot (highlight) masalah keamanan dan potensi mitigasi di OpenStack saat ini"
msgid ""
"Highly capable and financially driven groups of attackers. Able to fund in-"
"house exploit development and target research. In recent years the rise of "
"organizations such as the Russian Business Network, a massive cyber-criminal "
"enterprise, has demonstrated how cyber attacks have become a commodity. "
"Industrial espionage falls within the serious organized crime group."
msgstr ""
"Kelompok penyerang yang sangat mampu dan digerakkan secara finansial. Mampu "
"mendanai pengembangan eksploitasi in house dan target penelitian. Dalam "
"beberapa tahun terakhir, bangkitnya organisasi seperti Russian Business "
"Network, sebuah perusahaan cyber-criminal masif, telah menunjukkan bagaimana "
"serangan maya telah menjadi komoditas. Spionase industri berada di dalam "
"kelompok kejahatan terorganisasi serius."
msgid "Highly capable groups"
msgstr "Kelompok yang sangat mampu"
msgid "Horizon image upload"
msgstr "Upload image Horizon"
msgid ""
"Hortonworks, Hortonworks. 2016. `Hortonworks Data Platform documentation "
"<http://docs.hortonworks.com>`__"
msgstr ""
"Hortonworks, Hortonworks. 2016. `Hortonworks Data Platform documentation "
"<http://docs.hortonworks.com>`__"
msgid "Host key fingerprints"
msgstr "Host key fingerprints"
msgid "Host platform configuration"
msgstr "Konfigurasi platform host"
msgid "Host platform manufacturer control"
msgstr "Kontrol pabrikan platform host"
msgid ""
"Host-based intrusion detection tools are also useful for automated "
"validation of the cloud internals. There are a wide variety of host-based "
"intrusion detection tools available. Some are open source projects that are "
"freely available, while others are commercial. Typically these tools analyze "
"data from a variety of sources and produce security alerts based on rule "
"sets and/or training. Typical capabilities include log analysis, file "
"integrity checking, policy monitoring, and rootkit detection. More advanced "
"-- often custom -- tools can validate that in-memory process images match "
"the on-disk executable and validate the execution state of a running process."
msgstr ""
"Alat deteksi intrusi berbasis host juga berguna untuk validasi otomatis "
"internal awan. Ada berbagai alat deteksi intrusi berbasis host yang "
"tersedia. Beberapa proyek open source yang tersedia secara bebas, sementara "
"yang lainnya bersifat komersial. Biasanya alat ini menganalisis data dari "
"berbagai sumber dan menghasilkan peringatan keamanan berdasarkan rangkaian "
"aturan dan / atau pelatihan. Kemampuan khas meliputi analisis log, "
"pengecekan integritas berkas, pemantauan kebijakan, dan deteksi rootkit. "
"Lebih alat -- often custom -- yang canggih dapat memvalidasi bahwa image "
"proses in-memory sesuai dengan on-disk yang dapat dieksekusi dan memvalidasi "
"keadaan eksekusi dari proses yang sedang berjalan."
msgid "How"
msgstr "Bagaimana"
msgid "How are users granted access to build systems?"
msgstr "Bagaimana pengguna diberi akses untuk membangun sistem?"
msgid "How can I use Vault, Keywhiz, Custodia etc ...?"
msgstr "Bagaimana cara menggunakan Vault, Keywhiz, Custodia dll ...?"
msgid "How data travels between components of the system"
msgstr "Bagaimana data bergerak antar komponen sistem"
msgid "How is source code management performed?"
msgstr "Bagaimana pengelolaan kode sumber dilakukan?"
msgid "How the project interacts with external dependencies"
msgstr "Bagaimana proyek berinteraksi dengan dependensi eksternal"
msgid "How to contribute to this book"
msgstr "Bagaimana berkontribusi pada buku ini"
msgid "How to select virtual consoles"
msgstr "Cara memilih konsol virtual"
msgid ""
"However, as this book does not intend to be a thorough reference on "
"cryptography we do not wish to be prescriptive about what specific "
"algorithms or cipher modes you should enable or disable in your OpenStack "
"services. There are some authoritative references we would like to recommend "
"for further information:"
msgstr ""
"Namun, karena buku ini tidak bermaksud menjadi referensi menyeluruh tentang "
"kriptografi, kami tidak ingin menjadi preskriptif tentang algoritma atau "
"mode cipher tertentu yang harus Anda aktifkan atau nonaktifkan di layanan "
"OpenStack Anda. Ada beberapa referensi terpercaya yang ingin kami "
"rekomendasikan untuk informasi lebih lanjut:"
msgid "Hybrid cloud"
msgstr "Awan hibrida"
msgid "Hyper-V"
msgstr "Hyper-V"
msgid "Hypervisor mailinglists"
msgstr "Hypervisor milis"
msgid "Hypervisor memory optimization"
msgstr "Pengoptimalan memori hypervisor"
msgid "Hypervisor selection"
msgstr "Seleksi hypervisor"
msgid "Hypervisor threats"
msgstr "Ancaman hypervisor"
msgid "Hypervisor versus bare metal"
msgstr "Hypervisor versus bare metal"
msgid "Hypervisor vs. baremetal"
msgstr "Hypervisor versus baremetal"
msgid "Hypervisors in OpenStack"
msgstr "Hypervisors di OpenStack"
msgid "I/O MMU"
msgstr "I/O MMU"
msgid "IP addresses of users"
msgstr "Alamat IP pengguna"
msgid "IPL code configuration and data"
msgstr "Konfigurasi dan data kode IPL"
msgid "ISO 27001/2"
msgstr "ISO 27001/2"
msgid "ITAR"
msgstr "ITAR"
msgid ""
"Ideally, to test that the Identity Provider and the Identity service are "
"communicating, navigate to the protected URL and attempt to sign in. If you "
"get a response back from keystone, even if it is a wrong response, indicates "
"the communication."
msgstr ""
"Idealnya, untuk menguji bahwa Identity Provider dan layanan Identity "
"berkomunikasi, navigasikan ke URL yang dilindungi dan cobalah masuk. Jika "
"Anda mendapat tanggapan balik dari keystone, meskipun itu adalah respons "
"yang salah, tunjukkan komunikasi."
msgid "Identification and Authentication"
msgstr "Identification dan Authentication"
msgid ""
"Identification and authentication using pluggable authentication modules "
"(PAM) based upon user passwords. The quality of the passwords used can be "
"enforced through configuration options."
msgstr ""
"Identification dan authentication menggunakan pluggable authentication "
"modules (PAM) berdasarkan password pengguna. Kualitas kata kunci yang "
"digunakan bisa ditegakkan melalui pilihan konfigurasi."
msgid "Identification and authentication, protected data transfer"
msgstr "Identifikasi dan otentikasi, transfer data yang dilindungi"
msgid "Identify the security domains in OpenStack"
msgstr "Identifikasi domain keamanan di OpenStack"
msgid ""
"Identify where risks exist in a cloud architecture and apply controls to "
"mitigate the risks. In areas of significant concern, layered defenses "
"provide multiple complementary controls to manage risk down to an acceptable "
"level. For example, to ensure adequate isolation between cloud tenants, we "
"recommend hardening :term:`QEMU <Quick EMUlator (QEMU)>`, using a hypervisor "
"with SELinux support, enforcing mandatory access control policies, and "
"reducing the overall attack surface. The foundational principle is to harden "
"an area of concern with multiple layers of defense such that if any one "
"layer is compromised, other layers will exist to offer protection and "
"minimize exposure."
msgstr ""
"Identifikasi dimana ada risiko dalam arsitektur awan dan menerapkan kontrol "
"untuk mengurangi risiko. Di bidang yang menjadi perhatian penting, "
"pertahanan berlapis memberikan beberapa kontrol komplementer untuk mengelola "
"risiko hingga tingkat yang dapat diterima. Misalnya, untuk memastikan "
"isolasi yang memadai antara penyewa awan, kami merekomendasikan pengerasan "
"(hardening) :term:`QEMU <Quick EMUlator (QEMU)>`, menggunakan hypervisor "
"dengan dukungan SELinux, menerapkan kebijakan kontrol akses wajib, dan "
"mengurangi keseluruhan permukaan serangan. Prinsip dasarnya adalah untuk "
"mengeraskan area yang menjadi perhatian dengan banyak lapisan pertahanan "
"sehingga jika ada satu lapisan yang terganggu, lapisan lain akan ada untuk "
"menawarkan perlindungan dan meminimalkan pemaparan."
# #-#-#-#-# data-processing.pot (Security Guide 0.0.1) #-#-#-#-#
# #-#-#-#-# identity.pot (Security Guide 0.0.1) #-#-#-#-#
msgid "Identity"
msgstr "Identitas"
msgid "Identity API endpoints"
msgstr "Identity API endpoints"
msgid "Identity Provider (IdP)"
msgstr "Identity Provider (IdP)"
msgid "Identity service"
msgstr "Layanan Identity"
msgid ""
"Identity service (keystone) provides identity, token, catalog, and policy "
"services for use specifically by services in the OpenStack family. Identity "
"service is organized as a group of internal services exposed on one or many "
"endpoints. Many of these services are used in a combined fashion by the "
"front end. For example, an authentication call validates user and project "
"credentials with the identity service. If successful, it will create and "
"return a token with the token service. More information can be found by "
"reading the `keystone Developer Documentation <https://docs.openstack.org/"
"keystone/latest/index.html>`_."
msgstr ""
"Layanan Identity (keystone) menyediakan layanan identitas, token, katalog, "
"dan kebijakan untuk digunakan secara khusus oleh layanan di keluarga "
"OpenStack. Layanan Identity diatur sebagai sekelompok layanan internal yang "
"terpapar pada satu atau banyak endpoint. Banyak dari layanan ini digunakan "
"secara gabungan oleh front end. Misalnya, panggilan otentikasi memvalidasi "
"kredensial pengguna dan proyek dengan layanan Identity. Jika berhasil, maka "
"akan membuat dan mengembalikan token dengan layanan token. Informasi lebih "
"lanjut dapat ditemukan dengan membaca `keystone Developer Documentation "
"<https://docs.openstack.org/keystone/latest/index.html>`_."
msgid ""
"Identity service enforces ``external`` authentication when environment "
"variable ``REMOTE_USER`` is present so make sure Shibboleth does not set the "
"``REMOTE_USER`` environment variable. To do so, scan through the ``/etc/"
"shibboleth/shibboleth2.xml`` configuration file and remove the "
"``REMOTE_USER`` directives."
msgstr ""
"Layanan Identity memaksa otentikasi ``external``` saat variabel lingkungan "
"``REMOTE_USER`` hadir sehingga pastikan Shibboleth tidak menyetel variabel "
"lingkungan ``REMOTE_USER``. Untuk melakukannya, pindai melalui file "
"konfigurasi ``/etc/shibboleth/shibboleth2.xml`` dan hapus directive "
"``REMOTE_USER``."
msgid ""
"If :ref:`check_compute_01` and permissions set to 640, root has read/write "
"access and nova has read access to these configuration files. The access "
"rights can also be validated using the following command. This command will "
"only be available on your system if it supports ACLs."
msgstr ""
"Jika :ref:`check_compute_01` dan izin diset ke 640, root telah membaca/"
"menulis akses dan nova telah membaca akses ke file konfigurasi ini. Hak "
"akses juga dapat divalidasi dengan menggunakan perintah berikut. Perintah "
"ini hanya akan tersedia di sistem Anda jika mendukung ACL."
msgid ""
"If ``insecure_debug`` is set to true, then the server will return "
"information in HTTP responses that may allow an unauthenticated or "
"authenticated user to get more information than normal, such as additional "
"details about why authentication failed."
msgstr ""
"Jika ``insecure_debug`` disetel ke true, server akan mengembalikan informasi "
"dalam tanggapan HTTP yang memungkinkan pengguna yang tidak berkepentingan "
"atau dikonfirmasi untuk mendapatkan lebih banyak informasi daripada "
"biasanya, seperti detail tambahan mengapa otentikasi gagal."
msgid ""
"If a cloud deployment requires strong separation of tenants, as is the "
"situation with public clouds and some private clouds, deployers should "
"consider disabling TPS and KSM memory optimizations."
msgstr ""
"Jika penyebaran awan memerlukan pemisahan penyewa yang kuat, seperti situasi "
"dengan awan publik dan beberapa awan pribadi, pengawas harus "
"mempertimbangkan untuk menonaktifkan pengoptimalan memori TPS dan KSM."
msgid ""
"If network namespace support is not present, a further limitation of the L3 "
"agent is that only a single logical router is supported."
msgstr ""
"Jika dukungan namespace jaringan tidak ada, batasan lebih lanjut dari agen "
"L3 adalah bahwa hanya satu router logis yang didukung."
msgid ""
"If new certificates are required, they can be easily created by executing:"
msgstr ""
"Jika sertifikat baru diperlukan, mereka dapat dengan mudah dibuat dengan "
"menjalankan:"
msgid ""
"If nodes that run either neutron-l3-agent or neutron-dhcp-agent use "
"overlapping IP addresses, those nodes must use Linux network namespaces. By "
"default, the DHCP and L3 agents use Linux network namespaces and run in "
"their own respective namespaces. However, if the host does not support "
"multiple namespaces, the DHCP and L3 agents should be run on separate hosts. "
"This is due to the fact that there is no isloation between the IP addresses "
"created by the L3 agent and the DHCP agent."
msgstr ""
"Jika node yang menjalankan agen neutron-l3-agent atau neutron-dhcp-agent "
"menggunakan alamat IP yang tumpang tindih, node tersebut harus menggunakan "
"namespace jaringan Linux. Secara default, agen DHCP dan L3 menggunakan "
"namespace jaringan Linux dan berjalan di namespace masing-masing. Namun, "
"jika host tidak mendukung beberapa namespace, agen DHCP dan L3 harus "
"dijalankan di host yang terpisah. Hal ini disebabkan fakta bahwa tidak ada "
"isolasi antara alamat IP yang dibuat oleh agen L3 dan agen DHCP."
msgid ""
"If prevention is not an option, detection can be used to mitigate damage. "
"Detection involves frequent review of access control logs to identify "
"unauthorized attempts to access accounts. Possible remediation would include "
"reviewing the strength of the user password, or blocking the network source "
"of the attack through firewall rules. Firewall rules on the keystone server "
"that restrict the number of connections could be used to reduce the attack "
"effectiveness, and thus dissuade the attacker."
msgstr ""
"Jika pencegahan bukan pilihan, deteksi bisa digunakan untuk mengurangi "
"kerusakan. Deteksi melibatkan tinjauan berulang terhadap log kontrol akses "
"untuk mengidentifikasi upaya yang tidak sah untuk mengakses akun. Remediasi "
"yang mungkin dilakukan mencakup meninjau kekuatan kata sandi pengguna, atau "
"memblokir sumber serangan jaringan melalui peraturan firewall. Aturan "
"firewall pada server keystone yang membatasi jumlah koneksi dapat digunakan "
"untuk mengurangi efektivitas serangan, dan dengan demikian mencegah "
"penyerang."
msgid ""
"If ssync is used instead of rsync, the object service port is used for "
"maintaining durability."
msgstr ""
"Jika ssync digunakan sebagai pengganti rsync, port layanan objek digunakan "
"untuk menjaga daya tahan."
msgid ""
"If subscribing to a public cloud service, you should check with the cloud "
"provider for an outline of the process used to produce their default images. "
"If the provider allows you to upload your own images, you will want to "
"ensure that you are able to verify that your image was not modified before "
"using it to create an instance. To do this, refer to the following section "
"on Image Signature Verification, or the following paragraph if signatures "
"cannot be used."
msgstr ""
"Jika berlangganan layanan awan publik, Anda harus memeriksa dengan penyedia "
"awan untuk garis besar (outline) proses yang digunakan untuk menghasilkan "
"image default mereka. Jika penyedia memungkinkan Anda untuk mengunggah image "
"Anda sendiri, Anda akan ingin memastikan bahwa Anda dapat memverifikasi "
"bahwa image Anda tidak dimodifikasi sebelum menggunakannya untuk membuat "
"sebuah instance. Untuk melakukan ini, lihat bagian berikut pada Image "
"Signature Verification, atau paragraf berikut jika tanda tangan tidak dapat "
"digunakan."
msgid ""
"If the OpenStack Dashboard is deployed behind a proxy and the proxy strips "
"``X-Forwarded-Proto`` header from all incoming requests, or sets the ``X-"
"Forwarded-Proto`` header and sends it to the Dashboard, but only for "
"requests that originally come in via HTTPS, then you should consider "
"configuring ``SECURE_PROXY_SSL_HEADER``"
msgstr ""
"Jika Dasbor OpenStack ditempatkan di belakang proxy dan proxy strips ``X-"
"Forwarded-Proto`` header dari semua permintaan masuk, atau setel ``X-"
"Forwarded-Proto`` header dan kirimkan ke Dashboard, tapi hanya untuk "
"permintaan yang awalnya masuk melalui HTTPS, maka Anda harus "
"mempertimbangkan untuk mengkonfigurasi ``SECURE_PROXY_SSL_HEADER``"
msgid ""
"If the OpenStack volume encryption feature is not used, then other "
"approaches generally would be more difficult to enable. If a back-end plug-"
"in is being used, there may be independent ways of doing encryption or non-"
"standard overwrite solutions. Plug-ins to OpenStack Block Storage will store "
"data in a variety of ways. Many plug-ins are specific to a vendor or "
"technology, whereas others are more DIY solutions around filesystems such as "
"LVM or ZFS. Methods to securely destroy data will vary from one plug-in to "
"another, from one vendor's solution to another, and from one filesystem to "
"another."
msgstr ""
"Jika fitur enkripsi volume OpenStack tidak digunakan, maka pendekatan lain "
"pada umumnya akan lebih sulit untuk diaktifkan. Jika plug-in back-end "
"digunakan, mungkin ada cara independen untuk melakukan solusi enkripsi atau "
"non-standar akan menimpa. Plug-in ke OpenStack Block Storage akan menyimpan "
"data dengan berbagai cara. Banyak plug-in khusus untuk vendor atau "
"teknologi, sedangkan yang lain akan lebih banyak solusi DIY seputar "
"filesystem seperti LVM atau ZFS. Metode untuk menghancurkan data dengan aman "
"akan bervariasi dari satu plug-in ke yang lain, dari satu solusi vendor ke "
"yang lain, dan dari satu sistem berkas ke file lainnya."
msgid ""
"If the maximum body size per request is not defined, the attacker can craft "
"an arbitrary OSAPI request of large size causing the service to crash and "
"finally resulting in Denial Of Service attack. Assigning the maximum value "
"ensures that any malicious oversized request gets blocked ensuring continued "
"availability of the service."
msgstr ""
"Jika ukuran tubuh maksimum per permintaan tidak ditentukan, penyerang dapat "
"menghasilkan permintaan OSAPI yang sewenang-wenang (arbitrary) dengan ukuran "
"besar menyebabkan layanan mogok dan akhirnya mengakibatkan serangan Denial "
"Of Service. Menetapkan nilai maksimum memastikan bahwa permintaan besar yang "
"berbahaya diblokir untuk memastikan ketersediaan layanan lanjutan."
msgid ""
"If the maximum body size per request is not defined, the attacker can craft "
"an arbitrary osapi request of large size causing the service to crash and "
"finally resulting in Denial Of Service attack. Assigning the maximum value "
"ensures that any malicious oversized request gets blocked ensuring continued "
"availability of the service."
msgstr ""
"Jika ukuran body maksimum per permintaan tidak ditentukan, penyerang bisa "
"menggunakan permintaan osilator yang sewenang-wenang dengan ukuran besar "
"menyebabkan layanan mogok dan akhirnya mengakibatkan serangan Denial Of "
"Service. Menetapkan nilai maksimum memastikan bahwa permintaan besar yang "
"berbahaya diblokir untuk memastikan ketersediaan layanan lanjutan."
msgid ""
"If the option of using Apache is not feasible, or for performance you wish "
"to offload your TLS work, you may employ a dedicated network device load "
"balancer. This is a common way to provide redundancy and load balancing when "
"using multiple proxy nodes."
msgstr ""
"Jika pilihan untuk menggunakan Apache tidak layak, atau untuk kinerja yang "
"Anda inginkan untuk melepaskan pekerjaan TLS Anda, Anda dapat menggunakan "
"perangkat penyeimbang beban jaringan khusus. Ini adalah cara yang umum untuk "
"memberikan redundansi dan load balancing saat menggunakan beberapa node "
"proxy."
msgid ""
"If there is a sufficient business case for keeping live migration enabled, "
"then libvirtd can provide encrypted tunnels for the live migrations. "
"However, this feature is not currently exposed in either the OpenStack "
"Dashboard or nova-client commands, and can only be accessed through manual "
"configuration of libvirtd. The live migration process then changes to the "
"following high-level steps:"
msgstr ""
"Jika ada kasus bisnis yang memadai untuk mengaktifkan migrasi aktif, "
"libvirtd dapat menyediakan terowongan (tunnel) terenkripsi untuk migrasi "
"langsung. Namun, fitur ini saat ini tidak terbuka di OpenStack Dashboard "
"atau perintah nova-client, dan hanya dapat diakses melalui konfigurasi "
"manual libvirtd. Proses migrasi langsung kemudian berubah ke langkah tingkat "
"tinggi berikut:"
msgid ""
"If using a version of Open vSwitch that supports ARP field matching, you can "
"help mitigate this risk by enabling the ``prevent_arp_spoofing`` option for "
"the Open vSwitch agent. This option prevents instances from performing spoof "
"attacks; it does not protect them from spoof attacks. Note that this setting "
"is expected to be removed in Ocata, with the behavior becoming permanently "
"active."
msgstr ""
"Jika menggunakan versi Open vSwitch yang mendukung pencocokan ARP field, "
"Anda dapat membantu mengurangi risiko ini dengan mengaktifkan opsi "
"``prevention_arp_spoofing`` untuk agen Open vSwitch. Pilihan ini mencegah "
"terjadinya serangan spoof; itu tidak melindungi mereka dari serangan spoof. "
"Perhatikan bahwa pengaturan ini diharapkan dapat dihapus di Ocata, dengan "
"perilaku menjadi aktif secara permanen."
msgid ""
"If you are running with SELinux enabled ensure that the file has the "
"appropriate SELinux context to access the linked file. For example, if you "
"have the file in ``/var/www/cgi-bin`` location, you can do this by running:"
msgstr ""
"Jika Anda menjalankan dengan SELinux diaktifkan pastikan file tersebut "
"memiliki konteks SELinux yang sesuai untuk mengakses file yang ditautkan. "
"Misalnya, jika Anda memiliki file di lokasi ``/var/www/cgi-bin``, Anda bisa "
"melakukan ini dengan menjalankan:"
msgid ""
"If you are using an HTTPS proxy in front of your web server, rather than "
"using an HTTP server with HTTPS functionality, modify the "
"``SECURE_PROXY_SSL_HEADER`` variable. Refer to the `Django documentation "
"<https://docs.djangoproject.com/>`_ for information about modifying the "
"``SECURE_PROXY_SSL_HEADER`` variable."
msgstr ""
"Jika Anda menggunakan proxy HTTPS di depan server web Anda, daripada "
"menggunakan server HTTP dengan fungsionalitas HTTPS, ubah variabel "
"``SECURE_PROXY_SSL_HEADER``. Lihat `Django documentation <https://docs."
"djangoproject.com/> `_ untuk informasi tentang memodifikasi variabel "
"``SECURE_PROXY_SSL_HEADER``."
msgid ""
"If you choose to offload your TLS, ensure that the network link between the "
"load balancer and your proxy nodes are on a private (V)LAN segment such that "
"other nodes on the network (possibly compromised) cannot wiretap (sniff) the "
"unencrypted traffic. If such a breach were to occur, the attacker could gain "
"access to end-point client or cloud administrator credentials and access the "
"cloud data."
msgstr ""
"Jika Anda memilih untuk melepaskan TLS Anda, pastikan bahwa hubungan "
"jaringan antara penyeimbang beban dan nodus proxy Anda berada pada segmen "
"private (V)LAN sehingga node lain di jaringan (kemungkinan dikompromikan) "
"tidak dapat menyadap (mengendus) lalu lintas yang tidak dienkripsi. Jika "
"pelanggaran semacam itu terjadi, penyerang bisa mendapatkan akses ke "
"kredensial klien endpoint atau kredensial administrator awan dan mengakses "
"data awan."
msgid ""
"If you do not follow this recommendation regarding second-level domains, "
"avoid a cookie-backed session store and employ HTTP Strict Transport "
"Security (HSTS). When deployed on a subdomain, the dashboard's security is "
"equivalent to the least secure application deployed on the same second-level "
"domain."
msgstr ""
"Jika Anda tidak mengikuti saran ini mengenai domain tingkat kedua, "
"hindaricookie-backed session dan gunakan HTTP Strict Transport Security "
"(HSTS). Saat ditempatkan di subdomain, keamanan dasbor setara dengan "
"aplikasi yang paling tidak aman yang diterapkan pada domain tingkat kedua "
"yang sama."
msgid ""
"If you have a firewall in place, configure it to allow TLS traffic. For "
"example:"
msgstr ""
"Jika Anda memasang firewall, konfigurasikan untuk mengizinkan lalu lintas "
"TLS. Sebagai contoh:"
msgid ""
"If you intend for your network to support more than 4094 tenants VLAN is "
"probably not the correct option for you as multiple 'hacks' are required to "
"extend the VLAN tags to more than 4094 tenants."
msgstr ""
"Jika Anda ingin jaringan Anda mendukung lebih dari 4094 penyewa VLAN mungkin "
"bukan pilihan yang tepat untuk Anda karena beberapa 'hacks' diperlukan untuk "
"memperpanjang tag VLAN ke lebih dari 4094 penyewa."
msgid ""
"If you use a web interface to interact with the :term:`BMC <BMC (Baseboard "
"Management Controller)>`/IPMI, always use the TLS interface, such as HTTPS "
"or port 443. This TLS interface should **NOT** use self-signed certificates, "
"as is often default, but should have trusted certificates using the "
"correctly defined fully qualified domain names (FQDNs)."
msgstr ""
"Jika Anda menggunakan antarmuka web untuk berinteraksi dengan :term:`BMC "
"<BMC (Baseboard Management Controller)>`/IPMI, selalu gunakan antarmuka TLS, "
"seperti HTTPS atau port 443. Antarmuka TLS ini seharusnya **NOT** "
"menggunakan sertifikat yang ditandatangani sendiri, seperti yang sering "
"default, namun harus memiliki sertifikat terpercaya dengan menggunakan nama "
"domain yang memenuhi syarat dengan benar (FQDNs)."
msgid ""
"If you use the HTTP/WSGI server for Identity, you should enable TLS on the "
"HTTP/WSGI server."
msgstr ""
"Jika Anda menggunakan server HTTP/WSGI I untuk Identity, Anda harus "
"mengaktifkan TLS di server HTTP/WSGI."
msgid ""
"If your architecture allows for shared storage and and if you have "
"configured your cache correctly, we recommend setting your "
"``SESSION_ENGINE`` to ``django.contrib.sessions.backends.cache`` and using "
"it as cache-based session backend with memcached as the cache. Memcached is "
"an efficient in-memory key-value store for chunks of data that can be used "
"in a high availability and distributed environment and is easy to configure. "
"However, you need to ensure that there is no data leakage. Memcached makes "
"use of spare RAM to store frequently accessed data blocks, acting like "
"memory cache for repeatedly accessed information. Since memcached utilizes "
"local memory, there is no overhead of database and file system usage leading "
"to direct access of data from RAM rather than from disk."
msgstr ""
"Jika arsitektur Anda mengizinkan penyimpanan bersama dan dan jika Anda telah "
"mengonfigurasi cache dengan benar, sebaiknya setel ``SESSION_ENGINE` ke "
"``django.contrib.sessions.backends.cache`` dan gunakan sebagai backend sesi "
"berbasis cache dengan Memcached sebagai cache. Memcached adalah penyimpanan "
"key-value dalam memori yang efisien untuk potongan data yang dapat digunakan "
"dalam ketersediaan tinggi dan lingkungan terdistribusi dan mudah "
"dikonfigurasi. Namun, Anda perlu memastikan bahwa tidak ada kebocoran data. "
"Memcached menggunakan RAM cadangan untuk menyimpan blok data yang sering "
"diakses, berfungsi seperti cache memori untuk informasi yang diakses "
"berulang kali. Karena memcached memanfaatkan memori lokal, tidak ada "
"overhead penggunaan sistem database dan file yang menyebabkan akses data "
"langsung dari RAM dan bukan dari disk."
msgid ""
"If your database server is configured for TLS transport, you will need to "
"specify the certificate authority information for use with the initial "
"connection string in the SQLAlchemy query."
msgstr ""
"Jika server database Anda dikonfigurasi untuk transport TLS, Anda harus "
"menentukan informasi otoritas sertifikat untuk digunakan dengan string "
"koneksi awal dalam query SQLAlchemy."
msgid ""
"If your database server is configured to require X.509 certificates for "
"authentication you will need to specify the appropriate SQLAlchemy query "
"parameters for the database back end. These parameters specify the "
"certificate, private key, and certificate authority information for use with "
"the initial connection string."
msgstr ""
"Jika server database Anda dikonfigurasi untuk meminta sertifikat X.509 untuk "
"otentikasi, Anda perlu menentukan parameter kueri SQLAlchemy yang sesuai "
"untuk database back end. Parameter ini menentukan sertifikat, private key, "
"dan informasi otoritas sertifikat untuk digunakan dengan string koneksi awal."
msgid ""
"If your deployment does not require full virtual machine backups, we "
"recommend excluding the ``/var/lib/nova/instances`` directory as it will be "
"as large as the combined space of each vm running on that node. If your "
"deployment does require full VM backups, you will need to ensure this "
"directory is backed up successfully."
msgstr ""
"Jika penggelaran Anda tidak memerlukan backup mesin virtual sepenuhnya, "
"sebaiknya tidak menyertakan direktori ``/var/lib/nova/instances`` karena "
"akan sama besarnya dengan ruang gabungan dari setiap vm yang berjalan pada "
"node tersebut. Jika penempatan Anda memerlukan backup VM penuh, Anda harus "
"memastikan agar direktori ini berhasil dicadangkan dengan sukses."
msgid ""
"If your deployment of OpenStack provides multiple external access points "
"into different security domains it is important that you limit the project's "
"ability to attach multiple vNICs to multiple external access points—this "
"would bridge these security domains and could lead to unforeseen security "
"compromise. It is possible mitigate this risk by utilizing the host "
"aggregates functionality provided by OpenStack Compute or through splitting "
"the project VMs into multiple project projects with different virtual "
"network configurations."
msgstr ""
"Jika penggelaran OpenStack Anda menyediakan beberapa jalur akses eksternal "
"ke domain keamanan yang berbeda, penting bagi Anda untuk membatasi kemampuan "
"proyek untuk menghubungkan beberapa vNIC ke beberapa access point eksternal "
"- ini akan menjembatani domain keamanan ini dan dapat menyebabkan kompromi "
"keamanan yang tak terduga. Hal ini dimungkinkan mengurangi risiko ini dengan "
"memanfaatkan fungsi agregat host yang disediakan oleh OpenStack Compute atau "
"melalui pemisahan proyek VM menjadi beberapa proyek dengan konfigurasi "
"jaringan virtual yang berbeda."
msgid "Image Storage"
msgstr "Image Storage (penyimpanan image)"
msgid "Image based filters"
msgstr "Filter berbasis image"
msgid "Image creation process"
msgstr "Proses pembuatan image"
msgid "Image service"
msgstr "Layanan Image"
msgid "Image service delay delete feature"
msgstr "Fitur penghapusan penundaan layanan Image"
msgid ""
"Image services include discovering, registering, and retrieving virtual "
"machine images. Glance has a RESTful API that allows querying of VM image "
"metadata as well as retrieval of the actual image."
msgstr ""
"Layanan Image meliputi menemukan, mendaftar, dan mengambil image mesin "
"virtual. Glance memiliki RESTful API yang memungkinkan kueri metadata mage "
"VM serta pengambilan image sebenarnya."
msgid "Image signature verification"
msgstr "Verifikasi tanda tangan (signature) image"
msgid ""
"Images come from the Image service to the Compute service on a node. This "
"transfer should be protected by running over TLS. Once the image is on the "
"node, it is verified with a basic checksum and then its disk is expanded "
"based on the size of the instance being launched. If, at a later time, the "
"same image is launched with the same instance size on this node, it is "
"launched from the same expanded image. Since this expanded image is not re-"
"verified by default before launching, it is possible that it has undergone "
"tampering. The user would not be aware of tampering, unless a manual "
"inspection of the files is performed in the resulting image."
msgstr ""
"Image berasal dari layanan Image ke layanan Compute pada sebuah simpul. "
"Transfer ini harus dilindungi dengan menjalankan lebih dari TLS. Begitu "
"image ada di simpul, maka diverifikasi dengan checksum dasar dan kemudian "
"disk diperluas berdasarkan ukuran instance yang diluncurkan. Jika, di lain "
"waktu, image yang sama diluncurkan dengan ukuran instance yang sama pada "
"simpul ini, diluncurkan dari image yang sama. Karena image yang diperluas "
"ini tidak diverifikasi ulang secara default sebelum diluncurkan, mungkin "
"saja telah mengalami gangguan. Pengguna tidak akan menyadari adanya "
"gangguan, kecuali jika dilakukan pemeriksaan manual terhadap file yang "
"dihasilkan pada image yang dihasilkan."
msgid "Implementation and operation of security controls"
msgstr "Implementasi dan pengoperasian kontrol keamanan"
msgid "Implementation standard"
msgstr "Implementation Standard (standar implementasi)"
msgid "Improves performance of network I/O on hypervisors"
msgstr "Meningkatkan kinerja jaringan I/O pada hypervisors"
msgid ""
"In *no share servers mode* the Shared File Systems service will assume that "
"the network interfaces through which any shares are exported are already "
"reachable by all tenants."
msgstr ""
"Dalam *no share servers mode* layanan Shared File Systems akan mengasumsikan "
"bahwa antarmuka jaringan dimana share yang diekspor sudah dapat dijangkau "
"oleh semua penyewa."
msgid ""
"In :ref:`share servers <share-servers-vs-no-share-servers>` back-end mode a "
"share driver creates and manages a share server for each share network. This "
"mode can be divided in two variations:"
msgstr ""
"Di :ref:`share servers <share-servers-vs-no-share-servers>` mode back-end, "
"share driver menciptakan dan mengelola share server untuk setiap jaringan "
"berbagi. Mode ini dapat dibagi dalam dua variasi:"
msgid ""
"In Newton, the QoS rule ``QosDscpMarkingRule`` was added. This rule marks "
"the Differentiated Service Code Point (DSCP) value in the type of service "
"header on IPv4 (RFC 2474) and traffic class header on IPv6 on all traffic "
"leaving a virtual machine, where the rule is applied. This is a 6-bit header "
"with 21 valid values that denote the drop priority of a packet as it crosses "
"networks should it meet congestion. It can also be used by firewalls to "
"match valid or invalid traffic against its access control list."
msgstr ""
"Di Newton, aturan QoS ``QosDscpMarkingRule`` ditambahkan. Aturan ini "
"menandai nilai Differentialated Service Code Point (DSCP) pada tipe header "
"layanan pada header IPv4 (RFC 2474) dan header kelas lalu lintas pada IPv6 "
"pada semua lalu lintas yang meninggalkan mesin virtual, tempat aturan "
"diterapkan. Ini adalah header 6-bit dengan 21 nilai valid yang menunjukkan "
"prioritas drop dari sebuah paket saat ia melintasi jaringan jika memenuhi "
"kemacetan. Ini juga dapat digunakan oleh firewall untuk mencocokkan lalu "
"lintas yang valid atau tidak benar terhadap daftar kontrol aksesnya (access "
"control list)."
msgid ""
"In OpenStack Newton release, there are four supported token types: UUID, "
"PKI, PKIZ and fernet. Since OpenStack Ocata release, there are two supported "
"token types: UUID and fernet."
msgstr ""
"Dalam rilis OpenStack Newton, ada empat tipe token yang didukung: UUID, PKI, "
"PKIZ dan fernet. Sejak rilis OpenStack Ocata, ada dua tipe token yang "
"didukung: UUID dan fernet."
msgid ""
"In ``/etc/swift``, on every node, there is a ``swift_hash_path_prefix`` "
"setting and a ``swift_hash_path_suffix`` setting. These are provided to "
"reduce the chance of hash collisions for objects being stored and avert one "
"user overwriting the data of another user."
msgstr ""
"Di ``/etc/swift``, pada setiap simpul, ada pengaturan "
"``swift_hash_path_prefix`` dan pengaturan ``swift_hash_path_suffix``. Ini "
"disediakan untuk mengurangi kemungkinan benturan hash untuk objek yang "
"disimpan dan mencegah satu pengguna menimpa data pengguna lain."
msgid "In ``my.cnf``:"
msgstr "Di ``my.cnf``:"
msgid "In ``postgresql.conf``:"
msgstr "Di ``postgresql.conf``:"
msgid ""
"In a cloud environment, users work with either pre-installed images or "
"images they upload themselves. In both cases, users should be able to ensure "
"the image they are utilizing has not been tampered with. The ability to "
"verify images is a fundamental imperative for security. A chain of trust is "
"needed from the source of the image to the destination where it's used. This "
"can be accomplished by signing images obtained from trusted sources and by "
"verifying the signature prior to use. Various ways to obtain and create "
"verified images will be discussed below, followed by a description of the "
"image signature verification feature."
msgstr ""
"Di lingkungan awan, pengguna bekerja dengan image atau image pra-instal yang "
"mereka upload sendiri. Dalam kedua kasus tersebut, pengguna harus dapat "
"memastikan image yang mereka gunakan belum dirusak. Kemampuan untuk "
"memverifikasi image adalah keharusan mendasar untuk keamanan. Sebuah rantai "
"kepercayaan dibutuhkan dari sumber image ke tempat tujuan penggunaannya. Hal "
"ini dapat dilakukan dengan menandatangani image yang diperoleh dari sumber "
"terpercaya dan dengan memverifikasi tanda tangan sebelum digunakan. Berbagai "
"cara untuk mendapatkan dan membuat image terverifikasi akan dibahas di bawah "
"ini, disusul dengan deskripsi fitur verifikasi tanda tangan image."
msgid ""
"In a typical deployment all traffic transmitted over public networks is "
"secured, but security best practice dictates that internal traffic must also "
"be secured. It is insufficient to rely on security domain separation for "
"protection. If an attacker gains access to the hypervisor or host resources, "
"compromises an API endpoint, or any other service, they must not be able to "
"easily inject or capture messages, commands, or otherwise affect the "
"management capabilities of the cloud."
msgstr ""
"Dalam penyebaran yang khas, semua lalu lintas yang dikirim melalui jaringan "
"publik dijamin, namun praktik keamanan terbaik menentukan bahwa lalu lintas "
"internal juga harus diamankan. Tidak cukup mengandalkan pemisahan domain "
"keamanan untuk perlindungan. Jika penyerang memperoleh akses ke hypervisor "
"atau sumber daya host, kompromi API endpoint, atau layanan lainnya, mereka "
"tidak boleh dapat dengan mudah menyuntikkan atau menangkap pesan, perintah, "
"atau mempengaruhi kemampuan pengelolaan awan."
msgid ""
"In addition to restricting database communications to the management "
"network, we also strongly recommend that the cloud administrator configure "
"their database back end to require TLS. Using TLS for the database client "
"connections protects the communications from tampering and eavesdropping. As "
"will be discussed in the next section, using TLS also provides the framework "
"for doing database user authentication through X.509 certificates (commonly "
"referred to as PKI). Below is guidance on how TLS is typically configured "
"for the two popular database back ends MySQL and PostgreSQL."
msgstr ""
"Selain membatasi komunikasi database ke jaringan manajemen, kami juga sangat "
"menyarankan administrator awan untuk mengkonfigurasi database mereka agar "
"memerlukan TLS. Menggunakan TLS untuk koneksi klien basis data melindungi "
"komunikasi dari gangguan dan penyadapan. Seperti yang akan dibahas pada "
"bagian selanjutnya, dengan menggunakan TLS juga menyediakan framework untuk "
"melakukan otentikasi pengguna database melalui sertifikat X.509 (biasa "
"disebut PKI). Berikut adalah panduan tentang bagaimana TLS biasanya "
"dikonfigurasi untuk dua database populer yang berakhir dengan MySQL dan "
"PostgreSQL."
msgid ""
"In addition to validating a technologies capabilities, the Common Criteria "
"process evaluates how technologies are developed."
msgstr ""
"Selain memvalidasi kemampuan teknologi, proses Common Criteria mengevaluasi "
"bagaimana teknologi dikembangkan."
msgid ""
"In addition, it is useful to examine account activity for unusual login "
"times and suspicious actions, and take corrective actions such as disabling "
"the account. Oftentimes this approach is taken by credit card providers for "
"fraud detection and alert."
msgstr ""
"Selain itu, hal itu berguna untuk memeriksa aktivitas akun untuk waktu masuk "
"yang tidak biasa dan tindakan mencurigakan, dan melakukan tindakan perbaikan "
"seperti menonaktifkan akun. Seringkali pendekatan ini diambil oleh penyedia "
"kartu kredit untuk deteksi dan kewaspadaan penipuan."
msgid "In an OpenStack deployment you will need to address the following:"
msgstr "Dalam penyebaran OpenStack Anda harus mengatasi hal berikut:"
msgid ""
"In an Openstack context, there are two types of secrets that need to be "
"managed - those that require a keystone token for access, and those that do "
"not."
msgstr ""
"Dalam konteks Openstack, ada dua jenis rahasia yang perlu dikelola - yang "
"memerlukan token keystone untuk akses, dan yang tidak."
msgid ""
"In both cases, all servers that are storing tokens need a shared back end. "
"This means either that both point to the same database server, or both point "
"to a common memcached instance."
msgstr ""
"Dalam kedua kasus tersebut, semua server yang menyimpan token memerlukan "
"back end bersama. Ini berarti keduanya menunjuk ke server database yang "
"sama, atau keduanya menunjukkan instance memcached yang umum."
msgid ""
"In cases where a security review has already been performed by a third "
"party, or where a project prefers to use a third party to perform their "
"review, information on how to take the output of that third party review and "
"submit it to the OSSP for validation will be available in the upcoming third "
"party security review process."
msgstr ""
"Dalam kasus di mana review keamanan telah dilakukan oleh pihak ketiga, atau "
"bila sebuah proyek lebih suka menggunakan pihak ketiga untuk melakukan "
"review mereka, informasi tentang bagaimana mengambil hasil dari review pihak "
"ketiga tersebut dan menyerahkannya kepada OSSP untuk validasi akan tersedia "
"dalam proses pemeriksaan keamanan pihak ketiga yang akan datang."
msgid ""
"In cases where software termination offers insufficient performance, "
"hardware accelerators may be worth exploring as an alternative option. It is "
"important to be mindful of the size of requests that will be processed by "
"any chosen TLS proxy."
msgstr ""
"Dalam kasus di mana penghentian perangkat lunak menawarkan kinerja yang "
"tidak mencukupi, akselerator perangkat keras mungkin perlu ditelusuri "
"sebagai opsi alternatif. Penting untuk memperhatikan ukuran permintaan yang "
"akan diproses oleh proxy TLS yang dipilih."
msgid ""
"In either case, the requirements for documentation artefacts are similar - "
"the project must provide an architecture diagram for a best practise "
"deployment. Vulnerability scans and static analysis scans are not sufficient "
"evidence for a third party review, although they are strongly recommended as "
"part of the development cycle for all teams."
msgstr ""
"Bagaimanapun, persyaratan untuk artefak dokumentasi serupa - proyek harus "
"menyediakan diagram arsitektur untuk penerapan praktik terbaik. Pemindaian "
"kerentanan dan analisis analisis statis bukanlah bukti yang cukup untuk "
"tinjauan pihak ketiga, walaupun mereka sangat disarankan sebagai bagian dari "
"siklus pengembangan untuk semua tim."
msgid ""
"In general, there are two different strategies for verifying the boot "
"process. Traditional *secure boot* will validate the code run at each step "
"in the process, and stop the boot if code is incorrect. *Boot attestation* "
"will record which code is run at each step, and provide this information to "
"another machine as proof that the boot process completed as expected. In "
"both cases, the first step is to measure each piece of code before it is "
"run. In this context, a measurement is effectively a SHA-1 hash of the code, "
"taken before it is executed. The hash is stored in a platform configuration "
"register (PCR) in the TPM."
msgstr ""
"Secara umum, ada dua strategi yang berbeda untuk memverifikasi proses "
"booting. *secure boot* akan memvalidasi kode yang dijalankan pada setiap "
"langkah dalam proses, dan menghentikan boot jika kode salah. *Boot "
"attestation * akan mencatat kode mana yang dijalankan pada setiap langkah, "
"dan berikan informasi ini ke mesin lain sebagai bukti bahwa proses boot "
"selesai seperti yang diharapkan. Dalam kedua kasus tersebut, langkah pertama "
"adalah mengukur setiap potongan kode sebelum dijalankan. Dalam konteks ini, "
"pengukuran secara efektif merupakan hash kode SHA-1, yang diambil sebelum "
"dijalankan. Hash disimpan dalam platform configuration register (PCR) di TPM."
msgid ""
"In most deployments this domain is considered *trusted*. However, when "
"considering an OpenStack deployment, there are many systems that bridge this "
"domain with others, potentially reducing the level of trust you can place on "
"this domain. See :ref:`Bridging_security_domains` for more information."
msgstr ""
"Dalam kebanyakan penyebaran domain ini dianggap *trusted*. Namun, ketika "
"mempertimbangkan penyebaran OpenStack, ada banyak sistem yang menjembatani "
"domain ini dengan orang lain, yang berpotensi mengurangi tingkat kepercayaan "
"yang dapat Anda tempatkan pada domain ini. Lihat :ref: "
"`Bridging_security_domains` untuk informasi lebih lanjut."
msgid ""
"In older OpenStack releases, ``lvm_type=default`` was used to signify a "
"wipe. While this method still works, ``lvm_type=default`` is not recommended "
"for setting secure delete."
msgstr ""
"Pada rilis OpenStack yang lebih lawas, ``lvm_type = default`` digunakan "
"untuk menandakan penghapusan. Meskipun metode ini masih bekerja, ``lvm_type "
"= default`` tidak disarankan untuk menyetel hapus aman."
msgid ""
"In order to create a trust between the Identity Provider and the Service "
"Provider, metadata must be exchanged. To create metadata for your Identity "
"service, run the :command:`keystone-manage` command and pipe the output to a "
"file. For example:"
msgstr ""
"Untuk menciptakan kepercayaan antara Identity Provider dan Service Provider, "
"metadata harus dipertukarkan. Untuk membuat metadata untuk layanan Identity "
"Anda, jalankan perintah :command: `keystone-manage` dan isikan output ke "
"file. Sebagai contoh:"
msgid ""
"In order to select the best supporting software, consider these factors:"
msgstr ""
"Untuk memilih perangkat lunak pendukung terbaik, pertimbangkan faktor-faktor "
"berikut:"
msgid ""
"In some cases deployers may want to consider securing a bridge to a higher "
"standard than any of the domains in which it resides. Given the above "
"example of an API endpoint, an adversary could potentially target the API "
"endpoint from the public domain, leveraging it in the hopes of compromising "
"or gaining access to the management domain."
msgstr ""
"Dalam beberapa kasus, pelaksana mungkin ingin mempertimbangkan untuk "
"mengamankan jembatan dengan standar yang lebih tinggi daripada domain mana "
"pun tempat tinggalnya. Dengan contoh API endpoint di atas, musuh berpotensi "
"menargetkan API endpoint dari domain publik, memanfaatkannya dengan harapan "
"mengorbankan atau mendapatkan akses ke domain manajemen."
msgid ""
"In some cases, it is required to explicitly specify one of the security "
"services, for example, NetApp, EMC and Windows drivers require Active "
"Directory for the creation of shares with the CIFS protocol."
msgstr ""
"Dalam beberapa kasus, diperlukan untuk menentukan secara eksplisit salah "
"satu layanan keamanan, misalnya, driver NetApp, EMC dan Windows memerlukan "
"Active Directory untuk pembuatan share dengan protokol CIFS."
msgid ""
"In some deployments it may be required to add host-based IDS on sensitive "
"components on security domain bridges. A host-based IDS may detect anomalous "
"activity by compromised or unauthorized processes on the component. The IDS "
"should transmit alert and log information on the Management network."
msgstr ""
"Dalam beberapa penerapan, mungkin diperlukan penambahan IDS berbasis host "
"pada komponen sensitif pada jembatan domain keamanan. IDS berbasis host "
"dapat mendeteksi aktivitas anomali dengan proses yang membahayakan atau "
"tidak sah pada komponen. IDS harus mengirimkan informasi waspada dan log "
"pada jaringan Management."
msgid ""
"In the *no share servers* mode a share driver does not handle storage life "
"cycle. An administrator is expected to handle the storage, network "
"interfaces, and other host configurations. In this mode an administrator can "
"set storage as a host which exports shares. The main characteristic of this "
"mode is that the storage is not handled by the Shared File Systems service. "
"Users in a tenant share common network, host, processor, and network pipe. "
"They can hinder each other if there is no correct balancing adjustment on "
"the storage configured by admin or proxy before it. In public clouds it is "
"possible that all network capacity is used by one client, so an "
"administrator should care for this not to happen. Balancing adjustment can "
"be done by any means, not necessarily with OpenStack tools."
msgstr ""
"Dalam mode *no share servers* , driver share tidak menangani siklus hidup "
"penyimpanan. Administrator diharapkan menangani penyimpanan, antarmuka "
"jaringan, dan konfigurasi host lainnya. Dalam mode ini, administrator dapat "
"mengatur penyimpanan sebagai host yang mengekspor share. Karakteristik utama "
"dari mode ini adalah penyimpanan tidak ditangani oleh layanan Shared File "
"Systems. Pengguna di jaringan penyewa berbagi jaringan umum, host, prosesor, "
"dan jaringan pipa. Mereka dapat saling menghalangi jika tidak ada "
"penyesuaian penyeimbang yang benar pada penyimpanan yang dikonfigurasi oleh "
"admin atau proxy sebelum itu. Di awan publik ada kemungkinan bahwa semua "
"kapasitas jaringan digunakan oleh satu klien, jadi administrator harus "
"memperhatikan hal ini agar tidak terjadi. Penyesuaian balancing bisa "
"dilakukan dengan cara apapun, belum tentu dengan alat OpenStack."
msgid ""
"In the United States, the National Institute of Science and Technology "
"(NIST) certifies cryptographic algorithms through a process known the "
"Cryptographic Module Validation Program. NIST certifies algorithms for "
"conformance against Federal Information Processing Standard 140-2 (FIPS "
"140-2), which ensures...:"
msgstr ""
"Di Amerika Serikat, National Institute of Science and Technology (NIST) "
"mengesahkan algoritma kriptografi melalui sebuah proses yang dikenal dengan "
"Cryptographic Module Validation Program. NIST mengesahkan algoritma untuk "
"kesesuaian terhadap Federal Information Processing Standard 140-2 (FIPS "
"140-2), yang memastikan ...:"
msgid ""
"In the ``/etc/manila/`` directory you can find several configuration files:"
msgstr ""
"Di direktori ``/etc/manila/`` Anda dapat menemukan beberapa file "
"konfigurasi:"
msgid ""
"In the beginning of this chapter we discuss the use of both physical and "
"virtual hardware by instances, the associated security risks, and some "
"recommendations for mitigating those risks. We conclude the chapter with a "
"discussion of sVirt, an open source project for integrating SELinux "
"mandatory access controls with the virtualization components."
msgstr ""
"Pada awal bab ini, kami membahas penggunaan perangkat keras fisik dan "
"virtual oleh beberapa instance, risiko keamanan terkait, dan beberapa "
"rekomendasi untuk mengurangi risiko tersebut. Kami menyimpulkan bab ini "
"dengan diskusi tentang sVirt, sebuah proyek open source untuk "
"mengintegrasikan kontrol akses wajib SELinux dengan komponen virtualisasi."
msgid ""
"In the case of an OpenStack cloud instance, we need to monitor the hardware, "
"the OpenStack services, and the cloud resource usage. The latter stems from "
"wanting to be elastic, to scale to the dynamic needs of the users."
msgstr ""
"Dalam kasus instance awan OpenStack, kita perlu memantau perangkat keras, "
"layanan OpenStack, dan penggunaan sumber daya awan. Yang terakhir ini "
"berasal dari keinginan untuk menjadi elastis, untuk disesuaikan dengan "
"kebutuhan dinamis pengguna."
msgid ""
"In the case of failure, systems should be configured to fail into a closed "
"secure state. For example, TLS certificate verification should fail closed "
"by severing the network connection if the CNAME does not match the server's "
"DNS name. Software often fails open in this situation, allowing the "
"connection to proceed without a CNAME match, which is less secure and not "
"recommended."
msgstr ""
"Jika terjadi kegagalan, sistem harus dikonfigurasi untuk gagal dalam keadaan "
"aman tertutup. Misalnya, verifikasi sertifikat TLS gagal ditutup dengan "
"memutuskan sambungan jaringan jika CNAME tidak sesuai dengan nama DNS "
"server. Perangkat lunak sering gagal terbuka dalam situasi ini, memungkinkan "
"koneksi berlanjut tanpa kecocokan CNAME, yang kurang aman dan tidak "
"disarankan."
msgid "In the file ``pg_hba.conf``:"
msgstr "Dalam file ``pg_hba.conf``:"
msgid ""
"In the initial architectural phases of designing your OpenStack Network "
"infrastructure it is important to ensure appropriate expertise is available "
"to assist with the design of the physical networking infrastructure, to "
"identify proper security controls and auditing mechanisms."
msgstr ""
"Pada tahap arsitektur awal untuk merancang infrastruktur OpenStack Network "
"Anda, penting untuk memastikan keahlian yang sesuai tersedia untuk membantu "
"perancangan infrastruktur jaringan fisik, untuk mengidentifikasi mekanisme "
"kontrol keamanan dan audit yang tepat."
msgid ""
"In the returned unscoped token, a list of Identity service groups the user "
"belongs to will be included."
msgstr ""
"Dalam token yang tidak terkunci, daftar grup layanan Identity yang menjadi "
"milik pengguna akan disertakan."
msgid ""
"In this chapter we discuss how to assess the needs of data processing users "
"with respect to their applications, the data that they use, and their "
"expected capabilities within a project. We will also demonstrate a number of "
"hardening techniques for the service controller and its clusters, and "
"provide examples of various controller configurations and user management "
"approaches to ensure an adequate level of security and privacy."
msgstr ""
"Dalam bab ini kita membahas bagaimana menilai kebutuhan pengguna pengolahan "
"data sehubungan dengan aplikasinya, data yang mereka gunakan, dan kemampuan "
"yang diharapkan dalam suatu proyek. Kami juga akan menunjukkan sejumlah "
"teknik pengerasan untuk pengendali layanan dan clusternya, dan memberikan "
"contoh berbagai konfigurasi controller dan pendekatan manajemen pengguna "
"untuk memastikan tingkat keamanan dan privasi yang memadai."
msgid ""
"In this chapter we explore these technologies and describe the situations "
"where they can be used to enhance security for instances or underlying "
"instances. We also seek to highlight where privacy concerns may exist. These "
"include data pass through, introspection, or providing a source of entropy. "
"In this section we highlight the following additional security services:"
msgstr ""
"Dalam bab ini, kita mengeksplorasi teknologi ini dan menggambarkan situasi "
"di mana mereka dapat digunakan untuk meningkatkan keamanan untuk instance "
"atau instance yang mendasarinya. Kami juga berusaha untuk menyoroti di mana "
"masalah privasi mungkin ada. Ini termasuk data yang lewat, introspeksi, atau "
"penyediaan sumber entropi. Pada bagian ini kami menyoroti layanan keamanan "
"tambahan berikut ini:"
msgid ""
"In this chapter we will call out general best practice around Compute "
"security as well as specific known configurations that can lead to security "
"issues. The ``nova.conf`` file and the ``/var/lib/nova`` locations should be "
"secured. Controls like centralized logging, the ``policy.json`` file, and a "
"mandatory access control framework should be implemented."
msgstr ""
"Dalam bab ini kita akan memanggil praktik umum terbaik seputar keamanan "
"Compute dan juga konfigurasi yang diketahui yang dapat menyebabkan masalah "
"keamanan. File ``nova.conf`` dan lokasi ``/var/lib/nova``` harus diamankan. "
"Kontrol seperti logging terpusat, file ``policy.json``, dan kerangka kontrol "
"akses wajib harus diimplementasikan."
msgid ""
"In this document, we treat community and hybrid similarly, dealing "
"explicitly only with the extremes of public and private clouds from a "
"security perspective. Your security measures depend where your deployment "
"falls upon the private public continuum."
msgstr ""
"Dalam dokumen ini, kita memperlakukan masyarakat dan hibrida dengan cara "
"yang sama, berurusan secara eksplisit hanya dengan awan publik dan awan "
"ekstrem yang ekstrem dari perspektif keamanan. Langkah keamanan Anda "
"bergantung di tempat penempatan Anda berada di atas rangkaian publik privat."
msgid ""
"In this example we introduce a scoring matrix that places vulnerabilities in "
"three categories: Privilege Escalation, Denial of Service and Information "
"Disclosure. Understanding the type of vulnerability and where it occurs in "
"your infrastructure will enable you to make reasoned response decisions."
msgstr ""
"Dalam contoh ini kami memperkenalkan matriks penilaian yang menempatkan "
"kerentanan dalam tiga kategori: rivilege Escalation, Denial of Service dan "
"Information Disclosure. Memahami jenis kerentanan dan di mana hal itu "
"terjadi di infrastruktur Anda akan memungkinkan Anda membuat keputusan "
"respons beralasan."
msgid ""
"In this mode, a driver is able to create share servers and plug them to "
"existing networks. When providing a new share server, drivers expect an IP "
"address and subnet from the Shared File Systems service."
msgstr ""
"Dalam mode ini, driver mampu membuat share server dan menyambungkannya ke "
"jaringan yang ada. Saat menyediakan server share baru, driver mengharapkan "
"alamat IP dan subnet dari layanan Shared File Systems."
msgid ""
"In this mode, a share driver is able to create share servers and plug them "
"to an existing segmented network. Share drivers expect the Shared File "
"Systems service to provide a subnet definition for every new share server. "
"This definition should include segmentation type, segmentation ID, and any "
"other info relevant to the segmentation type."
msgstr ""
"Dalam mode ini, share driver dapat membuat server berbagi dan "
"menyambungkannya ke jaringan tersegmentasi yang ada. Share driver "
"mengharapkan layanan Shared File Systems untuk menyediakan definisi subnet "
"untuk setiap server berbagi baru. Definisi ini harus mencakup tipe "
"segmentasi, ID segmentasi, dan info lainnya yang relevan dengan tipe "
"segmentasi."
msgid ""
"In this mode, drivers have basically no network requirements whatsoever. "
"It's assumed that storage controller being managed by the driver has all of "
"the network interfaces it's going to need. The Shared File Systems service "
"will expect the driver to provision shares directly without creating any "
"share server beforehand. This mode corresponds to what some existing drivers "
"are already doing, but it makes the choice explicit for the administrator. "
"In this mode, the share networks are not needed at share creation time and "
"must not be provided."
msgstr ""
"Dalam mode ini, driver pada dasarnya tidak memiliki persyaratan jaringan "
"sama sekali. Diasumsikan bahwa pengendali penyimpanan yang dikelola oleh "
"driver memiliki semua antarmuka jaringan yang dibutuhkannya. Layanan Shared "
"File Systems akan mengharapkan driver untuk menyediakan share secara "
"langsung tanpa membuat share server terlebih dahulu. Mode ini sesuai dengan "
"beberapa driver yang sudah ada, namun ini membuat pilihan eksplisit bagi "
"administrator. Dalam mode ini, jaringan share tidak diperlukan pada waktu "
"pembuatan share dan tidak boleh disediakan."
msgid ""
"In this mode, some storage controllers can create share servers but due to "
"various limitations of physical or logical network all of share servers have "
"to be on a flat network. In this mode, a share driver needs something to "
"provision IP addresses for share servers, but IPs will all come out of the "
"same subnet and that subnet itself is assumed to be reachable by all tenants."
msgstr ""
"Dalam mode ini, beberapa controller penyimpanan dapat membuat share server "
"namun karena berbagai keterbatasan jaringan fisik atau logis, semua share "
"server harus berada pada jaringan datar. Dalam mode ini, share driver "
"membutuhkan sesuatu untuk menyediakan alamat IP untuk share serveri, namun "
"semua IP keluar dari subnet yang sama dan subnet itu sendiri diasumsikan "
"dapat dijangkau oleh semua penyewa."
msgid "Incidence response"
msgstr "Respon insiden"
msgid "Independent verification and validation"
msgstr "Verifikasi dan validasi independen"
msgid "Indirect access"
msgstr "Akses tidak langsung"
msgid ""
"Industry standard security principles provide a baseline for compliance "
"certifications and attestations. If these principles are considered and "
"referenced throughout an OpenStack deployment, certification activities may "
"be simplified."
msgstr ""
"Prinsip keamanan standar industri memberikan dasar untuk sertifikasi "
"kepatuhan dan pengesahan. Jika prinsip-prinsip ini dipertimbangkan dan "
"dirujuk sepanjang penerapan OpenStack, kegiatan sertifikasi dapat "
"disederhanakan."
msgid ""
"Information Disclosure vulnerabilities reveal information about your system "
"or operations. These vulnerabilities range from debugging information "
"disclosure, to exposure of critical security data, such as authentication "
"credentials and passwords."
msgstr ""
"Kerentanan Information Disclosurei mengungkapkan informasi tentang sistem "
"atau operasi Anda. Kerentanan ini berkisar dari debugging pengungkapan "
"informasi, hingga pemaparan (exposure) data keamanan penting, seperti "
"kredensial dan kata kunci otentikasi."
msgid "Information Security Management system (ISMS)"
msgstr "Information Security Management System (ISMS)"
msgid "Information disclosure"
msgstr "Information disclosure"
msgid "Information on authentication used to connect to that interface"
msgstr ""
"Informasi tentang otentikasi yang digunakan untuk terhubung ke antarmuka itu"
msgid ""
"Information system security compliance is reliant on the completion of two "
"foundational processes:"
msgstr ""
"Kepatuhan keamanan sistem informasi bergantung pada penyelesaian dua proses "
"dasar:"
msgid "Infrastructure nodes"
msgstr "Node infrastruktur"
msgid "Initial Program Loader (IPL) code. For example, master boot record."
msgstr "Kode Initial Program Loader (IPL). Contohnya, master boot record."
msgid ""
"Initially, when creating a share network, you can set up either a network "
"and subnet of the OpenStack Networking (neutron) or a network of Legacy "
"networking (nova-network) services. The third approach is to configure the "
"networking without Legacy networking and Networking services. "
"``StandaloneNetworkPlugin`` can be used with any network platform. You can "
"set network parameters in its configuration file."
msgstr ""
"Awalnya, saat membuat jaringan berbagi, Anda dapat mengatur jaringan dan "
"subnet jaringan OpenStack (neutron) atau jaringan layanan Legacy networking "
"(nova-network). Pendekatan ketiga adalah mengkonfigurasi jaringan tanpa "
"layanan Legacy networking dan Networking. `StandaloneNetworkPlugin`` dapat "
"digunakan dengan platform jaringan apapun. Anda dapat mengatur parameter "
"jaringan pada file konfigurasinya."
msgid ""
"Inside The Shared File Systems API, a ``security_service`` is associated "
"with the ``share_networks``."
msgstr ""
"Di dalam File Systems API, sebuah ``security_service`` dikaitkan dengan "
"``share_networks``."
msgid "Install Shibboleth:"
msgstr "Memasang Shibboleth:"
msgid "Instance data is copied from the hypervisor to libvirtd."
msgstr "Instance data disalin dari hypervisor ke libvirt."
msgid "Instance memory scrubbing"
msgstr "Instance memory scrubbing"
msgid "Instance migrations"
msgstr "Migrasi instance"
msgid "Instance security management"
msgstr "Manajemen keamanan instance"
msgid ""
"Integrity Failure Impact: barbican and Workers can no longer access the "
"queue. Denial of service."
msgstr ""
"Integrity Failure Impact: barbican dan Workers tidak bisa lagi mengakses "
"antrian. Denial of service."
msgid ""
"Integrity Failure Impact: barbican will not be able to validate user "
"credentials and fail. DoS."
msgstr ""
"Integrity Failure Impact: barbican tidak akan bisa memvalidasi kredensial "
"pengguna dan gagal. DoS."
msgid "Integrity life-cycle"
msgstr "Integritas siklus hidup"
msgid "Intel TXT / SEM"
msgstr "Intel TXT / SEM"
msgid "Intel Trusted Execution Technology"
msgstr "Intel Trusted Execution Technology"
msgid ""
"Intel.com, Trusted Compute Pools with Intel Trusted Execution Technology "
"(Intel TXT). `http://www.intel.com/txt <http://www.intel.com/txt>`_"
msgstr ""
"Intel.com, Trusted Compute Pools dengan Intel Trusted Execution Technology "
"(Intel TXT). `http://www.intel.com/txt <http://www.intel.com/txt>`_"
msgid "Intelligence services"
msgstr "Intelligence services"
msgid "Intended purpose"
msgstr "Intended Purpose (tujuan yang diinginkan)"
msgid ""
"Inter-device communication is a serious security concern. Between large "
"project errors, such as Heartbleed, or more advanced attacks such as BEAST "
"and CRIME, secure methods of communication over a network are becoming more "
"important. It should be remembered, however that encryption should be "
"applied as one part of a larger security strategy. The compromise of an "
"endpoint means that an attacker no longer needs to break the encryption "
"used, but is able to view and manipulate messages as they are processed by "
"the system."
msgstr ""
"Komunikasi antar perangkat merupakan masalah keamanan yang serius. Antara "
"kesalahan proyek besar, seperti serangan Heartbleed, atau yang lebih maju "
"seperti BEAST dan CRIME, metode komunikasi yang aman melalui jaringan "
"menjadi lebih penting. Harus diingat, bagaimanapun enkripsi itu harus "
"diterapkan sebagai salah satu bagian dari strategi keamanan yang lebih "
"besar. Kompromi dari endpoint berarti bahwa penyerang tidak lagi perlu "
"memecahkan enkripsi yang digunakan, namun mampu melihat dan memanipulasi "
"pesan saat diproses oleh sistem."
msgid "Interface with the Key management service through a secure wrapper"
msgstr "Interface dengan layanan manajemen Key melalui pembungkus yang aman"
msgid "Interfaces"
msgstr "Antarmuka"
msgid "Internal API communications"
msgstr "Komunikasi API internal"
msgid "Internal audit"
msgstr "Audit internal"
msgid "Internally generated private keys for compute image bundling"
msgstr "Private key yang dibuat secara internal untuk komputasi bundling image"
msgid "Internally implemented authentication methods"
msgstr "Metode otentikasi yang diimplementasikan secara internal"
msgid ""
"Introduce privacy considerations specific to OpenStack and cloud "
"environments."
msgstr ""
"Perkenalkan pertimbangan privasi yang spesifik untuk lingkungan OpenStack "
"dan cloud."
msgid ""
"Introduced into the Linux kernel in version 2.6.32, Kernel Samepage Merging "
"(KSM) consolidates identical memory pages between Linux processes. As each "
"guest VM under the KVM hypervisor runs in its own process, KSM can be used "
"to optimize memory use between VMs."
msgstr ""
"Diperkenalkan ke dalam kernel Linux di versi 2.6.32, Kernel Samepage Merging "
"(KSM) mengkonsolidasikan halaman memori identik di antara proses Linux. "
"Karena setiap guest VM di bawah hypervisor KVM berjalan dalam prosesnya "
"sendiri, KSM dapat digunakan untuk mengoptimalkan penggunaan memori di "
"antara VM."
msgid "Introduction"
msgstr "Pengantar"
msgid "Introduction to Data processing"
msgstr "Pengantar pengolahan Data"
msgid "Introduction to OpenStack"
msgstr "Pengantar OpenStack"
msgid "Introduction to TLS and SSL"
msgstr "Pengantar TLS dan SSL"
msgid "Introduction to security services"
msgstr "Pengantar layanan keamanan"
msgid "Intrusion detection system"
msgstr "Sistem pendeteksi intrusi"
msgid "Invalid login attempts"
msgstr "Upaya login tidak valid"
msgid "Is the technology cryptographically signed before distribution?"
msgstr ""
"Apakah teknologi itu kriptografis ditandatangani sebelum distribusinya?"
msgid "Isolated migration network"
msgstr "Jaringan migrasi terisolasi"
msgid ""
"It has become industry practice to use secure shell (SSH) access for the "
"management of Linux and Unix systems. SSH uses secure cryptographic "
"primitives for communication. With the scope and importance of SSH in "
"typical OpenStack deployments, it is important to understand best practices "
"for deploying SSH."
msgstr ""
"Sudah menjadi praktik industri untuk menggunakan secure shell (SSH) akses "
"untuk pengelolaan sistem Linux dan Unix. SSH menggunakan primitif "
"kriptografi yang aman untuk komunikasi. Dengan cakupan dan pentingnya SSH "
"dalam penerapan OpenStack yang tipikal, penting untuk memahami praktik "
"terbaik untuk menerapkan SSH."
msgid ""
"It is a burden on the clients to deal with multiple tokens across multiple "
"cloud service providers. Federated Identity provides single sign on to the "
"user, who can use the credentials provided and maintained by the user's IdP "
"to access many different services on the Internet."
msgstr ""
"Ini adalah beban pada klien untuk menangani beberapa token di beberapa "
"penyedia layanan awan.Federated Identity memberikan tanda tunggal pada "
"pengguna, yang dapat menggunakan kredensial yang disediakan dan dikelola "
"oleh pengguna IdP untuk mengakses berbagai layanan di Internet."
msgid "It is also recommended the following ``Contact`` options are set."
msgstr "Juga disarankan opsi ``Contact`` berikut disetel."
msgid ""
"It is an extensible :term:`Django` web application that allows easy plug-in "
"of third-party products and services, such as billing, monitoring, and "
"additional management tools."
msgstr ""
"Ini adalah aplikasi web :term:`Django` extensible yang memungkinkan "
"kemudahan plug-in produk dan layanan pihak ketiga, seperti penagihan, "
"pemantauan, dan alat manajemen tambahan."
msgid ""
"It is assumed that the ``keystone`` service is running on port ``5000``."
msgstr "Diasumsikan bahwa layanan ``keystone`` berjalan pada port ``5000``."
msgid ""
"It is generally accepted that it is best to encrypt sensitive data as early "
"as possible and decrypt it as late as possible. Despite this best practice, "
"it seems that it's common to use a SSL/TLS proxy in front of the OpenStack "
"services and use clear communication afterwards as shown below:"
msgstr ""
"Umumnya diterima bahwa yang terbaik adalah mengenkripsi data sensitif sedini "
"mungkin dan mendekripsinya selambat mungkin. Meskipun ada praktik terbaik "
"ini, nampaknya umum menggunakan proxy SSL/TLS di depan layanan OpenStack dan "
"menggunakan komunikasi yang jelas setelahnya seperti yang ditunjukkan di "
"bawah ini:"
msgid ""
"It is highly recommended that OpenStack deployments have information similar "
"to this on record. The table can be created from information derived from a "
"CMDB or can be constructed manually."
msgstr ""
"Sangat disarankan agar pengerahan OpenStack memiliki informasi yang serupa "
"dengan catatan ini. Tabel dapat dibuat dari informasi yang berasal dari CMDB "
"atau dapat dibangun secara manual."
msgid "It is highly recommended to use HTTP Strict Transport Security (HSTS)."
msgstr ""
"Hal ini sangat dianjurkan untuk digunakan HTTP Strict Transport Security "
"(HSTS)."
msgid ""
"It is important to consider the placement of the Network IDS on the cloud "
"(for example, adding it to the network boundary and/or around sensitive "
"networks). The placement depends on your network environment but make sure "
"to monitor the impact the IDS may have on your services depending on where "
"you choose to add it. Encrypted traffic, such as TLS, cannot generally be "
"inspected for content by a Network IDS. However, the Network IDS may still "
"provide some benefit in identifying anomalous unencrypted traffic on the "
"network."
msgstr ""
"Penting untuk mempertimbangkan penempatan Network IDS di atas awan "
"(misalnya, menambahkannya ke batas jaringan dan / atau jaringan sensitif). "
"Penempatan tergantung pada lingkungan jaringan Anda namun pastikan untuk "
"memantau dampak IDS terhadap layanan Anda bergantung pada tempat Anda "
"memilih untuk menambahkannya. Lalu lintas terenkripsi, seperti TLS, biasanya "
"tidak dapat diperiksa untuk konten oleh Network IDS. Namun, Network IDS "
"masih dapat memberikan beberapa keuntungan dalam mengidentifikasi lalu "
"lintas anomali yang tidak terenkripsi pada jaringan."
msgid ""
"It is important to include backup procedures and policies in the overall "
"System Security Plan. For a good overview of OpenStack's Backup and Recovery "
"capabilities and procedures, refer to the `OpenStack Operations Guide on "
"backup and recovery <https://docs.openstack.org/openstack-ops/content/"
"backup_and_recovery.html>`__."
msgstr ""
"Penting untuk menyertakan prosedur dan kebijakan cadangan dalam keseluruhan "
"System Security Plan. Untuk gambaran umum tentang kemampuan dan prosedur "
"Backup dan Pemulihan OpenStack, lihat `OpenStack Operations Guide on backup "
"and recovery <https://docs.openstack.org/openstack-ops/content/"
"backup_and_recovery.html>`__."
msgid ""
"It is important to note that use of the Xen memory balloon feature is likely "
"to result in information disclosure. We strongly recommended to avoid use of "
"this feature."
msgstr ""
"Penting untuk dicatat bahwa penggunaan fitur balon memori Xen cenderung "
"menghasilkan keterbukaan informasi. Kami sangat disarankan untuk menghindari "
"penggunaan fitur ini."
msgid ""
"It is important to protect the cloud deployment from being configured or "
"manipulated by malicious entities. With many systems in a cloud employing "
"compute and networking virtualization, there are distinct challenges "
"applicable to OpenStack which must be addressed through integrity lifecycle "
"management."
msgstr ""
"Penting untuk melindungi pengerahan awan agar tidak dikonfigurasi atau "
"dimanipulasi oleh entitas jahat. Dengan banyak sistem di awan yang "
"menggunakan komputasi dan virtualisasi jaringan, ada tantangan yang berbeda "
"yang berlaku untuk OpenStack yang harus ditangani melalui manajemen siklus "
"hidup integritas."
msgid ""
"It is important to recognize the difference between using Linux Containers "
"(LXC) or bare metal systems versus using a hypervisor like KVM. "
"Specifically, the focus of this security guide is largely based on having a "
"hypervisor and virtualization platform. However, should your implementation "
"require the use of a baremetal or LXC environment, you must pay attention to "
"the particular differences in regard to deployment of that environment."
msgstr ""
"Penting untuk mengenali perbedaan antara penggunaan Linux Containers (LXC) "
"atau sistem baremetal versus menggunakan hypervisor seperti KVM. Secara "
"khusus, fokus panduan keamanan ini sebagian besar didasarkan pada platform "
"hypervisor dan virtualisasi. Namun, jika penerapan Anda memerlukan "
"penggunaan lingkungan baremetal atau LXC, Anda harus memperhatikan perbedaan "
"tertentu sehubungan dengan penyebaran lingkungan itu."
msgid ""
"It is important to review the default networking resource policy, as this "
"policy can be modified to suit your security posture."
msgstr ""
"Penting untuk meninjau ulang kebijakan sumber daya jaringan default, karena "
"kebijakan ini dapat diubah agar sesuai dengan postur keamanan Anda."
msgid ""
"It is important to take proactive steps to harden QEMU. We recommend three "
"specific steps:"
msgstr ""
"Penting untuk mengambil langkah proaktif untuk mengeras QEMU. Kami "
"merekomendasikan tiga langkah spesifik:"
msgid ""
"It is important to understand that object storage differs from traditional "
"file system storage. Object storage is best used for static data such as "
"media files (MP3s, images, or videos), virtual machine images, and backup "
"files."
msgstr ""
"Penting untuk dipahami bahwa penyimpanan objek berbeda dari penyimpanan "
"sistem file tradisional. Penyimpanan objek paling baik digunakan untuk data "
"statis seperti file media (MP3, image, atau video), image mesin virtual, dan "
"file cadangan."
msgid ""
"It is key that the operator carefully plans and considers the individual "
"performance needs of users and services within their OpenStack cloud when "
"configuring and implementing any rate limiting functionality."
msgstr ""
"Adalah kunci bahwa operator dengan hati-hati merencanakan dan "
"mempertimbangkan kebutuhan kinerja individual pengguna dan layanan di dalam "
"awan OpenStack mereka saat mengkonfigurasi dan menerapkan fungsi rate "
"limiting."
msgid ""
"It is necessary for administrators to perform command and control over the "
"cloud for various operational functions. It is important these command and "
"control facilities are understood and secured."
msgstr ""
"Hal ini diperlukan agar administrator melakukan komando dan kontrol atas "
"awan untuk berbagai fungsi operasional. Penting agar fasilitas komando dan "
"kontrol ini dipahami dan dijamin."
msgid ""
"It is now possible (though there are numerous deployment/security "
"implications) to upload an image file directly from a user's hard disk to "
"OpenStack Image service through the dashboard. For multi-gigabyte images it "
"is still strongly recommended that the upload be done using the ``glance`` "
"CLI."
msgstr ""
"Sekarang mungkin (meskipun ada banyak penerapan / implikasi keamanan) untuk "
"mengunggah file image langsung dari hard disk pengguna ke layanan OpenStack "
"Image melalui dasbor. Untuk image multi-gigabyte masih sangat disarankan "
"agar upload dilakukan dengan menggunakan CLI ``glance`."
msgid ""
"It is our recommendation to leverage per tenant L3 routing and Floating IPs "
"for more granular connectivity of tenant VMs."
msgstr ""
"Ini adalah rekomendasi kami untuk memanfaatkan per tenant L3 routing dan "
"Floating IP untuk konektivitas granular tenant VM yang lebih terperinci."
msgid ""
"It is possible to have separate drivers for different modes use the same "
"hardware, if you want to have different configurations. Depending on which "
"mode is chosen, an administrator may need to provide more configuration "
"details through the configuration file."
msgstr ""
"Hal ini dimungkinkan untuk memiliki driver terpisah untuk mode yang berbeda "
"menggunakan perangkat keras yang sama, jika Anda ingin memiliki konfigurasi "
"yang berbeda. Bergantung pada mode mana yang dipilih, administrator mungkin "
"perlu memberikan rincian konfigurasi lebih banyak melalui file konfigurasi."
msgid ""
"It is recommended that the OpenStack cloud architect consider using separate "
"PKI deployments for internal systems and customer facing services. This "
"allows the cloud deployer to maintain control of their PKI infrastructure "
"and among other things makes requesting, signing and deploying certificates "
"for internal systems easier. Advanced configurations may use separate PKI "
"deployments for different security domains. This allows deployers to "
"maintain cryptographic separation of environments, ensuring that "
"certificates issued to one are not recognized by another."
msgstr ""
"Dianjurkan agar arsitek awan OpenStack mempertimbangkan untuk menggunakan "
"penerapan PKI terpisah untuk sistem internal dan layanan yang dihadapi "
"pelanggan. Hal ini memungkinkan deployer awan untuk mengendalikan "
"infrastruktur PKI mereka dan antara lain membuat permintaan, penandatanganan "
"dan penggelaran sertifikat untuk sistem internal menjadi lebih mudah. "
"Konfigurasi lanjutan dapat menggunakan penerapan PKI yang terpisah untuk "
"domain keamanan yang berbeda. Hal ini memungkinkan deployer untuk menjaga "
"pemisahan kriptografi lingkungan, memastikan bahwa sertifikat yang "
"dikeluarkan untuk satu tidak dikenali pihak lain."
msgid ""
"It is recommended that the following ``Organization`` configuration options "
"be setup."
msgstr ""
"Disarankan agar opsi konfigurasi `` Organization`` yang lain disiapkan."
msgid ""
"It is recommended that you configure the Shared File Systems service to run "
"under a non-root service account, and change file permissions so that only "
"the system administrator can modify them. The Shared File Systems service "
"expects that only administrators can write to configuration files and "
"services can only read them through their group membership in ``manila`` "
"group. Others must not be able to read these files because the files contain "
"admin passwords for different services."
msgstr ""
"Disarankan agar Anda mengkonfigurasi layanan Shared File Systems agar "
"berjalan di bawah akun layanan non-root, dan mengubah perizinan file "
"sehingga hanya administrator sistem yang dapat memodifikasinya. Layanan "
"Shared File Systems mengharapkan bahwa hanya administrator yang dapat "
"menulis ke file konfigurasi dan layanan hanya dapat membacanya melalui "
"keanggotaan grup mereka di grup ``manila``. Yang lain tidak boleh bisa "
"membaca file ini karena file tersebut mengandung kata sandi admin untuk "
"berbagai layanan."
msgid ""
"It is recommended that you follow the guidelines provided in :ref:`database-"
"authentication-and-access-control` for all components which require direct "
"DB connections."
msgstr ""
"Disarankan agar Anda mengikuti panduan yang diberikan di :ref:`database-"
"authentication-and-access-control` untuk semua komponen yang memerlukan "
"koneksi DB langsung."
msgid ""
"It is recommended that you follow the guidelines provided in :ref:`queue-"
"authentication-and-access-control` for all components which require RPC "
"communication."
msgstr ""
"Disarankan agar Anda mengikuti panduan yang diberikan di :ref:`queue-"
"authentication-and-access-control` untuk semua komponen yang memerlukan "
"komunikasi RPC."
msgid ""
"It is recommended to avoid the manual image building process as it is "
"complex and prone to error. Additionally, using an automated system like Oz "
"for image building or a configuration management utility like Chef or Puppet "
"for post-boot image hardening gives you the ability to produce a consistent "
"image as well as track compliance of your base image to its respective "
"hardening guidelines over time."
msgstr ""
"Dianjurkan untuk menghindari proses pembuatan image manual karena kompleks "
"dan rentan terhadap kesalahan. Selain itu, dengan menggunakan sistem "
"otomatis seperti Oz untuk pembuatan image atau utilitas pengelolaan "
"konfigurasi seperti Chef atau Puppet untuk pengerasan image post-boot "
"memberi Anda kemampuan untuk menghasilkan image yang konsisten serta melacak "
"kepatuhan image dasar Anda untuk masing-masing panduan pengerasan dari waktu "
"ke waktu."
msgid ""
"It should be noted that with this type of implementation sensitive access "
"tokens will be stored in the browser and will be transmitted with each "
"request made. The back end ensures the integrity of session data, even "
"though the transmitted data is only encrypted by HTTPS."
msgstr ""
"Perlu dicatat bahwa dengan jenis pelaksanaan ini token akses yang sensitif "
"akan disimpan di browser dan akan dikirimkan dengan setiap permintaan yang "
"dilakukan. Back end memastikan integritas data sesi, meskipun data yang "
"dikirim hanya dienkripsi oleh HTTPS."
msgid "KMIP plugin"
msgstr "Plugin KMIP"
msgid "KVM"
msgstr "KVM"
msgid "KVM Kernel Samepage Merging"
msgstr "KVM Kernel Samepage Merging"
msgid ""
"KVM-based virtual machine instances are labelled with their own SELinux data "
"type, known as ``svirt_image_t``. Kernel level protections prevent "
"unauthorized system processes, such as malware, from manipulating the "
"virtual machine image files on disk. When virtual machines are powered off, "
"images are stored as ``svirt_image_t`` as shown below:"
msgstr ""
"Instance mesin virtual berbasis KVM diberi label dengan tipe data SELinux "
"mereka sendiri, yang dikenal sebagai ``svirt_image_t``. Perlindungan tingkat "
"kernel mencegah proses sistem yang tidak sah, seperti perangkat lunak "
"perusak, dari memanipulasi file image mesin virtual pada disk. Saat mesin "
"virtual dimatikan, image disimpan sebagai ``svirt_image_t`` seperti di bawah "
"ini:"
msgid "KVM:"
msgstr "KVM:"
msgid ""
"KVM: Kernal-based Virtual Machine. Kernal Samepage Merging. 2010. `http://"
"www.linux-kvm.org/page/KSM <http://www.linux-kvm.org/page/KSM>`_"
msgstr ""
"KVM: Kernal-based Virtual Machine. Kernal Samepage Merging. 2010. `http://"
"www.linux-kvm.org/page/KSM <http://www.linux-kvm.org/page/KSM>`_"
msgid ""
"Keith Basil is a Principal Product Manager for Red Hat OpenStack and is "
"focused on Red Hat's OpenStack product management, development and strategy. "
"Within the US public sector, Basil brings previous experience from the "
"design of an authorized, secure, high-performance cloud architecture for "
"Federal civilian agencies and contractors."
msgstr ""
"Keith Basil adalah Principal Product Manager untuk Red Hat OpenStack dan "
"berfokus pada pengelolaan, pengembangan dan strategi produk di Red Hat. Di "
"sektor publik AS, Basil membawa pengalaman sebelumnya dari disain arsitektur "
"awan yang berwenang (authorized), aman, berkinerja tinggi untuk agen sipil "
"Federal dan kontraktor."
msgid "Kerberos"
msgstr "Kerberos"
msgid ""
"Kernel.org, CGroups. 2004. `https://www.kernel.org/doc/Documentation/cgroup-"
"v1/cgroups.txt <https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups."
"txt>`_"
msgstr ""
"Kernel.org, CGroups. 2004. `https://www.kernel.org/doc/Documentation/cgroup-"
"v1/cgroups.txt <https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups."
"txt>`_"
msgid "Key length"
msgstr "Key Length (panjang kunci)"
msgid "Key management"
msgstr "Manajemen kunci"
msgid ""
"Key management service will support data isolation by providing ephemeral "
"disk encryption keys on a per-tenant basis"
msgstr ""
"Layanan manajemen Key akan mendukung isolasi data dengan menyediakan kunci "
"enkripsi disk sesaat pada basis per-penyewa"
msgid "Keystone"
msgstr "Keystone"
msgid ""
"Keystone is the commonly used Identity provider in OpenStack. It may also be "
"used for authentication in Object Storage. Coverage of securing keystone is "
"already provided in :doc:`identity`."
msgstr ""
"Keystone adalah penyedia Identitas yang umum digunakan di OpenStack. Ini "
"juga bisa digunakan untuk otentikasi di Object Storage. Cakupan pengamanan "
"keystone i sudah tersedia di :doc:`identity`."
msgid ""
"Knowing information about organizational assets is typically a best "
"practice. An assets table can assist with validating security requirements "
"and help to maintain standard security components such as firewall "
"configuration, service port conflicts, security remediation areas, and "
"compliance. Additionally, the table can help to understand the relationship "
"between OpenStack components. The table might include:"
msgstr ""
"Mengetahui informasi tentang aset organisasi biasanya merupakan praktik "
"terbaik. Tabel aset dapat membantu memvalidasi persyaratan keamanan dan "
"membantu menjaga komponen keamanan standar seperti konfigurasi firewall, "
"konflik port servis, area remediasi keamanan, dan kepatuhan. Selain itu, "
"tabel dapat membantu untuk memahami hubungan antara komponen OpenStack. "
"Table termasuk:"
msgid "L2 isolation using VLANs and tunneling"
msgstr "Isolasi L2 menggunakan VLAN dan tunneling"
msgid "L2 tunneling"
msgstr "L2 tunneling"
msgid "L3 agent (*neutron-l3-agent*)"
msgstr "Agen L3 (*neutron-l3-agent*)"
msgid "L3 routing and NAT"
msgstr "L3 routing dan NAT"
msgid "L=1024, N=160 bits"
msgstr "L=1024, N=160 bits"
msgid "LDAP"
msgstr "LDAP"
msgid ""
"LDAP simplifies integration of Identity authentication into an "
"organization's existing directory service and user account management "
"processes."
msgstr ""
"LDAP menyederhanakan integrasi otentikasi Identitas ke dalam layanan "
"direktori dan proses pengelolaan akun perusahaan yang ada."
msgid "Labels and categories"
msgstr "Label dan kategori"
msgid ""
"Lastly, if a scoped token and a Service Provider region are presented to "
"keystone, the result will be a full SAML Assertion, signed by the IdP "
"keystone, specifically intended for the Service Provider keystone."
msgstr ""
"Terakhir, jika token scoped dan wilayah Service Provider disajikan ke "
"keystone, hasilnya akan menjadi pernyataan lengkap SAML, yang ditandatangani "
"oleh IdP keystone, yang khusus ditujukan untuk Service Provider keystone."
msgid ""
"Later in the guide, we focus generically on the virtualization stack as it "
"relates to hypervisors."
msgstr ""
"Kemudian dalam panduan ini, kami fokus secara umum pada tumpukan "
"virtualisasi yang berkaitan dengan hypervisor."
msgid "Layered defenses"
msgstr "Pertahanan Berlapis"
msgid ""
"Learn more about how to contribute to the OpenStack docs, see the `OpenStack "
"Documentation Contributor Guide <https://docs.openstack.org/doc-contrib-"
"guide/index.html>`__."
msgstr ""
"Pelajari lebih lanjut tentang bagaimana berkontribusi pada dokumen "
"OpenStack, lihat `OpenStack Documentation Contributor Guide <https://docs."
"openstack.org/doc-contrib-guide/index.html>`__."
msgid "Least privilege"
msgstr "Hak istimewa yang paling sedikit"
msgid ""
"Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) "
"vulnerability, so the OpenStack dashboard provides an option "
"``DISALLOW_IFRAME_EMBED`` that allows extra security hardening where iframes "
"are not used in deployment."
msgstr ""
"Browser lawas masih rentan terhadap kerentanan Cross-Frame Scripting (XFS), "
"jadi dasbor OpenStack memberikan opsi ``DISALLOW_IFRAME_EMBED`` yang "
"memungkinkan pengerasan keamanan ekstra dimana iframe tidak digunakan dalam "
"penempatan."
msgid ""
"Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) "
"vulnerability, so this option allows extra security hardening where iframes "
"are not used in deployment."
msgstr ""
"Browser lawas masih rentan terhadap kerentanan Cross-Frame Scripting (XFS), "
"jadi opsi ini memungkinkan pengerasan keamanan ekstra jika iframe tidak "
"digunakan dalam penerapan."
msgid ""
"Likewise, encrypted data will remain encrypted as it is transferred over the "
"network."
msgstr ""
"Demikian juga, data terenkripsi akan tetap dienkripsi saat ditransfer "
"melalui jaringan."
msgid "Limitations"
msgstr "Keterbatasan"
msgid ""
"List domains a federated user can access: ``GET /OS-FEDERATION/domains``"
msgstr ""
"Daftar domain dimana dapat diakses pengguna federasi: ``GET /OS-FEDERATION/"
"domains``"
msgid ""
"List projects a federated user can access: ``GET /OS-FEDERATION/projects``"
msgstr ""
"Daftar proyek dimana pengguna federasi dapat mengakses: ``GET /OS-FEDERATION/"
"projects``"
msgid ""
"List resources relevant to the project, such as wiki pages describing its "
"deployment and usage, and links to code repositories and relevant "
"presentations."
msgstr ""
"Buat daftar sumber daya yang relevan dengan proyek, seperti halaman wiki "
"yang menjelaskan penyebaran dan penggunaannya, dan tautkan ke repositori "
"kode dan presentasi yang relevan."
msgid "Live migration mitigations"
msgstr "Keterbatasan migrasi langsung"
msgid "Live migration risks"
msgstr "Resiko migrasi langsung (live). "
msgid "Load balancer"
msgstr "Load balancer (penyeimbang beban)"
msgid "Load balancing"
msgstr "Penyeimbang beban (load balancing)"
msgid "Logging"
msgstr "Logging"
msgid "Logging capability"
msgstr "Kemampuan logging"
msgid ""
"Logs are not only valuable for proactive security and continuous compliance "
"activities, but they are also a valuable information source for "
"investigating and responding to incidents."
msgstr ""
"Log tidak hanya bermanfaat untuk keamanan proaktif dan aktivitas kepatuhan "
"yang berkelanjutan, namun juga merupakan sumber informasi yang berharga "
"untuk menyelidiki dan merespons insiden."
msgid "Low"
msgstr "Low"
msgid "Lower impact"
msgstr "Dampak lebih rendah"
msgid "MAC Policy"
msgstr "MAC Policy"
msgid ""
"MD5 is a weak and depreciated hashing algorithm. It can be cracked using "
"brute force attack. Identity tokens are sensitive and need to be protected "
"with a stronger hashing algorithm to prevent unauthorized disclosure and "
"subsequent access."
msgstr ""
"MD5 adalah algoritma hashing yang lemah dan terdepresiasi. Bisa retak "
"menggunakan serangan brute force. Token identitas sensitif dan perlu "
"dilindungi dengan algoritma hashing yang lebih kuat untuk mencegah "
"pengungkapan yang tidak sah dan akses berikutnya."
msgid "MGMT"
msgstr "MGMT"
msgid "MGMT, GUEST, and PUBLIC as configured"
msgstr "MGMT, GUEST, and PUBLIC as configured"
msgid "Machine snapshots"
msgstr "Snapshot mesin"
msgid "Magnum"
msgstr "Magnum"
msgid ""
"Maintain good records from your internal audit. These will prove useful "
"during the external audit so you can be prepared to answer questions about "
"mapping the compliance controls to a particular deployment."
msgstr ""
"Pertahankan catatan bagus dari audit internal Anda. Ini akan terbukti "
"berguna selama audit eksternal sehingga Anda dapat siap untuk menjawab "
"pertanyaan tentang pemetaan kontrol kepatuhan terhadap penerapan tertentu."
msgid ""
"Make sure you use either the SQL or the ``memcached`` driver for tokens, "
"otherwise the tokens will not be shared between the processes of the Apache "
"HTTPD server."
msgstr ""
"Pastikan Anda menggunakan driver SQL atau ``memcached`` untuk token, jika "
"tidak, token tidak akan dibagi antara proses server HTTPD Apache."
msgid ""
"Malini Bhandaru is a security architect at Intel. She has a varied "
"background, having worked on platform power and performance at Intel, speech "
"products at Nuance, remote monitoring and management at ComBrio, and web "
"commerce at Verizon. She has a Ph.D. in Artificial Intelligence from the "
"University of Massachusetts, Amherst."
msgstr ""
"Malini Bhandaru adalah seorang arsitek keamanan di Intel. Dia memiliki latar "
"belakang yang bervariasi, setelah mengerjakan kekuatan dan kinerja platform "
"di Intel, produk ucapan (speech) di Nuance, pemantauan jarak jauh dan "
"manajemen di ComBrio, dan perdagangan web di Verizon. Dia memiliki gelar Ph."
"D. dalam Artificial Intelligence dari University of Massachusetts, Amherst."
msgid "Management"
msgstr "Management"
msgid "Management interfaces"
msgstr "Antarmuka manajemen"
msgid "Management network"
msgstr "Jaringan manajemen"
msgid "Management utilities"
msgstr "Utilitas manajemen"
msgid "Mandatory Access Control"
msgstr "Mandatory Access Control"
msgid "Mandatory Access Control (MAC)"
msgstr "Mandatory Access Control (MAC)"
msgid ""
"Mandatory Access Control (MAC) restricts access to objects based on labels "
"assigned to subjects and objects. Sensitivity labels are automatically "
"attached to processes and objects. The access control policy enforced using "
"these labels is derived from the :term:`Bell-LaPadula model`. SELinux "
"categories are attached to virtual machines and its resources. The access "
"control policy enforced using these categories grant virtual machines access "
"to resources if the category of the virtual machine is identical to the "
"category of the accessed resource. The TOE implements non-hierarchical "
"categories to control access to virtual machines."
msgstr ""
"Mandatory Access Control (MAC) membatasi akses ke objek berdasarkan label "
"yang ditetapkan untuk subjek dan objek. Label sensitivitas secara otomatis "
"melekat pada proses dan objek. Kebijakan kontrol akses yang diberlakukan "
"dengan menggunakan label ini berasal dari :term:`Bell-LaPadula model`. "
"Kategori SELinux dilekatkan pada mesin virtual dan sumber dayanya. Kebijakan "
"kontrol akses yang diberlakukan dengan menggunakan kategori ini memberi "
"akses mesin virtual ke sumber daya jika kategori mesin virtual identik "
"dengan kategori sumber daya yang diakses. TOE menerapkan kategori non-"
"hierarkis untuk mengendalikan akses ke mesin virtual."
msgid "Mandatory access controls"
msgstr "Kontrol akses wajib (Mandatory Access Control)"
msgid ""
"Mandatory access controls affect all users on the system, including root, "
"and it is the kernel's job to review the activity against the current "
"security policy. If the activity isn't within the allowed policy, it is "
"blocked, even for the root user. Review the discussion on sVirt, SELinux, "
"and AppArmor below for more details."
msgstr ""
"Kontrol akses wajib mempengaruhi semua pengguna di sistem, termasuk root, "
"dan ini adalah tugas kernel untuk meninjau aktivitas terhadap kebijakan "
"keamanan saat ini. Jika aktivitas tidak sesuai dengan kebijakan yang "
"diijinkan, maka hal itu diblokir, bahkan untuk pengguna root. Tinjaulah "
"diskusi di sVirt, SELinux, dan AppArmor di bawah ini untuk lebih jelasnya."
msgid ""
"Many hypervisors offer a functionality known as PCI passthrough. This allows "
"an instance to have direct access to a piece of hardware on the node. For "
"example, this could be used to allow instances to access video cards or GPUs "
"offering the compute unified device architecture (CUDA) for high performance "
"computation. This feature carries two types of security risks: direct memory "
"access and hardware infection."
msgstr ""
"Banyak hypervisor menawarkan fungsionalitas yang dikenal sebagai passthrough "
"PCI. Hal ini memungkinkan sebuah instance untuk memiliki akses langsung ke "
"perangkat keras pada node. Misalnya, ini bisa digunakan untuk mengizinkan "
"instance mengakses kartu video atau GPU yang menawarkan compute unified "
"device architecture (CUDA) untuk perhitungan kinerja tinggi. Fitur ini "
"membawa dua jenis risiko keamanan: akses memori langsung dan infeksi "
"perangkat keras."
msgid ""
"Many hypervisors use memory optimization techniques to overcommit memory to "
"guest virtual machines. This is a useful feature that allows you to deploy "
"very dense compute clusters. One way to achieve this is through de-"
"duplication or sharing of memory pages. When two virtual machines have "
"identical data in memory, there are advantages to having them reference the "
"same memory."
msgstr ""
"Banyak hypervisor menggunakan teknik pengoptimalan memori untuk overcommit "
"memory ke mesin virtual guest. Ini adalah fitur berguna yang memungkinkan "
"Anda untuk menggunakan cluster komputasi yang sangat padat. Salah satu cara "
"untuk mencapainya adalah melalui de-duplicatio atau pembagian halaman "
"memori. Ketika dua mesin virtual memiliki data yang sama dalam memori, ada "
"keuntungan untuk meminta mereka untuk merujuk memori yang sama."
msgid ""
"Many modern Linux distributions already build QEMU with compiler hardening "
"enabled, we recommend verifying your existing executable before proceeding. "
"One tool that can assist you with this verification is called `checksec.sh "
"<http://www.trapkit.de/tools/checksec.html>`_"
msgstr ""
"Banyak distribusi Linux modern yang sudah membangun QEMU dengan pengerasan "
"kompilator, kami sarankan untuk memverifikasi executable yang ada sebelum "
"melanjutkan. Salah satu alat yang dapat membantu Anda dengan verifikasi ini "
"disebut `checksec.sh <http://www.trapkit.de/tools/checksec.html>`_"
msgid ""
"Many operating systems now provide compartmentalization support. Linux "
"supports namespaces to assign processes into independent domains. Other "
"parts of this guide cover system compartmentalization in more detail."
msgstr ""
"Banyak sistem operasi sekarang menyediakan dukungan kompartementalisasi. "
"Linux mendukung namespace untuk menetapkan proses ke dalam domain "
"independen. Bagian lain dari panduan ini mencakup kompartementalisasi sistem "
"secara lebih rinci."
msgid ""
"Many organizations have an established Public Key Infrastructure with their "
"own Certification Authority (CA), certificate policies, and management for "
"which they should use to issue certificates for internal OpenStack users or "
"services. Organizations in which the public security domain is Internet "
"facing will additionally need certificates signed by a widely recognized "
"public CA. For cryptographic communications over the management network, it "
"is recommended one not use a public CA. Instead, we expect and recommend "
"most deployments deploy their own internal CA."
msgstr ""
"Banyak organisasi memiliki Public Key Infrastructure yang mapan dengan "
"Certification Authority (CA) mereka sendiri, kebijakan sertifikat, dan "
"manajemen yang harus mereka gunakan untuk menerbitkan sertifikat untuk "
"pengguna atau layanan OpenStack internal. Organisasi di mana domain keamanan "
"publik yang dihadapi Internet juga memerlukan sertifikat yang ditandatangani "
"oleh CA publik yang diakui secara luas. Untuk komunikasi kriptografi melalui "
"jaringan manajemen, disarankan agar tidak menggunakan CA publik. Sebagai "
"gantinya, kami mengharapkan dan merekomendasikan sebagian besar penerapan "
"menggunakan CA internal mereka sendiri."
msgid ""
"Many organizations typically deploy web applications at subdomains of an "
"overarching organization domain. It is natural for users to expect a domain "
"of the form ``openstack.example.org``. In this context, there are often "
"applications which are deployed in the same second-level namespace. This "
"name structure is convenient and simplifies name server maintenance."
msgstr ""
"Banyak organisasi biasanya menyebarkan aplikasi web di subdomain dari domain "
"organisasi yang melindunginya (overarching). Adalah wajar bagi pengguna "
"untuk mengharapkan sebuah domain dengan bentuk ``openstack.example.org``. "
"Dalam konteks ini, sering ada aplikasi yang digunakan dalam namespace second-"
"level yang sama. Struktur nama ini nyaman dan menyederhanakan pemeliharaan "
"server nama."
msgid ""
"Many times interesting events trigger an alert which is sent to a responder "
"for action. Frequently this alert takes the form of an email with the "
"messages of interest. An interesting event could be a significant failure, "
"or known health indicator of a pending failure. Two common utilities for "
"managing alerts are `Nagios <https://www.nagios.org>`_ and `Zabbix <https://"
"www.zabbix.com/>`_."
msgstr ""
"Sering kali peristiwa menarik memicu peringatan yang dikirim ke penjawab "
"untuk bertindak. Seringkali lansiran ini berbentuk email dengan pesan "
"menarik. Peristiwa yang menarik bisa berupa kegagalan yang signifikan, atau "
"indikator kesehatan yang diketahui tentang kegagalan yang tertunda. Dua "
"utilitas umum untuk mengelola peringatan adalah `Nagios <https://www.nagios."
"org>`_ dan `Zabbix <https://www.zabbix.com/>`_."
msgid ""
"MapR Technologies, Apache Hadoop for the MapR Converged Data Platform. 2016. "
"`MapR project <https://www.mapr.com/products/mapr-distribution-including-"
"apache-hadoop>`__"
msgstr ""
"MapR Technologies, Apache Hadoop for the MapR Converged Data Platform. 2016. "
"`MapR project <https://www.mapr.com/products/mapr-distribution-including-"
"apache-hadoop>`__"
msgid "Mapping"
msgstr "Pemetaan"
msgid "Medium"
msgstr "Medium"
msgid "Medium / low"
msgstr "Medium / low"
msgid "Message Digest"
msgstr "Message Digest"
msgid "Message queue process isolation and policy"
msgstr "Isolasi proses antrian pesan dan kebijakan"
msgid ""
"Message queue service processes should be isolated from each other and other "
"processes on a machine."
msgstr ""
"Proses pelayanan antrian pesan harus diisolasi satu sama lain dan proses "
"lainnya pada mesin."
msgid ""
"Message queues effectively facilitate command and control functions across "
"OpenStack deployments. Once access to the queue is permitted, no further "
"authorization checks are performed. Services accessible through the queue do "
"validate the contexts and tokens within the actual message payload. However, "
"you must note the expiration date of the token because tokens are "
"potentially re-playable and can authorize other services in the "
"infrastructure."
msgstr ""
"Antrian pesan secara efektif memfasilitasi fungsi perintah dan kontrol di "
"seluruh penerapan OpenStack. Setelah akses ke antrian diizinkan, tidak ada "
"pemeriksaan otorisasi lebih lanjut yang dilakukan. Layanan yang dapat "
"diakses melalui antrian memvalidasi konteks dan token di dalam muatan pesan "
"aktual. Namun, Anda harus mencatat tanggal kedaluwarsa token karena token "
"berpotensi dimainkan ulang dan dapat memberi otorisasi pada layanan lain di "
"infrastruktur."
msgid "Message queuing"
msgstr "Antrian pesan"
msgid ""
"Message queuing services facilitate inter-process communication in "
"OpenStack. OpenStack supports these message queuing service back ends:"
msgstr ""
"Layanan antrian pesan memudahkan komunikasi antar proses di OpenStack. "
"OpenStack mendukung layanan antrian pesan ini kembali:"
msgid ""
"Messaging is used for internal communication between several OpenStack "
"services. By default, OpenStack uses message queues based on the :term:`AMQP "
"<Advanced Message Queuing Protocol (AMQP)>`. Like most OpenStack services, "
"AMQP supports pluggable components. Today the implementation back end could "
"be RabbitMQ, Qpid, or ZeroMQ."
msgstr ""
"Messaging digunakan untuk komunikasi internal antara beberapa layanan "
"OpenStack. Secara default, OpenStack menggunakan antrian pesan berdasarkan :"
"term:`AMQP <Advanced Message Queuing Protocol (AMQP)>`. Seperti kebanyakan "
"layanan OpenStack, AMQP mendukung komponen pluggable. Saat ini penerapan "
"back end bisa berupa RabbitMQ, Qpid, atau ZeroMQ."
msgid "Messaging security"
msgstr "Keamanan pesan"
msgid "Messaging server"
msgstr "Server Messaging"
msgid "Messaging transport security"
msgstr "Keamanan pengiriman pesan"
msgid ""
"Metadata stored by an OpenStack cloud includes the following non-exhaustive "
"items:"
msgstr ""
"Metadata yang disimpan oleh awan OpenStack mencakup item berikut yang tidak "
"lengkap (non-exhaustive):"
msgid "Migration network"
msgstr "Jaringan migrasi"
msgid "Minimizing the QEMU code base"
msgstr "Meminimalkan basis kode QEMU"
msgid "Minimizing the code base."
msgstr "Meminimalkan basis kode."
msgid "Mitigate ARP spoofing"
msgstr "Mengurangi spoofing ARP"
msgid "Mode"
msgstr "Mode"
msgid ""
"Monitor the traffic on the management network. The anomalies might be easier "
"to track than on the busier compute nodes."
msgstr ""
"Pantau lalu lintas di jaringan manajemen. Anomali mungkin lebih mudah "
"dilacak daripada pada node komptasi yang sibuk."
msgid "Monitoring and logging"
msgstr "Pemantauan dan logging"
msgid ""
"Monitoring is a critical component of IT infrastructure, we recommend the "
"`Compute logfiles <https://docs.openstack.org/newton/config-reference/"
"compute/logs.html>`_ be monitored and analyzed so that meaningful alerts can "
"be created."
msgstr ""
"Pemantauan merupakan komponen penting dari infrastruktur TI, kami "
"merekomendasikan `Compute logfiles <https://docs.openstack.org/newton/config-"
"reference/compute/logs.html>`_ dipantau dan dianalisis sehingga peringatan "
"yang berarti dapat diciptakan."
msgid ""
"Monitoring the output of the service controller is a powerful forensic tool, "
"as described more thoroughly in :doc:`../monitoring-logging`. The Data "
"processing service controller offers a few options for setting the location "
"and level of logging."
msgstr ""
"Pemantauan output dari pengontrol layanan adalah alat forensik yang hebat, "
"seperti yang dijelaskan lebih teliti di :doc:`../monitoring-logging`. "
"Pengontrol layanan pengolahan data menawarkan beberapa pilihan untuk "
"mengatur lokasi dan tingkat logging."
msgid "Monitoring use cases"
msgstr "Memantau kasus penggunaan"
msgid "Monitoring, alerting, and reporting"
msgstr "Monitoring, peringatan, dan pelaporan"
msgid ""
"Most API endpoints and other HTTP services in OpenStack use the Python Paste "
"Deploy library. From a security perspective, this library enables "
"manipulation of the request filter pipeline through the application's "
"configuration. Each element in this chain is referred to as *middleware*. "
"Changing the order of filters in the pipeline or adding additional "
"middleware might have unpredictable security impact."
msgstr ""
"Sebagian besar endpoint API dan layanan HTTP lainnya di OpenStack "
"menggunakan pustaka Python Paste Deploy. Dari perspektif keamanan, "
"perpustakaan ini memungkinkan manipulasi aliran filter permintaan melalui "
"konfigurasi aplikasi. Setiap elemen dalam rantai ini disebut sebagai "
"*middleware *. Mengubah urutan filter dalam pipa atau menambahkan middleware "
"tambahan mungkin memiliki dampak keamanan yang tidak dapat diprediksi."
msgid ""
"Most cloud deployments will not build software, such as QEMU, by hand. It is "
"better to use packaging to ensure that the process is repeatable and to "
"ensure that the end result can be easily deployed throughout the cloud. The "
"references below provide some additional details on applying compiler "
"hardening options to existing packages."
msgstr ""
"Sebagian besar penyebaran awan tidak akan membangun perangkat lunak, seperti "
"QEMU, dengan tangan. Lebih baik menggunakan kemasan untuk memastikan "
"prosesnya berulang dan untuk memastikan bahwa hasil akhirnya dapat dengan "
"mudah digunakan di seluruh awan. Referensi di bawah ini memberikan beberapa "
"rincian tambahan tentang penerapan opsi pengerasan kompiler ke paket yang "
"ada."
msgid ""
"Most common operating systems include host-based firewalls for additional "
"security. While we recommend that virtual machines run as few applications "
"as possible (to the point of being single-purpose instances, if possible), "
"all applications running on a virtual machine should be profiled to "
"determine what system resources the application needs access to, the lowest "
"level of privilege required for it to run, and what the expected network "
"traffic is that will be going into and coming from the virtual machine. This "
"expected traffic should be added to the host-based firewall as allowed "
"traffic (or whitelisted), along with any necessary logging and management "
"communication such as SSH or RDP. All other traffic should be explicitly "
"denied in the firewall configuration."
msgstr ""
"Sistem operasi yang paling umum mencakup firewall berbasis host untuk "
"keamanan tambahan. Meskipun kami menyarankan agar mesin virtual menjalankan "
"aplikasi sesedikit mungkin (sampai pada titik tujuan tunggal, jika mungkin), "
"semua aplikasi yang berjalan pada mesin virtual harus diprofilkan untuk "
"menentukan sumber daya sistem yang dibutuhkan akses aplikasi, yang terendah "
"tingkat hak istimewa yang dibutuhkan agar bisa berjalan, dan lalu lintas "
"lalu lintas yang diharapkan akan masuk dan masuk dari mesin virtual. Lalu "
"lintas yang diharapkan ini harus ditambahkan ke firewall berbasis host "
"sebagai lalu lintas yang diizinkan (atau masuk whitelisted), bersamaan "
"dengan komunikasi logging dan manajemen yang diperlukan seperti SSH atau "
"RDP. Semua lalu lintas lainnya harus ditolak secara eksplisit dalam "
"konfigurasi firewall."
msgid ""
"Most likely, the most important aspect in hypervisor selection is the "
"expertise of your staff in managing and maintaining a particular hypervisor "
"platform. The more familiar your team is with a given product, its "
"configuration, and its eccentricities, the fewer the configuration mistakes. "
"Additionally, having staff expertise spread across an organization on a "
"given hypervisor increases availability of your systems, allows segregation "
"of duties, and mitigates problems in the event that a team member is "
"unavailable."
msgstr ""
"Kemungkinan besar, aspek terpenting dalam pemilihan hypervisor adalah "
"keahlian staf Anda dalam mengelola dan memelihara platform hypervisor "
"tertentu. Semakin akrab tim Anda dengan produk tertentu, konfigurasinya, dan "
"eksentrisitasnya, semakin sedikit kesalahan konfigurasi. Selain itu, "
"memiliki keahlian staf yang tersebar di seluruh organisasi pada hypervisor "
"tertentu meningkatkan ketersediaan sistem Anda, memungkinkan pemisahan "
"tugas, dan mengurangi masalah jika anggota tim tidak tersedia."
msgid ""
"Most types of cloud deployment, public or private, are exposed to some form "
"of attack. In this chapter we categorize attackers and summarize potential "
"types of attacks in each security domain."
msgstr ""
"Sebagian besar jenis penyebaran awan, publik atau private, terkena beberapa "
"bentuk serangan. Dalam bab ini kami mengkategorikan penyerang dan meringkas "
"jenis serangan potensial di setiap domain keamanan."
msgid "Motivated individuals"
msgstr "Individu termotivasi"
msgid "Multi-factor authentication"
msgstr "Autentikasi mult-faktor"
msgid "Multi-host DHCP-agent"
msgstr "Multi-host DHCP-agent"
msgid ""
"Multiple filters can be applied at once, such as the ``ServerGroupAffinity`` "
"filter to ensure an instance is created on a member of a specific set of "
"hosts and ``ServerGroupAntiAffinity`` filter to ensure that same instance is "
"not created on another specific set of hosts. These filters should be "
"analyzed carefully to ensure they do not conflict with each other and result "
"in rules that prevent the creation of instances."
msgstr ""
"Beberapa filter dapat diterapkan sekaligus, seperti filter "
"``ServerGroupAffinity`` untuk memastikan sebuah instance dibuat pada anggota "
"host tertentu dan filter `ServerGroupAntiAffinity`` untuk memastikan bahwa "
"instance yang sama tidak dibuat pada set host spesifik yang lain. Filter "
"ini harus dianalisis dengan seksama untuk memastikan mereka tidak saling "
"bertentangan dan menghasilkan peraturan yang mencegah pembuatan instance."
msgid "MySQL SSL configuration"
msgstr "Konfigurasi SSL MySQL"
msgid "MySQL database service"
msgstr "Layanan database MySQL"
msgid ""
"MySQL has a large community, widespread adoption, and provides high "
"availability options. MySQL also has the ability to provide enhanced client "
"authentication by way of plug-in authentication mechanisms. Forked "
"distributions in the MySQL community provide many options for consideration. "
"It is important to choose a specific implementation of MySQL based on a "
"thorough evaluation of the security posture and the level of support "
"provided for the given distribution."
msgstr ""
"MySQL memiliki komunitas besar, adopsi yang luas, dan menyediakan pilihan "
"ketersediaan tinggi. MySQL juga memiliki kemampuan untuk menyediakan "
"otentikasi klien yang disempurnakan dengan cara mekanisme otentikasi plug-"
"in. Forked distribution di komunitas MySQL memberikan banyak pilihan untuk "
"dipertimbangkan. Penting untuk memilih implementasi spesifik dari MySQL "
"berdasarkan evaluasi menyeluruh terhadap postur keamanan dan tingkat "
"dukungan yang diberikan untuk distribusi yang diberikan."
msgid "MySQL:"
msgstr "MySQL:"
msgid ""
"NIST defines a community cloud as one whose infrastructure is provisioned "
"for the exclusive use by a specific community of consumers from "
"organizations that have shared concerns (for example, mission, security "
"requirements, policy, or compliance considerations). The cloud might be "
"owned, managed, and operated by one or more of organizations in the "
"community, a third-party, or some combination of them, and it may exist on "
"or off premises."
msgstr ""
"NIST mendefinisikan awan komunitas sebagai infrastruktur yang disediakan "
"untuk penggunaan eksklusif oleh komunitas konsumen tertentu dari organisasi "
"yang memiliki keprihatinan bersama (misalnya, pertimbangan misi, persyaratan "
"keamanan, kebijakan, atau kepatuhan). Awan mungkin dimiliki, dikelola, dan "
"dioperasikan oleh satu atau lebih organisasi di masyarakat, pihak ketiga, "
"atau beberapa kombinasi dari keduanya, dan mungkin ada di dalam atau di luar "
"lokasi."
msgid "Namespaces"
msgstr "Namespace"
msgid ""
"Nathanael Burton is a Computer Scientist at the National Security Agency. He "
"has worked for the Agency for over 10 years working on distributed systems, "
"large-scale hosting, open source initiatives, operating systems, security, "
"storage, and virtualization technology. He has a B.S. in Computer Science "
"from Virginia Tech."
msgstr ""
"Nathanael Burton adalah seorang Ilmuwan Komputer di National Security "
"Agency. Dia telah bekerja untuk Agency selama lebih dari 10 tahun bekerja "
"pada sistem terdistribusi, hosting berskala besar, inisiatif open source, "
"sistem operasi, keamanan, penyimpanan, dan teknologi virtualisasi. Dia "
"memiliki B.S. di Ilmu Komputer dari Virginia Tech."
msgid ""
"National Information Assurance Partnership, National Security "
"Telecommunications and Information Systems Security Policy. 2003. `http://"
"www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf <http://www."
"niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf>`_"
msgstr ""
"National Information Assurance Partnership, National Security "
"Telecommunications dan Information Systems Security Policy. 2003. `http://"
"www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf <http://www."
"niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf>`_"
msgid ""
"Native SSL/TLS configuration is difficult (not well documented, tested, or "
"consistent across services)."
msgstr ""
"Konfigurasi SSL/TLS native sulit (tidak terdokumentasi dengan baik, teruji, "
"atau konsisten di seluruh layanan)."
msgid ""
"Native SSL/TLS in OpenStack services does not perform/scale as well as SSL "
"proxies (particularly for Python implementations like Eventlet)."
msgstr ""
"SSL/TLS native di layanan OpenStack tidak melakukan/skala serta proxy SSL "
"(terutama untuk implementasi Python seperti Eventlet)."
msgid ""
"Native SSL/TLS in OpenStack services not as well scrutinized/ audited as "
"more proven solutions."
msgstr ""
"SSL/TLS native di layanan OpenStack tidak dicermati/diaudit serta bukan "
"solusi yang lebih terjamin."
msgid "Network and security models"
msgstr "Model jaringan dan keamanan"
msgid "Network connectivity of physical servers"
msgstr "Konektivitas jaringan server fisik"
msgid "Network data"
msgstr "Network data"
msgid ""
"Network intrusion detection tools complement the host-based tools. OpenStack "
"doesn't have a specific network IDS built-in, but OpenStack Networking "
"provides a plug-in mechanism to enable different technologies through the "
"Networking API. This plug-in architecture will allow tenants to develop API "
"extensions to insert and configure their own advanced networking services "
"like a firewall, an intrusion detection system, or a VPN between the VMs."
msgstr ""
"Alat deteksi intrusi jaringan melengkapi alat berbasis host. OpenStack tidak "
"memiliki jaringan khusus IDS built-in, namun OpenStack Networking "
"menyediakan mekanisme plug-in untuk mengaktifkan teknologi yang berbeda "
"melalui Networking API. Arsitektur plug-in ini akan memungkinkan penyewa "
"mengembangkan ekstensi API untuk memasukkan dan mengkonfigurasi layanan "
"jaringan lanjutan mereka sendiri seperti firewall, sistem deteksi intrusi, "
"atau VPN antara VM."
msgid ""
"Network namespaces are highly recommended for all services running on "
"OpenStack Compute Hypervisors. This will help prevent against the bridging "
"of network traffic between VM guests and the management network."
msgstr ""
"Namespace jaringan sangat dianjurkan untuk semua layanan yang berjalan di "
"OpenStack Compute Hypervisors. Ini akan membantu mencegah terjerembabnya "
"lalu lintas jaringan antara VM guest dan jaringan manajemen."
msgid "Network plug-ins"
msgstr "Plug-in jaringan"
msgid ""
"Network plug-ins allow to use any functions, configurations of the OpenStack "
"Networking and Legacy networking services. One can use any network "
"segmentation that the Networking service supports, you can use flat networks "
"or VLAN-segmented networks of the Legacy networking (nova-network) service, "
"or you can use plug-ins for specifying networks independently from OpenStack "
"networking services. For more information of how to use different network "
"plug-ins, see `Shared File Systems service Network plug-ins <https://docs."
"openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-"
"plug-ins>`_."
msgstr ""
"Jaringan plug-in memungkinkan untuk menggunakan fungsi apapun, konfigurasi "
"layanan jaringan OpenStack Networking and Legacy. Seseorang dapat "
"menggunakan segmentasi jaringan yang didukung oleh layanan Networking, Anda "
"dapat menggunakan jaringan datar atau jaringan terstruktur VLAN dari "
"jaringan jaringan Legacy (nova-network), atau Anda dapat menggunakan plug-in "
"untuk menentukan jaringan secara terpisah dari layanan jaringan OpenStack. "
"Untuk informasi lebih lanjut tentang cara menggunakan berbagai plug-in "
"jaringan, lihat `Shared File Systems service Network plug-ins <https://docs."
"openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-"
"plug-ins>`_."
msgid "Network policy"
msgstr "Kebijakan jaringan"
msgid "Network security"
msgstr "Keamanan jaringan"
msgid "Network services"
msgstr "Layanan jaringan"
msgid "Network services extensions"
msgstr "Ekstensi layanan jaringan"
msgid "Network topology"
msgstr "Topologi jaringan"
msgid ""
"Network tunneling encapsulates each tenant/network combination with a unique "
"\"tunnel-id\" that is used to identify the network traffic belonging to that "
"combination. The tenant's L2 network connectivity is independent of physical "
"locality or underlying network design. By encapsulating traffic inside IP "
"packets, that traffic can cross Layer-3 boundaries, removing the need for "
"preconfigured VLANs and VLAN trunking. Tunneling adds a layer of obfuscation "
"to network data traffic, reducing the visibility of individual tenant "
"traffic from a monitoring point of view."
msgstr ""
"Jaringan tunneling merangkum masing-masing penyewa jaringan kombinasi dengan "
"unik \"tunnel-id\" yang digunakan untuk mengidentifikasi lalu lintas "
"jaringan milik kombinasi itu. Konektivitas jaringan L2 penyewa tidak "
"bergantung pada lokasi fisik atau disain jaringan yang mendasarinya. Dengan "
"mengenkapsulasi lalu lintas di dalam paket IP, lalu lintas tersebut dapat "
"melintasi batas Layer-3, menghapus kebutuhan akan VLAN yang telah "
"dikonfigurasikan sebelumnya dan trunking VLAN. Tunneling menambahkan lapisan "
"obfuscation ke lalu lintas data jaringan, mengurangi visibilitas lalu lintas "
"penyewa individu dari sudut pandang pemantauan."
msgid "Network virtualization"
msgstr "Virtualisasi jaringan"
msgid "Networking"
msgstr "Networking"
msgid "Networking API endpoints"
msgstr "Networking API endpoints"
msgid "Networking architecture"
msgstr "Arsitektur jaringan"
msgid "Networking resource policy engine"
msgstr "Mesin kebijakan sumber daya jaringan"
msgid "Networking services"
msgstr "Layanan Networking"
msgid "Networking services limitations"
msgstr "Keterbatasan layanan jaringan"
msgid "Networking services security best practices"
msgstr "Praktik terbaik keamanan layanan jaringan"
msgid "Never allow the wild card origin."
msgstr "Jangan biarkan wild card origin."
msgid ""
"Never configure CSRF or session cookies to have a wild card domain with a "
"leading dot. Horizon's session and CSRF cookie should be secured when "
"deployed with HTTPS:"
msgstr ""
"Jangan pernah mengonfigurasi CSRF atau cookie sesi untuk memiliki wild card "
"domain dengan dot terkemuka. Sesi Horizon dan cookie CSRF harus diamankan "
"saat dikerahkan dengan HTTPS:"
msgid "Never eXecute (NX)"
msgstr "Never eXecute (NX)"
msgid "Nginx"
msgstr "Nginx"
msgid "No IPv6 support for L3 agents"
msgstr "Tidak ada dukungan IPv6 untuk agen L3"
msgid ""
"No MD5. MD5 is not collision resistant, and thus not acceptable for Message "
"Authentication Codes (MAC) or signatures."
msgstr ""
"Tidak ada MD5. MD5 tidak tahan benturan, dan karenanya tidak dapat diterima "
"untuk Message Authentication Codes (MAC) atau signatures."
msgid ""
"No RC4. RC4 has flaws in the context of TLS V3. See `On the Security of RC4 "
"in TLS and WPA <http://cr.yp.to/streamciphers/rc4biases-20130708.pdf>`_."
msgstr ""
"Tidak ada RC4. RC4 memiliki kekurangan dalam konteks TLS V3. Lihat `On the "
"Security of RC4 in TLS and WPA <http://cr.yp.to/streamciphers/"
"rc4biases-20130708.pdf>`_."
msgid ""
"No new users will be added to the Identity back end, but the Identity "
"service requires group-based role assignments to authorize federated users. "
"The Federation mapping function will map the user into local Identity "
"service groups objects, and hence to local role assignments."
msgstr ""
"Tidak ada pengguna baru yang akan ditambahkan ke Identity back end, namun "
"layanan Identity memerlukan tugas peran berbasis kelompok untuk memberi "
"otorisasi kepada pengguna yang tergabung. Fungsi pemetaan Federation akan "
"memetakan pengguna ke dalam kelompok pengguna layanan Identity lokal, dan "
"karenanya untuk tugas peran lokal."
msgid "No share servers mode"
msgstr "No share servers mode"
msgid "Node hardening"
msgstr "Pengerasan node"
msgid "Node provisioning"
msgstr "Penyediaan Node"
msgid ""
"Nodes in the cloud—including compute, storage, network, service, and hybrid "
"nodes—should have an automated provisioning process. This ensures that nodes "
"are provisioned consistently and correctly. This also facilitates security "
"patching, upgrading, bug fixing, and other critical changes. Since this "
"process installs new software that runs at the highest privilege levels in "
"the cloud, it is important to verify that the correct software is installed. "
"This includes the earliest stages of the boot process."
msgstr ""
"Node di awan -termasuk komputasi, penyimpanan, jaringan, layanan, dan node "
"hibrida- harus memiliki proses penyediaan otomatis. Hal ini memastikan bahwa "
"node ditetapkan secara konsisten dan benar. Ini juga memfasilitasi keamanan "
"patch, upgrade, perbaikan bug, dan perubahan penting lainnya. Karena proses "
"ini menginstal perangkat lunak baru yang berjalan pada tingkat hak istimewa "
"tertinggi di awan, penting untuk memastikan perangkat lunak yang benar "
"diinstal. Ini termasuk tahap awal proses boot."
msgid ""
"Nodes should use Preboot eXecution Environment (PXE) for provisioning. This "
"significantly reduces the effort required for redeploying nodes. The typical "
"process involves the node receiving various boot stages—that is "
"progressively more complex software to execute— from a server."
msgstr ""
"Node harus menggunakan Preboot eXecution Environment (PXE) untuk penyediaan. "
"Hal ini secara signifikan mengurangi upaya yang diperlukan untuk memindahkan "
"node. Proses yang khas melibatkan node yang menerima berbagai tahap boot -"
"yaitu perangkat lunak yang semakin kompleks untuk dijalankan- dari server."
msgid ""
"Note that Castellan does not provide any authentication. It simply passes "
"through the authentication credentials (a Keystone token, for example) to "
"the back-end."
msgstr ""
"Perhatikan bahwa Castellan tidak memberikan otentikasi apapun. Ini hanya "
"melewati kredensial otentikasi (token Keystone, misalnya) ke back-end."
msgid ""
"Note that if the LDAP system has attributes defined for the user such as "
"admin, finance, HR etc, these must be mapped into roles and groups within "
"Identity for use by the various OpenStack services. The ``/etc/keystone/"
"keystone.conf`` file maps LDAP attributes to Identity attributes."
msgstr ""
"Perhatikan bahwa jika sistem LDAP memiliki atribut yang didefinisikan untuk "
"pengguna seperti admin, finance, HR dll, ini harus dipetakan ke dalam peran "
"dan kelompok di dalam Identity untuk digunakan oleh berbagai layanan "
"OpenStack. File ``/etc/keystone/keystone.conf`` memetakan atribut LDAP ke "
"atribut Identitas."
msgid ""
"Note that the OpenStack `Ephemeral disk encryption <https://docs.openstack."
"org/security-guide/tenant-data/data-encryption.html>`__ feature provides a "
"means of improving ephemeral storage privacy and isolation, during both "
"active use as well as when the data is to be destroyed. As in the case of "
"encrypted block storage, one can simply delete the encryption key to "
"effectively destroy the data."
msgstr ""
"Perhatikan bahwa OpenStack fitur `Ephemeral disk encryption <https://docs."
"openstack.org/security-guide/tenant-data/data-encryption.html>`__ "
"menyediakan sarana untuk meningkatkan privasi penyimpanan sementara dan "
"isolasi, selama penggunaan aktif maupun saat data dihancurkan. Seperti dalam "
"kasus penyimpanan blok terenkripsi, seseorang dapat dengan mudah menghapus "
"kunci enkripsi untuk menghancurkan data secara efektif."
msgid ""
"Note that there may be a key size limitation from the backend key manager "
"that could require the use of 'key_size = 256', which would only provide an "
"AES key size of 128-bits. XTS requires it's own \"tweak key\" in addition to "
"the encryption key AES requires. This is typically expressed as a single "
"large key. In this case, using the 512-bit setting, 256 bits will be used by "
"AES and 256 bits by XTS. (see NIST_)"
msgstr ""
"Perhatikan bahwa mungkin ada batasan ukuran kunci dari manajer kunci backend "
"yang memerlukan penggunaan 'key_size = 256', yang hanya akan memberikan "
"ukuran kunci AES 128-bit. XTS membutuhkan \"tweak key\" itu sendiri selain "
"kunci enkripsi yang dibutuhkan AES. Hal ini biasanya dinyatakan sebagai satu "
"kunci besar. Dalam kasus ini, dengan menggunakan pengaturan 512-bit, 256 bit "
"akan digunakan oleh AES dan 256 bit oleh XTS. (lihat NIST_)"
msgid ""
"Note this command only adds the ability to communicate over SSL and is non-"
"exclusive. Other access methods that may allow unencrypted transport should "
"be disabled so that SSL is the sole access method."
msgstr ""
"Perhatikan perintah ini hanya menambahkan kemampuan untuk berkomunikasi "
"melalui SSL dan tidak eksklusif. Metode akses lain yang memungkinkan "
"pengangkutan yang tidak dienkripsi harus dinonaktifkan sehingga SSL adalah "
"satu-satunya metode akses."
msgid "Note this needs to be added before your reject all rule which might be:"
msgstr ""
"Catatan ini perlu ditambahkan sebelum Anda menolak semua peraturan yang "
"mungkin:"
msgid ""
"Note, as nova-conductor only applies to OpenStack Compute, direct database "
"access from compute hosts may still be necessary for the operation of other "
"OpenStack components such as Telemetry (ceilometer), Networking, and Block "
"Storage."
msgstr ""
"Catatan, karena nova-konduktor hanya berlaku untuk OpenStack Compute, akses "
"database langsung dari host komputasi mungkin masih diperlukan untuk "
"pengoperasian komponen OpenStack lainnya seperti Telemetry (ceilometer), "
"Networking, dan Block Storage."
msgid ""
"Note, however, that authentication via IP is the least secure type of "
"authentication."
msgstr ""
"Namun, perhatikan bahwa otentikasi melalui IP adalah jenis otentikasi yang "
"paling tidak aman."
msgid ""
"Note, legacy nova-network security groups are applied to all virtual "
"interface ports on an instance using iptables."
msgstr ""
"Perhatikan, grup keamanan nova-jaringan legacy diterapkan ke semua port "
"antarmuka virtual pada sebuah instance menggunakan iptable."
msgid ""
"Note, the ``tcp_listeners`` option is set to ``[]`` to prevent it from "
"listening on a non-SSL port. The ``ssl_listeners`` option should be "
"restricted to only listen on the management network for the services."
msgstr ""
"Perhatikan, opsi ``tcp_listeners`` diset ke ``[]`` untuk mencegahnya "
"mendengarkan port non-SSL. Opsi ``ssl_listeners`` harus dibatasi hanya untuk "
"mendengarkan pada jaringan manajemen untuk layanan."
msgid ""
"Nova compute service depends on an external authentication and authorization "
"service. In a typical deployment this dependency will be fulfilled by the "
"keystone service."
msgstr ""
"Layanan komputasi Nova bergantung pada layanan otentikasi dan otorisasi "
"eksternal. Dalam penyebaran tipikal, ketergantungan ini akan dipenuhi oleh "
"layanan keystone."
msgid "Nova-conductor"
msgstr "Nova-conductor"
msgid ""
"Nova-conductor receives requests over RPC and performs actions on behalf of "
"the calling service without granting granular access to the database, its "
"tables, or data within. Nova-conductor essentially abstracts direct database "
"access away from compute nodes."
msgstr ""
"Nova-conductor menerima permintaan di atas RPC dan melakukan tindakan atas "
"nama layanan panggilan tanpa memberikan akses terperinci ke database, tabel, "
"atau data di dalamnya. Nova-konduktor pada dasarnya abstrak akses database "
"langsung dari node komputasi."
msgid ""
"Now that the Identity Provider and Identity service are communicating, you "
"can start to configure the ``OS-FEDERATION`` extension."
msgstr ""
"Setelah Identity Provider and layanan Identity berkomunikasi, Anda dapat "
"mulai mengkonfigurasi ekstensi ``OS-FEDERATION``."
msgid ""
"Now we can mount a share on the host with IP address ``10.254.0.4`` and have "
"``rw`` permissions to the share:"
msgstr ""
"Sekarang kita bisa me-mount share di host dengan alamat IP ``10.254.0.4`` "
"dan memiliki permission ``rw`` untuk share:"
msgid "Number of hours running instances or storing data"
msgstr "Jumlah jam instance yang sedang berjalan atau menyimpan data"
msgid ""
"Number or size of running instances, buckets, objects, volumes, and other "
"quota-related items"
msgstr ""
"Jumlah atau ukuran instance yang sedang berjalan, buckets, objek, volume, "
"dan barang terkait kuota lainnya"
msgid ""
"Numerous OpenStack services maintain data and metadata belonging to tenants "
"or reference tenant information."
msgstr ""
"Sejumlah layanan OpenStack menjaga data dan metadata milik penyewa atau "
"informasi penyewa referensi."
msgid "Object Content-Type values"
msgstr "Object Content-Type values"
msgid "Object Reuse"
msgstr "Object Reuse"
msgid "Object Service"
msgstr "Object Service"
msgid "Object Storage"
msgstr "Object Storage"
msgid ""
"Object Storage (swift) supports the optional encryption of object data at "
"rest on storage nodes. The encryption of object data is intended to mitigate "
"the risk of users data being read if an unauthorized party were to gain "
"physical access to a disk."
msgstr ""
"Object Storage (swift) mendukung enkripsi opsional data objek saat istirahat "
"pada node penyimpanan. Enkripsi data objek dimaksudkan untuk mengurangi "
"risiko data pengguna dibaca jika pihak yang tidak berwenang memperoleh akses "
"fisik ke disk."
msgid "Object Storage account terminology"
msgstr "Terminologi akun Object Storage"
msgid "Object Storage authentication"
msgstr "Otentikasi Object Storage"
msgid ""
"Object Storage comes with two authentication middleware modules by default, "
"either of which can be used as sample code for developing a custom "
"authentication middleware."
msgstr ""
"Object Storage dilengkapi dengan dua modul middleware otentikasi secara "
"default, salah satunya dapat digunakan sebagai kode contoh untuk "
"mengembangkan middleware otentikasi kustom."
msgid ""
"Object Storage does not employ encryption or authentication with inter-node "
"communications. This is why you see a private switch or private network "
"([V]LAN) in the architecture diagrams. This data domain should be separate "
"from other OpenStack data networks as well. For further discussion on "
"security domains please see :doc:`introduction/security-boundaries-and-"
"threats`."
msgstr ""
"Object Storage tidak menggunakan enkripsi atau otentikasi dengan komunikasi "
"antar node. Inilah sebabnya mengapa Anda melihat private switch atau private "
"network ([V] LAN) dalam diagram arsitektur. Data domain ini harus terpisah "
"dari jaringan data OpenStack lainnya. Untuk pembahasan lebih lanjut tentang "
"domain keamanan silahkan lihat :doc:`introduction/security-boundaries-and-"
"threats`."
msgid "Object Storage network architecture with a management node (OSAM)"
msgstr "Object Storage network architecture with a management node (OSAM)"
msgid "Object Storage objects"
msgstr "Object Storage objects"
msgid ""
"Object Storage uses a WSGI model to provide for a middleware capability that "
"not only provides general extensibility, but is also used for authentication "
"of end-point clients. The authentication provider defines what roles and "
"user types exist. Some use traditional user name and password credentials, "
"while others may leverage API key tokens or even client-side x.509 "
"certificates. Custom providers can be integrated in using custom middleware."
msgstr ""
"Object Storage menggunakan model WSGI untuk menyediakan kemampuan middleware "
"yang tidak hanya menyediakan perluasan secara umum, namun juga digunakan "
"untuk otentikasi klien end-point. Penyedia otentikasi menentukan peran dan "
"jenis pengguna yang ada. Beberapa menggunakan nama pengguna dan kredensial "
"kata kunci tradisional, sementara yang lain mungkin memanfaatkan token kunci "
"API atau sertifikat x.509 sisi klien. Penyedia kustom dapat diintegrasikan "
"dalam menggunakan middleware kustom."
msgid ""
"Object content. For example, the content of an object PUT requests body"
msgstr "Isi objek. Misalnya, isi dari objek PUT request body"
msgid ""
"Object security should focus on access control and encryption of data in "
"transit and at rest. Other concerns might relate to system abuse, illegal or "
"malicious content storage, and cross-authentication attack vectors."
msgstr ""
"Keamanan objek harus fokus pada kontrol akses dan enkripsi data saat transit "
"dan saat istirahat. Masalah lainnya mungkin terkait dengan penyalahgunaan "
"sistem, penyimpanan konten ilegal atau berbahaya, dan vektor serangan cross-"
"authentication."
msgid "Object service"
msgstr "Layanan Object"
msgid "Object size"
msgstr "Object size"
msgid "Objectives"
msgstr "Tujuan"
msgid "Octavia/LBaaS"
msgstr "Octavia/LBaaS"
msgid ""
"Often overlooked is the need for key management for SSH hosts. As most or "
"all hosts in an OpenStack deployment will provide an SSH service, it is "
"important to have confidence in connections to these hosts. It cannot be "
"understated that failing to provide a reasonably secure and accessible "
"method to verify SSH host key fingerprints is ripe for abuse and "
"exploitation."
msgstr ""
"Sering diabaikan adalah kebutuhan akan manajemen kunci untuk host SSH. "
"Karena kebanyakan atau semua host dalam penyebaran OpenStack akan "
"menyediakan layanan SSH, penting untuk memiliki kepercayaan dalam koneksi ke "
"host ini. Tidak dapat dipungkiri bahwa gagal menyediakan metode yang cukup "
"aman dan mudah diakses untuk memverifikasi sidik jari utama host SSH (SSH "
"host key fingerprint) menjadi rentan untuk penyalahgunaan dan eksploitasi."
msgid ""
"Often, data encryption relates positively to the ability to reliably destroy "
"tenant and per-instance data, simply by throwing away the keys. It should be "
"noted that in doing so, it becomes of great importance to destroy those keys "
"in a reliable and secure manner."
msgstr ""
"Seringkali, enkripsi data berhubungan secara positif dengan kemampuan untuk "
"menghancurkan data penyewa dan per-instance dengan mudah, cukup dengan "
"membuang kunci. Perlu dicatat bahwa dengan berbuat demikian, menjadi sangat "
"penting untuk menghancurkan kunci tersebut dengan cara yang andal dan aman."
msgid ""
"On Linux virtual machines, the application profile above can be used in "
"conjunction with a tool like `audit2allow <http://wiki.centos.org/HowTos/"
"SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01>`_ to build an SELinux "
"policy that will further protect sensitive system information on most Linux "
"distributions. SELinux uses a combination of users, policies and security "
"contexts to compartmentalize the resources needed for an application to run, "
"and segmenting it from other system resources that are not needed."
msgstr ""
"Pada mesin virtual Linux, profil aplikasi di atas bisa digunakan bersamaan "
"dengan tool seperti `audit2allow <http://wiki.centos.org/HowTos/SELinux#head-"
"faa96b3fdd922004cdb988c1989e56191c257c01>`_ untuk membangun sebuah kebijakan "
"SELinux yang selanjutnya akan melindungi informasi sistem yang sensitif pada "
"sebagian besar distribusi Linux. SELinux menggunakan kombinasi antara "
"pengguna, kebijakan dan konteks keamanan untuk mengelompokkan sumber daya "
"yang dibutuhkan agar aplikasi dapat berjalan, dan melakukan segmentasi dari "
"sumber daya sistem lain yang tidak diperlukan."
msgid "On the RabbitMQ server, delete the default ``guest`` user:"
msgstr "Di server RabbitMQ, hapus pengguna ``guest`` default:"
msgid ""
"On the RabbitMQ server, for each OpenStack service or node that communicates "
"with the message queue set up user accounts and privileges:"
msgstr ""
"Di server RabbitMQ, untuk setiap layanan atau simpul OpenStack yang "
"berkomunikasi dengan antrian pesan, siapkan akun pengguna dan hak istimewa "
"(privileges):"
msgid ""
"On the VM, send some text to the newly attached volume and synchronize it:"
msgstr ""
"Di VM, kirim beberapa teks ke volume yang baru dilampirkan dan sinkronkan:"
msgid ""
"On the image below you can see how different parts of the Shared File System "
"service interact with each other."
msgstr ""
"Pada image di bawah ini Anda dapat melihat bagaimana berbagai bagian layanan "
"Shared File System berinteraksi satu sama lain."
msgid ""
"On the system hosting cinder volume services, synchronize to flush the I/O "
"cache then test to see if your string can be found:"
msgstr ""
"Pada sistem hosting layanan volume cinder, sinkronkan untuk menyiram (flush) "
"cache I/O kemudian menguji untuk melihat apakah string Anda dapat ditemukan:"
msgid ""
"Once a cloud is deployed, it is time for an internal audit. This is the time "
"to compare the controls you identified above with the design, features, and "
"deployment strategies utilized in your cloud. The goal is to understand how "
"each control is handled and where gaps exist. Document all of the findings "
"for future reference."
msgstr ""
"Begitu awan digunakan, sekarang saatnya untuk melakukan audit internal. "
"Inilah saatnya membandingkan kontrol yang Anda identifikasi di atas dengan "
"desain, fitur, dan strategi penyebaran yang digunakan di awan Anda. "
"Tujuannya adalah untuk memahami bagaimana setiap kontrol ditangani dan di "
"mana ada kesenjangan. Dokumentasikan semua temuan untuk referensi di "
"kemudian hari."
msgid ""
"Once a user is authenticated, a token is generated for authorization and "
"access to an OpenStack environment. A token can have a variable life span; "
"however the default value for expiry is one hour. The recommended expiry "
"value should be set to a lower value that allows enough time for internal "
"services to complete tasks. In the event that the token expires before tasks "
"complete, the cloud may become unresponsive or stop providing services. An "
"example of expended time during use would be the time needed by the Compute "
"service to transfer a disk image onto the hypervisor for local caching. "
"Fetching expired tokens when using a valid service token is allowed."
msgstr ""
"Setelah pengguna diautentikasi, token dihasilkan untuk otorisasi dan akses "
"ke lingkungan OpenStack. Token dapat memiliki rentang hidup variabel; namun "
"nilai default untuk kedaluwarsa adalah satu jam. Nilai kedaluwarsa yang "
"disarankan harus ditetapkan ke nilai yang lebih rendah yang memungkinkan "
"cukup waktu bagi layanan internal untuk menyelesaikan tugas. Jika token "
"berakhir sebelum tugas selesai, cloud mungkin menjadi tidak responsif atau "
"berhenti memberikan layanan. Contoh dari waktu yang dikeluarkan selama "
"penggunaan adalah waktu yang dibutuhkan oleh layanan Compute untuk "
"mentransfer image disk ke hypervisor untuk caching lokal. Mengambil token "
"yang kedaluwarsa saat menggunakan token layanan yang valid diizinkan."
msgid ""
"Once system security controls are identified, an OpenStack architect will "
"utilize NIST 800-53 to extract tailored control selection. For example, "
"specification of what constitutes a \"secure password\"."
msgstr ""
"Setelah kontrol keamanan sistem diidentifikasi, arsitek OpenStack akan "
"menggunakan NIST 800-53 untuk mengekstrak pilihan kontrol yang disesuaikan. "
"Misalnya, spesifikasi apa yang dimaksud dengan \"secure password\"."
msgid ""
"Once the SSH host key is generated, the host key fingerprint should be "
"stored in a secure and queryable location. One particularly convenient "
"solution is DNS using SSHFP resource records as defined in RFC-4255. For "
"this to be secure, it is necessary that DNSSEC be deployed."
msgstr ""
"Setelah SSH host key dihasilkan, host key fingerprint harus disimpan di "
"lokasi yang aman dan queryable. Salah satu solusi yang sangat mudah "
"digunakan adalah DNS menggunakan SSHFP resource record sebagaimana "
"didefinisikan dalam RFC-4255. Agar aman, DNSSEC perlu dikerahkan."
msgid ""
"Once the internal audit results look good, it is time to prepare for an "
"external audit. There are several key actions to take at this stage, these "
"are outlined below:"
msgstr ""
"Begitu hasil audit internal terlihat bagus, sekarang saatnya mempersiapkan "
"audit eksternal. Ada beberapa tindakan penting yang harus dilakukan pada "
"tahap ini, ini diuraikan di bawah ini:"
msgid ""
"Once the node is running, we need to ensure that it remains in a good state "
"over time. Broadly speaking, this includes both configuration management and "
"security monitoring. The goals for each of these areas are different. By "
"checking both, we achieve higher assurance that the system is operating as "
"desired. We discuss configuration management in the management section, and "
"security monitoring below."
msgstr ""
"Setelah node berjalan, kita perlu memastikan bahwa itu tetap dalam keadaan "
"baik dari waktu ke waktu. Secara umum, ini mencakup pengelolaan konfigurasi "
"dan pemantauan keamanan. Tujuan masing-masing daerah berbeda. Dengan "
"memeriksa keduanya, kami mencapai kepastian yang lebih tinggi bahwa sistem "
"beroperasi sesuai keinginan. Kami membahas manajemen konfigurasi di bagian "
"manajemen, dan pemantauan keamanan di bawah ini."
msgid ""
"Once the updates are fully tested, they can be deployed to the production "
"environment. This deployment should be fully automated using the "
"configuration management tools described below."
msgstr ""
"Setelah pembaruan diuji sepenuhnya, mereka dapat dikirim ke lingkungan "
"produksi. Penyebaran ini harus sepenuhnya otomatis menggunakan alat "
"manajemen konfigurasi yang dijelaskan di bawah ini."
msgid ""
"Once you have your Identity service virtual host ready, configure Shibboleth "
"and upload your metadata to the Identity Provider."
msgstr ""
"Setelah Anda menyiapkan host virtualisasi layanan Identity Anda, "
"konfigurasikan Shibboleth dan unggah metadata Anda ke Identity Provider."
msgid ""
"One additional consideration when selecting a hypervisor is the availability "
"of various formal certifications and attestations. While they may not be "
"requirements for your specific organization, these certifications and "
"attestations speak to the maturity, production readiness, and thoroughness "
"of the testing a particular hypervisor platform has been subjected to."
msgstr ""
"Satu pertimbangan tambahan saat memilih hypervisor adalah tersedianya "
"berbagai sertifikasi dan pengesahan formal. Meskipun persyaratan tersebut "
"mungkin bukan persyaratan untuk organisasi khusus Anda, sertifikasi dan "
"pengesahan ini berbicara mengenai kedewasaan, kesiapan produksi, dan "
"ketelitian pengujian platform hypervisor tertentu telah menjadi sasaran."
msgid "One as a public interface for consumers to reach."
msgstr ""
"Salah satunya sebagai antarmuka publik bagi konsumen untuk mencapainya."
msgid ""
"One critical policy decision for a cloud architect is what to do with the "
"output from a security monitoring tool. There are effectively two options. "
"The first is to alert a human to investigate and/or take corrective action. "
"This could be done by including the security alert in a log or events feed "
"for cloud administrators. The second option is to have the cloud take some "
"form of remedial action automatically, in addition to logging the event. "
"Remedial actions could include anything from re-installing a node to "
"performing a minor service configuration. However, automated remedial action "
"can be challenging due to the possibility of false positives."
msgstr ""
"Salah satu keputusan kebijakan penting untuk arsitek awan adalah apa yang "
"harus dilakukan dengan keluaran dari alat pemantau keamanan. Ada dua pilihan "
"yang efektif. Yang pertama adalah mengingatkan manusia untuk menyelidiki "
"dan / atau melakukan tindakan korektif. Ini bisa dilakukan dengan memasukkan "
"peringatan keamanan di log atau event feed untuk administrator awan. Pilihan "
"kedua adalah meminta agar awan mengambil beberapa bentuk tindakan perbaikan "
"secara otomatis, selain mencatat kejadian tersebut. Tindakan perbaikan bisa "
"mencakup apa saja dari menginstal ulang node untuk melakukan konfigurasi "
"layanan kecil. Namun, tindakan perbaikan otomatis bisa jadi tantangan karena "
"kemungkinan adanya positif palsu (false positive)."
msgid ""
"One decision a cloud architect will need to make regarding Compute service "
"configuration is whether to use :term:`VNC <Virtual Network Computing "
"(VNC)>` or :term:`SPICE <Simple Protocol for Independent Computing "
"Environments (SPICE)>`."
msgstr ""
"Salah satu keputusan arsitek awan yang perlu dibuat mengenai konfigurasi "
"layanan Compute adalah apakah akan digunakan :term:`VNC <Virtual Network "
"Computing (VNC)>` atau :term:`SPICE <Simple Protocol for Independent "
"Computing Environments (SPICE)>`."
msgid ""
"One of the biggest indicators of a hypervisor's maturity is the size and "
"vibrancy of the community that surrounds it. As this concerns security, the "
"quality of the community affects the availability of expertise if you need "
"additional cloud operators. It is also a sign of how widely deployed the "
"hypervisor is, in turn leading to the battle readiness of any reference "
"architectures and best practices."
msgstr ""
"Salah satu indikator terbesar kematangan hypervisor adalah ukuran dan "
"semangat komunitas yang mengelilinginya. Karena ini menyangkut keamanan, "
"kualitas masyarakat akan mempengaruhi ketersediaan keahlian jika Anda "
"membutuhkan operator awan tambahan. Ini juga merupakan tanda betapa luasnya "
"penyebaran hypervisor ini, yang pada gilirannya menuju ke kesiapan "
"perjuangan (battle readiness) setiap arsitektur referensi dan praktik "
"terbaik."
msgid ""
"One of the main security concerns with any OpenStack deployment is the "
"security and controls around sensitive files, such as the ``nova.conf`` "
"file. Normally contained in the ``/etc`` directory, this configuration file "
"contains many sensitive options including configuration details and service "
"passwords. All such sensitive files should be given strict file level "
"permissions, and monitored for changes through file integrity monitoring "
"(FIM) tools such as iNotify or Samhain. These utilities will take a hash of "
"the target file in a known good state, and then periodically take a new hash "
"of the file and compare it to the known good hash. An alert can be created "
"if it was found to have been modified unexpectedly."
msgstr ""
"Salah satu masalah keamanan utama dengan penyebaran OpenStack adalah "
"keamanan dan kontrol di sekitar file sensitif, seperti file ``nova.conf``. "
"Biasanya terdapat di direktori ``/etc``, file konfigurasi ini berisi banyak "
"pilihan sensitif termasuk rincian konfigurasi dan kata sandi layanan. Semua "
"file sensitif tersebut harus diberi hak akses tingkat file yang ketat, dan "
"memantau perubahan melalui alat file integrity monitoring (FIM) seperti "
"iNotify atau Samhain. Utilitas ini akan mengambil hash dari file target "
"dalam keadaan baik yang diketahui, dan kemudian secara berkala mengambil "
"hash baru dari file tersebut dan membandingkannya dengan hash yang "
"diketahui. Peringatan dapat dibuat jika ditemukan telah dimodifikasi secara "
"tidak terduga."
msgid ""
"One of the primary tasks of the data processing controller is to communicate "
"with the instances it spawns. These instances are provisioned and then "
"configured depending on the framework being used. The communication between "
"the controller and the instances uses :term:`secure shell (SSH)` and HTTP "
"protocols."
msgstr ""
"Salah satu tugas utama pengendali pengolahan data adalah berkomunikasi "
"dengan instance yang ditimbulkannya. Instance ini tersedia dan kemudian "
"dikonfigurasi tergantung pada kerangka yang digunakan. Komunikasi antara "
"controller dan instance menggunakan :term:`secure shell (SSH)`dan protokol "
"HTTP."
msgid ""
"One of the virtues of running instances in a virtualized environment is that "
"it opens up new opportunities for security controls that are not typically "
"available when deploying onto bare metal. There are several technologies "
"that can be applied to the virtualization stack that bring improved "
"information assurance for cloud tenants."
msgstr ""
"Salah satu kebajikan menjalankan instance di lingkungan virtual adalah "
"membuka kesempatan baru untuk kontrol keamanan yang biasanya tidak tersedia "
"saat menggunakan bare metal. Ada beberapa teknologi yang bisa diterapkan "
"pada virtualization stack yang membawa perbaikan kepastian informasi bagi "
"cloud tenant."
msgid ""
"Only the minimum level of access for users and system services is granted. "
"This access is based upon role, responsibility and job function. This "
"security principle of least privilege is written into several international "
"government security policies, such as NIST 800-53 Section AC-6 within the "
"United States."
msgstr ""
"Hanya tingkat akses minimum untuk pengguna dan layanan sistem yang "
"diberikan. Akses ini didasarkan pada peran, tanggung jawab dan fungsi "
"pekerjaan. Prinsip keamanan yang paling tidak istimewa ini ditulis dalam "
"beberapa kebijakan keamanan pemerintah internasional, seperti NIST 800-53 "
"Section AC-6 di Amerika Serikat."
msgid ""
"OpenSCAP is an open source tool which takes SCAP content (XML files that "
"describe security controls) and applies that content to various systems. "
"Most of the available content available today is for Red Hat Enterprise "
"Linux and CentOS, but the tools work on any Linux or Windows system."
msgstr ""
"OpenSCAP adalah alat open source yang mengambil konten SCAP (file XML yang "
"menjelaskan kontrol keamanan) dan menerapkan konten tersebut ke berbagai "
"sistem. Sebagian besar konten yang tersedia saat ini tersedia untuk Red Hat "
"Enterprise Linux dan CentOS, namun alat ini bekerja pada sistem Linux atau "
"Windows manapun."
msgid ""
"OpenStack :term:`Compute service (nova)` provides services to support the "
"management of virtual machine instances at scale, instances that host multi-"
"tiered applications, dev or test environments, \"Big Data\" crunching Hadoop "
"clusters, or high-performance computing."
msgstr ""
"OpenStack :term:`Compute service (nova)` menyediakan layanan untuk mendukung "
"pengelolaan instance mesin virtual dalam skala, instance yang menjadi tuan "
"rumah aplikasi multi-tier, lingkungan dev atau test, pemrosesan (crunching) "
"\"Big Data\" di klaster Hadoop, atau komputasi berperforma tinggi."
msgid "OpenStack API"
msgstr "OpenStack API"
msgid ""
"OpenStack Admin Guide. SPICE Console. `SPICE Console <https://docs.openstack."
"org/admin-guide/compute-remote-console-access.html>`_."
msgstr ""
"OpenStack Admin Guide. SPICE Console. `SPICE Console <https://docs.openstack."
"org/admin-guide/compute-remote-console-access.html>`_."
msgid ""
"OpenStack Block Storage (cinder) is a service that provides software "
"(services and libraries) to self-service manage persistent block-level "
"storage devices. This creates on-demand access to Block Storage resources "
"for use with OpenStack Compute (nova) instances. This creates software-"
"defined storage via abstraction by virtualizing pools of block storage to a "
"variety of back-end storage devices which can be either software "
"implementations or traditional hardware storage products. The primary "
"functions of this is to manage the creation, attaching and detaching of the "
"block devices. The consumer requires no knowledge of the type of back-end "
"storage equipment or where it is located."
msgstr ""
"OpenStack Block Storage (cinder) adalah layanan yang menyediakan perangkat "
"lunak (services and libraries) untuk self-service mengelola perangkat "
"penyimpanan block-level yang tetap. Ini menciptakan akses sesuai permintaan "
"ke sumber Block Storage untuk digunakan dengan instance OpenStack Compute "
"(nova). Ini menciptakan software-defined storage melalui abstraksi dengan "
"virtualizing pool penyimpanan blok ke berbagai perangkat penyimpanan back-"
"end yang dapat berupa implementasi perangkat lunak ataupun produk "
"penyimpanan perangkat keras tradisional. Fungsi utama dari ini adalah "
"mengelola creation, attaching dan detaching perangkat blok. Konsumen tidak "
"memerlukan pengetahuan tentang jenis peralatan penyimpanan back-end atau "
"tentang lokasinya."
msgid ""
"OpenStack Compute has a soft-delete feature, which enables an instance that "
"is deleted to be in a soft-delete state for a defined time period. The "
"instance can be restored during this time period. To disable the soft-delete "
"feature, edit the ``etc/nova/nova.conf`` file and leave the "
"``reclaim_instance_interval`` option empty."
msgstr ""
"OpenStack Compute memiliki fitur soft-delete, yang memungkinkan sebuah "
"instance yang dihapus berada dalam keadaan soft-delete untuk jangka waktu "
"yang ditentukan. Instance dapat dipulihkan selama periode ini. Untuk "
"menonaktifkan fitur soft-delete, edit file ``etc/nova/nova.conf`` dan "
"biarkan opsi ``reclaim_instance_interval``` kosong."
msgid ""
"OpenStack Compute offers a sub-service called nova-conductor which proxies "
"database connections, with the primary purpose of having the nova compute "
"nodes interfacing with nova-conductor to meet data persistence needs as "
"opposed to directly communicating with the database."
msgstr ""
"OpenStack Compute menawarkan sub-service yang disebut nova-conductor yang "
"menghubungkan koneksi database, dengan tujuan utama memiliki nova compute "
"node yang berinteraksi dengan nova-conductor untuk memenuhi kebutuhan "
"persistensi data yang bertentangan dengan komunikasi langsung dengan "
"database."
msgid ""
"OpenStack Compute supports tenant network traffic access controls directly "
"when deployed with the legacy nova-network service, or may defer access "
"control to the OpenStack Networking service."
msgstr ""
"OpenStack Compute mendukung kontrol akses lalu lintas jaringan tenant secara "
"langsung saat digunakan dengan layanan nova-network legacy (lawas), atau "
"dapat menunda kontrol akses ke layanan OpenStack Networking."
msgid ""
"OpenStack Identity service provides ``uuid`` and ``fernet`` as token "
"providers. The ``uuid`` tokens must be persisted and is considered as "
"insecure."
msgstr ""
"Layanan OpenStack Identity menyediakan ``uuid`` dan ``fernet`` sebagai token "
"provider. Token ``uuid`` harus tetap bertahan dan dianggap tidak aman."
msgid "OpenStack Identity: Management"
msgstr "OpenStack Identity: Management"
msgid ""
"OpenStack Image Storage (glance) is a service where users can upload and "
"discover data assets that are meant to be used with other services. This "
"currently includes images and metadata definitions."
msgstr ""
"OpenStack Image Storage (glance) adalah layanan dimana pengguna dapat "
"mengunggah dan menemukan aset data yang dimaksudkan untuk digunakan dengan "
"layanan lainnya. Ini mencakup definisi image dan metadata."
msgid ""
"OpenStack Image service has a delayed delete feature, which will pend the "
"deletion of an image for a defined time period. It is recommended to disable "
"this feature if it is a security concern, by editing the ``etc/glance/glance-"
"api.conf`` file and setting the ``delayed_delete`` option as False."
msgstr ""
"Layanan OpenStack Image memiliki fitur hapus tertunda, yang akan menunggu "
"penghapusan image untuk jangka waktu yang ditentukan. Dianjurkan untuk "
"menonaktifkan fitur ini jika ini adalah masalah keamanan, dengan mengedit "
"file ``etc/glance/glance-api.conf`` dan menetapkan opsi ``delayed_delete`` "
"ke False."
msgid ""
"OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. "
"2014. `OpenStack nova-novnc SSL Configuration <http://lists.openstack.org/"
"pipermail/openstack/2014-February/005357.html>`_"
msgstr ""
"OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. "
"2014. `OpenStack nova-novnc SSL Configuration <http://lists.openstack.org/"
"pipermail/openstack/2014-February/005357.html>`_"
msgid ""
"OpenStack Networking adds a layer of virtualized network services which "
"gives tenants the capability to architect their own virtual networks. "
"Currently, these virtualized services are not as mature as their traditional "
"networking counterparts. Consider the current state of these virtualized "
"services before adopting them as it dictates what controls you may have to "
"implement at the virtualized and traditional network boundaries."
msgstr ""
"OpenStack Networking menambahkan lapisan layanan jaringan virtual yang "
"memberi penyewa kemampuan untuk membuat arsitek jaringan virtual mereka "
"sendiri. Saat ini, layanan virtual ini tidak semewah jaringan jejaring "
"tradisional mereka. Pertimbangkan keadaan saat ini dari layanan virtual ini "
"sebelum mengadopsi mereka karena menentukan kontrol apa yang mungkin harus "
"Anda terapkan di network boundary (batas jaringan) virtual dan tradisional."
msgid ""
"OpenStack Networking allows cloud tenants to manage their guest network "
"configurations. Security concerns with the networking service include "
"network traffic isolation, availability, integrity, and confidentiality."
msgstr ""
"OpenStack Networking memungkinkan penyewa awan mengelola konfigurasi "
"jaringan tamu mereka. Masalah keamanan dengan layanan jaringan meliputi "
"isolasi lalu lintas jaringan, ketersediaan, integritas, dan kerahasiaan."
msgid ""
"OpenStack Networking also supports per-project quotas limit through a quota "
"extension API. To enable per-project quotas, you must set the "
"``quota_driver`` option in ``neutron.conf``."
msgstr ""
"OpenStack Networking juga mendukung batas kuota per proyek melalui API "
"ekstensi kuota. Untuk mengaktifkan kuota per proyek, Anda harus mengatur "
"opsi ``quota_driver`` di ``neutron.conf``."
msgid ""
"OpenStack Networking can employ two different mechanisms for traffic "
"segregation on a per tenant/network combination: VLANs (IEEE 802.1Q tagging) "
"or L2 tunnels using GRE encapsulation. The scope and scale of your OpenStack "
"deployment determines which method you should utilize for traffic "
"segregation or isolation."
msgstr ""
"Jaringan OpenStack dapat menggunakan dua mekanisme yang berbeda untuk "
"segregasi lalu lintas pada kombinasi per tenant/network: VLAN (IEEE 802.1Q "
"tagging) atau L2 tunnel menggunakan enkapsulasi GRE. Ruang lingkup dan skala "
"penyebaran OpenStack Anda menentukan metode mana yang harus Anda gunakan "
"untuk segregasi lalu lintas atau isolasi."
msgid ""
"OpenStack Networking currently supports both GRE and VXLAN encapsulation."
msgstr "OpenStack Networking saat ini mendukung enkapsulasi GRE dan VXLAN."
msgid "OpenStack Networking has the following known limitations:"
msgstr "OpenStack Networking memiliki keterbatasan yang diketahui berikut ini:"
msgid ""
"OpenStack Networking is a standalone service that often deploys several "
"processes across a number of nodes. These processes interact with each other "
"and other OpenStack services. The main process of the OpenStack Networking "
"service is *neutron-server*, a Python daemon that exposes the OpenStack "
"Networking API and passes tenant requests to a suite of plug-ins for "
"additional processing."
msgstr ""
"OpenStack Networking adalah layanan standalone yang sering kali deploy "
"(mengerahkan) beberapa proses ke sejumlah node. Proses ini saling "
"berinteraksi satu sama lain dan layanan OpenStack lainnya. Proses utama "
"layanan OpenStack Networking adalah *neutron-server*, sebuah daemon Python "
"yang mengekspos OpenStack Networking API dan melewati permintaan penyewa ke "
"rangkaian plug-in untuk pemrosesan tambahan."
msgid ""
"OpenStack Networking provides users self services of network resources and "
"configurations. It is important that cloud architects and operators evaluate "
"their design use cases in providing users the ability to create, update, and "
"destroy available network resources."
msgstr ""
"OpenStack Networking menyediakan pengguna layanan jaringan dan sumber daya "
"jaringan. Adalah penting bahwa arsitek dan operator awan mengevaluasi kasus "
"penggunaan desain mereka dalam memberikan pengguna kemampuan untuk membuat, "
"memperbarui, dan menghancurkan sumber daya jaringan yang tersedia."
msgid ""
"OpenStack Networking routers can connect multiple L2 networks, and can also "
"provide a *gateway* that connects one or more private L2 networks to a "
"shared *external* network, such as a public network for access to the "
"Internet."
msgstr ""
"Router OpenStack Networking dapat menghubungkan beberapa jaringan L2, dan "
"juga dapat menyediakan *gateway* yang menghubungkan satu atau beberapa "
"jaringan L2 pribadi ke jaringan *external* bersama, seperti jaringan publik "
"untuk akses ke Internet."
msgid "OpenStack Networking service configuration"
msgstr "Konfigurasi layanan OpenStack Networking"
msgid "OpenStack Networking service placement on physical servers"
msgstr "Penyediaan layanan OpenStack Networking pada server fisik"
msgid ""
"OpenStack Networking supports multiple L3 and DHCP agents with load "
"balancing. However, tight coupling of the location of the virtual machine is "
"not supported. In other words, the default Virtual Machine scheduler will "
"not take the location of the agents into account when creating virtual "
"machines."
msgstr ""
"OpenStack Networking mendukung beberapa agen L3 dan DHCP dengan load "
"balancing. Namun, coupling yang ketat dari lokasi mesin virtual tidak "
"didukung. Dengan kata lain, penjadwal Virtual Machine default tidak akan "
"mempertimbangkan lokasi agen saat membuat mesin virtual."
msgid ""
"OpenStack Networking was designed with a plug-in architecture that provides "
"extensibility of the API through open source community or third-party "
"services. As you evaluate your architectural design requirements, it is "
"important to determine what features are available in OpenStack Networking "
"core services, any additional services that are provided by third-party "
"products, and what supplemental services are required to be implemented in "
"the physical infrastructure."
msgstr ""
"OpenStack Networking dirancang dengan arsitektur plug-in yang memberikan "
"perluasan API melalui komunitas open source atau layanan pihak ketiga. Saat "
"Anda mengevaluasi persyaratan disain arsitektural Anda, penting untuk "
"menentukan fitur apa yang tersedia di layanan inti OpenStack Networking, "
"layanan tambahan yang disediakan oleh produk pihak ketiga, dan layanan "
"tambahan apa yang harus diimplementasikan di infrastruktur fisik."
msgid ""
"OpenStack Object Storage (swift) service provides software that stores and "
"retrieves data over HTTP. Objects (blobs of data) are stored in an "
"organizational hierarchy that offers anonymous read-only access, ACL defined "
"access, or even temporary access. Object Storage supports multiple token-"
"based authentication mechanisms implemented via middleware."
msgstr ""
"Layanan OpenStack Object Storage (swift) menyediakan perangkat lunak yang "
"menyimpan dan mengambil data melalui HTTP. Objek (blobs of data) disimpan "
"dalam hirarki organisasi yang menawarkan akses anonymous read-only, akses "
"yang ditentukan ACL, atau bahkan akses sementara. Object Storage mendukung "
"beberapa mekanisme otentikasi berbasis token yang diimplementasikan melalui "
"middleware."
msgid "OpenStack Object Storage account"
msgstr "Akun OpenStack Object Storage"
msgid "OpenStack Object Storage containers"
msgstr "Kontainer OpenStack Object Storage"
msgid "OpenStack Object Storage objects"
msgstr "Obyek OpenStack Object Storage"
msgid ""
"OpenStack Security Advisories (OSSA) are created by the OpenStack "
"Vulnerability Management Team (VMT). They pertain to security holes in core "
"OpenStack services. More information on the VMT can be found in "
"`Vulnerability Management Process <https://security.openstack.org/vmt-"
"process.html>`_."
msgstr ""
"OpenStack Security Advisories (OSSA) dibuat oleh OpenStack Vulnerability "
"Management Team (VMT). Mereka terkait dengan lubang keamanan di layanan inti "
"OpenStack. Informasi lebih lanjut tentang VMT dapat ditemukan di "
"`Vulnerability Management Process <https://security.openstack.org/vmt-"
"process.html>`_."
msgid "OpenStack Security Guide"
msgstr "Panduan Keamanan OpenStack"
msgid ""
"OpenStack Security Notes (OSSN) are created by the OpenStack Security Group "
"(OSSG) to support the work of the VMT. OSSN address issues in supporting "
"software and common deployment configurations. They are referenced "
"throughout this guide. Security Notes are archived at `OSSN <https://wiki."
"openstack.org/wiki/OSSN>`_."
msgstr ""
"OpenStack Security Notes (OSSN) dibuat oleh OpenStack Security Group (OSSG) "
"untuk mendukung pekerjaan VMT. OSSN mengatasi masalah dalam mendukung "
"perangkat lunak dan konfigurasi penggunaan umum. Mereka dirujuk di seluruh "
"panduan ini. Catatan Keamanan diarsipkan di `OSSN <https://wiki.openstack."
"org/wiki/OSSN>`_."
msgid ""
"OpenStack and the underlying virtualization layers provide for the live "
"migration of images between OpenStack nodes, allowing you to seamlessly "
"perform rolling upgrades of your OpenStack compute nodes without instance "
"downtime. However, live migrations also carry significant risk. To "
"understand the risks involved, the following are the high-level steps "
"performed during a live migration:"
msgstr ""
"OpenStack dan lapisan virtualisasi yang mendasari menyediakan migrasi "
"langsung image antara node OpenStack, yang memungkinkan Anda melakukan "
"upgrade rolling node OpenStack tanpa downtime tanpa batas. Namun, migrasi "
"langsung juga membawa risiko signifikan. Untuk memahami risiko yang "
"terlibat, berikut adalah langkah tingkat tinggi yang dilakukan selama "
"migrasi langsung:"
msgid ""
"OpenStack architects interpret and respond to HIPAA statements, with data "
"encryption remaining a core practice. Currently, this would require any "
"protected health information contained within an OpenStack deployment to be "
"encrypted with industry standard encryption algorithms. Potential future "
"OpenStack projects such as object encryption will facilitate HIPAA "
"guidelines for compliance with the act."
msgstr ""
"Arsitek OpenStack menafsirkan dan menanggapi pernyataan HIPAA, dengan "
"enkripsi data tetap menjadi praktik inti. Saat ini, ini memerlukan informasi "
"kesehatan terlindungi yang terkandung dalam penerapan OpenStack untuk "
"dienkripsi dengan algoritma enkripsi standar industri. Potensi proyek "
"OpenStack masa depan seperti enkripsi objek akan memfasilitasi pedoman HIPAA "
"untuk mematuhi undang-undang tersebut."
msgid ""
"OpenStack can be configured to provide remote desktop console access to "
"instances for tenants and administrators using the Virtual Network Computer "
"(VNC) protocol."
msgstr ""
"OpenStack dapat dikonfigurasi untuk menyediakan akses konsol remote desktop "
"ke beberapa instance penyewa dan administrator menggunakan protokol Virtual "
"Network Computer (VNC)."
msgid ""
"OpenStack components communicate with each other using various protocols and "
"communication might involve sensitive or confidential data. An attacker may "
"try to eavesdrop on the channel in order to get access to sensitive "
"information. Therefore all components must communicate with each other using "
"a secured communication protocol."
msgstr ""
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
"Penyerang dapat mencoba menguping saluran untuk mendapatkan akses ke "
"informasi sensitif. Oleh karena itu semua komponen harus berkomunikasi satu "
"sama lain menggunakan protokol komunikasi yang aman."
msgid ""
"OpenStack components communicate with each other using various protocols and "
"the communication might involve sensitive / confidential data. An attacker "
"may try to eavesdrop on the channel in order to get access to sensitive "
"information. Thus all the components must communicate with each other using "
"a secured communication protocol."
msgstr ""
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
"protokol dan komunikasi mungkin melibatkan data sensitif / rahasia. "
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
"akses ke informasi sensitif. Dengan demikian semua komponen harus saling "
"berkomunikasi menggunakan protokol komunikasi yang aman."
msgid ""
"OpenStack components communicate with each other using various protocols and "
"the communication might involve sensitive or confidential data. An attacker "
"may try to eavesdrop on the channel in order to get access to sensitive "
"information. All components must communicate with each other using a secured "
"communication protocol."
msgstr ""
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
"akses ke informasi sensitif. Semua komponen harus berkomunikasi satu sama "
"lain menggunakan protokol komunikasi aman."
msgid ""
"OpenStack components communicate with each other using various protocols and "
"the communication might involve sensitive or confidential data. An attacker "
"may try to eavesdrop on the channel in order to get access to sensitive "
"information. All the components must communicate with each other using a "
"secured communication protocol."
msgstr ""
"Komponen OpenStack berkomunikasi satu sama lain menggunakan berbagai "
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
"akses ke informasi sensitif. Semua komponen harus berkomunikasi satu sama "
"lain menggunakan protokol komunikasi aman."
msgid ""
"OpenStack components communicate with each other using various protocols and "
"the communication might involve sensitive or confidential data. An attacker "
"may try to eavesdrop on the channel in order to get access to sensitive "
"information. Thus all the components must communicate with each other using "
"a secured communication protocol like HTTPS."
msgstr ""
"Komponen OpenStack berkomunikasi satu sama lain menggunakan berbagai "
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
"akses ke informasi sensitif. Dengan demikian semua komponen harus "
"berkomunikasi satu sama lain menggunakan protokol komunikasi aman seperti "
"HTTPS."
msgid ""
"OpenStack components communicate with each other using various protocols and "
"the communication might involve sensitive or confidential data. An attacker "
"may try to eavesdrop on the channel in order to get access to sensitive "
"information. Thus all the components must communicate with each other using "
"a secured communication protocol."
msgstr ""
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
"Penyerang dapat mencoba menguping saluran untuk mendapatkan akses ke "
"informasi sensitif. Dengan demikian semua komponen harus berkomunikasi satu "
"sama lain menggunakan protokol komunikasi yang aman."
msgid "OpenStack compute node: Management and guest"
msgstr "OpenStack compute node: Management and guest"
msgid "OpenStack dashboard (horizon)"
msgstr "OpenStack dashboard (horizon)"
msgid "OpenStack dashboard: Public and management"
msgstr "OpenStack dashboard: Public and management"
msgid "OpenStack database access model"
msgstr "Model akses database OpenStack"
msgid ""
"OpenStack deployments that store, process, or transmit payment card details "
"are in scope for the PCI-DSS. All OpenStack components that are not properly "
"segmented from systems or networks that handle payment data fall under the "
"guidelines of the PCI-DSS. Segmentation in the context of PCI-DSS does not "
"support multi-tenancy, but rather physical separation (host/network)."
msgstr ""
"Pengerahan OpenStack yang menyimpan, memproses, atau mengirimkan rincian "
"kartu pembayaran berada dalam cakupan PCI-DSS. Semua komponen OpenStack yang "
"tidak tersegmentasi dengan benar dari sistem atau jaringan yang menangani "
"data pembayaran termasuk dalam pedoman PCI-DSS. Segmentasi dalam konteks PCI-"
"DSS tidak mendukung multi-tenancy, melainkan pemisahan fisik (host/network)."
msgid ""
"OpenStack does not support message-level confidence, such as message "
"signing. Consequently, you must secure and authenticate the message "
"transport itself. For high-availability (HA) configurations, you must "
"perform queue-to-queue authentication and encryption."
msgstr ""
"OpenStack tidak mendukung tingkat kepercayaan pesan, seperti penandatanganan "
"pesan. Akibatnya, Anda harus mengamankan dan mengotentikasi transportasi "
"pesan itu sendiri. Untuk konfigurasi high-availability (HA), Anda harus "
"melakukan otentikasi dan enkripsi queue-to-queue."
msgid ""
"OpenStack embraces a modular architecture to provide a set of core services "
"that facilitates scalability and elasticity as core design tenets. This "
"chapter briefly reviews OpenStack components, their use cases and security "
"considerations."
msgstr ""
"OpenStack menganut arsitektur modular untuk menyediakan satu set layanan "
"inti yang memfasilitasi skalabilitas dan elastisitas sebagai prinsip desain "
"inti. Bab ini secara singkat mengulas komponen OpenStack, kasus penggunaan "
"dan pertimbangan keamanan mereka."
msgid ""
"OpenStack endpoints are HTTP services providing APIs to both end-users on "
"public networks and to other OpenStack services on the management network. "
"It is highly recommended that all of these requests, both internal and "
"external, operate over TLS. To achieve this goal, API services must be "
"deployed behind a TLS proxy that can establish and terminate TLS sessions. "
"The following table offers a non-exhaustive list of open source software "
"that can be used for this purpose:"
msgstr ""
"Endpoint OpenStack adalah layanan HTTP yang menyediakan API kepada endpoint "
"di jaringan publik dan layanan OpenStack lainnya di jaringan manajemen. "
"Sangat disarankan agar semua permintaan ini, baik internal maupun eksternal, "
"beroperasi di atas TLS. Untuk mencapai tujuan ini, layanan API harus "
"ditempatkan di belakang proxy TLS yang dapat menetapkan dan menghentikan "
"sesi TLS. Tabel berikut ini menawarkan daftar lengkap perangkat lunak open "
"source yang dapat digunakan untuk tujuan ini:"
msgid ""
"OpenStack has not undergone Common Criteria certification, however many of "
"the available hypervisors have."
msgstr ""
"OpenStack belum mengikuti sertifikasi Common Criteria, namun banyak "
"hypervisor yang tersedia."
msgid ""
"OpenStack is a key enabler in the adoption of cloud technology and has "
"several common deployment use cases. These are commonly known as Public, "
"Private, and Hybrid models. The following sections use the National "
"Institute of Standards and Technology (NIST) `definition of cloud <http://"
"nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf>`__ to "
"introduce these different types of cloud as they apply to OpenStack."
msgstr ""
"OpenStack adalah enabler kunci dalam penerapan teknologi awan dan memiliki "
"beberapa kasus penggunaan umum. Ini umumnya dikenal sebagai model Public, "
"Private, and Hybrid. Bagian berikut menggunakan National Institute of "
"Standards and Technology (NIST) `definition of cloud <http://nvlpubs.nist."
"gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf>`__ untuk "
"mengenalkan berbagai jenis awan ini saat mereka mendaftar ke OpenStack."
msgid ""
"OpenStack is designed to support multitenancy and those tenants will most "
"probably have different data requirements. As a cloud builder or operator, "
"you must ensure your OpenStack environment addresses data privacy concerns "
"and regulations. In this chapter we will address data residency and disposal "
"as it pertains to OpenStack implementations."
msgstr ""
"OpenStack dirancang untuk mendukung multitenancy dan tenant (penyewa) "
"tersebut kemungkinan besar memiliki persyaratan data yang berbeda. Sebagai "
"pembangun atau operator awan, Anda harus memastikan lingkungan OpenStack "
"Anda menangani masalah dan persyaratan privasi data. Dalam bab ini kita akan "
"membahas residensi data dan pembuangan karena berkaitan dengan implementasi "
"OpenStack."
msgid ""
"OpenStack is innovative in many ways however the process used to audit an "
"OpenStack deployment is fairly common. Auditors will evaluate a process by "
"two criteria: Is the control designed effectively and if the control is "
"operating effectively. An understanding of how an auditor evaluates if a "
"control is designed and operating effectively will be discussed in the "
"section called :doc:`understanding-the-audit-process`."
msgstr ""
"OpenStack inovatif dalam banyak hal namun proses yang digunakan untuk "
"mengaudit penyebaran OpenStack cukup umum terjadi. Auditor akan mengevaluasi "
"suatu proses dengan dua kriteria: Apakah pengendalian dirancang secara "
"efektif dan jika pengendaliannya berjalan efektif. Pemahaman tentang "
"bagaimana auditor mengevaluasi jika suatu pengendalian dirancang dan "
"beroperasi secara efektif akan dibahas di bagian yang disebut :doc:"
"`understanding-the-audit-process`."
msgid ""
"OpenStack management relies on out-of-band management interfaces such as the "
"IPMI protocol to access into nodes running OpenStack components. IPMI is a "
"very popular specification to remotely manage, diagnose, and reboot servers "
"whether the operating system is running or the system has crashed."
msgstr ""
"Manajemen OpenStack mengandalkan antarmuka manajemen out-of-band seperti "
"protokol IPMI untuk mengakses node yang menjalankan komponen OpenStack. IPMI "
"adalah spesifikasi yang sangat populer untuk mengelola, mendiagnosis, dan "
"server reboot jarak jauh apakah sistem operasi berjalan atau sistem mogok "
"(crashed)."
msgid "OpenStack management utilities such as nova-manage and glance-manage"
msgstr ""
"Utilitas manajemen OpenStack seperti manajemen nova-manage dan glance-manage"
msgid ""
"OpenStack network node: Management, guest, and possibly public depending "
"upon neutron-plugin in use."
msgstr ""
"OpenStack network node: Management, guest, dan mungkin publik tergantung "
"pada plugin neutron yang digunakan."
msgid ""
"OpenStack operators should strive to provide a certain level of tenant data "
"disposal assurance. Best practices suggest that the operator sanitize cloud "
"system media (digital and non-digital) prior to disposal, release out of "
"organization control or release for reuse. Sanitization methods should "
"implement an appropriate level of strength and integrity given the specific "
"security domain and sensitivity of the information."
msgstr ""
"Operator OpenStack harus berusaha memberikan tingkat jaminan penyewa data "
"tingkat tertentu. Praktik terbaik menunjukkan bahwa operator membersihkan "
"media sistem awan (digital dan non-digital) sebelum dibuang, bebas dari "
"pengendalian organisasi atau pelepasan untuk digunakan kembali. Metode "
"sanitasi harus menerapkan tingkat kekuatan dan integritas yang tepat "
"mengingat domain keamanan dan kepekaan informasi yang spesifik."
msgid ""
"OpenStack provides both public facing and private API endpoints. By default, "
"OpenStack components use the publicly defined endpoints. The recommendation "
"is to configure these components to use the API endpoint within the proper "
"security domain."
msgstr ""
"OpenStack menyediakan endpoint API yang dihadapi publik maupun pribadi. "
"Secara default, komponen OpenStack menggunakan endpoint yang ditentukan "
"secara umum. Rekomendasinya adalah mengkonfigurasi komponen ini untuk "
"menggunakan endpoint API dalam domain keamanan yang tepat."
msgid ""
"OpenStack provides security groups for both hosts and the network to add "
"defense in depth to the virtual machines in a given project. These are "
"similar to host-based firewalls as they allow or deny incoming traffic based "
"on port, protocol, and address, however security group rules are applied to "
"incoming traffic only, while host-based firewall rules are able to be "
"applied to both incoming and outgoing traffic. It is also possible for host "
"and network security group rules to conflict and deny legitimate traffic. We "
"recommend ensuring that security groups are configured correctly for the "
"networking being used. See :ref:`networking-security-groups` in this guide "
"for more detail."
msgstr ""
"OpenStack menyediakan kelompok keamanan untuk kedua host dan jaringan untuk "
"menambahkan pertahanan secara mendalam ke mesin virtual dalam proyek "
"tertentu. Ini mirip dengan firewall berbasis host saat mereka mengizinkan "
"atau menolak lalu lintas masuk berdasarkan port, protokol, dan alamat, namun "
"peraturan kelompok keamanan hanya berlaku untuk lalu lintas masuk, sementara "
"aturan firewall berbasis host dapat diterapkan pada masuk dan masuk lalu "
"lintas keluar. Hal ini juga memungkinkan peraturan kelompok host dan "
"keamanan jaringan bertentangan dan menolak lalu lintas yang sah. Sebaiknya "
"pastikan bahwa kelompok keamanan dikonfigurasi dengan benar untuk jaringan "
"yang sedang digunakan. Lihat :ref: `networking-security-groups` dalam "
"panduan ini untuk detail lebih lanjut."
msgid ""
"OpenStack provides several management interfaces for operators and tenants:"
msgstr ""
"OpenStack menyediakan beberapa antarmuka manajemen untuk operator dan "
"penyewa:"
msgid "OpenStack releases security information through two channels."
msgstr "OpenStack merilis informasi keamanan melalui dua saluran."
msgid "OpenStack security notes"
msgstr "Catatan keamanan OpenStack"
msgid "OpenStack service configuration: Qpid"
msgstr "Konfigurasi layanan OpenStack: Qpid"
msgid "OpenStack service configuration: RabbitMQ"
msgstr "Konfigurasi layanan OpenStack: RabbitMQ"
msgid "OpenStack service database configuration"
msgstr "Konfigurasi database layanan OpenStack"
msgid "OpenStack service overview"
msgstr "Ikhtisar layanan OpenStack"
msgid "OpenStack software components, such as Identity or Compute"
msgstr "Komponen perangkat lunak OpenStack, seperti Identity or Compute"
msgid ""
"OpenStack supports various authentication strategies including noauth, and "
"keystone. If the ``noauth`` strategy is used, then users can interact with "
"OpenStack services without any authentication. This could be a potential "
"risk since an attacker might gain unauthorized access to the OpenStack "
"components. We strongly recommend that all services must be authenticated "
"with keystone using their service accounts."
msgstr ""
"OpenStack mendukung berbagai strategi otentikasi termasuk noauth, dan "
"keystone. Jika strategi ``noauth`` digunakan, pengguna dapat berinteraksi "
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
"OpenStack. Kami sangat menyarankan agar semua layanan harus diotentikasi "
"dengan keystone menggunakan akun layanan mereka."
msgid ""
"OpenStack supports various authentication strategies like ``noauth`` and "
"``keystone``. If the ``noauth`` strategy is used then the users can interact "
"with OpenStack services without any authentication. This could be a "
"potential risk since an attacker might gain unauthorized access to the "
"OpenStack components. We strongly recommend that all services must be "
"authenticated with keystone using their service accounts."
msgstr ""
"OpenStack mendukung berbagai strategi otentikasi seperti ``noauth`` dan "
"``keystone``. Jika strategi ``noauth`` digunakan maka pengguna dapat "
"berinteraksi dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa "
"menjadi risiko potensial karena penyerang bisa mendapatkan akses tidak sah "
"ke komponen OpenStack. Kami sangat menyarankan agar semua layanan harus "
"diotentikasi dengan keystone menggunakan akun layanan mereka."
msgid ""
"OpenStack supports various authentication strategies like noauth and "
"keystone. If the '``noauth``' strategy is used then the users could interact "
"with OpenStack services without any authentication. This could be a "
"potential risk since an attacker might gain unauthorized access to the "
"OpenStack components. Thus it is strongly recommended that all services must "
"be authenticated with keystone using their service accounts."
msgstr ""
"OpenStack mendukung berbagai strategi otentikasi seperti noauth dan "
"keystone. Jika strategi ``noauth``' digunakan maka pengguna dapat "
"berinteraksi dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa "
"menjadi risiko potensial karena penyerang bisa mendapatkan akses tidak sah "
"ke komponen OpenStack. Jadi sangat disarankan agar semua layanan harus "
"diautentikasi dengan keystone menggunakan akun layanan mereka."
msgid ""
"OpenStack supports various authentication strategies like noauth, and "
"keystone. If the noauth strategy is used, then the users could interact with "
"OpenStack services without any authentication. This could be a potential "
"risk since an attacker might gain unauthorized access to the OpenStack "
"components. We strongly recommend that all services must be authenticated "
"with keystone using their service accounts."
msgstr ""
"OpenStack mendukung berbagai strategi otentikasi seperti noauth, dan "
"keystone. Jika strategi noauth digunakan, maka pengguna bisa berinteraksi "
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
"OpenStack. Kami sangat menyarankan agar semua layanan harus diotentikasi "
"dengan keystone menggunakan akun layanan mereka."
msgid ""
"OpenStack supports various authentication strategies like noauth, keystone "
"etc. If the 'noauth' strategy is used then the users could interact with "
"OpenStack services without any authentication. This could be a potential "
"risk since an attacker might gain unauthorized access to the OpenStack "
"components. Thus it is strongly recommended that all services must be "
"authenticated with keystone using their service accounts."
msgstr ""
"OpenStack mendukung berbagai strategi otentikasi seperti noauth, keystone "
"dll. Jika strategi 'noauth' digunakan maka pengguna dapat berinteraksi "
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
"OpenStack. Jadi sangat disarankan agar semua layanan harus diautentikasi "
"dengan keystone menggunakan akun layanan mereka."
msgid ""
"OpenStack supports various authentication strategies like noauth, keystone "
"etc. If the 'noauth' strategy is used then the users could interact with "
"OpenStack services without any authentication. This could be a potential "
"risk since an attacker might gain unauthorized access to the OpenStack "
"components. Thus we strongly recommend that all services must be "
"authenticated with keystone using their service accounts."
msgstr ""
"OpenStack mendukung berbagai strategi otentikasi seperti noauth, keystone "
"dll. Jika strategi 'noauth' digunakan maka pengguna dapat berinteraksi "
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
"OpenStack. Dengan demikian, kami sangat menyarankan agar semua layanan harus "
"diotentikasi dengan keystone menggunakan akun layanan mereka."
msgid "OpenStack vulnerability management team"
msgstr "Tim manajemen kerentanan OpenStack"
msgid ""
"OpenStack's sVirt implementation aspires to protect hypervisor hosts and "
"virtual machines against two primary threat vectors:"
msgstr ""
"Implementasi OpenStack's sVirt bercita-cita untuk melindungi host "
"hypervisor dan mesin virtual terhadap dua vektor ancaman utama:"
msgid "OpenStack-dev mailinglist"
msgstr "Daftar mailing OpenStack-dev"
msgid "OpenStack-discuss mailing list"
msgstr "OpenStack-discuss milis"
msgid ""
"OpenStack.org, OpenStack End User Guide section. 2016. `OpenStack command-"
"line clients overview <https://docs.openstack.org/user-guide/common/"
"cli_overview.html>`__"
msgstr ""
"OpenStack.org, OpenStack End User Guide section. 2016. `OpenStack command-"
"line clients overview <https://docs.openstack.org/user-guide/common/"
"cli_overview.html>`__"
msgid ""
"OpenStack.org, ReleaseNotes/Liberty. 2015. `OpenStack Liberty Release Notes "
"<https://wiki.openstack.org/wiki/ReleaseNotes/Liberty>`__"
msgstr ""
"OpenStack.org, ReleaseNotes/Liberty. 2015. `OpenStack Liberty Release Notes "
"<https://wiki.openstack.org/wiki/ReleaseNotes/Liberty>`__"
msgid ""
"OpenStack.org, Set environment variables using the OpenStack RC file. 2016. "
"`Download and source the OpenStack RC file <https://docs.openstack.org/user-"
"guide/common/cli_set_environment_variables_using_openstack_rc.html#download-"
"and-source-the-openstack-rc-file>`__"
msgstr ""
"OpenStack.org, Set environment variables using the OpenStack RC file. 2016. "
"`Download and source the OpenStack RC file <https://docs.openstack.org/user-"
"guide/common/cli_set_environment_variables_using_openstack_rc.html#download-"
"and-source-the-openstack-rc-file>`__"
msgid ""
"OpenStack.org, Welcome to Sahara!. 2016. `Sahara project documentation "
"<https://docs.openstack.org/sahara/latest/>`__"
msgstr ""
"OpenStack.org, Welcome to Sahara!. 2016. `Sahara project documentation "
"<https://docs.openstack.org/sahara/latest/>`__"
msgid ""
"OpenStack.org, Welcome to barbican's Developer Documentation!. 2014. "
"`Barbican developer documentation <https://docs.openstack.org/barbican/"
"latest/>`__"
msgstr ""
"OpenStack.org, Welcome to barbican's Developer Documentation!. 2014. "
"`Barbican developer documentation <https://docs.openstack.org/barbican/"
"latest/>`__"
msgid ""
"Operating system events on the OpenStack service machines such as user "
"logins or restarts also provide valuable insight into proper and improper "
"usage of systems."
msgstr ""
"Event sistem operasi pada mesin layanan OpenStack seperti login pengguna "
"atau restart juga memberikan wawasan berharga tentang penggunaan sistem yang "
"tepat dan tidak tepat."
msgid ""
"Operators protect sensitive information in cloud deployments by using "
"various applications of cryptography. For example, encrypting data at rest "
"or signing an image to prove that it has not been tampered with. In all "
"cases, these cryptographic capabilities require some sort of *key material* "
"in order to operate."
msgstr ""
"Operator melindungi informasi sensitif dalam penyebaran awan dengan "
"menggunakan berbagai aplikasi kriptografi. Misalnya, mengenkripsi data saat "
"istirahat atau menandatangani gambar untuk membuktikan bahwa foto itu tidak "
"dirusak. Dalam semua kasus, kemampuan kriptografi ini memerlukan semacam "
"*key material* agar bisa beroperasi."
msgid "Opportunities to encrypt data for users are present:"
msgstr "Kesempatan mengenkripsi data untuk pengguna sekarang:"
msgid "Option ROM code"
msgstr "Opsi kode ROM"
msgid "Option ROM configuration and data"
msgstr "Pilihan konfigurasi dan data ROM"
msgid ""
"Optionally, if using SASL with Qpid specify the SASL mechanisms in use by "
"adding:"
msgstr ""
"Opsional, jika menggunakan SASL dengan Qpid tentukan mekanisme SASL yang "
"digunakan dengan menambahkan:"
msgid ""
"Optionally, if you wish to restrict the set of SSL ciphers used for the "
"encrypted connection. See `ciphers <https://www.openssl.org/docs/manmaster/"
"man1/ciphers.html>`_ for a list of ciphers and the syntax for specifying the "
"cipher string:"
msgstr ""
"Opsional, jika Anda ingin membatasi sekumpulan ciphers SSL yang digunakan "
"untuk koneksi terenkripsi. Lihat `ciphers <https://www.openssl.org/docs/"
"manmaster/man1/ciphers.html>`_ untuk daftar ciphers dan sintaks untuk "
"menentukan string cipher:"
msgid "Orchestration"
msgstr "Orchestration"
msgid "Organization name"
msgstr "Nama Organisasi"
msgid ""
"Organizations may desire to implement external authentication for "
"compatibility with existing authentication services or to enforce stronger "
"authentication policy requirements. Although passwords are the most common "
"form of authentication, they can be compromised through numerous methods, "
"including keystroke logging and password compromise. External authentication "
"services can provide alternative forms of authentication that minimize the "
"risk from weak passwords."
msgstr ""
"Organisasi mungkin ingin menerapkan otentikasi eksternal untuk "
"kompatibilitas dengan layanan autentikasi yang ada atau untuk menerapkan "
"persyaratan kebijakan otentikasi yang lebih kuat. Meskipun password adalah "
"bentuk otentikasi yang paling umum, namun dapat dikompromikan melalui banyak "
"metode, termasuk logging keystroke dan kompromi kata sandi. Layanan "
"otentikasi eksternal dapat memberikan bentuk otentikasi alternatif yang "
"meminimalkan risiko dari lemahnya kata kunci."
msgid ""
"Other events that are actionable are networking bridges going down, ip "
"tables being flushed on compute nodes and consequential loss of access to "
"instances resulting in unhappy customers."
msgstr ""
"Event lain yang dapat ditindaklanjuti adalah jaringan jembatan yang mati, "
"tabel ip disiram (flushed) pada node perhitungan dan hilangnya akses "
"terhadap instance yang mengakibatkan pelanggan yang tidak bahagia."
msgid "Other notable items"
msgstr "Barang penting lainnya"
msgid ""
"Other solutions exist including KeyWhiz, Confidant, Conjur, EJSON, Knox and "
"Red October, however it is outside the scope of this document to cover every "
"Key Manager available."
msgstr ""
"Solusi lain ada termasuk KeyWhiz, Confidant, Conjur, EJSON, Knox dan Red "
"October, namun berada di luar cakupan dokumen ini untuk mencakup setiap Key "
"Manager yang ada."
msgid "Other supporting technology"
msgstr "Teknologi pendukung lainnya"
msgid "Others (KVM, and more):"
msgstr "Lainnya (KVM, dan lainnya):"
msgid ""
"Out of band management interfaces also often include graphical machine "
"console access. It is often possible, although not necessarily default, that "
"these interfaces are encrypted. Consult with your system software "
"documentation for encrypting these interfaces."
msgstr ""
"Antarmuka manajemen Out of band juga sering menyertakan akses konsol mesin "
"grafis. Hal ini sering mungkin, meski belum tentu default, bahwa interface "
"ini dienkripsi. Konsultasikan dengan dokumentasi perangkat lunak sistem Anda "
"untuk mengenkripsi antarmuka ini."
msgid "Out-of-band management interface"
msgstr "Antarmuka manajemen out-of-band"
msgid "Out-of-band management interfaces, such as IPMI"
msgstr "Antarmuka manajemen out-of-band, seperti IPMI"
msgid "Outbound attacks and reputational risk"
msgstr "Serangan outbound dan risiko reputasi"
msgid "Overlapping IP addresses"
msgstr "Alamat IP yang tumpang tindih"
msgid "Overview"
msgstr "Ikhtisar"
msgid "PCI-DSS"
msgstr "PCI-DSS"
msgid "PCI-SIG I/O virtualization"
msgstr "Virtualisasi PCI-SIG I/O"
msgid "PCR-00"
msgstr "PCR-00"
msgid "PCR-01"
msgstr "PCR-01"
msgid "PCR-02"
msgstr "PCR-02"
msgid "PCR-03"
msgstr "PCR-03"
msgid "PCR-04"
msgstr "PCR-04"
msgid "PCR-05"
msgstr "PCR-05"
msgid "PCR-06"
msgstr "PCR-06"
msgid "PCR-07"
msgstr "PCR-07"
msgid "PCR-08"
msgstr "PCR-08"
msgid "PCR-09"
msgstr "PCR-09"
msgid "PCR-10 to PCR-23"
msgstr "PCR-10 to PCR-23"
msgid "PKCS#11 crypto plugin"
msgstr "Plugin kripto PKCS # 11"
msgid "PKI and PKIZ tokens"
msgstr "Token PKI dan PKIZ"
msgid ""
"PKI and PKIZ tokens are deprecated and not supported in Ocata. They are "
"nearly identical and share the same payload. They are signed documents that "
"contain the authentication content, as well as the service catalog. "
"Depending on the size of the OpenStack deployment, PKI tokens can be very "
"long. PKI and PKIZ tokens typically exceed 1600 bytes length. The length of "
"a PKI or PKIZ token is dependent on the size of the deployment. Bigger "
"service catalogs will result in longer token lengths. The Identity service "
"uses public and private key pairs and certificates in order to create and "
"validate these tokens. The difference between the two is PKIZ tokens are "
"compressed to help mitigate the size issues of PKI."
msgstr ""
"Token PKI dan PKIZ sudah tidak berlaku lagi dan tidak didukung di Ocata. "
"Mereka hampir identik dan berbagi muatan yang sama. Mereka menandatangani "
"dokumen yang berisi konten otentikasi, serta katalog layanan. Bergantung "
"pada ukuran penyebaran OpenStack, token PKI bisa sangat panjang. Token PKI "
"dan PKIZ biasanya melebihi 1600 byte. Panjang token PKI atau PKIZ tergantung "
"pada ukuran penyebarannya. Katalog layanan yang lebih besar akan "
"menghasilkan panjang token yang lebih panjang. Layanan Identity menggunakan "
"pasangan kunci publik dan private dan sertifikat untuk membuat dan "
"memvalidasi token ini. Perbedaan antara keduanya adalah token PKIZ dikompres "
"untuk membantu mengurangi masalah ukuran PKI."
msgid ""
"PKI builds the framework on which to provide encryption algorithms, cipher "
"modes, and protocols for securing data and authentication. We strongly "
"recommend securing all services with Public Key Infrastructure (PKI), "
"including the use of TLS for API endpoints. It is impossible for the "
"encryption or signing of transports or messages alone to solve all these "
"problems. Hosts themselves must be secure and implement policy, namespaces, "
"and other controls to protect their private credentials and keys. However, "
"the challenges of key management and protection do not reduce the necessity "
"of these controls, or lessen their importance."
msgstr ""
"PKI membangun kerangka kerja untuk menyediakan algoritma enkripsi, mode "
"cipher, dan protokol untuk mengamankan data dan otentikasi. Kami sangat "
"menyarankan untuk mengamankan semua layanan dengan Public Key Infrastructure "
"(PKI), termasuk penggunaan TLS untuk API endpoint. Tidak mungkin untuk "
"enkripsi atau penandatanganan transport atau pesan saja untuk menyelesaikan "
"semua masalah ini. Host sendiri harus aman dan menerapkan kebijakan, ruang "
"nama, dan kontrol lainnya untuk melindungi kredensial dan kunci pribadi "
"mereka. Namun, tantangan pengelolaan dan perlindungan utama tidak mengurangi "
"perlunya pengendalian ini, atau mengurangi kepentingan mereka."
msgid "PRIVATE(data network)"
msgstr "PRIVATE(data network)"
msgid "PUBLIC"
msgstr "PUBLIC"
msgid ""
"Password management applications such as `KeePassX <http://www.keepassx."
"org>`_ and `Password Safe <http://www.pwsafe.org>`_ can be useful as most "
"support the generation of strong passwords and periodic reminders to "
"generate new passwords. Most importantly, the password store remains "
"unlocked only briefly, which reduces the risk of password exposure and "
"unauthorized resource access through browser or system compromise."
msgstr ""
"Aplikasi manajemen password seperti `KeePassX <http://www.keepassx.org>` _ "
"dan `Password Safe <http://www.pwsafe.org>` _ dapat berguna karena sebagian "
"besar mendukung pembuatan kata kunci yang kuat dan berkala. Pengingat untuk "
"menghasilkan password baru. Yang terpenting, penyimpanan kata sandi tetap "
"tidak terkunci hanya sebentar, yang mengurangi risiko pembongkaran kata "
"sandi dan akses sumber yang tidak sah melalui browser atau membahayakan "
"(compromise) sistem."
msgid ""
"Password management should be an integral part of your cloud administration "
"plan. A definitive tutorial about passwords is beyond the scope of this "
"book; however, cloud administrators should refer to the best practices "
"recommended in Chapter 4 of NIST Special Publication `Guide to Enterprise "
"Password Management <http://csrc.nist.gov/publications/drafts/800-118/draft-"
"sp800-118.pdf>`_."
msgstr ""
"Manajemen kata sandi harus menjadi bagian integral dari rencana administrasi "
"awan Anda. Tutorial definitif tentang kata sandi berada di luar cakupan buku "
"ini; Namun, administrator awan harus mengacu pada praktik terbaik yang "
"direkomendasikan di Chapter 4 of NIST Special Publication `Guide to "
"Enterprise Password Management <http://csrc.nist.gov/publications/"
"drafts/800-118/draft-sp800-118.pdf > `_."
msgid "Password policy enforcement"
msgstr "Penegakan kebijakan password"
msgid "Passwords"
msgstr "Password (kata sandi)"
msgid "Passwords in Config Files"
msgstr "Password di File Config"
msgid "Paste and middleware"
msgstr "Tempel dan middleware"
msgid ""
"Per-instance or per-object encryption is preferable over, in descending "
"order, per-project, per-tenant, per-host, and per-cloud aggregations. This "
"recommendation is inverse to the complexity and difficulty of "
"implementation. Presently, in some projects it is difficult or impossible to "
"implement encryption as loosely granular as even per-tenant. We recommend "
"implementors make a best-effort in encrypting tenant data."
msgstr ""
"Enkripsi per-instance atau per-object lebih disukai, dalam urutan menurun, "
"agregat per-project, per-tenant, per-host, dan per-cloud. Rekomendasi ini "
"bertentangan dengan kompleksitas dan kesulitan pelaksanaannya. Saat ini, "
"dalam beberapa proyek sulit atau tidak mungkin menerapkan enkripsi seperti "
"granulasi longgar bahkan per-tenant. Sebaiknya pelaksana melakukan upaya "
"terbaik dalam mengenkripsi data penyewa."
msgid "Perfect forward secrecy"
msgstr "Kerahasiaan maju yang sempurna"
msgid "Performing Federation authentication"
msgstr "Melakukan otentikasi Federation"
msgid ""
"Periodic access and log reviews are required to ensure authentication, "
"authorization, and accountability in a service deployment. Specific guidance "
"for OpenStack on these topics are discussed in-depth in :ref:`monitoring-and-"
"logging`."
msgstr ""
"Akses berkala dan tinjauan log diperlukan untuk memastikan otentikasi, "
"otorisasi, dan akuntabilitas dalam penyebaran layanan. Petunjuk khusus untuk "
"OpenStack mengenai topik ini dibahas secara mendalam di :ref:`monitoring-and-"
"logging`."
msgid ""
"Permissions for API calls for different users and their roles are determined "
"by :ref:`policies <shared_fs_policies>` like in other OpenStack services."
msgstr ""
"Izin untuk panggilan API untuk pengguna yang berbeda dan peran mereka "
"ditentukan oleh :ref:`policies <shared_fs_policies>` seperti di layanan "
"OpenStack lainnya."
msgid "Phases of an audit"
msgstr "Tahapan audit"
msgid "Physical hardware (PCI passthrough)"
msgstr "Perangkat keras fisik (passthrough PCI)"
msgid ""
"Places values on the stack and verifies their presence to help prevent "
"buffer overflow attacks."
msgstr ""
"Tempatkan nilai pada stack dan verifikasi keberadaan mereka untuk membantu "
"mencegah serangan buffer overflow."
msgid "Platform specific"
msgstr "Platform specific"
msgid "Platform specific, often Initramfs"
msgstr "Platform specific, often Initramfs"
msgid "Platform specific, often kernel, kernel extensions, and drivers"
msgstr "Platform specific, often kernel, kernel extensions, dan drivers"
msgid ""
"Plug-ins other than Open vSwitch may also include similar mitigation "
"measures; it is recommended you enable this feature, where appropriate."
msgstr ""
"Plug-in selain Open vSwitch mungkin juga mencakup langkah-langkah mitigasi "
"yang serupa; Sebaiknya aktifkan fitur ini, bila sesuai."
msgid "Policies"
msgstr "Kebijakan"
msgid "Policy changes"
msgstr "Perubahan kebijakan"
msgid "Port"
msgstr "Port"
msgid ""
"Port mirroring service involves sending a copy of packets entering or "
"leaving one port to another port, which is usually different from the "
"original destinations of the packets being mirrored. Tap-as-a-Service (TaaS) "
"is an extension to the OpenStack networking service (neutron). It provides "
"remote port mirroring capability for tenant virtual networks. This service "
"has been primarily designed to help tenants (or the cloud administrator) "
"debug complex virtual networks and gain visibility into their VMs, by "
"monitoring the network traffic associated with them. TaaS honors tenant "
"boundaries and its mirror sessions are capable of spanning across multiple "
"compute and network nodes. It serves as an essential infrastructure "
"component that can be utilized for supplying data to a variety of network "
"analytics and security applications."
msgstr ""
"Layanan mirroring port melibatkan pengiriman salinan paket yang masuk atau "
"meninggalkan satu port ke port lain, yang biasanya berbeda dari tujuan asli "
"dari paket yang dicerminkan. Tap-as-a-Service (TaaS) merupakan perpanjangan "
"layanan jaringan OpenStack (neutron). Ini menyediakan kemampuan mirroring "
"port jarak jauh untuk jaringan virtual penyewa. Layanan ini dirancang "
"terutama untuk membantu administrator jaringan penyewa (atau administrator "
"awan) debug kompleks dan mendapatkan visibilitas ke VM mereka, dengan "
"memantau lalu lintas jaringan yang terkait dengannya. TaaS menghormati batas "
"penyewa dan sesi cerminnya mampu mencakup beberapa node komputasi dan "
"jaringan. Ini berfungsi sebagai komponen infrastruktur penting yang dapat "
"digunakan untuk memasok data ke berbagai analisis jaringan dan aplikasi "
"keamanan."
msgid "Ports"
msgstr "Ports"
msgid "Position Independent Executable (PIE)"
msgstr "Position Independent Executable (PIE)"
msgid "PostgreSQL SSL configuration"
msgstr "Konfigurasi SSL PostgreSQL"
msgid ""
"PostgreSQL has a number of desirable security features such as Kerberos "
"authentication, object-level security, and encryption support. The "
"PostgreSQL community has done well to provide solid guidance, documentation, "
"and tooling to promote positive security practices."
msgstr ""
"PostgreSQL memiliki sejumlah fitur keamanan yang diinginkan seperti "
"otentikasi Kerberos, keamanan object-leve, dan dukungan enkripsi. Komunitas "
"PostgreSQL telah berhasil menyediakan panduan, dokumentasi, dan perkakas "
"yang solid untuk mempromosikan praktik keamanan yang positif."
msgid "PostgreSQL:"
msgstr "PostgreSQL:"
msgid "Pound"
msgstr "Pound"
msgid ""
"Pre-Kilo releases will require a TLS proxy as the controller does not allow "
"direct TLS connections. Configuring TLS proxies is covered in :doc:`../"
"secure-communication/tls-proxies-and-http-services`, and we recommend "
"following the advice there to create this type of installation."
msgstr ""
"Rilis Pre-Kilo akan memerlukan proxy TLS karena pengontrol tidak mengizinkan "
"koneksi TLS langsung. Mengkonfigurasi proxy TLS tercakup dalam :doc:`../"
"secure-communication/tls-proxies-and-http-services`, dan sebaiknya ikuti "
"saran di sana untuk membuat jenis instalasi ini."
msgid "Prepare for external audit"
msgstr "Siapkan audit eksternal"
msgid ""
"Prevention is possible by using an external authentication system that "
"blocks out an account after some configured number of failed login attempts. "
"The account then may only be unlocked with further side-channel intervention."
msgstr ""
"Pencegahan dimungkinkan dengan menggunakan sistem otentikasi eksternal yang "
"memblokir akun setelah beberapa percobaan gagal masuk gagal. Akun itu "
"mungkin hanya dibuka dengan intervensi side-channel lebih lanjut."
msgid "Primary users and use-cases"
msgstr "Pengguna utama dan use-cases"
msgid ""
"Prior to configuring roles, groups, and users, document your required access "
"control policies for the OpenStack installation. The policies should be "
"consistent with any regulatory or legal requirements for the organization. "
"Future modifications to the access control configuration should be done "
"consistently with the formal policies. The policies should include the "
"conditions and processes for creating, deleting, disabling, and enabling "
"accounts, and for assigning privileges to the accounts. Periodically review "
"the policies and ensure that the configuration is in compliance with "
"approved policies."
msgstr ""
"Sebelum mengkonfigurasi peran, kelompok, dan pengguna, dokumentasikan "
"kebijakan kontrol akses yang diperlukan untuk instalasi OpenStack. Kebijakan "
"harus konsisten dengan peraturan atau persyaratan hukum untuk organisasi. "
"Modifikasi kontrol konfigurasi akses harus dilakukan secara konsisten dengan "
"kebijakan formal. Kebijakan harus mencakup kondisi dan proses untuk membuat, "
"menghapus, melumpuhkan (disabling), dan mengaktifkan akun, dan menetapkan "
"hak istimewa ke akun. Tinjau ulang kebijakan secara berkala dan pastikan "
"konfigurasi tersebut sesuai dengan kebijakan yang disetujui."
msgid "Privacy"
msgstr "Privasi"
msgid ""
"Privacy concerns for public and private cloud users are typically "
"diametrically opposed. The data generated and stored in private clouds is "
"normally owned by the operator of the cloud, who is able to deploy "
"technologies such as :term:`data loss prevention (DLP) <Data loss prevention "
"(DLP) software>` protection, file inspection, deep packet inspection and "
"prescriptive firewalling. In contrast, privacy is one of the primary "
"barriers for the adoption of public cloud infrastructures, as many of the "
"previously mentioned controls do not exist."
msgstr ""
"Masalah privasi untuk pengguna awan publik dan private biasanya bertentangan "
"secara diametris. Data yang dihasilkan dan disimpan di awan private biasanya "
"dimiliki oleh operator awan, yang mampu menerapkan teknologi seperti "
"proteksi:term:`data loss prevention (DLP) <Data loss prevention (DLP) "
"software>`, pemeriksaan berkas , inspeksi paket yang dalam dan firewall "
"preskriptif. Sebaliknya, privasi adalah salah satu penghalang utama untuk "
"adopsi infrastruktur awan publik, karena banyak kontrol yang telah "
"disebutkan sebelumnya tidak ada."
msgid ""
"Privacy is an increasingly important element of a compliance program. "
"Businesses are being held to a higher standard by their customers, who have "
"increased interest in understanding how their data is treated from a privacy "
"perspective."
msgstr ""
"Privasi adalah elemen yang semakin penting dari program kepatuhan. Bisnis "
"dipegang dengan standar yang lebih tinggi oleh pelanggan mereka, yang telah "
"meningkatkan minat untuk memahami bagaimana data mereka diperlakukan dari "
"perspektif privasi."
msgid "Private cloud"
msgstr "Awan pribadi"
msgid ""
"Private clouds are typically deployed by enterprises or institutions inside "
"their networks and behind their firewalls. Enterprises will have strict "
"policies on what data is allowed to exit their network and may even have "
"different clouds for specific purposes. Users of a private cloud are "
"typically employees of the organization that owns the cloud and are able to "
"be held accountable for their actions. Employees often attend training "
"sessions before accessing the cloud and will likely take part in regularly "
"scheduled security awareness training. Public clouds by contrast cannot make "
"any assertions about their users, cloud use-cases or user motivations. This "
"immediately pushes the guest security domain into a completely *untrusted* "
"state for public cloud providers."
msgstr ""
"Awan private biasanya digunakan oleh perusahaan atau institusi di dalam "
"jaringan mereka dan di balik firewall mereka. Perusahaan akan memiliki "
"kebijakan yang tegas mengenai data yang diizinkan keluar dari jaringan "
"mereka dan mungkin juga memiliki awan yang berbeda untuk tujuan tertentu. "
"Pengguna awan private biasanya adalah karyawan organisasi yang memiliki awan "
"dan dapat dimintai pertanggungjawaban atas tindakan mereka. Karyawan sering "
"menghadiri sesi pelatihan sebelum mengakses awan dan kemungkinan akan "
"mengikuti pelatihan kesadaran keamanan terjadwal secara reguler. Sebaliknya "
"awan publik tidak dapat membuat pernyataan tentang pengguna mereka, kasus "
"penggunaan awan atau motivasi pengguna. Ini segera mendorong domain keamanan "
"tamu (guest security domain) ke status *untrusted * sepenuhnya untuk "
"penyedia awan publik."
msgid ""
"Privilege Escalation describes the ability of a user to act with the "
"privileges of some other user in a system, bypassing appropriate "
"authorization checks. A guest user performing an operation that allows them "
"to conduct unauthorized operations with the privileges of an administrator "
"is an example of this type of vulnerability."
msgstr ""
"Privilege Escalation menggambarkan kemampuan pengguna untuk bertindak dengan "
"hak istimewa beberapa pengguna lain dalam sebuah sistem, melewati "
"pemeriksaan otorisasi yang tepat. Pengguna tamu yang melakukan operasi yang "
"memungkinkan mereka melakukan operasi yang tidak sah dengan hak istimewa "
"administrator adalah contoh jenis kerentanan ini."
msgid "Privilege elevation (1 level)"
msgstr "Privilege elevation (1 tingkat)"
msgid "Privilege elevation (2 levels)"
msgstr "Privilege elevation (2 tingkat)"
msgid "Privilege elevation (3 levels)"
msgstr "Privilege elevation (3 tingkat)"
msgid ""
"Privilege separation (OpenStack service processes should not have direct "
"access to private keys used for SSL/TLS)."
msgstr ""
"Pemisahan hak istimewa (proses layanan OpenStack seharusnya tidak memiliki "
"akses langsung ke kunci privat yang digunakan untuk SSL/TLS)."
msgid "Privileges"
msgstr "Hak istimewa"
msgid ""
"Produces a position independent executable, which is necessary for ASLR."
msgstr ""
"Menghasilkan posisi independent executable, yang diperlukan untuk ASLR."
msgid "Product or project maturity"
msgstr "Kematangan produk atau proyek"
msgid "Project description and purpose"
msgstr "Uraian dan tujuan proyek"
msgid "Project network services workflow"
msgstr "Alur kerja layanan jaringan proyek"
msgid "Promote privacy"
msgstr "Promosikan privasi"
msgid "Protected data transfer"
msgstr "Transfer data terlindungi"
msgid "Protected data transfer, protection for data at rest"
msgstr "Transfer data terlindungi, perlindungan data saat istirahat"
msgid "Protection for data at rest, identification and authentication"
msgstr "Perlindungan untuk data saat istirahat, identifikasi dan otentikasi"
msgid "Protection of data at rest"
msgstr "Perlindungan data saat istirahat"
msgid "Protection of data at rest, protected data transfer"
msgstr "Perlindungan data saat istirahat, transfer data yang terlindungi"
msgid "Protocol"
msgstr "Protocol"
msgid "Protocols"
msgstr "Protocols"
msgid ""
"Protocols are enabled/disabled through SSL_CTX_set_options. We recommend "
"disabling SSLv2/v3 and enabling TLS."
msgstr ""
"Protokol diaktifkan/dinonaktifkan melalui SSL_CTX_set_options. Sebaiknya "
"nonaktifkan SSLv2/v3 dan aktifkan TLS."
msgid "Provide guidance to secure your OpenStack deployment"
msgstr "Berikan panduan untuk mengamankan penyebaran OpenStack Anda"
msgid "Provide storage capacity or virtual machines for your cloud."
msgstr "Menyediakan kapasitas penyimpanan atau mesin virtual untuk awan Anda."
msgid ""
"Provides DHCP services to tenant networks. This agent is the same across all "
"plug-ins and is responsible for maintaining DHCP configuration. The *neutron-"
"dhcp-agent* requires message queue access. *Optional depending on plug-in.*"
msgstr ""
"Menyediakan layanan DHCP ke jaringan penyewa. Agen ini sama di semua plug-in "
"dan bertanggung jawab untuk menjaga konfigurasi DHCP. The *neutron-dhcp-"
"agent* memerlukan akses antrian pesan. *Optional depending on plug-in.*"
msgid ""
"Provides L3/NAT forwarding for external network access of VMs on tenant "
"networks. Requires message queue access. *Optional depending on plug-in.*"
msgstr ""
"Menyediakan forwarding L3/NAT untuk akses jaringan eksternal VM pada "
"jaringan penyewa. Memerlukan akses antrian pesan. *Optional depending on "
"plug-in.*"
msgid ""
"Provides additional networking services to tenant networks. These SDN "
"services may interact with *neutron-server*, *neutron-plugin*, and plugin-"
"agents through communication channels such as REST APIs."
msgstr ""
"Menyediakan layanan jaringan tambahan untuk jaringan penyewa. Layanan SDN "
"ini dapat berinteraksi dengan *neutron-server*, *neutron-plugin*, dan plugin-"
"agents melalui saluran komunikasi seperti REST API."
msgid ""
"Provisioning new identities often incurs some security risk. It is difficult "
"to secure credential storage and to deploy it with proper policies. A common "
"identity store is useful as it can be set up properly once and used in "
"multiple places. With Federated Identity, there is no longer a need to "
"provision user entries in Identity service, since the user entries already "
"exist in the IdP's databases."
msgstr ""
"Penyediaan identitas baru sering menimbulkan beberapa risiko keamanan. Sulit "
"untuk mengamankan penyimpanan kredensial dan menerapkannya dengan kebijakan "
"yang tepat. Identity store umum berguna karena dapat disiapkan dengan benar "
"sekali dan digunakan di banyak tempat. Dengan Federasi Identity, tidak ada "
"lagi kebutuhan untuk menyediakan entri pengguna di layanan Identity, karena "
"entri pengguna sudah ada di database IdP."
msgid "Proxy domains"
msgstr "Domain proxy"
msgid "Proxy services"
msgstr "Layanan Proxy"
msgid "Public"
msgstr "Publik"
msgid ""
"Public Key Infrastructure (PKI) is the framework for securing communication "
"in a network. It consists of a set of systems and processes to ensure "
"traffic can be sent securely while validating the identity of the parties. "
"The PKI profile described here is the Internet Engineering Task Force (:term:"
"`IETF`) Public Key Infrastructure (PKIX) profile developed by the PKIX "
"working group. The core components of PKI are:"
msgstr ""
"Public Key Infrastructure (PKI) adalah kerangka kerja untuk mengamankan "
"komunikasi dalam jaringan. Ini terdiri dari seperangkat sistem dan proses "
"untuk memastikan lalu lintas dapat dikirim dengan aman sambil memvalidasi "
"identitas para pihak. Profil PKI yang dijelaskan di sini adalah Internet "
"Engineering Task Force (:term:`IETF`) profil Public Key Infrastructure "
"(PKIX) yang dikembangkan oleh kelompok kerja PKIX. Komponen inti PKI adalah:"
msgid "Public and private cloud considerations"
msgstr "Pertimbangan awan publik dan private"
msgid ""
"Public and private cloud providers that do not have stringent controls on "
"instance use or allow unrestricted internet access to VMs should consider "
"this domain to be *untrusted*. Private cloud providers may want to consider "
"this network as internal and *trusted* only if the proper controls are "
"implemented to assert that the instances and all associated tenants are to "
"be trusted."
msgstr ""
"Penyedia awan publik dan private yang tidak memiliki kontrol ketat saat "
"menggunakan atau mengizinkan akses internet yang tidak terbatas ke VMs harus "
"menganggap domain ini sebagai *untrusted*. Penyedia awan private mungkin "
"ingin menganggap jaringan ini sebagai internal dan *trusted* hanya jika "
"kontrol yang tepat diterapkan untuk memastikan bahwa instance dan semua "
"penyewa yang terkait harus dipercaya."
msgid "Public cloud"
msgstr "Awan publik"
msgid "Public keys for Compute access"
msgstr "Public key untuk akses Compute"
msgid "Puppet"
msgstr "Puppet"
msgid "Purpose"
msgstr "Purpose"
msgid "Qpid"
msgstr "Qpid"
msgid "Qpid server SSL configuration"
msgstr "Konfigurasi SSL server Qpid"
msgid "Quality of Service (QoS)"
msgstr "Quality of Service (QoS)"
msgid "Queue authentication and access control"
msgstr "Antrian otentikasi dan kontrol akses"
msgid ""
"Queue servers should only accept connections from the management network. "
"This applies to all implementations. This should be implemented through "
"configuration of services and optionally enforced through global network "
"policy."
msgstr ""
"Server antrian seharusnya hanya menerima koneksi dari jaringan manajemen. "
"Ini berlaku untuk semua implementasi. Ini harus dilaksanakan melalui "
"konfigurasi layanan dan secara opsional ditegakkan melalui kebijakan "
"jaringan global."
msgid "Quotas"
msgstr "Kuota-kuota"
msgid ""
"Quotas provide the ability to limit the number of network resources "
"available to projects. You can enforce default quotas for all projects. The "
"``/etc/neutron/neutron.conf`` includes these options for quota:"
msgstr ""
"Kuota memberikan kemampuan untuk membatasi jumlah sumber daya jaringan yang "
"tersedia untuk proyek. Anda dapat menerapkan kuota default untuk semua "
"proyek. The ``/etc/neutron/neutron.conf`` menyertakan opsi ini untuk kuota:"
msgid "RELocation Read-Only (RELRO)"
msgstr "RELocation Read-Only (RELRO)"
msgid "RPM packages:"
msgstr "Paket RPM:"
msgid "RSA"
msgstr "RSA"
msgid "RabbitMQ"
msgstr "RabbitMQ"
msgid ""
"RabbitMQ and Qpid offer authentication and access control mechanisms for "
"controlling access to queues. ZeroMQ offers no such mechanisms."
msgstr ""
"RabbitMQ dan Qpid menawarkan otentikasi dan mekanisme kontrol akses untuk "
"mengendalikan akses ke antrian. ZeroMQ tidak menawarkan mekanisme semacam "
"itu."
msgid "RabbitMQ server SSL configuration"
msgstr "Konfigurasi SSL server RabbitMQ"
msgid ""
"Rate Limiting is a means to control the frequency of events received by a "
"network based application. When robust rate limiting is not present, it can "
"result in an application being susceptible to various denial of service "
"attacks. This is especially true for APIs, which by their nature are "
"designed to accept a high frequency of similar request types and operations."
msgstr ""
"Rate Limiting adalah sarana untuk mengontrol frekuensi kejadian yang "
"diterima oleh aplikasi berbasis jaringan. Bila pembatas laju yang kuat tidak "
"ada, hal itu dapat mengakibatkan aplikasi menjadi rentan terhadap berbagai "
"penolakan serangan layanan. Hal ini terutama berlaku untuk API, yang menurut "
"sifatnya dirancang untuk menerima frekuensi permintaan dan jenis permintaan "
"yang sama."
msgid "Read-only file system"
msgstr "Sistem file read-only"
msgid ""
"Recommendations given in this guide cannot effectively guard against known "
"attacks if you deploy the dashboard in a domain that also hosts user-"
"generated content, even when this content resides on a separate sub-domain. "
"User-generated content can consist of scripts, images, or uploads of any "
"type. Most major web presences, including googleusercontent.com, fbcdn.com, "
"github.io, and twimg.co, use this approach to segregate user-generated "
"content from cookies and security tokens."
msgstr ""
"Rekomendasi yang diberikan dalam panduan ini tidak dapat secara efektif "
"mencegah serangan yang diketahui jika Anda memasang dasbor di domain yang "
"juga menghosting konten buatan pengguna, meskipun konten ini berada pada sub-"
"domain terpisah. Konten buatan pengguna dapat terdiri dari skrip, gambar, "
"atau upload jenis apa pun. Sebagian besar kehadiran web utama, termasuk "
"googleusercontent.com, fbcdn.com, github.io, dan twimg.co, gunakan "
"pendekatan ini untuk memisahkan konten buatan pengguna dari cookie dan token "
"keamanan."
msgid "Recommended in: :doc:`../compute`."
msgstr "Direkomendasikan di: :doc:`../compute`."
msgid "Recommended in: :doc:`../secure-communication`."
msgstr "Direkomendasikan di: :doc:`../secure-communication`."
msgid "Recommended in: :doc:`cookies`."
msgstr "Direkomendasikan di: :doc:`cookies`."
msgid "Recommended in: :doc:`https-hsts-xss-ssrf`."
msgstr "Direkomendasikan di: :doc:`https-hsts-xss-ssrf`."
msgid "Recommended in: :doc:`tokens`."
msgstr "Direkomendasikan di: :doc:`tokens`."
msgid "Recommended in: :ref:`internally-implemented-authentication-methods`."
msgstr ""
"Direkomendasikan di: :ref:`internally-implemented-authentication-methods`."
msgid ""
"Red Hat Enterprise Linux-based KVM deployments utilize the following sVirt "
"booleans:"
msgstr ""
"Pengerahan KVM berbasis Linux Red Hat Enterprise memanfaatkan boolean sVirt "
"berikut:"
msgid ""
"Redhat.com/solutions, Using SSL Encryption with OpenStack nova-novacproxy. "
"2014. `OpenStack nova-novncproxy SSL encryption <https://access.redhat.com/"
"solutions/514143>`_"
msgstr ""
"Redhat.com/solutions, Using SSL Encryption with OpenStack nova-novacproxy. "
"2014. `OpenStack nova-novncproxy SSL encryption <https://access.redhat.com/"
"solutions/514143>`_"
msgid "Register"
msgstr "Register"
msgid "Registration Authority (RA)"
msgstr "Registration Authority (RA)"
msgid "Related Openstack Projects"
msgstr "Proyek Openstack Terkait"
msgid "Relying party"
msgstr "Relying party"
msgid "Remove packages and stop services"
msgstr "Hapus paket dan stop service"
msgid ""
"Removes a blocker to cloud brokering and multi-cloud workload management. "
"There is no need to build additional authentication mechanisms to "
"authenticate users, since the IdPs take care of authenticating their own "
"users using whichever technologies they deem to be appropriate. In most "
"organizations, multiple authentication technologies are already in use."
msgstr ""
"Menghapus blocker ke cloud brokering dan multi-cloud workload management. "
"Tidak perlu membuat mekanisme otentikasi tambahan untuk mengotentikasi "
"pengguna, karena IdPs menangani otentikasi pengguna mereka sendiri dengan "
"menggunakan teknologi mana pun yang mereka anggap sesuai. Di kebanyakan "
"organisasi, beberapa teknologi otentikasi sudah digunakan."
msgid "Replace RABBIT\\_PASS with a suitable password."
msgstr "Ganti RABBIT \\ _PASS dengan password yang sesuai."
msgid ""
"Replace ``MANAGEMENT_IP`` with the management IP address of your controller "
"node."
msgstr ""
"Ganti `` MANAGEMENT_IP`` dengan alamat IP manajemen dari node controller "
"Anda."
msgid ""
"Reported security bugs that are found to be the result of a "
"misconfiguration, or are not strictly part of OpenStack are drafted into "
"OpenStack Security Notes (OSSNs). These include configuration issues such as "
"ensuring Identity provider mappings as well as non-OpenStack but critical "
"issues such as the Bashbug/Ghost or Venom vulnerabilities that affect the "
"platform OpenStack utilizes. The current set of OSSNs is in the `Security "
"Note wiki <https://wiki.openstack.org/wiki/Security_Notes>`_."
msgstr ""
"Bug keamanan yang dilaporkan yang ditemukan sebagai akibat dari kesalahan "
"konfigurasi, atau bukan bagian dari OpenStack yang dikonsep secara otomatis "
"ke dalam OpenStack Security Notes (OSSNs). Ini termasuk masalah konfigurasi "
"seperti memastikan pemetaan penyedia Identity serta non-OpenStack tetapi "
"masalah kritis seperti kerentanan Bashbug / Ghost atau Venom yang "
"memengaruhi platform yang digunakan OpenStack. Set OSSN saat ini ada di "
"`Security Note wiki <https://wiki.openstack.org/wiki/Security_Notes>` _."
msgid ""
"Reported security bugs that are found to be the result of a "
"misconfiguration, or are not strictly part of OpenStack, are drafted into "
"OpenStack Security Notes (OSSNs). These include configuration issues such as "
"ensuring identity provider mappings as well as non-OpenStack, but critical, "
"issues such as the Bashbug/Ghost or Venom vulnerabilities that affect the "
"platform OpenStack utilizes. The current set of OSSNs is in the `Security "
"Note wiki <https://wiki.openstack.org/wiki/Security_Notes>`_."
msgstr ""
"Bug keamanan yang dilaporkan yang ditemukan sebagai hasil misconfiguration, "
"atau tidak secara ketat merupakan bagian dari OpenStack, dirancang ke dalam "
"OpenStack Security Notes (OSSNs). Ini termasuk masalah konfigurasi seperti "
"memastikan pemetaan penyedia identitas dan juga masalah non-OpenStack, namun "
"kritis, seperti kerentanan Bashbug/Ghost atau Venom yang mempengaruhi "
"platform yang digunakan OpenStack. Kumpulan OSSN saat ini ada di `Security "
"Note wiki <https://wiki.openstack.org/wiki/Security_Notes>`_."
msgid "Require user accounts to require SSL transport"
msgstr "Perlu akun pengguna untuk meminta transport SSL"
msgid "Required for dynamic attestation services"
msgstr "Diperlukan untuk layanan pengesahan dinamis"
msgid "Required for protecting PCI-passthrough"
msgstr "Diperlukan untuk melindungi PCI-passthrough"
msgid "Required to allow secure sharing of PCI Express devices"
msgstr "Diperlukan untuk mengizinkan berbagi perangkat PCI Express yang aman"
msgid ""
"Requires user passwords to conform to minimum standards for length, "
"diversity of characters, expiration, or failed login attempts. In an "
"external authentication scenario this would be the password policy on the "
"original identity store."
msgstr ""
"Memerlukan password pengguna agar sesuai dengan standar panjang minimum, "
"keragaman karakter, kekedaluwarsaan, atau usaha login yang gagal. Dalam "
"skenario otentikasi eksternal, ini adalah kebijakan password pada identity "
"store aslinya."
msgid "Resource based filters"
msgstr "Filter berbasis sumber daya"
msgid "Resources"
msgstr "Sumber daya"
msgid ""
"Responsible for managing Shared File Service devices, specifically the back-"
"end devices."
msgstr ""
"Bertanggung jawab untuk mengelola perangkat Shared File Service, khususnya "
"perangkat back-end."
msgid ""
"Responsible for scheduling and routing requests to the appropriate ``manila-"
"share`` service. It does that by picking one back-end while filtering all "
"except one back-end."
msgstr ""
"Bertanggung jawab atas penjadwalan dan permintaan routing ke layanan `manila-"
"share` yang sesuai. Hal itu dilakukan dengan memilih satu back-end sambil "
"menyaring semua kecuali satu back-end."
msgid "Restart Apache:"
msgstr "Restart Apache:"
msgid "Restart the Shibboleth daemon:"
msgstr "Restart daemon Shibboleth:"
msgid "Restrict DB and RPC communication of the OpenStack Networking services"
msgstr "Batasi komunikasi DB dan RPC dari layanan OpenStack Networking"
msgid "Restrict bind address of the API server: neutron-server"
msgstr "Batasi alamat pengikat dari server API: neutron-server"
msgid "Restricting bind address for MySQL"
msgstr "Membatasi alamat pengikat untuk MySQL"
msgid "Restricting listen address for PostgreSQL"
msgstr "Membatasi alamat mendengarkan PostgreSQL"
msgid "Review by OpenStack Security Project"
msgstr "Review oleh OpenStack Security Project"
msgid ""
"Review by a third party review body, with validation from the OpenStack "
"Security Project"
msgstr ""
"Review oleh badan review pihak ketiga, dengan pengesahan dari OpenStack "
"Security Project"
msgid "Review common security principles."
msgstr "Tinjau kembali prinsip keamanan bersama."
msgid "Risk assessment"
msgstr "Penilaian Risiko"
msgid ""
"Robert Clark is the Lead Security Architect for HP Cloud Services and co-"
"founder of the OpenStack Security Group (OSSG). Prior to being recruited by "
"HP, he worked in the UK Intelligence Community. Robert has a strong "
"background in threat modeling, security architecture and virtualization "
"technology. Robert has a master's degree in Software Engineering from the "
"University of Wales."
msgstr ""
"Robert Clark adalah Lead Security Architect untuk HP Cloud Services dan "
"salah satu pendiri OpenStack Security Group (OSSG). Sebelum direkrut oleh "
"HP, dia bekerja di UK Intelligence Community. Robert memiliki latar belakang "
"yang kuat dalam pemodelan ancaman, arsitektur keamanan dan teknologi "
"virtualisasi. Robert memiliki gelar master di bidang Software Engineering "
"dari University of Wales."
msgid "Role-Based Access Control"
msgstr "Role-Based Access Control"
msgid ""
"Role-based access control (RBAC) allows separation of roles to eliminate the "
"need for an all-powerful system administrator."
msgstr ""
"Role-based access control (RBAC) memungkinkan pemisahan peran untuk "
"menghilangkan kebutuhan akan administrator sistem yang hebat."
msgid "Role-based access control policies"
msgstr "Kebijakan kontrol akses berbasis peran"
msgid "Rootwrap"
msgstr "Rootwrap"
msgid "Rsync [1]_"
msgstr "Rsync [1]_"
msgid "Run services as non-root user"
msgstr "Jalankan layanan sebagai pengguna non-root"
msgid ""
"Run the Identity service under Apache, instead of using ``keystone-all``."
msgstr ""
"Jalankan layanan Identity di bawah Apache, daripada menggunakan ``keystone-"
"all``."
msgid ""
"Run the cloud related services such as the OpenStack Identity service, the "
"message queuing service, storage, networking, and other services required to "
"support the operation of the cloud."
msgstr ""
"Jalankan layanan terkait awan seperti layanan OpenStack Identity, layanan "
"antrean pesan, penyimpanan, jaringan, dan layanan lainnya yang diperlukan "
"untuk mendukung pengoperasian awan."
msgid "Run the following commands:"
msgstr "Jalankan perintah berikut:"
msgid ""
"Runs on each compute node to manage local virtual switch (vswitch) "
"configuration. The plug-in that you use determine which agents run. This "
"service requires message queue access and depends on the plugin used. *Some "
"plugins like OpenDaylight(ODL) and Open Virtual Network (OVN) do not require "
"any python agents on compute nodes.*"
msgstr ""
"Jalankan pada setiap node untuk mengelola konfigurasi virtual switch "
"(vswitch) lokal. Plug-in yang Anda gunakan menentukan agen mana yang "
"dijalankan. Layanan ini membutuhkan akses antrian pesan dan tergantung pada "
"plugin yang digunakan. *Some plugins like OpenDaylight(ODL) and Open "
"Virtual Network (OVN) do not require any python agents on compute nodes.*"
msgid "Runtime verification"
msgstr "Verifikasi runtime"
msgid "SAML assertion"
msgstr "SAML assertion"
msgid ""
"SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking "
"servers that are turned off <https://isc.sans.edu/diary/IPMI%3A+Hacking"
"+servers+that+are+turned+%22off%22/13399>`__"
msgstr ""
"SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking "
"servers that are turned off <https://isc.sans.edu/diary/IPMI%3A+Hacking"
"+servers+that+are+turned+%22off%22/13399>`__"
msgid ""
"SDN services node: Management, guest and possibly public depending upon "
"product used."
msgstr ""
"SDN services node: Management, guest dan mungkin publik tergantung produk "
"yang digunakan."
msgid ""
"SELinux Project, SVirt. 2011. `http://selinuxproject.org/page/SVirt <http://"
"selinuxproject.org/page/SVirt>`_"
msgstr ""
"SELinux Project, SVirt. 2011. `http://selinuxproject.org/page/SVirt <http://"
"selinuxproject.org/page/SVirt>`_"
msgid ""
"SELinux manages user roles. These can be viewed through the ``-Z`` flag, or "
"with the :command:`semanage` command. On the hypervisor, only administrators "
"should be able to access the system, and should have an appropriate context "
"around both the administrative users and any other users that are on the "
"system. For more information, see the `SELinux users documentation <http://"
"selinuxproject.org/page/BasicConcepts#Users>`_."
msgstr ""
"SELinux mengelola peran pengguna. Ini dapat dilihat melalui flag ``-Z``, "
"atau dengan perintah :command: `semanage`. Pada hypervisor, hanya "
"administrator yang harus dapat mengakses sistem, dan harus memiliki konteks "
"yang sesuai di seputar pengguna administratif dan pengguna lain yang berada "
"di sistem. Untuk informasi lebih lanjut, lihat `SELinux users documentation "
"<http://selinuxproject.org/page/BasicConcepts#Users> `_."
msgid "SELinux users and roles"
msgstr "Pengguna dan peran SELinux"
msgid "SHA-1"
msgstr "SHA-1"
msgid "SHA-1 is used here because this is what the TPM chips support."
msgstr ""
"SHA-1 digunakan disini karena ini adalah apa yang didukung oleh chip TPM."
msgid "SHA-2 (224, 256, 384, or 512 bits)"
msgstr "SHA-2 (224, 256, 384, atau 512 bits)"
msgid "SOC 1 (SSAE 16) / ISAE 3402"
msgstr "SOC 1 (SSAE 16) / ISAE 3402"
msgid "SOC 2"
msgstr "SOC 2"
msgid "SOC 3"
msgstr "SOC 3"
msgid ""
"SPICE is supported by the OpenStack Dashboard (horizon) directly on the "
"instance web page. This requires the ``nova-spicehtml5proxy`` service."
msgstr ""
"SPICE didukung oleh OpenStack Dashboard (horizon) langsung pada halaman web "
"instance. Ini membutuhkan layanan ``nova-spicehtml5proxy``."
msgid "SR-IOV, MR-IOV, ATS"
msgstr "SR-IOV, MR-IOV, ATS"
msgid "SSL/TLS on same physical hosts as API endpoints"
msgstr "SSL/TLS pada host fisik yang sama dengan endpoint API"
msgid "SSL/TLS over load balancer"
msgstr "SSL/TLS over load balancer"
msgid "SSL/TLS proxy in front"
msgstr "Proxy SSL/TLS di depan"
msgid "Sahara"
msgstr "Sahara"
msgid ""
"Sahara generates and stores several passwords during the course of "
"operation. To harden saharas usage of passwords it can be instructed to use "
"an external key manager for storage and retrieval of these secrets. To "
"enable this feature, there must first be an OpenStack Key Manager service "
"deployed within the stack."
msgstr ""
"Sahara membuat dan menyimpan beberapa password selama operasi berlangsung. "
"Untuk mengeras penggunaan password sahara, hal itu dapat diinstruksikan "
"untuk menggunakan manajer kunci eksternal untuk penyimpanan dan pengambilan "
"kembali rahasia ini. Untuk mengaktifkan fitur ini, pertama-tama harus ada "
"layanan OpenStack Key Manager yang ditempatkan di dalam stack."
msgid "Salt Stack"
msgstr "Salt Stack"
msgid ""
"Sanitize portable, removable storage devices prior to connecting such "
"devices to the cloud infrastructure."
msgstr ""
"Sanitasi portabel, perangkat penyimpanan yang dapat dilepas sebelum "
"menghubungkan perangkat tersebut ke infrastruktur awan."
msgid "Scheduling instances to nodes"
msgstr "Penjadwalan instance ke node"
msgid ""
"Scope reduction helps ensure OpenStack architects establish high quality "
"security controls which are tailored to a particular deployment, however it "
"is paramount to ensure these practices do not omit areas or features from "
"security hardening. A common example is applicable to PCI-DSS guidelines, "
"where payment related infrastructure may be scrutinized for security issues, "
"but supporting services are left ignored, and vulnerable to attack."
msgstr ""
"Pengurangan ruang lingkup membantu memastikan arsitek OpenStack membentuk "
"kontrol keamanan berkualitas tinggi yang disesuaikan dengan penerapan "
"tertentu, namun sangat penting untuk memastikan praktik ini tidak "
"menghilangkan area atau fitur dari pengerasan keamanan. Contoh umum berlaku "
"untuk pedoman PCI-DSS, di mana infrastruktur terkait pembayaran dapat "
"diteliti untuk masalah keamanan, namun layanan pendukung tidak diperhatikan, "
"dan rentan diserang."
msgid "Scoped token"
msgstr "Scoped token"
msgid "Script kiddies"
msgstr "Script kiddies"
msgid "Secret key"
msgstr "Kunci rahasia (secret key)"
msgid "Secret store back ends"
msgstr "Secret store back ends"
msgid "Secret store plugins"
msgstr "Plugin penyimpanan rahasia"
msgid ""
"Secret store plugins interface with secure storage systems to store the "
"secrets within those systems. There are two types of secret store plugins: "
"the KMIP plugin and the Dogtag plugin."
msgstr ""
"Plugin penyimpanan rahasia terhubung dengan sistem penyimpanan yang aman "
"untuk menyimpan rahasia di dalam sistem tersebut. Ada dua jenis plugin "
"penyimpanan rahasia: plugin KMIP dan plugin Dogtag."
msgid "Secrets Management"
msgstr "Secrets Management (manajemen rahasia)"
msgid "Secrets Management :ref:`secrets-management`"
msgstr "Secrets Management :ref:`secrets-management`"
msgid ""
"Secrets Management describes a group of technologies that are designed to "
"protect key materials within a software system. Traditionally, key "
"management involves deployment of `Hardware Security Modules (HSM) <https://"
"en.wikipedia.org/wiki/Hardware_security_module>`_. These devices have been "
"physically hardened against tampering."
msgstr ""
"Secrets Management menguraikan sekelompok teknologi yang dirancang untuk "
"melindungi materi kunci dalam sistem perangkat lunak. Secara tradisional, "
"manajemen kunci (key management) melibatkan penyebaran `Hardware Security "
"Modules (HSM) <https://en.wikipedia.org/wiki/Hardware_security_module>` _. "
"Perangkat ini secara fisik hardened (mengeras) terhadap gangguan."
msgid ""
"Secrets that do not require keystone authentication can be stored in any "
"secret store that implements the simple key storage API that is exposed "
"through Castellan. This also includes Barbican."
msgstr ""
"Rahasia yang tidak memerlukan otentikasi keystone dapat disimpan di "
"penyimpanan rahasia manapun yang menerapkan API penyimpanan kunci sederhana "
"yang terpapar melalui Castellan. Ini juga termasuk Barbican."
msgid "Secrets that require a keystone token should be stored using Barbican."
msgstr ""
"Rahasia yang membutuhkan keystone token harus disimpan menggunakan Barbican."
msgid "Secure Communication"
msgstr "Secure Communication"
msgid "Secure backup and recovery"
msgstr "Amankan backup dan recovery"
msgid "Secure bootstrapping"
msgstr "Amankan bootstrapping"
msgid "Secure communication"
msgstr "Komunikasi yang aman"
msgid "Secure data erasure"
msgstr "Mengamankan penghapusan data"
msgid "Secure reference architectures"
msgstr "Arsitektur referensi yang aman"
msgid "Secure shell (SSH)"
msgstr "Secure shell (SSH)"
msgid "Securing OpenStack networking services"
msgstr "Mengamankan layanan jaringan OpenStack"
msgid "Securing communications using TLS"
msgstr "Mengamankan komunikasi dengan menggunakan TLS"
msgid "Securing proxy services"
msgstr "Mengamankan layanan proxy"
msgid "Securing storage services"
msgstr "Mengamankan layanan penyimpanan"
msgid ""
"Securing the Object Storage service begins with securing the networking "
"component. If you skipped the networking chapter, return to :doc:"
"`networking`."
msgstr ""
"Mengamankan layanan bject Storage dimulai dengan mengamankan komponen "
"jaringan. Jika Anda melewatkan bab jaringan, kembali ke :doc:`networking`."
msgid "Security Checklist"
msgstr "Daftar periksa keamanan"
msgid "Security Management"
msgstr "Security Management"
msgid "Security auditing tools"
msgstr "Alat audit keamanan"
msgid ""
"Security auditing tools can complement the configuration management tools. "
"Security auditing tools automate the process of verifying that a large "
"number of security controls are satisfied for a given system configuration. "
"These tools help to bridge the gap from security configuration guidance "
"documentation (for example, the STIG and NSA Guides) to a specific system "
"installation. For example, `SCAP <https://fedorahosted.org/scap-security-"
"guide/>`__ can compare a running system to a pre-defined profile. SCAP "
"outputs a report detailing which controls in the profile were satisfied, "
"which ones failed, and which ones were not checked."
msgstr ""
"Alat audit keamanan dapat melengkapi alat manajemen konfigurasi. Alat audit "
"keamanan mengotomatisasi proses verifikasi bahwa sejumlah besar kontrol "
"keamanan terpenuhi untuk konfigurasi sistem yang diberikan. Alat ini "
"membantu menjembatani kesenjangan dari dokumentasi panduan konfigurasi "
"keamanan (misalnya, the STIG and NSA Guides) ke instalasi sistem tertentu. "
"Misalnya, `SCAP <https://fedorahosted.org/scap-security-guide/>`__ dapat "
"membandingkan sistem yang berjalan dengan profil yang telah ditentukan "
"sebelumnya. SCAP mengeluarkan sebuah laporan yang merinci kontrol mana dalam "
"profil yang terpenuhi, mana yang gagal, dan mana yang tidak diperiksa."
msgid "Security boundaries and threats"
msgstr "Batas dan ancaman keamanan"
msgid ""
"Security concerns with the Identity service include trust in authentication, "
"the management of authorization tokens, and secure communication."
msgstr ""
"Masalah keamanan dengan layanan Identity meliputi kepercayaan dalam "
"otentikasi, pengelolaan token otorisasi, dan komunikasi yang aman."
msgid "Security considerations"
msgstr "Pertimbangan keamanan"
msgid ""
"Security considerations for block storage are similar to that of object "
"storage."
msgstr ""
"Pertimbangan keamanan untuk penyimpanan blok sama dengan penyimpanan objek."
msgid ""
"Security considerations for data processing should focus on data privacy and "
"secure communications to provisioned clusters."
msgstr ""
"Pertimbangan keamanan untuk pengolahan data harus berfokus pada privasi data "
"dan komunikasi yang aman ke kelompok yang ada."
msgid "Security considerations for memory optimization"
msgstr "Pertimbangan keamanan untuk pengoptimalan memori"
msgid "Security domains"
msgstr "Domain keamanan"
msgid "Security domains(s)"
msgstr "Security domains(s)"
msgid "Security function"
msgstr "Security Function (fungsi keamanan)"
msgid "Security groups"
msgstr "Kelompok keamanan"
msgid ""
"Security groups allow administrators and tenants the ability to specify the "
"type of traffic, and direction (ingress/egress) that is allowed to pass "
"through a virtual interface port. Security groups rules are stateful L2-L4 "
"traffic filters."
msgstr ""
"Kelompok keamanan memungkinkan administrator dan penyewa kemampuan untuk "
"menentukan jenis lalu lintas, dan arah (ingress/egress) yang diizinkan "
"melewati port antarmuka virtual. Aturan kelompok keamanan adalah filter lalu "
"lintas L2-L4 stateful."
msgid ""
"Security may be enhanced by requiring X.509 client certificates for "
"authentication. Authenticating to the database in this manner provides "
"greater identity assurance of the client making the connection to the "
"database and ensures that the communications are encrypted."
msgstr ""
"Keamanan dapat ditingkatkan dengan mewajibkan sertifikat klien X.509 untuk "
"otentikasi. Mengotentikasi ke database dengan cara ini memberikan jaminan "
"identitas yang lebih besar dari klien yang membuat koneksi ke database dan "
"memastikan bahwa komunikasi dienkripsi."
msgid ""
"Security monitoring controls such as intrusion detection software, antivirus "
"software, and spyware detection and removal utilities can generate logs that "
"show when and how an attack or intrusion took place. Deploying these tools "
"on the cloud machines provides value and protection. Cloud users, those "
"running instances on the cloud, may also want to run such tools on their "
"instances."
msgstr ""
"Kontrol pemantauan keamanan seperti perangkat lunak deteksi intrusi, "
"perangkat lunak antivirus, dan deteksi spyware dan utilitas penghapusan "
"dapat menghasilkan log yang menunjukkan kapan dan bagaimana serangan atau "
"gangguan terjadi. Penerapan alat ini pada mesin awan memberikan nilai dan "
"perlindungan. Pengguna awan, mereka yang menjalankan instance di atas awan, "
"mungkin juga ingin menjalankan alat semacam itu pada instance mereka."
msgid "Security principles"
msgstr "Prinsip Keamanan"
msgid "Security references for database back ends"
msgstr "Referensi keamanan untuk database back end"
msgid "Security review"
msgstr "Ulasan keamanan"
msgid ""
"Security review by the OSSP is expected to be the normal route for new "
"projects and for cases where third parties have not performed security "
"reviews or are unable to share their results. Information for projects that "
"require a security review by the OSSP will be available in the upcoming "
"security review process."
msgstr ""
"Review keamanan oleh OSSP diharapkan menjadi rute normal untuk proyek baru "
"dan untuk kasus dimana pihak ketiga belum melakukan review keamanan atau "
"tidak dapat membagikan hasilnya. Informasi untuk proyek yang memerlukan "
"review keamanan oleh OSSP akan tersedia dalam proses review keamanan yang "
"akan datang."
msgid "Security reviews"
msgstr "Tinjauan keamanan"
msgid "Security services"
msgstr "Layanan keamanan"
msgid "Security services for instances"
msgstr "Layanan Security untuk instance"
msgid "Security services management"
msgstr "Manajemen layanan keamanan"
msgid "Security training"
msgstr "Pelatihan keamanan"
msgid ""
"Security updates are critical to any IaaS deployment, whether private or "
"public. Vulnerable systems expand attack surfaces, and are obvious targets "
"for attackers. Common scanning technologies and vulnerability notification "
"services can help mitigate this threat. It is important that scans are "
"authenticated and that mitigation strategies extend beyond simple perimeter "
"hardening. Multi-tenant architectures such as OpenStack are particularly "
"prone to hypervisor vulnerabilities, making this a critical part of the "
"system for vulnerability management."
msgstr ""
"Pembaruan keamanan sangat penting untuk penyebaran IaaS, baik pribadi maupun "
"publik. Sistem yang rentan memperluas permukaan serangan, dan merupakan "
"target yang jelas bagi penyerang. Teknologi pemindaian umum dan layanan "
"pemberitahuan kerentanan dapat membantu mengurangi ancaman ini. Penting agar "
"pemindaian diautentikasi dan strategi mitigasi melampaui pengerasan "
"perimeter sederhana. Arsitektur multi-tenant seperti OpenStack sangat rentan "
"terhadap kerentanan hypervisor, menjadikannya bagian penting dari sistem "
"pengelolaan kerentanan."
msgid ""
"See the chapter on :doc:`../secure-communication` for more specific "
"recommendations and server configurations for HTTPS configurations, "
"including the configuration of HSTS."
msgstr ""
"Lihat bab di :doc:`../secure-communication` untuk rekomendasi lebih spesifik "
"dan konfigurasi server untuk konfigurasi HTTPS, termasuk konfigurasi HSTS."
msgid "Segmented network in *share servers* back-end mode"
msgstr "Jaringan tersegmentasi di *share servers * mode back-end"
msgid "Select an auditor."
msgstr "Pilih auditor."
msgid ""
"Selecting an auditor can be challenging. Ideally, you are looking for "
"someone with experience in cloud compliance audits. OpenStack experience is "
"another big plus. Often it is best to consult with people who have been "
"through this process for referrals. Cost can vary greatly depending on the "
"scope of the engagement and the audit firm considered."
msgstr ""
"Memilih auditor bisa menjadi tantangan. Idealnya, Anda mencari seseorang "
"yang berpengalaman dalam audit kepatuhan awan. Pengalaman OpenStack adalah "
"plus besar lainnya. Seringkali yang terbaik adalah berkonsultasi dengan "
"orang-orang yang telah melalui proses ini untuk referensi. Biaya dapat "
"sangat bervariasi tergantung pada cakupan perjanjian dan perusahaan audit "
"yang dipertimbangkan."
msgid "Selecting supporting software"
msgstr "Memilih perangkat lunak pendukung"
msgid "Selection criteria"
msgstr "Kriteria seleksi"
msgid ""
"Selects highest possible security cipher in the negotiation phase. These "
"typically have keys of length 128 bits or longer."
msgstr ""
"Memilih sekuriti keamanan tertinggi dalam tahap negosiasi. Ini biasanya "
"memiliki kunci dengan panjang 128 bit atau lebih."
msgid "Serious organized crime"
msgstr "Kejahatan terorganisir serius"
msgid "Serpent"
msgstr "Serpent"
msgid "Server hardening"
msgstr "Pengerasan server"
msgid ""
"Servers in the cloud, including undercloud and overcloud infrastructure, "
"should implement hardening best practices. As OS and server hardening is "
"common, applicable best practices including but not limited to logging, user "
"account restrictions, and regular updates will not be covered here, but "
"should be applied to all infrastructure."
msgstr ""
"Server di awan, termasuk infrastruktur yang undercloud dan overcloud, harus "
"menerapkan praktik terbaik pengerasan. Karena pengerasan OS dan server biasa "
"terjadi, praktik terbaik yang berlaku termasuk namun tidak terbatas pada "
"logging, batasan akun pengguna, dan pembaruan reguler tidak akan dibahas di "
"sini, namun harus diterapkan pada semua infrastruktur."
msgid "Service"
msgstr "Service"
msgid ""
"Service Organization Controls (SOC) 2 is a self attestation of controls that "
"affect the security, availability, and processing integrity of the systems a "
"service organization uses to process users' data and the confidentiality and "
"privacy of information processed by these system. Examples of users are "
"those responsible for governance of the service organization, customers of "
"the service organization, regulators, business partners, suppliers, and "
"others who have an understanding of the service organization and its "
"controls."
msgstr ""
"Service Organization Controls (SOC) 2 adalah pengesahan diri terhadap "
"kontrol yang mempengaruhi keamanan, ketersediaan, dan integritas proses "
"sistem yang digunakan oleh organisasi layanan untuk memproses data pengguna "
"dan kerahasiaan dan privasi informasi yang diproses oleh sistem ini. Contoh "
"pengguna adalah mereka yang bertanggung jawab atas tata kelola organisasi "
"layanan, pelanggan dari organisasi layanan, regulator, mitra bisnis, "
"pemasok, dan pihak lain yang memiliki pemahaman tentang organisasi layanan "
"dan kontrolnya."
msgid ""
"Service Organization Controls (SOC) 3 is a trust services report for service "
"organizations. These reports are designed to meet the needs of users who "
"want assurance on the controls at a service organization related to "
"security, availability, processing integrity, confidentiality, or privacy "
"but do not have the need for or the knowledge necessary to make effective "
"use of a SOC 2 Report. These reports are prepared using the AICPA/Canadian "
"Institute of Chartered Accountants (CICA) Trust Services Principles, "
"Criteria, and Illustrations for Security, Availability, Processing "
"Integrity, Confidentiality, and Privacy. Because they are general use "
"reports, SOC 3 Reports can be freely distributed or posted on a website as a "
"seal."
msgstr ""
"Service Organization Controls (SOC) 3 adalah laporan layanan kepercayaan "
"untuk organisasi layanan. Laporan ini dirancang untuk memenuhi kebutuhan "
"pengguna yang menginginkan kepastian kontrol pada organisasi layanan yang "
"berkaitan dengan keamanan, ketersediaan, integritas pemrosesan, kerahasiaan, "
"atau privasi namun tidak memerlukan atau pengetahuan yang diperlukan untuk "
"memanfaatkan secara efektif SOC 2 Report. Laporan ini disiapkan dengan "
"menggunakan AICPA/Canadian Institute of Chartered Accountants (CICA) Trust "
"Services Principles, Criteria, and Illustrations for Security, Availability, "
"Processing Integrity, Confidentiality, and Privacy. Karena mereka adalah "
"laporan penggunaan umum, SOC 3 Reports dapat didistribusikan secara gratis "
"atau diposkan di situs web sebagai meterai."
msgid ""
"Service Organization Controls (SOC) criteria are defined by the `American "
"Institute of Certified Public Accountants <http://www.aicpa.org/>`_ (AICPA). "
"SOC controls assess relevant financial statements and assertions of a :term:"
"`service provider`, such as compliance with the Sarbanes-Oxley Act. SOC 1 is "
"a replacement for Statement on Auditing Standards No. 70 (SAS 70) Type II "
"report. These controls commonly include physical data centers in scope."
msgstr ""
"Kriteria Service Organization Controls (SOC) didefinisikan oleh `American "
"Institute of Certified Public Accountants <http://www.aicpa.org/>`_ (AICPA). "
"Kontrol SOC menilai laporan keuangan dan asersi yang relevan dari :term:"
"`service provider`, seperti kepatuhan terhadap Sarbanes-Oxley Act. SOC 1 "
"adalah pengganti Statement on Auditing Standards No. 70 (SAS 70) Tipe II "
"report. Kontrol ini biasanya mencakup cakupan data fisik."
msgid "Service Provider (SP)"
msgstr "Service Provider (SP)"
msgid "Service architecture diagram"
msgstr "Diagram arsitektur layanan"
msgid "Service authorization"
msgstr "Otorisasi layanan"
msgid "Service name"
msgstr "Service name"
msgid ""
"Services select their respective API endpoints based on the OpenStack "
"service catalog. These services might not obey the listed public or internal "
"API end point values. This can lead to internal management traffic being "
"routed to external API endpoints."
msgstr ""
"Layanan memilih endpoints API masing-masing berdasarkan katalog layanan "
"OpenStack. Layanan ini mungkin tidak mematuhi nilai endpoints API publik "
"atau internal yang terdaftar. Hal ini dapat menyebabkan lalu lintas "
"manajemen internal diarahkan ke endpoints API eksternal."
msgid "Services, protocols, and ports"
msgstr "Layanan, protokol, dan port"
msgid ""
"Services, protocols, and ports being utilized in the OpenStack deployment."
msgstr "Layanan, protokol, dan port yang digunakan dalam pengerahan OpenStack."
msgid "Session back end"
msgstr "Sesi back end"
msgid "Session cookies should be set to HTTPONLY:"
msgstr "Cookie sesi harus diatur ke HTTPONLY:"
msgid "Setting Identity service as Identity Provider"
msgstr "Menetapkan layanan Identity sebagai Identity Provider"
msgid ""
"Setting ``ENFORCE_PASSWORD_CHECK`` to True will display an 'Admin Password' "
"field on the Change Password form to verify that it is indeed the admin "
"logged-in who wants to change the password."
msgstr ""
"Menetapkan ``ENFORCE_PASSWORD_CHECK`` ke True akan menampilkan field 'Admin "
"Password' pada form Change Password untuk memverifikasi bahwa memang admin "
"logged-in yang ingin mengganti kata sandinya."
msgid ""
"Several cryptography algorithms are available within OpenStack for "
"identification and authorization, data transfer and protection of data at "
"rest. When selecting a hypervisor, we recommend the following algorithms and "
"implementation standards:"
msgstr ""
"Beberapa algoritma kriptografi tersedia di dalam OpenStack untuk "
"identifikasi dan otorisasi, transfer data dan perlindungan data saat "
"istirahat. Saat memilih hypervisor, kami menganjurkan algoritma dan standar "
"implementasi berikut:"
msgid ""
"Several features related to image signing are now available in OpenStack. As "
"of the Mitaka release, the Image service can verify these signed images, "
"and, to provide a full chain of trust, the Compute service has the option to "
"perform image signature verification prior to image boot. Successful "
"signature validation before image boot ensures the signed image hasn't "
"changed. With this feature enabled, unauthorized modification of images (e."
"g., modifying the image to include malware or rootkits) can be detected."
msgstr ""
"Beberapa fitur yang terkait dengan penandatanganan image sekarang tersedia "
"di OpenStack. Pada rilis Mitaka, layanan Image dapat memverifikasi image "
"yang ditandatangani ini, dan, untuk menyediakan rantai kepercayaan penuh, "
"layanan Compute memiliki opsi untuk melakukan verifikasi tanda tangan image "
"sebelum melakukan booting image. Validasi tanda tangan yang berhasil sebelum "
"boot image memastikan image yang ditandatangani tidak berubah. Dengan fitur "
"ini diaktifkan, modifikasi image yang tidak sah (mis., memodifikasi image "
"untuk menyertakan perangkat lunak perusak atau rootkit) dapat terdeteksi."
msgid ""
"Several of the components use databases though it is not explicitly called "
"out. Securing database access is yet another security concern, and "
"consequently discussed in more detail later in this guide."
msgstr ""
"Beberapa komponen menggunakan database meskipun tidak secara eksplisit "
"dipanggil. Pengamanan akses database adalah masalah keamanan lainnya, dan "
"akibatnya dibahas lebih rinci nanti dalam panduan ini."
msgid "Share access control"
msgstr "Share (membagi) kontrol akses"
msgid "Share back ends modes"
msgstr "Share back ends modes"
msgid ""
"Share drivers use data in the security service to configure newly created "
"share servers."
msgstr ""
"Share driver menggunakan data dalam layanan keamanan untuk mengkonfigurasi "
"share server yang baru dibuat."
msgid "Share servers mode"
msgstr "Share servers mode"
msgid "Share type access control"
msgstr "Bagikan jenis kontrol akses"
msgid ""
"Share types can be created as *public* and *private*. This is the level of "
"visibility for the share type that defines whether other tenants can or "
"cannot see it in a share types list and use it to create a new share."
msgstr ""
"Jenis share dapat dibuat sebagai *public* dan *private*. Ini adalah tingkat "
"visibilitas untuk tipe share yang menentukan apakah penyewa lain dapat atau "
"tidak dapat melihatnya dalam daftar jenis share dan menggunakannya untuk "
"membuat share baru."
msgid "Shared File Systems"
msgstr "Shared File Systems (sistem file bersama)"
msgid ""
"Shared File Systems service has its own role-based access policies. They "
"determine which user can access which objects in which way, and are defined "
"in the service's ``policy.json`` file."
msgstr ""
"Layanan Shared File Systems memiliki kebijakan akses berbasis perannya "
"sendiri. Mereka menentukan pengguna mana yang dapat mengakses objek mana "
"dengan cara mana, dan didefinisikan di file ``policy.json`` layanan."
msgid ""
"Shawn Wells is the Director, Innovation Programs at Red Hat, focused on "
"improving the process of adopting, contributing to, and managing open source "
"technologies within the U.S. Government. Additionally, Shawn is an upstream "
"maintainer of the SCAP Security Guide project which forms virtualization and "
"operating system hardening policy with the U.S. Military, NSA, and DISA. "
"Formerly aa NSA civilian, Shawn developed SIGINT collection systems "
"utilizing large distributed computing infrastructures."
msgstr ""
"Shawn Wells adalah Direktur, Innovation Programs di Red Hat, yang berfokus "
"pada peningkatan proses adopsi, kontribusi, dan pengelolaan teknologi open "
"source di dalam Pemerintah A.S. Selain itu, Shawn adalah pengelola hulu dari "
"proyek SCAP Security Guide yang membentuk kebijakan pengerasan sistem "
"virtualisasi dan operasi dengan AS, NSA, dan DISA. Dahulu aa NSA sipil, "
"Shawn mengembangkan sistem pengumpulan SIGINT yang memanfaatkan "
"infrastruktur komputasi terdistribusi besar."
msgid ""
"Signed public key certificates are data structures that have verifiable data "
"of an entity, its public key along with some other attributes. These "
"certificates are issued by a Certificate Authority (CA). As the certificates "
"are signed by a CA that is trusted, once verified, the public key associated "
"with the entity is guaranteed to be associated with the said entity. The "
"most common standard used to define these certificates is the :term:`X.509` "
"standard. The :term:`X.509` v3 which is the current standard is described in "
"detail in `RFC5280 <http://tools.ietf.org/html/5280>`_. Certificates are "
"issued by CAs as a mechanism to prove the identity of online entities. The "
"CA digitally signs the certificate by creating a message digest from the "
"certificate and encrypting the digest with its private key."
msgstr ""
"Sertifikat kunci publik yang masuk adalah struktur data yang memiliki data "
"yang dapat diverifikasi dari suatu entitas, kunci publiknya beserta beberapa "
"atribut lainnya. Sertifikat ini dikeluarkan oleh Certificate Authority (CA). "
"Karena sertifikat ditandatangani oleh CA yang dipercaya, setelah "
"diverifikasi, kunci publik yang terkait dengan entitas dijamin terkait "
"dengan entitas tersebut. Standar yang paling umum digunakan untuk "
"mendefinisikan sertifikat ini adalah : erm: `X.509` standard. The :term: "
"`X.509` v3 yang merupakan standar saat ini dijelaskan secara rinci di "
"`RFC5280 <http://tools.ietf.org/html/5280> `_. Sertifikat dikeluarkan oleh "
"CA sebagai mekanisme untuk membuktikan identitas entitas online. CA secara "
"digital menandatangani sertifikat dengan membuat pesan yang dicerna dari "
"sertifikat dan mengenkripsi mencerna dengan kunci privatnya."
msgid ""
"Similar to host-based tools, the selection and configuration of a network-"
"based intrusion detection tool is deployment specific. `Snort <https://www."
"snort.org/>`__ is the leading open source networking intrusion detection "
"tool, and a good starting place to learn more."
msgstr ""
"Serupa dengan alat berbasis host, pemilihan dan konfigurasi alat deteksi "
"intrusi berbasis jaringan adalah pengerahan yang spesifik. `Snort <https://"
"www.snort.org/>` __ adalah alat deteksi intrusi jaringan sumber terbuka "
"terkemuka, dan tempat awal yang baik untuk belajar lebih banyak."
msgid ""
"Similar to other OpenStack projects, the Shared File Systems service is "
"registered with the Identity service, so you can find API endpoints of the "
"share service v1 and v2 using **manila endpoints** command:"
msgstr ""
"Serupa dengan proyek OpenStack lainnya, layanan Shared File Systems "
"didaftarkan pada layanan Identity, sehingga Anda dapat menemukan API "
"endpoint dari layanan share v1 dan v2 menggunakan perintah **manila "
"endpoints **:"
msgid ""
"Similar to previous check (:ref:`check_block_05`), we recommend that all "
"components communicate with each other using a secured communication "
"protocol."
msgstr ""
"Serupa dengan sebelumnya cek (:ref:`check_block_05`), kami merekomendasikan "
"agar semua komponen berkomunikasi satu sama lain menggunakan protokol "
"komunikasi aman."
msgid ""
"Similar to previous check (:ref:`check_shared_fs_05`), it is recommended all "
"the components must communicate with each other using a secured "
"communication protocol."
msgstr ""
"Serupa dengan cek sebelumnya (:ref:`check_shared_fs_05`), disarankan semua "
"komponen harus berkomunikasi satu sama lain menggunakan protokol komunikasi "
"aman."
msgid ""
"Similar to the previous check, it is recommended not to reveal password "
"fields."
msgstr ""
"Serupa dengan cek sebelumnya, disarankan untuk tidak mengungkapkan field "
"kata kunci."
msgid ""
"Similar to the previous check, it is recommended to enable secure "
"communication on API server."
msgstr ""
"Serupa dengan cek sebelumnya, disarankan untuk mengaktifkan komunikasi yang "
"aman di server API."
msgid ""
"Similar to the previous check, it is recommended to set strict access "
"permissions for such configuration files."
msgstr ""
"Serupa dengan cek sebelumnya, disarankan untuk menetapkan izin akses yang "
"ketat untuk file konfigurasi tersebut."
msgid ""
"Similar to the previous check, we recommend setting strict access "
"permissions for such configuration files."
msgstr ""
"Serupa dengan cek sebelumnya, kami menyarankan untuk menetapkan izin akses "
"yang ketat untuk file konfigurasi tersebut."
msgid ""
"Similar to the previous check, we recommend to set strict access permissions "
"for such configuration files."
msgstr ""
"Serupa dengan cek sebelumnya, kami menyarankan untuk menetapkan izin akses "
"yang ketat untuk file konfigurasi tersebut."
msgid ""
"Similar to the previous check, we recommend you set strict access "
"permissions for such configuration files."
msgstr ""
"Serupa dengan cek sebelumnya, sebaiknya Anda menetapkan izin akses yang "
"ketat untuk file konfigurasi tersebut."
msgid ""
"Similar to the previous check, we recommended to set strict access "
"permissions for such configuration files."
msgstr ""
"Serupa dengan cek sebelumnya, kami merekomendasikan untuk menetapkan izin "
"akses yang ketat untuk file konfigurasi tersebut."
msgid ""
"Simple Authentication and Security Layer (SASL) is a framework for "
"authentication and data security in Internet protocols. Both RabbitMQ and "
"Qpid offer SASL and other pluggable authentication mechanisms beyond simple "
"user names and passwords that allow for increased authentication security. "
"While RabbitMQ supports SASL, support in OpenStack does not currently allow "
"for requesting a specific SASL authentication mechanism. RabbitMQ support in "
"OpenStack allows for either user name and password authentication over an "
"unencrypted connection or user name and password in conjunction with X.509 "
"client certificates to establish the secure TLS connection."
msgstr ""
"Simple Authentication and Security Layer (SASL) adalah kerangka kerja untuk "
"otentikasi dan keamanan data dalam protokol Internet. Kedua RabbitMQ dan "
"Qpid menawarkan SASL dan mekanisme otentikasi pluggable lainnya di luar nama "
"pengguna dan password sederhana yang memungkinkan peningkatan keamanan "
"otentikasi. Sementara RabbitMQ mendukung SASL, dukungan di OpenStack saat "
"ini tidak mengizinkan mekanisme otentikasi SASL yang spesifik. Dukungan "
"RabbitMQ di OpenStack memungkinkan otentikasi nama pengguna dan password "
"melalui koneksi atau nama pengguna dan password yang tidak dienkripsi "
"bersamaan dengan sertifikat klien X.509 untuk menetapkan koneksi TLS yang "
"aman."
msgid "Simple Protocol for Independent Computing Environments (SPICE)"
msgstr "Simple Protocol for Independent Computing Environments (SPICE)"
msgid "Simple crypto plugin"
msgstr "Plugin kripto sederhana"
msgid ""
"Since share types due to their extra specifications help to filter or choose "
"back ends before users create a share, using access to the share types you "
"can limit clients in choice of specific back ends."
msgstr ""
"Karena jenis share menggunakan spesifikasi tambahan mereka membantu "
"menyaring atau memilih kembali sebelum pengguna membuat share, dengan "
"menggunakan akses ke jenis share Anda dapat membatasi klien dalam pilihan "
"tujuan akhir tertentu."
msgid ""
"Since the HDFS shared file system protocol uses NFS access it also can be "
"configured to authenticate via IP address."
msgstr ""
"Karena protokol sistem file shared HDFS menggunakan akses NFS, ia juga dapat "
"dikonfigurasi untuk melakukan otentikasi melalui alamat IP."
msgid ""
"Siwczak, Piotr. `Some Practical Considerations for Monitoring in the "
"OpenStack Cloud <https://www.mirantis.com/blog/openstack-monitoring/>`_. "
"2012."
msgstr ""
"Siwczak, Piotr. `Some Practical Considerations for Monitoring in the "
"OpenStack Cloud <https://www.mirantis.com/blog/openstack-monitoring/>`_. "
"2012."
msgid "Software"
msgstr "Software"
msgid "Software inventory"
msgstr "Inventarisasi perangkat lunak"
msgid ""
"Solutions to the hardware infection problem are domain specific. The "
"strategy is to identify how an instance can modify hardware state then "
"determine how to reset any modifications when the instance is done using the "
"hardware. For example, one option could be to re-flash the firmware after "
"use. There is a need to balance hardware longevity with security as some "
"firmwares will fail after a large number of writes. TPM technology, "
"described in :ref:`management-secure-bootstrapping`, is a solution for "
"detecting unauthorized firmware changes. Regardless of the strategy "
"selected, it is important to understand the risks associated with this kind "
"of hardware sharing so that they can be properly mitigated for a given "
"deployment scenario."
msgstr ""
"Solusi untuk masalah infeksi perangkat keras adalah domain yang spesifik. "
"Strateginya adalah untuk mengidentifikasi bagaimana sebuah instance dapat "
"memodifikasi keadaan perangkat keras kemudian menentukan bagaimana mengatur "
"ulang modifikasi apa pun bila instance dilakukan dengan menggunakan "
"perangkat keras. Sebagai contoh, satu pilihan bisa untuk re-flash firmware "
"setelah digunakan. Ada kebutuhan untuk menyeimbangkan umur panjang hardware "
"dengan keamanan karena beberapa Firmwares akan gagal setelah sejumlah besar "
"penulisan. Teknologi TPM, dijelaskan dalam :ref: `management-secure-"
"bootstrapping`, adalah solusi untuk mendeteksi perubahan firmware yang tidak "
"sah. Terlepas dari strategi yang dipilih, penting untuk memahami risiko yang "
"terkait dengan pembagian perangkat keras semacam ini sehingga dapat "
"dimitigasi dengan benar untuk skenario penerapan tertentu."
msgid ""
"Some back-ends such as ZFS will support copy-on-write to prevent data "
"exposure. In these cases, reads from unwritten blocks will always return "
"zero. Other back ends such as LVM may not natively support this, thus the "
"Block Storage plug-in takes the responsibility to override previously "
"written blocks before handing them to users. It is important to review what "
"assurances your chosen volume back-end provides and to see what mediations "
"may be available for those assurances not provided."
msgstr ""
"Beberapa back-end seperti ZFS akan mendukung copy-on-write untuk mencegah "
"pemaparan data. Dalam kasus ini, pembacaan dari blok tidak tertulis akan "
"selalu kembali nol. Back-end lainnya seperti LVM mungkin tidak mendukungnya "
"secara native, sehingga plug-in Block Storage bertanggung jawab untuk "
"mengganti blok yang sebelumnya ditulis sebelum menyerahkannya kepada "
"pengguna. Penting untuk meninjau kembali pilihan Anda jaminan (assurance) "
"yang tersedia untuk back-end volume dan untuk melihat mediasi apa yang "
"mungkin tersedia untuk jaminan yang tidak diberikan."
msgid ""
"Some drivers support security services and other drivers do not support any "
"of the security services mentioned above. For example, Generic Driver with "
"the NFS or the CIFS shared file system protocol supports only authentication "
"method through the IP address."
msgstr ""
"Beberapa driver mendukung layanan keamanan dan driver lainnya tidak "
"mendukung layanan keamanan yang disebutkan di atas. Sebagai contoh, Generic "
"Driver dengan NFS atau protokol file shared CIFS hanya mendukung metode "
"otentikasi melalui alamat IP."
msgid "Some important definitions:"
msgstr "Beberapa definisi penting:"
msgid "Some of the concerns with the use of SSL/TLS proxies as pictured above:"
msgstr ""
"Beberapa kekhawatiran dengan penggunaan proxy SSL/TLS seperti yang "
"digambarkan di atas:"
msgid ""
"Some share drivers may not support all types of segmentation, for details "
"see specification for the driver in use."
msgstr ""
"Beberapa share driver mungkin tidak mendukung semua jenis segmentasi, untuk "
"detail lihat spesifikasi driver yang sedang digunakan."
msgid ""
"Specific SELinux policies are available for many OpenStack services. CentOS "
"users can review these policies by `installing the selinux-policy source "
"package`_. The most up to date policies appear in `Fedora's selinux-policy`_ "
"repository. The `rawhide-contrib`_ branch has files that end in ``.te``, "
"such as ``cinder.te``, that can be used on systems running SELinux."
msgstr ""
"Kebijakan SELinux khusus tersedia untuk banyak layanan OpenStack. Pengguna "
"CentOS dapat meninjau kebijakan ini dengan `installing the selinux-policy "
"source package`_. Kebijakan yang paling mutakhir muncul di repositori "
"'selinux-policy`_ Fedora. The `rawhide-contrib`_ branch memiliki file yang "
"diakhiri dengan ``.te``, seperti ``cinder.te``, yang dapat digunakan pada "
"sistem yang menjalankan SELinux."
msgid ""
"Specific to various hypervisors is the treatment of instance memory. This "
"behavior is not defined in OpenStack Compute, although it is generally "
"expected of hypervisors that they will make a best effort to scrub memory "
"either upon deletion of an instance, upon creation of an instance, or both."
msgstr ""
"Khusus untuk berbagai hypervisor adalah perawatan memori instance. Perilaku "
"ini tidak didefinisikan dalam OpenStack Compute, meskipun pada umumnya "
"diharapkan hypervisors bahwa mereka akan melakukan upaya terbaik untuk "
"menghilangkan memori baik saat penghapusan sebuah instance, pada saat "
"pembuatan sebuah instance, atau keduanya."
msgid "Stack canaries"
msgstr "Stack canaries"
msgid "Start instance on destination host"
msgstr "Start instance di host tujuan"
msgid "Start the guest"
msgstr "Start guest"
msgid ""
"Start with a short timeout of 1 day during testing, and raise it to one year "
"after testing has shown that you have not introduced problems for users. "
"Note that once this header is set to a large timeout, it is (by design) very "
"difficult to disable."
msgstr ""
"Mulailah dengan jangka waktu singkat (short timeout) 1 hari selama "
"pengujian, dan naikkan ke satu tahun setelah pengujian telah menunjukkan "
"bahwa Anda belum memperkenalkan masalah bagi pengguna. Perhatikan bahwa "
"sekali header ini diatur ke batas waktu yang besar, (by design) itu menjadi "
"sangat sulit untuk dinonaktifkan."
msgid "State transition and wake events"
msgstr "State transition dan wake events"
msgid "Static media"
msgstr "Media statis"
msgid "Stop the guest and sync disks"
msgstr "Hentikan guest and sync disk"
msgid "Storage API endpoints"
msgstr "Storage API endpoints"
msgid "Storage Encryption"
msgstr "Storage Encryption"
msgid "Storage services"
msgstr "Layanan Storage"
msgid "Stud"
msgstr "Stud"
msgid "Summary"
msgstr "Ringkasan"
msgid "Summary of existing technologies"
msgstr "Ringkasan teknologi yang ada"
msgid ""
"Sunar, Eisenbarth, Inci, Gorka Irazoqui Apecechea. Fine Grain Cross-VM "
"Attacks on Xen and VMware are possible!. 2014. `https://eprint.iacr."
"org/2014/248.pfd <https://eprint.iacr.org/2014/248.pdf>`_"
msgstr ""
"Sunar, Eisenbarth, Inci, Gorka Irazoqui Apecechea. Fine Grain Cross-VM "
"Attacks pada Xen dan VMware adalah mungkin. 2014. `https://eprint.iacr."
"org/2014/248.pfd <https://eprint.iacr.org/2014/248.pdf>`_"
msgid ""
"Supported authentication methods depend on which share driver, security "
"service and shared file system protocol you configure and use. Supported "
"shared file system protocols are NFS, CIFS, GlusterFS, and HDFS. Supported "
"security services are LDAP, Kerberos protocols, or Microsoft Active "
"Directory service. For details of supporting of features by different "
"drivers, see `Manila share features support mapping <http://docs.openstack. "
"org/developer/manila/devref/share_back_ends_feature_support_ mapping.html>`_."
msgstr ""
"Metode otentikasi yang didukung bergantung pada share driver, layanan "
"keamanan dan protokol sistem file shared yang Anda konfigurasikan dan "
"gunakan. Protokol sistem file shared yang didukung adalah NFS, CIFS, "
"GlusterFS, dan HDFS. Layanan keamanan yang didukung adalah LDAP, protokol "
"Kerberos, atau layanan Microsoft Active Directory. Untuk rincian dukungan "
"fitur oleh driver yang berbeda, lihat `Manila share features support mapping "
"<http://docs.openstack. org/developer/manila/devref/"
"share_back_ends_feature_support_ mapping.html>`_."
msgid ""
"Supporting components, such as load-balancers, reverse proxies, DNS, or DHCP "
"services"
msgstr ""
"Komponen pendukung, seperti load-balancer, reverse proxy, DNS, atau layanan "
"DHCP"
msgid "Supports encrypted backups if the original volume is encrypted"
msgstr "Mendukung backup terenkripsi jika volume asli dienkripsi"
msgid "Swift"
msgstr "Swift"
msgid ""
"Symmetric keys can be used to encrypt Swift containers to mitigate the risk "
"of users data being read if an unauthorised party were to gain physical "
"access to a disk."
msgstr ""
"Kunci simetris dapat digunakan untuk mengenkripsi kontainer Swift untuk "
"mengurangi risiko data pengguna dibaca jika pihak yang tidak berwenang "
"memperoleh akses fisik ke disk."
msgid "System categorization:"
msgstr "Kategorisasi sistem:"
msgid "System databases, such as MySQL or mongoDB"
msgstr "Sistem database, seperti MySQL atau mongoDB"
msgid "System documentation"
msgstr "Dokumentasi sistem"
msgid "System documentation requirements"
msgstr "Persyaratan dokumentasi sistem"
msgid "System inventory"
msgstr "Inventarisasi sistem"
msgid "System metadata"
msgstr "System metadata"
msgid "System roles and types"
msgstr "Peran dan tipe sistem"
msgid "System validation"
msgstr "Validasi sistem"
msgid ""
"Systems should be segregated in such a way that if one machine, or system-"
"level service, is compromised the security of the other systems will remain "
"intact. Practically, the enablement and proper usage of SELinux helps "
"accomplish this goal."
msgstr ""
"Sistem harus dipisahkan sedemikian rupa sehingga jika satu mesin, atau "
"layanan tingkat sistem, dikompromikan, keamanan sistem lain akan tetap utuh. "
"Praktis, pemakaian dan penggunaan SELinux yang tepat membantu mencapai "
"tujuan ini."
msgid "TCP"
msgstr "TCP"
msgid "TDES"
msgstr "TDES"
msgid "TLS"
msgstr "TLS"
msgid "TLS libraries"
msgstr "Perpustakaan TLS"
msgid "TLS proxies and HTTP services"
msgstr "Proxy TLS dan layanan HTTP"
msgid "TSF Protection"
msgstr "TSF Protection"
msgid "TXT"
msgstr "TXT"
msgid "Team expertise"
msgstr "Keahlian tim"
msgid "Technologies involved"
msgstr "Teknologi terlibat"
msgid "Technology"
msgstr "Teknologi"
msgid "TempAuth"
msgstr "TempAuth"
msgid ""
"TempAuth is the default authentication for Object Storage. In contrast to "
"Identity, it stores the user accounts, credentials, and metadata in object "
"storage itself. More information can be found in the section `The Auth "
"System <https://docs.openstack.org/swift/latest/overview_auth.html>`_ of the "
"Object Storage (swift) documentation."
msgstr ""
"TempAuth adalah otentikasi default untuk Object Storage. Berbeda dengan "
"Identity, ia menyimpan akun pengguna, kredensial, dan metadata dalam "
"penyimpanan objek itu sendiri. Informasi lebih lanjut dapat ditemukan di "
"bagian ini `The Auth System <https://docs.openstack.org/swift/latest/"
"overview_auth.html>`_ dari dokumentasi Object Storage (swift)."
msgid ""
"Tenant data for compute could be encrypted over IPsec or other tunnels. This "
"is not functionality common or standard in OpenStack, but is an option "
"available to motivated and interested implementors."
msgstr ""
"Data penyewa untuk komputasi bisa dienkripsi melalui IPsec atau tunnel "
"lainnya. Ini bukan fungsi umum atau standar di OpenStack, namun merupakan "
"pilihan yang tersedia bagi pelaksana yang termotivasi dan tertarik."
msgid "Tenant data privacy"
msgstr "Privasi data penyewa"
msgid ""
"Tenant data stored in an OpenStack cloud may include the following items:"
msgstr ""
"Data penyewa yang tersimpan dalam awan OpenStack mungkin termasuk item "
"berikut:"
msgid "Tenants"
msgstr "Tenants"
msgid "Tenants provide details for the security service."
msgstr "Tenant (penyewa) memberikan rincian untuk layanan keamanan."
msgid ""
"Test data recovery options regularly. One of the things that can be restored "
"from secured backups is the images. In case of a compromise, the best "
"practice would be to terminate running instances immediately and then "
"relaunch the instances from the images in the secured backup repository."
msgstr ""
"Uji opsi pemulihan data secara teratur. Salah satu hal yang bisa dipulihkan "
"dari backup yang aman adalah image nya. Jika terjadi bahaya, praktik terbaik "
"adalah segera menghentikan instance yang sedang berjalan dan kemudian "
"meluncurkan kembali instance dari image di repositori cadangan yang aman."
msgid "Test sanitation equipment and procedures to verify proper performance."
msgstr ""
"Uji peralatan dan prosedur sanitasi untuk memverifikasi kinerja yang tepat."
msgid "Testing it all out"
msgstr "Menguji semuanya"
msgid "Testing the updates"
msgstr "Menguji pembaruan"
msgid ""
"The \"HTTPONLY\" cookie attribute instructs web browsers not to allow "
"scripts (e.g. JavaScript or VBscript) an ability to access the cookies via "
"the DOM ``document.cookie`` object. This session ID protection is mandatory "
"to prevent session ID stealing through XSS attacks."
msgstr ""
"Atribut cookie \"HTTPONLY\" menginstruksikan browser web untuk tidak "
"mengizinkan skrip (mis., JavaScript atau VBscript) kemampuan untuk mengakses "
"cookie melalui objek DOM ``document.cookie``. Perlindungan ID sesi ini "
"adalah wajib untuk mencegah ID sesi mencuri melalui serangan XSS."
msgid ""
"The \"SECURE\" cookie attribute instructs web browsers to only send the "
"cookie through an encrypted HTTPS (SSL/TLS) connection. This session "
"protection mechanism is mandatory to prevent the disclosure of the session "
"ID through MitM (Man-in-the-Middle) attacks. It ensures that an attacker "
"cannot simply capture the session ID from web browser traffic."
msgstr ""
"Atribut cookie \"SECURE\" menginstruksikan browser web untuk hanya mengirim "
"cookie melalui sambungan HTTPS (SSL/TLS) terenkripsi. Mekanisme perlindungan "
"sesi ini wajib untuk mencegah pengungkapan ID sesi melalui serangan MitM "
"(Man-in-the-Middle). Ini memastikan bahwa penyerang tidak bisa begitu saja "
"menangkap ID sesi dari lalu lintas browser web."
msgid ""
"The *ciphers* line can be tweaked based on your needs, however this is a "
"reasonable starting place. The default configuration file is located in the "
"``/etc/stud`` directory. However, it is not provided by default."
msgstr ""
"Baris *ciphers * dapat di-tweak berdasarkan kebutuhan Anda, namun ini adalah "
"tempat awal yang masuk akal. File konfigurasi default terletak di direktori "
"``/etc/stud``. Namun, itu tidak disediakan secara default."
msgid ""
"The *share servers* mode can be configured with flat network, or with "
"segmented network. This depends on the network provider."
msgstr ""
"Mode *share server * dapat dikonfigurasi dengan jaringan datar, atau dengan "
"jaringan tersegmentasi. Hal ini tergantung pada penyedia jaringan."
msgid ""
"The :ref:`security service part <shared_fs_security_services>` of share "
"networks specify security requirements such as AD or LDAP domains or a "
"Kerberos realm. The Shared File Systems service assumes that any hosts "
"referred to in security service are reachable from a subnet where a share "
"server is created, which limits the number of cases where this mode could be "
"used."
msgstr ""
"The :ref:`security service part <shared_fs_security_services>` dari jaringan "
"berbagi menentukan persyaratan keamanan seperti domain AD atau LDAP atau "
"wilayah Kerberos. Layanan Shared File Systems mengasumsikan bahwa setiap "
"host yang disebutkan dalam layanan keamanan dapat dijangkau dari subnet "
"tempat server berbagi dibuat, yang membatasi jumlah kasus dimana mode ini "
"dapat digunakan."
msgid ""
"The :term:`Data Processing service (sahara)` provides a platform for the "
"provisioning, management, and usage of clusters running popular processing "
"frameworks."
msgstr ""
"The :term:`Data Processing service (sahara)` menyediakan platform untuk "
"penyediaan, pengelolaan, dan penggunaan cluster yang menjalankan kerangka "
"pemrosesan populer."
msgid ""
"The :term:`Shared File Systems service (manila)` provides a set of services "
"for managing shared file systems in a multi-tenant cloud environment, "
"similar to how OpenStack provides for block-based storage management through "
"the OpenStack Block Storage service project. With the Shared File Systems "
"service, you can create a remote file system, mount the file system on your "
"instances, and then read and write data from your instances to and from your "
"file system."
msgstr ""
"The :term:`Shared File Systems service (manila)` menyediakan seperangkat "
"layanan untuk mengelola sistem file bersama di lingkungan awan multi-"
"penyewa, serupa dengan bagaimana OpenStack menyediakan pengelolaan "
"penyimpanan berbasis blok melalui proyek layanan OpenStack Block Storage. "
"Dengan layanan Shared File Systems, Anda dapat membuat sistem file jauh, me-"
"mount sistem file pada instance Anda, dan kemudian membaca dan menulis data "
"dari instance Anda ke dan dari sistem file Anda."
msgid ""
"The API provides a tenant interface for provisioning, managing, and "
"accessing their resources."
msgstr ""
"API menyediakan antarmuka penyewa untuk penyediaan, pengelolaan, dan akses "
"sumber daya mereka."
msgid ""
"The API service should be configured for TLS to ensure data is encrypted."
msgstr ""
"Layanan API harus dikonfigurasi untuk TLS untuk memastikan data dienkripsi."
msgid "The Apache Foundation has a messaging security guide for Qpid. See:"
msgstr ""
"Apache Foundation memiliki panduan keamanan olahpesan untuk Qpid. Lihat:"
msgid ""
"The Apache Software Foundation, Apache Hive. 2016. `Hive <https://hive."
"apache.org>`__"
msgstr ""
"The Apache Software Foundation, Apache Hive. 2016. `Hive <https://hive."
"apache.org>`__"
msgid ""
"The Apache Software Foundation, Apache Oozie Workflow Scheduler for Hadoop. "
"2016. `Oozie project <https://oozie.apache.org>`__"
msgstr ""
"The Apache Software Foundation, Apache Oozie Workflow Scheduler for Hadoop. "
"2016. `Oozie project <https://oozie.apache.org>`__"
msgid ""
"The Apache Software Foundation, Apache Storm. 2016. `Storm project <https://"
"storm.apache.org>`__"
msgstr ""
"The Apache Software Foundation, Apache Storm. 2016. `Storm project <https://"
"storm.apache.org>`__"
msgid ""
"The Apache Software Foundation, Apache Zookeeper. 2016. `Zookeeper project "
"<https://zookeeper.apache.org>`__"
msgstr ""
"The Apache Software Foundation, Apache Zookeeper. 2016. `Zookeeper project "
"<https://zookeeper.apache.org>`__"
msgid ""
"The Apache Software Foundation, Cloudera Product Documentation. 2016. "
"`Cloudera CDH documentation <https://www.cloudera.com/content/cloudera/en/"
"documentation.html#CDH>`__"
msgstr ""
"The Apache Software Foundation, Cloudera Product Documentation. 2016. "
"`Cloudera CDH documentation <https://www.cloudera.com/content/cloudera/en/"
"documentation.html#CDH>`__"
msgid ""
"The Apache Software Foundation, HDFS User Guide. 2016. `Hadoop HDFS "
"documentation <https://hadoop.apache.org/docs/stable/hadoop-project-dist/"
"hadoop-hdfs/HdfsUserGuide.html>`__"
msgstr ""
"The Apache Software Foundation, HDFS User Guide. 2016. `Hadoop HDFS "
"documentation <https://hadoop.apache.org/docs/stable/hadoop-project-dist/"
"hadoop-hdfs/HdfsUserGuide.html>`__"
msgid ""
"The Apache Software Foundation, Hadoop in Secure Mode. 2016. `Hadoop secure "
"mode docs <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-"
"common/SecureMode.html>`__"
msgstr ""
"The Apache Software Foundation, Hadoop in Secure Mode. 2016. `Hadoop secure "
"mode docs <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-"
"common/SecureMode.html>`__"
msgid ""
"The Apache Software Foundation, Spark Security. 2016. `Spark security "
"documentation <https://spark.apache.org/docs/latest/security.html>`__"
msgstr ""
"The Apache Software Foundation, Spark Security. 2016. `Spark security "
"documentation <https://spark.apache.org/docs/latest/security.html>`__"
msgid ""
"The Apache Software Foundation, Spark. 2016. `Spark project <https://spark."
"apache.org>`__"
msgstr ""
"The Apache Software Foundation, Spark. 2016. `Spark project <https://spark."
"apache.org>`__"
msgid ""
"The Apache Software Foundation, Welcome to Apache Hadoop!. 2016. `Apache "
"Hadoop project <https://hadoop.apache.org>`__"
msgstr ""
"The Apache Software Foundation, Welcome to Apache Hadoop!. 2016. `Apache "
"Hadoop project <https://hadoop.apache.org>`__"
msgid ""
"The Apache Software Foundation, Welcome to Apache Pig. 2016. `Pig <https://"
"pig.apache.org>`__"
msgstr ""
"The Apache Software Foundation, Welcome to Apache Pig. 2016. `Pig <https://"
"pig.apache.org>`__"
msgid ""
"The Barbican team worked with the OpenStack Security Project to perform a "
"security review of a best practise Barbican deployment. The objective of the "
"security review is to identify weaknesses and defects in the design and "
"architecture of services, and propose controls or fixes to resolve these "
"issues."
msgstr ""
"Tim Barbican bekerja dengan OpenStack Security Project untuk melakukan "
"tinjauan keamanan terhadap penerapan barbecue praktik terbaik. Tujuan dari "
"tinjauan keamanan adalah untuk mengidentifikasi kelemahan dan kekurangan "
"dalam desain dan arsitektur layanan, dan mengusulkan kontrol atau perbaikan "
"untuk menyelesaikan masalah ini."
msgid ""
"The Barbican threat analysis identified eight security findings and two "
"recommendations to improve the security of a barbican deployment. These "
"results can be reviewed in the `security analysis repo <https://github.com/"
"openstack/security-analysis/tree/master/doc/source/artifacts/barbican/"
"newton>`_., along with the Barbican architecture diagram and architecture "
"description page."
msgstr ""
"Analisis ancaman Barbican mengidentifikasi delapan temuan keamanan dan dua "
"rekomendasi untuk memperbaiki keamanan penyebaran barbican. Hasil ini dapat "
"ditinjau ulang di `security analysis repo <https://github.com/openstack/"
"security-analysis/tree/master/doc/source/artifacts/barbican/newton>`_., "
"bersama dengan diagram arsitektur Barbican dan halaman deskripsi arsitektur."
msgid ""
"The CSA CCM is specifically designed to provide fundamental security "
"principles to guide cloud vendors and to assist prospective cloud customers "
"in assessing the overall security risk of a cloud provider. The CSA CCM "
"provides a controls framework that are aligned across 16 security domains. "
"The foundation of the Cloud Controls Matrix rests on its customized "
"relationship to other industry standards, regulations, and controls "
"frameworks such as: ISO 27001:2013, COBIT 5.0, PCI:DSS v3, AICPA 2014 Trust "
"Service Principles and Criteria and augments internal control direction for "
"service organization control reports attestations."
msgstr ""
"CSA CCM dirancang khusus untuk memberikan prinsip keamanan mendasar untuk "
"membimbing vendor cloud dan untuk membantu pelanggan awan prospektif dalam "
"menilai risiko keamanan keseluruhan dari penyedia awan. CSA CCM menyediakan "
"kerangka kerja kontrol yang diselaraskan di 16 domain keamanan. Dasar dari "
"Cloud Controls Matrix terletak pada hubungan yang disesuaikan dengan "
"standar, peraturan, dan kerangka kerja industri lainnya, seperti: ISO 27001: "
"2013, COBIT 5.0, PCI: DSS v3, AICPA 2014 Trust Service Principles and "
"Criteria dan menambah arahan pengendalian internal untuk pengendalian "
"organisasi layanan melaporkan pengesahan."
msgid ""
"The CSA CCM strengthens existing information security control environments "
"by enabling the reduction of security threats and vulnerabilities in the "
"cloud, provides standardized security and operational risk management, and "
"seeks to normalize security expectations, cloud taxonomy and terminology, "
"and security measures implemented in the cloud."
msgstr ""
"CSA CCM memperkuat lingkungan kontrol keamanan informasi yang ada dengan "
"memungkinkan pengurangan ancaman keamanan dan kerentanan di awan, memberikan "
"keamanan standar dan manajemen risiko operasional, dan berupaya "
"menormalisasi ekspektasi keamanan, taksonomi awan dan terminologi, dan "
"tindakan pengamanan yang diterapkan di awan."
msgid ""
"The Compute and Object Storage services can be configured to use the "
"Identity service to store authentication information. Other options to store "
"authentication information include the use of the \"tempAuth\" file, however "
"this should not be deployed in a production environment as the password is "
"displayed in plain text."
msgstr ""
"Layanan Compute and Object Storage dapat dikonfigurasi untuk menggunakan "
"layanan Identity untuk menyimpan informasi otentikasi. Pilihan lain untuk "
"menyimpan informasi otentikasi mencakup penggunaan file \"tempAuth\", namun "
"hal ini tidak boleh digunakan di lingkungan produksi karena kata sandi "
"ditampilkan dalam teks biasa."
msgid ""
"The Compute service facilitates this management through an abstraction layer "
"that interfaces with supported hypervisors (we address this later on in more "
"detail)."
msgstr ""
"Layanan Compute memfasilitasi pengelolaan ini melalui lapisan abstraksi yang "
"berinteraksi dengan hypervisor yang didukung (kami akan membahasnya nanti "
"secara lebih rinci)."
msgid ""
"The Dashboard (horizon) is the OpenStack dashboard that provides users a "
"self-service portal to provision their own resources within the limits set "
"by administrators. These include provisioning users, defining instance "
"flavors, uploading virtual machine (VM) images, managing networks, setting "
"up security groups, starting instances, and accessing the instances through "
"a console."
msgstr ""
"Dasbor (horizon) adalah dasbor OpenStack yang memberi pengguna portal "
"layanan mandiri untuk menyediakan sumber daya mereka sendiri sesuai batasan "
"yang ditetapkan oleh administrator. Ini termasuk pengguna provisioning, "
"mendefinisikan instance flavor, mengupload image mesin virtual (VM), "
"mengelola jaringan, menyiapkan grup keamanan, memulai menjalankan instance, "
"dan mengakses instance melalui konsol."
msgid ""
"The Dashboard is based on the Django web framework, ensuring secure "
"deployment practices for Django apply directly to horizon. This guide "
"provides a set of Django security recommendations. Further information can "
"be found by reading the `Django documentation <https://docs.djangoproject."
"com/>`_."
msgstr ""
"Dasbor didasarkan pada kerangka web Django, memastikan praktek penerapan "
"yang aman untuk Django berlaku langsung ke horizon. Panduan ini menyediakan "
"satu set rekomendasi keamanan Django. Informasi lebih lanjut dapat ditemukan "
"dengan membaca `Django documentation <https://docs.djangoproject.com/> `_."
msgid ""
"The Dashboard ships with default security settings, and has `deployment and "
"configuration documentation <https://docs.openstack.org/horizon/latest/user/"
"index.html>`_."
msgstr ""
"Dashboard dilengkapi dengan pengaturan keamanan default, dan memiliki "
"`deployment and configuration documentation <https://docs.openstack.org/"
"horizon/latest/user/index.html>`_."
msgid ""
"The Data Processing service (sahara) provides a platform for the "
"provisioning and management of instance clusters using processing frameworks "
"such as Hadoop and Spark. Through the OpenStack Dashboard, or REST API, "
"users are able to upload and execute framework applications which may access "
"data in object storage or external providers. The data processing controller "
"uses the Orchestration service (heat) to create clusters of instances which "
"may exist as long-running groups that can grow and shrink as requested, or "
"as transient groups created for a single workload."
msgstr ""
"Layanan Pengolahan Data (sahara) menyediakan platform untuk penyediaan dan "
"pengelolaan cluster instance menggunakan kerangka pemrosesan seperti Hadoop "
"dan Spark. Melalui OpenStack Dashboard, atau REST API, pengguna dapat "
"mengunggah dan menjalankan aplikasi kerangka yang dapat mengakses data di "
"penyimpanan objek atau penyedia eksternal. Pengontrol pengolahan data "
"menggunakan layanan Orchestration (heat) untuk membuat kumpulan instance "
"yang mungkin ada sebagai long-running group yang dapat tumbuh dan menyusut "
"sesuai permintaan, atau sebagai kelompok sementara yang dibuat untuk satu "
"beban kerja."
msgid ""
"The Data Processing service is responsible for the deployment and management "
"of several applications. For a complete understanding of the security "
"options provided we recommend that operators have a general familiarity with "
"these applications. The list of highlighted technologies is broken into two "
"sections: first, high priority applications that have a greater impact on "
"security, and second, supporting applications with a lower impact."
msgstr ""
"Layanan Data Processing bertanggung jawab atas pengerahan dan pengelolaan "
"beberapa aplikasi. Untuk pemahaman lengkap tentang opsi keamanan yang "
"diberikan, kami merekomendasikan agar operator memiliki keakraban umum "
"dengan aplikasi ini. Daftar teknologi yang disorot dibagi menjadi dua "
"bagian: pertama, aplikasi prioritas tinggi yang memiliki dampak lebih besar "
"pada keamanan, dan kedua, mendukung aplikasi dengan dampak yang lebih rendah."
msgid ""
"The Data processing service allows for the association of security groups "
"with instances provisioned for its clusters. With no additional "
"configuration the service will use the default security group for any "
"project that provisions clusters. A different security group may be used if "
"requested, or an automated option exists which instructs the service to "
"create a security group based on ports specified by the framework being "
"accessed."
msgstr ""
"Layanan pemrosesan data memungkinkan untuk asosiasi kelompok keamanan dengan "
"instance yang ditetapkan (provisioned) untuk kelompoknya. Tanpa konfigurasi "
"tambahan, layanan akan menggunakan grup keamanan default untuk setiap proyek "
"yang menyediakan cluster. Kelompok keamanan yang berbeda dapat digunakan "
"jika diminta, atau ada opsi otomatis yang menginstruksikan layanan untuk "
"membuat grup keamanan berdasarkan port yang ditentukan oleh kerangka "
"(framework) yang diakses."
msgid ""
"The Data processing service controller will be responsible for creating, "
"maintaining, and destroying any instances created for its clusters. The "
"controller will use the Networking service to establish network paths "
"between itself and the cluster instances. It will also manage the deployment "
"and life-cycle of user applications that are to be run on the clusters. The "
"instances within a cluster contain the core of a framework's processing "
"engine and the Data processing service provides several options for creating "
"and managing the connections to these instances."
msgstr ""
"Pengontrol layanan pengolahan Data akan bertanggung jawab untuk menciptakan, "
"memelihara, dan menghancurkan segala hal yang diciptakan untuk clusternya. "
"Pengontrol akan menggunakan layanan Networking untuk membangun jalur "
"jaringan antara dirinya dan cluster. Ini juga akan mengelola penyebaran dan "
"siklus hidup aplikasi pengguna yang akan dijalankan di cluster. Instance "
"dalam sebuah cluster berisi inti mesin pemrosesan kerangka dan layanan "
"pemrosesan Data menyediakan beberapa opsi untuk membuat dan mengelola "
"koneksi ke instance ini."
msgid ""
"The Data processing service controller, like many other OpenStack "
"controllers, can be configured to require TLS connections."
msgstr ""
"Pengontrol layanan pengolah data, seperti banyak pengendali OpenStack "
"lainnya, dapat dikonfigurasi untuk meminta koneksi TLS."
msgid ""
"The Data processing service is deployed, like many other OpenStack services, "
"as an application running on a host connected to the stack. As of the Kilo "
"release, it has the ability to be deployed in a distributed manner with "
"several redundant controllers. Like other services, it also requires a "
"database to store information about its resources. See :doc:`../databases`. "
"It is important to note that the Data processing service will need to manage "
"several Identity service trusts, communicate directly with the Orchestration "
"and Networking services, and potentially create users in a proxy domain. For "
"these reasons the controller will need access to the control plane and as "
"such we recommend installing it alongside other service controllers."
msgstr ""
"Layanan pengolahan Data dikerahkan, seperti banyak layanan OpenStack "
"lainnya, sebagai aplikasi yang berjalan pada host yang terhubung ke stack. "
"Pada rilis Kilo, ia memiliki kemampuan untuk ditempatkan secara "
"terdistribusi dengan beberapa pengendali yang berlebihan. Seperti layanan "
"lainnya, juga membutuhkan database untuk menyimpan informasi tentang sumber "
"dayanya. Lihat :doc:`../databases`. Penting untuk dicatat bahwa layanan "
"pemrosesan Data perlu mengelola beberapa kepercayaan layanan Identity, "
"berkomunikasi langsung dengan layanan Orchestration dan Networking, dan "
"berpotensi membuat pengguna di domain proxy. Untuk alasan ini pengendali "
"akan memerlukan akses ke control plane (bidang) dan karena itu sebaiknya "
"pasang di samping controller layanan lainnya."
msgid ""
"The Data processing service makes heavy use of the Compute, Orchestration, "
"Image, and Block Storage services during the provisioning of clusters. It "
"will also use one or more networks, created by the Networking service, "
"provided during cluster creation for administrative access to the instances. "
"While users are running framework applications the controller and the "
"clusters will be accessing the Object Storage service. Given these service "
"usages, we recommend following the instructions outlined in :doc:`../"
"documentation` for cataloging all the components of an installation."
msgstr ""
"Layanan pengolahan Data membuat penggunaan berat dari layanan Compute, "
"Orchestration, Image, dan Block Storage selama penyediaan cluster. Ini juga "
"akan menggunakan satu atau beberapa jaringan, yang diciptakan oleh layanan "
"Networking, yang disediakan selama pembuatan cluster untuk akses "
"administratif ke instance. Sementara pengguna menjalankan aplikasi framework "
"controller dan cluster akan mengakses layanan Object Storage. Dengan "
"penggunaan layanan ini, sebaiknya ikuti petunjuk yang diuraikan di :doc:`../"
"documentation` untuk membuat katalog semua komponen instalasi."
msgid ""
"The Data processing service uses a policy file, as described in :doc:`../"
"identity/policies`, to configure role-based access control. Using the policy "
"file an operator can restrict a groups access to specific data processing "
"functionality."
msgstr ""
"Layanan pemrosesan data menggunakan file kebijakan, seperti yang dijelaskan "
"di :doc:`../identity/policies`, untuk mengkonfigurasi kontrol akses berbasis "
"peran. Dengan menggunakan file kebijakan, operator dapat membatasi akses "
"grup ke fungsionalitas pemrosesan data tertentu."
msgid ""
"The Defense Information Systems Agency (DISA) (part of the United States "
"Department of Defense) publishes STIG content for various operating systems, "
"applications, and hardware. The controls are published without any license "
"attached."
msgstr ""
"The Defense Information Systems Agency (DISA) (bagian dari United States "
"Department of Defense) menerbitkan konten STIG untuk berbagai sistem "
"operasi, aplikasi, dan perangkat keras. Kontrol diterbitkan tanpa lisensi "
"apapun."
msgid ""
"The Dogtag secret store plugin is used to communicate with `Dogtag <http://"
"pki.fedoraproject.org/wiki/PKI_Main_Page>`_. Dogtag is the upstream project "
"corresponding to the Red Hat Certificate System, a Common Criteria/FIPS "
"certified PKI solution that contains a Certificate Manager (CA) and a Key "
"Recovery Authority (KRA) which is use to securely store secrets. The KRA "
"stores secrets as encrypted blobs in its internal database, with the master "
"encryption keys being stored either in a software-based NSS security "
"database, or in a Hardware Security Module (HSM). The software-based NSS "
"database configuration provides a secure option for deployments that do not "
"wish to use a HSM. The KRA is a component of FreeIPA, therefore it is "
"possible to configure the plugin with a FreeIPA server. More detailed "
"instructions on how to set up Barbican with FreeIPA are provided `in the "
"following blog post <https://vakwetu.wordpress.com/2015/11/30/barbican-and-"
"dogtagipa/>`_."
msgstr ""
"Plugin penyimpanan rahasia Dogtag digunakan untuk berkomunikasi dengan "
"`Dogtag <http://pki.fedoraproject.org/wiki/PKI_Main_Page>`_. Dogtag adalah "
"proyek hulu yang sesuai dengan Red Hat Certificate System, Common Criteria / "
"FIPS certified PKI solution yang berisi Certificate Manager (CA) dan Key "
"Recovery Authority (KRA) yang digunakan untuk menyimpan rahasia dengan aman. "
"KRA menyimpan rahasia sebagai gumpalan terenkripsi di database internalnya, "
"dengan kunci enkripsi utama disimpan dalam basis data keamanan NSS berbasis "
"perangkat lunak, atau di Hardware Security Module (HSM). Konfigurasi "
"database NSS berbasis perangkat lunak menyediakan opsi aman untuk penerapan "
"yang tidak ingin menggunakan HSM. KRA adalah komponen FreeIPA, oleh karena "
"itu dimungkinkan untuk mengkonfigurasi plugin dengan server FreeIPA. "
"Instruksi lebih rinci tentang cara mengatur Barbican dengan FreeIPA "
"disediakan `in the following blog post <https://vakwetu.wordpress."
"com/2015/11/30/barbican-and-dogtagipa/>`_."
msgid ""
"The Federal Information Security Management Act requires that government "
"agencies create a comprehensive plan to implement numerous government "
"security standards, and was enacted within the E-Government Act of 2002. "
"FISMA outlines a process, which utilizing multiple NIST publications, "
"prepares an information system to store and process government data."
msgstr ""
"The Federal Information Security Management Act mensyaratkan bahwa instansi "
"pemerintah membuat rencana komprehensif untuk menerapkan banyak standar "
"keamanan pemerintah, dan diundangkan dalam E-Government Act tahun 2002. "
"FISMA menguraikan sebuah proses, yang memanfaatkan beberapa publikasi NIST, "
"menyiapkan sebuah sistem informasi untuk menyimpan dan memproses data "
"pemerintah."
msgid ""
"The Fieldwork phase is the most visible portion of the audit. This is where "
"the auditors are onsite, interviewing the control owners, documenting the "
"controls that are in place, and identifying any issues. It is important to "
"note that the auditors will use a two part process for evaluating the "
"controls in place. The first part is evaluating the design effectiveness of "
"the control. This is where the auditor will evaluate whether the control is "
"capable of effectively preventing or detecting and correcting weaknesses and "
"deficiencies. A control must pass this test to be evaluated in the second "
"phase. This is because with a control that is designed ineffectually, there "
"is no point considering whether it is operating effectively. The second part "
"is operational effectiveness. Operational effectiveness testing will "
"determine how the control was applied, the consistency with which the "
"control was applied and by whom or by what means the control was applied. A "
"control may depend upon other controls (indirect controls) and, if they do, "
"additional evidence that demonstrates the operating effectiveness of those "
"indirect controls may be required for the auditor to determine the overall "
"operating effectiveness of the control."
msgstr ""
"Tahap Fieldwork adalah bagian audit yang paling terlihat. Di sinilah auditor "
"berada di tempat, mewawancarai pemilik kontrol, mendokumentasikan kontrol "
"yang ada, dan mengidentifikasi masalah apa pun. Penting untuk dicatat bahwa "
"auditor akan menggunakan dua bagian proses untuk mengevaluasi kontrol yang "
"ada. Bagian pertama adalah mengevaluasi keefektifan desain kontrol. Di "
"sinilah auditor akan mengevaluasi apakah pengendalian mampu secara efektif "
"mencegah atau mendeteksi dan memperbaiki kelemahan dan kekurangan. Suatu "
"kontrol harus lulus uji ini untuk dievaluasi pada tahap kedua. Ini karena "
"dengan kontrol yang dirancang tidak efektif, tidak ada gunanya "
"mempertimbangkan apakah operasi itu berjalan efektif. Bagian kedua adalah "
"efektivitas operasional. Pengujian efektivitas operasional akan menentukan "
"bagaimana kontrol diterapkan, konsistensi pengendalian diterapkan dan oleh "
"siapa atau dengan cara apa kontrol diterapkan. Pengendalian mungkin "
"bergantung pada kontrol lain (kontrol tidak langsung) dan, jika memang, "
"bukti tambahan yang menunjukkan efektivitas operasi dari kontrol tidak "
"langsung tersebut mungkin diperlukan auditor untuk menentukan keseluruhan "
"efektivitas operasi pengendalian."
msgid ""
"The Generic driver we use in example does not support any of the security "
"services, thus with NFS shared file system protocol we can grant access only "
"through the IP address:"
msgstr ""
"Driver Generik yang kami gunakan misalnya tidak mendukung layanan keamanan "
"apa pun, sehingga dengan protokol sistem file shared NFS kami dapat "
"memberikan akses hanya melalui alamat IP:"
msgid ""
"The Health Insurance Portability and Accountability Act (HIPAA) is a United "
"States congressional act that governs the collection, storage, use and "
"destruction of patient health records. The act states that Protected Health "
"Information (PHI) must be rendered \"unusable, unreadable, or indecipherable"
"\" to unauthorized persons and that encryption for data 'at-rest' and "
"'inflight' should be addressed."
msgstr ""
"The Health Insurance Portability and Accountability Act (HIPAA) adalah "
"keputusan kongres Amerika Serikat yang mengatur pengumpulan, penyimpanan, "
"penggunaan dan penghancuran catatan kesehatan pasien. Keputusan tersebut "
"menyatakan bahwa Protected Health Information (PHI) harus diberikan "
"\"unusable, unreadable, or indecipherable\" kepada orang-orang yang tidak "
"berwenang dan bahwa enkripsi untuk data 'at-rest' dan 'inflight' harus "
"ditangani."
msgid "The IOMMU feature is marketed as VT-d by Intel and AMD-Vi by AMD."
msgstr "Fitur IOMMU dipasarkan sebagai VT-d oleh Intel dan AMD-Vi oleh AMD."
msgid ""
"The ISO 27001 Information Security standard and certification has been used "
"for many years to evaluate and distinguish an organizations alignment with "
"information Security best practices. The standard is comprised of two parts: "
"Mandatory Clauses that define the Information Security Management System "
"(ISMS) and Annex A which contains a list of controls organized by domain."
msgstr ""
"Sertifikasi dan standar ISO 27001 Information Security telah digunakan "
"bertahun-tahun untuk mengevaluasi dan membedakan penyelarasan organisasi "
"dengan informasi praktik terbaik keamanan. Standar ini terdiri dari dua "
"bagian: Mandatory Clause yang menetapkan Information Security Management "
"System (ISMS) dan Annex A yang berisi daftar kontrol yang diatur oleh domain."
msgid ""
"The ISO/IEC 27001/2 standards replace BS7799-2, and are specifications for "
"an Information Security Management System (ISMS). An ISMS is a comprehensive "
"set of policies and processes that an organization creates and maintains to "
"manage risk to information assets. These risks are based upon the "
"confidentiality, integrity, and availability (CIA) of user information. The "
"CIA security triad has been used as a foundation for much of the chapters in "
"this book."
msgstr ""
"Standar ISO / IEC 27001/2 menggantikan BS7799-2, dan merupakan spesifikasi "
"untuk Information Security Management System (ISMS). ISMS adalah serangkaian "
"kebijakan dan proses yang komprehensif yang diciptakan dan dikelola oleh "
"sebuah organisasi untuk mengelola risiko terhadap aset informasi. Risiko ini "
"didasarkan pada confidentiality, integrity, and availability (CIA) informasi "
"pengguna. Triad keamanan CIA telah digunakan sebagai landasan bagi sebagian "
"besar bab dalam buku ini."
msgid ""
"The Identity V3 API supports multiple domains. Users of different domains "
"may be represented in different authentication back ends and even have "
"different attributes that must be mapped to a single set of roles and "
"privileges, that are used in the policy definitions to access the various "
"service resources."
msgstr ""
"Identity V3 API mendukung beberapa domain. Pengguna domain yang berbeda "
"dapat diwakili dalam otentikasi yang berbeda dan bahkan memiliki atribut "
"yang berbeda yang harus dipetakan ke satu set peran dan hak istimewa, yang "
"digunakan dalam definisi kebijakan untuk mengakses berbagai sumber layanan."
msgid ""
"The Identity service **MUST NOT** be allowed to write to LDAP services used "
"for authentication outside of the OpenStack deployment as this would allow a "
"sufficiently privileged keystone user to make changes to the LDAP directory. "
"This would allow privilege escalation within the wider organization or "
"facilitate unauthorized access to other information and resources. In such a "
"deployment, user provisioning would be out of the realm of the OpenStack "
"deployment."
msgstr ""
"Layanan Identity **MUST NOT** diizinkan untuk menulis ke layanan LDAP yang "
"digunakan untuk otentikasi di luar penerapan OpenStack karena hal ini akan "
"memungkinkan keystone user yang memiliki hak istimewa untuk membuat "
"perubahan pada direktori LDAP. Hal ini akan memungkinkan eskalasi hak "
"istimewa di dalam organisasi yang lebih luas atau memfasilitasi akses tidak "
"sah ke informasi dan sumber daya lainnya. Dalam penyebaran seperti itu, user "
"provisioning akan berada di luar wilayah penerapan OpenStack."
msgid ""
"The Identity service administrator can create as many groups as there are "
"SAML attributes, whatever the mapping calls for."
msgstr ""
"Administrator layanan Identity dapat membuat sebanyak mungkin kelompok "
"karena ada atribut SAML, apa pun pemanggilan pemetaannya."
msgid ""
"The Identity service can be used for authentication in the Shared File "
"Systems service. See details of the Identity service security in :doc:`../"
"identity` section."
msgstr ""
"Layanan Identity dapat digunakan untuk otentikasi dalam layanan Shared File "
"Systems. Lihat rincian keamanan layanan Identity di bagian :doc:`../"
"identity`."
msgid ""
"The Identity service can directly provide end-user authentication, or can be "
"configured to use external authentication methods to conform to an "
"organization's security policies and requirements."
msgstr ""
"Layanan Identity dapat secara langsung memberikan otentikasi pengguna akhir, "
"atau dapat dikonfigurasi untuk menggunakan metode otentikasi eksternal agar "
"sesuai dengan kebijakan dan persyaratan keamanan organisasi."
msgid ""
"The Identity service can store user credentials in an SQL Database, or may "
"use an LDAP-compliant directory server. The Identity database may be "
"separate from databases used by other OpenStack services to reduce the risk "
"of a compromise of the stored credentials."
msgstr ""
"Layanan Identitas dapat menyimpan kredensial pengguna di Database SQL, atau "
"mungkin menggunakan server direktori LDAP-compliant. Database Identitas "
"mungkin terpisah dari database yang digunakan oleh layanan OpenStack lainnya "
"untuk mengurangi risiko kompromi kredensial yang tersimpan."
msgid ""
"The Identity service catalog should be aware of your internal URLs. While "
"this feature is not utilized by default, it may be leveraged through "
"configuration. Additionally, it should be forward-compatible with expectant "
"changes once this behavior becomes the default."
msgstr ""
"Katalog layanan identitas harus mengetahui URL internal Anda. Sementara "
"fitur ini tidak digunakan secara default, mungkin leveraged melalui "
"konfigurasi. Selain itu, harus kompatibel dengan perubahan yang harus "
"dilakukan jika perilaku ini menjadi default."
msgid ""
"The Identity service does not provide a method to limit access to accounts "
"after repeated unsuccessful login attempts. A pattern of repetitive failed "
"login attempts is generally an indicator of brute-force attacks (refer to :"
"ref:`introduction_attack_types`). This type of attack is more prevalent in "
"public cloud deployments."
msgstr ""
"Layanan Identitas tidak menyediakan metode untuk membatasi akses ke akun "
"setelah upaya masuk gagal berulang kali. Pola upaya login gagal berulang "
"pada umumnya merupakan indikator serangan brute force (lihat :ref: "
"`introduction_attack_type`). Jenis serangan ini lebih lazim dalam penyebaran "
"awan publik."
msgid ""
"The Identity service supports client authentication for TLS which may be "
"enabled. TLS client authentication provides an additional authentication "
"factor, in addition to the user name and password, that provides greater "
"reliability on user identification. It reduces the risk of unauthorized "
"access when user names and passwords may be compromised. However, there is "
"additional administrative overhead and cost to issue certificates to users "
"that may not be feasible in every deployment."
msgstr ""
"Layanan Identitas mendukung otentikasi klien untuk TLS yang mungkin "
"diaktifkan. Otentikasi klien TLS memberikan faktor otentikasi tambahan, "
"selain nama pengguna dan kata sandi, yang memberikan keandalan yang lebih "
"besar pada identifikasi pengguna. Ini mengurangi risiko akses tidak sah saat "
"nama pengguna dan kata sandi dapat dikompromikan. Namun, ada biaya "
"administrasi tambahan dan biaya untuk menerbitkan sertifikat kepada pengguna "
"yang mungkin tidak layak dilakukan di setiap penempatan."
msgid ""
"The Identity service supports the notion of groups and roles. Users belong "
"to groups while a group has a list of roles. OpenStack services reference "
"the roles of the user attempting to access the service. The OpenStack policy "
"enforcer middleware takes into consideration the policy rule associated with "
"each resource then the user's group/roles and association to determine if "
"access is allowed to the requested resource."
msgstr ""
"Layanan Identitas mendukung gagasan tentang kelompok dan peran. Pengguna "
"termasuk dalam kelompok sementara sebuah kelompok memiliki daftar peran. "
"Layanan OpenStack merujuk pada peran pengguna yang mencoba mengakses layanan "
"ini. Middleware penegakan kebijakan OpenStack mempertimbangkan aturan "
"kebijakan yang terkait dengan setiap sumber daya, maka kelompok/peran "
"pengguna dan asosiasi menentukan apakah akses diizinkan ke sumber yang "
"diminta."
msgid ""
"The Identity service supports token revocation. This manifests as an API to "
"revoke a token, to list revoked tokens and individual OpenStack services "
"that cache tokens to query for the revoked tokens and remove them from their "
"cache and append the same to their list of cached revoked tokens."
msgstr ""
"Layanan Identity mendukung pencabutan token. Ini bermanifestasi sebagai API "
"untuk mencabut token, mencantumkan token dicabut dan layanan OpenStack "
"individual yang menyimpan token cache untuk kueri atas tolak ukur yang "
"dicabut dan menghapusnya dari cache dan menambahkannya ke daftar kuota "
"pencekalan yang tersimpan."
msgid ""
"The International Traffic in Arms Regulations (ITAR) is a set of United "
"States government regulations that control the export and import of defense-"
"related articles and services on the United States Munitions List (USML) and "
"related technical data. ITAR is often approached by cloud providers as an "
"\"operational alignment\" rather than a formal certification. This typically "
"involves implementing a segregated cloud environment following practices "
"based on the NIST 800-53 framework, as per FISMA requirements, complemented "
"with additional controls restricting access to \"U.S. Persons\" only and "
"background screening."
msgstr ""
"The International Traffic in Arms Regulations (ITAR) adalah seperangkat "
"peraturan pemerintah Amerika Serikat yang mengendalikan ekspor dan impor "
"artikel dan layanan yang berkaitan dengan pertahanan di United States "
"Munitions List (USML) dan data teknis terkait. ITAR sering didekati oleh "
"penyedia awan sebagai \"operational alignment\" dan bukan sertifikasi "
"formal. Ini biasanya melibatkan penerapan lingkungan awan terpisah mengikuti "
"praktik berdasarkan kerangka NIST 800-53, sesuai persyaratan FISMA, "
"dilengkapi dengan kontrol tambahan yang membatasi akses terhadap \"U.S. "
"Persons\" saja dan pemutaran latar belakang."
msgid ""
"The KVM hypervisor has been Common Criteria certified through the U.S. "
"Government and commercial distributions. These have been validated to "
"separate the runtime environment of virtual machines from each other, "
"providing foundational technology to enforce instance isolation. In addition "
"to virtual machine isolation, KVM has been Common Criteria certified to...:"
msgstr ""
"Hypervisor KVM telah menjadi kriteria umum (Common Criteria) yang "
"disertifikasi melalui Pemerintah A.S. dan distribusi komersial. Ini telah "
"divalidasi untuk memisahkan lingkungan runtime mesin virtual satu sama lain, "
"menyediakan teknologi dasar untuk menerapkan isolasi misalnya. Selain "
"isolasi mesin virtual, KVM telah menjadi Common Criteria yang disertifikasi "
"untuk ...:"
msgid ""
"The Key Manager service has a plugin architecture that allows the deployer "
"to store secrets in one or more secret stores. Secret stores can be software-"
"based, such as a software token, or hardware devices such as a hardware "
"security module (HSM). This section describes the plugins that are currently "
"available and discusses the security posture of each one. Plugins are "
"enabled and configured with settings in the ``/etc/barbican/barbican.conf`` "
"configuration file."
msgstr ""
"Layanan Key Manager memiliki arsitektur plugin yang memungkinkan penyebar "
"untuk menyimpan rahasia di satu atau lebih penyimpanan rahasia. Penyimpanan "
"rahasia dapat berbasis perangkat lunak, seperti token perangkat lunak, atau "
"perangkat keras seperti hardware security module (HSM). Bagian ini "
"menjelaskan plugin yang tersedia saat ini dan membahas postur keamanan "
"masing-masing. Plugin diaktifkan dan dikonfigurasi dengan pengaturan di file "
"konfigurasi ``/etc/barbican/barbican.conf``."
msgid ""
"The L3 router provides basic Network Address Translation (NAT) capabilities "
"on *gateway* ports that uplink the router to external networks. This router "
"SNATs (Static NAT) all traffic by default, and supports floating IPs, which "
"creates a static one-to-one mapping from a public IP on the external network "
"to a private IP on one of the other subnets attached to the router."
msgstr ""
"Router L3 menyediakan kemampuan Network Address Translation (NAT) dasar pada "
"port *gateway * yang menghubungkan router ke jaringan eksternal. SNAT router "
"ini (Static NAT) semua lalu lintas secara default, dan mendukung floating "
"IP, yang menciptakan pemetaan one-to-one statis dari IP publik di jaringan "
"eksternal ke IP private di salah satu subnet lainnya yang terhubung ke "
"router."
msgid ""
"The LBaaS (Load-Balancer-as-a-Service) feature of Neutron and the Octavia "
"project need certificates and their private keys to provide load balancing "
"for TLS connections. Barbican can be used to store this sensitive "
"information."
msgstr ""
"Fitur LBaaS (Load-Balancer-as-a-Service) dari Neutron dan proyek Octavia "
"memerlukan sertifikat dan private key mereka untuk memberikan load balancing "
"untuk koneksi TLS. Barbican bisa digunakan untuk menyimpan informasi "
"sensitif ini."
msgid ""
"The Lightweight Directory Access Protocol. An application protocol for "
"accessing and maintaining distributed directory information services over an "
"IP network."
msgstr ""
"The Lightweight Directory Access Protocol. Protokol aplikasi untuk mengakses "
"dan memelihara layanan informasi direktori terdistribusi melalui jaringan IP."
msgid ""
"The Networking service (neutron) supports bandwidth-limiting QoS rules in "
"Liberty and later. This QoS rule is named ``QosBandwidthLimitRule`` and it "
"accepts two non-negative integers measured in kilobits per second:"
msgstr ""
"Layanan Networking (Netron) mendukung aturan QoS yang membatasi bandwidth di "
"Liberty dan versi kemudian. Aturan QoS ini diberi nama `` "
"QosBandwidthLimitRule`` dan menerima dua bilangan bulat non-negatif yang "
"diukur dalam kilobit per detik:"
msgid ""
"The Networking service plays an important role in the provisioning of "
"clusters. Prior to provisioning, the user is expected to provide one or more "
"networks for the cluster instances. The action of associating networks is "
"similar to the process of assigning networks when launching instances "
"through the dashboard. These networks are used by the controller for "
"administrative access to the instances and frameworks of its clusters."
msgstr ""
"Layanan Networking memainkan peran penting dalam penyediaan cluster. Sebelum "
"melakukan provisioning, pengguna diharapkan menyediakan satu atau lebih "
"jaringan untuk cluster instance. Tindakan mengaitkan jaringan mirip dengan "
"proses menugaskan jaringan saat meluncurkan instance melalui dasbor. "
"Jaringan ini digunakan oleh pengendali untuk akses administratif terhadap "
"instance dan kerangka clusternya."
msgid ""
"The Object Storage service is used by the Data processing service to store "
"job binaries and data sources. Users wishing to have access to the full Data "
"processing service functionality will need an object store in the projects "
"they are using."
msgstr ""
"Layanan Object Storage digunakan oleh layanan pengolahan Data untuk "
"menyimpan job binary dan data source. Pengguna yang ingin memiliki akses ke "
"fungsionalitas pemrosesan Data penuh akan membutuhkan object store dalam "
"proyek yang mereka gunakan."
msgid ""
"The OpenStack :term:`Block Storage service (cinder)` provides persistent "
"block storage for compute instances. The Block Storage service is "
"responsible for managing the life-cycle of block devices, from the creation "
"and attachment of volumes to instances, to their release."
msgstr ""
"OpenStack :term:`Block Storage service (cinder)` menyediakan penyimpanan "
"blok persisten untuk komputasi instance. Layanan Block Storage bertanggung "
"jawab untuk mengelola siklus hidup perangkat blok, mulai dari pembuatan dan "
"pelekatan volume ke instance, hingga pembebasannya."
msgid ""
"The OpenStack :term:`Dashboard (horizon)` provides a web-based interface for "
"both cloud administrators and cloud tenants. Using this interface, "
"administrators and tenants can provision, manage, and monitor cloud "
"resources. The dashboard is commonly deployed in a public-facing manner with "
"all the usual security concerns of public web portals."
msgstr ""
"The OpenStack :term:`Dashboard (horizon)` menyediakan antarmuka berbasis web "
"untuk administrator awan dan penyewa awan. Dengan menggunakan antarmuka ini, "
"administrator dan penyewa dapat menyediakan, mengelola, dan memantau sumber "
"daya awan. Dasbor biasanya dipasang dengan cara yang berhadapan dengan "
"publik dengan semua masalah keamanan biasa dari portal web umum."
msgid ""
"The OpenStack :term:`Identity service (keystone)` is a **shared service** "
"that provides authentication and authorization services throughout the "
"entire cloud infrastructure. The Identity service has pluggable support for "
"multiple forms of authentication."
msgstr ""
"The OpenStack :term:`Identity service (keystone)` adalah **shared service** "
"yang menyediakan layanan autentikasi dan otorisasi di seluruh infrastruktur "
"awan. Layanan Identitas memiliki dukungan pluggable untuk berbagai bentuk "
"otentikasi."
msgid ""
"The OpenStack :term:`Image service (glance)` provides disk-image management "
"services, including image discovery, registration, and delivery services to "
"the Compute service, as needed."
msgstr ""
"The OpenStack :term:`Image service (glance)` menyediakan layanan pengelolaan "
"disk-image, termasuk penemuan image, registrasi, dan layanan pengiriman ke "
"layanan Compute, sesuai kebutuhan."
msgid ""
"The OpenStack :term:`Networking service <Networking service (neutron)>` "
"(neutron, previously called quantum) provides various networking services to "
"cloud users (tenants) such as IP address management, DNS, DHCP, load "
"balancing, and security groups (network access rules, like firewall "
"policies). This service provides a framework for software defined networking "
"(SDN) that allows for pluggable integration with various networking "
"solutions."
msgstr ""
"The OpenStack :term:`Networking service <Networking service (neutron)>` "
"(neutron, yang sebelumnya disebut quantum) menyediakan berbagai layanan "
"jaringan untuk pengguna awan (penyewa) seperti manajemen alamat IP, DNS, "
"DHCP, load balancing, dan kelompok keamanan (aturan akses jaringan, seperti "
"kebijakan firewall). Layanan ini menyediakan framework untuk software "
"defined networking (SDN) yang memungkinkan integrasi pluggable dengan "
"berbagai solusi jaringan."
msgid ""
"The OpenStack :term:`Object Storage service (swift)` provides support for "
"storing and retrieving arbitrary data in the cloud. The Object Storage "
"service provides both a native API and an Amazon Web Services S3-compatible "
"API. The service provides a high degree of resiliency through data "
"replication and can handle petabytes of data."
msgstr ""
"OpenStack :term:`Object Storage service (swift)` memberikan dukungan untuk "
"menyimpan dan mengambil data secara acak di awan. Layanan Object Storage "
"menyediakan native API dan Amazon Web Services S3-compatible API. Layanan "
"ini memberikan tingkat ketahanan yang tinggi melalui replikasi data dan "
"dapat menangani petabyte data."
msgid ""
"The OpenStack API is a RESTful web service endpoint to access, provision and "
"automate cloud-based resources. Operators and users typically access the API "
"through command-line utilities (for example, ``nova`` or ``glance``), "
"language-specific libraries, or third-party tools."
msgstr ""
"API OpenStack adalah endpoint layanan Web RESTful untuk mengakses, "
"menyediakan dan mengotomatisasi sumber daya berbasis awan. Operator dan "
"pengguna biasanya mengakses API melalui utilitas command-line (misalnya, "
"``nova`` atau ``glance``), language-specific libraries, atau alat pihak "
"ketiga."
msgid ""
"The OpenStack Compute service (nova) runs in many locations throughout the "
"cloud and interacts with a variety of internal services. The OpenStack "
"Compute service offers a variety of configuration options which may be "
"deployment specific."
msgstr ""
"Layanan OpenStack Compute (nova) berjalan di banyak lokasi di seluruh awan "
"dan berinteraksi dengan berbagai layanan internal. Layanan OpenStack Compute "
"menawarkan berbagai opsi konfigurasi yang mungkin spesifik untuk pemasangan."
msgid ""
"The OpenStack Dashboard (horizon) can provide a VNC console for instances "
"directly on the web page using the HTML5 noVNC client. This requires the "
"``nova-novncproxy`` service to bridge from the public network to the "
"management network."
msgstr ""
"Dashboar OpenStack (horizon) dapat menyediakan konsol VNC untuk instance "
"langsung di halaman web menggunakan klien HTML5 noVNC. Ini memerlukan "
"layanan ``nova-novncproxy`` untuk menjembatani dari jaringan publik ke "
"jaringan manajemen."
msgid ""
"The OpenStack Documentation provides guidance on how to create and upload an "
"image to the Image service. Additionally it is assumed that you have a "
"process by which you install and harden operating systems. Thus, the "
"following items will provide additional guidance on how to ensure your "
"images are transferred securely into OpenStack. There are a variety of "
"options for obtaining images. Each has specific steps that help validate the "
"image's provenance."
msgstr ""
"OpenStack Documentation memberikan panduan bagaimana membuat dan mengunggah "
"image ke layanan Image. Selain itu diasumsikan bahwa Anda memiliki proses di "
"mana Anda menginstal dan mengeras sistem operasi. Dengan demikian, item "
"berikut akan memberikan panduan tambahan tentang bagaimana memastikan image "
"Anda ditransfer dengan aman ke dalam OpenStack. Ada berbagai pilihan untuk "
"mendapatkan image. Masing-masing memiliki langkah-langkah khusus yang "
"membantu memvalidasi asalnya image."
msgid ""
"The OpenStack Identity service (keystone) supports multiple methods of "
"authentication, including user name & password, LDAP, and external "
"authentication methods. Upon successful authentication, The Identity service "
"provides the user with an authorization token used for subsequent service "
"requests."
msgstr ""
"Layanan OpenStack Identity (keystone) mendukung beberapa metode otentikasi, "
"termasuk nama pengguna & password, LDAP, dan metode otentikasi eksternal. "
"Setelah otentikasi berhasil, layanan Identitas memberi pengguna sebuah token "
"otorisasi yang digunakan untuk permintaan layanan berikutnya."
msgid ""
"The OpenStack Identity service supports Cloud Auditing Data Federation "
"(CADF) notification, providing auditing data for compliance with security, "
"operational, and business processes. For more information, see the `Keystone "
"developer documentation <https://docs.openstack.org/keystone/latest/advanced-"
"topics/event_notifications.html#auditing-with-cadf>`_."
msgstr ""
"Layanan OpenStack Identity mendukung pemberitahuan Cloud Auditing Data "
"Federation (CADF), memberikan data audit untuk mematuhi proses keamanan, "
"operasional, dan bisnis. Untuk informasi lebih lanjut, lihat `Keystone "
"developer documentation <https://docs.openstack.org/keystone/latest/advanced-"
"topics/event_notifications.html#auditing-with-cadf>`_."
msgid ""
"The OpenStack Management Utilities are open-source Python command-line "
"clients that make API calls. There is a client for each OpenStack service "
"(for example, nova, glance). In addition to the standard CLI client, most of "
"the services have a management command-line utility which makes direct calls "
"to the database. These dedicated management utilities are slowly being "
"deprecated."
msgstr ""
"OpenStack Management Utilities adalah klien command-line Python open-source "
"yang membuat panggilan API. Ada klien untuk setiap layanan OpenStack "
"(misalnya, nova, glance). Selain klien CLI standar, sebagian besar layanan "
"memiliki utilitas command-line manajemen yang membuat panggilan langsung ke "
"database. Utilitas manajemen dedicated ini perlahan tidak digunakan lagi."
msgid "The OpenStack Networking components are:"
msgstr "Komponen OpenStack Networking adalah:"
msgid ""
"The OpenStack Networking service (neutron) enables the end-user or tenant to "
"define, utilize, and consume networking resources. OpenStack Networking "
"provides a tenant-facing API for defining network connectivity and IP "
"addressing for instances in the cloud, in addition to orchestrating the "
"network configuration. With the transition to an API-centric networking "
"service, cloud architects and administrators should take into consideration "
"best practices to secure physical and virtual network infrastructure and "
"services."
msgstr ""
"Layanan OpenStack Networking (neutron) memungkinkan end-user atau penyewa "
"untuk menentukan, memanfaatkan, dan mengkonsumsi sumber daya jaringan. "
"OpenStack Networking menyediakan tenant-facing API untuk menentukan "
"konektivitas jaringan dan pengalamatan IP untuk instance di awan, selain "
"mengatur konfigurasi jaringan. Dengan transisi ke layanan jaringan API-"
"centric, arsitek dan administrator awan harus mempertimbangkan best practice "
"(praktik terbaik) untuk mengamankan infrastruktur dan layanan jaringan fisik "
"dan virtual."
msgid ""
"The OpenStack Networking service provides security group functionality using "
"a mechanism that is more flexible and powerful than the security group "
"capabilities built into OpenStack Compute. Thus, ``nova.conf`` should always "
"disable built-in security groups and proxy all security group calls to the "
"OpenStack Networking API when using OpenStack Networking. Failure to do so "
"results in conflicting security policies being simultaneously applied by "
"both services. To proxy security groups to OpenStack Networking, use the "
"following configuration values:"
msgstr ""
"Layanan OpenStack Networking menyediakan fungsionalitas kelompok keamanan "
"dengan menggunakan mekanisme yang lebih fleksibel dan kuat daripada "
"kemampuan kelompok keamanan yang ada di dalam OpenStack Compute. Dengan "
"demikian, ``nova.conf`` harus selalu menonaktifkan grup keamanan bawaan dan "
"proxy semua grup keamanan menghubungi OpenStack Networking API saat "
"menggunakan OpenStack Networking. Kegagalan untuk melakukannya menghasilkan "
"kebijakan keamanan yang saling bertentangan yang secara bersamaan diterapkan "
"oleh kedua layanan tersebut. Untuk mengelompokkan grup keamanan ke OpenStack "
"Networking, gunakan nilai konfigurasi berikut:"
msgid ""
"The OpenStack Security Group would like to acknowledge contributions from "
"the following organizations that were instrumental in making this book "
"possible. The organizations are:"
msgstr ""
"OpenStack Security Group ingin mengakui kontribusi dari organisasi berikut "
"yang berperan dalam membuat buku ini menjadi ada. Organisasi adalah:"
msgid ""
"The OpenStack Security Guide is the result of a five day sprint of "
"collaborative work of many individuals. The purpose of this document is to "
"provide the best practice guidelines for deploying a secure OpenStack cloud. "
"It is designed to reflect the current state of security within the OpenStack "
"community and provide frameworks for decision making where listing specific "
"security controls are not feasible due to complexity or other environment "
"specific details."
msgstr ""
"OpenStack Security Guide adalah hasil sprint lima hari kerja kolaboratif "
"banyak individu. Tujuan dari dokumen ini adalah untuk memberikan panduan "
"praktik terbaik untuk menerapkan awan OpenStack yang aman. Ini dirancang "
"untuk mencerminkan keadaan keamanan saat ini dalam komunitas OpenStack dan "
"menyediakan kerangka kerja untuk pengambilan keputusan di mana daftar "
"kontrol keamanan tertentu tidak dimungkinkan karena kompleksitas atau "
"rincian spesifik lingkungan lainnya."
msgid ""
"The OpenStack Security Project (OSSP) has worked with the VMT to agree that "
"an architectural review of the best practice deployment for a project is an "
"appropriate form of security review, balancing the need for review with the "
"resource requirements for a project of the scale of OpenStack. Security "
"architecture review is also often referred to as *threat analysis*, "
"*security analysis* or *threat modeling*. In the context of OpenStack "
"security review, these terms are synonymous for an architectural security "
"review which may identify defects in the design of a project or reference "
"architecture, and may lead to further investigative work to verify parts of "
"the implementation."
msgstr ""
" OpenStack Security Project (OSSP) telah bekerja dengan VMT untuk menyetujui "
"bahwa tinjauan arsitektur penerapan praktik terbaik untuk sebuah proyek "
"adalah bentuk tinjauan keamanan yang sesuai, menyeimbangkan kebutuhan untuk "
"ditinjau dengan persyaratan sumber daya untuk proyek skala OpenStack. "
"Tinjauan arsitektur keamanan juga sering disebut sebagai *threat analysis*, "
"*security analysis* atau *threat modeling*. Dalam konteks tinjauan keamanan "
"OpenStack, istilah-istilah ini identik untuk tinjauan keamanan arsitektural "
"yang dapat mengidentifikasi cacat pada desain proyek atau arsitektur "
"referensi, dan dapat menyebabkan pekerjaan investigasi lebih lanjut untuk "
"memverifikasi bagian-bagian dari pelaksanaan."
msgid ""
"The OpenStack Security team is based on voluntary contributions from the "
"OpenStack community. You can contact the security community directly in the "
"#openstack-security channel on Freenode IRC, or by sending mail to the "
"openstack-discuss mailing list with the [security] prefix in the subject "
"header."
msgstr ""
"Tim OpenStack Security didasarkan pada kontribusi sukarela dari komunitas "
"OpenStack. Anda dapat menghubungi komunitas keamanan secara langsung di "
"saluran #openstack-security di Freenode IRC, atau dengan mengirim email ke "
"daftar mailing openstack-discuss dengan awalan [security] di header subjek."
msgid ""
"The OpenStack components are only a small fraction of the software in a "
"cloud. It is important to keep up to date with all of these other "
"components, too. While certain data sources will be deployment specific, it "
"is important that a cloud administrator subscribe to the necessary mailing "
"lists in order to receive notification of any security updates applicable to "
"the organization's environment. Often this is as simple as tracking an "
"upstream Linux distribution."
msgstr ""
"Komponen OpenStack hanya sebagian kecil dari perangkat lunak di awan. "
"Penting untuk tetap up to date dengan semua komponen lainnya juga. Sementara "
"sumber data tertentu akan diterapkan secara khusus, administrator awan harus "
"berlangganan milis yang diperlukan untuk menerima pemberitahuan tentang "
"pembaruan keamanan apa pun yang berlaku untuk lingkungan organisasi. "
"Seringkali ini sesederhana melacak distribusi Linux hulu."
msgid ""
"The OpenStack dashboard (horizon) provides administrators and tenants with a "
"web-based graphical interface to provision and access cloud-based resources. "
"The dashboard communicates with the back-end services through calls to the "
"OpenStack API."
msgstr ""
"Dasbor OpenStack (horizon) menyediakan administrator dan penyewa dengan "
"antarmuka grafis berbasis web untuk menyediakan dan mengakses sumber daya "
"berbasis awan. Dasbor berkomunikasi dengan layanan back-end melalui "
"panggilan ke API OpenStack."
msgid ""
"The OpenStack dashboard is designed to discourage developers from "
"introducing cross-site scripting vulnerabilities with custom dashboards as "
"threads can be introduced. Dashboards that utilize multiple instances of "
"JavaScript should be audited for vulnerabilities such as inappropriate use "
"of the ``@csrf_exempt`` decorator. Any dashboard that does not follow these "
"recommended security settings should be carefully evaluated before "
"restrictions are relaxed."
msgstr ""
"Dasbor OpenStack dirancang untuk mencegah pengembang mengenalkan kerentanan "
"skrip lintas situs dengan dasbor kustom sebagai thread dapat diperkenalkan. "
"Dasbor yang menggunakan beberapa instance JavaScript harus diaudit untuk "
"kerentanan seperti penggunaan dekorator ```@csrf_exempt` yang tidak tepat. "
"Setiap dasbor yang tidak mengikuti pengaturan keamanan yang disarankan ini "
"harus dievaluasi secara hati-hati sebelum batasan rileks."
msgid ""
"The PKCS#11 crypto plugin can be used to interface with a Hardware Security "
"Module (HSM) using the PKCS#11 protocol. Secrets are encrypted (and "
"decrypted on retrieval) by a project specific Key Encryption Key (KEK) which "
"resides in the HSM. Since a different KEK is used for each project, and "
"since the KEKs are stored inside an HSM (instead of in plaintext in the "
"configuration file) the PKCS#11 plugin is much more secure than the simple "
"crypto plugin. It is the most popular back end amongst Barbican deployments."
msgstr ""
"Plugin kripto PKCS # 11 dapat digunakan untuk berinteraksi dengan Hardware "
"Security Module (HSM) menggunakan protokol PKCS # 11. Rahasia dienkripsi "
"(dan didekripsi saat pengambilan) oleh Key Key Enkripsi (KEK) spesifik "
"proyek yang berada di HSM. Karena KEK yang berbeda digunakan untuk setiap "
"proyek, dan karena KEK disimpan di dalam sebuah HSM (bukan di plaintext "
"dalam file konfigurasi) plugin PKCS # 11 jauh lebih aman daripada plugin "
"kripto sederhana. Ini adalah bagian belakang yang paling populer di antara "
"penyebaran Barbican."
msgid ""
"The Payment Card Industry Data Security Standard (PCI DSS) is defined by the "
"Payment Card Industry Standards Council, and created to increase controls "
"around card holder data to reduce credit card fraud. Annual compliance "
"validation is assessed by an external Qualified Security Assessor (QSA) who "
"creates a Report on Compliance (ROC), or by a Self-Assessment Questionnaire "
"(SAQ) dependent on volume of card-holder transactions."
msgstr ""
"The Payment Card Industry Data Security Standard (PCI DSS) didefinisikan "
"oleh Payment Card Industry Standards Council, dan dibuat untuk meningkatkan "
"kontrol seputar data pemegang kartu untuk mengurangi kecurangan kartu "
"kredit. Verifikasi kepatuhan tahunan dinilai oleh Qualified Security "
"Assessor (QSA) eksternal yang membuat Report on Compliance (Compliance "
"Comporiance / ROC), atau dengan Self Assessment Questionnaire (SAQ) "
"tergantung pada volume transaksi card-holder."
msgid ""
"The Planning phase is typically performed two weeks to six months before "
"Fieldwork begins. In this phase audit items such as the timeframe, timeline, "
"controls to be evaluated, and control owners are discussed and finalized. "
"Concerns about resource availability, impartiality, and costs are also "
"resolved."
msgstr ""
"Tahap Planning biasanya dilakukan dua minggu sampai enam bulan sebelum "
"Fieldwork dimulai. Dalam item audit tahap ini seperti kerangka waktu, garis "
"waktu, kontrol yang akan dievaluasi, dan pemilik kontrol dibahas dan "
"diselesaikan. Kekhawatiran tentang ketersediaan sumber daya, "
"ketidakberpihakan, dan biaya juga dipecahkan."
msgid ""
"The RO access level can be helpful in public shares when the administrator "
"gives read and write (RW) access for some certain editors or contributors "
"and gives read-only (RO) access for the rest of users (viewers)."
msgstr ""
"Tingkat akses RO dapat membantu dalam public share saat administrator "
"memberikan akses read and write (RW) untuk beberapa editor atau kontributor "
"tertentu dan memberikan akses read-only (RO) untuk pengguna lainnya (viewer)."
msgid ""
"The Reporting phase is where any issues that were identified during the "
"Fieldwork phase will be validated by management. For logistics purposes, "
"some activities such as issue validation may be performed during the "
"Fieldwork phase. Management will also need to provide remediation plans to "
"address the issues and ensure that they do not reoccur. A draft of the "
"overall report will be circulated for review to the stakeholders and "
"management. Agreed upon changes are incorporated and the updated draft is "
"sent to senior management for review and approval. Once senior management "
"approves the report, it is finalized and distributed to executive "
"management. Any issues are entered into the issue tracking or risk tracking "
"mechanism the organization uses."
msgstr ""
"Tahap Reporting adalah dimana setiap masalah yang diidentifikasi selama fase "
"Fieldwork akan divalidasi oleh manajemen. Untuk keperluan logistik, beberapa "
"kegiatan seperti validasi masalah dapat dilakukan selama fase kerja "
"lapangan. Manajemen juga perlu memberikan rencana pemulihan untuk mengatasi "
"masalah dan memastikan bahwa mereka tidak terulang kembali. Draft laporan "
"keseluruhan akan diedarkan untuk ditinjau kembali kepada pemangku "
"kepentingan dan manajemen. Menyetujui perubahan digabungkan dan draf yang "
"diperbarui dikirim ke manajemen senior untuk diperiksa dan disetujui. "
"Setelah manajemen senior menyetujui laporan tersebut, akhirnya diselesaikan "
"dan didistribusikan ke manajemen eksekutif. Semua masalah dimasukkan ke "
"dalam pelacakan masalah atau mekanisme pelacakan risiko yang digunakan "
"organisasi."
msgid "The Security Guide currently focuses on PostgreSQL and MySQL."
msgstr "Security Guide saat ini fokus pada PostgreSQL dan MySQL."
msgid ""
"The Shared File Systems service (manila) is intended to be ran on a single-"
"node or across multiple nodes. The Shared File Systems service consists of "
"four main services, which are similar to those of the Block Storage service:"
msgstr ""
"Layanan Shared File Systems (manila) dimaksudkan untuk dijalankan pada node "
"tunggal atau beberapa node. Layanan Shared File Systems terdiri dari empat "
"layanan utama, yang serupa dengan layanan Block Storage:"
msgid ""
"The Shared File Systems service (manila) provides a set of services for "
"management of shared file systems in a multi-tenant cloud environment. It is "
"similar to how OpenStack provides block-based storage management through the "
"OpenStack Block Storage service (cinder) project. With the Shared File "
"Systems service, you can create a shared file system and manage its "
"properties, such as visibility, accessibility and usage quotas."
msgstr ""
"Layanan Shared File Systems (manila) menyediakan seperangkat layanan untuk "
"pengelolaan sistem file bersama di lingkungan awan multi-tenant. Ini mirip "
"dengan bagaimana OpenStack menyediakan manajemen penyimpanan berbasis blok "
"melalui proyek layanan OpenStack Block Storage (cinder). Dengan layanan "
"Shared File Systems, Anda dapat membuat sistem file bersama dan mengelola "
"propertinya, seperti visibilitas, aksesibilitas dan kuota penggunaan."
msgid ""
"The Shared File Systems service allows an administrator to grant or deny "
"access to the *private* share types for tenants. It is also possible to get "
"information about access for a specified private share type."
msgstr ""
"Layanan Shared File Systems memungkinkan administrator untuk memberikan atau "
"menolak akses ke tipe share *private* untuk penyewa. Hal ini juga "
"memungkinkan untuk mendapatkan informasi tentang akses untuk jenis share "
"pribadi tertentu."
msgid ""
"The Shared File Systems service allows to grant or deny access to different "
"entities of the service for other clients."
msgstr ""
"Layanan Shared File Systems memungkinkan untuk memberikan atau menolak akses "
"ke entitas layanan yang berbeda untuk klien lain."
msgid ""
"The Shared File Systems service allows to work with different types of a "
"network:"
msgstr ""
"Layanan Shared File Systems memungkinkan untuk bekerja dengan berbagai jenis "
"jaringan:"
msgid ""
"The Shared File Systems service allows you to configure a security service "
"with these options:"
msgstr ""
"Layanan Shared File Systems memungkinkan Anda mengkonfigurasi layanan "
"keamanan dengan opsi ini:"
msgid ""
"The Shared File Systems service architecture defines an abstraction layer "
"for network resource provisioning. It allows administrators to choose from "
"different options for how network resources are assigned to their tenants "
"networked storage. There are several network plug-ins that provide a variety "
"of integration approaches with the network services that are available with "
"OpenStack."
msgstr ""
"Arsitektur layanan Shared File Systems mendefinisikan lapisan abstraksi "
"untuk penyediaan sumber daya jaringan. Hal ini memungkinkan administrator "
"untuk memilih dari pilihan yang berbeda untuk bagaimana sumber daya jaringan "
"ditugaskan ke penyimpanan jaringan penyewa mereka. Ada beberapa plug-in "
"jaringan yang menyediakan berbagai pendekatan integrasi dengan layanan "
"jaringan yang tersedia dengan OpenStack."
msgid ""
"The Shared File Systems service can work with different network types: flat, "
"VLAN, VXLAN, or GRE, and supports segmented networking. There are also "
"different :ref:`network plug-ins <shared_fs_network_plugins>` that provide a "
"variety of integration approaches with the network services that are "
"available with OpenStack."
msgstr ""
"Layanan Shared File Systems dapat bekerja dengan berbagai jenis jaringan: "
"flat, VLAN, VXLAN, atau GRE, dan mendukung jaringan tersegmentasi. Ada juga "
"jenis yang berbeda :ref:`network plug-ins <shared_fs_network_plugins>` yang "
"menyediakan berbagai pendekatan integrasi dengan layanan jaringan yang "
"tersedia dengan OpenStack."
msgid ""
"The Shared File Systems service is merely keeping the information about "
"networks in the database, and real networks are provided by the network "
"provider. In OpenStack it can be Legacy networking (nova-network) or "
"Networking (neutron) services, but the Shared File Systems service can work "
"even out of OpenStack. That is allowed by ``StandaloneNetworkPlugin`` that "
"can be used with any network platform and does not require some specific "
"network services in OpenStack like Networking or Legacy networking services. "
"You can set the network parameters in its configuration file."
msgstr ""
"Layanan Shared File Systems hanya menyimpan informasi tentang jaringan di "
"database, dan jaringan nyata disediakan oleh penyedia jaringan. Di "
"OpenStack, hal itu dapat terjadi di layanan Legacy networking (nova-network) "
"atau Networking (neutron), namun layanan Shared File Systems dapat bekerja "
"bahkan bekerja di luar OpenStack. Itu diperbolehkan oleh "
"``StandaloneNetworkPlugin`` yang dapat digunakan dengan platform jaringan "
"dan tidak memerlukan beberapa layanan jaringan tertentu di OpenStack seperti "
"layanan Networking atau Legacy networking. Anda dapat mengatur parameter "
"jaringan dalam file konfigurasinya."
msgid ""
"The Shared File Systems service serves the same purpose as Amazon Elastic "
"File System (EFS)."
msgstr ""
"Layanan Shared File Systems melayani tujuan yang sama seperti Amazon Elastic "
"File System (EFS)."
msgid ""
"The Shared File Systems service uses an SQL-based central database that is "
"shared by all Shared File Systems services in the system. It can use any SQL "
"dialect supported by ORM SQLALchemy, but is tested only with MySQL and "
"PostgreSQL data bases."
msgstr ""
"Layanan Shared File Systems menggunakan basis data berbasis SQL yang dibagi "
"oleh semua layanan Shared File Systems di sistem. Hal ini dapat menggunakan "
"dialek SQL yang didukung oleh ORM SQLALchemy, namun hanya diuji dengan basis "
"data MySQL dan PostgreSQL."
msgid ""
"The Shared File Systems service works with various storage providers that "
"use the following shared file system protocols: :term:`NFS <Network File "
"System (NFS)>`, :term:`CIFS <Common Internet File System (CIFS)>`, :term:"
"`GlusterFS`, and :term:`HDFS <Hadoop Distributed File System (HDFS)>`."
msgstr ""
"Layanan Shared File Systems bekerja dengan berbagai penyedia penyimpanan "
"yang menggunakan protokol sistem file bersama berikut: :term:`NFS <Network "
"File System (NFS)>`, :term:`CIFS <Common Internet File System (CIFS)>`, :"
"term:`GlusterFS`, dan :term:`HDFS <Hadoop Distributed File System (HDFS)>`."
msgid ""
"The Virtio RNG is a random number generator that uses ``/dev/random`` as the "
"source of entropy by default, however can be configured to use a hardware "
"RNG or a tool such as the entropy gathering daemon (`EGD <http://egd."
"sourceforge.net>`_) to provide a way to fairly and securely distribute "
"entropy through a distributed system. The Virtio RNG is enabled using the "
"``hw_rng`` property of the metadata used to create the instance."
msgstr ""
"Virtio RNG adalah generator bilangan acak yang menggunakan ``/dev/random`` "
"sebagai sumber entropi secara default, namun dapat dikonfigurasi untuk "
"menggunakan perangkat keras RNG atau alat seperti entropy gathering daemon "
"(`EGD <http: //egd.sourceforge.net>`_) untuk menyediakan cara "
"mendistribusikan distribusi entropi secara adil dan aman melalui sistem "
"terdistribusi. Virtio RNG diaktifkan menggunakan properti ``hw_rng`` dari "
"metadata yang digunakan untuk membuat instance."
msgid ""
"The Wrap-up phase is where the audit is officially spun down. Management "
"will begin remediation activities at this point. Processes and notifications "
"are used to ensure that any audit related information is moved to a secure "
"repository."
msgstr ""
"Tahap Wrap-up adalah tempat audit secara resmi diputar mundur. Manajemen "
"akan memulai kegiatan remediasi pada saat ini. Proses dan notifikasi "
"digunakan untuk memastikan bahwa informasi terkait audit dipindahkan ke "
"repositori yang aman."
msgid ""
"The `Cloud Security Alliance Cloud Controls Matrix <https://"
"cloudsecurityalliance.org/group/cloud-controls-matrix/>`_ (CCM) assists both "
"cloud providers and consumers in assessing the overall security of a cloud "
"provider. The CSA CMM provides a controls framework that map to many "
"industry-accepted standards and regulations including the ISO 27001/2, "
"ISACA, COBIT, PCI, NIST, Jericho Forum and NERC CIP."
msgstr ""
"The `Cloud Security Alliance Cloud Controls Matrix <https://"
"cloudsecurityalliance.org/group/cloud-controls-matrix/>`_ (CCM) membantu "
"penyedia awan dan konsumen dalam menilai keamanan keseluruhan penyedia awan. "
"CSA CMM menyediakan kerangka kerja kontrol yang memetakan standar dan "
"peraturan yang berlaku di industri termasuk ISO 27001/2, ISACA, COBIT, PCI, "
"NIST, Forum Jericho dan NERC CIP."
msgid ""
"The `Key Management Interoperability Protocol (KMIP) <https://www.oasis-open."
"org/committees/tc_home.php?wg_abbrev=kmip>`_ secret store plugin is used to "
"communicate with a KMIP-enabled device, such as a Hardware Security Module "
"(HSM). The secret is securely stored in the KMIP-enabled device directly, "
"rather than in the Barbican database. The Barbican database maintains a "
"reference to the secret's location for later retrieval. The plugin can be "
"configured to authenticate to the KMIP-enabled device using either a "
"username and password, or using a client certificate. This information is "
"stored in the Barbican configuration file."
msgstr ""
"Plugin penyimpanan rahasia `Key Management Interoperability Protocol (KMIP) "
"<https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip>`_ "
"digunakan untuk berkomunikasi dengan perangkat berkemampuan KMIP, seperti "
"Hardware Security Module (HSM). Rahasianya disimpan dengan aman di perangkat "
"berkemampuan KMIP secara langsung, bukan di database Barbican. Database "
"Barbican menyimpan referensi ke lokasi rahasia untuk pengambilan nanti. "
"Plugin ini dapat dikonfigurasi untuk melakukan otentikasi ke perangkat "
"berkemampuan KMIP menggunakan nama pengguna dan kata sandi, atau menggunakan "
"sertifikat klien. Informasi ini disimpan dalam file konfigurasi Barbican."
msgid ""
"The `SCAP Security Guide <https://github.com/OpenSCAP/scap-security-guide/"
">`_ is another useful reference. This is still an emerging source, but we "
"anticipate that this will grow into a tool with controls mappings that are "
"more focused on the US federal government certifications and "
"recommendations. For example, the SCAP Security Guide currently has some "
"mappings for security technical implementation guides (STIGs) and "
"NIST-800-53."
msgstr ""
"The `SCAP Security Guide <https://github.com/OpenSCAP/scap-security-guide/"
">`_ adalah referensi lain yang berguna. Ini masih merupakan sumber yang "
"muncul, namun kami mengantisipasi bahwa ini akan tumbuh menjadi alat dengan "
"pemetaan kontrol yang lebih terfokus pada sertifikasi dan rekomendasi "
"pemerintah federal AS. Misalnya, SCAP Security Guide saat ini memiliki "
"beberapa pemetaan untuk panduan penerapan teknis keamanan (STIG) dan "
"NIST-800-53."
msgid ""
"The ``/etc/swift`` directory contains information about the ring topology "
"and environment configuration. The following permissions are recommended:"
msgstr ""
"Direktori ``/etc/swift`` berisi informasi tentang topologi ring dan "
"konfigurasi lingkungan. Izin berikut direkomendasikan:"
msgid ""
"The ``/var/lib/nova`` directory is used to hold details about the instances "
"on a given compute host. This directory should be considered sensitive as "
"well, with strictly enforced file permissions. Additionally, it should be "
"backed up regularly as it contains information and metadata for the "
"instances associated with that host."
msgstr ""
"Direktori ``/var/lib/nova`` digunakan untuk menyimpan rincian tentang "
"instance pada compute host tertentu. Direktori ini harus dianggap sensitif "
"juga, dengan hak akses file yang ketat. Selain itu, ini harus dicadangkan "
"secara teratur karena berisi informasi dan metadata untuk instance yang "
"terkait dengan host tersebut."
msgid ""
"The ``DiskFilter`` filter is capable of oversubscribing disk space. While "
"not normally an issue, this can be a concern on storage devices that are "
"thinly provisioned, and this filter should be used with well-tested quotas "
"applied."
msgstr ""
"Filter ``DiskFilter`` mampu melampaui batas ruang disk. Meskipun biasanya "
"tidak menjadi masalah, ini bisa menjadi perhatian pada perangkat penyimpanan "
"yang tersedia secara tipis, dan filter ini harus digunakan dengan kuota yang "
"teruji dengan baik."
msgid ""
"The ``FilterScheduler`` is the default scheduler for OpenStack Compute, "
"although other schedulers exist (see the section `Scheduling <https://docs."
"openstack.org/ocata/config-reference/compute/schedulers.html>`_ in the "
"`OpenStack Configuration Reference <https://docs.openstack.org/ocata/config-"
"reference/config-overview.html>`_ ). This works in collaboration with "
"'filter hints' to decide where an instance should be started. This process "
"of host selection allows administrators to fulfill many different security "
"and compliance requirements. Depending on the cloud deployment type for "
"example, one could choose to have tenant instances reside on the same hosts "
"whenever possible if data isolation was a primary concern. Conversely one "
"could attempt to have instances for a tenant reside on as many different "
"hosts as possible for availability or fault tolerance reasons."
msgstr ""
"The ``FilterScheduler`` adalah penjadwal default untuk OpenStack Compute, "
"meskipun penjadwal lain ada (lihat bagian `Scheduling <https://docs."
"openstack.org/ocata/config-reference/compute/schedulers.html>`_ dalam "
"`OpenStack Configuration Reference <https://docs.openstack.org/ocata/config-"
"reference/config-overview.html>`_ ). Ini bekerja sama dengan 'filter hints' "
"untuk memutuskan di mana instance harus dimulai. Proses pemilihan host ini "
"memungkinkan administrator untuk memenuhi berbagai persyaratan keamanan dan "
"kepatuhan. Bergantung pada jenis penyebaran cloud misalnya, seseorang dapat "
"memilih untuk memiliki instance penyewa yang berada di host yang sama bila "
"memungkinkan jika isolasi data menjadi perhatian utama. Sebaliknya seseorang "
"dapat mencoba untuk memiliki instance untuk penyewa tinggal di sebanyak "
"mungkin host yang berbeda untuk ketersediaan atau toleransi kesalahan (fault "
"tolerance reason).."
msgid ""
"The ``GroupAffinity`` and ``GroupAntiAffinity`` filters conflict and should "
"not both be enabled at the same time."
msgstr ""
"Filter ``GroupAffinity`` dan ``GroupAntiAffinity`` terjadi konflik dan "
"seharusnya keduanya tidak diaktifkan secara bersamaan."
msgid ""
"The ``QoSBandwidthLimitRule`` has been implemented in the neutron Open "
"vSwitch, Linux bridge and single root input/output virtualization (SR-IOV) "
"drivers."
msgstr ""
"The `` QoSBandwidthLimitRule`` telah diimplementasikan di netron Open "
"vSwitch, Linux bridge dan driver single root input/output virtualization (SR-"
"IOV)."
msgid ""
"The ``ShibRequireSession`` rule is invalid in Apache 2.4 or newer and should "
"be dropped in that specific setup."
msgstr ""
"Aturan `` ShibRequireSession`` tidak valid di Apache 2.4 atau yang lebih "
"baru dan harus dijatuhkan (dropped) di setup yang spesifik."
msgid ""
"The ``apt-get`` command is Ubuntu specific. For other distributions, replace "
"with appropriate command."
msgstr ""
"Perintah `` apt-get`` adalah Ubuntu yang spesifik. Untuk distro lain, ganti "
"dengan perintah yang sesuai."
msgid ""
"The ``copy_from`` feature in Image Service API v1 supplied by Glance can "
"allow an attacker to perform masked network port scans. If the v1 API is "
"enabled, this policy should be set to a restricted value."
msgstr ""
"Fitur ``copy_from`` pada Image Service API v1 yang disuplai oleh Glance "
"memungkinkan penyerang melakukan scan port jaringan bertopeng (masked). Jika "
"API v1 diaktifkan, kebijakan ini harus ditetapkan ke nilai yang dibatasi."
msgid ""
"The ``external`` method should be dropped to avoid any interference with "
"some Apache and Shibboleth SP setups, where a ``REMOTE_USER`` environment "
"variable is always set, even as an empty value."
msgstr ""
"Metode ``external`` harus dijatuhkan (dropped) untuk menghindari gangguan "
"pada beberapa setup Apache dan Shibboleth SP, di mana variabel lingkungan "
"``REMOTE_USER` selalu ditetapkan, bahkan sebagai nilai kosong."
msgid ""
"The ``md5`` parameter defines the authentication method as a hashed "
"password. We provide a secure authentication example in the section below."
msgstr ""
"Parameter ``md5`` mendefinisikan metode otentikasi sebagai hashed password. "
"Kami memberikan contoh otentikasi yang aman pada bagian di bawah ini."
msgid ""
"The ``nova-novncproxy`` and ``nova-xvpvncproxy`` services by default open "
"public-facing ports that are token authenticated."
msgstr ""
"Layanan ``nova-novncproxy`` dan ``nova-xvpvncproxy`` secara default terbuka "
"menghadap ke publik port yang token dikonfirmasi."
msgid ""
"The ``nova-spicehtml5proxy`` service by default opens public-facing ports "
"that are token authenticated."
msgstr ""
"Layanan ``nova-spicehtml5proxy`` secara default membuka port yang menghadap "
"ke publik yang diberi tanda bukti."
msgid ""
"The ``nova`` command-line utility can return a URL for the VNC console for "
"access by the nova Java VNC client. This requires the ``nova-xvpvncproxy`` "
"service to bridge from the public network to the management network."
msgstr ""
"Utilitas baris perintah ``nova`` dapat mengembalikan URL untuk konsol VNC "
"untuk diakses oleh klien VNC nova Java. Ini memerlukan layanan ``nova-"
"xvpvncproxy`` untuk menjembatani dari jaringan publik ke jaringan manajemen."
msgid ""
"The ``service apache2 restart`` command is Ubuntu-specific. For other "
"distributions, replace with appropriate command."
msgstr ""
"Perintah ``service apache2 restart`` adalah Ubuntu-specific. Untuk distro "
"lain, ganti dengan perintah yang sesuai."
msgid ""
"The ``svirt_image_t`` label uniquely identifies image files on disk, "
"allowing for the SELinux policy to restrict access. When a KVM-based compute "
"image is powered on, sVirt appends a random numerical identifier to the "
"image. sVirt is capable of assigning numeric identifiers to a maximum of "
"524,288 virtual machines per hypervisor node, however most OpenStack "
"deployments are highly unlikely to encounter this limitation."
msgstr ""
"Label ``svirt_image_t`` secara unik mengidentifikasi file image pada disk, "
"memungkinkan kebijakan SELinux membatasi akses. Saat image komputasi "
"berbasis KVM diaktifkan, sVirt menambahkan pengenal numerik acak ke image. "
"SVirt mampu menugaskan pengenal numerik (numeric identifier) ke maksimum "
"524.288 mesin virtual per node hypervisor, namun sebagian besar penerapan "
"OpenStack sangat tidak mungkin untuk menghadapi keterbatasan ini."
msgid ""
"The ``volume_clear`` parameter can be set to ``zero``. The ``zero`` argument "
"will write a single pass of zeroes to the device."
msgstr ""
"Parameter ``volume_clear`` dapat disetel ke ``zero``. Argumen ``zero`` akan "
"menulis single pass nol ke perangkat."
msgid "The above link defaults to the Ubuntu version."
msgstr "Tautan di atas default ke versi Ubuntu."
msgid ""
"The actual data objects. ACLs at the object level are also possible with "
"metadata and are dependent on the authentication system used."
msgstr ""
"Objek data sebenarnya. ACL pada tingkat objek juga dimungkinkan dengan "
"metadata dan bergantung pada sistem otentikasi yang digunakan."
msgid ""
"The admin token is generally used to bootstrap Identity. This token is the "
"most valuable Identity asset, which could be used to gain cloud admin "
"privileges."
msgstr ""
"Token admin umumnya digunakan untuk bootstrap Identity. Token ini adalah "
"aset Identity yang paling berharga, yang bisa digunakan untuk mendapatkan "
"hak istimewa admin awan."
msgid ""
"The administrator can grant access to the private share type for the demo "
"tenant with the tenant ID equal to df29a37db5ae48d19b349fe947fada46:"
msgstr ""
"Administrator dapat memberikan akses ke jenis share privat untuk penyewa "
"demo dengan ID penyewa sama dengan df29a37db5ae48d19b349fe947fada46:"
msgid ""
"The amount of information that can be gathered about a system and its users "
"should be minimized."
msgstr ""
"Jumlah informasi yang bisa dikumpulkan tentang suatu sistem dan penggunanya "
"harus diminimalkan."
msgid ""
"The ansible-hardening project provides an Ansible role that applies security "
"controls to a wide array of Linux operating systems. It can also be used to "
"audit an existing system. Each control is carefully reviewed to determine if "
"it could cause harm to a production system. The controls are based on the "
"Red Hat Enterprise Linux 7 STIG."
msgstr ""
"Proyek ansible-hardening memberikan peran penting yang menerapkan kontrol "
"keamanan ke beragam sistem operasi Linux. Ini juga bisa digunakan untuk "
"mengaudit sistem yang ada. Setiap kontrol ditinjau ulang secara seksama "
"untuk menentukan apakah hal itu dapat menyebabkan kerusakan pada sistem "
"produksi. Kontrol didasarkan pada Red Hat Enterprise Linux 7 STIG."
msgid ""
"The architecture diagram shows the logical layout of the system so the "
"security reviewers can step through the architecture with the project team. "
"It is a logical diagram which shows how the components interact, how they "
"connect to external entities, and where communications cross trust "
"boundaries. Further information on architecture diagram, including a key of "
"symbols, will be given in the upcoming architecture diagram guidance. "
"Diagrams can be drawn in any tool that can produce a diagram which uses the "
"symbols in the key, however `draw.io <https://draw.io>`__ is strongly "
"recommended."
msgstr ""
"Diagram arsitektur menunjukkan tata letak logis dari sistem sehingga "
"peninjau keamanan dapat melangkah melalui arsitektur dengan tim proyek. Ini "
"adalah diagram logis yang menunjukkan bagaimana komponen berinteraksi, "
"bagaimana mereka terhubung ke entitas eksternal, dan di mana komunikasi "
"melintasi batas kepercayaan. Informasi lebih lanjut tentang diagram "
"arsitektur, termasuk kunci simbol, akan diberikan dalam panduan diagram "
"arsitektur yang akan datang. Diagram dapat ditarik dalam alat yang dapat "
"menghasilkan diagram yang menggunakan simbol pada kunci, namun `draw.io "
"<https://draw.io>` __ sangat disarankan."
msgid ""
"The authentication service requires the user to provide information based on "
"something they have, such as a one-time password token or X.509 certificate, "
"and something they know, such as a password."
msgstr ""
"Layanan otentikasi mengharuskan pengguna memberikan informasi berdasarkan "
"sesuatu yang mereka miliki, seperti token password one-time atau sertifikat "
"X.509, dan sesuatu yang mereka ketahui, seperti password."
msgid ""
"The authentication service you use, such as Identity service (keystone) or "
"TempAuth, will determine how you configure a different URL in the responses "
"to end-point clients so they use your load balancer instead of an individual "
"proxy node."
msgstr ""
"Layanan otentikasi yang Anda gunakan, seperti layanan Identity (keystone) "
"atau TempAuth, akan menentukan bagaimana Anda mengkonfigurasi URL yang "
"berbeda dalam tanggapan ke klien end-point sehingga mereka menggunakan "
"penyeimbang beban Anda daripada sebuah node proxy individual."
msgid ""
"The basics of logging: configuration, setting log level, location of the log "
"files, and how to use and customize logs, as well as how to do centralized "
"collections of logs is well covered in the `OpenStack Operations Guide "
"<https://docs.openstack.org/ops/>`_."
msgstr ""
"Dasar logging: konfigurasi, pengaturan tingkat log, lokasi file log, dan "
"bagaimana cara menggunakan dan menyesuaikan log, serta bagaimana melakukan "
"koleksi log terpusat tercakup dalam `OpenStack Operations Guide <https://"
"docs.openstack.org/ops/>`_."
msgid ""
"The best test of interoperability in the cloud is the ability to enable a "
"user with one set of credentials in an IdP to access multiple cloud "
"services. Organizations, each using its own IdP can easily allow their users "
"to collaborate and quickly share the same cloud services."
msgstr ""
"Tes interoperabilitas terbaik di awan adalah kemampuan untuk memungkinkan "
"pengguna dengan satu set kredensial dalam IdP untuk mengakses beberapa "
"layanan awan. Organisasi, masing-masing menggunakan IdP sendiri dapat dengan "
"mudah membiarkan pengguna mereka berkolaborasi dan dengan cepat berbagi "
"layanan awan yang sama."
msgid ""
"The choice of database server is an important consideration in the security "
"of an OpenStack deployment. Multiple factors should be considered when "
"deciding on a database server, however for the scope of this book only "
"security considerations will be discussed. OpenStack supports a variety of "
"database types. See the `OpenStack Administrator Guide <https://docs."
"openstack.org/admin-guide/>`_ for more information."
msgstr ""
"Pemilihan server database merupakan pertimbangan penting dalam keamanan "
"pengerahan OpenStack. Beberapa faktor harus dipertimbangkan saat menentukan "
"database server, namun untuk lingkup buku ini hanya pertimbangan keamanan "
"yang akan dibahas. OpenStack mendukung berbagai jenis database. Lihat "
"`OpenStack Administrator Guide <https://docs.openstack.org/admin-guide/>`_ "
"untuk informasi lebih lanjut."
msgid ""
"The choice of technology to provide L2 isolation is dependent upon the scope "
"and size of tenant networks that will be created in your deployment. If your "
"environment has limited VLAN ID availability or will have a large number of "
"L2 networks, it is our recommendation that you utilize tunneling."
msgstr ""
"Pilihan teknologi untuk memberikan isolasi L2 bergantung pada cakupan dan "
"ukuran jaringan penyewa yang akan dibuat dalam penerapan Anda. Jika "
"lingkungan Anda memiliki ketersediaan VLAN ID terbatas atau akan memiliki "
"sejumlah besar jaringan L2, ini adalah rekomendasi kami untuk memanfaatkan "
"tunneling."
msgid ""
"The choice of tenant network isolation affects how the network security and "
"control boundary is implemented for tenant services. The following "
"additional network services are either available or currently under "
"development to enhance the security posture of the OpenStack network "
"architecture."
msgstr ""
"Pilihan isolasi jaringan penyewa mempengaruhi bagaimana keamanan jaringan "
"dan batas kontrol diterapkan untuk layanan penyewa. Layanan jaringan "
"tambahan berikut tersedia atau sedang dalam pengembangan untuk meningkatkan "
"postur keamanan dari arsitektur jaringan OpenStack."
msgid ""
"The client configuration data for authentication and authorization (AuthN/"
"AuthZ) can be stored by ``security services``. LDAP, Kerberos, or Microsoft "
"Active directory can be used by the Shared File Systems service if they are "
"supported by used drivers and back ends. Authentication services can also be "
"configured without the Shared File Systems service."
msgstr ""
"Data konfigurasi klien untuk otentikasi dan otorisasi (AuthN/AuthZ) dapat "
"disimpan oleh ``security services``. Active Directory LDAP, Kerberos, atau "
"Microsoft dapat digunakan oleh layanan Shared File Systems jika didukung "
"oleh driver dan back end yang digunakan. Layanan otentikasi juga dapat "
"dikonfigurasi tanpa layanan Shared File Systems."
msgid ""
"The cloud administrator should protect sensitive configuration files from "
"unauthorized modification. This can be achieved with mandatory access "
"control frameworks such as SELinux, including ``/etc/keystone/keystone."
"conf`` and X.509 certificates."
msgstr ""
"Administrator awan harus melindungi file konfigurasi sensitif dari "
"modifikasi yang tidak sah. Hal ini dapat dicapai dengan kerangka kontrol "
"akses wajib seperti SELinux, termasuk sertifikat ``/etc/keystone/keystone."
"conf`` dan X.509."
msgid ""
"The components of Object Storage are grouped into the following primary "
"groups:"
msgstr ""
"Komponen Object Storage dikelompokkan ke dalam kelompok primer berikut:"
msgid ""
"The compute configuration, ``nova.conf``, has the following default "
"parameters within the \"[ephemeral_storage_encryption]\" section"
msgstr ""
"Konfigurasi komputasi, ``nova.conf``, memiliki parameter default berikut di "
"bagian \"[ephemeral_storage_encryption]\""
msgid ""
"The compute nodes are the least trusted of the services in OpenStack because "
"they host tenant instances. The ``nova-conductor`` service has been "
"introduced to serve as a database proxy, acting as an intermediary between "
"the compute nodes and the database. We discuss its ramifications later in "
"this chapter."
msgstr ""
"Node komputasi adalah yang paling tidak dipercaya dari layanan di OpenStack "
"karena mereka menghosting instance penyewa. Layanan ``nova-conductor`` telah "
"diperkenalkan untuk dijadikan basis data proxy, bertindak sebagai perantara "
"antara node dan database. Kami mendiskusikan ramalannya nanti di bab ini."
msgid ""
"The configuration file ``policy.json`` may be placed anywhere. The path ``/"
"etc/manila/policy.json`` is expected by default."
msgstr ""
"File konfigurasi ``policy.json`` dapat ditempatkan dimana saja. Path ``/etc/"
"manila/policy.json`` diharapkan secara default."
msgid ""
"The configuration files for the OpenStack services contain a number of "
"passwords which are in plain text. These include, for instance, the "
"passwords used by service users to authenticate to keystone to validate "
"keystone tokens."
msgstr ""
"File konfigurasi untuk layanan OpenStack berisi sejumlah password yang ada "
"dalam teks biasa. Ini termasuk, misalnya, password yang digunakan oleh "
"pengguna layanan untuk melakukan otentikasi ke keystone untuk memvalidasi "
"token keystone."
msgid ""
"The configuration for manila-rootwrap in file ``rootwrap.conf`` and the "
"manila-rootwrap command filters for share nodes in file ``rootwrap.d/share."
"filters`` should be owned by, and only-writeable by, the root user."
msgstr ""
"Konfigurasi untuk manila-rootwrap di file ``rootwrap.conf`` dan filter "
"perintah manila-rootwrap untuk share node dalam file ``rootwrap.d/share."
"filters`` harus dimiliki oleh, dan hanya dapat ditulisi oleh, pengguna root"
msgid ""
"The configuration option in ``manila.conf`` that sets *share servers* mode "
"or *no share servers* mode is the ``driver_handles_share_servers`` option. "
"It indicates whether a driver handles share servers by itself or it expects "
"the Shared File Systems service to do it."
msgstr ""
"Pilihan konfigurasi pada ``manila.conf`` yang mengatur mode *share servers* "
"atau mode *no share servers * adalah opsi ``driver_handles_share_servers``. "
"Ini menunjukkan apakah driver menangani server berbagi dengan sendirinya "
"atau mengharapkan layanan Shared File Systems untuk melakukannya."
msgid ""
"The dashboard can also be branded for service providers and other commercial "
"vendors."
msgstr ""
"Dasbor juga bisa dicap (branded) untuk penyedia layanan dan vendor komersial "
"lainnya."
msgid ""
"The dashboard depends on a shared ``SECRET_KEY`` setting for some security "
"functions. The secret key should be a randomly generated string at least 64 "
"characters long, which must be shared across all active dashboard instances. "
"Compromise of this key may allow a remote attacker to execute arbitrary "
"code. Rotating this key invalidates existing user sessions and caching. Do "
"not commit this key to public repositories."
msgstr ""
"Dasbor tergantung pada pengaturan ``SECRET_KEY` yang dipakai bersama untuk "
"beberapa fungsi keamanan. Kunci rahasia harus berupa string yang dihasilkan "
"secara acak minimal 64 karakter, yang harus dibagi di semua instance dasbor "
"aktif. Kompromi kunci ini memungkinkan penyerang remote untuk mengeksekusi "
"kode secara acak. Memutar tombol ini akan membuat user session dan caching "
"tidak valid. Jangan masukkan kunci ini ke public repository."
msgid ""
"The dashboard provides GUI support for routers and load-balancers. For "
"example, the dashboard now implements all of the main Networking features."
msgstr ""
"Dasbor menyediakan dukungan GUI untuk router dan load-balancers. Misalnya, "
"dasbor sekarang menerapkan semua fitur Networking utama."
msgid ""
"The dashboard provides tenant-users a self-service portal to provision their "
"own resources within the limits set by administrators."
msgstr ""
"Dasbor menyediakan portal layanan mandiri (self-service) bagi pengguna "
"penyewa untuk menyediakan sumber daya mereka sendiri sesuai batasan yang "
"ditetapkan oleh administrator."
msgid ""
"The dashboard requires cookies and JavaScript to be enabled in the web "
"browser."
msgstr "Dasbor mengharuskan cookie dan JavaScript diaktifkan di browser web."
msgid ""
"The dashboard should be deployed as a Web Services Gateway Interface (WSGI) "
"application behind an HTTPS proxy such as Apache or :term:`Nginx`. If Apache "
"is not already in use, we recommend :term:`Nginx` since it is lightweight "
"and easier to configure correctly."
msgstr ""
"Dasbor harus digunakan sebagai aplikasi Web Services Gateway Interface "
"(WSGI) di belakang proxy HTTPS seperti Apache atau :term:`Nginx`. Jika "
"Apache belum digunakan, kami sarankan :term:`Nginx` karena sudah ringan dan "
"mudah dikonfigurasi dengan benar."
msgid ""
"The dashboard's static media should be deployed to a subdomain of the "
"dashboard domain and served by the web server. The use of an external "
"content delivery network (CDN) is also acceptable. This subdomain should not "
"set cookies or serve user-provided content. The media should also be served "
"with HTTPS."
msgstr ""
"Media statis dasbor harus dikirim ke subdomain dari domain dasbor dan "
"dilayani oleh server web. Penggunaan content delivery network (CDN) "
"eksternal juga dapat diterima. Subdomain ini tidak boleh menyetel cookies "
"atau menyajikan konten yang disediakan pengguna. Media juga harus dilayani "
"dengan HTTPS."
msgid ""
"The data asset impact analysis breaks down the impact of the loss of "
"confidentiality, integrity or availability for each data asset. Project "
"architects should attempt to complete this, as they understand their project "
"in the most detail, but the OpenStack Security Project (OSSP) will work "
"through this with the project during the security review and are likely to "
"add or update the impact details."
msgstr ""
"Analisis dampak aset data memecah dampak hilangnya kerahasiaan, integritas "
"atau ketersediaan setiap aset data. Arsitek proyek harus berusaha "
"menyelesaikan ini, karena mereka memahami proyek mereka secara terinci, "
"OpenStack Security Project (OSSP) akan menyelesaikannya dengan proyek selama "
"tinjauan keamanan dan cenderung menambahkan atau memperbarui rincian "
"dampaknya."
msgid ""
"The data processing controller can be configured to use proxy commands for "
"accessing its cluster instances. In this manner custom network topologies "
"can be created for installations which will not use the networks provided "
"directly by the Networking service. We recommend using this option for "
"installations which require limiting access between the controller and the "
"instances."
msgstr ""
"Pengontrol pengolahan data dapat dikonfigurasi untuk menggunakan perintah "
"proxy untuk mengakses instance clusternya. Dengan cara ini topologi jaringan "
"kustom dapat dibuat untuk instalasi yang tidak akan menggunakan jaringan "
"yang disediakan secara langsung oleh layanan Networking. Sebaiknya gunakan "
"opsi ini untuk pemasangan yang memerlukan pembatasan akses antara pengontrol "
"dan instances."
msgid ""
"The data processing controller retains temporary storage of the username and "
"password provided for object store access. When using proxy domains the "
"controller will generate this pair for the proxy user, and the access of "
"this user will be limited to that of the identity trust. We recommend using "
"proxy domains in any installation where the controller or its database have "
"routes to or from public networks."
msgstr ""
"The data processing controller retains temporary storage of the username and "
"password provided for object store access. When using proxy domains the "
"controller will generate this pair for the proxy user, and the access of "
"this user will be limited to that of the identity trust. We recommend using "
"proxy domains in any installation where the controller or its database have "
"routes to or from public networks."
msgid ""
"The data security domain is concerned primarily with information pertaining "
"to the storage services within OpenStack. Most of the data transmitted "
"across this network requires high levels of integrity and confidentiality. "
"In some cases, depending on the type of deployment there may also be strong "
"availability requirements."
msgstr ""
"Domain keamanan data terutama terkait dengan informasi yang berkaitan dengan "
"layanan penyimpanan di dalam OpenStack. Sebagian besar data yang dikirim "
"melalui jaringan ini memerlukan tingkat integritas dan kerahasiaan yang "
"tinggi. Dalam beberapa kasus, tergantung pada jenis penempatan, mungkin juga "
"ada persyaratan ketersediaan yang kuat."
msgid ""
"The database user accounts created for the OpenStack services and for each "
"node should have privileges limited to just the database relevant to the "
"service where the node is a member."
msgstr ""
"Akun pengguna database dibuat untuk layanan OpenStack dan untuk setiap node "
"harus memiliki hak istimewa terbatas hanya pada database yang relevan dengan "
"layanan di mana node adalah anggota."
msgid ""
"The dedicated management utilities (\\*-manage) in some cases use the direct "
"database connection."
msgstr ""
"Utilitas manajemen dedicated (\\*-manage) dalam beberapa kasus menggunakan "
"koneksi database langsung."
msgid ""
"The default assumption for a data processing installation is that users will "
"have access to all functionality within their projects. In the event that "
"more granular control is required the Data processing service provides a "
"policy file (as described in :doc:`../identity/policies`). These "
"configurations will be highly dependent on the needs of the installing "
"organization, and as such there is no general advice on their usage: see :"
"ref:`data-processing-rbac-policies` for details."
msgstr ""
"Asumsi default untuk instalasi pengolahan data adalah pengguna akan memiliki "
"akses ke semua fungsi dalam proyek mereka. Jika diperlukan kontrol yang "
"lebih terperinci, layanan pengolahan data menyediakan file kebijakan "
"(seperti yang dijelaskan di :doc:`../identity/policies`). Konfigurasi ini "
"akan sangat tergantung pada kebutuhan organisasi penginstalan, dan karena "
"itu tidak ada saran umum mengenai penggunaannya: lihat :ref:`data-processing-"
"rbac-policies` untuk rinciannya."
msgid ""
"The default configuration file is ``/etc/apache2/apache2.conf`` on Ubuntu, "
"``/etc/httpd/conf/httpd.conf`` on RHEL and CentOS, ``/etc/apache2/httpd."
"conf`` on openSUSE and SUSE Linux Enterprise."
msgstr ""
"File konfigurasi defaultnya adalah ``/etc/apache2/apache2.conf`` di Ubuntu, "
"``/etc/httpd/conf/httpd.conf`` di RHEL dan CentOS, ``/etc/apache2/httpd."
"conf`` di openSUSE dan SUSE Linux Enterprise."
msgid ""
"The default session back end for horizon ``django.contrib.sessions.backends."
"signed_cookies`` saves user data in signed, but unencrypted cookies stored "
"in the browser. Due to the fact that each dashboard instance is stateless, "
"the previously mentioned methodology provides the ability to implement the "
"most simple session back-end scaling."
msgstr ""
"Sesi back end default horizon ``django.contrib.sessions.backends."
"signed_cookies`` menyimpan data pengguna yang masuk, tapi cookie yang tidak "
"dienkripsi disimpan di browser. Karena fakta bahwa setiap instance dasbor "
"stateless, metodologi yang disebutkan sebelumnya memberi kemampuan untuk "
"menerapkan penskalaan sesi back-end yang paling sederhana."
msgid ""
"The design of OpenStack is such that separation of security domains is "
"difficult. Because core services will usually bridge at least two domains, "
"special consideration must be given when applying security controls to them."
msgstr ""
"Desain OpenStack sedemikian rupa sehingga pemisahan domain keamanan sulit "
"dilakukan. Karena layanan inti biasanya akan menjembatani setidaknya dua "
"domain, pertimbangan khusus harus diberikan saat menerapkan kontrol keamanan "
"kepada mereka."
msgid ""
"The diagram above shows a compute node bridging the data and management "
"domains; as such, the compute node should be configured to meet the security "
"requirements of the management domain. Similarly, the API Endpoint in this "
"diagram is bridging the untrusted public domain and the management domain, "
"which should be configured to protect against attacks from the public domain "
"propagating through to the management domain."
msgstr ""
"Diagram di atas menunjukkan sebuah node komputasi yang menjembatani data dan "
"domain manajemen; Dengan demikian, node komputasi harus dikonfigurasi untuk "
"memenuhi persyaratan keamanan dari domain manajemen. Demikian pula, Endpoint "
"API dalam diagram ini menjembatani domain publik yang tidak tepercaya dan "
"domain manajemen, yang harus dikonfigurasi untuk melindungi dari serangan "
"dari domain publik yang memperbanyak melalui domain manajemen."
msgid ""
"The diagram shows the typical types of attacks that may be expected from the "
"actors described in the previous section. Note that there will always be "
"exceptions to this diagram."
msgstr ""
"Diagram menunjukkan jenis serangan khas yang mungkin diharapkan dari aktor "
"yang dijelaskan pada bagian sebelumnya. Perhatikan bahwa akan selalu ada "
"pengecualian pada diagram ini."
msgid ""
"The endpoint that receives the digitally signed certificate that is "
"verifiable with reference to the public key listed on the certificate. The "
"relying party should be in a position to verify the certificate up the "
"chain, ensure that it is not present in the :term:`CRL` and also must be "
"able to verify the expiry date on the certificate."
msgstr ""
"Endpoint yang menerima sertifikat yang ditandatangani secara digital yang "
"dapat diverifikasi dengan mengacu pada kunci publik yang tercantum pada "
"sertifikat. Pihak yang mengandalkan harus berada dalam posisi untuk "
"memverifikasi sertifikat atas rantai tersebut, memastikan bahwa hal itu "
"tidak ada dalam :term:`CRL` dan juga harus dapat memverifikasi tanggal "
"kadaluarsa sertifikat."
msgid "The entity tag (ETag) of objects that have non-zero content"
msgstr "The entity tag (ETag) dari objek yang memiliki konten tidak nol"
msgid ""
"The ephemeral disk encryption feature addresses data privacy. The ephemeral "
"disk is a temporary work space used by the virtual host operating system. "
"Without encryption, sensitive user information could be accessed on this "
"disk, and vestigial information could remain after the disk is unmounted."
msgstr ""
"Fitur enkripsi disk sesaat membahas privasi data. Disk fana adalah ruang "
"kerja sementara yang digunakan oleh sistem operasi virtual host. Tanpa "
"enkripsi, informasi pengguna yang sensitif dapat diakses pada disk ini, dan "
"informasi sisa bisa tetap ada setelah disk tidak terpasang."
msgid ""
"The ephemeral disk encryption feature, can interface with a key management "
"service through a secure wrapper and support data isolation by providing "
"ephemeral disk encryption keys on a per-tenant basis. Back-end key storage "
"is recommended for enhanced security (for example, an HSM or KMIP server can "
"be used as a barbican back-end secret store)."
msgstr ""
"Fitur enkripsi disk sesaat, dapat berinteraksi dengan layanan manajemen "
"kunci melalui pembungkus yang aman dan mendukung isolasi data dengan "
"menyediakan kunci enkripsi disk sesaat pada basis per-penyewa. Penyimpanan "
"kunci back-end direkomendasikan untuk keamanan yang ditingkatkan (misalnya, "
"server HSM atau KMIP dapat digunakan sebagai penyimpanan rahasia back-end "
"barbican)."
msgid ""
"The file location should match the value of the configuration option "
"``idp_metadata_path`` that was assigned in the list of ``[saml]`` updates."
msgstr ""
"Lokasi file harus sesuai dengan nilai opsi konfigurasi ``idp_metadata_path`` "
"yang ditugaskan dalam daftar update ``[saml] ``."
msgid ""
"The final option is to use an automated image builder. The following example "
"uses the Oz image builder. The OpenStack community has recently created a "
"newer tool worth investigating: disk-image-builder. We have not evaluated "
"this tool from a security perspective."
msgstr ""
"Pilihan terakhir adalah menggunakan pembangun image otomatis. Contoh berikut "
"menggunakan pembangun image Oz. Komunitas OpenStack baru-baru ini "
"menciptakan alat baru yang layak untuk penyeledikan: disk-image-builder. "
"Kami belum mengevaluasi alat ini dari perspektif keamanan."
msgid "The first option is to obtain boot media from a trusted source."
msgstr ""
"Pilihan pertama adalah untuk mendapatkan media boot dari sumber terpercaya."
msgid ""
"The first thing one should do when evaluating their OpenStack SSL/TLS needs "
"is to identify the threats. You can divide these threats into external and "
"internal attacker categories, but the lines tend to get blurred since "
"certain components of OpenStack operate on both the public and management "
"networks."
msgstr ""
"Hal pertama yang harus dilakukan saat mengevaluasi kebutuhan OpenStack SSL/"
"TLS adalah untuk mengidentifikasi ancaman. Anda dapat membagi ancaman ini ke "
"dalam kategori penyerang eksternal dan internal, namun garis tersebut "
"cenderung menjadi kabur karena beberapa komponen OpenStack beroperasi pada "
"jaringan publik dan manajemen."
msgid ""
"The following are the default listening ports for the various storage "
"services:"
msgstr ""
"Berikut adalah listening port default untuk berbagai layanan penyimpanan:"
msgid ""
"The following compiler options are recommend for GCC when compiling QEMU:"
msgstr ""
"Pilihan kompilator berikut direkomendasikan untuk GCC saat mengkompilasi "
"QEMU:"
msgid "The following data are encrypted while at rest in swift:"
msgstr "Data berikut dienkripsi saat istirahat dengan cepat:"
msgid ""
"The following diagram presents a conceptual view of how the Data processing "
"service fits into the greater OpenStack ecosystem."
msgstr ""
"Diagram berikut menyajikan pandangan konseptual tentang bagaimana layanan "
"pemrosesan Data sesuai dengan ekosistem OpenStack yang lebih besar."
msgid ""
"The following example shows a PKI token. Note that token ID values are "
"typically 3500 bytes. In this example, the value has been truncated."
msgstr ""
"Contoh berikut menunjukkan token PKI. Perhatikan bahwa nilai-nilai token ID "
"biasanya 3500 byte. Dalam contoh ini, nilainya telah terpotong."
msgid ""
"The following example shows how the service can restrict access to create, "
"update and delete resources to only those users which have the role of "
"``cloud_admin``, which has been defined as being the conjunction of ``role = "
"admin`` and ``domain_id = admin_domain_id``, while the get and list "
"resources are made available to users which have the role of ``cloud_admin`` "
"or ``admin``."
msgstr ""
"Contoh berikut menunjukkan bagaimana layanan dapat membatasi akses untuk "
"membuat, memperbarui dan menghapus sumber daya hanya untuk pengguna yang "
"memiliki peran ``cloud_admin``, yang telah didefinisikan sebagai gabungan "
"dari ``role = admin`` dan ``domain_id = admin_domain_id``, sedangkan sumber "
"daya get and list tersedia bagi pengguna yang memiliki peran ``cloud_admin`` "
"atau ``admin``."
msgid "The following figure demonstrates one possible network architecture."
msgstr "Gambar berikut menunjukkan satu kemungkinan arsitektur jaringan."
msgid ""
"The following figure shows an architectural and networking flow diagram of "
"the OpenStack Networking components:"
msgstr ""
"Gambar berikut menunjukkan diagram alir arsitektur dan jaringan komponen "
"OpenStack Networking:"
msgid ""
"The following is a list of Control Frameworks that an organization can use "
"to build their security controls."
msgstr ""
"Berikut ini adalah daftar Control Frameworks yang dapat digunakan organisasi "
"untuk membangun kontrol keamanan mereka."
msgid ""
"The following lines should be added in the system-wide MySQL configuration "
"file:"
msgstr "Baris berikut harus ditambahkan di file konfigurasi system-wide MySQL:"
msgid ""
"The following lines should be added in the system-wide PostgreSQL "
"configuration file, ``postgresql.conf``."
msgstr ""
"Baris berikut harus ditambahkan di file konfigurasi system-wide PostgreSQL, "
"``postgresql.conf``."
msgid ""
"The following lines should be added to the system-wide RabbitMQ "
"configuration file, typically ``/etc/rabbitmq/rabbitmq.config``:"
msgstr ""
"Baris berikut harus ditambahkan ke file konfigurasi RabbitMQ sistem secara "
"keseluruhan ``/etc/rabbitmq/rabbitmq.config``:"
msgid ""
"The following table calls out these features by common hypervisor platforms."
msgstr "Tabel berikut memanggil fitur ini oleh platform hypervisor umum."
msgid ""
"The functionality and integration are still evolving. We will access the "
"features in the next release and make recommendations."
msgstr ""
"Fungsionalitas dan integrasi masih terus berkembang. Kami akan mengakses "
"fitur di rilis berikutnya dan membuat rekomendasi."
msgid ""
"The generation and collection of logs is an important component of securely "
"monitoring an OpenStack infrastructure. Logs provide visibility into the day-"
"to-day actions of administrators, tenants, and guests, in addition to the "
"activity in the compute, networking, and storage and other components that "
"comprise your OpenStack deployment."
msgstr ""
"Generasi dan koleksi log merupakan komponen penting untuk memantau "
"infrastruktur OpenStack secara aman. Log memberikan visibilitas ke tindakan "
"administrator, penyewa, dan tamu sehari-hari, selain aktivitas dalam "
"penghitungan, jaringan, dan penyimpanan dan komponen lainnya yang menyusun "
"penerapan OpenStack Anda."
msgid ""
"The goal of security review in the OpenStack community is to identify "
"weaknesses in design or implementation of OpenStack projects. While rare, "
"these weaknesses could potentially have catastrophic effects on the security "
"of an OpenStack deployment, and therefore work should be undertaken to "
"minimize the likelihood of these defects in released projects. The OpenStack "
"Security Project asserts that once a security review of a project has been "
"completed, the following are known and documented:"
msgstr ""
"Tujuan tinjauan keamanan di komunitas OpenStack adalah untuk "
"mengidentifikasi kelemahan dalam perancangan atau pelaksanaan proyek "
"OpenStack. Meskipun jarang terjadi, kelemahan ini berpotensi menimbulkan "
"dampak bencana terhadap keamanan penempatan OpenStack, dan oleh karena itu, "
"pekerjaan harus dilakukan untuk meminimalkan kemungkinan cacat pada proyek "
"yang diluncurkan. OpenStack Security Project menegaskan bahwa setelah "
"tinjauan keamanan atas sebuah proyek selesai, berikut ini diketahui dan "
"didokumentasikan:"
msgid ""
"The importance of encrypting data on behalf of tenants is largely related to "
"the risk assumed by a provider that an attacker could access tenant data. "
"There may be requirements here in government, as well as requirements per-"
"policy, in private contract, or even in case law in regard to private "
"contracts for public cloud providers. It is recommended that a risk "
"assessment and legal consul advised before choosing tenant encryption "
"policies."
msgstr ""
"Pentingnya mengenkripsi data atas nama penyewa sebagian besar terkait dengan "
"risiko yang diasumsikan oleh penyedia bahwa penyerang dapat mengakses data "
"penyewa. Mungkin ada persyaratan di sini di pemerintahan, serta persyaratan "
"per-kebijakan, kontrak pribadi, atau bahkan dalam kasus hukum berkaitan "
"dengan kontrak pribadi untuk penyedia awan publik. Dianjurkan agar penilaian "
"risiko dan konsul hukum disarankan sebelum memilih kebijakan enkripsi "
"penyewa."
msgid ""
"The information security management system preserves the confidentiality, "
"integrity, and availability of information by applying a risk management "
"process and gives confidence to interested parties that risks are adequately "
"managed."
msgstr ""
"Sistem manajemen keamanan informasi menjaga kerahasiaan, integritas, dan "
"ketersediaan informasi dengan menerapkan proses manajemen risiko dan "
"memberikan kepercayaan kepada pihak yang berkepentingan bahwa risiko "
"dikelola secara memadai."
msgid ""
"The information system will receive a security category as defined in "
"Federal Information Processing Standards Publication 199 (FIPS 199). These "
"categories reflect the potential impact of system compromise."
msgstr ""
"Sistem informasi akan menerima kategori keamanan sebagaimana didefinisikan "
"dalam Federal Information Processing Standards Publication 199 (FIPS 199). "
"Kategori ini mencerminkan potensi dampak kompromi sistem."
msgid ""
"The initial program loader (IPL) code will most likely be the PXE firmware, "
"assuming the node deployment strategy outlined above. Therefore, the secure "
"boot or boot attestation process can measure all of the early stage boot "
"code, such as BIOS, firmware, the PXE firmware, and the kernel image. "
"Ensuring that each node has the correct versions of these pieces installed "
"provides a solid foundation on which to build the rest of the node software "
"stack."
msgstr ""
"Kode initial program loader (IPL) kemungkinan besar adalah firmware PXE, "
"dengan asumsi strategi penyebaran node yang diuraikan di atas. Oleh karena "
"itu, proses pengesahan booting atau booting yang aman dapat mengukur semua "
"kode boot tahap awal, seperti BIOS, firmware, firmware PXE, dan kernel "
"image. Memastikan bahwa setiap node memiliki versi yang benar dari potongan-"
"potongan ini yang terpasang memberikan fondasi yang kokoh untuk membangun "
"tumpukan perangkat lunak node lainnya."
msgid ""
"The initial work on this book was conducted in an overly air-conditioned "
"room that served as our group office for the entirety of the documentation "
"sprint."
msgstr ""
"Karya awal buku ini dilakukan di ruangan yang terlalu ber-AC yang berfungsi "
"sebagai kantor kelompok kami untuk keseluruhan sprint dokumentasi."
msgid ""
"The interfaces listing captures interfaces within the scope of the review. "
"This includes connections between blocks on the architecture diagram which "
"cross a trust boundary or do not use an industry standard encryption "
"protocol such as TLS or SSH. For each interface the following information is "
"captured:"
msgstr ""
"Daftar antarmuka menangkap antarmuka dalam lingkup tinjauan. Ini termasuk "
"koneksi antara blok pada diagram arsitektur yang melintasi batas kepercayaan "
"atau tidak menggunakan protokol enkripsi standar industri seperti TLS atau "
"SSH. Untuk setiap antarmuka informasi berikut diambil:"
msgid ""
"The key manager of your choice can be used with Openstack if Castellan "
"plugin has been written for that key manager. Once that plugin has been "
"written, it is relatively trivial to use the plugin either directly or "
"behind Barbican."
msgstr ""
"Key manager pilihan Anda dapat digunakan dengan Openstack jika plugin "
"Castellan telah ditulis untuk key manager tersebut. Setelah plugin itu "
"ditulis, relatif sepele untuk menggunakan plugin baik secara langsung maupun "
"di belakang Barbican."
msgid ""
"The libvirt plug-in for compute may maintain ephemeral storage directly on a "
"filesystem, or in LVM. Filesystem storage generally will not overwrite data "
"when it is removed, although there is a guarantee that dirty extents are not "
"provisioned to users."
msgstr ""
"Plugin libvirt untuk menghitung dapat menyimpan penyimpanan sesaat secara "
"langsung pada filesystem, atau di LVM. Penyimpanan filesystem umumnya tidak "
"akan menimpa data saat dilepas, meski ada jaminan bahwa luapan limbah (dirty "
"extent) tidak tersedia bagi pengguna."
msgid ""
"The management of the security critical parameters of the system is "
"performed by administrative users. A set of commands that require root "
"privileges (or specific roles when RBAC is used) are used for system "
"management. Security parameters are stored in specific files that are "
"protected by the access control mechanisms of the system against "
"unauthorized access by users that are not administrative users."
msgstr ""
"Pengelolaan parameter kritis keamanan sistem dilakukan oleh pengguna "
"administratif. Satu set perintah yang memerlukan hak istimewa root (atau "
"peran spesifik saat RBAC digunakan) digunakan untuk pengelolaan sistem. "
"Parameter keamanan disimpan dalam file tertentu yang dilindungi oleh "
"mekanisme kontrol akses dari sistem terhadap akses yang tidak sah oleh "
"pengguna yang bukan pengguna administratif."
msgid ""
"The management security domain is where services interact. Sometimes "
"referred to as the \"control plane\", the networks in this domain transport "
"confidential data such as configuration parameters, user names, and "
"passwords. Command and Control traffic typically resides in this domain, "
"which necessitates strong integrity requirements. Access to this domain "
"should be highly restricted and monitored. At the same time, this domain "
"should still employ all of the security best practices described in this "
"guide."
msgstr ""
"Domain keamanan manajemen adalah tempat layanan berinteraksi. Terkadang "
"disebut sebagai \"control plane\", jaringan dalam domain ini mengangkut data "
"rahasia seperti parameter konfigurasi, nama pengguna, dan kata sandi. Lalu "
"lintas Command and Control biasanya berada di domain ini, yang memerlukan "
"persyaratan integritas yang kuat. Akses ke domain ini harus sangat dibatasi "
"dan dipantau. Pada saat yang sama, domain ini harus tetap menerapkan semua "
"praktik terbaik keamanan yang dijelaskan dalam panduan ini."
msgid ""
"The manila configuration file ``manila.conf`` may be placed anywhere. The "
"path ``/etc/manila/manila.conf`` is expected by default."
msgstr ""
"File konfigurasi manila ``manila.conf`` dapat ditempatkan dimana saja. Path "
"``/etc/manila/manila.conf`` diharapkan secara default."
msgid ""
"The maturity of a given hypervisor product or project is critical to your "
"security posture as well. Product maturity has a number of effects once you "
"have deployed your cloud:"
msgstr ""
"Kematangan produk atau proyek hypervisor yang diberikan sangat penting untuk "
"postur keamanan Anda. Kematangan produk memiliki sejumlah efek setelah Anda "
"memasang awan Anda:"
msgid ""
"The maturity of a given product or project is critical to your security "
"posture. Product maturity has a number of effects after you deploy your "
"cloud:"
msgstr ""
"Kematangan produk atau proyek tertentu sangat penting untuk postur keamanan "
"Anda. Kematangan produk memiliki sejumlah efek setelah Anda menyebarkan awan "
"Anda:"
msgid ""
"The method for configuring your web server to start and run as a non-root "
"user varies by web server and operating system."
msgstr ""
"Metode untuk mengonfigurasi server web Anda agar dijalankan dan dijalankan "
"sebagai pengguna non-root berbeda-beda menurut server web dan sistem operasi."
msgid ""
"The more familiar your team is with a given product, its configuration, and "
"its eccentricities, the fewer configuration mistakes are made. Additionally, "
"having staff expertise spread across an organization increases availability "
"of your systems, allows segregation of duties, and mitigates problems in the "
"event that a team member is unavailable."
msgstr ""
"Semakin akrab tim Anda dengan produk tertentu, konfigurasinya, dan "
"eksentrisitasnya, semakin sedikit kesalahan konfigurasi yang dibuat. Selain "
"itu, memiliki keahlian staf yang tersebar di seluruh organisasi meningkatkan "
"ketersediaan sistem Anda, memungkinkan pemisahan tugas, dan mengurangi "
"masalah jika anggota tim tidak tersedia."
msgid ""
"The most common frameworks for auditing and evaluating a cloud deployment "
"include the previously mentioned ISO 27001/2 Information Security standard, "
"ISACA's Control Objectives for Information and Related Technology (COBIT) "
"framework, Committee of Sponsoring Organizations of the Treadway Commission "
"(COSO), and Information Technology Infrastructure Library (ITIL). It is very "
"common for audits to include areas of focus from one or more of these "
"frameworks. Fortunately there is a lot of overlap between the frameworks, so "
"an organization that adopts one will be in a good position come audit time."
msgstr ""
"Kerangka kerja yang paling umum untuk mengaudit dan mengevaluasi penerapan "
"cloud termasuk standar Information Security 27001/2 yang telah disebutkan "
"sebelumnya, kerangka ISACA's Control Objectives for Information and Related "
"Technology (COBIT), Committee of Sponsoring Organizations of the Treadway "
"Commission (COSO), dan Information Technology Infrastructure Library (ITIL). "
"Hal ini sangat umum untuk audit untuk memasukkan area fokus dari satu atau "
"lebih kerangka kerja ini. Untungnya ada banyak tumpang tindih antara "
"kerangka kerja, sehingga organisasi yang mengadopsi seseorang akan berada "
"dalam posisi yang baik datang waktu audit."
msgid ""
"The network authentication protocol which works on the basis of tickets to "
"allow nodes communicating over a non-secure network to prove their identity "
"to one another in a secure manner."
msgstr ""
"Protokol otentikasi jaringan yang bekerja berdasarkan tiket untuk "
"memungkinkan node berkomunikasi melalui jaringan yang tidak aman untuk "
"membuktikan identitas mereka satu sama lain secara aman."
msgid ""
"The neutron-l3-agent, used by many plug-ins to implement L3 forwarding, "
"supports only IPv4 forwarding."
msgstr ""
"Agen neutron-l3-agent, yang digunakan oleh banyak plug-in untuk "
"mengimplementasikan forwarding L3, hanya mendukung penerusan IPv4."
msgid ""
"The newly created file will be stored under ``/etc/shibboleth/sp-key.pem``"
msgstr ""
"File yang baru dibuat akan disimpan di bawah ``/etc/shibboleth/sp-key.pem``"
msgid ""
"The nova command-line utility can return a URL for SPICE console for access "
"by a SPICE-html client."
msgstr ""
"Utilitas command-line nova dapat mengembalikan URL untuk konsol SPICE untuk "
"akses oleh klien SPICE-html."
msgid ""
"The option ``saml2`` may be different in your deployment, but do not use a "
"wildcard value. Otherwise every Federated protocol will be handled by "
"Shibboleth."
msgstr ""
"Pilihan `` saml2`` mungkin berbeda dalam penerapan Anda, namun jangan "
"gunakan nilai wildcard. Jika tidak, setiap protokol Federated akan ditangani "
"oleh Shibboleth."
msgid ""
"The option exists for implementers to encrypt tenant data wherever it is "
"stored on disk or transported over a network, such as the OpenStack volume "
"encryption feature described below. This is above and beyond the general "
"recommendation that users encrypt their own data before sending it to their "
"provider."
msgstr ""
"Pilihan ada bagi pelaksana untuk mengenkripsi data penyewa dimanapun "
"disimpan di disk atau diangkut melalui jaringan, seperti fitur enkripsi "
"volume OpenStack yang dijelaskan di bawah ini. Ini di atas dan di luar "
"rekomendasi umum bahwa pengguna mengenkripsi data mereka sendiri sebelum "
"mengirimkannya ke penyedia mereka."
msgid ""
"The parameter ``max_request_body_size`` defines the maximum body size per "
"request in bytes. If the maximum size is not defined, the attacker could "
"craft an arbitrary request of large size causing the service to crash and "
"finally resulting in Denial Of Service attack. Assigning the maximum value "
"ensures that any malicious oversized request gets blocked ensuring continued "
"availability of the component."
msgstr ""
"Parameter ``max_request_body_size`` mendefinisikan ukuran body maksimum per "
"permintaan dalam satuan byte. Jika ukuran maksimum tidak ditentukan, "
"penyerang bisa mengajukan permintaan semaunya (arbitrary) dengan ukuran "
"besar menyebabkan layanan mogok dan akhirnya mengakibatkan serangan Denial "
"Of Service. Menetapkan nilai maksimum memastikan bahwa permintaan besar yang "
"berbahaya diblokir untuk memastikan ketersediaan komponen yang dilanjutkan."
msgid ""
"The permissions of a file can be examined my moving into the directory the "
"file is contained in and running the :command:`ls -lh` command. This will "
"show the permissions, owner, and group that have access to the file, as well "
"as other information such as the last time the file was modified and when it "
"was created."
msgstr ""
"Perizinan sebuah file dapat diperiksa untuk pindah ke direktori file berisi "
"dan menjalankan perintah :command:`ls -lh`. Ini akan menunjukkan hak akses, "
"pemilik, dan grup yang memiliki akses ke file, serta informasi lainnya "
"seperti terakhir kali file tersebut dimodifikasi dan kapan dibuat."
msgid ""
"The policy enforcement middleware enables fine-grained access control to "
"OpenStack resources. The behaviour of the policy is discussed in depth in :"
"ref:`policy-section`."
msgstr ""
"Middleware penegakan kebijakan memungkinkan kontrol akses fine-grained ke "
"sumber daya OpenStack. Perilaku kebijakan dibahas secara mendalam di :ref:"
"`policy-section`."
msgid ""
"The port ``8786`` is the default port for the Shared File Systems service. "
"It may be changed to any other port, but this change should also be made in "
"the configuration file to option ``osapi_share_listen_port`` which defaults "
"to ``8786``."
msgstr ""
"Port ``8786`` adalah port default untuk layanan Shared File Systems. Ini "
"bisa diubah ke port lain, tapi perubahan ini juga harus dilakukan pada file "
"konfigurasi ke opsi ``osapi_share_listen_port`` yang defaultnya ke ``8786``."
msgid ""
"The prescriptive defense for each form of attack is beyond the scope of this "
"document. The above diagram can assist you in making an informed decision "
"about which types of threats, and threat actors, should be protected "
"against. For commercial public cloud deployments this might include "
"prevention against serious crime. For those deploying private clouds for "
"government use, more stringent protective mechanisms should be in place, "
"including carefully protected facilities and supply chains. In contrast, "
"those standing up basic development or test environments will likely require "
"less restrictive controls (middle of the spectrum)."
msgstr ""
"Pertahanan preskriptif untuk setiap bentuk serangan berada di luar cakupan "
"dokumen ini. Diagram di atas dapat membantu Anda dalam membuat keputusan "
"tentang jenis ancaman, dan aktor ancaman, yang harus dilindungi. Untuk "
"penyebaran awan publik komersial, ini mungkin mencakup pencegahan terhadap "
"kejahatan serius. Bagi mereka yang menggunakan awan private untuk penggunaan "
"pemerintah, mekanisme perlindungan yang lebih ketat harus ada, termasuk "
"fasilitas dan rantai pasokan yang dilindungi secara hati-hati. Sebaliknya, "
"mereka yang berdiri di lingkungan pengembangan atau pengujian dasar "
"kemungkinan akan memerlukan kontrol yang kurang ketat (di tengah spektrum)."
msgid ""
"The privacy and isolation of data has consistently been cited as the primary "
"barrier to cloud adoption over the past few years. Concerns over who owns "
"data in the cloud and whether the cloud operator can be ultimately trusted "
"as a custodian of this data have been significant issues in the past."
msgstr ""
"Privasi dan isolasi data secara konsisten telah disebut sebagai penghalang "
"utama untuk adopsi awan selama beberapa tahun terakhir. Kekhawatiran atas "
"siapa yang memiliki data di awan dan apakah operator awan pada akhirnya "
"dapat dipercaya sebagai penjaga data ini telah menjadi isu penting di masa "
"lalu."
msgid ""
"The process does not end with a single external audit. Most certifications "
"require continual compliance activities which means repeating the audit "
"process periodically. We recommend integrating automated compliance "
"verification tools into a cloud to ensure that it is compliant at all times. "
"This should be in done in addition to other security monitoring tools. "
"Remember that the goal is both security and compliance. Failing on either of "
"these fronts will significantly complicate future audits."
msgstr ""
"Prosesnya tidak diakhiri dengan audit eksternal tunggal. Sebagian besar "
"sertifikasi memerlukan kegiatan kepatuhan terus-menerus yang berarti "
"mengulangi proses audit secara berkala. Sebaiknya integrasikan alat "
"verifikasi kepatuhan otomatis ke dalam awan untuk memastikannya sesuai "
"setiap saat. Ini harus dilakukan selain alat pemantauan keamanan lainnya. "
"Ingat bahwa tujuannya adalah keamanan dan kepatuhan. Gagal pada salah satu "
"front ini akan secara signifikan mempersulit audit di masa depan."
msgid ""
"The process of engaging an OpenStack cloud is started through the querying "
"of an API endpoint. While there are different challenges for public and "
"private endpoints, these are high value assets that can pose a significant "
"risk if compromised."
msgstr ""
"Proses melibatkan awan OpenStack dimulai melalui kueri API endpoint. "
"Meskipun ada tantangan yang berbeda untuk endpoint publik dan private, ini "
"adalah aset bernilai tinggi yang dapat menimbulkan risiko signifikan jika "
"dikompromikan."
msgid "The protocol used"
msgstr "Protokol yang digunakan"
msgid ""
"The public security domain is an entirely untrusted area of the cloud "
"infrastructure. It can refer to the Internet as a whole or simply to "
"networks over which you have no authority. Any data that transits this "
"domain with confidentiality or integrity requirements should be protected "
"using compensating controls."
msgstr ""
"Domain keamanan publik adalah wilayah yang sepenuhnya tidak dipercaya dari "
"infrastruktur awan. Ini bisa merujuk ke Internet secara keseluruhan atau "
"hanya ke jaringan tempat Anda tidak memiliki otoritas. Setiap data yang "
"transit domain ini dengan persyaratan kerahasiaan atau integritas harus "
"dilindungi dengan menggunakan kontrol kompensasi."
msgid ""
"The purpose of an architecture page is to document the architecture, purpose "
"and security controls of a service or project. It should document the best "
"practice deployment of that project."
msgstr ""
"Tujuan dari halaman arsitektur adalah untuk mendokumentasikan kontrol "
"arsitektur, tujuan dan keamanan suatu layanan atau proyek. Ini harus "
"mendokumentasikan penyebaran praktik terbaik dari proyek itu."
msgid ""
"The reasons for doing this will change depending on the organizational "
"requirements of the installation. In general, these fine grained controls "
"are used in situations where an operator needs to restrict the creation, "
"deletion, and retrieval of the Data processing service resources. Operators "
"who need to restrict access within a project should be fully aware that "
"there will need to be alternative means for users to gain access to the core "
"functionality of the service (for example, provisioning clusters)."
msgstr ""
"Alasan untuk melakukan hal ini akan berubah tergantung pada persyaratan "
"organisasi instalasi. Secara umum, kontrol berbutir halus (fine grained "
"control) ini digunakan dalam situasi di mana operator perlu membatasi "
"pembuatan, penghapusan, dan pengambilan sumber daya layanan pemrosesan Data. "
"Operator yang perlu membatasi akses dalam sebuah proyek harus sepenuhnya "
"sadar bahwa perlu ada cara alternatif bagi pengguna untuk mendapatkan akses "
"ke fungsionalitas inti layanan (misalnya, provisioning cluster)."
msgid ""
"The recommended configuration for the Shared File Systems service real usage "
"is to create a share with the CIFS share protocol and add to it the "
"Microsoft Active Directory directory service. In this configuration you will "
"get the centralized data base and the service that unites Kerberos and LDAP "
"approaches. This is a real use case that is convenient for production shared "
"file systems."
msgstr ""
"Konfigurasi yang disarankan untuk penggunaan layanan Shared File Systems "
"sebenarnya adalah membuat share dengan protokol share CIFS dan "
"menambahkannya ke layanan direktori Microsoft Active Directory. Dalam "
"konfigurasi ini Anda akan mendapatkan basis data terpusat dan layanan yang "
"menyatukan pendekatan Kerberos dan LDAP. Ini adalah kasus penggunaan nyata "
"yang sesuai untuk sistem file shared produksi."
msgid ""
"The recommended way to securely store and manage secrets in OpenStack is to "
"use Barbican."
msgstr ""
"Cara yang disarankan untuk menyimpan dan mengelola rahasia di OpenStack "
"dengan aman adalah dengan menggunakan Barbican."
msgid ""
"The resources (clusters, jobs, and data sources) of the Data processing "
"service are shared within the scope of a project. Although a single "
"controller installation may manage several sets of resources, these "
"resources will each be scoped to a single project. Given this constraint we "
"recommend that user membership in projects is monitored closely to maintain "
"proper segregation of resources."
msgstr ""
"Sumber daya (clusters, jobs, dan data source) dari layanan pengolahan Data "
"dibagi dalam lingkup proyek. Meskipun satu instalasi pengontrol tunggal "
"dapat mengatur beberapa kumpulan sumber daya, sumber daya ini masing-masing "
"akan diolah satu proyek tunggal. Dengan kendala ini, kami merekomendasikan "
"agar keanggotaan pengguna dalam proyek dipantau secara ketat untuk menjaga "
"pemisahan sumber daya secara benar."
msgid ""
"The rsync protocol is used between storage service nodes to replicate data "
"for high availability. In addition, the proxy service communicates with the "
"storage service when relaying data back and forth between the client end-"
"point and the cloud environment."
msgstr ""
"Protokol rsync digunakan antara node layanan penyimpanan untuk mereplikasi "
"data untuk ketersediaan tinggi. Selain itu, layanan proxy berkomunikasi "
"dengan layanan penyimpanan saat menyampaikan data bolak-balik antara titik "
"end-point dan lingkungan awan."
msgid ""
"The search should not return the string written to the encrypted volume."
msgstr ""
"Pencarian seharusnya tidak mengembalikan string yang ditulis ke volume "
"terenkripsi."
msgid ""
"The second option is to use the `OpenStack Virtual Machine Image Guide "
"<https://docs.openstack.org/image-guide/>`_. In this case, you will want to "
"follow your organizations OS hardening guidelines or those provided by a "
"trusted third-party such as the `Linux STIGs <http://iase.disa.mil/stigs/os/"
"unix-linux/Pages/index.aspx>`_."
msgstr ""
"Pilihan kedua adalah menggunakan `OpenStack Virtual Machine Image Guide "
"<https://docs.openstack.org/image-guide/>`_. Dalam kasus ini, Anda akan "
"ingin mengikuti panduan pengarahan OS organisasi Anda atau yang disediakan "
"oleh pihak ketiga yang tepercaya seperti `Linux STIGs <http://iase.disa.mil/"
"stigs/os/unix-linux/Pages/index.aspx>`_."
msgid ""
"The selection and configuration of a host-based intrusion detection tool is "
"highly deployment specific. We recommend starting by exploring the following "
"open source projects which implement a variety of host-based intrusion "
"detection and file monitoring features."
msgstr ""
"Pemilihan dan konfigurasi alat deteksi intrusi berbasis host sangat "
"spesifik. Sebaiknya mulailah dengan mengeksplorasi proyek open source "
"berikut yang menerapkan berbagai deteksi intrusi berbasis host dan fitur "
"pemantauan file."
msgid ""
"The server certificate, key, and certificate authority (CA) files should be "
"placed in the $PGDATA directory in the following files:"
msgstr ""
"File sertifikat server, key, dan certificate authority (CA) harus "
"ditempatkan di direktori $PGDATA pada file berikut:"
msgid ""
"The service that provides a stable RESTful API. The service authenticates "
"and routes requests throughout the Shared Filesystem service. There is "
"python-manilaclient to interact with the API. For more details on the Shared "
"File Systems API, see the `OpenStack Shared File Systems API <https://"
"developer.openstack.org/api-ref-share-v2.html>`_."
msgstr ""
"Layanan yang menyediakan RESTful API yang stabil. Layanan mengotentikasi dan "
"mengarahkan permintaan ke seluruh layanan Shared Filesystem. Ada python-"
"manilaclient untuk berinteraksi dengan API. Untuk detail lebih lanjut "
"tentang API File Sistem Bersama, lihat `OpenStack Shared File Systems API "
"<https://developer.openstack.org/api-ref-share-v2.html>`_."
msgid ""
"The share driver creates the share server and manages, or handles, the share "
"server life cycle."
msgstr ""
"Share driver menciptakan share server dan mengelola, atau menangani, siklus "
"hidup share server"
msgid ""
"The simple crypto plugin is configured by default in ``barbican.conf``. This "
"plugin uses single symmetric key (KEK - or 'Key Encryption Key') which is "
"stored in plain text in the ``barbican.conf`` file to encrypt and decrypt "
"all secrets. This plugin is considered a less secure option and is only "
"suitable for development and testing as the master key is stored within a "
"config file in plain text, and is therefore not recommended for use in "
"production deployments."
msgstr ""
"Plugin kripto sederhana dikonfigurasi secara default di ``barbican.conf``. "
"Plugin ini menggunakan kunci simetris tunggal (KEK - atau 'Key Encryption "
"Key') yang disimpan dalam teks biasa di file ``barbican.conf`` untuk "
"mengenkripsi dan mendekripsi semua rahasia. Plugin ini dianggap sebagai "
"pilihan yang kurang aman dan hanya cocok untuk pengembangan dan pengujian "
"karena kunci utama disimpan dalam file konfigurasi dalam teks biasa, oleh "
"karena itu tidak disarankan untuk digunakan dalam penyebaran produksi."
msgid ""
"The system documentation for an OpenStack cloud deployment should follow the "
"templates and best practices for the Enterprise Information Technology "
"System in your organization. Organizations often have compliance "
"requirements which may require an overall System Security Plan to inventory "
"and document the architecture of a given system. There are common challenges "
"across the industry related to documenting the dynamic cloud infrastructure "
"and keeping the information up-to-date."
msgstr ""
"Dokumentasi sistem untuk pengerahan awan OpenStack harus mengikuti template "
"dan praktik terbaik untuk Enterprise Information Technology System di "
"organisasi Anda. Organisasi sering memiliki persyaratan kepatuhan yang "
"mungkin memerlukan System Security Plan secara keseluruhan untuk "
"menginventarisasi dan mendokumentasikan arsitektur sistem yang diberikan. "
"Ada tantangan umum di industri terkait dengan mendokumentasikan "
"infrastruktur awan dinamis dan menjaga agar informasi tetap up-to-date."
msgid ""
"The system provides the capability to audit a large number of events, "
"including individual system calls and events generated by trusted processes. "
"Audit data is collected in regular files in ASCII format. The system "
"provides a program for the purpose of searching the audit records. The "
"system administrator can define a rule base to restrict auditing to the "
"events they are interested in. This includes the ability to restrict "
"auditing to specific events, specific users, specific objects or a "
"combination of all of this. Audit records can be transferred to a remote "
"audit daemon."
msgstr ""
"Sistem ini menyediakan kemampuan untuk mengaudit sejumlah besar event, "
"termasuk panggilan sistem individual dan kejadian yang dihasilkan oleh "
"proses terpercaya (trusted processes). Data audit dikumpulkan dalam file "
"biasa dalam format ASCII. Sistem ini menyediakan sebuah program untuk tujuan "
"mencari catatan audit. Administrator sistem dapat menentukan basis aturan "
"untuk membatasi pengauditan terhadap kejadian yang mereka minati. Ini "
"mencakup kemampuan untuk membatasi audit terhadap kejadian tertentu, "
"pengguna tertentu, objek tertentu atau kombinasi dari semua ini. Catatan "
"audit dapat dipindahkan ke daemon audit jarak jauh."
msgid ""
"The system supports encrypted block devices to provide storage "
"confidentiality via ``dm_crypt``."
msgstr ""
"Sistem ini mendukung perangkat blok terenkripsi untuk menyediakan "
"kerahasiaan penyimpanan via ``dm_crypt``."
msgid ""
"The system supports the definition of trusted channels using SSH. Password "
"based authentication is supported. Only a restricted number of cipher suites "
"are supported for those protocols in the evaluated configuration."
msgstr ""
"Sistem ini mendukung definisi kanal terpercaya dengan menggunakan SSH. "
"Otentikasi berbasis kata kunci didukung. Hanya sejumlah kecil cipher suites "
"yang didukung untuk protokol tersebut dalam konfigurasi yang dievaluasi."
msgid ""
"The team converged in Annapolis, MD due to the close proximity of some key "
"members of the group. This was a remarkable collaboration between public "
"sector intelligence community members, silicon valley startups and some "
"large, well-known technology companies. The book sprint ran during the last "
"week in June 2013 and the first edition was created in five days."
msgstr ""
"Tim berkumpul di Annapolis, MD karena kedekatan beberapa anggota kunci "
"kelompok tersebut. Ini adalah kolaborasi yang luar biasa antara anggota "
"komunitas intelijen sektor publik, startup lembah silikon dan beberapa "
"perusahaan teknologi besar dan terkenal. Book sprint berjalan cepat selama "
"minggu terakhir di bulan Juni 2013 dan edisi pertama dibuat dalam lima hari."
msgid "The team included:"
msgstr "Tim termasuk:"
msgid ""
"The token is often passed within the structure of a larger context of an "
"Identity service response. These responses also provide a catalog of the "
"various OpenStack services. Each service is listed with its name, access "
"endpoints for internal, admin, and public access."
msgstr ""
"Token sering dilewatkan dalam struktur konteks respon layanan Identity yang "
"lebih besar. Tanggapan ini juga menyediakan katalog berbagai layanan "
"OpenStack. Setiap layanan terdaftar dengan namanya, akses endpoint untuk "
"akses internal, admin, dan publik."
msgid ""
"The trust level of this network is heavily dependent on deployment decisions "
"and as such we do not assign this any default level of trust."
msgstr ""
"Tingkat kepercayaan dari jaringan ini sangat bergantung pada keputusan "
"penerapan dan karena itu kami tidak menetapkan tingkat kepercayaan default "
"ini."
msgid ""
"The two broadly defined types of nodes that generally make up an OpenStack "
"installation are:"
msgstr ""
"Dua jenis node yang didefinisikan secara umum yang umumnya merupakan "
"instalasi OpenStack adalah:"
msgid ""
"The volume encryption and ephemeral disk encryption features rely on a key "
"management service (for example, barbican) for the creation and secure "
"storage of keys. The key manager is pluggable to facilitate deployments that "
"need a third-party Hardware Security Module (HSM) or the use of the Key "
"Management Interchange Protocol (KMIP), which is supported by an open-source "
"project called PyKMIP."
msgstr ""
"Enkripsi volume dan fitur enkripsi disk sesaat menggunakan layanan manajemen "
"kunci (misalnya barbecue) untuk pembuatan dan penyimpanan kunci yang aman. "
"Manajer kunci pluggable untuk memfasilitasi pengerahan yang memerlukan "
"Hardware Security Module (HSM) pihak ketiga atau penggunaan Key Management "
"Interchange Protocol (KMIP), yang didukung oleh proyek open-source yang "
"disebut PyKMIP."
msgid ""
"The volume encryption feature provides encryption of data-at-rest using "
"Castellan. When a user creates an encrypted volume type, and creates a "
"volume using that type, the Block Storage (cinder) service requests the key "
"manager to create a key to be associated with that volume. When the volume "
"is attached to an instance, nova retrieves the key."
msgstr ""
"Fitur enkripsi volume memberikan enkripsi data saat beristirahat menggunakan "
"Castellan. Saat pengguna membuat jenis volume terenkripsi, dan membuat "
"volume menggunakan jenis itu, layanan Block Storage (cinder) meminta manajer "
"kunci untuk membuat kunci yang terkait dengan volume tersebut. Bila volume "
"terpasang pada sebuah instance, nova mengambil kuncinya."
msgid ""
"The web server that hosts the dashboard should be configured for TLS to "
"ensure data is encrypted."
msgstr ""
"Server web yang menghosting dasbor harus dikonfigurasi untuk TLS untuk "
"memastikan data dienkripsi."
msgid ""
"There are a few important security considerations for network and host-based "
"intrusion detection systems."
msgstr ""
"Ada beberapa pertimbangan keamanan penting untuk sistem deteksi intrusi "
"berbasis jaringan dan host."
msgid ""
"There are a large number of share drivers created by different vendors which "
"support different hardware storage solutions, for example, NetApp Clustered "
"Data ONTAP (cDOT) Driver, Huawei NAS Driver or GlusterFS Driver. Each share "
"driver is a Python class that can be set for a back end and run in the back "
"end to manage share operations, some of which can be vendor-specific. The "
"back end is an instance of the manila-share service."
msgstr ""
"Ada sejumlah besar driver share yang dibuat oleh vendor yang berbeda yang "
"mendukung solusi penyimpanan perangkat keras yang berbeda, misalnya NetApp "
"Clustered Data ONTAP (cDOT) Driver, Driver NAS Huawei atau Driver GlusterFS. "
"Setiap driver share adalah kelas Python yang bisa diatur untuk back end dan "
"berjalan di back end untuk mengelola operasi share, beberapa di antaranya "
"bisa menjadi vendor-specific. Back end adalah instance dari layanan manila-"
"share."
msgid ""
"There are a number of standard activities that will greatly assist with the "
"compliance process. This chapter outlines some of the most common compliance "
"activities. These are not specific to OpenStack, however references are "
"provided to relevant sections in this book as useful context."
msgstr ""
"Ada sejumlah kegiatan standar yang akan sangat membantu proses kepatuhan. "
"Bab ini menguraikan beberapa aktivitas kepatuhan yang paling umum. Ini tidak "
"spesifik untuk OpenStack, namun referensi diberikan ke bagian yang relevan "
"dalam buku ini sebagai konteks yang berguna."
msgid ""
"There are a variety of technologies that enable verification of these early "
"boot stages. These typically require hardware support such as the :term:"
"`trusted platform module (TPM)`, Intel Trusted Execution Technology (TXT), "
"dynamic root of trust measurement (DRTM), and Unified Extensible Firmware "
"Interface (UEFI) secure boot. In this book, we will refer to all of these "
"collectively as *secure boot technologies*. We recommend using secure boot, "
"while acknowledging that many of the pieces necessary to deploy this require "
"advanced technical skills in order to customize the tools for each "
"environment. Utilizing secure boot will require deeper integration and "
"customization than many of the other recommendations in this guide. TPM "
"technology, while common in most business class laptops and desktops for "
"several years, and is now becoming available in servers together with "
"supporting BIOS. Proper planning is essential to a successful secure boot "
"deployment."
msgstr ""
"Ada berbagai teknologi yang memungkinkan verifikasi tahap boot awal ini. Ini "
"biasanya memerlukan dukungan perangkat keras sepert :term:`trusted platform "
"module (TPM)`, Intel Trusted Execution Technology (TXT), dynamic root of "
"trust measurement (DRTM), dan booting aman Unified Extensible Firmware "
"Interface (UEFI). Dalam buku ini, kita akan mengacu pada semua ini secara "
"kolektif sebagai teknologi secure boot. Sebaiknya gunakan boot aman, sambil "
"mengakui bahwa banyak dari potongan yang diperlukan untuk menerapkan ini "
"memerlukan ketrampilan teknis lanjutan untuk menyesuaikan alat untuk setiap "
"lingkungan. Memanfaatkan boot yang aman akan memerlukan integrasi dan "
"penyesuaian yang lebih dalam daripada banyak rekomendasi lainnya dalam "
"panduan ini. Teknologi TPM, meski umum ada di kebanyakan laptop kelas bisnis "
"dan desktop selama beberapa tahun, dan kini mulai tersedia di server "
"bersamaan dengan BIOS pendukung. Perencanaan yang tepat sangat penting untuk "
"penerapan booting aman yang berhasil."
msgid ""
"There are four main services that interact with OpenStack Networking. In a "
"typical OpenStack deployment these services map to the following security "
"domains:"
msgstr ""
"Ada empat layanan utama yang berinteraksi dengan OpenStack Networking. Dalam "
"pengerahan OpenStack tipikal, layanan ini dipetakan ke domain keamanan "
"berikut:"
msgid ""
"There are management, policy, and technical challenges around creating and "
"signing certificates. This is an area where cloud architects or operators "
"may wish to seek the advice of industry leaders and vendors in addition to "
"the guidance recommended here."
msgstr ""
"Ada tantangan manajemen, kebijakan, dan teknis seputar pembuatan dan "
"penandatanganan sertifikat. Ini adalah area dimana arsitek awan atau "
"operator mungkin ingin mencari saran dari pemimpin industri dan vendor "
"disamping panduan yang direkomendasikan di sini."
msgid ""
"There are many configuration management solutions; at the time of this "
"writing there are two in the marketplace that are robust in their support of "
"OpenStack environments: :term:`Chef` and :term:`Puppet`. A non-exhaustive "
"listing of tools in this space is provided below:"
msgstr ""
"Ada banyak solusi manajemen konfigurasi; Pada saat penulisan ini ada dua di "
"pasar yang kuat dalam mendukung lingkungan OpenStack: :term:`Chef` dan :term:"
"`Puppet`. Daftar alat yang tidak lengkap (non-exhaustive) di ruang ini "
"disediakan di bawah ini:"
msgid ""
"There are no general provisions for granular control of database operations "
"in OpenStack. Access and privileges are granted simply based on whether a "
"node has access to the database or not. In this scenario, nodes with access "
"to the database may have full privileges to DROP, INSERT, or UPDATE "
"functions."
msgstr ""
"Tidak ada ketentuan umum untuk pengendalian operasi database di OpenStack. "
"Akses dan hak istimewa diberikan hanya berdasarkan apakah node memiliki "
"akses ke database atau tidak. Dalam skenario ini, node dengan akses ke "
"database mungkin memiliki hak penuh untuk fungsi DROP, INSERT, atau UPDATE."
msgid ""
"There are several configuration options and deployment strategies that can "
"improve security in the Data processing service. The service controller is "
"configured through a main configuration file and one or more policy files. "
"Installations that are using the data-locality features will also have two "
"additional files to specify the physical location of Compute and Object "
"Storage nodes."
msgstr ""
"Ada beberapa pilihan konfigurasi dan strategi pengerahan yang dapat "
"meningkatkan keamanan dalam layanan pengolahan data. Pengontrol layanan "
"dikonfigurasi melalui file konfigurasi utama dan satu atau beberapa file "
"kebijakan. Instalasi yang menggunakan fitur data-locality juga akan memiliki "
"dua file tambahan untuk menentukan lokasi fisik dari node Compute dan Object "
"Storage."
msgid ""
"There are several methods to mitigate some of the risk associated with live "
"migrations, the following list details some of these:"
msgstr ""
"Ada beberapa metode untuk mengurangi beberapa risiko yang terkait dengan "
"migrasi langsung, beberapa rincian berikut ini:"
msgid ""
"There are several ways to wipe a block storage device. The traditional way "
"is to set the ``lvm_type`` to ``thin``, and then use the ``volume_clear`` "
"parameter if using the LVM backend. Alternatively, if the volume encryption "
"feature is used, then volume wiping is not necessary if the volume "
"encryption key is deleted. See the OpenStack Configuration Reference doc in "
"the `Volume Encryption <https://docs.openstack.org/cinder/latest/"
"configuration/block-storage/volume-encryption.html>`__ section for set up "
"details and also the `Castellan usage <https://docs.openstack.org/castellan/"
"latest/user/index.html>`__ document for key deletion."
msgstr ""
"Ada beberapa cara untuk menghapus perangkat penyimpan blok. Cara tradisional "
"adalah dengan mengatur ``lvm_type`` ke ``thin``, lalu gunakan parameter "
"``volume_clear`` jika menggunakan backend LVM. Sebagai alternatif, jika "
"fitur enkripsi volume digunakan, maka volume wiping tidak diperlukan jika "
"kunci enkripsi volume dihapus. Lihat dokumentasi OpenStack Configuration "
"Reference di bagian `Volume Encryption <https://docs.openstack.org/cinder/"
"latest/configuration/block-storage/volume-encryption.html>` __ untuk "
"mengatur rincian dan juga '`Castellan usage <https://docs.openstack.org/"
"castellan/latest/user/index.html>`__ dokumen untuk penghapusan kunci."
msgid ""
"There are situations where there is a security requirement to assure the "
"confidentiality or integrity of network traffic in an OpenStack deployment. "
"This is generally achieved using cryptographic measures, such as the "
"Transport Layer Security (TLS) protocol."
msgstr ""
"Ada situasi di mana ada persyaratan keamanan untuk memastikan kerahasiaan "
"atau integritas lalu lintas jaringan dalam penerapan OpenStack. Hal ini "
"umumnya dicapai dengan menggunakan ukuran kriptografi, seperti protokol "
"Transport Layer Security (TLS)."
msgid ""
"There are some key sections to the architecture page, which are explained in "
"more detail below:"
msgstr ""
"Ada beberapa bagian kunci pada halaman arsitektur, yang dijelaskan lebih "
"rinci di bawah ini:"
msgid ""
"There are two routes that an OpenStack project may take to complete a "
"security review:"
msgstr ""
"Ada dua rute yang dibutuhkan proyek OpenStack untuk menyelesaikan tinjauan "
"keamanan:"
msgid "There are two types of SOC 1 reports:"
msgstr "Ada dua jenis laporan SOC 1:"
msgid "There are two types of SOC 2 reports:"
msgstr "Ada dua jenis laporan SOC 2:"
msgid ""
"There are two types of plugins: crypto plugins and secret store plugins."
msgstr "Ada dua jenis plugin: plugin kripto dan plugin penyimpanan rahasia."
msgid ""
"There is an OpenStack Security Note pertaining to the `Use of LXC in Compute "
"<https://bugs.launchpad.net/ossn/+bug/1098582>`_."
msgstr ""
"Ada OpenStack Security Note yang berkaitan dengan `Use of LXC in Compute "
"<https://bugs.launchpad.net/ossn/+bug/1098582>`_."
msgid ""
"There is an `OpenStack Security Note (OSSN) regarding keystone.conf "
"permissions <https://bugs.launchpad.net/ossn/+bug/1168252>`__."
msgstr ""
"Ada `OpenStack Security Note (OSSN) regarding keystone.conf permissions "
"<https://bugs.launchpad.net/ossn/+bug/1168252>`__."
msgid ""
"There is an `OpenStack Security Note (OSSN) regarding potential DoS attacks "
"<https://bugs.launchpad.net/ossn/+bug/1155566>`__."
msgstr ""
"Ada `OpenStack Security Note (OSSN) regarding potential DoS attacks <https://"
"bugs.launchpad.net/ossn/+bug/1155566>`__."
msgid ""
"There is currently an effort underway to store these secrets in a Castellan "
"back-end and then have oslo.config use Castellan to retrieve these secrets."
msgstr ""
"Saat ini ada usaha untuk menyimpan rahasia ini di Castellan back-end dan "
"kemudian menggunakan oslo.config menggunakan Castellan untuk mengambil "
"kembali rahasia ini."
msgid ""
"There is no current solution to obfuscate these passwords. It is recommended "
"that these files be appropriately secured by file permissions."
msgstr ""
"Tidak ada solusi saat ini untuk mengaburkan password ini. Disarankan agar "
"file-file ini sesuai dengan hak akses file."
msgid ""
"Therefore, we recommend that clear ownership of virtual machines be "
"assigned, and that those owners be responsible for the hardening, "
"deployment, and continued functionality of the virtual machines. We also "
"recommend that updates be deployed on a regular schedule. These patches "
"should be tested in an environment as closely resembling production as "
"possible to ensure both stability and resolution of the issue behind the "
"patch."
msgstr ""
"Oleh karena itu, kami merekomendasikan agar kepemilikan mesin virtual yang "
"jelas diberikan, dan bahwa pemiliknya bertanggung jawab atas pengerasan, "
"penerapan, dan fungsionalitas lanjutan dari mesin virtual. Kami juga "
"merekomendasikan bahwa pembaruan akan diterapkan pada jadwal reguler. Patch "
"ini harus diuji di lingkungan yang menyerupai produksi semaksimal mungkin "
"untuk memastikan stabilitas dan penyelesaian masalah di balik patch."
msgid ""
"These control mappings will help identify common control criteria across "
"certifications, and provide visibility to both auditors and auditees on "
"problem areas within control sets for particular compliance certifications "
"and attestations."
msgstr ""
"Pemetaan kontrol ini akan membantu mengidentifikasi kriteria kontrol bersama "
"di seluruh sertifikasi, dan memberikan visibilitas kepada auditor dan "
"auditee di area masalah di dalam kumpulan kontrol untuk sertifikasi "
"kepatuhan dan pengesahan tertentu."
msgid ""
"These filters will create an instance based on the utilizations of the "
"hypervisor host sets and can trigger on free or used properties such as RAM, "
"IO, or CPU utilization."
msgstr ""
"Filter ini akan membuat sebuah instance berdasarkan utilisasi dari set host "
"hypervisor dan dapat memicu pada properti bebas atau bekas seperti utilisasi "
"RAM, IO, atau CPU."
msgid "These include:"
msgstr "Ini termasuk:"
msgid ""
"These logs should be reviewed at a regular cadence such as a live view by a "
"network operations center (NOC), or if the environment is not large enough "
"to necessitate a NOC, then logs should undergo a regular log review process."
msgstr ""
"Log ini harus ditinjau ulang pada irama reguler seperti live view oleh "
"network operations center (NOC), atau jika lingkungannya tidak cukup besar "
"untuk memerlukan NOC, maka log harus menjalani proses peninjauan log reguler."
msgid ""
"These policies can be modified or updated by the cloud administrator to "
"control the access to the various resources. Ensure that any changes to the "
"access control policies do not unintentionally weaken the security of any "
"resource. Also note that changes to the ``policy.json`` file become "
"effective immediately and do not require the service to be restarted."
msgstr ""
"Kebijakan ini dapat dimodifikasi atau diperbarui oleh administrator awan "
"untuk mengontrol akses ke berbagai sumber. Pastikan bahwa setiap perubahan "
"pada kebijakan kontrol akses tidak secara tidak sengaja melemahkan keamanan "
"sumber daya apapun. Perhatikan juga bahwa perubahan pada file `policy.json` "
"menjadi efektif dan tidak memerlukan layanan untuk di-restart."
msgid ""
"These security controls are best applied via automated methods. Automation "
"ensures that the controls are applied the same way each time for each system "
"and they also provide a quick method for auditing an existing system. There "
"are multiple options for automation:"
msgstr ""
"Kontrol keamanan ini paling baik diterapkan melalui metode otomatis. Otomasi "
"memastikan bahwa kontrol diterapkan dengan cara yang sama setiap saat untuk "
"setiap sistem dan mereka juga menyediakan metode cepat untuk mengaudit "
"sistem yang ada. Ada beberapa pilihan untuk otomasi:"
msgid ""
"These should be put in place to monitor and report on changes to system, "
"hypervisor, and application configuration files such as ``/etc/pam.d/system-"
"auth`` and ``/etc/keystone/keystone.conf``, as well as kernel modules (such "
"as virtio). Best practice is to use the :command:`lsmod` command to show "
"what is regularly being loaded on a system to help determine what should or "
"should not be included in FIM checks."
msgstr ""
"Ini harus diletakkan di tempat untuk memantau dan melaporkan perubahan pada "
"sistem, hypervisor, dan file konfigurasi aplikasi seperti ``/etc/pam.d/"
"system-auth`` dan ``/etc/keystone/keystone.conf``, serta modul kernel "
"(seperti virtio). Praktik terbaik adalah dengan menggunakan perintah :"
"command:`lsmod` untuk menunjukkan apa yang secara teratur dimasukkan ke "
"sistem untuk membantu menentukan apa yang seharusnya atau tidak boleh "
"disertakan dalam pemeriksaan FIM."
msgid ""
"These technologies comprise the core of the frameworks that are deployed "
"with the Data processing service. In addition to these technologies, the "
"service also includes bundled frameworks provided by third party vendors. "
"These bundled frameworks are built using the same core pieces described "
"above plus configurations and applications that the vendors include. For "
"more information on the third party framework bundles please see the "
"following links:"
msgstr ""
"Teknologi ini terdiri dari inti kerangka kerja yang digunakan dengan layanan "
"pengolahan Data. Selain teknologi ini, layanan ini juga mencakup kerangka "
"kerja yang disediakan oleh vendor pihak ketiga. Kerangka bundel ini dibuat "
"dengan menggunakan potongan inti yang sama seperti yang dijelaskan di atas "
"ditambah konfigurasi dan aplikasi yang disertakan vendor. Untuk informasi "
"lebih lanjut tentang kumpulan kerangka pihak ketiga, silakan lihat link "
"berikut ini:"
msgid ""
"This :term:`Nginx` example requires TLS v1.1 or v1.2 for maximum security. "
"The ``ssl_ciphers`` line can be tweaked based on your needs, however this is "
"a reasonable starting place. The default configuration file is ``/etc/nginx/"
"nginx.conf``."
msgstr ""
"Contoh :term:`Nginx` ini memerlukan TLS v1.1 atau v1.2 untuk keamanan "
"maksimal. Baris ``ssl_ciphers`` dapat di-tweak berdasarkan kebutuhan Anda, "
"namun ini adalah tempat awal yang masuk akal. File konfigurasi defaultnya "
"adalah ``/etc/nginx/nginx.conf``."
msgid ""
"This Book was produced in a 5 day book sprint. A book sprint is an intensely "
"collaborative, facilitated process which brings together a group to produce "
"a book in 3-5 days. It is a strongly facilitated process with a specific "
"methodology founded and developed by Adam Hyde. For more information visit "
"the book sprint web page at `BookSprints <http://www.booksprints.net>`__."
msgstr ""
"Buku ini diproduksi dalam sprint buku 5 hari. Sprint buku adalah proses yang "
"sangat kolaboratif dan difasilitasi yang menyatukan kelompok untuk "
"menghasilkan buku dalam 3-5 hari. Ini adalah proses yang sangat difasilitasi "
"dengan metodologi khusus yang didirikan dan dikembangkan oleh Adam Hyde. "
"Untuk informasi lebih lanjut, kunjungi halaman web sprint buku di "
"`BookSprints <http://www.booksprints.net>`__."
msgid ""
"This Pound example enables ``AES-NI`` acceleration, which helps to improve "
"performance on systems with processors that support this feature. The "
"default configuration file is ``/etc/pound/pound.cfg`` on Ubuntu, ``/etc/"
"pound.cfg`` on RHEL, CentOS, openSUSE, and SUSE Linux Enterprise."
msgstr ""
"Contoh Pound ini memungkinkan akselerasi ``AES-NI``, yang membantu "
"meningkatkan kinerja pada sistem dengan prosesor yang mendukung fitur ini. "
"File konfigurasi defaultnya adalah ``/etc/pound/pound.cfg`` di Ubuntu, ``/"
"etc/pound.cfg`` di RHEL, CentOS, openSUSE, dan SUSE Linux Enterprise."
msgid ""
"This abstraction offers the advantage of restricting services to executing "
"methods with parameters, similar to stored procedures, preventing a large "
"number of systems from directly accessing or modifying database data. This "
"is accomplished without having these procedures stored or executed within "
"the context or scope of the database itself, a frequent criticism of typical "
"stored procedures."
msgstr ""
"Abstraksi ini menawarkan keuntungan untuk membatasi layanan terhadap metode "
"eksekusi dengan parameter, mirip dengan prosedur tersimpan, mencegah "
"sejumlah besar sistem untuk mengakses atau memodifikasi data database secara "
"langsung. Hal ini dilakukan tanpa prosedur yang tersimpan atau dijalankan "
"dalam konteks atau ruang lingkup database itu sendiri, sering mengkritik "
"prosedur tersimpan yang umum."
msgid ""
"This book provides best practices and conceptual information about securing "
"an OpenStack cloud."
msgstr ""
"Buku ini memberikan praktik terbaik dan informasi konseptual tentang "
"mengamankan awan OpenStack."
msgid ""
"This chapter covers issues related to network communications to and from the "
"database server. This includes IP address bindings and encrypting network "
"traffic with TLS."
msgstr ""
"Bab ini membahas isu-isu yang berkaitan dengan komunikasi jaringan ke dan "
"dari server database. Ini termasuk binding alamat IP dan mengenkripsi lalu "
"lintas jaringan dengan TLS."
msgid "This chapter has several objectives:"
msgstr "Bab ini memiliki beberapa tujuan:"
msgid ""
"This chapter recommends security enhancements for both public and private-"
"facing API endpoints."
msgstr ""
"Bab ini merekomendasikan penyempurnaan keamanan untuk API endpoint publik "
"dan private-facing API ."
msgid ""
"This chapter will review several features around configuring TLS to secure "
"both internal and external resources, and will call out specific categories "
"of systems that should be given specific attention."
msgstr ""
"Bab ini akan meninjau beberapa fitur seputar konfigurasi TLS untuk "
"mengamankan sumber daya internal dan eksternal, dan akan memanggil kategori "
"spesifik sistem yang harus diberi perhatian khusus."
msgid ""
"This configuration can only be enabled while defining the node group "
"templates that will make up the data processing clusters. It is provided as "
"a run time option to be enabled during the cluster provisioning process."
msgstr ""
"Konfigurasi ini hanya dapat diaktifkan saat menentukan template grup simpul "
"yang akan membentuk cluster pengolahan data. Ini disediakan sebagai opsi run "
"time untuk diaktifkan selama proses pembuatan klaster."
msgid ""
"This delegates instance creation based on the image used, such as the "
"operating system of the VM or type of image used."
msgstr ""
"Hal ini mendelegasikan pembuatan instance berdasarkan image yang digunakan, "
"seperti sistem operasi VM atau jenis image yang digunakan."
msgid ""
"This does introduce new challenges around protecting that identity. However, "
"this is a worthwhile tradeoff given the greater control, and fewer "
"credential databases that come with a centralized common identity store."
msgstr ""
"Ini mengenalkan tantangan baru seputar melindungi identitas itu. Namun, ini "
"adalah tradeoff yang berharga mengingat kontrol yang lebih besar, dan lebih "
"sedikit database kredensial yang hadir dengan identity store umum terpusat."
msgid "This domain should always be considered *untrusted*."
msgstr "Domain ini harus selalu dianggap *untrusted *."
msgid ""
"This ensures that placement of both code and data regions will be "
"randomized. Enabled by the kernel (all modern Linux kernels support ASLR), "
"when the executable is built with PIE."
msgstr ""
"Ini memastikan penempatan kedua kode dan data daerah akan diacak. Diaktifkan "
"oleh kernel (semua kernel Linux modern mendukung ASLR), saat eksekusi "
"dilakukan dengan PIE."
msgid "This example shows the barbican architecture diagram:"
msgstr "Contoh ini menunjukkan diagram arsitektur barbican:"
msgid "This example shows the sVirt category identifier:"
msgstr "Contoh ini menunjukkan pengenal kategori sVirt:"
msgid ""
"This field sets the cipher and mode used to encrypt ephemeral storage. AES-"
"XTS is recommended by NIST_ specifically for disk storage, and the name is "
"shorthand for AES encryption using the XTS encryption mode. Available "
"ciphers depend on kernel support. At the command line, type 'cryptsetup "
"benchmark' to determine the available options (and see benchmark results), "
"or go to */proc/crypto*"
msgstr ""
"Bidang ini mengatur cipher dan mode yang digunakan untuk mengenkripsi "
"penyimpanan singkat. AES-XTS direkomendasikan oleh NIST_ khusus untuk "
"penyimpanan disk, dan namanya adalah singkatan untuk enkripsi AES "
"menggunakan mode enkripsi XTS. Tersedia ciphers yang bergantung pada "
"dukungan kernel. Pada baris perintah, ketik 'benchmark cryptsetup' untuk "
"menentukan pilihan yang tersedia (dan lihat hasil benchmark), atau masuk ke "
"*/proc/crypto*"
msgid ""
"This filter will create an instance based on external details such as in a "
"specific IP range, across availability zones, or on the same host as another "
"instance."
msgstr ""
"Filter ini akan membuat sebuah instance berdasarkan rincian eksternal "
"seperti pada kisaran IP tertentu, di seluruh zona ketersediaan, atau pada "
"host yang sama seperti instance lainnya."
msgid ""
"This filter will delegate instance creation based on user or administrator "
"provided criteria such as trusts or metadata parsing."
msgstr ""
"Filter ini akan mendelegasikan pembuatan instance berdasarkan kriteria yang "
"diberikan pengguna atau administrator seperti penguraian atau parsing "
"metadata."
msgid ""
"This guide augments the `OpenStack Operations Guide <https://docs.openstack."
"org/ops/>`__ and can be referenced to harden existing OpenStack deployments "
"or to evaluate the security controls of OpenStack cloud providers."
msgstr ""
"Panduan ini menambah `OpenStack Operations Guide <https://docs.openstack.org/"
"ops/>`__ dan dapat dirujuk untuk mengeras pemasangan OpenStack yang ada atau "
"untuk mengevaluasi kontrol keamanan penyedia awan OpenStack."
msgid ""
"This guide focuses on a standard architecture that includes a *cloud "
"controller* host, a *network* host, and a set of *compute* hypervisors for "
"running VMs."
msgstr ""
"Panduan ini berfokus pada arsitektur standar yang mencakup host *cloud "
"controller* , host *network*, dan satu set *compute* hypervisor untuk "
"menjalankan VM."
msgid "This guide is intended as advice only."
msgstr "Panduan ini dimaksudkan sebagai saran saja."
msgid ""
"This guide provides security insight into :term:`OpenStack` deployments. The "
"intended audience is cloud architects, deployers, and administrators. In "
"addition, cloud users will find the guide both educational and helpful in "
"provider selection, while auditors will find it useful as a reference "
"document to support their compliance certification efforts. This guide is "
"also recommended for anyone interested in cloud security."
msgstr ""
"Panduan ini memberikan wawasan keamanan dalam :term: `OpenStack` "
"deployments. Penonton yang dimaksud adalah arsitek awan, penginstal, dan "
"administrator. Selain itu, pengguna awan akan menemukan panduan ini baik "
"untuk pendidikan maupun dalam pemilihan penyedia layanan, sementara auditor "
"akan merasa berguna sebagai dokumen referensi untuk mendukung upaya "
"sertifikasi kepatuhan mereka. Panduan ini juga direkomendasikan bagi siapa "
"saja yang berminat pada keamanan awan."
msgid ""
"This guide was last updated as of the Pike release, documenting the "
"OpenStack Pike, Ocata, and Newton releases. It may not apply to EOL releases "
"Mitaka, Kilo and Liberty."
msgstr ""
"Panduan ini terakhir diperbarui pada rilis Pike, mendokumentasikan rilis "
"OpenStack Pike, Ocata, dan Newton. Ini mungkin tidak berlaku untuk rilis EOL "
"Mitaka, Kilo dan Liberty."
msgid ""
"This instance follows a standard SAML2 authentication procedure, that is, "
"the user will be redirected to the Identity Providers authentication "
"webpage and be prompted for credentials. After successfully authenticating "
"the user will be redirected to the Service Providers endpoint. If using a "
"web browser, a token will be returned in XML format. As an alternative to "
"using a web browser, you can use Enhanced Client or Proxy (ECP), which is "
"available in the ``keystoneclient`` in the Identity service API."
msgstr ""
"Instance ini mengikuti prosedur otentikasi SAML2 standar, yaitu pengguna "
"akan diarahkan ke halaman web otentikasi Identity Provider dan diminta "
"meminta kredensial. Setelah berhasil mengautentikasi pengguna akan dialihkan "
"ke endpoint Service Provider. Jika menggunakan browser web, token akan "
"dikembalikan dalam format XML. Sebagai alternatif untuk menggunakan browser "
"web, Anda dapat menggunakan Enhanced Client atau Proxy (ECP), yang tersedia "
"di ``keystoneclient`` di API layanan Identity."
msgid "This is recorded in the following format:"
msgstr "Ini dicatat dalam format berikut:"
msgid ""
"This is the formal audit process. Auditors will test security controls in "
"scope for a specific certification, and demand evidentiary requirements to "
"prove that these controls were also in place for the audit window (for "
"example SOC 2 audits generally evaluate security controls over a 6-12 months "
"period). Any control failures are logged, and will be documented in the "
"external auditors final report. Dependent on the type of OpenStack "
"deployment, these reports may be viewed by customers, so it is important to "
"avoid control failures. This is why audit preparation is so important."
msgstr ""
"Ini adalah proses audit formal. Auditor akan menguji sekuriti keamanan dalam "
"lingkup sertifikasi tertentu, dan menuntut persyaratan pembuktian untuk "
"membuktikan bahwa kontrol ini juga diterapkan untuk audit windowt (misalnya "
"audit SOC 2 pada umumnya mengevaluasi kontrol keamanan selama periode 6-12 "
"bulan). Setiap kegagalan kontrol dicatat, dan akan didokumentasikan dalam "
"laporan akhir auditor eksternal. Bergantung pada jenis penyebaran OpenStack, "
"laporan ini dapat dilihat oleh pelanggan, jadi penting untuk menghindari "
"kegagalan pengendalian. Inilah sebabnya mengapa persiapan audit sangat "
"penting."
msgid ""
"This is very similar to the :ref:`secure-communication-proxy-in-front` but "
"the SSL/TLS proxy is on the same physical system as the API endpoint. The "
"API endpoint would be configured to only listen on the local network "
"interface. All remote communication with the API endpoint would go through "
"the SSL/TLS proxy. With this deployment model, we address a number of the "
"bullet points in :ref:`secure-communication-proxy-in-front` A proven SSL "
"implementation that performs well would be used. The same SSL proxy software "
"would be used for all services, so SSL configuration for the API endpoints "
"would be consistent. The OpenStack service processes would not have direct "
"access to the private keys used for SSL/TLS, as you would run the SSL "
"proxies as a different user and restrict access using permissions (and "
"additionally mandatory access controls using something like SELinux). We "
"would ideally have the API endpoints listen on a Unix socket such that we "
"could restrict access to it using permissions and mandatory access controls "
"as well. Unfortunately, this does not seem to work currently in Eventlet "
"from our testing. It is a good future development goal."
msgstr ""
"Ini sangat mirip dengan :ref: `secure-communication-proxy-in-front` tapi "
"proxy SSL/TLS berada pada sistem fisik yang sama dengan endpoint API. "
"Endpoint API akan dikonfigurasi untuk hanya mendengarkan pada antarmuka "
"jaringan lokal. Semua komunikasi jarak jauh dengan endpoint API akan melalui "
"proxy SSL/TLS. Dengan model penyebaran ini, kami menangani sejumlah butir "
"di :ref: `secure-communication-proxy-in-front` Implementasi SSL yang telah "
"teruji yang berkinerja baik akan digunakan. Perangkat lunak proxy SSL yang "
"sama akan digunakan untuk semua layanan, jadi konfigurasi SSL untuk endpoint "
"API akan konsisten. Proses layanan OpenStack tidak akan memiliki akses "
"langsung ke kunci privat yang digunakan untuk SSL/TLS, karena Anda akan "
"menjalankan proxy SSL sebagai pengguna yang berbeda dan membatasi akses "
"menggunakan izin (dan juga kontrol akses wajib menggunakan sesuatu seperti "
"SELinux). Kami idealnya memiliki endpoint API mendengarkan di soket Unix "
"sehingga kami dapat membatasi akses ke sana menggunakan izin dan kontrol "
"akses wajib juga. Sayangnya, sepertinya ini tidak bekerja saat ini di "
"Eventlet dari pengujian kami. Ini adalah tujuan pembangunan masa depan yang "
"baik."
msgid ""
"This necessitates that the proxy nodes have dual interfaces (physical or "
"virtual):"
msgstr ""
"Ini mengharuskan bahwa node proxy memiliki dua antarmuka (fisik atau "
"virtual):"
msgid "This option was introduced in Kilo release."
msgstr "Pilihan ini diperkenalkan dalam rilis Kilo."
msgid ""
"This path is Ubuntu-specific. For other distributions, replace with "
"appropriate path."
msgstr ""
"Path ini adalah Ubuntu-specific. Untuk distro lain, ganti dengan jalur yang "
"sesuai."
msgid "This process is broken apart into three primary categories:"
msgstr "Proses ini dipecah menjadi tiga kategori utama:"
msgid ""
"This recommendation provides insulation from brute force, social "
"engineering, and both spear and mass phishing attacks that may compromise "
"administrator passwords."
msgstr ""
"Rekomendasi ini memberikan isolasi dari kekerasan (brute force), rekayasa "
"sosial, dan serangan tusukan (spear) dan massa phishing yang dapat "
"membahayakan passwords administrator."
msgid ""
"This refers to 'Hacktivist' type organizations who are not typically "
"commercially funded but can pose a serious threat to service providers and "
"cloud operators."
msgstr ""
"Ini mengacu pada jenis organisasi 'Hacktivist' yang biasanya tidak didanai "
"secara komersial namun dapat menimbulkan ancaman serius bagi penyedia "
"layanan dan operator awan."
msgid ""
"This restricts only root to be able to modify configuration files while "
"allowing the services to read them through their group membership in the "
"``swift`` group."
msgstr ""
"Ini membatasi hanya root untuk dapat memodifikasi file konfigurasi sambil "
"membiarkan layanan membacanya melalui keanggotaan grup mereka di grup "
"``swift`` ."
msgid ""
"This section discusses OpenStack Networking configuration best practices as "
"they apply to project network security within your OpenStack deployment."
msgstr ""
"Bagian ini membahas praktik terbaik konfigurasi OpenStack Networking saat "
"mereka menerapkan keamanan jaringan proyek di dalam penyebaran OpenStack "
"Anda."
msgid ""
"This section discusses security hardening approaches for the three most "
"common message queuing solutions used in OpenStack: RabbitMQ, Qpid, and "
"ZeroMQ."
msgstr ""
"Bagian ini membahas pendekatan pengerasan keamanan untuk tiga solusi antrian "
"pesan paling umum yang digunakan di OpenStack: RabbitMQ, Qpid, dan ZeroMQ."
msgid ""
"This section is a high-level overview of what processes and best practices "
"should be considered when implementing OpenStack Networking."
msgstr ""
"Bagian ini adalah gambaran umum tingkat tinggi tentang proses dan praktik "
"terbaik yang harus dipertimbangkan saat mengimplementasikan OpenStack "
"Networking."
msgid ""
"This section titles the architecture page, gives the status of the review "
"(draft, ready for review, reviewed) and captures the release and version of "
"the project (where relevant). It also records the PTL for the project, the "
"project's architect who is responsible for producing the architecture page, "
"diagrams and working through the review (this may or may not be the PTL), "
"and the security reviewer(s)."
msgstr ""
"Bagian ini berisi judul halaman arsitektur, memberikan status tinjauan "
"(draft, siap untuk diperiksa, ditinjau) dan menangkap rilis dan versi proyek "
"(jika relevan). Ini juga mencatat proyek PTL untuk proyek ini, arsitek "
"proyek yang bertanggung jawab untuk memproduksi halaman arsitektur, diagram "
"dan mengerjakan tinjauan (ini mungkin atau mungkin bukan PTL), dan reviewer "
"keamanan."
msgid ""
"This section will contain a brief description of the project to introduce "
"third parties to the service. This should be a paragraph or two and can be "
"cut/paste from wiki or other documentation. Include links to relevant "
"presentations and further documentation if available."
msgstr ""
"Bagian ini akan berisi deskripsi singkat tentang proyek untuk memperkenalkan "
"pihak ketiga ke layanan ini. Ini harus satu paragraf atau dua dan bisa cut/"
"paste dari wiki atau dokumentasi lainnya. Sertakan tautan ke presentasi yang "
"relevan dan dokumentasi lebih lanjut jika tersedia."
msgid ""
"This service is responsible for managing data operations which may take a "
"long time to complete and block other services if not handled separately."
msgstr ""
"Layanan ini bertanggung jawab untuk mengelola operasi data yang memerlukan "
"waktu lama untuk menyelesaikan dan memblokir layanan lain jika tidak "
"ditangani secara terpisah."
msgid ""
"This service runs on the network node to service the Networking API and its "
"extensions. It also enforces the network model and IP addressing of each "
"port. The neutron-server requires indirect access to a persistent database. "
"This is accomplished through plugins, which communicate with the database "
"using AMQP (Advanced Message Queuing Protocol)."
msgstr ""
"Layanan ini berjalan pada node jaringan untuk melayani Networking API dan "
"ekstensi-nya. Ini juga memberlakukan model jaringan dan pengalamatan IP "
"masing-masing port. Server neutron membutuhkan akses tidak langsung ke "
"database yang persisten. Hal ini dilakukan melalui plugin, yang "
"berkomunikasi dengan database menggunakan AMQP (Advanced Message Queuing "
"Protocol)."
msgid ""
"This table illustrates a generic approach to measuring the impact of a "
"vulnerability based on where it occurs in your deployment and the effect. "
"For example, a single level privilege escalation on a Compute API node "
"potentially allows a standard user of the API to escalate to have the same "
"privileges as the root user on the node."
msgstr ""
"Tabel ini menggambarkan pendekatan generik untuk mengukur dampak kerentanan "
"berdasarkan pada mana hal itu terjadi dalam penerapan dan pengaruhnya. "
"Sebagai contoh, eskalasi hak istimewa tingkat tunggal pada node Compute API "
"berpotensi memungkinkan pengguna standar API meningkat untuk memiliki hak "
"istimewa yang sama seperti pengguna root di node."
msgid ""
"This value should be initially set with a cryptographically secure random "
"number generator and consistent across all nodes. Ensure that it is "
"protected with proper ACLs and that you have a backup copy to avoid data "
"loss."
msgstr ""
"Nilai ini pada awalnya harus ditetapkan dengan generator bilangan acak yang "
"aman secara kriptografi dan konsisten di semua simpul. Pastikan itu "
"dilindungi dengan ACL yang benar dan Anda memiliki salinan cadangan untuk "
"menghindari kehilangan data."
msgid ""
"Those deploying MySQL or PostgreSQL are advised to refer to existing "
"security guidance. Some references are listed below:"
msgstr ""
"Mereka yang menggunakan MySQL atau PostgreSQL disarankan untuk merujuk pada "
"panduan keamanan yang ada. Beberapa referensi tercantum di bawah ini:"
msgid ""
"Those drivers that support the CIFS shared file system protocol in most "
"cases can be configured to use Active Directory and manage access through "
"the user authentication."
msgstr ""
"Driver yang mendukung protokol sistem berkas bersama CIFS dalam banyak kasus "
"dapat dikonfigurasi untuk menggunakan Active Directory dan mengelola akses "
"melalui otentikasi pengguna."
msgid "Threat actors"
msgstr "Aktor ancaman"
msgid "Threat analysis"
msgstr "Analisis ancaman"
msgid "Threat classification, actors and attack vectors"
msgstr "Klasifikasi ancaman, aktor dan vektor serangan"
msgid ""
"Throughout the book, we refer to several types of OpenStack cloud users: :"
"term:`administrator`, :term:`operator`, and :term:`user`. We use these terms "
"to identify the level of security access each role has, although, in "
"reality, we understand that varying roles are often held by the same "
"individual."
msgstr ""
"Sepanjang buku ini, kami mengacu pada beberapa jenis pengguna awan "
"OpenStack: :term:`administrator`, :term:`operator`, dan :term:`user`.Kami "
"menggunakan istilah ini untuk mengidentifikasi tingkat akses keamanan yang "
"dimiliki masing-masing peran, walaupun, pada kenyataannya, kami memahami "
"bahwa berbagai peran seringkali dipegang oleh individu yang sama."
msgid ""
"Thus now users in demo tenant can see the private share type and use it in "
"the share creation:"
msgstr ""
"Jadi sekarang pengguna di penyewa demo dapat melihat jenis share pribadi dan "
"menggunakannya dalam pembuatan share:"
msgid ""
"Thus, as an administrator, you can configure a back end to use specific "
"authentication service via network and it will store users. The "
"authentication service can operate with clients without the Shared File "
"System and the Identity service."
msgstr ""
"Dengan demikian, sebagai administrator, Anda dapat mengkonfigurasi back end "
"untuk menggunakan layanan otentikasi tertentu melalui jaringan dan akan "
"menyimpan pengguna. Layanan otentikasi dapat beroperasi dengan klien tanpa "
"Shared File System dan layanan Identity."
msgid ""
"Thus, it is required to create the necessary Identity service groups that "
"correspond to the Identity Providers groups; additionally, these groups "
"should be assigned roles on one or more projects or domains. For example, "
"groups here refers to the Identity service groups that should be created so "
"that when mapping from the SAML attribute ``Employees``, you can map it to a "
"Identity service group ``devs``."
msgstr ""
"Dengan demikian, diperlukan untuk menciptakan kelompok layanan Identity yang "
"diperlukan yang sesuai dengan kelompok Identity Provider; Selain itu, "
"kelompok ini harus diberi peran dalam satu atau lebih proyek atau domain. "
"Misalnya, kelompok di sini mengacu pada kelompok layanan Identity yang harus "
"dibuat sehingga ketika pemetaan dari atribut SAML ``Employees``, Anda dapat "
"memetakannya ke grup ``devs`` layanan Identity ."
msgid "Timeliness and availability of updates"
msgstr "Ketepatan waktu dan ketersediaan update"
msgid "Title, version information, contact details"
msgstr "Judul, informasi versi, rincian kontak"
msgid ""
"To address the often mentioned concern of tenant data privacy and limiting "
"cloud provider liability, there is greater interest within the OpenStack "
"community to make data encryption more ubiquitous. It is relatively easy for "
"an end-user to encrypt their data prior to saving it to the cloud, and this "
"is a viable path for tenant objects such as media files, database archives "
"among others. In some instances, client-side encryption is utilized to "
"encrypt data held by the virtualization technologies which requires client "
"interaction, such as presenting keys, to decrypt data for future use. To "
"seamlessly secure the data and have it accessible without burdening the "
"client with having to manage their keys and interactively provide them calls "
"for a key management service within OpenStack. Providing encryption and key "
"management services as part of OpenStack eases data-at-rest security "
"adoption and addresses customer concerns about privacy or misuse of data, "
"while also limiting cloud provider liability. This can help reduce a "
"provider's liability when handling tenant data during an incident "
"investigation in multi-tenant public clouds."
msgstr ""
"Untuk mengatasi kekhawatiran privasi data penyewa yang sering disebutkan dan "
"membatasi tanggung jawab penyedia cloud, ada ketertarikan yang lebih besar "
"dalam komunitas OpenStack untuk membuat enkripsi data lebih banyak terjadi "
"di mana-mana. Adalah relatif mudah bagi end-user untuk mengenkripsi data "
"mereka sebelum menyimpannya ke awan, dan ini adalah jalur yang layak untuk "
"objek penyewa seperti file media, arsip database, dan lain-lain. Dalam "
"beberapa instance, enkripsi sisi klien digunakan untuk mengenkripsi data "
"yang dimiliki oleh teknologi virtualisasi yang memerlukan interaksi klien, "
"seperti menghadirkan kunci, untuk mendekripsi data untuk penggunaan masa "
"depan. Untuk mengamankan data secara mulus dan memilikinya dapat diakses "
"tanpa membebani klien karena harus mengelola kunci mereka dan secara "
"interaktif memberi mereka panggilan untuk layanan manajemen kunci di dalam "
"OpenStack. Menyediakan layanan pengelolaan enkripsi dan kunci sebagai bagian "
"dari OpenStack memudahkan adopsi keamanan data dan atasi penggunaan dan "
"menanggapi kekhawatiran pelanggan tentang privasi atau penyalahgunaan data, "
"sekaligus juga membatasi tanggung jawab penyedia cloud. Ini dapat membantu "
"mengurangi tanggung jawab penyedia saat menangani data penyewa selama "
"penyelidikan insiden di awan publik multi-penyewa."
msgid ""
"To aid OpenStack architects in the protection of personal data, we recommend "
"OpenStack architects review the NIST publication 800-122, titled \"*Guide to "
"Protecting the Confidentiality of Personally Identifiable Information (PII)*."
"\" This guide steps through the process of protecting:"
msgstr ""
"Untuk membantu arsitek OpenStack dalam melindungi data pribadi, kami "
"merekomendasikan arsitek OpenStack meninjau publikasi NIST 800-122, yang "
"berjudul \"*Guide to Protecting the Confidentiality of Personally "
"Identifiable Information (PII)*.\" Panduan ini melangkah melalui proses "
"perlindungan:"
msgid ""
"To deny access for a specified project, use :command:`manila type-access-"
"remove <share_type> <project_id>` command."
msgstr ""
"Untuk menolak akses untuk proyek tertentu, gunakan perintah :command:`manila "
"type-access-remove <share_type> <project_id>` ."
msgid ""
"To disable the nova-conductor, place the following into your ``nova.conf`` "
"file (on your compute hosts):"
msgstr ""
"Untuk menonaktifkan nova-conductor, tempatkan hal berikut ke file ``nova."
"conf`` Anda (pada host komputasi Anda):"
msgid ""
"To ease the administrative burden of managing SELinux, many enterprise Linux "
"platforms utilize SELinux Booleans to quickly change the security posture of "
"sVirt."
msgstr ""
"Untuk memudahkan beban administrasi pengelolaan SELinux, banyak platform "
"perusahaan Linux memanfaatkan SELinux Boolean untuk segera mengubah postur "
"keamanan dari sVirt."
msgid "To enable Federation, perform the following steps:"
msgstr "Untuk mengaktifkan Federasi, lakukan langkah-langkah berikut:"
msgid "To enable memcached, execute the following:"
msgstr "Untuk mengaktifkan memcached, jalankan perintah berikut:"
msgid ""
"To enforce policies, you can configure services, host-based firewalls (such "
"as iptables), local policy (SELinux or AppArmor), and optionally global "
"network policy."
msgstr ""
"Untuk menerapkan kebijakan, Anda dapat mengonfigurasi layanan, firewall "
"berbasis host (seperti iptables), kebijakan lokal (SELinux atau AppArmor), "
"dan kebijakan jaringan global pilihan."
msgid ""
"To isolate sensitive data communication between the OpenStack Networking "
"services and other OpenStack core services, configure these communication "
"channels to only allow communication over an isolated management network."
msgstr ""
"Untuk mengisolasi komunikasi data sensitif antara layanan OpenStack "
"Networking dan layanan inti OpenStack lainnya, konfigurasikan saluran "
"komunikasi ini hanya untuk mengizinkan komunikasi melalui jaringan manajemen "
"yang terisolasi."
msgid ""
"To isolate sensitive database communications between the services and the "
"database, we strongly recommend that the database server(s) be configured to "
"only allow communications to and from the database over an isolated "
"management network. This is achieved by restricting the interface or IP "
"address on which the database server binds a network socket for incoming "
"client connections."
msgstr ""
"Untuk mengisolasi komunikasi basis data sensitif antara layanan dan "
"database, kami sangat menyarankan agar server database dikonfigurasi agar "
"hanya mengizinkan komunikasi ke dan dari database melalui jaringan manajemen "
"yang terisolasi. Hal ini dicapai dengan membatasi antarmuka atau alamat IP "
"yang digunakan server database untuk mengikat soket jaringan untuk koneksi "
"klien yang masuk."
msgid ""
"To provide a community driven facility for knowledge capture and "
"dissemination"
msgstr ""
"Menyediakan fasilitas berbasis komunitas untuk menangkap dan menyebarkan "
"pengetahuan"
msgid ""
"To provide access to Docker Swarm or Kubernetes using the native clients "
"(``docker`` or ``kubectl`` respectively) magnum uses TLS certificates. To "
"store the certificates, it is recommended to use Barbican , or the Magnum "
"Database (``x590keypair``)."
msgstr ""
"Untuk menyediakan akses ke Docker Swarm atau Kubernetes menggunakan klien "
"asli (``docker`` atau ``kubectl`` masing-masing) magnum menggunakan "
"sertifikat TLS. Untuk menyimpan sertifikat, disarankan untuk menggunakan "
"Barbican, atau Database Magnum (``x590keypair``)."
msgid ""
"To reduce security risks from orphan instances on a user, tenant, or domain "
"deletion in the Identity service there is discussion to generate "
"notifications in the system and have OpenStack components respond to these "
"events as appropriate such as terminating instances, disconnecting attached "
"volumes, reclaiming CPU and storage resources and so on."
msgstr ""
"Untuk mengurangi risiko keamanan dari instance tanpa induk (orphan) pada "
"pengguna, penyewa, atau penghapusan domain di layanan Identity, ada diskusi "
"untuk menghasilkan pemberitahuan di sistem dan apakah komponen OpenStack "
"merespons kejadian ini jika sesuai, misalnya menghentikan instance, "
"melepaskan volume terikat, reklamasi CPU dan sumber daya penyimpanan dan "
"sebagainya."
msgid "To register an internal URL for an endpoint:"
msgstr "Untuk mendaftarkan URL internal untuk endpoint:"
msgid ""
"To restrict the interface or IP address on which the OpenStack Networking "
"API service binds a network socket for incoming client connections, specify "
"the bind\\_host and bind\\_port in the neutron.conf file as shown:"
msgstr ""
"Untuk membatasi antarmuka atau alamat IP di mana layanan OpenStack "
"Networking API mengikat soket jaringan untuk koneksi klien yang masuk, "
"tentukan bind\\_host dan bind\\_port di file neutron.conf seperti yang "
"ditunjukkan:"
msgid ""
"To secure OpenStack Networking, you must understand how the workflow process "
"for tenant instance creation needs to be mapped to security domains."
msgstr ""
"Untuk mengamankan OpenStack Networking, Anda harus memahami bagaimana proses "
"alur kerja untuk pembuatan instance penyewa perlu dipetakan ke domain "
"keamanan."
msgid ""
"To start Federated authentication a user must access the dedicated URL with "
"Identity Providers and Protocols identifiers stored within a protected "
"URL. The URL has a format of: ``/v3/OS-FEDERATION/identity_providers/"
"{identity_provider}/protocols/{protocol}/auth``."
msgstr ""
"Untuk memulai otentikasi Federated, pengguna harus mengakses URL khusus "
"dengan Identity Provider dan pengenal Protokol yang tersimpan dalam URL yang "
"dilindungi.URL memiliki format: ``/v3/OS-FEDERATION/identity_providers/"
"{identity_provider}/protocols/{protocol}/auth``."
msgid ""
"To the cloud administrator, the API provides an overall view of the size and "
"state of the cloud deployment and allows the creation of users, tenants/"
"projects, assigning users to tenants/projects, and specifying resource "
"quotas on a per tenant/project basis."
msgstr ""
"Untuk administrator awan, API menyediakan keseluruhan tampilan ukuran dan "
"keadaan penyebaran awan dan memungkinkan pembuatan pengguna, penyewa / "
"proyek, menugaskan pengguna ke penyewa / proyek, dan menentukan kuota sumber "
"daya berdasarkan per penyewa / proyek."
msgid "To use ephemeral disk encryption, set **option**: 'enabled = true'"
msgstr ""
"Untuk menggunakan enkripsi disk fana, setel **option**: 'enabled = true'"
msgid ""
"To utilize Federation, create the following in the Identity service: "
"Identity Provider, Mapping, Protocol."
msgstr ""
"Untuk memanfaatkan Federation, buatlah hal berikut dalam layanan Identity: "
"Identity Provider, Mapping, Protocol."
msgid ""
"To verify further, perform these steps after completing the volume "
"encryption setup and creating the volume-type for LUKS as described in the "
"documentation referenced above."
msgstr ""
"Untuk memverifikasi lebih lanjut, lakukan langkah-langkah ini setelah "
"menyelesaikan penyiapan enkripsi volume dan buat tipe volume untuk LUKS "
"seperti yang dijelaskan dalam dokumentasi yang disebutkan di atas."
msgid ""
"To verify that access rules (ACL) were configured correctly for a share, you "
"can list its permissions."
msgstr ""
"Untuk memverifikasi bahwa aturan akses (ACL) telah dikonfigurasi dengan "
"benar untuk sebuah share, Anda dapat mendaftarkan perizinannya."
msgid "Tokens"
msgstr "Tokens"
msgid ""
"Too much time is spent administering identities in various service providers."
msgstr ""
"Terlalu banyak waktu yang dihabiskan untuk mengelola identitas di berbagai "
"provider layanan."
msgid "Track, document and verify media sanitization and disposal actions."
msgstr ""
"Melacak, mendokumentasikan dan memverifikasi tindakan sanitasi dan "
"pembuangan media."
msgid ""
"Traditionally, memory de-duplication systems are vulnerable to side channel "
"attacks. Both KSM and TPS have demonstrated to be vulnerable to some form of "
"attack. In academic studies, attackers were able to identify software "
"packages and versions running on neighboring virtual machines as well as "
"software downloads and other sensitive information through analyzing memory "
"access times on the attacker VM."
msgstr ""
"Secara tradisional, sistem de-duplication memori rentan terhadap serangan "
"saluran samping. KSM dan TPS telah menunjukkan rentan terhadap beberapa "
"bentuk serangan. Dalam studi akademis, penyerang dapat mengidentifikasi "
"paket dan versi perangkat lunak yang berjalan pada mesin virtual tetangga "
"serta unduhan perangkat lunak dan informasi sensitif lainnya melalui "
"analisis waktu akses memori pada VM penyerang."
msgid "Traffic inspection needs for load balancing."
msgstr "Inspeksi lalu lintas membutuhkan load balancing."
msgid "Transfer memory"
msgstr "Transfer memori"
msgid "Transfer state"
msgstr "Transfer status"
msgid ""
"Transport Layer Security (TLS) provides authentication between services and "
"persons using X.509 certificates. Although the default mode for TLS is "
"server-side only authentication, certificates may also be used for client "
"authentication."
msgstr ""
"Transport Layer Security (TLS) menyediakan otentikasi antara layanan dan "
"orang-orang yang menggunakan sertifikat X.509. Meskipun mode default untuk "
"TLS hanya otentikasi sisi server, sertifikat juga dapat digunakan untuk "
"otentikasi klien."
msgid "Triage"
msgstr "Triage"
msgid ""
"Trust Services are a set of professional attestation and advisory services "
"based on a core set of principles and criteria that address the risks and "
"opportunities of IT-enabled systems and privacy programs. Commonly known as "
"the SOC audits, the principles define what the requirement is and it is the "
"organizations responsibility to define the control that meets the "
"requirement."
msgstr ""
"Trust Services adalah satu set pengesahan profesional dan layanan konsultasi "
"berdasarkan seperangkat prinsip dan kriteria inti yang membahas risiko dan "
"peluang sistem dan program perlindungan TI. Biasanya dikenal sebagai audit "
"SOC, prinsip-prinsip tersebut menentukan apa persyaratannya dan tanggung "
"jawab organisasi untuk menentukan kontrol yang memenuhi persyaratan."
msgid "Trusted images"
msgstr "Images tepercaya"
msgid ""
"Trusted processes for managing the life cycle of disk images are required, "
"as are all the previously mentioned issues with respect to data security."
msgstr ""
"Proses tepercaya untuk mengelola siklus hidup image disk diperlukan, seperti "
"juga semua masalah yang disebutkan sebelumnya sehubungan dengan keamanan "
"data."
msgid "Twofish"
msgstr "Twofish"
msgid "Type"
msgstr "Tipe"
msgid ""
"Type 1 - report on the fairness of the presentation of management's "
"description of the service organization's system and the suitability of the "
"design of the controls to achieve the related control objectives included in "
"the description as of a specified date."
msgstr ""
"Tipe 1 - melaporkan kewajaran penyajian deskripsi manajemen tentang sistem "
"organisasi layanan dan kesesuaian rancangan kontrol untuk mencapai tujuan "
"pengendalian terkait yang termasuk dalam deskripsi pada tanggal yang "
"ditentukan."
msgid ""
"Type 2 - report on the fairness of the presentation of management's "
"description of the service organization's system and the suitability of the "
"design and operating effectiveness of the controls to achieve the related "
"control objectives included in the description throughout a specified period"
msgstr ""
"Tipe 2 - melaporkan kewajaran penyajian deskripsi manajemen tentang sistem "
"organisasi layanan dan kesesuaian desain dan efektivitas operasi kontrol "
"untuk mencapai tujuan pengendalian terkait yang termasuk dalam deskripsi "
"selama periode tertentu."
msgid ""
"Type 2 - report on the fairness of the presentation of management's "
"description of the service organization's system and the suitability of the "
"design and operating effectiveness of the controls to achieve the related "
"control objectives included in the description throughout a specified period."
msgstr ""
"Tipe 2 - melaporkan keadilan penyajian deskripsi manajemen tentang sistem "
"organisasi layanan dan kesesuaian desain dan efektivitas operasi kontrol "
"untuk mencapai tujuan pengendalian terkait yang termasuk dalam deskripsi "
"sepanjang periode yang ditentukan."
msgid ""
"Typically a metal box with spinning disks, ethernet ports, and some kind of "
"software that allows network clients to read and write files on the disks. "
"There are also software-only storage controllers that run on arbitrary "
"hardware, clustered controllers which may run allow a multiple physical "
"devices to appear as a single storage controller, or purely virtual storage "
"controllers."
msgstr ""
"Biasanya kotak logam dengan disk berputar, port ethernet, dan beberapa jenis "
"perangkat lunak yang memungkinkan klien jaringan membaca dan menulis file di "
"disk. Ada juga controller penyimpanan software-only yang berjalan di "
"perangkat keras sembarangan, controller kluster yang berjalan menigizinkan "
"beberapa perangkat fisik muncul sebagai controller penyimpanan tunggal, atau "
"controller penyimpanan virtual yang murni"
msgid ""
"Typically this is achieved through Copy-On-Write (COW) mechanisms. These "
"mechanisms have been shown to be vulnerable to side-channel attacks where "
"one VM can infer something about the state of another and might not be "
"appropriate for multi-tenant environments where not all tenants are trusted "
"or share the same levels of trust."
msgstr ""
"Biasanya hal ini dicapai melalui mekanisme Copy-On-Write (COW). Mekanisme "
"ini terbukti rentan terhadap serangan saluran samping di mana satu VM dapat "
"menyimpulkan sesuatu tentang keadaan lain dan mungkin tidak sesuai untuk "
"lingkungan multi-tenant dimana tidak semua penyewa dipercaya atau memiliki "
"tingkat kepercayaan yang sama."
msgid ""
"Typically used for compute instance-to-instance traffic, the guest security "
"domain handles compute data generated by instances on the cloud but not "
"services that support the operation of the cloud, such as API calls."
msgstr ""
"Biasanya digunakan untuk menghitung lalu lintas instance-to-instance, domain "
"keamanan tamu menangani data yang dihasilkan oleh kejadian di awan namun "
"bukan layanan yang mendukung pengoperasian awan, seperti panggilan API."
msgid ""
"Typically, when an SSH daemon is installed, host keys will be generated. It "
"is necessary that the hosts have sufficient entropy during host key "
"generation. Insufficient entropy during host key generation can result in "
"the possibility to eavesdrop on SSH sessions."
msgstr ""
"Biasanya, ketika daemon SSH terinstal, host key akan dihasilkan. Hal ini "
"diperlukan agar host memiliki entropi yang cukup selama generasi host key. "
"Entropi yang tidak mencukupi selama generasi host key dapat mengakibatkan "
"kemungkinan untuk menguping (eavesdrop) sesi SSH."
msgid ""
"US Export restrictions on cryptography systems have been lifted and no "
"longer need to be supported."
msgstr ""
"Pembatasan US Export pada sistem kriptografi telah dicabut dan tidak perlu "
"lagi didukung."
msgid "UUID tokens"
msgstr "UUID token"
msgid ""
"UUID tokens are persistent tokens. UUID tokens are 32 bytes in length and "
"must be persisted in the back-end. They are stored in the Identity service "
"back-end along with the metadata for authentication. Clients must pass their "
"UUID token to the Identity service in order to validate it. According to the "
"release notes for Pike(see `release notes <https://docs.openstack.org/"
"releasenotes/keystone/pike.html#deprecation-notes>`_), UUID token provider "
"is being deprecated in favor of Fernet tokens."
msgstr ""
"Token UUID adalah token yang terus-menerus (persistent). Token UUID "
"panjangnya 32 byte dan harus bertahan (persisted) di back-end. Mereka "
"disimpan dalam layanan Identity back-end bersama dengan metadata untuk "
"otentikasi. Klien harus menyerahkan token UUID mereka ke layanan Identity "
"untuk memvalidasinya. Menurut catatan rilis untuk Pike (lihat `release notes "
"<https://docs.openstack.org/releasenotes/keystone/pike.html#deprecation-"
"notes>`_), penyedia token UUID tidak dipakai lagi untuk menyetujui token "
"Fernet. ."
msgid "Understanding the audit process"
msgstr "Memahami proses audit"
msgid ""
"Unencrypted volume data makes volume-hosting platforms especially high-value "
"targets for attackers, as it allows the attacker to read the data for many "
"different VMs. In addition, the physical storage medium could be stolen, "
"remounted, and accessed from a different machine. Encrypting volume data "
"mitigates these risks and provides defense-in-depth to volume-hosting "
"platforms. Block Storage (cinder) is able to encrypt volume data before it "
"is written to disk, and we recommend that the volume encryption feature is "
"enabled. See the `Volume Encryption <https://docs.openstack.org/cinder/"
"latest/configuration/block-storage/volume-encryption.html>`__ section of the "
"Openstack Cinder Service Configuration documentation for instructions."
msgstr ""
"Data volume yang tidak terenkripsi membuat platform volume-hosting terutama "
"target high-value bagi penyerang, karena memungkinkan penyerang untuk "
"membaca data untuk berbagai VM berbeda. Selain itu, media penyimpanan fisik "
"bisa dicuri, di remount, dan diakses dari mesin yang berbeda. Encrypting "
"volume data mengurangi risiko ini dan memberikan defense-in-depth ke "
"platform volume-hosting. Block Storage (cinder) mampu mengenkripsi data "
"volume sebelum ditulis ke disk, dan kami merekomendasikan agar fitur "
"enkripsi volume diaktifkan. Lihat bagian `Volume Encryption <https://docs."
"openstack.org/cinder/latest/configuration/block-storage/volume-encryption."
"html>` __ dari dokumentasi Openstack Cinder Service Configuration untuk "
"mendapatkan petunjuk."
msgid ""
"Unfortunately, this solution complicates the task of more fine-grained "
"access control and the ability to audit data access. Because the nova-"
"conductor service receives requests over RPC, it highlights the importance "
"of improving the security of messaging. Any node with access to the message "
"queue may execute these methods provided by the nova-conductor and "
"effectively modifying the database."
msgstr ""
"Sayangnya, solusi ini mempersulit tugas kontrol akses yang lebih halus dan "
"kemampuan untuk mengaudit akses data. Karena layanan nova-conductor menerima "
"permintaan di atas RPC, ini menyoroti pentingnya meningkatkan keamanan "
"pesan. Setiap node dengan akses ke antrian pesan (message queue) dapat "
"menjalankan metode yang disediakan oleh konduktor nova dan memodifikasi "
"database secara efektif."
msgid ""
"Unless it is not explicitly changed in the ``policy.json``, either an "
"administrator or the tenant that owns a share are able to manage :ref:"
"`access to the shares <shared_fs_share_acl>`. Access management is done by "
"creating access rules with authentication through IP address, user, group, "
"or TLS certificates. Available authentication methods depend on which share "
"driver and security service you configure and use."
msgstr ""
"Unless it is not explicitly changed in the ``policy.json``, either an "
"administrator or the tenant that owns a share are able to manage :ref:"
"`access to the shares <shared_fs_share_acl>`. Manajemen akses dilakukan "
"dengan membuat aturan akses dengan otentikasi melalui sertifikat IP address, "
"user, group, atau TLS. Metode otentikasi yang tersedia bergantung pada "
"pengandar berbagi dan layanan keamanan yang Anda konfigurasikan dan gunakan."
msgid ""
"Unlike *no share servers* mode, in *share servers* mode users have a share "
"network and a share server that is created for each share network. Thus all "
"users have separate CPU, amount of CPU time, network, capacity and "
"throughput."
msgstr ""
"Tidak seperti mode *no share servers* , di mode *share server * pengguna "
"memiliki jaringan berbagi dan server berbagi yang dibuat untuk setiap "
"jaringan berbagi. Dengan demikian semua pengguna memiliki CPU terpisah, "
"jumlah waktu CPU, jaringan, kapasitas dan throughput."
msgid ""
"Unlike UUID, PKI and PKIZ tokens, fernet tokens do not require persistence. "
"The keystone token database no longer suffers bloat as a side effect of "
"authentication. Pruning expired tokens from the token database is no longer "
"required when using fernet tokens. Since fernet tokens are non-persistent, "
"they do not have to be replicated. As long as each keystone node shares the "
"same repository, fernet tokens can be created and validated instantly across "
"nodes."
msgstr ""
"Tidak seperti UUID, token PKI dan PKIZ, token fernet tidak memerlukan "
"persistence (ketekunan). Database token keystone tidak lagi mengalami bloat "
"(gembung) sebagai efek samping autentikasi. Bukti pemangkasan yang "
"kadaluarsa dari basis data token tidak diperlukan lagi saat menggunakan "
"token fernet. Karena token fernet tidak terus-menerus, mereka tidak perlu "
"direplikasi. Selama masing-masing node kunci berbagi repositori yang sama, "
"token fernet dapat dibuat dan divalidasi seketika di seluruh node."
msgid ""
"Unlike many similar systems, the OpenStack dashboard allows the entire "
"Unicode character set in most fields. This means developers have less "
"latitude to make escaping mistakes that open attack vectors for cross-site "
"scripting (XSS)."
msgstr ""
"Tidak seperti banyak sistem serupa, dasbor OpenStack memungkinkan seluruh "
"karakter Unicode diatur di sebagian besar bidang. Ini berarti pengembang "
"memiliki garis lintang (latitude) yang lebih sedikit untuk membuat kesalahan "
"melarikan diri (escaping mistake) yang membuka vektor serangan untuk cross-"
"site scripting (XSS)."
msgid "Unscoped token"
msgstr "Unscoped token"
msgid "Updates and patches"
msgstr "Pembaruan dan tambalan (patch)"
msgid "Upload your Service Providers metadata file to your Identity Provider."
msgstr "Upload file metadata Service Provider Anda ke Identity Provider. Anda."
msgid "Use Cases"
msgstr "Gunakan Kasus"
msgid ""
"Use a dedicated and hardened backup servers. The logs for the backup server "
"must be monitored daily and accessible by only few individuals."
msgstr ""
"Gunakan server backup dedicated dan hardened. Log untuk server backup harus "
"dipantau setiap hari dan hanya dapat diakses oleh beberapa individu."
msgid ""
"Use a private (V)LAN network segment for your storage nodes in the data "
"domain."
msgstr ""
"Gunakan segmen jaringan (V)LAN pribadi untuk node penyimpanan Anda di domain "
"data."
msgid ""
"Use a read-only file system where possible. Ensure that writeable file "
"systems do not permit execution. This can be handled with the ``noexec``, "
"``nosuid``, and ``nodev`` mount options in ``/etc/fstab``."
msgstr ""
"Gunakan sistem file read-only jika memungkinkan. Pastikan sistem berkas yang "
"dapat ditulis tidak mengizinkan eksekusi. Ini bisa ditangani dengan opsi "
"mount ``noexec``, ``nosuid``, dan ``nodev`` di ``/etc/fstab``."
msgid ""
"Use both mandatory access controls (MACs) and discretionary access controls "
"(DACs) to restrict the configuration for processes to only those processes. "
"This restriction prevents these processes from being isolated from other "
"processes that run on the same machine(s)."
msgstr ""
"Gunakan kontrol akses wajib (mandatory access control / MACs) dan "
"discretionary access controls (DAC) untuk membatasi konfigurasi proses hanya "
"pada proses tersebut. Pembatasan ini mencegah proses ini terisolasi dari "
"proses lain yang berjalan pada mesin yang sama."
msgid "Use data encryption options for storage and transmission of backups."
msgstr "Gunakan opsi enkripsi data untuk penyimpanan dan pengiriman backup."
msgid ""
"Use of the OpenStack volume encryption feature is highly encouraged. This is "
"discussed below in the Data Encryption section under Volume Encryption. When "
"this feature is used, destruction of data is accomplished by securely "
"deleting the encryption key. The end user can select this feature while "
"creating a volume, but note that an admin must perform a one-time set up of "
"the volume encryption feature first. Instructions for this setup are in the "
"block storage section of the `Configuration Reference <https://docs."
"openstack.org/ocata/config-reference/block-storage/volume-encryption."
"html>`__ , under volume encryption."
msgstr ""
"Penggunaan fitur enkripsi volume OpenStack sangat dianjurkan. Ini dibahas di "
"bawah ini di bagian Data Encryption di bawah Volume Encryption. Bila fitur "
"ini digunakan, penghancuran data dilakukan dengan melepaskan kunci enkripsi "
"secara aman. End user dapat memilih fitur ini saat membuat volume, namun "
"perhatikan bahwa seorang admin harus melakukan pengaturan enkripsi volume "
"satu kali terlebih dahulu. Petunjuk untuk penyiapan ini ada di bagian "
"penyimpanan blok pada `Configuration Reference <https://docs.openstack.org/"
"ocata/config-reference/block-storage/volume-encryption.html>`__ , di bawah "
"enkripsi volume."
msgid ""
"Use strong passwords and safeguard them, or use client-side TLS "
"authentication."
msgstr ""
"Gunakan kata sandi yang kuat dan jaga mereka, atau gunakan otentikasi TLS "
"sisi klien."
msgid "Used by"
msgstr "Used by"
msgid ""
"Used for VM data communication within the cloud deployment. The IP "
"addressing requirements of this network depend on the OpenStack Networking "
"plug-in in use and the network configuration choices of the virtual networks "
"made by the tenant. This network is considered the Guest Security Domain."
msgstr ""
"Digunakan untuk komunikasi data VM dalam penyebaran awan. Persyaratan "
"pengalamatan IP dari jaringan ini bergantung pada plug-in OpenStack "
"Networking yang digunakan dan pilihan konfigurasi jaringan dari jaringan "
"virtual yang dibuat oleh penyewa. Jaringan ini dianggap sebagai Guest "
"Security Domain."
msgid ""
"Used for internal communication between OpenStack Components. The IP "
"addresses on this network should be reachable only within the data center "
"and is considered the Management Security Domain."
msgstr ""
"Digunakan untuk komunikasi internal antara OpenStack Components. Alamat IP "
"pada jaringan ini harus dapat dicapai hanya di dalam data center dan "
"dianggap sebagai Management Security Domain."
msgid ""
"Used to provide VMs with Internet access in some deployment scenarios. The "
"IP addresses on this network should be reachable by anyone on the Internet. "
"This network is considered to be in the Public Security Domain."
msgstr ""
"Digunakan untuk menyediakan VM dengan akses Internet dalam beberapa skenario "
"penyebaran. Alamat IP pada jaringan ini harus dapat dijangkau oleh siapapun "
"di Internet. Jaringan ini dianggap berada dalam Public Security Domain."
msgid "User access to resources"
msgstr "Akses pengguna ke sumber daya"
msgid "User's \"Real Name\""
msgstr "\"Real Name\" pengguna"
msgid ""
"User, process, or system that is the subject of a certificate. The end "
"entity sends its certificate request to a Registration Authority (RA) for "
"approval. If approved, the RA forwards the request to a Certification "
"Authority (CA). The Certification Authority verifies the request and if the "
"information is correct, a certificate is generated and signed. This signed "
"certificate is then send to a Certificate Repository."
msgstr ""
"Pengguna, proses, atau sistem yang menjadi subjek sertifikat. Entitas akhir "
"mengirimkan permintaan sertifikasinya ke Registration Authority (RA) untuk "
"mendapatkan persetujuan. Jika disetujui, RA meneruskan permintaan ke "
"Certification Authority (CA). Certification Authority memverifikasi "
"permintaan dan jika informasinya benar, sertifikat dibuat dan "
"ditandatangani. Sertifikat yang ditandatangani ini kemudian dikirim ke "
"Certificate Repository."
msgid ""
"Users must be assigned to groups and roles that you refer to in your "
"policies. This is done automatically by the service when user management "
"commands are used."
msgstr ""
"Pengguna harus ditugaskan ke grup dan peran yang Anda lihat dalam kebijakan "
"Anda. Hal ini dilakukan secara otomatis oleh layanan saat perintah manajemen "
"pengguna digunakan."
msgid ""
"Users or organizations that possess PHI must support HIPAA requirements and "
"are HIPAA covered entities. If an entity intends to use a service, or in "
"this case, an OpenStack cloud that might use, store or have access to that "
"PHI, then a Business Associate Agreement (BAA) must be signed. The BAA is a "
"contract between the HIPAA covered entity and the OpenStack service provider "
"that requires the provider to handle that PHI in accordance with HIPAA "
"requirements. If the service provider does not handle the PHI, such as with "
"security controls and hardening, then they are subject to HIPAA fines and "
"penalties."
msgstr ""
"Pengguna atau organisasi yang memiliki PHI harus mendukung persyaratan HIPAA "
"dan entitas tertutup HIPAA. Jika suatu entitas bermaksud untuk menggunakan "
"suatu layanan, atau dalam hal ini, sebuah awan OpenStack yang mungkin "
"menggunakan, menyimpan atau memiliki akses ke PHI tersebut, maka Business "
"Associate Agreement (BAA) harus ditandatangani. BAA adalah kontrak antara "
"entitas tertutup HIPAA dan penyedia layanan OpenStack yang mengharuskan "
"penyedia untuk menangani PHI tersebut sesuai dengan persyaratan HIPAA. Jika "
"penyedia layanan tidak menangani PHI, seperti dengan kontrol keamanan dan "
"pengerasan (hardening), maka mereka tunduk pada denda HIPAA dan denda."
msgid ""
"Users spend too much time logging in or going through 'Forget Password' "
"workflows. Federated identity allows for single sign on, which is easier and "
"faster for users and requires fewer password resets. The IdPs manage user "
"identities and passwords so OpenStack does not have to."
msgstr ""
"Pengguna menghabiskan terlalu banyak waktu untuk masuk atau melewati alur "
"kerja 'Forget Password'. Federated identity memungkinkan masuk tunggal, yang "
"lebih mudah dan lebih cepat bagi pengguna dan memerlukan lebih sedikit "
"penyetelan ulang kata sandi. Idps mengelola identitas pengguna dan kata "
"sandi sehingga OpenStack tidak perlu melakukannya."
msgid ""
"Using SQL, the Shared File Systems service is similar to other OpenStack "
"services and can be used with any OpenStack deployment. For more details on "
"the API, see the `OpenStack Shared File Systems API <https://developer."
"openstack.org/api-ref-share-v2.html>`_ description. For more details on the "
"CLI usage and configuration, see `Shared File Systems Cloud Administrative "
"Guide <https://docs.openstack.org/admin-guide/shared_file_systems.html>`_."
msgstr ""
"Menggunakan SQL, layanan Shared File Systems mirip dengan layanan OpenStack "
"lainnya dan dapat digunakan dengan penerapan OpenStack. Untuk detail lebih "
"lanjut tentang API, lihat deskripsi 'OpenStack Shared File Systems API "
"<https://developer.openstack.org/api-ref-share-v2.html> `_. Untuk detail "
"lebih lanjut tentang penggunaan dan konfigurasi CLI, lihat `Shared File "
"Systems Cloud Administrative Guide <https://docs.openstack.org/admin-guide/"
"shared_file_systems.html>`_."
msgid "Using compiler hardening."
msgstr "Menggunakan kompilator pengerasan."
msgid "Using mandatory access controls such as sVirt, SELinux, or AppArmor."
msgstr "Menggunakan kontrol akses wajib seperti sVirt, SELinux, atau AppArmor."
msgid ""
"Using the API, users can create, update, view and delete a security service. "
"Security Services are designed basing on the following assumptions:"
msgstr ""
"Dengan menggunakan API, pengguna dapat membuat, memperbarui, melihat dan "
"menghapus layanan keamanan. Security Service dirancang berdasarkan asumsi "
"berikut:"
msgid ""
"Using the Shared File Systems service, you can grant or deny access to a "
"share by specifying one of these supported share access levels:"
msgstr ""
"Dengan menggunakan layanan Shared File System, Anda dapat memberikan atau "
"menolak akses ke share dengan menentukan salah satu tingkat akses share yang "
"didukung ini:"
msgid ""
"VLAN configuration complexity depends on your OpenStack design requirements. "
"In order to allow OpenStack Networking to efficiently use VLANs, you must "
"allocate a VLAN range (one for each tenant) and turn each compute node "
"physical switch port into a VLAN trunk port."
msgstr ""
"Kompleksitas konfigurasi VLAN bergantung pada persyaratan desain OpenStack "
"Anda. Untuk memungkinkan OpenStack Networking menggunakan VLAN secara "
"efisien, Anda harus mengalokasikan rentang VLAN (satu untuk setiap penyewa) "
"dan mengubah masing-masing compute node physical switch port menjadi VLAN "
"trunk port."
msgid "VLANs"
msgstr "VLAN"
msgid ""
"VLANs are realized as packets on a specific physical network containing IEEE "
"802.1Q headers with a specific VLAN ID (VID) field value. VLAN networks "
"sharing the same physical network are isolated from each other at L2, and "
"can even have overlapping IP address spaces. Each distinct physical network "
"supporting VLAN networks is treated as a separate VLAN trunk, with a "
"distinct space of VID values. Valid VID values are 1 through 4094."
msgstr ""
"VLAN direalisasikan sebagai paket pada jaringan fisik tertentu yang berisi "
"header IEEE 802.1Q dengan nilai field VLAN ID (VID) tertentu. Jaringan VLAN "
"yang berbagi jaringan fisik yang sama diisolasi satu sama lain di L2, dan "
"bahkan bisa memiliki ruang alamat IP yang tumpang tindih. Setiap jaringan "
"fisik yang berbeda yang mendukung jaringan VLAN diperlakukan sebagai VLAN "
"trunk yang terpisah, dengan ruang nilai VID yang berbeda. Nilai VID yang "
"valid adalah 1 sampai 4094."
msgid "VMWare:"
msgstr "VMWare:"
msgid "VT-c"
msgstr "VT-c"
msgid "VT-d / AMD-Vi"
msgstr "VT-d / AMD-Vi"
msgid "Various"
msgstr "Various"
msgid ""
"Various components of the OpenStack Networking services use either the "
"messaging queue or database connections to communicate with other components "
"in OpenStack Networking."
msgstr ""
"Berbagai komponen layanan OpenStack Networking menggunakan antrian pesan "
"atau koneksi database untuk berkomunikasi dengan komponen lain di OpenStack "
"Networking."
msgid ""
"Verification of image signatures assures that an image is not replaced or "
"changed since the time of original upload. The image signature verification "
"feature uses Castellan as its key manager for storing cryptographic "
"signatures. An image signature and certificate UUID is uploaded along with "
"the image to the Image (glance) service. Glance verifies the signature after "
"retrieving the certificate from the key manager. When the image is booted, "
"the Compute service (nova) verifys the signature after it retrieves the "
"certificate from the key manager."
msgstr ""
"Verifikasi image signature memastikan bahwa image tidak diganti atau diganti "
"sejak saat upload asli. Fitur verifikasi image signature menggunakan "
"Castellan sebagai manajer kunci untuk menyimpan cryptographic signature. "
"Image signature dan certificate UUID diunggah bersamaan dengan image ke "
"layanan Image (glance). Glance memverifikasi signature setelah mengambil "
"sertifikat dari manajer kunci. Saat image di-boot, layanan Compute (nova) "
"memverifikasi signature setelah mengambil sertifikat dari manajer kunci."
msgid "Verified boot"
msgstr "Boot terverifikasi"
msgid ""
"Vibha Fauver, GWEB, CISSP, PMP, has over fifteen years of experience in "
"Information Technology. Her areas of specialization include software "
"engineering, project management and information security. She has a B.S. in "
"Computer & Information Science and a M.S. in Engineering Management with "
"specialization and a certificate in Systems Engineering."
msgstr ""
"Vibha Fauver, GWEB, CISSP, PMP, memiliki pengalaman lebih dari lima belas "
"tahun di bidang Teknologi Informasi. Bidang spesialisasi termasuk rekayasa "
"perangkat lunak, manajemen proyek dan keamanan informasi. Dia memiliki B.S. "
"di Ilmu Komputer & Informasi dan M.S. di bidang Teknik Manajemen dengan "
"spesialisasi dan sertifikat di bidang Systems Engineering."
msgid "Virtual Machine (multi-tenant) threats"
msgstr "Ancaman Virtual Machine (multi-tenant)"
msgid "Virtual Network Computer (VNC)"
msgstr "Virtual Network Computer (VNC)"
msgid "Virtual hardware (QEMU)"
msgstr "Virtual hardware (QEMU)"
msgid "Virtual machine images in the Image service"
msgstr "Image mesin virtual dalam layanan Image"
msgid "Volume Wiping"
msgstr "Volume Wiping"
msgid "Volume data contained within iSCSI packets is encrypted"
msgstr "Data volume yang terkandung dalam paket iSCSI dienkripsi"
msgid "Volume encryption"
msgstr "Enkripsi volume"
msgid ""
"Volume encryption is supported by back-end key storage for enhanced security "
"(for example, a Hardware Security Module (HSM) or a KMIP server can be used "
"as a barbican back-end secret store)"
msgstr ""
"Enkripsi volume didukung oleh penyimpanan kunci back-end untuk keamanan yang "
"ditingkatkan (misalnya, Hardware Security Module (HSM) atau server KMIP "
"dapat digunakan sebagai penyimpanan rahasia back-end barbican)"
msgid "Vulnerability awareness"
msgstr "Kesadaran akan kerentanan"
msgid "Vulnerability management"
msgstr "Manajemen Kerentanan"
msgid ""
"We advise that you read this at your own discretion when planning on "
"implementing security measures for your OpenStack cloud."
msgstr ""
"Kami menyarankan agar Anda membaca ini berdasarkan pertimbangan Anda sendiri "
"saat merencanakan penerapan langkah keamanan untuk awan OpenStack Anda."
msgid "We also recommend the following additional steps for production nodes:"
msgstr ""
"Kami juga merekomendasikan langkah-langkah tambahan berikut untuk node "
"produksi:"
msgid ""
"We briefly introduce the kinds of clouds (private, public, and hybrid) "
"before presenting an overview of the OpenStack components and their related "
"security concerns in the remainder of the chapter."
msgstr ""
"Kami secara singkat memperkenalkan jenis awan (private, public, and hybrid) "
"sebelum menyajikan ikhtisar komponen OpenStack dan masalah keamanan terkait "
"mereka di sisa bab ini."
msgid ""
"We consider entropy to refer to the quality and source of random data that "
"is available to an instance. Cryptographic technologies typically rely "
"heavily on randomness, requiring a high quality pool of entropy to draw "
"from. It is typically hard for a virtual machine to get enough entropy to "
"support these operations, which is referred to as entropy starvation. "
"Entropy starvation can manifest in instances as something seemingly "
"unrelated. For example, slow boot time may be caused by the instance waiting "
"for ssh key generation. Entropy starvation may also motivate users to employ "
"poor quality entropy sources from within the instance, making applications "
"running in the cloud less secure overall."
msgstr ""
"Kami mempertimbangkan entropi untuk mengacu pada kualitas dan sumber data "
"acak yang tersedia untuk sebuah instance. Teknologi kriptografi biasanya "
"sangat bergantung pada keacakan, membutuhkan kolam entropi berkualitas "
"tinggi untuk menariknya. Biasanya sulit bagi mesin virtual untuk mendapatkan "
"entropi yang cukup untuk mendukung operasi ini, yang disebut sebagai entropy "
"starvation. Kelainan entropi dapat bermanifestasi dalam instance sebagai "
"sesuatu yang tampaknya tidak terkait. Misalnya, waktu boot yang lambat "
"mungkin disebabkan oleh instance menunggu generasi kunci ssh. Entropy "
"starvation juga dapat memotivasi pengguna untuk menggunakan sumber entropi "
"berkualitas buruk dari dalam instance, membuat aplikasi berjalan di awan "
"kurang aman secara keseluruhan."
msgid ""
"We define integrity life cycle as a deliberate process that provides "
"assurance that we are always running the expected software with the expected "
"configurations throughout the cloud. This process begins with :term:`secure "
"bootstrapping <secure boot>` and is maintained through configuration "
"management and security monitoring. This chapter provides recommendations on "
"how to approach the integrity life-cycle process."
msgstr ""
"Kami mendefinisikan siklus hidup integritas sebagai proses yang disengaja "
"yang memberikan kepastian bahwa kami selalu menjalankan perangkat lunak yang "
"diharapkan dengan konfigurasi yang diharapkan di seluruh awan. Proses ini "
"dimulai dengan :term:`secure bootstrapping <secure boot>` dan dikelola "
"melalui manajemen konfigurasi dan pemantauan keamanan. Bab ini memberikan "
"rekomendasi bagaimana mendekati proses siklus hidup integritas."
msgid ""
"We do not recommend using front-end caching tools with the dashboard. The "
"dashboard is rendering dynamic content resulting directly from OpenStack API "
"requests and front-end caching layers such as varnish can prevent the "
"correct content from being displayed. In Django, static media is directly "
"served from Apache or :term:`Nginx` and already benefits from web host "
"caching."
msgstr ""
"Kami tidak merekomendasikan penggunaan alat caching front-end dengan dasbor. "
"Dasbor menampilkan konten dinamis yang dihasilkan langsung dari permintaan "
"API OpenStack dan lapisan caching front-end seperti lapisan pernis dapat "
"mencegah konten yang benar ditampilkan. Di Django, media statis langsung "
"dilayani dari Apache atau :term:`Nginx` dan sudah mendapat manfaat dari "
"caching host web."
msgid ""
"We highly recommend enabling transport-level cryptography for your message "
"queue. Using TLS for the messaging client connections provides protection of "
"the communications from tampering and eavesdropping in-transit to the "
"messaging server. Below is guidance on how TLS is typically configured for "
"the two popular messaging servers Qpid and RabbitMQ. When configuring the "
"trusted certificate authority (CA) bundle that your messaging server uses to "
"verify client connections, it is recommended that this be limited to only "
"the CA used for your nodes, preferably an internally managed CA. The bundle "
"of trusted CAs will determine which client certificates will be authorized "
"and pass the client-server verification step of the setting up the TLS "
"connection. Note, when installing the certificate and key files, ensure that "
"the file permissions are restricted, for example using ``chmod 0600``, and "
"the ownership is restricted to the messaging server daemon user to prevent "
"unauthorized access by other processes and users on the messaging server."
msgstr ""
"Kami sangat menyarankan mengaktifkan kriptografi tingkat transportasi untuk "
"antrean pesan Anda. Menggunakan TLS untuk koneksi klien pesan memberi "
"perlindungan terhadap komunikasi dari gangguan dan penyadapan transit ke "
"server pesan. Berikut adalah panduan tentang bagaimana TLS biasanya "
"dikonfigurasi untuk dua server pesan populer Qpid dan RabbitMQ. Saat "
"mengkonfigurasi bundle certificate authority (CA) terpercaya dimana server "
"pesan Anda memverifikasi koneksi klien, kami sarankan agar ini hanya "
"terbatas pada CA yang digunakan untuk nodus Anda, sebaiknya CA dikelola "
"secara internal. Paket CA yang tepercaya akan menentukan sertifikat klien "
"mana yang akan diberi otorisasi dan melewati langkah verifikasi klien-server "
"untuk menyiapkan koneksi TLS. Catatan, saat menginstal sertifikat dan file "
"kunci, pastikan hak akses file dibatasi, misalnya menggunakan ``chmod "
"0600``, dan kepemilikan dibatasi pada pengguna daemon server pesan untuk "
"mencegah akses yang tidak sah oleh proses dan pengguna lain di server pesan"
msgid ""
"We recommend configuring X.509 client certificates on all the OpenStack "
"service nodes for client connections to the messaging queue and where "
"possible (currently only Qpid) perform authentication with X.509 client "
"certificates. When using user names and passwords, accounts should be "
"created per-service and node for finer grained auditability of access to the "
"queue."
msgstr ""
"Sebaiknya konfigurasikan sertifikat klien X.509 pada semua node layanan "
"OpenStack untuk koneksi klien ke antrian pesan dan jika mungkin (saat ini "
"hanya Qpid) melakukan otentikasi dengan sertifikat klien X.509. Bila "
"menggunakan nama pengguna dan kata sandi, akun harus dibuat per-service dan "
"node untuk mendapatkan aksesibilitas yang lebih halus terhadap antrian."
msgid ""
"We recommend documenting all the data flows and bridging points between "
"these services and the data processing controller. See :doc:`../"
"documentation`."
msgstr ""
"Kami merekomendasikan untuk mendokumentasikan semua data flow dan bridging "
"point antara layanan ini dan data processing controller. Lihat :doc:`../"
"documentation`."
msgid ""
"We recommend keeping up to date on security issues and advisories as they "
"are published. The `OpenStack Security Portal <https://security.openstack."
"org/>`_ is the central portal where advisories, notices, meetings, and "
"processes can be coordinated. Additionally, the `OpenStack Vulnerability "
"Management Team (VMT) portal <https://security.openstack.org/#vulnerability-"
"management>`_ coordinates remediation within OpenStack, as well as the "
"process of investigating reported bugs which are responsibly disclosed "
"(privately) to the VMT, by marking the bug as 'This bug is a security "
"vulnerability'. Further detail is outlined in the `VMT process page <https://"
"security.openstack.org/vmt-process.html#process>`_ and results in an "
"OpenStack Security Advisory (OSSA). This OSSA outlines the issue and the "
"fix, as well as linking to both the original bug, and the location where the "
"where the patch is hosted."
msgstr ""
"Sebaiknya tetap up to date mengenai masalah keamanan dan nasihat saat "
"diterbitkan. The `OpenStack Security Portal <https://security.openstack.org/"
"> `_ adalah portal utama dimana saran, pemberitahuan, rapat, dan proses "
"dapat dikoordinasikan. Selain itu, portal `OpenStack Vulnerability "
"Management Team (VMT) <https://security.openstack.org/#vulnerability-"
"management>` _ mengkoordinasikan remediasi di dalam OpenStack, serta proses "
"menyelidiki bug yang dilaporkan yang bertanggung jawab diungkapkan (secara "
"pribadi ) ke VMT, dengan menandai bug sebagai 'This bug is a security "
"vulnerability'. Detail lebih lanjut diuraikan di halaman proses `VMT "
"<https://security.openstack.org/vmt-process.html#process>` _ dan hasilnya di "
"OpenStack Security Advisory (OSSA). OSSA ini menguraikan masalah dan "
"perbaikannya, serta menghubungkan ke bug asli, dan lokasi tempat penyimpanan "
"patch."
msgid ""
"We recommend keeping up to date on security issues and advisories as they "
"are published. The `OpenStack Security Portal <https://security.openstack."
"org>`_ is the central portal where advisories, notices, meetings, and "
"processes can be coordinated. Additionally, the `OpenStack Vulnerability "
"Management Team (VMT) portal <https://security.openstack.org/#openstack-"
"vulnerability-management-team>`_ coordinates remediation within the "
"OpenStack project, as well as the process of investigating reported bugs "
"which are responsibly disclosed (privately) to the VMT, by marking the bug "
"as 'This bug is a security vulnerability'. Further detail is outlined in the "
"`VMT process page <https://security.openstack.org/vmt-process."
"html#process>`_ and results in an OpenStack Security Advisory (OSSA). This "
"OSSA outlines the issue and the fix, as well as linking to both the original "
"bug, and the location where the where the patch is hosted."
msgstr ""
"Kami menyarankan agar Anda selalu mengetahui masalah keamanan dan saran saat "
"dipublikasikan. The `OpenStack Security Portal <https://security.openstack."
"org>`_ adalah portal pusat tempat nasihat, pemberitahuan, rapat, dan proses "
"dapat dikoordinasikan. Selain itu, portal `OpenStack Vulnerability "
"Management Team (VMT) <https://security.openstack.org/#openstack-"
"vulnerability-management-team>` _ mengoordinasikan remediasi dalam proyek "
"OpenStack, serta proses penyelidikan bug yang dilaporkan yang secara terbuka "
"diungkapkan (secara pribadi) ke VMT, dengan menandai bug sebagai 'This bug "
"is a security vulnerability'. Rincian lebih lanjut diuraikan dalam `VMT "
"process page <https://security.openstack.org/vmt-process.html#process>` _ "
"dan menghasilkan OpenStack Security Advisory (OSSA). OSSA ini menguraikan "
"masalah dan perbaikannya, serta menautkan ke bug asli, dan lokasi tempat "
"tambalan (patch) di-host."
msgid ""
"We recommend minimizing the QEMU code base by removing unused components "
"from the system. QEMU provides support for many different virtual hardware "
"devices, however only a small number of devices are needed for a given "
"instance. The most common hardware devices are the virtio devices. Some "
"legacy instances will need access to specific hardware, which can be "
"specified using glance metadata:"
msgstr ""
"Kami merekomendasikan untuk meminimalkan basis kode QEMU dengan melepaskan "
"komponen yang tidak terpakai dari sistem. QEMU menyediakan dukungan untuk "
"berbagai perangkat perangkat keras virtual yang berbeda, namun hanya "
"sejumlah kecil perangkat yang dibutuhkan untuk instance tertentu. Perangkat "
"perangkat keras yang paling umum adalah perangkat virtio. Beberapa instance "
"lawas memerlukan akses ke perangkat keras tertentu, yang dapat ditentukan "
"dengan menggunakan metadata sekilas:"
msgid ""
"We recommend testing your QEMU executable file after it is compiled to "
"ensure that the compiler hardening worked properly."
msgstr ""
"Kami merekomendasikan untuk menguji file eksekusi QEMU Anda setelah "
"dikompilasi untuk memastikan bahwa pengerasan kompilator bekerja dengan "
"benar."
msgid ""
"We recommend that admin users authenticate using Identity service and an "
"external authentication service that supports 2-factor authentication, such "
"as a certificate. This reduces the risk from passwords that may be "
"compromised. This recommendation is in compliance with NIST 800-53 IA-2(1) "
"guidance in the use of multi-factor authentication for network access to "
"privileged accounts."
msgstr ""
"Sebaiknya pengguna admin mengautentikasi menggunakan layanan Identitas dan "
"layanan autentikasi eksternal yang mendukung autentikasi 2 faktor, seperti "
"sertifikat. Hal ini mengurangi risiko dari password yang mungkin "
"dikompromikan. Rekomendasi ini sesuai dengan panduan NIST 800-53 IA-2 (1) "
"dalam penggunaan autentikasi multi-faktor untuk akses jaringan ke akun "
"istimewa."
msgid ""
"We recommend that all production deployments use HTTP strict transport "
"security (HSTS). This header prevents browsers from making insecure "
"connections after they have made a single secure one. If you have deployed "
"your HTTP services on a public or an untrusted domain, HSTS is especially "
"important. To enable HSTS, configure your web server to send a header like "
"this with all requests:"
msgstr ""
"Sebaiknya semua penerapan produksi menggunakan keamanan transportasi ketat "
"HTTP (HSTS). Header ini mencegah browser membuat koneksi yang tidak aman "
"setelah mereka membuat suatu single secure. Jika Anda telah menyebarkan "
"layanan HTTP Anda di domain publik atau yang tidak tepercaya, HSTS sangat "
"penting. Untuk mengaktifkan HSTS, konfigurasikan server web Anda untuk "
"mengirim header seperti ini dengan semua permintaan:"
msgid ""
"We recommend that implementers `disable HORIZON_IMAGES_ALLOW_UPLOAD <https://"
"docs.openstack.org/horizon/latest/user/manage-images.html#upload-an-image>`_ "
"unless they have implemented a plan to prevent resource exhaustion and "
"denial of service."
msgstr ""
"Kami merekomendasikan pelaksana `disable HORIZON_IMAGES_ALLOW_UPLOAD "
"<https://docs.openstack.org/horizon/latest/user/manage-images.html#upload-an-"
"image>`_ kecuali mereka telah menerapkan rencana untuk mencegah kelelahan "
"dan penolakan layanan."
msgid ""
"We recommend that only TLS 1.2 is used. Other versions such as TLS 1.0 and "
"1.1 are vulnerable to multiple attacks. TLS 1.0 should be disabled in your "
"environment. TLS 1.1 may be used for broad client compatibility, however "
"exercise caution when enabling this protocol. Only enable TLS version 1.1 if "
"there is a mandatory compatibility requirement and you are aware of the "
"risks involved. All versions of SSL, the predecessor to TLS, must not be "
"used due to multiple public vulnerabilities."
msgstr ""
"Sebaiknya hanya TLS 1.2 yang digunakan. Versi lain seperti TLS 1.0 dan 1.1 "
"rentan terhadap banyak serangan. TLS 1.0 harus dinonaktifkan di lingkungan "
"Anda. TLS 1.1 dapat digunakan untuk kompatibilitas klien yang luas, namun "
"berhati-hatilah saat mengaktifkan protokol ini. Hanya aktifkan TLS versi 1.1 "
"jika ada persyaratan kompatibilitas wajib dan Anda sadar akan risiko yang "
"terlibat. Semua versi SSL, pendahulu TLS, tidak boleh digunakan karena "
"banyak kerentanan publik."
msgid ""
"We recommend that the ``DEBUG`` setting is set to ``False`` in production "
"environments. If ``DEBUG`` is set to True, Django will display stack traces "
"and sensitive web server state information when exceptions are thrown."
msgstr ""
"Kami merekomendasikan agar pengaturan ``DEBUG``` disetel ke ``False`` di "
"lingkungan produksi. Jika ``DEBUG`` disetel ke True, Django akan menampilkan "
"jejak stack dan informasi server web sensitif saat pengecualian dilepas."
msgid ""
"We recommend that you configure the Object Storage service to run under a "
"non-root (UID 0) service account. One recommendation is the user name "
"``swift`` with the primary group ``swift``. Object Storage services include, "
"for example, ``proxy-server``, ``container-server``, ``account-server``. "
"Detailed steps for setup and configuration can be found in the `Add Object "
"Storage chapter <https://docs.openstack.org/project-install-guide/object-"
"storage/ocata/>`_ of the Installation Guide in the `OpenStack Documentation "
"index <https://docs.openstack.org>`_."
msgstr ""
"Sebaiknya konfigurasikan layanan Object Storage untuk berjalan di bawah akun "
"layanan non-root (UID 0). Satu rekomendasi adalah nama pengguna ``swift`` "
"dengan grup utama ``swift``. Layanan Object Storage meliputi, misalnya, "
"``proxy-server``, ``container-server``, ``account-server``. Langkah-langkah "
"rinci untuk setup dan konfigurasi dapat ditemukan di `Add Object Storage "
"chapter <https://docs.openstack.org/project-install-guide/object-storage/"
"ocata/>`_ dari Installation Guide di `OpenStack Documentation index <https://"
"docs.openstack.org>`_."
msgid ""
"We recommend that you use client authentication with TLS for the "
"authentication of services to the Identity service."
msgstr ""
"Sebaiknya gunakan otentikasi klien dengan TLS untuk otentikasi layanan ke "
"layanan Identitas."
msgid ""
"We recommend the use of memcached instead of local-memory cache because it "
"is fast, retains data for a longer duration, is multi-process safe and has "
"the ability to share cache over multiple servers, but still treats it as a "
"single cache."
msgstr ""
"Sebaiknya gunakan Memcached bukan cache memori lokal karena cepat, "
"mempertahankan data untuk durasi yang lebih lama, aman dalam proses multi-"
"proses dan memiliki kemampuan untuk berbagi cache melalui beberapa server, "
"namun tetap memperlakukannya sebagai cache tunggal."
msgid ""
"We recommend using SSL/TLS on both public networks and management networks "
"in :doc:`tls-proxies-and-http-services`. However, if actually deploying SSL/"
"TLS everywhere is too difficult, we recommend evaluating your OpenStack SSL/"
"TLS needs and following one of the architectures discussed here."
msgstr ""
"Sebaiknya gunakan SSL/TLS di jaringan publik ataupun jaringan manajemen di :"
"doc:`tls-proxies-and-http-services`. Namun, jika benar-benar menerapkan SSL/"
"TLS di mana saja terlalu sulit, sebaiknya Anda mengevaluasi kebutuhan "
"OpenStack SSL/TLS dan mengikuti salah satu arsitektur yang dibahas di sini."
msgid ""
"We recommend using a separate, isolated network within the management "
"security domain for provisioning. This network will handle all PXE traffic, "
"along with the subsequent boot stage downloads depicted above. Note that the "
"node boot process begins with two insecure operations: DHCP and TFTP. Then "
"the boot process uses TLS to download the remaining information required to "
"deploy the node. This may be an operating system installer, a basic install "
"managed by `Chef <https://www.chef.io/chef/>`__ or `Puppet <https://"
"puppetlabs.com/>`__, or even a complete file system image that is written "
"directly to disk."
msgstr ""
"Sebaiknya gunakan jaringan terpisah yang terisolasi dalam domain keamanan "
"manajemen untuk penyediaan. Jaringan ini akan menangani semua lalu lintas "
"PXE, bersamaan dengan unduhan tahap boot berikutnya yang digambarkan di "
"atas. Perhatikan bahwa proses boot node dimulai dengan dua operasi tidak "
"aman: DHCP dan TFTP. Kemudian proses booting menggunakan TLS untuk "
"mendownload sisa informasi yang dibutuhkan untuk menyebarkan node. Ini "
"mungkin sebuah installer sistem operasi, sebuah instalasi dasar yang "
"dikelola oleh `Chef <https://www.chef.io/chef/>`__ atau `Puppet <https://"
"puppetlabs.com/>`__, atau bahkan image sistem file lengkap yang ditulis "
"langsung ke disk."
msgid ""
"We recommend you disable filters that parse things that are provided by "
"users or are able to be manipulated such as metadata."
msgstr ""
"Sebaiknya Anda menonaktifkan filter yang mengurai hal-hal yang disediakan "
"oleh pengguna atau dapat dimanipulasi seperti metadata."
msgid ""
"We selected these security domains because they can be mapped independently "
"or combined to represent the majority of the possible areas of trust within "
"a given OpenStack deployment. For example, some deployment topologies may "
"consist of a combination of guest and data domains onto one physical network "
"while other topologies have these domains separated. In each case, the cloud "
"operator should be aware of the appropriate security concerns. Security "
"domains should be mapped out against your specific OpenStack deployment "
"topology. The domains and their trust requirements depend upon whether the "
"cloud instance is public, private, or hybrid."
msgstr ""
"Kami memilih domain keamanan ini karena dapat dipetakan secara independen "
"atau digabungkan untuk mewakili sebagian besar wilayah kepercayaan yang "
"mungkin ada dalam penerapan OpenStack yang diberikan. Misalnya, beberapa "
"topologi penerapan mungkin terdiri dari kombinasi domain tamu dan data ke "
"satu jaringan fisik sementara topologi lain memisahkan domain ini. Dalam "
"setiap kasus, operator awan harus menyadari masalah keamanan yang sesuai. "
"Domain keamanan harus dipetakan berdasarkan topologi penyebaran OpenStack "
"spesifik Anda. Domain dan persyaratan kepercayaan mereka bergantung pada "
"apakah instance awan bersifat publik, pribadi, atau hibrida."
msgid ""
"We strongly recommend deploying dashboard to a *second-level domain*, such "
"as ``https://example.com``, rather than deploying dashboard on a *shared "
"subdomain* of any level, for example ``https://openstack.example.org`` or "
"``https://horizon.openstack.example.org``. We also advise against deploying "
"to bare internal domains like ``https://horizon/``. These recommendations "
"are based on the limitations of browser same-origin-policy."
msgstr ""
"Kami sangat menyarankan untuk menerapkan dasbor ke *second-level domain*, "
"seperti ``https://example.com``, daripada menerapkan dasbor di *shared "
"subdomain* dari tingkat mana pun, misalnya ``https://openstack.example.org`` "
"atau ``https://horizon.openstack.example.org``. Kami juga menyarankan untuk "
"tidak menerapkan domain internal yang kosong seperti ``https://horizon/``. "
"Rekomendasi ini didasarkan pada keterbatasan browser same-origin-policy."
msgid "We strongly recommend:"
msgstr "Kami sangat menyarankan:"
msgid ""
"We suggest that cloud administrators use this table as a model to help "
"define which actions to take for the various security levels. For example, a "
"critical-level security update might require the cloud to be upgraded "
"quickly whereas a low-level update might take longer to be completed."
msgstr ""
"Kami menyarankan agar administrator awan menggunakan tabel ini sebagai model "
"untuk membantu menentukan tindakan mana yang harus dilakukan untuk berbagai "
"tingkat keamanan. Misalnya, pembaruan keamanan tingkat kritis mungkin "
"memerlukan awan untuk ditingkatkan dengan cepat sedangkan pembaruan tingkat "
"rendah mungkin memerlukan waktu lebih lama untuk diselesaikan."
msgid ""
"What about high availability or load balanced deployments that need to "
"inspect traffic? The previous deployment model (:ref:`secure-communication-"
"proxy-on-same-physical-hosts-as-api-endpoints`) would not allow for deep "
"packet inspection since the traffic is encrypted. If the traffic only needs "
"to be inspected for basic routing purposes, it might not be necessary for "
"the load balancer to have access to the unencrypted traffic. HAProxy has the "
"ability to extract the SSL/TLS session ID during the handshake, which can "
"then be used to achieve session affinity ( `session ID configuration details "
"here <http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-"
"session-id/>`_ ). HAProxy can also use the TLS Server Name Indication (SNI) "
"extension to determine where traffic should be routed to ( `SNI "
"configuration details here <http://blog.exceliance.fr/2012/04/13/enhanced-"
"ssl-load-balancing-with-server-name-indication-sni-tls-extension/>`_ ). "
"These features likely cover some of the most common load balancer needs. "
"HAProxy would be able to just pass the HTTPS traffic straight through to the "
"API endpoint systems in this case:"
msgstr ""
"Bagaimana dengan ketersediaan tinggi atau penerapan seimbang yang perlu "
"untuk memeriksa lalu lintas? Model penyebaran sebelumnya (:ref: `secure-"
"communication-proxy-on-same-physical-hosts-as-api-endpoints`) tidak akan "
"mengizinkan pemeriksaan paket dalam karena lalu lintas dienkripsi. Jika lalu "
"lintas hanya perlu diperiksa untuk keperluan perutean dasar, mungkin tidak "
"perlu penyeimbang beban untuk mendapatkan akses ke lalu lintas yang tidak "
"dienkripsi. HAProxy memiliki kemampuan untuk mengekstrakSSL/TLS session ID "
"selama handshake, yang kemudian dapat digunakan untuk mencapai afinitas "
"(`session ID configuration details here <http://blog.exceliance."
"fr/2011/07/04/maintain -affinity-based-on-ssl-session-id /> `_). HAProxy "
"juga dapat menggunakan ekstensi TLS Server Name Indication (SNI) untuk "
"menentukan lalu lintas yang harus diarahkan ke ( `SNI configuration details "
"here <http://blog.exceliance.fr/2012/04/13/enhanced-ssl-load- menyeimbangkan-"
"dengan-server-name-indication-sni-tls-extension /> `_). Fitur ini "
"kemungkinan mencakup beberapa penyeimbang beban yang paling umum. HAProxy "
"hanya bisa melewati lalu lintas HTTPS langsung ke sistem endpoint API dalam "
"kasus ini:"
msgid "What assets are at risk"
msgstr "Aset apa yang berisiko"
msgid "What if I don't want to use Barbican?"
msgstr "Bagaimana jika saya tidak ingin menggunakan Barbican?"
msgid ""
"What if you want cryptographic separation of your external and internal "
"environments? A public cloud provider would likely want their public facing "
"services (or proxies) to use certificates that are issued by a CA that "
"chains up to a trusted Root CA that is distributed in popular web browser "
"software for SSL/TLS. For the internal services, one might want to instead "
"use their own PKI to issue certificates for SSL/TLS. This cryptographic "
"separation can be accomplished by terminating SSL at the network boundary, "
"then re-encrypting using the internally issued certificates. The traffic "
"will be unencrypted for a brief period on the public facing SSL/TLS proxy, "
"but it will never be transmitted over the network in the clear. The same re-"
"encryption approach that is used to achieve cryptographic separation can "
"also be used if deep packet inspection is really needed on a load balancer. "
"Here is what this deployment model would look like:"
msgstr ""
"Bagaimana jika Anda ingin pemisahan kriptografi lingkungan eksternal dan "
"internal Anda? Penyedia awan publik mungkin menginginkan agar publik mereka "
"menghadapi layanan (atau proxy) untuk menggunakan sertifikat yang "
"dikeluarkan oleh CA yang mengarah ke Root CA tepercaya yang didistribusikan "
"di perangkat lunak browser web populer untuk SSL/TLS. Untuk layanan "
"internal, orang mungkin ingin menggunakan PKI mereka sendiri untuk "
"menerbitkan sertifikat SSL/TLS. Pemisahan kriptografi ini dapat dilakukan "
"dengan menghentikan SSL pada batas jaringan, kemudian mengenkripsi ulang "
"menggunakan sertifikat yang dikeluarkan secara internal. Lalu lintas tidak "
"akan dienkripsi untuk periode singkat di hadapan publik yang menghadap proxy "
"SSL/TLS, namun tidak akan pernah ditransmisikan melalui jaringan secara "
"jelas. Pendekatan enkripsi ulang yang sama yang digunakan untuk mencapai "
"pemisahan kriptografi juga dapat digunakan jika inspeksi paket dalam benar-"
"benar dibutuhkan pada penyeimbang beban. Inilah model penggelaran ini yang "
"akan terlihat:"
msgid "What is measured"
msgstr "What is measured"
msgid "What is the recommended way to securely store secrets in OpenStack?"
msgstr ""
"Apa cara yang disarankan untuk menyimpan rahasia di OpenStack secara aman?"
msgid ""
"When a share is just created there are no default access rules associated "
"with it and permission to mount it. This could be seen in mounting config "
"for export protocol in use. For example, there is an NFS command "
"``exportfs`` or ``/etc/exports`` file on the storage which controls each "
"remote share and defines hosts that can access it. It is empty if nobody can "
"mount a share. For a remote CIFS server there is ``net conf list`` command "
"which shows the configuration. ``hosts deny`` parameter should be set by the "
"share driver to ``0.0.0.0/0`` which means that any host is denied to mount "
"the share."
msgstr ""
"Saat share dibuat, tidak ada aturan akses default yang terkait dengannya dan "
"izin untuk mounting. Ini bisa dilihat pada konfigurasi mounting untuk "
"protokol ekspor yang digunakan. Misalnya, ada file perintah NFS ``exportfs`` "
"atau ``/etc/exports`` pada penyimpanan yang mengontrol setiap remote share "
"dan mendefinisikan host yang dapat mengaksesnya. Ini kosong jika tidak ada "
"yang bisa me-mount share. Untuk server CIFS remote terdapat perintah ``net "
"conf list`` yang menunjukkan konfigurasi. Parameter ``hosts deny`` harus "
"ditetapkan oleh share driver ke ``0.0.0.0/0`` yang berarti bahwa setiap host "
"ditolak untuk me-mount share."
msgid ""
"When addressing compliance, you can increase efficiency and reduce work "
"effort by identifying common areas and criteria that apply across multiple "
"certifications. Much of the audit principles and guidelines discussed in "
"this book will assist in identifying these controls, additionally a number "
"of external entities provide comprehensive lists. The following are some "
"examples:"
msgstr ""
"Saat menangani kepatuhan, Anda dapat meningkatkan efisiensi dan mengurangi "
"upaya kerja dengan mengidentifikasi area umum dan kriteria yang berlaku di "
"beberapa sertifikasi. Sebagian besar prinsip dan pedoman audit yang dibahas "
"dalam buku ini akan membantu mengidentifikasi kontrol ini, dan tambahan "
"sejumlah entitas eksternal menyediakan daftar komprehensif. Berikut adalah "
"beberapa contohnya:"
msgid ""
"When auditing an OpenStack cloud it is important to appreciate the multi-"
"tenant environment inherent in the OpenStack architecture. Some critical "
"areas for concern include data disposal, hypervisor security, node "
"hardening, and authentication mechanisms."
msgstr ""
"Saat mengaudit awan OpenStack, penting untuk menghargai lingkungan multi-"
"tenant yang melekat dalam arsitektur OpenStack. Beberapa area penting yang "
"perlu diperhatikan meliputi pembuangan data, keamanan hypervisor, pengerasan "
"simpul (node hardening), dan mekanisme otentikasi."
msgid ""
"When building an OpenStack cloud it is strongly recommended to approach your "
"design and implementation with a configuration management tool or framework "
"in mind. Configuration management allows you to avoid the many pitfalls "
"inherent in building, managing, and maintaining an infrastructure as complex "
"as OpenStack. By producing the manifests, cookbooks, or templates required "
"for a configuration management utility, you are able to satisfy a number of "
"documentation and regulatory reporting requirements. Further, configuration "
"management can also function as part of your business continuity plan (BCP) "
"and data recovery (DR) plans wherein you can rebuild a node or service back "
"to a known state in a DR event or given a compromise."
msgstr ""
"Saat membangun awan OpenStack, sangat disarankan untuk mendekati desain dan "
"implementasi Anda dengan alat manajemen konfigurasi atau kerangka kerja. "
"Manajemen konfigurasi memungkinkan Anda menghindari banyak jebakan yang "
"melekat dalam membangun, mengelola, dan memelihara infrastruktur sekompleks "
"OpenStack. Dengan memproduksi manifes, buku masak, atau templat yang "
"diperlukan untuk utilitas pengelolaan konfigurasi, Anda dapat memenuhi "
"sejumlah persyaratan pelaporan dokumentasi dan peraturan. Selanjutnya, "
"manajemen konfigurasi juga dapat berfungsi sebagai bagian dari business "
"continuity plan (BCP) dan perencanaan data recovery (DR) Anda di mana Anda "
"dapat membangun kembali node atau layanan mundur (service back) ke keadaan "
"yang sudah diketahui dalam kejadian DR atau bahaya yang ada."
msgid ""
"When creating custom topologies for network access it can be necessary to "
"allow non-root users the ability to run the proxy commands. For these "
"situations the oslo rootwrap package is used to provide a facility for non-"
"root users to run privileged commands. This configuration requires the user "
"associated with the data processing controller application to be in the "
"sudoers list and for the option to be enabled in the configuration file. "
"Optionally, an alternative rootwrap command can be provided."
msgstr ""
"Saat membuat topologi kustom untuk akses jaringan, diperlukan kemampuan "
"pengguna non-root untuk menjalankan perintah proxy. Untuk situasi ini, paket "
"rootwrap oslo digunakan untuk menyediakan fasilitas bagi pengguna non-root "
"untuk menjalankan privileged commands. Konfigurasi ini memerlukan pengguna "
"yang terkait dengan aplikasi pengontrol pengolah data agar berada dalam "
"daftar sudoers dan untuk opsi yang akan diaktifkan pada file konfigurasi. "
"Secara opsional, sebuah perintah rootwrap alternatif dapat diberikan."
msgid ""
"When enabling the operating system, OpenStack Volume Encryption performance "
"can be enhanced by using the hardware acceleration features currently "
"available in both Intel and AMD processors. Both the OpenStack Volume "
"Encryption feature and the OpenStack Ephemeral Disk Encryption feature use "
"``dm-crypt`` to secure volume data. ``dm-crypt`` is a transparent disk "
"encryption capability in Linux kernel versions 2.6 and later. When the "
"Volume Encryption is enabled, encrypted data is sent over iSCSI to Block "
"Storage, securing data in transit and data at rest simultaneously. When "
"using hardware acceleration, the performance impact of both of the "
"encryption features is minimized."
msgstr ""
"Saat mengaktifkan sistem operasi, kinerja OpenStack Volume Encryption dapat "
"ditingkatkan dengan menggunakan fitur akselerasi perangkat keras yang saat "
"ini tersedia di prosesor Intel dan AMD. Baik fitur OpenStack Volume "
"Encryption dan fitur OpenStack Ephemeral Disk Encryption menggunakan ``dm-"
"crypt`` untuk mengamankan data volume. ``dm-crypt`` adalah kemampuan "
"enkripsi disk transparan di kernel Linux versi 2.6 dan yang lebih baru. "
"Ketika Volume Encryption diaktifkan, data terenkripsi dikirim melalui iSCSI "
"ke Block Storage, mengamankan data dalam transit dan data saat istirahat "
"bersamaan. Saat menggunakan akselerasi perangkat keras, dampak kinerja kedua "
"fitur enkripsi diminimalkan."
msgid ""
"When evaluating base hypervisor technologies, consider if the hypervisor has "
"been certified against FIPS 140-2. Not only is conformance against FIPS "
"140-2 mandated per U.S. Government policy, formal certification indicates "
"that a given implementation of a cryptographic algorithm has been reviewed "
"for conformance against module specification, cryptographic module ports and "
"interfaces; roles, services, and authentication; finite state model; "
"physical security; operational environment; cryptographic key management; "
"electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-"
"tests; design assurance; and mitigation of other attacks."
msgstr ""
"Saat mengevaluasi teknologi hypervisor dasar, pertimbangkan apakah "
"hypervisor telah disertifikasi dengan FIPS 140-2. Tidak hanya kesesuaian "
"dengan FIPS 140-2 yang dimandatkan per kebijakan Pemerintah A.S., "
"sertifikasi formal menunjukkan bahwa penerapan algoritma kriptografi "
"tertentu telah ditinjau untuk kesesuaian terhadap spesifikasi modul, port "
"modul kriptografi dan antarmuka; peran, layanan, dan otentikasi; finite "
"state model; keamanan fisik; lingkungan operasional; cryptographic key "
"management; electromagnetic interference/electromagnetic compatibility "
"(EMI / EMC); self-tests; jaminan desain; dan mitigasi serangan lainnya."
msgid ""
"When implementing OpenStack, one of the core decisions is which hypervisor "
"to utilize. We recommend being informed of advisories pertaining to the "
"hypervisor(s) you have chosen. Several common hypervisor security lists are "
"below:"
msgstr ""
"Saat mengimplementasikan OpenStack, salah satu keputusan utamanya adalah "
"hypervisor mana yang akan digunakan. Kami merekomendasikan untuk diberitahu "
"tentang nasihat yang berkaitan dengan hypervisor yang telah Anda pilih. "
"Beberapa daftar keamanan hypervisor yang umum ada di bawah ini:"
msgid ""
"When installing the certificate and key files, ensure that the file "
"permissions are restricted, for example ``chmod 0600``, and the ownership is "
"restricted to the database daemon user to prevent unauthorized access by "
"other processes and users on the database server."
msgstr ""
"Saat menginstal sertifikat dan file kunci, pastikan hak akses file dibatasi, "
"misalnya ``chmod 0600``, dan kepemilikannya dibatasi pada pengguna daemon "
"database untuk mencegah akses yang tidak sah oleh proses dan pengguna lain "
"di server database."
msgid ""
"When provisioning clusters each instance will be given an IP address in the "
"networks provided by the user. The first network is often referred to as the "
"data processing management network and instances can use the fixed IP "
"address assigned by the Networking service for this network. The controller "
"can also be configured to use floating IP addresses for the instances in "
"addition to their fixed address. When communicating with the instances the "
"controller will prefer the floating address if enabled."
msgstr ""
"Saat menentukan cluster masing-masing instance akan diberi alamat IP di "
"jaringan yang disediakan oleh pengguna. Jaringan pertama sering disebut "
"sebagai jaringan manajemen pengolahan data dan instance dapat menggunakan "
"alamat IP tetap yang ditetapkan oleh layanan Networking untuk jaringan ini. "
"Kontroler juga dapat dikonfigurasi untuk menggunakan alamat IP mengambang "
"untuk instance di samping alamat tetap mereka. Saat berkomunikasi dengan "
"instance, controller akan lebih memilih alamat mengambang jika diaktifkan."
msgid ""
"When running a virtual machine, virtual hardware is a software layer that "
"provides the hardware interface for the virtual machine. Instances use this "
"functionality to provide network, storage, video, and other devices that may "
"be needed. With this in mind, most instances in your environment will "
"exclusively use virtual hardware, with a minority that will require direct "
"hardware access. The major open source hypervisors use :term:`QEMU <Quick "
"EMUlator (QEMU)>` for this functionality. While QEMU fills an important need "
"for virtualization platforms, it has proven to be a very challenging "
"software project to write and maintain. Much of the functionality in QEMU is "
"implemented with low-level code that is difficult for most developers to "
"comprehend. The hardware virtualized by QEMU includes many legacy devices "
"that have their own set of quirks. Putting all of this together, QEMU has "
"been the source of many security problems, including hypervisor breakout "
"attacks."
msgstr ""
"Saat menjalankan mesin virtual, perangkat keras virtual adalah lapisan "
"perangkat lunak yang menyediakan antarmuka perangkat keras untuk mesin "
"virtual. Instance menggunakan fungsi ini untuk menyediakan jaringan, "
"penyimpanan, video, dan perangkat lain yang mungkin diperlukan. Dengan "
"pemikiran ini, sebagian besar Instance di lingkungan Anda secara eksklusif "
"akan menggunakan perangkat keras virtual, dengan minoritas yang memerlukan "
"akses perangkat keras langsung. Penggunaan hypervisor utama open source :"
"term: `QEMU <Quick EMUlator (QEMU)>` untuk fungsi ini. Sementara QEMU "
"memenuhi kebutuhan penting akan platform virtualisasi, namun terbukti "
"menjadi proyek perangkat lunak yang sangat menantang untuk ditulis dan "
"dipelihara. Sebagian besar fungsi di QEMU diimplementasikan dengan kode "
"tingkat rendah yang sulit dipahami oleh sebagian besar pengembang. Perangkat "
"keras yang di virtualisasi oleh QEMU mencakup banyak perangkat lawas yang "
"memiliki kebiasaan mereka sendiri. Menempatkan semua ini bersama-sama, QEMU "
"telah menjadi sumber banyak masalah keamanan, termasuk serangan pembobolan "
"hypervisor."
msgid ""
"When scoping OpenStack deployments for compliance purposes, prioritize "
"controls around sensitive services, such as command and control functions "
"and the base virtualization technology. Compromises of these facilities may "
"impact an OpenStack environment in its entirety."
msgstr ""
"Saat menentukan lingkup penerapan OpenStack untuk tujuan kepatuhan, "
"memprioritaskan kontrol di sekitar layanan sensitif, seperti fungsi perintah "
"dan kontrol dan teknologi virtualisasi dasar. Kompromi fasilitas ini dapat "
"mempengaruhi lingkungan OpenStack secara keseluruhan."
msgid ""
"When using :term:`Nginx`, we recommend `gunicorn <http://docs.gunicorn.org/"
"en/latest/deploy.html>`_ as the WSGI host with an appropriate number of "
"synchronous workers. When using Apache, we recommend ``mod_wsgi`` to host "
"the dashboard."
msgstr ""
"Ketika menggunakan :term:`Nginx`, we recommend `gunicorn <http://docs."
"gunicorn.org/en/latest/deploy.html>`_ sebagai WSGI host dengan jumlah "
"pekerja sinkron yang sesuai. Bila menggunakan Apache, sebaiknya ``mod_wsgi`` "
"untuk meng-host dasbor."
msgid ""
"When using LVM backed ephemeral storage, which is block-based, it is "
"necessary that the OpenStack Compute software securely erases blocks to "
"prevent information disclosure. There have in the past been information "
"disclosure vulnerabilities related to improperly erased ephemeral block "
"storage devices."
msgstr ""
"Bila menggunakan penyimpanan sementara yang didukung LVM, yang berbasis "
"blok, perlu perangkat lunak OpenStack Compute menghapus blokir dengan aman "
"untuk mencegah pengungkapan informasi. Sebelumnya ada kerentanan "
"pengungkapan informasi terkait dengan perangkat penyimpan blok sementara "
"yang terhapus secara tidak benar."
msgid ""
"When using ZeroMQ messaging, each host must run at least one ZeroMQ message "
"receiver to receive messages from the network and forward messages to local "
"processes through IPC. It is possible and advisable to run an independent "
"message receiver per project within an IPC namespace, along with other "
"services within the same project."
msgstr ""
"Saat menggunakan pesan ZeroMQ, setiap host harus menjalankan setidaknya satu "
"penerima pesan ZeroMQ untuk menerima pesan dari jaringan dan meneruskan "
"pesan ke proses lokal melalui IPC. Adalah mungkin dan disarankan untuk "
"menjalankan penerima pesan independen per proyek dalam ruang nama IPC, "
"bersama dengan layanan lainnya dalam proyek yang sama."
msgid ""
"When using ZeroMQ messaging, each project should run a separate ZeroMQ "
"receiver process on a port dedicated to services belonging to that project. "
"This is equivalent to the AMQP concept of control exchanges."
msgstr ""
"Saat menggunakan pesan ZeroMQ, setiap proyek harus menjalankan proses "
"penerima ZeroMQ terpisah di port yang didedikasikan untuk layanan yang "
"termasuk dalam proyek itu. Ini setara dengan konsep AMQP tentang pertukaran "
"kontrol."
msgid ""
"When using flat networking, you cannot assume that projects which share the "
"same layer 2 network (or broadcast domain) are fully isolated from each "
"other. These projects may be vulnerable to ARP spoofing, risking the "
"possibility of man-in-the-middle attacks."
msgstr ""
"Saat menggunakan jaringan flat (datar), Anda tidak dapat mengasumsikan bahwa "
"proyek yang berbagi layer 2 network yang sama (atau broadcast domain) "
"sepenuhnya terisolasi satu sama lain. Proyek ini mungkin rentan terhadap "
"spoofing ARP, mempertaruhkan kemungkinan serangan man-in-the-middle."
msgid ""
"When using the Networking service, we recommend that you enable security "
"groups in this service and disable it in the Compute service."
msgstr ""
"Saat menggunakan layanan Networking, sebaiknya Anda mengaktifkan grup "
"keamanan di layanan ini dan menonaktifkannya di layanan Compute."
msgid ""
"When using the Object Storage service in conjunction with data processing it "
"is necessary to add credentials for the store access. With proxy domains the "
"Data processing service can instead use a delegated trust from the Identity "
"service to allow store access via a temporary user created in the domain. "
"For this delegation mechanism to work the Data processing service must be "
"configured to use proxy domains and the operator must configure an identity "
"domain for the proxy users."
msgstr ""
"Saat menggunakan layanan Object Storage bersamaan dengan pemrosesan data, "
"perlu menambahkan kredensial untuk akses store. Dengan domain proxy, layanan "
"pemrosesan Data dapat menggunakan kepercayaan yang didelegasikan dari "
"layanan Identitas untuk memungkinkan akses store melalui pengguna sementara "
"yang dibuat di domain. Untuk mekanisme pendelegasian ini bekerja layanan, "
"pengolah data harus dikonfigurasi menggunakan domain proxy dan operator "
"harus mengkonfigurasi domain identitas untuk pengguna proxy."
msgid ""
"When using the OpenStack Compute API to modify security groups, the updated "
"security group applies to all virtual interface ports on an instance. This "
"is due to the OpenStack Compute security group APIs being instance-based "
"rather than port-based, as found in OpenStack Networking."
msgstr ""
"Saat menggunakan OpenStack Compute API untuk memodifikasi grup keamanan, "
"grup keamanan yang diperbarui berlaku untuk semua port antarmuka virtual "
"pada sebuah instance. Hal ini disebabkan API grup keamanan OpenStack Compute "
"yang berbasis instance daripada berbasis port, seperti yang ditemukan di "
"OpenStack Networking."
msgid ""
"When you are using TLS 1.2 and control both the clients and the server, the "
"cipher suite should be limited to ``ECDHE-ECDSA-AES256-GCM-SHA384``. In "
"circumstances where you do not control both endpoints and are using TLS 1.1 "
"or 1.2 the more general ``HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!"
"CAMELLIA`` is a reasonable cipher selection."
msgstr ""
"Bila Anda menggunakan TLS 1.2 dan mengendalikan klien dan server, suite "
"cipher harus dibatasi pada ``ECDHE-ECDSA-AES256-GCM-SHA384``. Dalam keadaan "
"di mana Anda tidak mengendalikan kedua endpoint dan menggunakan TLS 1.1 atau "
"1.2, ``HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!CAMELLIA`` yang lebih "
"umm adalah pilihan cipher yang masuk akal. ."
msgid ""
"When you evaluate a hypervisor platform, consider the supportability of the "
"hardware on which the hypervisor will run. Additionally, consider the "
"additional features available in the hardware and how those features are "
"supported by the hypervisor you chose as part of the OpenStack deployment. "
"To that end, hypervisors each have their own hardware compatibility lists "
"(HCLs). When selecting compatible hardware it is important to know in "
"advance which hardware-based virtualization technologies are important from "
"a security perspective."
msgstr ""
"Saat Anda mengevaluasi platform hypervisor, pertimbangkan dukungan perangkat "
"keras yang digunakan hypervisor. Selain itu, pertimbangkan fitur tambahan "
"yang tersedia di perangkat keras dan bagaimana fitur tersebut didukung oleh "
"hypervisor yang Anda pilih sebagai bagian dari pengerahan OpenStack. Untuk "
"itu, hypervisors masing-masing memiliki hardware compatibility lists (HCLs) "
"mereka sendiri. Saat memilih perangkat keras yang kompatibel, penting untuk "
"mengetahui terlebih dahulu teknologi virtualisasi hardware-based menjadi "
"penting dari perspektif keamanan."
msgid ""
"When you use a user name and password to authenticate, Identity does not "
"enforce policies on password strength, expiration, or failed authentication "
"attempts as recommended by NIST Special Publication 800-118 (draft). "
"Organizations that desire to enforce stronger password policies should "
"consider using Identity extensions or external authentication services."
msgstr ""
"Bila Anda menggunakan nama pengguna dan kata sandi untuk diautentikasi, "
"Identitas tidak memberlakukan kebijakan tentang kekuatan kata sandi, "
"kedaluwarsa, atau upaya otentikasi yang gagal seperti yang direkomendasikan "
"oleh NIST Special Publication 800-118 (draf). Organisasi yang ingin "
"menerapkan kebijakan kata sandi yang lebih kuat harus mempertimbangkan untuk "
"menggunakan ekstensi Identitas atau layanan otentikasi eksternal."
msgid ""
"Whenever a policy or configuration management is changed, it is good "
"practice to log the activity, and backup a copy of the new set. Often, such "
"policies and configurations are stored in a version controlled repository "
"such as Git."
msgstr ""
"Kapan pun kebijakan atau manajemen konfigurasi diubah, ada baiknya melakukan "
"log aktivitas, dan membuat cadangan salinan dari kumpulan yang baru. "
"Seringkali, kebijakan dan konfigurasi seperti itu disimpan dalam repositori "
"yang dikendalikan oleh versi seperti Git."
msgid ""
"Whenever an API call to the Shared File Systems service is made, the policy "
"engine uses the appropriate policy definitions to determine if the call can "
"be accepted."
msgstr ""
"Setiap kali API memanggil layanan Shared File Systems, mesin kebijakan "
"menggunakan definisi kebijakan yang tepat untuk menentukan apakah panggilan "
"tersebut dapat diterima."
msgid ""
"Where a rule may specify access to only admin users and users belonging to "
"the tenant, the mapping may be trivial. In other scenarios the cloud "
"administrator may need to approve the mapping routines per tenant."
msgstr ""
"Bila suatu aturan menentukan akses hanya kepada pengguna admin dan pengguna "
"milik tenant, pemetaan mungkin sepele. Dalam skenario lain, administrator "
"awan mungkin perlu menyetujui rutinitas pemetaan per tenant."
msgid "Where data is persisted"
msgstr "Dimana data terus berlanjut"
msgid ""
"Where the end entity certificates and certificate revocation lists are "
"stored and looked up - sometimes referred to as the *certificate bundle*."
msgstr ""
"Dimana sertifikat entitas akhir dan daftar pencabutan sertifikat disimpan "
"dan diperbaiki (looked up) - kadang-kadang disebut sebagai *certificate "
"bundle*."
msgid ""
"Whether OpenStack is deployed within private data centers or as a public "
"cloud service, the underlying virtualization technology provides enterprise-"
"level capabilities in the realms of scalability, resource efficiency, and "
"uptime. While such high-level benefits are generally available across many "
"OpenStack-supported hypervisor technologies, there are significant "
"differences in the security architecture and features for each hypervisor, "
"particularly when considering the security threat vectors which are unique "
"to elastic OpenStack environments. As applications consolidate into single :"
"term:`Infrastructure-as-a-Service (IaaS)` platforms, instance isolation at "
"the hypervisor level becomes paramount. The requirement for secure isolation "
"holds true across commercial, government, and military communities."
msgstr ""
"Apakah OpenStack ditempatkan di dalam pusat data pribadi atau sebagai "
"layanan awan publik, teknologi virtualisasi yang mendasarinya memberikan "
"kemampuan tingkat perusahaan di ranah skalabilitas, efisiensi sumber daya, "
"dan waktu operasional. Meskipun manfaat tingkat tinggi seperti itu umumnya "
"tersedia di banyak teknologi hypervisor yang didukung OpenStack, ada "
"perbedaan signifikan dalam arsitektur keamanan dan fitur untuk setiap "
"hypervisor, terutama saat mempertimbangkan vektor ancaman keamanan yang unik "
"untuk lingkungan OpenStack elastis. Sebagai aplikasi mengkonsolidasikan "
"menjadi single platform :term: `Infrastructure-as-a-Service (IaaS)`, isolasi "
"instance pada tingkat hypervisor menjadi yang terpenting. Persyaratan untuk "
"isolasi yang aman berlaku di komunitas komersial, pemerintah, dan militer."
msgid ""
"While OpenStack has a bare metal project, a discussion of the particular "
"security implications of running bare metal is beyond the scope of this book."
msgstr ""
"Sementara OpenStack memiliki proyek bare metal, sebuah diskusi tentang "
"implikasi keamanan tertentu dari menjalankan bare metal berada di luar "
"cakupan buku ini."
msgid ""
"While creating a security service, you can select one of these "
"authentication services:"
msgstr ""
"Saat membuat layanan keamanan, Anda dapat memilih salah satu dari layanan "
"otentikasi ini:"
msgid ""
"While in operation, the kernel software and data are protected by the "
"hardware memory protection mechanisms. The memory and process management "
"components of the kernel ensure a user process cannot access kernel storage "
"or storage belonging to other processes. Non-kernel TSF software and data "
"are protected by DAC and process isolation mechanisms. In the evaluated "
"configuration, the reserved user ID root owns the directories and files that "
"define the TSF configuration. In general, files and directories containing "
"internal TSF data, such as configuration files and batch job queues, are "
"also protected from reading by DAC permissions. The system and the hardware "
"and firmware components are required to be physically protected from "
"unauthorized access. The system kernel mediates all access to the hardware "
"mechanisms themselves, other than program visible CPU instruction functions. "
"In addition, mechanisms for protection against stack overflow attacks are "
"provided."
msgstr ""
"Saat beroperasi, perangkat lunak dan data kernel dilindungi oleh mekanisme "
"proteksi memori perangkat keras. Komponen manajemen memori dan proses dari "
"kernel memastikan proses pengguna tidak dapat mengakses penyimpanan atau "
"penyimpanan kernel yang termasuk dalam proses lainnya. Perangkat lunak dan "
"data non-kernel TSF dilindungi oleh DAC dan mekanisme isolasi proses. Dalam "
"konfigurasi yang dievaluasi, reserved user ID root memiliki direktori dan "
"file yang menentukan konfigurasi TSF. Secara umum, file dan direktori yang "
"berisi data TSF internal, seperti file konfigurasi dan batch job queues, "
"juga dilindungi dari pembacaan oleh izin DAC. Sistem dan komponen perangkat "
"keras dan firmware diharuskan dilindungi secara fisik dari akses yang tidak "
"sah. Kernel sistem memediasi semua akses ke mekanisme perangkat keras itu "
"sendiri, selain fungsi instruksi CPU yang terlihat. Selain itu, mekanisme "
"perlindungan terhadap serangan stack overflow disediakan."
msgid ""
"While many hypervisor vendors, such as Red Hat, Microsoft, and VMware have "
"achieved Common Criteria Certification their underlying certified feature "
"set differs, we recommend evaluating vendor claims to ensure they minimally "
"satisfy the following requirements:"
msgstr ""
"Sementara banyak vendor hypervisor, seperti Red Hat, Microsoft, dan VMware "
"telah mencapai Common Criteria Certification, rangkaian penilaian "
"tersertifikasi yang mendasarinya berbeda, kami merekomendasikan untuk "
"mengevaluasi klaim vendor untuk memastikan mereka memenuhi persyaratan "
"sebagai berikut:"
msgid ""
"While utilizing TLS during the PXE boot process is somewhat more "
"challenging, common PXE firmware projects, such as iPXE, provide this "
"support. Typically this involves building the PXE firmware with knowledge of "
"the allowed TLS certificate chain(s) so that it can properly validate the "
"server certificate. This raises the bar for an attacker by limiting the "
"number of insecure, plain text network operations."
msgstr ""
"Saat menggunakan TLS selama proses boot PXE agak lebih menantang, proyek "
"firmware PXE yang umum, seperti iPXE, memberikan dukungan ini. Biasanya ini "
"melibatkan pembuatan firmware PXE dengan pengetahuan tentang rantai "
"sertifikat TLS yang diizinkan sehingga dapat memvalidasi sertifikat server "
"dengan benar. Ini memunculkan halangan untuk penyerang dengan membatasi "
"jumlah operasi jaringan teks biasa yang tidak aman."
msgid ""
"Whilst this chapter is currently sparse on specific guidance, it is expected "
"that standard hardening practices will be followed. This section will be "
"expanded with relevant information."
msgstr ""
"Sementara bab ini saat ini jarang dilakukan pada panduan spesifik, "
"diharapkan praktik pengerasan standar akan diikuti. Bagian ini akan "
"diperluas dengan informasi yang relevan."
msgid "Why and how we wrote this book"
msgstr "Mengapa dan bagaimana kita menulis buku ini"
msgid "Why should I use Barbican?"
msgstr "Mengapa saya harus menggunakan Barbican?"
msgid "Why use Federated Identity?"
msgstr "Mengapa menggunakanFederated Identity?"
msgid ""
"With :ref:`check_image_01`, and permissions set to 640, root has read/write "
"access and glance has read access to these configuration files. The access "
"rights can also be validated using the following command. This command will "
"only be available on your system if it supports ACLs."
msgstr ""
"Dengan :ref:`check_image_01`, dan hak akses diatur ke 640, root telah "
"membaca/menulis akses dan glance telah membaca akses ke file konfigurasi "
"ini. Hak akses juga bisa divalidasi dengan menggunakan perintah berikut. "
"Perintah ini hanya akan tersedia di sistem Anda jika mendukung ACL."
msgid ""
"With :ref:`check_key_mgr_01` and permissions set to 640, root has read/write "
"access and barbican has read access to these configuration files. The access "
"rights can also be validated using the following command. This command will "
"only be available on your system if it supports ACLs."
msgstr ""
"Dengan :ref:`check_key_mgr_01` dan hak akses diatur ke 640, root telah "
"membaca / menulis akses dan barbican telah membaca akses ke file konfigurasi "
"ini. Hak akses juga dapat divalidasi dengan menggunakan perintah berikut. "
"Perintah ini hanya akan tersedia di sistem Anda jika mendukung ACL."
msgid ""
"With ZeroMQ messaging, IPC sockets are used on individual machines. Because "
"these sockets are vulnerable to attack, ensure that the cloud operator has "
"secured them."
msgstr ""
"Dengan pesan ZeroMQ, soket IPC digunakan pada mesin individual. Karena soket "
"ini rentan diserang, pastikan operator awan telah mengamankan mereka."
msgid ""
"With a Key Manager service deployed on the stack, sahara must be configured "
"to enable the external storage of secrets. Sahara uses the Castellan library "
"to interface with the OpenStack Key Manager service. This library provides "
"configurable access to a key manager."
msgstr ""
"Dengan layanan Key Manager yang ditempatkan di stack, sahara harus "
"dikonfigurasi untuk memungkinkan penyimpanan rahasia eksternal. Sahara "
"menggunakan perpustakaan Castellan untuk berinteraksi dengan layanan "
"OpenStack Key Manager. Perpustakaan ini menyediakan akses yang dapat "
"dikonfigurasi ke manajer kunci."
msgid ""
"With careful modeling, you can use network ACLs and IDS technologies to "
"enforce explicit point to point communication between network services. As a "
"critical cross domain service, this type of explicit enforcement works well "
"for OpenStack's message queue service."
msgstr ""
"Dengan pemodelan yang cermat, Anda dapat menggunakan teknologi ACL dan IDS "
"jaringan untuk menerapkan komunikasi point to talk secara eksplisit antara "
"layanan jaringan. Sebagai layanan lintas domain yang kritis, jenis penegakan "
"eksplisit ini bekerja dengan baik untuk layanan antrian pesan OpenStack."
msgid ""
"With drivers that support NFS protocol authentication via IP address is the "
"only supported option."
msgstr ""
"Dengan driver yang mendukung otentikasi protokol NFS melalui alamat IP "
"adalah satu-satunya opsi yang didukung."
msgid ""
"With the Key management service, when an ephemeral disk is no longer needed, "
"simply deleting the key may take the place of overwriting the ephemeral disk "
"storage area"
msgstr ""
"Dengan layanan manajemen Key, ketika disk fana tidak lagi dibutuhkan, cukup "
"hapus kunci yang mungkin menggantikan penimpaan area penyimpanan disk "
"sementara"
msgid ""
"With unique kernel-level architecture and National Security Agency (NSA) "
"developed security mechanisms, KVM provides foundational isolation "
"technologies for multi-tenancy. With developmental origins dating back to "
"2002, the Secure Virtualization (sVirt) technology is the application of "
"SELinux against modern day virtualization. SELinux, which was designed to "
"apply separation control based upon labels, has been extended to provide "
"isolation between virtual machine processes, devices, data files and system "
"processes acting upon their behalf."
msgstr ""
"Dengan arsitektur kernel-level yang unik dan National Security Agency (NSA) "
"mengembangkan mekanisme keamanan, KVM menyediakan teknologi isolasi fondasi "
"untuk multi-tenancy. Dengan asal mula perkembangan sejak tahun 2002, "
"teknologi Secure Virtualization (sVirt) adalah aplikasi SELinux melawan "
"virtualisasi modern. SELinux, yang dirancang untuk menerapkan kontrol "
"pemisahan berdasarkan label, telah diperluas untuk memberikan isolasi antara "
"proses mesin virtual, perangkat, file data dan proses sistem yang bertindak "
"atas nama mereka."
msgid ""
"Within OpenStack some data may be deleted, but not securely erased in the "
"context of the NIST standards outlined above. This is generally applicable "
"to most or all of the above-defined metadata and information stored in the "
"database. This may be remediated with database and/or system configuration "
"for auto vacuuming and periodic free-space wiping."
msgstr ""
"Dalam OpenStack beberapa data dapat dihapus, namun tidak dicabut dengan aman "
"dalam konteks standar NIST yang diuraikan di atas. Hal ini umumnya berlaku "
"untuk sebagian besar atau semua metadata dan informasi yang didefinisikan di "
"atas yang tersimpan dalam database. Hal ini dapat diperbaiki dengan "
"konfigurasi sistem dan/atau database untuk vacuuming secara otomatis dan "
"wiping (pembersihan) ruang bebas secara periodik."
msgid ""
"Within OpenStack, it is recommended that all endpoints, especially public, "
"are provided with an extra layer of protection, by means of either a rate-"
"limiting proxy or web application firewall."
msgstr ""
"Dalam OpenStack, disarankan agar semua endpoint, terutama publik, dilengkapi "
"dengan lapisan perlindungan ekstra, dengan menggunakan proxy rate-limiting "
"atau firewall aplikasi web."
msgid ""
"Within OpenStack, there are two solutions recommended for secrets managment, "
"those being `Barbican <https://docs.openstack.org/barbican/latest/>`_ and "
"`Castellan <https://docs.openstack.org/castellan/latest/>`_. This chapter "
"will outline different scenarios to help an operator make a choice on which "
"key manager to use."
msgstr ""
"Dalam OpenStack, ada dua solusi yang direkomendasikan untuk manajemen "
"rahasia, keberadaannya `Barbican <https://docs.openstack.org/barbican/latest/"
">`_ dan `Castellan <https://docs.openstack.org/castellan/latest/>`_. Bab ini "
"akan menjelaskan berbagai skenario untuk membantu operator menentukan "
"pilihan manajer kunci mana yang akan digunakan."
msgid ""
"Within a cloud environment there is a mixture of hardware, operating "
"systems, virtual machine managers, OpenStack services, cloud-user activity "
"(such as creating instances and attaching storage), networking, and end-"
"users using the applications running on the various instances."
msgstr ""
"Dalam lingkungan awan terdapat campuran perangkat keras, sistem operasi, "
"manajer mesin virtual, layanan OpenStack, aktivitas pengguna awan (seperti "
"membuat instance dan penyimpanan terhubung), jaringan, dan pengguna akhir "
"yang menggunakan aplikasi yang berjalan pada berbagai instance."
msgid ""
"Within the OpenStack framework, you can choose among many hypervisor "
"platforms and corresponding OpenStack plug-ins to optimize your cloud "
"environment. In the context of this guide, hypervisor selection "
"considerations are highlighted as they pertain to feature sets that are "
"critical to security. However, these considerations are not meant to be an "
"exhaustive investigation into the pros and cons of particular hypervisors. "
"NIST provides additional guidance in Special Publication 800-125, \"*Guide "
"to Security for Full Virtualization Technologies*\"."
msgstr ""
"Dalam kerangka OpenStack, Anda dapat memilih di antara banyak platform "
"hypervisor dan plug-in OpenStack yang sesuai untuk mengoptimalkan lingkungan "
"awan Anda. Dalam konteks panduan ini, pertimbangan seleksi hypervisor "
"disorot karena berkaitan dengan rangkaian fitur yang sangat penting untuk "
"keamanan. Namun, pertimbangan ini tidak dimaksudkan sebagai penyelidikan "
"menyeluruh terhadap pro dan kontra dari hypervisors tertentu. NIST "
"memberikan panduan tambahan dalam Publikasi Khusus 800-125, \"*Guide to "
"Security for Full Virtualization Technologies*\"."
msgid ""
"Within the ``keystone.conf`` assign values to the ``[saml]`` related fields, "
"for example:"
msgstr ""
"Di dalam ``keystone.conf`` tetapkan nilai ke field terkait ``[saml] ``, "
"misalnya:"
msgid "X"
msgstr "X"
msgid "XEN transparent page sharing"
msgstr "XEN transparent page sharing"
msgid "XSM"
msgstr "XSM"
msgid "Xen"
msgstr "Xen"
msgid ""
"Xen Project, Xen Security Modules: XSM-FLASK. 2014. `http://wiki.xen.org/"
"wiki/Xen_Security_Modules_:_XSM-FLASK <http://wiki.xen.org/wiki/"
"Xen_Security_Modules_:_XSM-FLASK>`_"
msgstr ""
"Xen Project, Xen Security Modules: XSM-FLASK. 2014. `http://wiki.xen.org/"
"wiki/Xen_Security_Modules_:_XSM-FLASK <http://wiki.xen.org/wiki/"
"Xen_Security_Modules_:_XSM-FLASK>`_"
msgid ""
"Xen explicitly assigns dedicated memory regions to instances and scrubs data "
"upon the destruction of instances (or domains in Xen parlance). KVM depends "
"more greatly on Linux page management; A complex set of rules related to KVM "
"paging is defined in the `KVM documentation <http://www.linux-kvm.org/page/"
"Memory>`__."
msgstr ""
"Xen secara eksplisit menetapkan area memori khusus ke instance dan data "
"scrub saat penghancuran instance (atau domain dalam bahasa Xen). KVM sangat "
"bergantung pada pengelolaan halaman Linux; Kumpulan aturan kompleks yang "
"terkait dengan paging KVM didefinisikan dalam `KVM documentation <http://www."
"linux-kvm.org/page/Memory>`__."
msgid "Xen:"
msgstr "Xen:"
msgid ""
"XenServer 5.6 includes a memory overcommitment feature named Transparent "
"Page Sharing (TPS). TPS scans memory in 4 KB chunks for any duplicates. When "
"found, the Xen Virtual Machine Monitor (VMM) discards one of the duplicates "
"and records the reference of the second one."
msgstr ""
"XenServer 5.6 menyertakan fitur overcommitment memori yang bernama "
"Transparent Page Sharing (TPS). TPS memindai memori dalam potongan 4 KB "
"untuk setiap duplikat. Ketika ditemukan, Xen Virtual Machine Monitor (VMM) "
"membuang salah satu duplikat dan mencatat referensi yang kedua."
msgid ""
"You also can choose and add the :ref:`security service "
"<shared_fs_security_services>` that is supported by the share driver to "
"create access rules with authentication methods for clients that are "
"appropriate for your share. Supported security services are LDAP, Kerberos "
"and Microsoft Active Directory."
msgstr ""
"Anda juga bisa memilih dan menambahkan :ref:`security service "
"<shared_fs_security_services>` yang didukung oleh share driver untuk membuat "
"aturan akses dengan metode otentikasi untuk klien yang sesuai untuk share "
"anda. Layanan keamanan yang didukung adalah LDAP, Kerberos dan Microsoft "
"Active Directory."
msgid ""
"You also can configure :ref:`security services "
"<shared_fs_security_services>` in both *share servers* and *no share "
"servers* back-end modes. But with *no share servers* back-end mode, an "
"administrator should set desired authentication services manually on the "
"host. And in *share servers* mode the Shared File Systems service can be "
"configured automatically with any existing security services supported by "
"the share driver."
msgstr ""
"Anda juga dapat mengkonfigurasi :ref:`security services "
"<shared_fs_security_services>` di *share server * maupun *no share server * "
"mode back-end. Tapi dengan *no share servers* mode back-end, administrator "
"harus mengatur layanan otentikasi yang diinginkan secara manual pada host. "
"Dan di mode *share servers*, layanan Shared File Systems dapat dikonfigurasi "
"secara otomatis dengan layanan keamanan yang ada yang didukung oleh driver "
"share."
msgid ""
"You can force some services to use specific API endpoints. Therefore, it is "
"recommended that each OpenStack service communicating to the API of another "
"service must be explicitly configured to access the proper internal API "
"endpoint."
msgstr ""
"Anda dapat memaksa beberapa layanan untuk menggunakan endpoint API yang "
"spesifik. Oleh karena itu, disarankan agar setiap layanan OpenStack "
"berkomunikasi dengan API dari layanan lain harus dikonfigurasi secara "
"eksplisit untuk mengakses endpoint API internal yang benar."
msgid "You must also specify one of these supported authentication methods:"
msgstr ""
"Anda juga harus menentukan salah satu dari metode otentikasi yang didukung "
"ini:"
msgid ""
"You should configure your web service as a non-root (no UID 0) user such as "
"``swift`` mentioned before. The use of a port greater than 1024 is required "
"to make this easy and avoid running any part of the web container as root. "
"Normally, clients using the HTTP REST API and performing authentication "
"automatically retrieve the full REST API URL they require from the "
"authentication response. OpenStack's REST API allows for a client to "
"authenticate to one URL and then be told to use a completely different URL "
"for the actual service. For example, a Client authenticates to https://"
"identity.cloud.example.org:55443/v1/auth and gets a response with their "
"authentication key and Storage URL (the URL of the proxy nodes or load "
"balancer) of https://swift.cloud.example.org:44443/v1/AUTH_8980."
msgstr ""
"Anda harus mengkonfigurasi layanan web Anda sebagai pengguna non-root (no "
"UID 0) seperti ``swift`` yang disebutkan sebelumnya. Penggunaan port yang "
"lebih besar dari 1024 diperlukan untuk mempermudah dan menghindari "
"menjalankan bagian penampung web sebagai root. Biasanya, klien yang "
"menggunakan HTTP REST API dan melakukan autentikasi secara otomatis "
"mengambil full REST API URL yang mereka butuhkan dari respons autentikasi. "
"REST API OpenStack memungkinkan klien mengautentikasi ke satu URL dan "
"kemudian diberi tahu untuk menggunakan URL yang sama sekali berbeda untuk "
"layanan sebenarnya. Misalnya, Klien mengotentikasi https://identity.cloud."
"example.org:55443/v1/auth dan mendapat tanggapan dengan kunci autentikasi "
"dan Storage URL (URL dari nodus proxy atau penyeimbang beban) https: / /"
"swift.click.example.org:44443/v1/AUTH_8980."
msgid ""
"You should isolate API endpoint processes from each other and other "
"processes on a machine. The configuration for those processes should be "
"restricted to those processes not only by Discretionary Access Controls, but "
"through Mandatory Access Controls. The goal of these enhanced access "
"controls is to aid in the containment and escalation of API endpoint "
"security breaches. With mandatory access controls, such breaches severely "
"limit access to resources and provide earlier alerting on such events."
msgstr ""
"Anda harus mengisolasi proses endpoint API satu sama lain dan proses lainnya "
"pada mesin. Konfigurasi untuk proses tersebut harus dibatasi pada proses-"
"proses tersebut tidak hanya oleh Discretionary Access Controls, namun "
"melalui Mandatory Access Control. Tujuan dari kontrol akses yang "
"disempurnakan ini adalah untuk membantu penahanan dan eskalasi pelanggaran "
"keamanan endpoint API. Dengan kontrol akses wajib, pelanggaran tersebut "
"sangat membatasi akses terhadap sumber daya dan memberikan peringatan "
"sebelumnya mengenai kejadian tersebut."
msgid ""
"You should isolate API endpoint processes, especially those that reside "
"within the public security domain should be isolated as much as possible. "
"Where deployments allow, API endpoints should be deployed on separate hosts "
"for increased isolation."
msgstr ""
"Anda harus mengisolasi proses endpoint API, terutama yang berada di dalam "
"domain keamanan publik harus diisolasi sebanyak mungkin. Bila pengerahan "
"memungkinkan, endpoint API harus dipasang di host terpisah untuk peningkatan "
"isolasi."
msgid ""
"You should test any update before you deploy it in a production environment. "
"Typically this requires having a separate test cloud setup that first "
"receives the update. This cloud should be as close to the production cloud "
"as possible, in terms of software and hardware. Updates should be tested "
"thoroughly in terms of performance impact, stability, application impact, "
"and more. Especially important is to verify that the problem theoretically "
"addressed by the update, such as a specific vulnerability, is actually fixed."
msgstr ""
"Anda harus menguji pembaruan sebelum menerapkannya di lingkungan produksi. "
"Biasanya ini memerlukan setup awan uji terpisah yang pertama kali menerima "
"pembaruan. Awan ini harus sedekat mungkin dengan awan produksi, dalam hal "
"perangkat lunak dan perangkat keras. Pembaruan harus diuji secara menyeluruh "
"dalam hal dampak kinerja, stabilitas, dampak aplikasi, dan lainnya. Terutama "
"yang penting adalah untuk memverifikasi bahwa masalah yang secara teoritis "
"ditangani oleh pembaruan, seperti kerentanan spesifik, dan masalah ini "
"diperbaiki secara nata."
msgid ""
"Your selection of supporting software, such as messaging and load balancing, "
"can have serious security impacts on your cloud. It is important that you "
"make the proper choices for your organization. This section provides some "
"general guidelines for selecting supporting software."
msgstr ""
"Pilihan perangkat lunak pendukung Anda, seperti olah pesan dan penyeimbangan "
"beban, dapat menimbulkan dampak keamanan serius pada awan Anda. Adalah "
"penting bahwa Anda membuat pilihan yang tepat untuk organisasi Anda. Bagian "
"ini memberikan beberapa panduan umum untuk memilih perangkat lunak pendukung."
msgid "ZeroMQ or 0MQ"
msgstr "ZeroMQ atau 0MQ"
msgid "`AIDE <http://aide.sourceforge.net/>`__"
msgstr "`AIDE <http://aide.sourceforge.net/>`__"
msgid ""
"`Apache Qpid Authentication <http://qpid.apache.org/releases/qpid-0.32/cpp-"
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
"Messaging_User_Guide-Security-User_Authentication>`__"
msgstr ""
"`Apache Qpid Authentication <http://qpid.apache.org/releases/qpid-0.32/cpp-"
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
"Messaging_User_Guide-Security-User_Authentication>`__"
msgid ""
"`Apache Qpid Authorization <http://qpid.apache.org/releases/qpid-0.32/cpp-"
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
"Messaging_User_Guide-Security-Authorization>`__"
msgstr ""
"`Apache Qpid Authorization <http://qpid.apache.org/releases/qpid-0.32/cpp-"
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
"Messaging_User_Guide-Security-Authorization>`__"
msgid ""
"`Apache Qpid SSL <http://qpid.apache.org/releases/qpid-0.32/cpp-broker/book/"
"chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Security-"
"Encryption_using_SSL>`__"
msgstr ""
"`Apache Qpid SSL <http://qpid.apache.org/releases/qpid-0.32/cpp-broker/book/"
"chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Security-"
"Encryption_using_SSL>`__"
msgid "`Apache httpd <http://www.apache.org/>`_"
msgstr "`Apache httpd <http://www.apache.org/>`_"
msgid ""
"`Barbican <https://docs.openstack.org/barbican/latest/>`_ is an OpenStack "
"service that provides a back-end for Castellan. Barbican expects and "
"authenticates a keystone authentication token to identify the user and "
"project accessing or storing a secret. It then applies policy to determine "
"if access is permitted. It also provides a number of additional useful "
"features to improve secret management including quotas, per-secret ACLs, "
"tracking of secret consumers and grouping of secrets in secret containers. "
"Octavia, for example, integrates directly with Barbican (instead of "
"Castellan) to take advantage of some of these features."
msgstr ""
"`Barbican <https://docs.openstack.org/barbican/latest/>`_ adalah layanan "
"OpenStack yang menyediakan back-end untuk Castellan. Barbican mengharapkan "
"dan mengotentikasi token otentikasi keystone untuk mengidentifikasi pengguna "
"dan proyek yang mengakses atau menyimpan sebuah rahasia. Kemudian menerapkan "
"kebijakan untuk menentukan apakah akses diizinkan. Ini juga menyediakan "
"sejumlah fitur bermanfaat tambahan untuk memperbaiki manajemen rahasia "
"termasuk kuota, ACL per rahasia, pelacakan konsumen rahasia dan "
"pengelompokan rahasia dalam wadah rahasia. Octavia, misalnya, terintegrasi "
"langsung dengan Barbican (bukan Castellan) untuk memanfaatkan beberapa fitur "
"ini."
msgid ""
"`Castellan <https://docs.openstack.org/castellan/latest/>`_ is a library "
"that provides a simple common interface to store, generate and retrieve "
"secrets. It is used by most Openstack services for secret management. As a "
"library, Castellan does not provide a secret store in and of itself. Rather, "
"a back-end implementation is required to be deployed."
msgstr ""
"`Castellan <https://docs.openstack.org/castellan/latest/>`_ adalah sebuah "
"perpustakaan yang menyediakan antarmuka umum sederhana untuk menyimpan, "
"menghasilkan dan mengambil rahasia. Ini digunakan oleh sebagian besar "
"layanan Openstack untuk manajemen rahasia. Sebagai perpustakaan, Castellan "
"tidak menyediakan penyimpanan rahasia itu sendiri. Sebaliknya, implementasi "
"back-end harus dilakukan."
msgid ""
"`Center for Internet Security (CIS) Benchmarks <https://www.cisecurity.org/"
"cis-benchmarks/>`_"
msgstr ""
"`Center for Internet Security (CIS) Benchmarks <https://www.cisecurity.org/"
"cis-benchmarks/>`_"
msgid ""
"`Cloud Security Alliance (CSA) Common Control Matrix (CCM) <https://"
"cloudsecurityalliance.org/media/news/csa-releases-new-ccm-caiq-v3-0-1/>`_"
msgstr ""
"`Cloud Security Alliance (CSA) Common Control Matrix (CCM) <https://"
"cloudsecurityalliance.org/media/news/csa-releases-new-ccm-caiq-v3-0-1/>`_"
msgid ""
"`Cloudera CDH <https://www.cloudera.com/content/cloudera/en/documentation."
"html#CDH>`_"
msgstr ""
"`Cloudera CDH <https://www.cloudera.com/content/cloudera/en/documentation."
"html#CDH>`_"
msgid ""
"`Common Criteria <https://www.commoncriteriaportal.org/>`_ is an "
"internationally standardized software evaluation process, used by "
"governments and commercial companies to validate that software technologies "
"perform as advertised."
msgstr ""
"`Common Criteria <https://www.commoncriteriaportal.org/>`_ adalah proses "
"evaluasi perangkat lunak yang distandarkan secara internasional, yang "
"digunakan oleh pemerintah dan perusahaan komersial untuk memvalidasi "
"teknologi perangkat lunak yang dilakukan seperti yang diiklankan."
msgid ""
"`HDFS <https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/"
"HdfsUserGuide.html>`_"
msgstr ""
"`HDFS <https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/"
"HdfsUserGuide.html>`_"
msgid "`Hadoop <https://hadoop.apache.org>`_"
msgstr "`Hadoop <https://hadoop.apache.org>`_"
msgid ""
"`Hadoop secure mode docs <https://hadoop.apache.org/docs/current/hadoop-"
"project-dist/hadoop-common/SecureMode.html>`_"
msgstr ""
"`Hadoop secure mode docs <https://hadoop.apache.org/docs/current/hadoop-"
"project-dist/hadoop-common/SecureMode.html>`_"
msgid "`Hardening Walkthrough <https://wiki.debian.org/HardeningWalkthrough>`_"
msgstr ""
"`Hardening Walkthrough <https://wiki.debian.org/HardeningWalkthrough>`_"
msgid "`Hive <https://hive.apache.org>`_"
msgstr "`Hive <https://hive.apache.org>`_"
msgid "`Hortonworks Data Platform <http://docs.hortonworks.com>`_"
msgstr "`Hortonworks Data Platform <http://docs.hortonworks.com>`_"
msgid ""
"`How to assign devices with VT-d in KVM <http://www.linux-kvm.org/page/"
"How_to_assign_devices_with_VT-d_in_KVM>`_"
msgstr ""
"`How to assign devices with VT-d in KVM <http://www.linux-kvm.org/page/"
"How_to_assign_devices_with_VT-d_in_KVM>`_"
msgid ""
"`How to create an RPM package <http://fedoraproject.org/wiki/"
"How_to_create_an_RPM_package>`_"
msgstr ""
"`How to create an RPM package <http://fedoraproject.org/wiki/"
"How_to_create_an_RPM_package>`_"
msgid "`ISO 27001/2:2013 <http://www.27000.org/iso-27001.htm>`_"
msgstr "`ISO 27001/2:2013 <http://www.27000.org/iso-27001.htm>`_"
msgid ""
"`MapR <https://www.mapr.com/products/mapr-distribution-including-apache-"
"hadoop>`_"
msgstr ""
"`MapR <https://www.mapr.com/products/mapr-distribution-including-apache-"
"hadoop>`_"
msgid ""
"`MySQL Pluggable Authentication <http://dev.mysql.com/doc/refman/5.5/en/"
"pluggable-authentication.html>`__"
msgstr ""
"`MySQL Pluggable Authentication <http://dev.mysql.com/doc/refman/5.5/en/"
"pluggable-authentication.html>`__"
msgid ""
"`National Security Agency, Suite B Cryptography <http://www.nsa.gov/ia/"
"programs/suiteb_cryptography/index.shtml>`_"
msgstr ""
"`National Security Agency, Suite B Cryptography <http://www.nsa.gov/ia/"
"programs/suiteb_cryptography/index.shtml>`_"
msgid "`Nginx <http://nginx.org/>`_"
msgstr "`Nginx <http://nginx.org/>`_"
msgid "`OSSEC <http://www.ossec.net/>`__"
msgstr "`OSSEC <http://www.ossec.net/>`__"
msgid ""
"`OWASP Guide to Cryptography <https://www.owasp.org/index.php/"
"Guide_to_Cryptography>`_"
msgstr ""
"`OWASP Guide to Cryptography <https://www.owasp.org/index.php/"
"Guide_to_Cryptography>`_"
msgid ""
"`OWASP MySQL Hardening <https://www.owasp.org/index.php/"
"OWASP_Backend_Security_Project_MySQL_Hardening>`__"
msgstr ""
"`OWASP MySQL Hardening <https://www.owasp.org/index.php/"
"OWASP_Backend_Security_Project_MySQL_Hardening>`__"
msgid ""
"`OWASP PostgreSQL Hardening <https://www.owasp.org/index.php/"
"OWASP_Backend_Security_Project_PostgreSQL_Hardening>`__"
msgstr ""
"`OWASP PostgreSQL Hardening <https://www.owasp.org/index.php/"
"OWASP_Backend_Security_Project_PostgreSQL_Hardening>`__"
msgid ""
"`OWASP Transport Layer Protection Cheat Sheet <https://www.owasp.org/index."
"php/Transport_Layer_Protection_Cheat_Sheet>`_"
msgstr ""
"`OWASP Transport Layer Protection Cheat Sheet <https://www.owasp.org/index."
"php/Transport_Layer_Protection_Cheat_Sheet>`_"
msgid "`Oozie <https://oozie.apache.org>`_"
msgstr "`Oozie <https://oozie.apache.org>`_"
msgid "`OpenSCAP <https://www.open-scap.org/>`_"
msgstr "`OpenSCAP <https://www.open-scap.org/>`_"
msgid ""
"`OpenSSL and FIPS 140-2 <http://www.openssl.org/docs/fips/fipsnotes.html>`_"
msgstr ""
"`OpenSSL and FIPS 140-2 <http://www.openssl.org/docs/fips/fipsnotes.html>`_"
msgid "`Pig <https://pig.apache.org>`_"
msgstr "`Pig <https://pig.apache.org>`_"
msgid "`Pound <http://www.apsis.ch/pound>`_"
msgstr "`Pound <http://www.apsis.ch/pound>`_"
msgid "`PyKMIP library <https://github.com/OpenKMIP/PyKMIP>`__"
msgstr "`PyKMIP library <https://github.com/OpenKMIP/PyKMIP>`__"
msgid "`RFC 4253 <http://www.ietf.org/rfc/rfc4253.txt>`_"
msgstr "`RFC 4253 <http://www.ietf.org/rfc/rfc4253.txt>`_"
msgid ""
"`RabbitMQ Access Control <http://www.rabbitmq.com/access-control.html>`__"
msgstr ""
"`RabbitMQ Access Control <http://www.rabbitmq.com/access-control.html>`__"
msgid ""
"`RabbitMQ Authentication <http://www.rabbitmq.com/authentication.html>`__"
msgstr ""
"`RabbitMQ Authentication <http://www.rabbitmq.com/authentication.html>`__"
msgid "`RabbitMQ Configuration <http://www.rabbitmq.com/configure.html>`__"
msgstr "`RabbitMQ Configuration <http://www.rabbitmq.com/configure.html>`__"
msgid "`RabbitMQ Plugins <http://www.rabbitmq.com/plugins.html>`__"
msgstr "`RabbitMQ Plugins <http://www.rabbitmq.com/plugins.html>`__"
msgid ""
"`RabbitMQ SASL External Auth <http://hg.rabbitmq.com/rabbitmq-auth-mechanism-"
"ssl/file/rabbitmq_v3_1_3/README>`__"
msgstr ""
"`RabbitMQ SASL External Auth <http://hg.rabbitmq.com/rabbitmq-auth-mechanism-"
"ssl/file/rabbitmq_v3_1_3/README>`__"
msgid "`RabbitMQ SSL <http://www.rabbitmq.com/ssl.html>`__"
msgstr "`RabbitMQ SSL <http://www.rabbitmq.com/ssl.html>`__"
msgid "`Samhain <http://la-samhna.de/samhain/>`__"
msgstr "`Samhain <http://la-samhna.de/samhain/>`__"
msgid ""
"`Security Technical Implementation Guide (STIG) <http://iase.disa.mil/stigs/"
"Pages/index.aspx>`_"
msgstr ""
"`Security Technical Implementation Guide (STIG) <http://iase.disa.mil/stigs/"
"Pages/index.aspx>`_"
msgid ""
"`Security in MySQL <http://downloads.mysql.com/docs/mysql-security-"
"excerpt-5.1-en.pdf>`__"
msgstr ""
"`Security in MySQL <http://downloads.mysql.com/docs/mysql-security-"
"excerpt-5.1-en.pdf>`__"
msgid ""
"`SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate "
"trust model enhancements <http://www.ieee-security.org/TC/SP2013/"
"papers/4977a511.pdf>`_"
msgstr ""
"`SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate "
"trust model enhancements <http://www.ieee-security.org/TC/SP2013/"
"papers/4977a511.pdf>`_"
msgid "`Spark <https://spark.apache.org>`_"
msgstr "`Spark <https://spark.apache.org>`_"
msgid "`Spark Security <https://spark.apache.org/docs/latest/security.html>`_"
msgstr "`Spark Security <https://spark.apache.org/docs/latest/security.html>`_"
msgid "`Storm <https://storm.apache.org>`_"
msgstr "`Storm <https://storm.apache.org>`_"
msgid "`Stud <https://github.com/bumptech/stud>`_"
msgstr "`Stud <https://github.com/bumptech/stud>`_"
msgid ""
"`The Most Dangerous Code in the World: Validating SSL Certificates in Non-"
"Browser Software <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf>`_"
msgstr ""
"`The Most Dangerous Code in the World: Validating SSL Certificates in Non-"
"Browser Software <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf>`_"
msgid ""
"`Total security in a PostgreSQL database <https://www.ibm.com/developerworks/"
"opensource/library/os-postgresecurity>`__"
msgstr ""
"`Total security in a PostgreSQL database <https://www.ibm.com/developerworks/"
"opensource/library/os-postgresecurity>`__"
msgid "`Tripwire <http://sourceforge.net/projects/tripwire/>`__"
msgstr "`Tripwire <http://sourceforge.net/projects/tripwire/>`__"
msgid ""
"`Trusted Security Principles <http://www.aicpa.org/interestareas/"
"informationtechnology/resources/soc/trustservices/pages/trust%20services"
"%20principles—an%20overview.aspx>`_"
msgstr ""
"`Trusted Security Principles <http://www.aicpa.org/interestareas/"
"informationtechnology/resources/soc/trustservices/pages/trust%20services"
"%20principles—an%20overview.aspx>`_"
msgid ""
"`U.S. NIST FIPS PUB 180-3 <http://csrc.nist.gov/publications/fips/fips180-3/"
"fips180-3_final.pdf>`_"
msgstr ""
"`U.S. NIST FIPS PUB 180-3 <http://csrc.nist.gov/publications/fips/fips180-3/"
"fips180-3_final.pdf>`_"
msgid ""
"`U.S. NIST FIPS PUB 186-3 <http://csrc.nist.gov/publications/fips/fips186-3/"
"fips_186-3.pdf>`_"
msgstr ""
"`U.S. NIST FIPS PUB 186-3 <http://csrc.nist.gov/publications/fips/fips186-3/"
"fips_186-3.pdf>`_"
msgid "`Xen VTd Howto <http://wiki.xen.org/wiki/VTd_HowTo>`_"
msgstr "`Xen VTd Howto <http://wiki.xen.org/wiki/VTd_HowTo>`_"
msgid "`Zookeeper <https://zookeeper.apache.org>`_"
msgstr "`Zookeeper <https://zookeeper.apache.org>`_"
msgid "``!EXP``"
msgstr "``!EXP``"
msgid "``!LOW:!MEDIUM``"
msgstr "``!LOW:!MEDIUM``"
msgid "``!MD5``"
msgstr "``!MD5``"
msgid "``!RC4``"
msgstr "``!RC4``"
msgid "``!aNULL:!eNULL``"
msgstr "``!aNULL:!eNULL``"
msgid "``$PGDATA/root.crl`` - Certificate revocation list"
msgstr "``$PGDATA/root.crl`` - Daftar pencabutan sertifikat"
msgid "``$PGDATA/root.crt`` - Trusted certificate authorities"
msgstr "``$PGDATA/root.crt`` - Otoritas sertifikat dipercaya"
msgid "``$PGDATA/server.crt`` - Server certificate"
msgstr "``$PGDATA/server.crt`` - Sertifikat server"
msgid "``$PGDATA/server.key`` - Private key corresponding to ``server.crt``"
msgstr "``$PGDATA/server.key`` - Private key yang sesuai ``server.crt``"
msgid ""
"``DISALLOW_IFRAME_EMBED`` can be used to prevent the OpenStack Dashboard "
"from being embedded within an iframe."
msgstr ""
"``DISALLOW_IFRAME_EMBED`` dapat digunakan untuk mencegah Dasbor OpenStack "
"tidak disisipkan dalam iframe."
msgid "``GRE``"
msgstr "``GRE``"
msgid "``HIGH``"
msgstr "``HIGH``"
msgid "``Protocols``"
msgstr "``Protocols``"
msgid "``Storage controller``"
msgstr "``Storage controller``"
msgid "``VLAN``"
msgstr "``VLAN``"
msgid "``VXLAN``"
msgstr "``VXLAN``"
msgid ""
"``demo`` user in ``demo`` tenant can list the types and the private share "
"type named ``my_type`` is not visible for him."
msgstr ""
"Pengguna ``demo`` di penyewaan ``demo`` dapat mendaftar jenis dan jenis "
"share privat bernama ``my_type`` tidak terlihat untuknya."
msgid ""
"``firewall_driver`` must be set to ``nova.virt.firewall.NoopFirewallDriver`` "
"so that nova-compute does not perform iptables-based filtering itself."
msgstr ""
"``firewall_driver`` harus disetel ke ``nova.virt.firewall."
"NoopFirewallDriver`` sehingga nova-compute tidak melakukan penyaringan "
"berbasis iptables itu sendiri."
msgid "``flat``"
msgstr "``flat``"
msgid "``kEECDH:kEDH``"
msgstr "``kEECDH:kEDH``"
msgid "``kRSA``"
msgstr "``kRSA``"
msgid "``manila-api``"
msgstr "``manila-api``"
msgid "``manila-data``"
msgstr "``manila-data``"
msgid "``manila-scheduler``"
msgstr "``manila-scheduler``"
msgid "``manila-share``"
msgstr "``manila-share``"
msgid "``max-burst-kbps``: burst buffer"
msgstr "``max-burst-kbps``: burst buffer"
msgid "``max-kbps``: bandwidth"
msgstr "``max-kbps``: bandwidth"
msgid "``python-manilaclient``"
msgstr "``python-manilaclient``"
msgid ""
"``security_group_api`` must be set to ``neutron`` so that all security group "
"requests are proxied to the OpenStack Networking service."
msgstr ""
"``security_group_api`` harus disetel ke ``neutron`` sehingga semua "
"permintaan grup keamanan diproksikan ke layanan OpenStack Networking."
msgid ""
"`ansible-hardening <https://docs.openstack.org/ansible-hardening/latest/>`_"
msgstr ""
"`ansible-hardening <https://docs.openstack.org/ansible-hardening/latest/>`_"
msgid ""
"`http://blogs.vmware.com/security/ <http://blogs.vmware.com/security/>`_"
msgstr ""
"`http://blogs.vmware.com/security/ <http://blogs.vmware.com/security/>`_"
msgid "`http://seclists.org/oss-sec <http://seclists.org/oss-sec>`_"
msgstr "`http://seclists.org/oss-sec <http://seclists.org/oss-sec>`_"
msgid ""
"`http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf <http://www.cl.cam.ac.uk/"
"~rja14/Papers/serpent.pdf>`_"
msgstr ""
"`http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf <http://www.cl.cam.ac.uk/"
"~rja14/Papers/serpent.pdf>`_"
msgid "`http://xenbits.xen.org/xsa/ <http://xenbits.xen.org/xsa/>`_"
msgstr "`http://xenbits.xen.org/xsa/ <http://xenbits.xen.org/xsa/>`_"
msgid ""
"`https://www.schneier.com/paper-twofish-paper.html <https://www.schneier.com/"
"paper-twofish-paper.html>`_"
msgstr ""
"`https://www.schneier.com/paper-twofish-paper.html <https://www.schneier.com/"
"paper-twofish-paper.html>`_"
msgid "apache2"
msgstr "apache2"
msgid "beam.smp"
msgstr "beam.smp"
msgid ""
"blog.malchuk.ru, OpenStack VNC Security. 2013. `Secure Connections to VNC "
"ports <http://blog.malchuk.ru/2013/05/21/47>`_"
msgstr ""
"blog.malchuk.ru, OpenStack VNC Security. 2013. `Secure Connections to VNC "
"ports <http://blog.malchuk.ru/2013/05/21/47>`_"
msgid ""
"blog.sflow.com, sflow: `Host sFlow distributed agent <http://blog.sflow."
"com/2012/01/host-sflow-distributed-agent.html>`_. 2012."
msgstr ""
"blog.sflow.com, sflow: `Host sFlow distributed agent <http://blog.sflow."
"com/2012/01/host-sflow-distributed-agent.html>`_. 2012."
msgid ""
"blog.sflow.com, sflow: `LAN and WAN <http://blog.sflow.com/2009/09/lan-and-"
"wan.html>`_. 2009."
msgstr ""
"blog.sflow.com, sflow: `LAN and WAN <http://blog.sflow.com/2009/09/lan-and-"
"wan.html>`_. 2009."
msgid ""
"blog.sflow.com, sflow: `Rapidly detecting large flows sFlow vs <http://blog."
"sflow.com/2013/01/rapidly-detecting-large-flows-sflow-vs.html>`_. NetFlow/"
"IPFIX. 2013."
msgstr ""
"blog.sflow.com, sflow: `Rapidly detecting large flows sFlow vs <http://blog."
"sflow.com/2013/01/rapidly-detecting-large-flows-sflow-vs.html>`_. NetFlow/"
"IPFIX. 2013."
msgid ""
"bugzilla.redhat.com, Bug 913607 - RFE: Support Tunnelling SPICE over "
"websockets. 2013. `RedHat bug 913607 <https://bugzilla.redhat.com/show_bug."
"cgi?id=913607>`_."
msgstr ""
"bugzilla.redhat.com, Bug 913607 - RFE: Support Tunnelling SPICE over "
"websockets. 2013. `RedHat bug 913607 <https://bugzilla.redhat.com/show_bug."
"cgi?id=913607>`_."
msgid "cgroups"
msgstr "cgroups"
msgid "dns"
msgstr "dns"
msgid "dnsmasq"
msgstr "dnsmasq"
msgid "driver_handles_share_servers = False"
msgstr "driver_handles_share_servers = False"
msgid "driver_handles_share_servers = True"
msgstr "driver_handles_share_servers = True"
msgid "http"
msgstr "http"
msgid "iSCSI"
msgstr "iSCSI"
msgid "iSCSI initiator service"
msgstr "iSCSI initiator service"
msgid ""
"keystone listener process (Python): Python process that consumes keystone "
"events published by the keystone service."
msgstr ""
"keystone listener process (Python): Proses Python yang mengkonsumsi keystone "
"event yang diterbitkan oleh layanan keystone."
msgid "mysql"
msgstr "mysql"
msgid "mysqld"
msgstr "mysqld"
msgid "n/a"
msgstr "n/a"
msgid "network provider services (SDN server/services)"
msgstr "layanan penyedia jaringan (SDN server/services)"
msgid "neutron server (*neutron-server* and *neutron-\\*-plugin*)"
msgstr "neutron server (*neutron-server* and *neutron-\\*-plugin*)"
msgid "no share servers"
msgstr "no share servers"
msgid ""
"oasis-open.org, OASIS Key Management Interoperability Protocol (KMIP). 2014. "
"`KMIP <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip>`__"
msgstr ""
"oasis-open.org, OASIS Key Management Interoperability Protocol (KMIP). 2014. "
"`KMIP <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip>`__"
msgid "or"
msgstr "atau"
msgid "pending"
msgstr "tertunda"
msgid "plugin agent (*neutron-\\*-agent*)"
msgstr "plugin agent (*neutron-\\*-agent*)"
msgid "sVirt"
msgstr "sVirt"
msgid "sVirt SELinux Boolean"
msgstr "sVirt SELinux Boolean"
msgid ""
"sVirt isolation is provided regardless of the guest operating system running "
"inside the virtual machine. Linux or Windows VMs can be used. Additionally, "
"many Linux distributions provide SELinux within the operating system, "
"allowing the virtual machine to protect internal virtual resources from "
"threats."
msgstr ""
"Isolasi sVirt disediakan terlepas dari sistem operasi guest yang berjalan di "
"dalam mesin virtual. Linux atau Windows VMs dapat digunakan. Selain itu, "
"banyak distribusi Linux menyediakan SELinux dalam sistem operasi, "
"memungkinkan mesin virtual melindungi sumber daya virtual internal dari "
"ancaman."
msgid "sVirt: SELinux and virtualization"
msgstr "sVirt: SELinux and virtualization"
msgid "share servers"
msgstr "share servers"
msgid "ssh"
msgstr "ssh"
msgid "sshd"
msgstr "sshd"
msgid "tgtd"
msgstr "tgtd"
msgid "virt_use_common"
msgstr "virt_use_common"
msgid "virt_use_fusefs"
msgstr "virt_use_fusefs"
msgid "virt_use_nfs"
msgstr "virt_use_nfs"
msgid "virt_use_samba"
msgstr "virt_use_samba"
msgid "virt_use_sanlock"
msgstr "virt_use_sanlock"
msgid "virt_use_sysfs"
msgstr "virt_use_sysfs"
msgid "virt_use_usb"
msgstr "virt_use_usb"
msgid "virt_use_xserver"
msgstr "virt_use_xserver"
View Git Blame Copy Permalink