19754 lines
935 KiB
Plaintext
19754 lines
935 KiB
Plaintext
# SOME DESCRIPTIVE TITLE.
|
||
# Copyright (C) 2015, OpenStack contributors
|
||
# This file is distributed under the same license as the Security Guide package.
|
||
#
|
||
# Translators:
|
||
# OpenStack Infra <zanata@openstack.org>, 2015. #zanata
|
||
# suhartono <cloudsuhartono@gmail.com>, 2017. #zanata
|
||
# suhartono <cloudsuhartono@gmail.com>, 2018. #zanata
|
||
# suhartono <cloudsuhartono@gmail.com>, 2019. #zanata
|
||
msgid ""
|
||
msgstr ""
|
||
"Project-Id-Version: openstacksecurityguide\n"
|
||
"Report-Msgid-Bugs-To: \n"
|
||
"POT-Creation-Date: 2019-01-18 09:42+0000\n"
|
||
"MIME-Version: 1.0\n"
|
||
"Content-Type: text/plain; charset=UTF-8\n"
|
||
"Content-Transfer-Encoding: 8bit\n"
|
||
"PO-Revision-Date: 2019-01-18 03:25+0000\n"
|
||
"Last-Translator: suhartono <cloudsuhartono@gmail.com>\n"
|
||
"Language: id\n"
|
||
"Plural-Forms: nplurals=1; plural=0;\n"
|
||
"X-Generator: Zanata 4.3.3\n"
|
||
"Language-Team: Indonesian\n"
|
||
|
||
msgid ""
|
||
"\"... any information about an individual maintained by an agency, including "
|
||
"(1) any information that can be used to distinguish or trace an individual's "
|
||
"identity, such as name, social security number, date and place of birth, "
|
||
"mother's maiden name, or biometric records; and (2) any other information "
|
||
"that is linked or linkable to an individual, such as medical, educational, "
|
||
"financial, and employment information...\""
|
||
msgstr ""
|
||
"\"... informasi tentang seseorang yang dipelihara oleh agen, termasuk (1) "
|
||
"informasi apa pun yang dapat digunakan untuk membedakan atau melacak "
|
||
"identitas individu, seperti nama, nomor jaminan sosial, tanggal dan tempat "
|
||
"lahir, nama gadis ibu, Atau catatan biometrik; dan (2) informasi lain yang "
|
||
"terkait atau dapat dihubungkan dengan individu, seperti informasi medis, "
|
||
"pendidikan, keuangan, dan pekerjaan ... \""
|
||
|
||
msgid ""
|
||
"\"Anchor is a public key infrastructure (PKI) service, which uses automated "
|
||
"certificate request validation to automate issuing decisions. Certificates "
|
||
"are issued for short time periods (typically 12-48 hours) to avoid the "
|
||
"flawed revocation issues associated with CRLs and OCSP.\""
|
||
msgstr ""
|
||
"\"Anchor adalah layanan public key infrastructure (PKI), yang menggunakan "
|
||
"validasi permintaan sertifikat otomatis untuk mengotomatisasi keputusan "
|
||
"penerbitan. Sertifikat dikeluarkan untuk periode waktu yang singkat "
|
||
"(biasanya 12-48 jam) untuk menghindari masalah flawed revocation (pembatalan "
|
||
"cacat) yang terkait dengan CRL dan OCSP.\""
|
||
|
||
msgid ""
|
||
"\"The `Federal Risk and Authorization Management Program <http://www.fedramp."
|
||
"gov>`_ (FedRAMP) is a government-wide program that provides a standardized "
|
||
"approach to security assessment, authorization, and continuous monitoring "
|
||
"for cloud products and services\". NIST 800-53 is the basis for both FISMA "
|
||
"and FedRAMP which mandates security controls specifically selected to "
|
||
"provide protection in cloud environments. FedRAMP can be extremely intensive "
|
||
"from specificity around security controls, and the volume of documentation "
|
||
"required to meet government standards."
|
||
msgstr ""
|
||
"\"The `Federal Risk and Authorization Management Program <http://www.fedramp."
|
||
"gov>`_ (FedRAMP) adalah program pemerintah yang menyediakan pendekatan "
|
||
"standar untuk penilaian keamanan, otorisasi, dan pemantauan berkelanjutan "
|
||
"untuk produk dan layanan awan. \"NIST 800-53 adalah basis untuk FISMA dan "
|
||
"FedRAMP yang mengamanatkan kontrol keamanan yang secara khusus dipilih untuk "
|
||
"memberikan perlindungan di awan. Lingkungan FedRAMP bisa sangat intensif "
|
||
"dari spesifisitas seputar kontrol keamanan, dan volume dokumentasi yang "
|
||
"dibutuhkan untuk memenuhi standar pemerintah."
|
||
|
||
msgid ""
|
||
"\"The sanitization process removes information from the media such that the "
|
||
"information cannot be retrieved or reconstructed. Sanitization techniques, "
|
||
"including clearing, purging, cryptographic erase, and destruction, prevent "
|
||
"the disclosure of information to unauthorized individuals when such media is "
|
||
"reused or released for disposal.\" `NIST Special Publication 800-53 Revision "
|
||
"4 <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4."
|
||
"pdf>`__"
|
||
msgstr ""
|
||
"\"The sanitization process removes information from the media such that the "
|
||
"information cannot be retrieved or reconstructed. Sanitization techniques, "
|
||
"including clearing, purging, cryptographic erase, and destruction, prevent "
|
||
"the disclosure of information to unauthorized individuals when such media is "
|
||
"reused or released for disposal.\" `NIST Special Publication 800-53 Revision "
|
||
"4 <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4."
|
||
"pdf>`__"
|
||
|
||
msgid "**Adam Hyde**"
|
||
msgstr "**Adam Hyde**"
|
||
|
||
msgid "**Andrew Hay**, CloudPassage"
|
||
msgstr "**Andrew Hay**, CloudPassage"
|
||
|
||
msgid "**Ben de Bont**, HP"
|
||
msgstr "**Ben de Bont**, HP"
|
||
|
||
msgid "**Bryan D. Payne**, Nebula"
|
||
msgstr "**Bryan D. Payne**, Nebula"
|
||
|
||
msgid "**Cody Bunch**, Rackspace"
|
||
msgstr "**Cody Bunch**, Rackspace"
|
||
|
||
msgid "**Eric Lopez**, VMware"
|
||
msgstr "**Eric Lopez**, VMware"
|
||
|
||
msgid "**Eric Windisch**, Cloudscaling"
|
||
msgstr "**Eric Windisch**, Cloudscaling"
|
||
|
||
msgid "**Example. Access instances through a custom network namespace**"
|
||
msgstr "**Example. Access instances through a custom network namespace**"
|
||
|
||
msgid "**Example. Access instances through a specified relay machine**"
|
||
msgstr "**Example. Access instances through a specified relay machine**"
|
||
|
||
msgid "**Example. Allow all methods to all users (default policy)**"
|
||
msgstr "**Example. Allow all methods to all users (default policy)**"
|
||
|
||
msgid "**Example. Configuring TLS access to the controller**"
|
||
msgstr "**Example. Configuring TLS access to the controller**"
|
||
|
||
msgid "**Example. Configuring for a proxy domain named “dp_proxy”**"
|
||
msgstr "**Example. Configuring for a proxy domain named “dp_proxy”**"
|
||
|
||
msgid "**Example. Disallow image registry manipulations to non-admin users**"
|
||
msgstr "**Example. Disallow image registry manipulations to non-admin users**"
|
||
|
||
msgid "**Example. Enabling rootwrap usage and showing the default command**"
|
||
msgstr "**Example. Enabling rootwrap usage and showing the default command**"
|
||
|
||
msgid ""
|
||
"**Example. Setting the log level higher than warning and specifying an "
|
||
"output file.**"
|
||
msgstr ""
|
||
"**Example. Setting the log level higher than warning and specifying an "
|
||
"output file.**"
|
||
|
||
msgid "**Fail:** If TLS is not enabled on the HTTP server."
|
||
msgstr "**Fail:** Jika TLS tidak diaktifkan pada server HTTP."
|
||
|
||
msgid ""
|
||
"**Fail:** If ``admin_token`` under ``[DEFAULT]`` section is set and "
|
||
"``AdminTokenAuthMiddleware`` exists in ``keystone-paste.ini``."
|
||
msgstr ""
|
||
"**Fail:** Jika ``admin_token`` di bawah bagian ``[DEFAULT] `` disetel dan "
|
||
"``AdminTokenAuthMiddleware`` ada di ``keystone-paste.ini``."
|
||
|
||
msgid ""
|
||
"**Fail:** If ``insecure_debug`` under ``[DEFAULT]`` section in ``/etc/"
|
||
"keystone/keystone.conf`` is true."
|
||
msgstr ""
|
||
"**Fail:** Jika ``insecure_debug`` di bawah bagian ``[DEFAULT] `` di ``/etc/"
|
||
"keystone/keystone.conf`` benar adanya."
|
||
|
||
msgid "**Fail:** If permissions are not set to at least 640."
|
||
msgstr "**Fail:** Jika izin tidak diatur ke setidaknya 640."
|
||
|
||
msgid "**Fail:** If permissions are set greater than 640."
|
||
msgstr "**Fail:** Jika permission ditetapkan lebih besar dari 640."
|
||
|
||
msgid ""
|
||
"**Fail:** If the above commands do not return any output, it is possible "
|
||
"that the user and group ownership may have been set to any user other than "
|
||
"root or any group other than barbican."
|
||
msgstr ""
|
||
"**Fail:** Jika perintah di atas tidak mengembalikan output apapun, "
|
||
"kemungkinan kepemilikan pengguna dan grup mungkin telah ditetapkan ke "
|
||
"pengguna selain root atau grup selain barbican."
|
||
|
||
msgid ""
|
||
"**Fail:** If the above commands do not return any output, the user and group "
|
||
"ownership might have set to any user other than ``root`` or any group other "
|
||
"than ``nova``."
|
||
msgstr ""
|
||
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun, "
|
||
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
|
||
"``root`` atau grup selain ``nova``."
|
||
|
||
msgid "**Fail:** If the above commands do not return any output."
|
||
msgstr "**Fail:** Jika perintah di atas tidak mengembalikan output apapun."
|
||
|
||
msgid ""
|
||
"**Fail:** If the above commands does not return any output as the user and "
|
||
"group ownership might have set to any user other than root or any group "
|
||
"other than cinder."
|
||
msgstr ""
|
||
"**Fail:** Jika perintah di atas tidak mengembalikan output apapun karena "
|
||
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
|
||
"root atau grup selain cinder."
|
||
|
||
msgid ""
|
||
"**Fail:** If the above commands does not return any output as the user and "
|
||
"group ownership might have set to any user other than root or any group "
|
||
"other than horizon."
|
||
msgstr ""
|
||
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
|
||
"kepemilikan user dan grup mungkin telah ditetapkan ke user selain root atau "
|
||
"grup selain horizon."
|
||
|
||
msgid ""
|
||
"**Fail:** If the above commands does not return any output as the user and "
|
||
"group ownership might have set to any user other than root or any group "
|
||
"other than manila."
|
||
msgstr ""
|
||
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
|
||
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
|
||
"root atau grup selain manila."
|
||
|
||
msgid ""
|
||
"**Fail:** If the above commands does not return any output as the user and "
|
||
"group ownership might have set to any user other than root or any group "
|
||
"other than neutron."
|
||
msgstr ""
|
||
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
|
||
"kepemilikan pengguna dan grup mungkin telah ditetapkan ke pengguna selain "
|
||
"root atau grup selain neutron."
|
||
|
||
msgid ""
|
||
"**Fail:** If the above commands does not return any output as the user or "
|
||
"group ownership might have set to any user other than keystone."
|
||
msgstr ""
|
||
"**Fail:** Jika perintah di atas tidak mengembalikan output apa pun karena "
|
||
"pengguna atau kepemilikan grup mungkin telah ditetapkan ke pengguna selain "
|
||
"keystone."
|
||
|
||
msgid ""
|
||
"**Fail:** If the parameter ``authtoken`` is missing under the ``pipeline:"
|
||
"barbican-api-keystone`` section in ``barbican-api-paste.ini``."
|
||
msgstr ""
|
||
"**Fail:** Jika parameternya ``authtoken`` hilang di bawah bagian ``pipeline:"
|
||
"barbican-api-keystone`` dalam ``barbican-api-paste.ini``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``CSRF_COOKIE_SECURE`` in ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``CSRF_COOKIE_SECURE`` di ```/etc/openstack-"
|
||
"dashboard/local_settings.py`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``DISABLE_PASSWORD_REVEAL`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``DISABLE_PASSWORD_REVEAL`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``DISALLOW_IFRAME_EMBED`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``DISALLOW_IFRAME_EMBED`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``ENFORCE_PASSWORD_CHECK`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter `` ENFORCE_PASSWORD_CHECK`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``PASSWORD_AUTOCOMPLETE`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``on``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``PASSWORD_AUTOCOMPLETE`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` diatur ke ``on``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``PASSWORD_VALIDATOR`` in ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` is set to allow all `\"regex\": '.*'`"
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``PASSWORD_VALIDATOR`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` disetel untuk mengizinkan semua `\" regex \": "
|
||
"'. *'`"
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``SECURE_PROXY_SSL_HEADER`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is not set to "
|
||
"``'HTTP_X_FORWARDED_PROTO', 'https'`` or commented out."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``SECURE_PROXY_SSL_HEADER`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` tidak disetel ke "
|
||
"``'HTTP_X_FORWARDED_PROTO', 'https'`` atau berkomentar."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``SESSION_COOKIE_HTTPONLY`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``SESSION_COOKIE_HTTPONLY`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``SESSION_COOKIE_SECURE`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``SESSION_COOKIE_SECURE`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``api_insecure`` under ``[glance]`` section "
|
||
"in ``/etc/nova/nova.conf`` is set to ``True``, or if value of parameter "
|
||
"``api_servers`` under ``[glance]`` section in ``/etc/nova/nova.conf`` is set "
|
||
"to a value that does not start with ``https://``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``api_insecure`` di bawah bagian ``[glance] "
|
||
"`` di ``/etc/nova/nova.conf`` diatur ke ``True``, atau jika nilai parameter "
|
||
"``api_servers`` di bawah bagian ``[glance]`` di ``/etc/nova/nova.conf`` "
|
||
"diatur ke nilai yang tidak dimulai dengan ``https://``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_protocol`` under "
|
||
"``[keystone_authtoken]`` section in ``barbican.conf`` is set to ``http``, or "
|
||
"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``barbican.conf`` is not set to Identity API endpoint starting "
|
||
"with ``https://`` or value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``barbican.conf`` is set to "
|
||
"``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_protocol`` di bawah bagian "
|
||
"``[keystone_authtoken]``dalam ``barbican.conf`` diatur ke ``http``, atau "
|
||
"jika nilai parameter ``identity_uri`` di bawah bagian "
|
||
"``[keystone_authtoken]`` dalam ``barbican.conf`` tidak disetel ke Identity "
|
||
"API endpoint yang dimulai dengan ``https://`` atau nilai parameter "
|
||
"``insecure`` dibawah bagian ``[keystone_authtoken]`` yang sama dalam "
|
||
"``barbican.conf`` yang sama diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_protocol`` under "
|
||
"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``http``, or "
|
||
"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``manila.conf`` is not set to Identity API endpoint starting with "
|
||
"``https://`` or value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to "
|
||
"``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_protocol`` dibawah bagian "
|
||
"``[keystone_authtoken]`` dalam ``manila.conf`` diatur ke ``http``, atau jika "
|
||
"nilai parameter ``identity_uri`` dibawah bagian ``[keystone_authtoken]`` "
|
||
"dalam ``manila.conf`` tidak disetel ke titik akhir API Identitas yang "
|
||
"dimulai dengan ``https://`` atau nilai parameter ``insecure`` dibawah bagian "
|
||
"``[keystone_authtoken]`` yang sama dalam ``manila.conf`` yang sama diatur ke "
|
||
"``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/glance/glance-api.conf`` is set to ``noauth`` or value of "
|
||
"parameter ``auth_strategy`` under ``[DEFAULT]`` section in ``/etc/glance/"
|
||
"glance- registry.conf`` is set to ``noauth``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_strategy`` dibawah bagian "
|
||
"``[DEFAULT]`` di ``/etc/glance/glance-api.conf`` dieter ke ``noauth`` atau "
|
||
"nilai parameter ``auth_strategy`` dibawah bagian ``[DEFAULT]`` di ``/etc/"
|
||
"glance/glance- registry.conf`` diatur ke ``noauth``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section is set to ``noauth`` or ``noauth2``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_strategy`` di bawah bagian ``[DEFAULT] "
|
||
"`` diatur ke ``noauth`` atau ``noauth2``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section is set to ``noauth``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_strategy`` di bawah bagian `` "
|
||
"[DEFAULT] `` diatur ke ``noauth``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is not set to Identity API endpoint "
|
||
"starting with ``https://`` or value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``/etc/cinder/cinder.conf`` is "
|
||
"set to ``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken] `` di ``/etc/cinder/cinder.conf`` tidak disetel ke "
|
||
"Identity API endpoint yang dimulai dengan ``https://`` atau nilai dari "
|
||
"parameter ``insecure`` di bawah bagian ``[keystone_authtoken] `` yang sama "
|
||
"di ``/etc/cinder/cinder.conf`` yang sama diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/glance/glance-api.conf`` is not set to Identity API "
|
||
"endpoint starting with ``https://``, or value of parameter ``insecure`` "
|
||
"under the same ``[keystone_authtoken]`` section in the same ``/etc/glance/"
|
||
"glance-api.conf`` is set to ``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken]`` di ``/etc/glance/glance-api.conf`` tidak disetel ke "
|
||
"endpoint API Identity yang dimulai dengan ``https://``, atau nilai parameter "
|
||
"``insecure``di bawah bagian ``[keystone_authtoken]`` yang sama di bagian ``/"
|
||
"etc/glance/glance-api.conf`` yang sama diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/neutron/neutron.conf`` is not set to Identity API endpoint "
|
||
"starting with ``https://`` or value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``/etc/neutron/neutron.conf`` "
|
||
"is set to ``True``."
|
||
msgstr ""
|
||
"**Fail:**Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken]`` dalam ``/etc/neutron/neutron.conf`` tidak diatur ke "
|
||
"Identity API endpoint yang dimulai dengan ``https://`` atau nilai parameter "
|
||
"``insecure`` di bawah bagian ``[keystone_authtoken]`` yang sama dalam bagian "
|
||
"yang sama ``/etc/neutron/neutron.conf`` diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/nova/nova.conf`` is not set to Identity API endpoint "
|
||
"starting with ``https://`` or value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``/etc/nova/nova.conf`` is set "
|
||
"to ``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken]`` di ``/etc/nova/nova.conf`` tidak disetel ke "
|
||
"endpoint API Identity yang dimulai dengan ``https://`` atau nilai dari "
|
||
"parameter ``insecure`` di bawah bagian ``[keystone_authtoken] `` yang sama "
|
||
"di dalam ``/etc/nova/nova.conf`` yang sama diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``backend`` under ``[key_manager]`` section "
|
||
"in ``/etc/cinder/cinder.conf`` is not set, or if the value of parameter "
|
||
"``backend`` under ``[key_manager]`` section in ``/etc/nova/nova.conf`` is "
|
||
"not set, or if the instructions in the documentation referenced above are "
|
||
"not properly followed."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``backend`` di bawah bagian ``[key_manager]`` "
|
||
"di ``/etc/cinder/cinder.conf`` tidak diatur, atau jika nilai parameter "
|
||
"``backend`` di bawah bagian ``[key_manager]`` di ``/etc/nova/nova.conf`` "
|
||
"tidak diatur, atau jika petunjuk dalam dokumentasi yang disebutkan di atas "
|
||
"tidak diikuti dengan benar."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``cinder_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``cinder_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``copy_from`` in ``/etc/glance/policy.json`` "
|
||
"is not set."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``copy_from`` di ``/etc/glance/policy.json``` "
|
||
"tidak diatur."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``glance_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to ``True`` or the value of "
|
||
"parameter ``glance_api_servers`` is set to a value that does not start with "
|
||
"``https://``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``glance_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` disetel ke ``True`` atau nilai "
|
||
"parameter ``glance_api_servers`` adalah disetel ke nilai yang tidak dimulai "
|
||
"dengan ``https:// ``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``hash_algorithm`` under ``[token]``\\ "
|
||
"section is set to MD5."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``hash_algorithm`` di bawah bagian ``[token] "
|
||
"``\\ diatur ke MD5."
|
||
|
||
msgid "**Fail:** If value of parameter ``max_request_body_size`` is not set."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``max_request_body_size`` tidak disetel."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``max_request_body_size`` under "
|
||
"``[oslo_middleware]`` section in ``manila.conf`` is not set to ``114688``, "
|
||
"or if value of parameter ``osapi_max_request_body_size`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is not set to ``114688``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``max_request_body_size`` di bawah bagian "
|
||
"``[oslo_middleware] `` di ``manila.conf`` tidak diatur ke ``114688``, atau "
|
||
"jika nilai parameter ``osapi_max_request_body_size`` di bawah ``[ DEFAULT] "
|
||
"`` di ``manila.conf`` tidak diatur ke ``114688``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``nas_secure_file_permissions`` under "
|
||
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is set to ``False`` and "
|
||
"if value of parameter ``nas_secure_file_operations`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``nas_secure_file_permissions`` di bawah "
|
||
"bagian ``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` diatur ke `` False`` "
|
||
"dan jika nilai parameter ``nas_secure_file_operations`` di bawah bagian "
|
||
"``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``neutron_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``neutron_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to ``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``nova_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` disetel ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``True``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``nova_api_insecure`` di bawah bagian `` "
|
||
"DEFAULT] `` di ``manila.conf`` disetel ke ``True``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``osapi_max_request_body_size`` under "
|
||
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is not set to "
|
||
"``114688`` or if value of parameter ``max_request_body_size`` under "
|
||
"``[oslo_middleware]`` section in ``/etc/cinder/cinder.conf`` is not set to "
|
||
"``114688``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``osapi_max_request_body_size`` di bawah "
|
||
"bagian ``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` tidak diatur ke "
|
||
"``114688`` atau jika nilai parameter ``max_request_body_size`` di bawah "
|
||
"bagian ``[oslo_middleware]`` di ``/etc/cinder/cinder.conf`` tidak diatur ke "
|
||
"``114688``."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``provider`` under ``[token]`` section is "
|
||
"set to uuid."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``provider`` di bawah bagian ``[token] `` "
|
||
"diatur ke uuid."
|
||
|
||
msgid ""
|
||
"**Fail:** If value of parameter ``use_ssl`` under ``[DEFAULT]`` section in "
|
||
"``/etc/neutron/neutron.conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Fail:** Jika nilai parameter ``use_ssl`` di bawah bagian ``[DEFAULT]`` di "
|
||
"``/etc/neutron/neutron.conf`` diatur ke ``False``."
|
||
|
||
msgid "**Flat network in share servers back-end mode**"
|
||
msgstr "**Flat network in share servers back-end mode**"
|
||
|
||
msgid "**Gregg Tally**, Johns Hopkins University Applied Physics Laboratory"
|
||
msgstr "**Gregg Tally**, Johns Hopkins University Applied Physics Laboratory"
|
||
|
||
msgid "**Keith Basil**, Red Hat"
|
||
msgstr "**Keith Basil**, Red Hat"
|
||
|
||
msgid "**Malini Bhandaru**, Intel"
|
||
msgstr "**Malini Bhandaru**, Intel"
|
||
|
||
msgid "**Nathanael Burton**, National Security Agency"
|
||
msgstr "**Nathanael Burton**, National Security Agency"
|
||
|
||
msgid ""
|
||
"**Pass:** If 1) the value of parameter ``backend`` under the "
|
||
"``[key_manager]`` section in ``/etc/cinder/cinder.conf`` is set, 2) the "
|
||
"value of parameter ``backend`` under ``[key_manager]`` in ``/etc/nova/nova."
|
||
"conf`` is set, and 3) if the instructions in the documentation referenced "
|
||
"above are properly followed."
|
||
msgstr ""
|
||
"** Pass:** Jika 1) nilai parameter ``backend`` di bawah bagian "
|
||
"``[key_manager]`` di ``/etc/cinder/cinder.conf`` disetel, 2) nilai parameter "
|
||
"``backend`` di bawah ``[key_manager] `` di ``/etc/nova/nova.conf`` disetel, "
|
||
"dan 3) jika petunjuk dalam dokumentasi yang disebutkan di atas diikuti "
|
||
"dengan benar."
|
||
|
||
msgid "**Pass:** If TLS is enabled on the HTTP server."
|
||
msgstr "**Pass:** Jika TLS diaktifkan pada server HTTP."
|
||
|
||
msgid ""
|
||
"**Pass:** If ``admin_token`` under ``[DEFAULT]`` section in ``/etc/keystone/"
|
||
"keystone.conf`` is disabled. And, ``AdminTokenAuthMiddleware`` under "
|
||
"``[filter:admin_token_auth]`` is deleted from ``/etc/keystone/keystone-paste."
|
||
"ini``"
|
||
msgstr ""
|
||
"**Pass:** Jika ``admin_token`` di bawah bagian ``[DEFAULT]`` di ``/etc/"
|
||
"keystone/keystone.conf`` dinonaktifkan. Dan, ``AdminTokenAuthMiddleware`` di "
|
||
"bawah ``[filter:admin_token_auth]`` dihapus dari ``/etc/keystone/keystone-"
|
||
"paste.ini``"
|
||
|
||
msgid ""
|
||
"**Pass:** If ``insecure_debug`` under ``[DEFAULT]`` section in ``/etc/"
|
||
"keystone/keystone.conf`` is false."
|
||
msgstr ""
|
||
"**Pass:**Jika ``insecure_debug`` di bawah bagian `` [DEFAULT] `` di ```/etc/"
|
||
"keystone/keystone.conf`` adalah salah."
|
||
|
||
msgid "**Pass:** If permissions are set to 640 or stricter."
|
||
msgstr "**Pass:** Jika izin diatur ke 640 atau lebih ketat."
|
||
|
||
msgid ""
|
||
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
|
||
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
|
||
"o=\". Note that with :ref:`check_block_01` and permissions set to 640, root "
|
||
"has read/write access and cinder has read access to these configuration "
|
||
"files. The access rights can also be validated using the following command. "
|
||
"This command will only be available on your system if it supports ACLs."
|
||
msgstr ""
|
||
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
|
||
"diterjemahkan menjadi owner r/w, group r, dan no rights to others yaitu \"u "
|
||
"= rw, g = r, o =\". Perhatikan bahwa dengan :ref:`check_block_01` dan hak "
|
||
"akses diatur ke 640, root telah read/write akses dan cinder telah membaca "
|
||
"akses ke file konfigurasi ini. Hak akses juga dapat divalidasi dengan "
|
||
"menggunakan perintah berikut. Perintah ini hanya akan tersedia di sistem "
|
||
"Anda jika mendukung ACL."
|
||
|
||
msgid ""
|
||
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
|
||
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
|
||
"o=\". Note that with :ref:`check_dashboard_01` and permissions set to 640, "
|
||
"root has read/write access and horizon has read access to these "
|
||
"configuration files. The access rights can also be validated using the "
|
||
"following command. This command will only be available on your system if it "
|
||
"supports ACLs."
|
||
msgstr ""
|
||
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
|
||
"diterjemahkan menjadi owner r/w, group r, dan tidak ada hak kepada orang "
|
||
"lain yaitu \"u=rw,g=r,o=\". Perhatikan bahwa dengan :ref: "
|
||
"`check_dashboard_01` dan izin diset ke 640, root telah membaca/menulis akses "
|
||
"dan horizon telah membaca akses ke file konfigurasi ini. Hak akses juga "
|
||
"dapat divalidasi dengan menggunakan perintah berikut. Perintah ini hanya "
|
||
"akan tersedia di sistem Anda jika mendukung ACL."
|
||
|
||
msgid ""
|
||
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
|
||
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
|
||
"o=\". Note that with :ref:`check_neutron_01` and permissions set to 640, "
|
||
"root has read/write access and neutron has read access to these "
|
||
"configuration files. The access rights can also be validated using the "
|
||
"following command. This command will only be available on your system if it "
|
||
"supports ACLs."
|
||
msgstr ""
|
||
"**Pass:**Jika izin diatur ke 640 atau lebih ketat. Izin dari 640 "
|
||
"diterjemahkan menjadi owner r/w, group r, dan no rights to others i.e. "
|
||
"\"u=rw,g=r,o=\". Perhatikan bahwa dengan :ref: `check_neutron_01` dan hak "
|
||
"akses diatur ke 640, root mempunyai akses membaca/menulis dan neutron "
|
||
"mempunyai akses membaca ke file konfigurasi ini. Hak akses juga dapat "
|
||
"divalidasi dengan menggunakan perintah berikut. Perintah ini hanya akan "
|
||
"tersedia di sistem Anda jika mendukung ACL."
|
||
|
||
msgid ""
|
||
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
|
||
"translates into owner r/w, group r, and no rights to others i.e. \"u=rw,g=r,"
|
||
"o=\". Note that with :ref:`check_shared_fs_01` and permissions set to 640, "
|
||
"root has read/write access and manila has read access to these configuration "
|
||
"files. The access rights can also be validated using the following command. "
|
||
"This command will only be available on your system if it supports ACLs."
|
||
msgstr ""
|
||
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Izin dari 640 "
|
||
"diterjemahkan ke dalam owner r/w, group r, dan no rights to others i.e. "
|
||
"\"u=rw,g=r,o=\". Perhatikan bahwa dengan :ref:`check_shared_fs_01` dan izin "
|
||
"diatur ke 640, root mempunyai akses read/write dan manila telah membaca "
|
||
"akses ke file konfigurasi ini. Hak akses juga dapat divalidasi dengan "
|
||
"menggunakan perintah berikut. Perintah ini hanya akan tersedia di sistem "
|
||
"Anda jika mendukung ACL."
|
||
|
||
msgid ""
|
||
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
|
||
"translates into owner r/w, group r, and no rights to others, for example "
|
||
"\"u=rw,g=r,o=\"."
|
||
msgstr ""
|
||
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
|
||
"diterjemahkan menjadi owner r/w, group r, dan no rights to others, sebagai "
|
||
"contoh \"u=rw,g=r,o=\"."
|
||
|
||
msgid ""
|
||
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
|
||
"translates into owner r/w, group r, and no rights to others. For example, "
|
||
"\"u=rw,g=r,o=\"."
|
||
msgstr ""
|
||
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
|
||
"diterjemahkan menjadi owner r/w, group r, dan tidak ada hak orang lain. "
|
||
"Misalnya, \"u=rw,g=r,o=\"."
|
||
|
||
msgid ""
|
||
"**Pass:** If permissions are set to 640 or stricter. The permissions of 640 "
|
||
"translates into owner r/w, group r, and no rights to others. For example, "
|
||
"``u=rw,g=r,o=``."
|
||
msgstr ""
|
||
"**Pass:** Jika izin diatur ke 640 atau lebih ketat. Perizinan 640 "
|
||
"diterjemahkan menjadi owner r/w, group r, dan tidak ada hak orang lain. "
|
||
"Misalnya, ``u=rw,g=r,o=``."
|
||
|
||
msgid ""
|
||
"**Pass:** If the parameter ``authtoken`` is listed under the ``pipeline:"
|
||
"barbican-api-keystone`` section in ``barbican-api-paste.ini``."
|
||
msgstr ""
|
||
"**Pass:** Jika parameternya ``authtoken`` terdaftar di bawah bagian "
|
||
"``pipeline:barbican-api-keystone`` dalam ``barbican-api-paste.ini``."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of all these config files is set to "
|
||
"``root`` and ``nova`` respectively. The above commands show output of ``root "
|
||
"nova``."
|
||
msgstr ""
|
||
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
|
||
"diset masing-masing ke ``root`` dan ``nova``. Perintah di atas menunjukkan "
|
||
"output dari ``root nova``."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of all these config files is set to "
|
||
"keystone. The above commands show output of keystone keystone."
|
||
msgstr ""
|
||
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
|
||
"diatur ke keystone. Perintah di atas menunjukkan output dari keystone."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of all these config files is set to "
|
||
"root and barbican respectively. The above commands show output of root / "
|
||
"barbican."
|
||
msgstr ""
|
||
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
|
||
"diset ke root dan barbican. Perintah di atas menunjukkan output dari root / "
|
||
"barbican."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of all these config files is set to "
|
||
"root and cinder respectively. The above commands show output of root cinder."
|
||
msgstr ""
|
||
"** Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi "
|
||
"ini diset ke root dan cinder. Perintah di atas menunjukkan output dari root "
|
||
"cinder."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of all these config files is set to "
|
||
"root and manila respectively. The above commands show output of root manila."
|
||
msgstr ""
|
||
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
|
||
"diset ke root dan manila masing-masing. Perintah di atas menunjukkan output "
|
||
"dari manila root."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of all these config files is set to "
|
||
"root and neutron respectively. The above commands show output of root "
|
||
"neutron."
|
||
msgstr ""
|
||
"**Pass:**Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
|
||
"diset ke root dan neutron. Perintah di atas menunjukkan output dari root "
|
||
"neutron."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of all these configuration files is "
|
||
"set to root and glance respectively. The above commands show output of root "
|
||
"glance."
|
||
msgstr ""
|
||
"**Pass:** Jika kepemilikan pengguna dan grup dari semua file konfigurasi ini "
|
||
"disetel masing masing ke root dan glance. Perintah di atas menunjukkan "
|
||
"output dari root glance."
|
||
|
||
msgid ""
|
||
"**Pass:** If user and group ownership of the config file is set to root and "
|
||
"horizon respectively. The above commands show output of root horizon."
|
||
msgstr ""
|
||
"**Pass:** Jika kepemilikan pengguna dan grup dari file konfigurasi diset ke "
|
||
"root dan horizon masing-masing. Perintah di atas menunjukkan output dari "
|
||
"root horizon."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``CSRF_COOKIE_SECURE`` in ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` is set to ``True``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``CSRF_COOKIE_SECURE`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` disetel ke ``True``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``DISABLE_PASSWORD_REVEAL`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``True``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``DISABLE_PASSWORD_REVEAL`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``DISALLOW_IFRAME_EMBED`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``True``."
|
||
msgstr ""
|
||
"**Pass: ** Jika nilai parameter ``DISALLOW_IFRAME_EMBED`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``ENFORCE_PASSWORD_CHECK`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``True``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``ENFORCE_PASSWORD_CHECK`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` disetel ke ``True``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``PASSWORD_AUTOCOMPLETE`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``off``."
|
||
msgstr ""
|
||
"**Pass:**Jika nilai parameter ``PASSWORD_AUTOCOMPLETE`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` diatur ke ``off``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``PASSWORD_VALIDATOR`` in ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` is set to any value outside of the defaul "
|
||
"allow all `\"regex\": '.*',`"
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``PASSWORD_VALIDATOR`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` diatur ke nilai apapun di luar defaul "
|
||
"mengizinkan semua `\" regex \": '. *',`"
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``SECURE_PROXY_SSL_HEADER`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to "
|
||
"``'HTTP_X_FORWARDED_PROTO', 'https'``"
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter `` SECURE_PROXY_SSL_HEADER`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` diatur ke "
|
||
"``'HTTP_X_FORWARDED_PROTO', 'https'``"
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``SESSION_COOKIE_HTTPONLY`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``True``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``SESSION_COOKIE_HTTPONLY`` di ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` diatur ke ``True``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``SESSION_COOKIE_SECURE`` in ``/etc/"
|
||
"openstack-dashboard/local_settings.py`` is set to ``True``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``SESSION_COOKIE_SECURE`` di ``/etc/openstack-"
|
||
"dashboard/local_settings.py`` disetel ke ``True``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``api_insecure`` under ``[glance]`` section "
|
||
"in ``/etc/nova/nova.conf`` is set to ``False`` and value of parameter "
|
||
"``api_servers`` under ``[glance]`` section in ``/etc/nova/nova.conf`` is set "
|
||
"to a value starting with ``https://``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``api_insecure`` di bawah bagian ``[glance] "
|
||
"`` di ``/etc/nova/nova.conf`` diatur ke ``False`` dan nilai parameter "
|
||
"``api_servers`` di bawah bagian ``[glance]``` dalam ``/etc/nova/nova.conf`` "
|
||
"diatur ke nilai yang dimulai dengan ``https://``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_protocol`` under "
|
||
"``[keystone_authtoken]`` section in ``barbican.conf`` is set to ``https``, "
|
||
"or if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``barbican.conf`` is set to Identity API endpoint starting with "
|
||
"``https://`` and value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``barbican.conf`` is set to "
|
||
"``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_protocol`` di bawah bagian "
|
||
"``[keystone_authtoken] `` di ``barbican.conf`` diatur ke ``https``, atau "
|
||
"jika nilai parameter ``identity_uri`` di bawah ``[keystone_authtoken ]`` di "
|
||
"``barbican.conf`` disetel ke Identity API endpoint yang dimulai dengan "
|
||
"``https: // `` dan nilai parameter ``insecure`` di bawah bagian "
|
||
"``[keystone_authtoken]`` yang sama dalam ``barbican.conf`` yang sama diatur "
|
||
"ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_protocol`` under "
|
||
"``[keystone_authtoken]`` section in ``manila.conf`` is set to ``https``, or "
|
||
"if value of parameter ``identity_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``manila.conf`` is set to Identity API endpoint starting with "
|
||
"``https://`` and value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``manila.conf`` is set to "
|
||
"``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_protocol`` dibawah bagian "
|
||
"``[keystone_authtoken]`` dalam ``manila.conf`` diatur ke ``https``, atau "
|
||
"jika nilai parameter ``identity_uri`` dibawah bagian "
|
||
"``[keystone_authtoken]`` dalam ``manila.conf`` diatur ke Identity API "
|
||
"endpoint yang dimulai dengan ``https://`` dan nilai parameter ``insecure`` "
|
||
"dibawah bagian ``[keystone_authtoken]`` yang sama dalam ``manila.conf`` "
|
||
"yang sama diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to ``keystone``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian "
|
||
"``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``keystone``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/glance/glance-api.conf`` is set to ``keystone`` and value "
|
||
"of parameter ``auth_strategy`` under ``[DEFAULT]`` section in ``/etc/glance /"
|
||
"glance-registry.conf`` is set to ``keystone``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_strategy`` dibawah bagian "
|
||
"``[DEFAULT]`` di ``/etc/glance/glance-api.conf`` diatur ke ``keystone`` dan "
|
||
"nilai parameter ``auth_strategy`` dibawah bagian ``[DEFAULT]`` di ``/etc/"
|
||
"glance /glance-registry.conf`` diatur ke ``keystone``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/neutron/neutron.conf`` is set to ``keystone``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian "
|
||
"``[DEFAULT]`` di ``/etc/neutron/neutron.conf`` diatur ke ``keystone``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/nova/nova.conf`` is set to ``keystone``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian ``[DEFAULT] "
|
||
"`` di ``/etc/nova/nova.conf`` diatur ke `keystone``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_strategy`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``keystone``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_strategy`` di bawah bagian "
|
||
"``[DEFAULT]`` dalam ``manila.conf`` diatur ke ``keystone``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to Identity API endpoint "
|
||
"starting with ``https://`` and value of parameter ``insecure`` under the "
|
||
"same ``[keystone_authtoken]`` section in the same ``/etc/cinder/cinder."
|
||
"conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Pass: ** Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken] `` di ``/etc/cinder/cinder.conf`` diatur ke Identity "
|
||
"API endpoint yang dimulai dengan ``https://`` dan nilai parameter "
|
||
"``insecure`` di bawah bagian ``[keystone_authtoken]`` yang sama di ``/etc/"
|
||
"cinder/cinder.conf`` yang sama diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/glance/glance-api.conf`` is set to the Identity API "
|
||
"endpoint starting with ``https://``, and the value of the parameter "
|
||
"``insecure`` is under the same ``[keystone_authtoken]`` section in the same "
|
||
"``/etc/glance/glance-registry.conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken]`` di ``/etc/glance/glance-api.conf`` diatur ke "
|
||
"endpoint API Identity yang dimulai dengan ``https://``, dan nilai parameter "
|
||
"``insecure`` berada di bawah bagian ``[keystone_authtoken]`` yang sama di "
|
||
"bagian ``/etc/glance/glance-registry.conf`` yang sama diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/neutron/neutron.conf`` is set to Identity API endpoint "
|
||
"starting with ``https://`` and value of parameter ``insecure`` under the "
|
||
"same ``[keystone_authtoken]`` section in the same ``/etc/neutron/neutron."
|
||
"conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken]`` dalam ``/etc/neutron/neutron.conf`` diatur ke "
|
||
"Identity API endpoint yang dimulai dengan ``https://`` dan nilai parameter "
|
||
"``insecure`` di bawah bagian ``[keystone_authtoken]`` yang sama dalam bagian "
|
||
"yang sama ``/etc/neutron/neutron.conf`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``auth_uri`` under ``[keystone_authtoken]`` "
|
||
"section in ``/etc/nova/nova.conf`` is set to Identity API endpoint starting "
|
||
"with ``https://`` and value of parameter ``insecure`` under the same "
|
||
"``[keystone_authtoken]`` section in the same ``/etc/nova/nova.conf`` is set "
|
||
"to ``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``auth_uri`` di bawah bagian "
|
||
"``[keystone_authtoken]`` di ``/etc/nova/nova.conf`` disetel ke endpoint API "
|
||
"Identity yang dimulai dengan ``https://`` dan nilai dari parameter "
|
||
"``insecure`` di bawah bagian ` `[keystone_authtoken]` ` yang sama di ```/etc/"
|
||
"nova/nova.conf`` yang sama diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``cinder_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``cinder_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``copy_from`` in ``/etc/glance/policy.json`` "
|
||
"is set to a restricted value, for example ``role:admin``."
|
||
msgstr ""
|
||
"**Pass:* Jika nilai parameter ``copy_from`` di ``/etc/glance/policy.json`` "
|
||
"diatur ke nilai yang dibatasi, misalnya ``role: admin``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``glance_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to ``False`` and value of "
|
||
"parameter ``glance_api_servers`` is set to a value starting with ``https://"
|
||
"``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``glance_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` disetel ke ``False`` dan nilai "
|
||
"parameter ``glance_api_servers`` disetel ke nilai yang diawali dengan "
|
||
"``https:// ``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``hash_algorithm`` under ``[token]`` section "
|
||
"in ``/etc/keystone/keystone.conf`` is set to SHA256."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``hash_algorithm`` di bawah bagian ``[token] "
|
||
"`` di ``/etc/keystone/keystone.conf`` diatur ke SHA256."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``max_request_body_size`` in ``/etc/keystone/"
|
||
"keystone.conf`` is set to default (114688) or some reasonable value based on "
|
||
"your environment."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``max_request_body_size`` di ``/etc/keystone/"
|
||
"keystone.conf`` diatur ke default (114688) atau beberapa nilai wajar "
|
||
"berdasarkan lingkungan Anda."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``max_request_body_size`` under "
|
||
"``[oslo_middleware]`` section in ``manila.conf`` is set to ``114688``, or if "
|
||
"value of parameter ``osapi_max_request_body_size`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``114688``. The parameter "
|
||
"``osapi_max_request_body_size`` under ``[DEFAULT]`` is deprecated and it is "
|
||
"better to use [oslo_middleware]/``max_request_body_size``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``max_request_body_size`` di bagian "
|
||
"``[oslo_middleware] `` di ``manila.conf`` diatur ke ``114688``, atau jika "
|
||
"nilai parameter ``osapi_max_request_body_size`` di bawah bagian ``[DEFAULT ] "
|
||
"`` dalam ``manila.conf`` diatur ke ``114688``. Parameter "
|
||
"``osapi_max_request_body_size`` di bawah ``[DEFAULT] `` sudah tidak berlaku "
|
||
"lagi dan lebih baik menggunakan [oslo_middleware]/``max_request_body_size``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``nas_secure_file_permissions`` under "
|
||
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is set to ``auto``. "
|
||
"When set to ``auto``, a check is done during cinder startup to determine if "
|
||
"there are existing cinder volumes, no volumes will set the option to "
|
||
"``True``, and use secure file permissions. The detection of existing volumes "
|
||
"will set the option to ``False``, and use the current insecure method of "
|
||
"handling file permissions. If value of parameter "
|
||
"``nas_secure_file_operations`` under ``[DEFAULT]`` section in ``/etc/cinder/"
|
||
"cinder.conf`` is set to ``auto``. When set to \"auto\", a check is done "
|
||
"during cinder startup to determine if there are existing cinder volumes, no "
|
||
"volumes will set the option to ``True``, be secure and do NOT run as the "
|
||
"``root`` user. The detection of existing volumes will set the option to "
|
||
"``False``, and use the current method of running operations as the ``root`` "
|
||
"user. For new installations, a \"marker file\" is written so that subsequent "
|
||
"restarts of cinder will know what the original determination had been."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``nas_secure_file_permissions`` di bawah "
|
||
"bagian ``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``auto``. Bila "
|
||
"diatur ke ``auto``, sebuah cek dilakukan saat startup cinder untuk "
|
||
"menentukan apakah ada volume pengaman yang ada, tidak ada volume yang akan "
|
||
"mengatur pilihan ke ``True``, dan menggunakan hak akses file yang aman. "
|
||
"Deteksi volume yang ada akan mengatur pilihan ke ``False``, dan gunakan "
|
||
"metode penanganan berkas yang tidak aman saat ini. Jika nilai parameter "
|
||
"``nas_secure_file_operations`` di bawah bagian ``[DEFAULT] `` di ``/etc/"
|
||
"cinder/cinder.conf`` diatur ke ``auto``. Bila disetel ke \"auto\", cek "
|
||
"dilakukan saat startup cinder untuk menentukan apakah ada volume cinder yang "
|
||
"ada, tidak ada volume yang akan mengatur pilihan ke ``True``, menjadi aman "
|
||
"dan TIDAK dijalankan sebagai pengguna ``root`` . Deteksi volume yang ada "
|
||
"akan mengatur pilihan ke ``False``, dan gunakan metode operasi berjalan saat "
|
||
"ini sebagai pengguna ``root``. Untuk instalasi baru, sebuah \"marker file\" "
|
||
"ditulis sehingga restarts cinder berikutnya akan tahu apa tekad semula."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``neutron_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Pass:**Jika nilai parameter ``neutron_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT] `` di ``manila.conf`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``nova_api_insecure`` di bawah bagian "
|
||
"``[DEFAULT] `` di ``/etc/cinder/cinder.conf`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``nova_api_insecure`` under ``[DEFAULT]`` "
|
||
"section in ``manila.conf`` is set to ``False``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``nova_api_insecure`` dibawah bagian "
|
||
"``[DEFAULT]`` dalam ``manila.conf`` diatur ke ``False``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``osapi_max_request_body_size`` under "
|
||
"``[DEFAULT]`` section in ``/etc/cinder/cinder.conf`` is set to ``114688`` or "
|
||
"if value of parameter ``max_request_body_size`` under ``[oslo_middleware]`` "
|
||
"section in ``/etc/cinder/cinder.conf`` is set to ``114688``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``osapi_max_request_body_size`` di bawah "
|
||
"bagian ``[DEFAULT]`` di ``/etc/cinder/cinder.conf`` diatur ke ``114688`` "
|
||
"atau jika nilai parameter ``max_request_body_size`` di bagian bawah "
|
||
"``[oslo_middleware]`` di ``/etc/cinder/cinder.conf`` diatur ke ``114688``."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``provider`` under ``[token]`` section in ``/"
|
||
"etc/keystone/keystone.conf`` is set to fernet."
|
||
msgstr ""
|
||
"**Pass:**Jika nilai parameter ``provider`` di bawah bagian ``[token] `` di "
|
||
"``/etc/keystone/keystone.conf`` diatur ke fernet."
|
||
|
||
msgid ""
|
||
"**Pass:** If value of parameter ``use_ssl`` under ``[DEFAULT]`` section in "
|
||
"``/etc/neutron/neutron.conf`` is set to ``True``."
|
||
msgstr ""
|
||
"**Pass:** Jika nilai parameter ``use_ssl`` di bawah bagian ``[DEFAULT]`` di "
|
||
"``/etc/neutron/neutron.conf``diatur ke ``True``."
|
||
|
||
msgid "**Robert Clark**, HP"
|
||
msgstr "**Robert Clark**, HP"
|
||
|
||
msgid "**Segmented network in share servers back-end mode**"
|
||
msgstr "**Segmented network in share servers back-end mode**"
|
||
|
||
msgid "**Shawn Wells**, Red Hat"
|
||
msgstr "**Shawn Wells**, Red Hat"
|
||
|
||
msgid "**Vibha Fauver**"
|
||
msgstr "**Vibha Fauver**"
|
||
|
||
msgid ""
|
||
"**cert**. Authenticates an instance by a TLS certificate. Specify the TLS "
|
||
"identity as the IDENTKEY. A valid value is any string up to 64 characters "
|
||
"long in the common name (CN) of the certificate."
|
||
msgstr ""
|
||
"**cert**. Mengotentikasi sebuah instance dari sertifikat TLS. Tentukan "
|
||
"identitas TLS sebagai IDENTKEY. Nilai yang valid adalah string yang memiliki "
|
||
"panjang hingga 64 karakter dalam common name (CN) dari sertifikat."
|
||
|
||
msgid ""
|
||
"**ip**. Authenticates an instance by its IP address. A valid format is XX.XX."
|
||
"XX.XX or XX.XX.XX.XX/XX. For example 0.0.0.0/0."
|
||
msgstr ""
|
||
"**ip**. Mengotentikasi sebuah instance dari alamat IP-nya. Format yang valid "
|
||
"adalah XX.XX.XX.XX atau XX.XX.XX.XX / XX. Misalnya 0.0.0.0/0."
|
||
|
||
msgid "**no share servers mode**"
|
||
msgstr "**no share servers mode**"
|
||
|
||
msgid "**option**: 'cipher = aes-xts-plain64'"
|
||
msgstr "**option**: 'cipher = aes-xts-plain64'"
|
||
|
||
msgid "**option**: 'enabled = false'"
|
||
msgstr "**option**: 'enabled = false'"
|
||
|
||
msgid "**option**: 'key_size = 512'"
|
||
msgstr "**option**: 'key_size = 512'"
|
||
|
||
msgid "**ro**. Read-only (RO) access."
|
||
msgstr "**ro**. Akses Read-only (RO)."
|
||
|
||
msgid "**rw**. Read and write (RW) access. This is the default value."
|
||
msgstr "**rw**. Akses Read dan write (RW). Ini adalah nilai default."
|
||
|
||
msgid "**share servers mode**"
|
||
msgstr "**share servers mode**"
|
||
|
||
msgid ""
|
||
"**user**. Authenticates by a specified user or group name. A valid value is "
|
||
"an alphanumeric string that can contain some special characters and is from "
|
||
"4 to 32 characters long."
|
||
msgstr ""
|
||
"**user**. Mengotentikasi pengguna tertentu atau nama grup. Nilai yang valid "
|
||
"adalah string alfanumerik yang dapat berisi beberapa karakter khusus dan "
|
||
"terdiri dari 4 hingga 32 karakter."
|
||
|
||
msgid ""
|
||
"*Code injection*: If memory or disk transfers are not handled securely, then "
|
||
"an attacker could manipulate executables, either on disk or in memory, "
|
||
"during the migration."
|
||
msgstr ""
|
||
"*Code injection*: Jika transfer memori atau disk tidak ditangani dengan "
|
||
"aman, maka penyerang dapat memanipulasi file executable, baik pada disk atau "
|
||
"memori selama migrasi berlangsung."
|
||
|
||
msgid "*Data exposure*: Memory or disk transfers must be handled securely."
|
||
msgstr ""
|
||
"*Data exposure*: Transfer memori atau disk harus ditangani dengan aman."
|
||
|
||
msgid ""
|
||
"*Data manipulation*: If memory or disk transfers are not handled securely, "
|
||
"then an attacker could manipulate user data during the migration."
|
||
msgstr ""
|
||
"*Data manipulation*: Jika transfer memori atau disk tidak ditangani dengan "
|
||
"aman, maka penyerang dapat memanipulasi data pengguna selama migrasi "
|
||
"berlangsung."
|
||
|
||
msgid ""
|
||
"*Denial of Service (DoS)*: If something fails during the migration process, "
|
||
"the instance could be lost."
|
||
msgstr ""
|
||
"*Denial of Service (DoS)*: Jika sesuatu gagal selama proses migrasi, "
|
||
"instance bisa hilang."
|
||
|
||
msgid "*Middleware configuration* - persisted in paste.ini"
|
||
msgstr "*Middleware configuration* - bertahan di paste.ini"
|
||
|
||
msgid "*RBAC rulesets* - persisted in policy.json"
|
||
msgstr "*RBAC rulesets* - bertahan di policy.json"
|
||
|
||
msgid "*RabbitMQ Credentials* - persisted in barbican.conf"
|
||
msgstr "*RabbitMQ Credentials* - bertahan di barbican.conf"
|
||
|
||
msgid "*RabbitMQ credentials*:"
|
||
msgstr "*RabbitMQ credentials*:"
|
||
|
||
msgid ""
|
||
"*Secret data* - Passphrases, Encryption Keys, RSA Keys - persisted in "
|
||
"Database [PKCS#11] or HSM [KMIP] or [KMIP, Dogtag]"
|
||
msgstr ""
|
||
"*Secret data* - Passphrases, Encryption Keys, RSA Keys - bertahan di "
|
||
"Database [PKCS#11] atau HSM [KMIP] or [KMIP, Dogtag]"
|
||
|
||
msgid "*keystone Event Queue Credentials* - persisted in barbican.conf"
|
||
msgstr "*keystone Event Queue Credentials* - bertahan di barbican.conf"
|
||
|
||
msgid "*keystone credentials*:"
|
||
msgstr "*keystone credentials*:"
|
||
|
||
msgid "1024, 2048, or 3072 bits"
|
||
msgstr "1024, 2048, atau 3072 bits"
|
||
|
||
msgid "128, 192, or 256 bit"
|
||
msgstr "128, 192, atau 256 bit"
|
||
|
||
msgid "128, 192, or 256 bits"
|
||
msgstr "128, 192, or 256 bits"
|
||
|
||
msgid "168 bits"
|
||
msgstr "168 bits"
|
||
|
||
msgid "22/tcp"
|
||
msgstr "22/tcp"
|
||
|
||
msgid "3260/tcp"
|
||
msgstr "3260/tcp"
|
||
|
||
msgid "3306/tcp"
|
||
msgstr "3306/tcp"
|
||
|
||
msgid "443/tcp"
|
||
msgstr "443/tcp"
|
||
|
||
msgid "53/tcp"
|
||
msgstr "53/tcp"
|
||
|
||
msgid "5672/tcp"
|
||
msgstr "5672/tcp"
|
||
|
||
msgid "6000"
|
||
msgstr "6000"
|
||
|
||
msgid "6001"
|
||
msgstr "6001"
|
||
|
||
msgid "6002"
|
||
msgstr "6002"
|
||
|
||
msgid "873"
|
||
msgstr "873"
|
||
|
||
msgid ":doc:`Block Storage service checklist <block-storage/checklist>`"
|
||
msgstr ":doc:`Block Storage service checklist <block-storage/checklist>`"
|
||
|
||
msgid ":doc:`Compute service checklist <compute/checklist>`"
|
||
msgstr ":doc:`Compute service checklist <compute/checklist>`"
|
||
|
||
msgid ":doc:`Dashboard checklist <dashboard/checklist>`"
|
||
msgstr ":doc:`Dashboard checklist <dashboard/checklist>`"
|
||
|
||
msgid ":doc:`Identity service checklist <identity/checklist>`"
|
||
msgstr ":doc:`Identity service checklist <identity/checklist>`"
|
||
|
||
msgid ":doc:`Networking service checklist <networking/checklist>`"
|
||
msgstr ":doc:`Networking service checklist <networking/checklist>`"
|
||
|
||
msgid ""
|
||
":doc:`Shared File Systems service checklist <shared-file-systems/checklist>`"
|
||
msgstr ""
|
||
":doc:`Shared File Systems service checklist <shared-file-systems/checklist>`"
|
||
|
||
msgid ""
|
||
":term:`Discretionary Access Control (DAC)` restricts access to file system "
|
||
"objects based on :term:`ACL <access control list (ACL)>` that include the "
|
||
"standard UNIX permissions for user, groups, and others. Access control "
|
||
"mechanisms also protect IPC objects from unauthorized access. The system "
|
||
"includes the ext4 file system, which supports POSIX ACLs. This allows "
|
||
"defining access rights to files within this type of file system down to the "
|
||
"granularity of a single user."
|
||
msgstr ""
|
||
":term:`Discretionary Access Control (DAC)` membatasi akses ke objek sistem "
|
||
"file berdasarkan :term:`ACL <access control list (ACL)>` yang termasuk izin "
|
||
"UNIX standar untuk pengguna, grup, dan lainnya. Mekanisme kontrol akses juga "
|
||
"melindungi objek IPC dari akses yang tidak sah. Sistem ini mencakup sistem "
|
||
"file ext4, yang mendukung POSIX ACLs. Hal ini memungkinkan hak akses "
|
||
"menentukan ke file dalam jenis sistem file ini sampai ke perincian satu "
|
||
"pengguna."
|
||
|
||
msgid ""
|
||
":term:`Federated Identity<federated identity>` is a mechanism to establish "
|
||
"trusts between Identity Providers and Service Providers (SP), in this case, "
|
||
"between Identity Providers and the services provided by an OpenStack Cloud."
|
||
msgstr ""
|
||
":term:`Federated Identity<federated identity>` adalah mekanisme untuk "
|
||
"membangun kepercayaan antara Identity Providers dan Service Providers (SP), "
|
||
"dalam hal ini, antara Identity Providers dan layanan yang diberikan oleh "
|
||
"OpenStack Cloud."
|
||
|
||
msgid ":term:`Secure shell (SSH)<secure shell (SSH)>`"
|
||
msgstr ":term:`Secure shell (SSH)<secure shell (SSH)>`"
|
||
|
||
msgid ""
|
||
"A **real production use case** that shows the purpose of a share types and "
|
||
"access to them is a situation when you have two back ends: cheap LVM as a "
|
||
"public storage and expensive Ceph as a private storage. In this case you can "
|
||
"grant access to certain tenants and make the access with ``user/group`` "
|
||
"authentication method."
|
||
msgstr ""
|
||
"**real production use case** yang menunjukkan tujuan dari jenis share dan "
|
||
"akses ke mereka adalah situasi saat Anda memiliki dua tujuan: LVM murah "
|
||
"sebagai penyimpanan publik dan Ceph mahal sebagai penyimpanan privat. Dalam "
|
||
"hal ini Anda dapat memberikan akses ke penyewa tertentu dan membuat akses "
|
||
"dengan metode otentikasi ``user/group`` ."
|
||
|
||
msgid ""
|
||
"A *bridge* is a component that exists inside more than one security domain. "
|
||
"Any component that bridges security domains with different trust levels or "
|
||
"authentication requirements must be carefully configured. These bridges are "
|
||
"often the weak points in network architecture. A bridge should always be "
|
||
"configured to meet the security requirements of the highest trust level of "
|
||
"any of the domains it is bridging. In many cases the security controls for "
|
||
"bridges should be a primary concern due to the likelihood of attack."
|
||
msgstr ""
|
||
"*bridge* adalah komponen yang ada di dalam lebih dari satu domain keamanan. "
|
||
"Setiap komponen yang menjembatani domain keamanan dengan tingkat kepercayaan "
|
||
"atau persyaratan otentikasi yang berbeda harus dikonfigurasi dengan saksama. "
|
||
"Jembatan ini sering menjadi titik lemah dalam arsitektur jaringan. Jembatan "
|
||
"harus selalu dikonfigurasi untuk memenuhi persyaratan keamanan tingkat "
|
||
"kepercayaan tertinggi dari domain mana pun yang menjembataninya. Dalam "
|
||
"banyak kasus, kontrol keamanan untuk jembatan harus menjadi perhatian utama "
|
||
"karena kemungkinan serangan."
|
||
|
||
msgid ""
|
||
"A *security service* is the Shared File Systems service (manila) entity that "
|
||
"abstracts a set of options that defines a security domain for a particular "
|
||
"shared file system protocol, such as an Active Directory domain or a "
|
||
"Kerberos domain. The security service contains all of the information "
|
||
"necessary for the Shared File Systems to create a server that joins a given "
|
||
"domain."
|
||
msgstr ""
|
||
"A *security service * adalah entitas Shared File Systems (manila) yang "
|
||
"abstract (memisahkan) satu set pilihan yang mendefinisikan domain keamanan "
|
||
"untuk protokol sistem file bersama tertentu, seperti domain Active Directory "
|
||
"atau domain Kerberos. Layanan keamanan berisi semua informasi yang "
|
||
"diperlukan untuk Shared File Systems untuk membuat server yang bergabung "
|
||
"dengan domain tertentu."
|
||
|
||
msgid ""
|
||
"A Certificate Revocation List (CRL) is a list of certificate serial numbers "
|
||
"that have been revoked. End entities presenting these certificates should "
|
||
"not be trusted in a PKI model. Revocation can happen because of several "
|
||
"reasons for example, key compromise, CA compromise."
|
||
msgstr ""
|
||
"Certificate Revocation List (CRL) adalah daftar nomor seri sertifikat yang "
|
||
"telah dicabut. Entitas akhir yang mempresentasikan sertifikat ini tidak "
|
||
"boleh dipercaya dalam model PKI. Pencabutan bisa terjadi karena beberapa "
|
||
"alasan misalnya, kompromi kunci, kompromi CA."
|
||
|
||
msgid "A DNS IP address that is used inside the tenant network."
|
||
msgstr "Alamat IP DNS yang digunakan di dalam jaringan penyewa."
|
||
|
||
msgid ""
|
||
"A bare metal server driver for Compute was under development and has since "
|
||
"moved into a separate project called `ironic <https://wiki.openstack.org/"
|
||
"wiki/Ironic>`__. At the time of this writing, ironic does not appear to "
|
||
"address sanitization of tenant data resident the physical hardware."
|
||
msgstr ""
|
||
"Driver server bare metal untuk Compute sedang dalam pengembangan dan sejak "
|
||
"pindah ke proyek terpisah yang disebut 'ironis <https://wiki.openstack.org/"
|
||
"wiki/Ironic> `__. Pada saat penulisan ini, ironis nampaknya tidak membahas "
|
||
"sanitasi data penyewa yang menampung perangkat keras fisik."
|
||
|
||
msgid "A brief description of the purpose of the interface."
|
||
msgstr "Uraian singkat tentang tujuan antarmuka."
|
||
|
||
msgid ""
|
||
"A cloud architect should decide what devices to make available to cloud "
|
||
"users. Anything that is not needed should be removed from QEMU. This step "
|
||
"requires recompiling QEMU after modifying the options passed to the QEMU "
|
||
"configure script. For a complete list of up-to-date options simply run :"
|
||
"command:`./configure --help` from within the QEMU source directory. Decide "
|
||
"what is needed for your deployment, and disable the remaining options."
|
||
msgstr ""
|
||
"Arsitek awan harus menentukan perangkat apa yang tersedia bagi pengguna "
|
||
"cloud. Apa pun yang tidak dibutuhkan harus dihapus dari QEMU. Langkah ini "
|
||
"memerlukan rekam ulang QEMU setelah memodifikasi opsi yang dilewatkan ke "
|
||
"skrip konfigurasi QEMU. Untuk daftar opsi up-to-date yang lengkap, cukup "
|
||
"jalankan :command:`./configure --help` dari dalam direktori sumber QEMU. "
|
||
"Tentukan apa yang dibutuhkan untuk penerapan Anda, dan nonaktifkan opsi yang "
|
||
"tersisa."
|
||
|
||
msgid ""
|
||
"A cloud can be abstracted as a collection of logical components by virtue of "
|
||
"their function, users, and shared security concerns, which we call security "
|
||
"domains. Threat actors and vectors are classified based on their motivation "
|
||
"and access to resources. Our goal is to provide you a sense of the security "
|
||
"concerns with respect to each domain depending on your risk/vulnerability "
|
||
"protection objectives."
|
||
msgstr ""
|
||
"Awan dapat diabstraksikan sebagai kumpulan komponen logis berdasarkan "
|
||
"fungsi, pengguna, dan masalah keamanan bersama, yang disebut domain "
|
||
"keamanan. Aktor dan vektor ancaman digolongkan berdasarkan motivasi dan "
|
||
"akses terhadap sumber daya. Tujuan kami adalah memberi Anda rasa "
|
||
"kekhawatiran keamanan sehubungan dengan setiap domain tergantung pada tujuan "
|
||
"perlindungan risiko/kerentanan Anda."
|
||
|
||
msgid ""
|
||
"A cloud deployment is a living system. Machines age and fail, software "
|
||
"becomes outdated, vulnerabilities are discovered. When errors or omissions "
|
||
"are made in configuration, or when software fixes must be applied, these "
|
||
"changes must be made in a secure, but convenient, fashion. These changes are "
|
||
"typically solved through configuration management."
|
||
msgstr ""
|
||
"Pengerahan awan merupakan sistem kehidupan. Mesin menjadi menua dan gagal, "
|
||
"perangkat lunak menjadi usang, kerentanan akan ditemukan. Bila terjadi "
|
||
"kesalahan atau kelalaian dalam konfigurasi, atau bila perbaikan perangkat "
|
||
"lunak harus diterapkan, perubahan ini harus dilakukan dengan cara yang aman "
|
||
"namun nyaman. Perubahan ini biasanya diselesaikan melalui manajemen "
|
||
"konfigurasi."
|
||
|
||
msgid ""
|
||
"A cloud will always have bugs. Some of these will be security problems. For "
|
||
"this reason, it is critically important to be prepared to apply security "
|
||
"updates and general software updates. This involves smart use of "
|
||
"configuration management tools, which are discussed below. This also "
|
||
"involves knowing when an upgrade is necessary."
|
||
msgstr ""
|
||
"Awan akan selalu memiliki bug. Beberapa di antaranya akan menjadi masalah "
|
||
"keamanan. Untuk alasan ini, sangat penting untuk bersiap menerapkan "
|
||
"pembaruan keamanan dan pembaruan perangkat lunak umum. Ini melibatkan "
|
||
"penggunaan alat manajemen konfigurasi yang cerdas, yang akan dibahas di "
|
||
"bawah ini. Ini juga melibatkan mengetahui kapan upgrade diperlukan."
|
||
|
||
msgid ""
|
||
"A cloud will host many virtual instances, and monitoring these instances "
|
||
"goes beyond hardware monitoring and log files which may just contain CRUD "
|
||
"events."
|
||
msgstr ""
|
||
"Awan akan meng-host banyak instance virtual, dan memantau instance ini "
|
||
"melampaui pemantauan perangkat keras dan file log yang mungkin berisi "
|
||
"kejadian CRUD."
|
||
|
||
msgid ""
|
||
"A common reason to perform a security review on an OpenStack project is to "
|
||
"enable that project to achieve the *vulnerability:managed* governance tag. "
|
||
"The OpenStack Vulnerability Management Team (VMT) applies the `vulnerability:"
|
||
"managed tag <https://governance.openstack.org/reference/tags/"
|
||
"vulnerability_managed.html>`_ to projects where the report reception and "
|
||
"disclosure of vulnerabilities is managed by the VMT. One of the requirements "
|
||
"for gaining the tag is that some form of security review, audit or threat "
|
||
"analysis has been performed on the project."
|
||
msgstr ""
|
||
"Alasan umum untuk melakukan tinjauan keamanan pada proyek OpenStack adalah "
|
||
"untuk memungkinkan proyek tersebut mencapai tag pengelolaan *vulnerability:"
|
||
"managed* . OpenStack Vulnerability Management Team (VMT) menerapkan "
|
||
"`vulnerability:managed tag <https://governance.openstack.org/reference/tags/"
|
||
"vulnerability_managed.html>`_ untuk proyek di mana laporan penerimaan dan "
|
||
"pengungkapan kerentanan dikelola oleh VMT. Salah satu persyaratan untuk "
|
||
"mendapatkan tag adalah beberapa bentuk tinjauan keamanan, audit atau "
|
||
"analisis ancaman telah dilakukan pada proyek."
|
||
|
||
msgid ""
|
||
"A complete tutorial on secure boot deployment is beyond the scope of this "
|
||
"book. Instead, here we provide a framework for how to integrate secure boot "
|
||
"technologies with the typical node provisioning process. For additional "
|
||
"details, cloud architects should refer to the related specifications and "
|
||
"software configuration manuals."
|
||
msgstr ""
|
||
"Tutorial lengkap tentang penerapan booting aman berada di luar cakupan buku "
|
||
"ini. Sebagai gantinya, di sini kami menyediakan kerangka kerja bagaimana "
|
||
"mengintegrasikan teknologi boot aman dengan proses penyediaan node tipikal. "
|
||
"Untuk rincian tambahan, arsitek awan harus mengacu pada spesifikasi dan "
|
||
"manual konfigurasi perangkat lunak yang terkait."
|
||
|
||
msgid ""
|
||
"A compromised application running within a VM attacks the hypervisor to "
|
||
"access or control another virtual machine and its resources. This is a "
|
||
"threat vector unique to virtualization and represents considerable risk as a "
|
||
"multitude of virtual machine file images could be compromised due to "
|
||
"vulnerability in a single application. This virtual network attack is a "
|
||
"major concern as the administrative techniques for protecting real networks "
|
||
"do not directly apply to the virtual environment."
|
||
msgstr ""
|
||
"Aplikasi yang disusupi yang berjalan di dalam VM menyerang hypervisor untuk "
|
||
"mengakses atau mengendalikan mesin virtual lain dan sumber dayanya. Ini "
|
||
"adalah vektor ancaman yang unik untuk virtualisasi dan merupakan risiko yang "
|
||
"cukup besar karena banyak image file mesin virtual dapat dikompromikan "
|
||
"karena kerentanan dalam satu aplikasi. Serangan jaringan virtual ini menjadi "
|
||
"perhatian utama karena teknik administratif untuk melindungi jaringan "
|
||
"sebenarnya tidak langsung diterapkan ke lingkungan virtual."
|
||
|
||
msgid ""
|
||
"A compromised application running within a virtual machine attacks the "
|
||
"hypervisor to access underlying resources. For example, when a virtual "
|
||
"machine is able to access the hypervisor OS, physical devices, or other "
|
||
"applications. This threat vector represents considerable risk as a "
|
||
"compromise on a hypervisor can infect the physical hardware as well as "
|
||
"exposing other virtual machines and network segments."
|
||
msgstr ""
|
||
"Aplikasi yang disusupi yang berjalan di dalam mesin virtual menyerang "
|
||
"hypervisor untuk mengakses sumber daya yang mendasarinya. Misalnya, ketika "
|
||
"mesin virtual mampu mengakses hypervisor OS, perangkat fisik, atau aplikasi "
|
||
"lainnya. Vektor ancaman ini merupakan risiko yang cukup besar karena "
|
||
"kompromi pada hypervisor dapat menginfeksi perangkat keras fisik serta "
|
||
"membeberkan mesin virtual dan segmen jaringan lainnya."
|
||
|
||
msgid ""
|
||
"A directory service that Microsoft developed for Windows domain networks. "
|
||
"Uses LDAP, Microsoft's version of Kerberos, and DNS."
|
||
msgstr ""
|
||
"Layanan direktori yang dikembangkan Microsoft untuk domain Windows. "
|
||
"Menggunakan LDAP, versi Microsoft Kerberos, dan DNS."
|
||
|
||
msgid ""
|
||
"A directory service, such as LDAP, RADIUS and Active Directory, which allows "
|
||
"users to login with a user name and password, is a typical source of "
|
||
"authentication tokens (e.g. passwords) at an :term:`identity provider`."
|
||
msgstr ""
|
||
"Layanan direktori, seperti LDAP, RADIUS dan Active Directory, yang "
|
||
"memungkinkan pengguna masuk dengan nama pengguna dan kata sandi, merupakan "
|
||
"sumber khas token otentikasi (misalnya kata sandi) pada sebuah :term:"
|
||
"`identity provider`."
|
||
|
||
msgid "A domain of a security service."
|
||
msgstr "Sebuah domain dari sebuah layanan keamanan."
|
||
|
||
msgid ""
|
||
"A federated user may request a :term:`scoped token`, by using the unscoped "
|
||
"token. A project or domain may be specified by either ID or name. An ID is "
|
||
"sufficient to uniquely identify a project or domain. For example,"
|
||
msgstr ""
|
||
"Seorang pengguna federasi dapat meminta :term:`scoped token`, dengan "
|
||
"menggunakan unscoped token. Sebuah proyek atau domain dapat ditentukan oleh "
|
||
"ID atau nama. ID cukup untuk mengidentifikasi suatu proyek atau domain "
|
||
"secara unik. Sebagai contoh,"
|
||
|
||
msgid ""
|
||
"A hardware infection occurs when an instance makes a malicious modification "
|
||
"to the firmware or some other part of a device. As this device is used by "
|
||
"other instances or the host OS, the malicious code can spread into those "
|
||
"systems. The end result is that one instance can run code outside of its "
|
||
"security domain. This is a significant breach as it is harder to reset the "
|
||
"state of physical hardware than virtual hardware, and can lead to additional "
|
||
"exposure such as access to the management network."
|
||
msgstr ""
|
||
"Sebuah infeksi perangkat keras terjadi ketika sebuah instance membuat "
|
||
"modifikasi berbahaya ke firmware atau bagian lain dari perangkat. Karena "
|
||
"perangkat ini digunakan oleh instance lain atau host OS, kode berbahaya "
|
||
"dapat menyebar ke sistem tersebut. Hasil akhirnya adalah satu instance dapat "
|
||
"menjalankan kode di luar domain keamanannya. Ini adalah pelanggaran yang "
|
||
"signifikan karena lebih sulit untuk mengatur ulang keadaan perangkat keras "
|
||
"fisik daripada perangkat keras virtual, dan dapat menyebabkan pembukaan "
|
||
"(exposure) tambahan seperti akses ke jaringan manajemen."
|
||
|
||
msgid ""
|
||
"A hybrid cloud is defined by NIST as a composition of two or more distinct "
|
||
"cloud infrastructures, such as private, community, or public, that remain "
|
||
"unique entities, but are bound together by standardized or proprietary "
|
||
"technology that enables data and application portability, such as cloud "
|
||
"bursting for load balancing between clouds. For example, an online retailer "
|
||
"might present their advertising and catalogue on a public cloud that allows "
|
||
"for elastic provisioning. This would enable them to handle seasonal loads in "
|
||
"a flexible, cost-effective fashion. Once a customer begins to process their "
|
||
"order, they are transferred to a more secure private cloud that is PCI "
|
||
"compliant."
|
||
msgstr ""
|
||
"Sebuah awan hibrida didefinisikan oleh NIST sebagai komposisi dari dua atau "
|
||
"lebih infrastruktur awan yang berbeda, seperti private, community, atau "
|
||
"public, yang tetap merupakan entitas unik, namun terikat bersama oleh "
|
||
"teknologi standar atau proprietary yang memungkinkan portabilitas data dan "
|
||
"aplikasi, seperti cloud bursting untuk load balancing antara awan. Misalnya, "
|
||
"peritel online dapat menampilkan iklan dan katalog mereka di awan publik "
|
||
"yang memungkinkan penyediaan elastis. Ini akan memungkinkan mereka menangani "
|
||
"beban musiman dengan cara yang fleksibel dan hemat biaya. Begitu pelanggan "
|
||
"mulai memproses pesanan mereka, mereka akan ditransfer ke awan pribadi yang "
|
||
"lebih aman yang sesuai dengan PCI."
|
||
|
||
msgid ""
|
||
"A hypervisor runs independent virtual machines. This hypervisor can run in "
|
||
"an operating system or directly on the hardware (called baremetal). Updates "
|
||
"to the hypervisor are not propagated down to the virtual machines. For "
|
||
"example, if a deployment is using XenServer and has a set of Debian virtual "
|
||
"machines, an update to XenServer will not update anything running on the "
|
||
"Debian virtual machines."
|
||
msgstr ""
|
||
"Sebuah hypervisor menjalankan mesin virtual independen. Hypervisor ini bisa "
|
||
"berjalan di sistem operasi atau langsung pada perangkat keras (disebut "
|
||
"baremetal). Pembaruan hypervisor tidak disebarkan ke mesin virtual. "
|
||
"Misalnya, jika penggelaran menggunakan XenServer dan memiliki satu set mesin "
|
||
"virtual Debian, pembaruan ke XenServer tidak akan memperbarui apa pun yang "
|
||
"berjalan di mesin virtual Debian."
|
||
|
||
msgid ""
|
||
"A list of known plug-ins provided by the open source community or by SDN "
|
||
"companies that work with OpenStack Networking is available at `OpenStack "
|
||
"neutron plug-ins and drivers wiki page <https://wiki.openstack.org/wiki/"
|
||
"Neutron_Plugins_and_Drivers>`__."
|
||
msgstr ""
|
||
"Daftar plug-in yang diketahui disediakan oleh komunitas open source atau "
|
||
"oleh perusahaan SDN yang bekerja dengan OpenStack Networking tersedia di "
|
||
"`OpenStack neutron plug-ins and drivers wiki page <https://wiki.openstack."
|
||
"org/wiki/Neutron_Plugins_and_Drivers>`__."
|
||
|
||
msgid ""
|
||
"A list of the components of the deployed project excluding external "
|
||
"entities. Each component should be named and have a brief description of its "
|
||
"purpose, and be labeled with the primary technology used (e.g. Python, "
|
||
"MySQL, RabbitMQ)."
|
||
msgstr ""
|
||
"Daftar komponen proyek yang dikerahkan tidak termasuk entitas eksternal. "
|
||
"Setiap komponen harus diberi nama dan memiliki deskripsi singkat tentang "
|
||
"tujuannya, dan diberi label dengan teknologi utama yang digunakan (misalnya "
|
||
"Python, MySQL, RabbitMQ)."
|
||
|
||
msgid ""
|
||
"A list of the expected primary users of the implemented architecture and "
|
||
"their use-cases. 'Users' can either be actors or other services within "
|
||
"OpenStack."
|
||
msgstr ""
|
||
"Daftar pengguna primer yang diharapkan dari arsitektur yang diterapkan dan "
|
||
"use-case nya. 'Users' bisa jadi aktor atau layanan lainnya di dalam "
|
||
"OpenStack."
|
||
|
||
msgid ""
|
||
"A local directory can also be used (``local``), but is considered insecure "
|
||
"and not suitable for a production enviroment."
|
||
msgstr ""
|
||
"Direktori lokal juga dapat digunakan (``local``), namun dianggap tidak aman "
|
||
"dan tidak sesuai untuk lingkungan produksi."
|
||
|
||
msgid ""
|
||
"A mutual authentication network protocol using 'tickets' to secure "
|
||
"communication between client and server. The Kerberos ticket-granting ticket "
|
||
"can be used to securely provide tickets for a given service."
|
||
msgstr ""
|
||
"Protokol jaringan otentikasi bersama menggunakan 'tickets' untuk mengamankan "
|
||
"komunikasi antara client dan server. Tiket Kerberos ticket-granting dapat "
|
||
"digunakan untuk menyediakan tiket secara aman dengan layanan yang ada."
|
||
|
||
msgid ""
|
||
"A network topology should be provided with highlights specifically calling "
|
||
"out the data flows and bridging points between the security domains. Network "
|
||
"ingress and egress points should be identified along with any OpenStack "
|
||
"logical system boundaries. Multiple diagrams might be needed to provide "
|
||
"complete visual coverage of the system. A network topology document should "
|
||
"include virtual networks created on behalf of tenants by the system along "
|
||
"with virtual machine instances and gateways created by OpenStack."
|
||
msgstr ""
|
||
"Topologi jaringan harus dilengkapi dengan highlight (sorotan) yang secara "
|
||
"khusus memanggil arus data dan bridging point (titik penjembatan) di antara "
|
||
"domain keamanan. Network ingress dan egress point harus diidentifikasi "
|
||
"bersamaan dengan batasan sistem logis OpenStack manapun. Beberapa diagram "
|
||
"mungkin diperlukan untuk menyediakan cakupan visual lengkap dari sistem. "
|
||
"Dokumen topologi jaringan harus mencakup jaringan virtual yang dibuat atas "
|
||
"nama penyewa oleh sistem beserta instance mesin virtual dan gateway yang "
|
||
"dibuat oleh OpenStack."
|
||
|
||
msgid ""
|
||
"A notable difference in the attack surface of public clouds is that they "
|
||
"must provide internet access to their services. Instance connectivity, "
|
||
"access to files over the internet and the ability to interact with the cloud "
|
||
"controlling fabric such as the API endpoints and dashboard are must-haves "
|
||
"for the public cloud."
|
||
msgstr ""
|
||
"Perbedaan yang mencolok di permukaan serangan awan publik adalah mereka "
|
||
"harus menyediakan akses internet ke layanan mereka. Instance connectivity, "
|
||
"akses ke file melalui internet dan kemampuan untuk berinteraksi dengan cloud "
|
||
"controlling fabric seperti API endpoint dan dasbor menjadi harus dimiliki "
|
||
"(must-have) bagi awan publik."
|
||
|
||
msgid "A password for a user, if you specify a user name."
|
||
msgstr "Kata sandi untuk pengguna, jika Anda menentukan nama pengguna."
|
||
|
||
msgid ""
|
||
"A policy engine and its configuration file, ``policy.json``, within "
|
||
"OpenStack Networking provides a method to provide finer grained "
|
||
"authorization of users on project networking methods and objects. The "
|
||
"OpenStack Networking policy definitions affect network availability, network "
|
||
"security and overall OpenStack security. Cloud architects and operators "
|
||
"should carefully evaluate their policy towards user and project access to "
|
||
"administration of network resources. For a more detailed explanation of "
|
||
"OpenStack Networking policy definition, please refer to the `Authentication "
|
||
"and authorization section <https://docs.openstack.org/admin-guide/"
|
||
"networking_auth.html>`__ in the OpenStack Administrator Guide."
|
||
msgstr ""
|
||
"Sebuah mesin kebijakan dan file konfigurasinya, ``policy.json``, di dalam "
|
||
"OpenStack Networking menyediakan metode untuk memberikan otorisasi pengguna "
|
||
"yang lebih halus mengenai metode dan objek jaringan proyek. Definisi "
|
||
"kebijakan OpenStack Networking mempengaruhi ketersediaan jaringan, keamanan "
|
||
"jaringan dan keamanan OpenStack secara keseluruhan. Arsitek dan operator "
|
||
"awan harus hati-hati mengevaluasi kebijakan mereka terhadap akses pengguna "
|
||
"dan proyek untuk administrasi sumber daya jaringan. Untuk penjelasan lebih "
|
||
"rinci tentang definisi kebijakan OpenStack Networking, lihat `Authentication "
|
||
"and authorization section <https://docs.openstack.org/admin-guide/"
|
||
"networking_auth.html> `__ di Panduan Administrator OpenStack."
|
||
|
||
msgid ""
|
||
"A policy rule determines under which circumstances the API call is "
|
||
"permitted. The ``/etc/manila/policy.json`` file has rules where action is "
|
||
"always permitted, when the rule is an empty string: ``\"\"``; the rules "
|
||
"based on the user role or rules; rules with boolean expressions. Below is a "
|
||
"snippet of the ``policy.json`` file for the Shared File Systems service. "
|
||
"From one OpenStack release to another it can be changed."
|
||
msgstr ""
|
||
"Aturan kebijakan menentukan keadaan yang diizinkan API diizinkan. File ``/"
|
||
"etc/manila/policy.json`` memiliki aturan di mana tindakan selalu diizinkan, "
|
||
"bila aturan adalah string kosong: ``\"\"``; aturan berdasarkan peran atau "
|
||
"aturan pengguna; aturan dengan ekspresi boolean. Berikut adalah cuplikan "
|
||
"dari file ``policy.json`` untuk layanan Shared File Systems. Dari satu rilis "
|
||
"OpenStack ke yang lain itu bisa diubah."
|
||
|
||
msgid ""
|
||
"A production quality cloud should always use tools to automate configuration "
|
||
"and deployment. This eliminates human error, and allows the cloud to scale "
|
||
"much more rapidly. Automation also helps with continuous integration and "
|
||
"testing."
|
||
msgstr ""
|
||
"Awan kualitas produksi harus selalu menggunakan alat untuk mengotomatisasi "
|
||
"konfigurasi dan penyebaran. Ini menghilangkan kesalahan manusia, dan "
|
||
"memungkinkan awan untuk skala jauh lebih cepat. Otomasi juga membantu dengan "
|
||
"integrasi dan pengujian terus menerus."
|
||
|
||
msgid ""
|
||
"A proxy node should have at least two interfaces (physical or virtual): one "
|
||
"public and one private. Firewalls or service binding might protect the "
|
||
"public interface. The public facing service is an HTTP web server that "
|
||
"processes end-point client requests, authenticates them, and performs the "
|
||
"appropriate action. The private interface does not require any listening "
|
||
"services, but is instead used to establish outgoing connections to storage "
|
||
"nodes on the private storage network."
|
||
msgstr ""
|
||
"Sebuah node proxy harus memiliki setidaknya dua antarmuka (fisik atau "
|
||
"virtual): satu publik dan satu pribadi. Firewall atau layanan yang mengikat "
|
||
"bisa melindungi antarmuka publik. Layanan yang dihadapi publik adalah server "
|
||
"web HTTP yang memproses permintaan klien end-point, mengotentikasi mereka, "
|
||
"dan melakukan tindakan yang sesuai. Antarmuka pribadi tidak memerlukan "
|
||
"layanan listening, namun digunakan untuk membuat koneksi keluar ke node "
|
||
"penyimpanan pada jaringan penyimpanan pribadi."
|
||
|
||
msgid ""
|
||
"A risk assessment framework identifies risks within an organization or "
|
||
"service, and specifies ownership of these risks, along with implementation "
|
||
"and mitigation strategies. Risks apply to all areas of the service, from "
|
||
"technical controls to environmental disaster scenarios and human elements. "
|
||
"For example, a malicious insider. Risks can be rated using a variety of "
|
||
"mechanisms. For example, likelihood versus impact. An OpenStack deployment "
|
||
"risk assessment can include control gaps."
|
||
msgstr ""
|
||
"Kerangka penilaian risiko mengidentifikasi risiko di dalam organisasi atau "
|
||
"layanan, dan menentukan kepemilikan risiko ini, bersamaan dengan strategi "
|
||
"implementasi dan mitigasi. Risiko berlaku untuk semua area layanan, mulai "
|
||
"dari kontrol teknis hingga skenario bencana lingkungan dan elemen manusia. "
|
||
"Misalnya orang jahat. Resiko dapat dinilai dengan menggunakan berbagai "
|
||
"mekanisme. Misalnya, likelihood versus impact. Penilaian risiko pengerahan "
|
||
"OpenStack dapat mencakup kesenjangan kontrol."
|
||
|
||
msgid ""
|
||
"A security domain comprises users, applications, servers or networks that "
|
||
"share common trust requirements and expectations within a system. Typically "
|
||
"they have the same :term:`authentication` and :term:`authorization` (AuthN/"
|
||
"Z) requirements and users."
|
||
msgstr ""
|
||
"Sebuah domain keamanan terdiri dari pengguna, aplikasi, server atau jaringan "
|
||
"yang berbagi persyaratan dan harapan kepercayaan bersama dalam sebuah "
|
||
"sistem. Biasanya mereka memiliki persyaratan yang sama :term: "
|
||
"`authentication` dan :term:` authorization` (AuthN/Z) dan pengguna."
|
||
|
||
msgid ""
|
||
"A security group is a container for security group rules. Security groups "
|
||
"and their rules allow administrators and projects the ability to specify the "
|
||
"type of traffic and direction (ingress/egress) that is allowed to pass "
|
||
"through a virtual interface port. When a virtual interface port is created "
|
||
"in OpenStack Networking it is associated with a security group. For further "
|
||
"details on the default behavior of port security groups, reference the "
|
||
"`Networking Security Group Behavior <https://wiki.openstack.org/wiki/Neutron/"
|
||
"SecurityGroups#Behavior>`__ documentation. Rules can be added to the default "
|
||
"security group in order to change the behavior on a per-deployment basis."
|
||
msgstr ""
|
||
"Grup keamanan adalah wadah untuk aturan kelompok keamanan. Grup keamanan dan "
|
||
"peraturan mereka mengizinkan administrator dan memproyeksikan kemampuan "
|
||
"untuk menentukan jenis lalu lintas dan arah (ingress/egress) yang diizinkan "
|
||
"melewati port antarmuka virtual. Bila port antarmuka virtual dibuat di "
|
||
"OpenStack Networking, ini terkait dengan grup keamanan. Untuk rincian lebih "
|
||
"lanjut tentang perilaku grup keamanan port default, rujuk dokumentasi "
|
||
"`Networking Security Group Behavior <https://wiki.openstack.org/wiki/Neutron/"
|
||
"SecurityGroups#Behavior>`__. Aturan dapat ditambahkan ke grup keamanan "
|
||
"default untuk mengubah perilaku berdasarkan per-penyebaran."
|
||
|
||
msgid ""
|
||
"A separate database administrator (DBA) account should be created and "
|
||
"protected that has full privileges to create/drop databases, create user "
|
||
"accounts, and update user privileges. This simple means of separation of "
|
||
"responsibility helps prevent accidental misconfiguration, lowers risk and "
|
||
"lowers scope of compromise."
|
||
msgstr ""
|
||
"database administrator (DBA) terpisah harus dibuat dan dilindungi yang "
|
||
"memiliki hak penuh untuk create/drop databases, create user accounts, dan "
|
||
"update user privileges. Cara pemisahan tanggung jawab yang sederhana ini "
|
||
"membantu mencegah kesalahan konfigurasi yang tidak disengaja, mengurangi "
|
||
"risiko dan menurunkan cakupan bahaya (compromise)."
|
||
|
||
msgid ""
|
||
"A share can be *public* or *private*. This is a level of visibility for the "
|
||
"share that defines whether other tenants can or cannot see the share. By "
|
||
"default, all shares are created as private. While creating a share, use key "
|
||
"``--public`` to make your share public for other tenants to see it in a list "
|
||
"of shares and see its detailed information."
|
||
msgstr ""
|
||
"Share bisa *public* atau *private*. Ini adalah tingkat visibilitas untuk "
|
||
"share yang menentukan apakah penyewa lain dapat atau tidak dapat melihat "
|
||
"share nya. Secara default, semua share dibuat sebagai private. Sambil "
|
||
"menciptakan share, gunakan key ``--public``untuk membuat share public Anda "
|
||
"untuk penyewa lain melihatnya dalam daftar share dan melihat informasi "
|
||
"rincinya."
|
||
|
||
msgid ""
|
||
"A share driver in the Shared File Systems service is a Python class that can "
|
||
"be set for the back end and run in it to manage share operations, some of "
|
||
"which are vendor-specific. The back end is an instance of manila-share "
|
||
"service. There are a big number of share drivers created by different "
|
||
"vendors in the Shared File Systems service. Each share driver supports one "
|
||
"or more back end modes: *share servers* and *no share servers*. An "
|
||
"administrator chooses which mode is used by specifying it in ``manila.conf`` "
|
||
"configuration file. An option ``driver_handles_share_servers`` is used for "
|
||
"it."
|
||
msgstr ""
|
||
"Share driver dalam layanan Shared File Systems adalah kelas Python yang "
|
||
"dapat diatur untuk back end dan berjalan di dalamnya untuk mengelola operasi "
|
||
"share, beberapa di antaranya vendor-specific. Back end adalah instance dari "
|
||
"layanan manila-share. Ada sejumlah besar share driver yang dibuat oleh "
|
||
"vendor yang berbeda dalam layanan Shared File Systems. Setiap share driveri "
|
||
"mendukung satu atau beberapa mode back end: *share servers* dan *no share "
|
||
"servers *. Administrator memilih mode mana yang digunakan dengan "
|
||
"menentukannya di file konfigurasi ``manila.conf```. Pilihan "
|
||
"``driver_handles_share_servers`` digunakan untuk itu."
|
||
|
||
msgid ""
|
||
"A share is a remote, mountable file system. You can mount a share to and "
|
||
"access a share from several hosts by several users at a time."
|
||
msgstr ""
|
||
"Share adalah sistem berkas yang dapat di mount dan jauh. Anda dapat me-mount "
|
||
"share dan mengakses share dari beberapa host oleh beberapa pengguna "
|
||
"sekaligus."
|
||
|
||
msgid ""
|
||
"A share type is an administrator-defined \"type of service\", comprised of a "
|
||
"tenant visible description, and a list of non-tenant-visible key-value pairs "
|
||
"- extra specifications. The manila-scheduler uses extra specifications to "
|
||
"make scheduling decisions, and drivers control the share creation."
|
||
msgstr ""
|
||
"Jenis share adalah \"type of service\" yang administrator-defined, terdiri "
|
||
"dari deskripsi yang terlihat oleh penyewa, dan daftar non-tenant-visible key-"
|
||
"value pairs - extra specifications. Manila-scheduler menggunakan spesifikasi "
|
||
"tambahan untuk membuat keputusan penjadwalan, dan driver mengendalikan "
|
||
"penciptaan share."
|
||
|
||
msgid ""
|
||
"A standard OpenStack Networking setup has up to four distinct physical data "
|
||
"center networks:"
|
||
msgstr ""
|
||
"Penyiapan OpenStack Networking standar memiliki hingga empat jaringan data "
|
||
"center fisik yang berbeda:"
|
||
|
||
msgid ""
|
||
"A system entity that provides services to principals or other system "
|
||
"entities, in this case, OpenStack Identity is the Service Provider."
|
||
msgstr ""
|
||
"Entitas sistem yang memberikan layanan kepada prinsipal atau entitas sistem "
|
||
"lainnya, dalam hal ini, OpenStack Identity adalah Service Provider."
|
||
|
||
msgid "A table example is provided below:"
|
||
msgstr "Contoh tabel disediakan di bawah ini:"
|
||
|
||
msgid ""
|
||
"A third non supported method is Fixed/Hardcoded keys. It is known that some "
|
||
"OpenStack services have the option to specify keys in their configuration "
|
||
"files. This is the least secure way to operate and we do not recommend this "
|
||
"for any sort of production environment."
|
||
msgstr ""
|
||
"Metode ketiga yang tidak didukung adalah kunci Fixed/Hardcoded. Diketahui "
|
||
"bahwa beberapa layanan OpenStack memiliki pilihan untuk menentukan kunci "
|
||
"pada file konfigurasi mereka. Ini adalah cara yang paling aman untuk "
|
||
"dioperasikan dan kami tidak merekomendasikan hal ini untuk lingkungan "
|
||
"produksi apapun."
|
||
|
||
msgid ""
|
||
"A threat actor is an abstract way to refer to a class of adversary that you "
|
||
"may attempt to defend against. The more capable the actor, the more "
|
||
"expensive the security controls that are required for successful attack "
|
||
"mitigation and prevention. Security is a tradeoff between cost, usability "
|
||
"and defense. In some cases it will not be possible to secure a cloud "
|
||
"deployment against all of the threat actors we describe here. Those "
|
||
"deploying an OpenStack cloud will have to decide where the balance lies for "
|
||
"their deployment/usage."
|
||
msgstr ""
|
||
"Aktor ancaman adalah cara abstrak untuk merujuk pada kelas musuh yang "
|
||
"mungkin Anda coba pertahankan. Aktor yang lebih mumpuni, semakin mahal "
|
||
"kontrol keamanan yang dibutuhkan untuk keberhasilan mitigasi dan pencegahan "
|
||
"serangan. Keamanan adalah tradeoff antara biaya, kegunaan dan pertahanan. "
|
||
"Dalam beberapa kasus, tidak mungkin untuk mengamankan penyebaran awan "
|
||
"terhadap semua aktor ancaman yang kami jelaskan di sini. Mereka yang "
|
||
"mengerahkan awan OpenStack harus membuat keputusan di mana keseimbangannya "
|
||
"terletak pada penerapan/penggunaannya (deployment/usage)."
|
||
|
||
msgid "A user or group name that is used by a tenant."
|
||
msgstr "Nama pengguna atau grup yang digunakan oleh penyewa."
|
||
|
||
msgid ""
|
||
"A volume encryption feature in OpenStack supports privacy on a per-tenant "
|
||
"basis. As of the Kilo release, the following features are supported:"
|
||
msgstr ""
|
||
"Fitur enkripsi volume di OpenStack mendukung privasi secara per-penyewa. "
|
||
"Pada rilis Kilo, fitur berikut didukung:"
|
||
|
||
msgid "AES"
|
||
msgstr "AES"
|
||
|
||
msgid "AMQP"
|
||
msgstr "AMQP"
|
||
|
||
msgid ""
|
||
"AMQP based solutions (Qpid and RabbitMQ) support transport-level security "
|
||
"using TLS. ZeroMQ messaging does not natively support TLS, but transport-"
|
||
"level security is possible using labelled IPsec or CIPSO network labels."
|
||
msgstr ""
|
||
"Solusi berbasis AMQP (Qpid and RabbitMQ) mendukung keamanan tingkat "
|
||
"transportasi menggunakan TLS. Pesan ZeroMQ tidak mendukung TLS, namun "
|
||
"keamanan tingkat transportasi dimungkinkan menggunakan label jaringan CIPSO "
|
||
"atau labelled IPsec."
|
||
|
||
msgid "AMQP message service"
|
||
msgstr "AMQP message service"
|
||
|
||
msgid "API endpoint configuration recommendations"
|
||
msgstr "Rekomendasi konfigurasi API endpoint"
|
||
|
||
msgid "API endpoint process isolation and policy"
|
||
msgstr "Isolasi dan kebijakan proses endpoint API"
|
||
|
||
msgid "API endpoint rate-limiting"
|
||
msgstr "API endpoint rate-limiting"
|
||
|
||
msgid "API endpoints"
|
||
msgstr "API endpoints"
|
||
|
||
msgid "API network"
|
||
msgstr "Jaringan API"
|
||
|
||
msgid "Abstract"
|
||
msgstr "Abstrak"
|
||
|
||
msgid "Access and log reviews"
|
||
msgstr "Akses dan tinjauan log"
|
||
|
||
msgid "Access control lists"
|
||
msgstr "Daftar kontrol akses (access control list)"
|
||
|
||
msgid ""
|
||
"Access to keystone credentials or plaintext secrets is considered a total "
|
||
"security failure of the system - this interface must have robust "
|
||
"confidentiality and integrity controls."
|
||
msgstr ""
|
||
"Akses ke kredensial keystone atau rahasia plaintext dianggap sebagai "
|
||
"kegagalan keamanan total sistem - antarmuka ini harus memiliki kontrol "
|
||
"kerahasiaan dan integritas yang kuat."
|
||
|
||
msgid ""
|
||
"According to NIST, a public cloud is one in which the infrastructure is open "
|
||
"to the general public for consumption. OpenStack public clouds are typically "
|
||
"run by a :term:`service provider` and can be consumed by individuals, "
|
||
"corporations, or any paying customer. A public-cloud provider might expose a "
|
||
"full set of features such as software-defined networking or block storage, "
|
||
"in addition to multiple instance types."
|
||
msgstr ""
|
||
"Menurut NIST, awan publik adalah infrastruktur yang terbuka bagi masyarakat "
|
||
"umum untuk dikonsumsi. Awan publik OpenStack biasanya dijalankan oleh :term:"
|
||
"`service provider` dan dapat dikonsumsi oleh individu, perusahaan, atau "
|
||
"pelanggan yang membayar. Penyedia awan publik mungkin mengekspos serangkaian "
|
||
"fitur lengkap seperti jaringan yang didefinisikan perangkat lunak atau "
|
||
"penyimpanan blok, dan juga beberapa jenis instance."
|
||
|
||
msgid ""
|
||
"According to a :ref:`policy.json <shared_fs_policies>` file, an "
|
||
"administrator and the users as share owners can manage access to shares by "
|
||
"means of creating access rules. Using :command:`manila access-allow`, :"
|
||
"command:`manila access-deny` and :command:`manila access-list` commands, you "
|
||
"can grant, deny and list access to a specified share correspondingly."
|
||
msgstr ""
|
||
"Menurut file :ref:`policy.json <shared_fs_policies>`, administrator dan "
|
||
"pengguna sebagai pemilik share dapat mengelola akses ke share dengan cara "
|
||
"membuat aturan akses. Menggunakan perintah :command:`manila access-allow`, :"
|
||
"command:`manila access-deny` dan :command:`manila access-list`, Anda dapat "
|
||
"memberi, menolak, dan mendaftar akses ke share tertentu."
|
||
|
||
msgid "Account and container custom user metadata values"
|
||
msgstr "Account dan container custom user metadata values"
|
||
|
||
msgid "Account service"
|
||
msgstr "Layanan Account"
|
||
|
||
msgid "Account, container, and object names"
|
||
msgstr "Account, container, dan object names"
|
||
|
||
msgid "Acknowledgements"
|
||
msgstr "Ucapan Terima Kasih"
|
||
|
||
msgid "Act as a reference for auditors when evaluating OpenStack deployments."
|
||
msgstr ""
|
||
"Bertindak sebagai referensi bagi auditor saat mengevaluasi penerapan "
|
||
"OpenStack."
|
||
|
||
msgid ""
|
||
"Acting alone, these attackers come in many guises, such as rogue or "
|
||
"malicious employees, disaffected customers, or small-scale industrial "
|
||
"espionage."
|
||
msgstr ""
|
||
"Bertindak sendiri, penyerang ini datang dalam banyak samaran, seperti "
|
||
"karyawan nakal atau jahat, pelanggan yang tidak puas, atau spionase industri "
|
||
"skala kecil."
|
||
|
||
msgid ""
|
||
"Actions may be taken to mitigate potential malicious activity such as "
|
||
"blacklisting an IP address, recommending the strengthening of user "
|
||
"passwords, or de-activating a user account if it is deemed dormant."
|
||
msgstr ""
|
||
"Tindakan dapat dilakukan untuk mengurangi potensi aktivitas berbahaya "
|
||
"seperti memasukkan alamat IP ke daftar hitam, merekomendasikan penguatan "
|
||
"kata sandi pengguna, atau menonaktifkan akun pengguna jika dianggap tidak "
|
||
"aktif."
|
||
|
||
msgid "Active Directory"
|
||
msgstr "Active Directory"
|
||
|
||
msgid "Active developer and user communities"
|
||
msgstr "Pengembang aktif dan komunitas pengguna"
|
||
|
||
msgid ""
|
||
"Adam facilitated this Book Sprint. He also founded the Book Sprint "
|
||
"methodology and is the most experienced Book Sprint facilitator around. Adam "
|
||
"founded FLOSS Manuals—a community of some 3,000 individuals developing Free "
|
||
"Manuals about Free Software. He is also the founder and project manager for "
|
||
"Booktype, an open source project for writing, editing, and publishing books "
|
||
"online and in print."
|
||
msgstr ""
|
||
"Adam memfasilitasi Book Sprint Ini. Dia juga mendirikan metodologi Book "
|
||
"Sprint dan merupakan fasilitator Book Sprint yang paling berpengalaman. Adam "
|
||
"mendirikan FLOSS Manuals - sebuah komunitas yang terdiri dari sekitar 3.000 "
|
||
"individu yang mengembangkan Free Manuals tentang Free Software. Dia juga "
|
||
"pendiri dan manajer proyek untuk Booktype, sebuah proyek open source untuk "
|
||
"menulis, mengedit, dan menerbitkan buku secara online dan dicetak."
|
||
|
||
msgid "Add Identity Providers, Mappings and Protocols."
|
||
msgstr "Tambahkan Identity Provider, Pemetaan dan Protokol."
|
||
|
||
msgid "Add ``WSGIScriptAlias`` directive to your vhost configuration:"
|
||
msgstr ""
|
||
"Tambahkan directive (petunjuk) `WSGIScriptAlias`` ke konfigurasi vhost Anda:"
|
||
|
||
msgid ""
|
||
"Add the Federation extension driver to the ``[federation]`` section in the "
|
||
"``keystone.conf`` file. For example:"
|
||
msgstr ""
|
||
"Tambahkan driver ekstensi Federation ke bagian ``[federation]`` di file "
|
||
"``keystone.conf``. Sebagai contoh:"
|
||
|
||
msgid ""
|
||
"Add the ``federation_extension`` middleware to the ``api_v3`` pipeline in "
|
||
"the ``keystone-paste.ini`` file. For example:"
|
||
msgstr ""
|
||
"Tambahkan middleware ``federation_extension` ke pipa ``api_v3`` di file "
|
||
"``keystone-paste.ini``. Sebagai contoh:"
|
||
|
||
msgid ""
|
||
"Add the saml2 authentication method to the ``[auth]`` section in ``keystone."
|
||
"conf`` file:"
|
||
msgstr ""
|
||
"Tambahkan metode otentikasi saml2 ke bagian ``[auth]`` di file `keystone."
|
||
"conf``:"
|
||
|
||
msgid "Add two ``<Location>`` directives to the ``wsgi-keystone.conf`` file:"
|
||
msgstr ""
|
||
"Tambahkan dua directive ``<Location> `` ke file ``wsgi-keystone.conf``:"
|
||
|
||
msgid ""
|
||
"Adding it in a different location requires you set up your SELinux policy "
|
||
"accordingly."
|
||
msgstr ""
|
||
"Menambahkannya di lokasi yang berbeda mengharuskan Anda mengatur kebijakan "
|
||
"SELinux Anda sesuai dengan itu."
|
||
|
||
msgid "Additional security features"
|
||
msgstr "Fitur keamanan tambahan"
|
||
|
||
msgid ""
|
||
"Additionally, it is possible for tenants of a bare metal system to modify "
|
||
"system firmware. TPM technology, described in :ref:`management-secure-"
|
||
"bootstrapping`, provides a solution for detecting unauthorized firmware "
|
||
"changes."
|
||
msgstr ""
|
||
"Selain itu, dimungkinkan bagi penyewa sistem bare metal untuk memodifikasi "
|
||
"firmware sistem. Teknologi TPM, dijelaskan dalam :ref: `manajemen-aman-"
|
||
"bootstrapping`, menyediakan solusi untuk mendeteksi perubahan firmware yang "
|
||
"tidak sah."
|
||
|
||
msgid ""
|
||
"Additionally, the following security-related criteria are highly encouraged "
|
||
"to be evaluated when selecting a hypervisor for OpenStack deployments: * Has "
|
||
"the hypervisor undergone Common Criteria certification? If so, to what "
|
||
"levels? * Is the underlying cryptography certified by a third-party?"
|
||
msgstr ""
|
||
"Selain itu, kriteria terkait keamanan berikut sangat dianjurkan untuk "
|
||
"dievaluasi saat memilih hypervisor untuk penerapan OpenStack: * Has the "
|
||
"hypervisor undergone Common Criteria certification? If so, to what levels? "
|
||
"* Apakah kriptografi yang mendasari disertifikasi oleh pihak ketiga?"
|
||
|
||
msgid ""
|
||
"Additionally, when combined with a version control system such as Git or "
|
||
"SVN, you can track changes to your environment over time and re-mediate "
|
||
"unauthorized changes that may occur. For example, a ``nova.conf`` file or "
|
||
"other configuration file falls out of compliance with your standard, your "
|
||
"configuration management tool can revert or replace the file and bring your "
|
||
"configuration back into a known state. Finally a configuration management "
|
||
"tool can also be used to deploy updates; simplifying the security patch "
|
||
"process. These tools have a broad range of capabilities that are useful in "
|
||
"this space. The key point for securing your cloud is to choose a tool for "
|
||
"configuration management and use it."
|
||
msgstr ""
|
||
"Selain itu, bila digabungkan dengan sistem kontrol versi seperti Git atau "
|
||
"SVN, Anda dapat melacak perubahan pada lingkungan Anda dari waktu ke waktu "
|
||
"dan memediasi kembali perubahan yang tidak sah yang mungkin terjadi. "
|
||
"Misalnya, file ``nova.conf`` atau file konfigurasi lainnya tidak sesuai "
|
||
"dengan standar Anda, alat manajemen konfigurasi Anda dapat mengembalikan "
|
||
"atau mengganti file dan membawa konfigurasi Anda kembali ke keadaan yang "
|
||
"sudah diketahui. Akhirnya alat manajemen konfigurasi juga bisa digunakan "
|
||
"untuk menyebarkan update; menyederhanakan proses patch keamanan. Alat ini "
|
||
"memiliki berbagai kemampuan yang berguna di ruang ini. Titik kunci untuk "
|
||
"mengamankan awan Anda adalah memilih alat untuk pengelolaan konfigurasi dan "
|
||
"menggunakannya."
|
||
|
||
msgid "Address Space Layout Randomization (ASLR)"
|
||
msgstr "Address Space Layout Randomization (ASLR)"
|
||
|
||
msgid ""
|
||
"Adds a set of rules to map Federation protocol attributes to Identity API "
|
||
"objects. An Identity Provider has exactly one mapping specified per protocol."
|
||
msgstr ""
|
||
"Menambahkan seperangkat aturan untuk memetakan atribut protokol Federasi ke "
|
||
"objek Identity API. Identity Provider memiliki tepat satu pemetaan yang "
|
||
"ditentukan per protokol."
|
||
|
||
msgid "Administrative users"
|
||
msgstr "Pengguna administratif"
|
||
|
||
msgid ""
|
||
"Administrators can enable instance signature verification by setting the "
|
||
"``verify_glance_signatures`` flag to ``True`` in the ``/etc/nova/nova.conf`` "
|
||
"file. When enabled, the Compute service automatically validates the signed "
|
||
"instance when it is retrieved from the Image service. If this verification "
|
||
"fails, the boot won't occur. The OpenStack Operations Guide provides "
|
||
"guidance on how to create and upload a signed image, and how to use this "
|
||
"feature. For more information, see `Adding Signed Images <https://docs."
|
||
"openstack.org/operations-guide/ops-user-facing-operations.html#adding-signed-"
|
||
"images>`_ in the Operations Guide."
|
||
msgstr ""
|
||
"Administrator dapat mengaktifkan verifikasi instance signature dengan "
|
||
"mengatur flag ``verify_glance_signatures`` ke ``True`` dalam file ``/etc/"
|
||
"nova/nova.conf``. Saat diaktifkan, layanan Compute secara otomatis "
|
||
"memvalidasi instance yang ditandatangani ketika diambil dari layanan Image. "
|
||
"Jika verifikasi ini gagal, boot tidak akan terjadi. OpenStack Operations "
|
||
"Guide memberikan panduan tentang cara membuat dan mengunggah image yang "
|
||
"ditandatangani, dan cara menggunakan fitur ini. Untuk informasi lebih "
|
||
"lanjut, lihat`Adding Signed Images <https://docs.openstack.org/operations-"
|
||
"guide/ops-user-facing-operations.html#adding-signed-images>`_ di Operations "
|
||
"Guide."
|
||
|
||
msgid ""
|
||
"Administrators care about security services: they configure the server side "
|
||
"of such security services."
|
||
msgstr ""
|
||
"Administrator peduli dengan layanan keamanan: mereka mengkonfigurasi sisi "
|
||
"server dari layanan keamanan semacam itu."
|
||
|
||
msgid ""
|
||
"Administrators must perform command and control over the cloud for various "
|
||
"operational functions. It is important these command and control facilities "
|
||
"are understood and secured."
|
||
msgstr ""
|
||
"Administrator harus melakukan perintah dan kontrol atas awan untuk berbagai "
|
||
"fungsi operasional. Penting agar fasilitas komando dan kontrol ini dipahami "
|
||
"dan dijamin."
|
||
|
||
msgid ""
|
||
"After a share network is created, the Shared File Systems service retrieves "
|
||
"network information determined by a network provider: network type, "
|
||
"segmentation identifier if the network uses segmentation and IP block in "
|
||
"CIDR notation from which to allocate the network."
|
||
msgstr ""
|
||
"Setelah jaringan berbagi dibuat, layanan Shared File Systems mengambil "
|
||
"informasi jaringan yang ditentukan oleh penyedia jaringan: jenis jaringan, "
|
||
"identifikasi segmentasi jika jaringan menggunakan segmentasi dan blok IP "
|
||
"dalam nota CIDR untuk mengalokasikan jaringan."
|
||
|
||
msgid ""
|
||
"After completing these initial certifications, the remaining certifications "
|
||
"are more deployment specific. For example, clouds processing credit card "
|
||
"transactions will need PCI-DSS, clouds storing health care information "
|
||
"require HIPAA, and clouds within the federal government may require FedRAMP/"
|
||
"FISMA, and ITAR, certifications."
|
||
msgstr ""
|
||
"Setelah menyelesaikan sertifikasi awal ini, sisa sertifikasi lebih spesifik. "
|
||
"Misalnya, pemrosesan transaksi kartu kredit cloud memerlukan PCI-DSS, cloud "
|
||
"yang menyimpan informasi perawatan kesehatan memerlukan HIPAA, dan cloud di "
|
||
"dalam pemerintah federal mungkin memerlukan sertifikasi FedRAMP / FISMA, dan "
|
||
"ITAR."
|
||
|
||
msgid ""
|
||
"After creating a share and getting its export location, users have no "
|
||
"permissions to mount it and operate with files. The Shared File System "
|
||
"service requires to explicitly grant access to the new share."
|
||
msgstr ""
|
||
"Setelah membuat bagian dan mendapatkan lokasi ekspornya, pengguna tidak "
|
||
"memiliki izin untuk memasangnya dan mengoperasikannya dengan file. Layanan "
|
||
"Shared File System mengharuskan untuk secara eksplisit memberikan akses ke "
|
||
"bagian baru."
|
||
|
||
msgid ""
|
||
"After the rule has status ``active`` we can connect to the ``10.254.0.3`` "
|
||
"host again and check the ``/etc/exports`` file and see that the line with "
|
||
"rule was added:"
|
||
msgstr ""
|
||
"Setelah aturan memiliki status ``active`` kita dapat terhubung ke host "
|
||
"``10.254.0.3`` lagi dan memeriksa file ``/etc/exports`` dan melihat bahwa "
|
||
"baris dengan aturan telah ditambahkan:"
|
||
|
||
msgid ""
|
||
"After you are notified of a security update, the next step is to determine "
|
||
"how critical this update is to a given cloud deployment. In this case, it is "
|
||
"useful to have a pre-defined policy. Existing vulnerability rating systems "
|
||
"such as the common vulnerability scoring system (CVSS) v2 do not properly "
|
||
"account for cloud deployments."
|
||
msgstr ""
|
||
"Setelah diberi tahu tentang pembaruan keamanan, langkah selanjutnya adalah "
|
||
"menentukan seberapa kritis pembaruan ini terhadap penerapan awan yang "
|
||
"diberikan. Dalam kasus ini, berguna untuk memiliki kebijakan yang telah "
|
||
"ditentukan sebelumnya. Sistem pemeringkatan kerentanan yang ada seperti "
|
||
"common vulnerability scoring system (CVSS) v2 tidak memperhitungkan "
|
||
"penyebaran awan dengan baik."
|
||
|
||
msgid "Algorithm"
|
||
msgstr "Algoritma"
|
||
|
||
msgid ""
|
||
"Aligning the information system with in-scope standards and regulations "
|
||
"involves internal tasks which must be conducted before a formal assessment. "
|
||
"Auditors may be involved at this state to conduct gap analysis, provide "
|
||
"guidance, and increase the likelihood of successful certification."
|
||
msgstr ""
|
||
"Menyelaraskan sistem informasi dengan standar dan peraturan di dalam lingkup "
|
||
"melibatkan tugas internal yang harus dilakukan sebelum penilaian formal. "
|
||
"Auditor mungkin dilibatkan dalam keadaan ini untuk melakukan analisis gap, "
|
||
"memberikan panduan, dan meningkatkan kemungkinan sertifikasi yang berhasil."
|
||
|
||
msgid ""
|
||
"All SSH daemons have private host keys and, upon connection, offer a host "
|
||
"key fingerprint. This host key fingerprint is the hash of an unsigned public "
|
||
"key. It is important these host key fingerprints are known in advance of "
|
||
"making SSH connections to those hosts. Verification of host key fingerprints "
|
||
"is instrumental in detecting man-in-the-middle attacks."
|
||
msgstr ""
|
||
"Semua daemon SSH memiliki private host key dan, setelah koneksi, tawarkan "
|
||
"host key fingerprint. Host key fingerprint. ini adalah hash dari public key "
|
||
"yang tidak ditandai. Pentingnya host key fingerprint ini diketahui sebelum "
|
||
"membuat koneksi SSH ke host tersebut. Verifikasi host key fingerprint sangat "
|
||
"berperan dalam mendeteksi serangan man-in-the-middle."
|
||
|
||
msgid ""
|
||
"All bugs, OSSAs and OSSNs are publicly disseminated through the openstack-"
|
||
"discuss mailing list with the [security] topic in the subject line. We "
|
||
"recommend subscribing to this list as well as mail filtering rules that "
|
||
"ensure OSSNs, OSSAs, and other important advisories are not missed. The "
|
||
"openstack-discuss mailinglist is managed through `http://lists.openstack.org/"
|
||
"cgi-bin/mailman/listinfo/openstack-discuss <http://lists.openstack.org/cgi-"
|
||
"bin/mailman/listinfo/openstack-discuss>`_. The openstack-discuss uses tags "
|
||
"as defined in the `Project Team Guide <https://docs.openstack.org/project-"
|
||
"team-guide/open-community.html#mailing-lists>`_."
|
||
msgstr ""
|
||
"Semua bug, OSSA, dan OSSN disebarluaskan kepada publik melalui mailing list "
|
||
"openstack-mendiskusikan dengan topik [security] di baris subjek. Kami "
|
||
"menyarankan untuk berlangganan list ini serta aturan penyaringan surat yang "
|
||
"memastikan OSSN, OSSA, dan nasihat penting lainnya tidak dilewatkan. Milis "
|
||
"openstack-mendiskusikan dikelola melalui`http://lists.openstack.org/cgi-bin/"
|
||
"mailman/listinfo/openstack-discuss <http://lists.openstack.org/cgi-bin/"
|
||
"mailman/listinfo/openstack-discuss>`_. The openstack-discuss menggunakan tag "
|
||
"seperti yang didefinisikan dalam `Project Team Guide <https://docs.openstack."
|
||
"org/project-team-guide/open-community.html#mailing-lists>`_."
|
||
|
||
msgid ""
|
||
"All bugs, OSSAs and OSSNs are publicly disseminated through the openstack-"
|
||
"discuss mailinglist with the [security] topic in the subject line. We "
|
||
"recommend subscribing to this list as well as mail filtering rules that "
|
||
"ensure OSSNs, OSSAs, and other important advisories are not missed. The "
|
||
"openstack-discuss mailinglist is managed through `OpenStack Development "
|
||
"Mailing List <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-"
|
||
"discuss>`_. The openstack-discuss uses tags as defined in the `Project Team "
|
||
"Guide <https://docs.openstack.org/project-team-guide/open-community."
|
||
"html#mailing-lists>`_."
|
||
msgstr ""
|
||
"Semua bug, OSSA dan OSSN disebarluaskan kepada publik melalui mailinglist "
|
||
"openstack-discuss dengan topik [security] di baris subjek. Kami menyarankan "
|
||
"untuk berlangganan mailinglist ini serta aturan penyaringan mail yang "
|
||
"memastikan OSSN, OSSA, dan nasihat penting lainnya tidak dilewatkan. Milis "
|
||
"openstack-discuss dikelola melalui `OpenStack Development Mailing List "
|
||
"<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss>` _. "
|
||
"The openstack-discuss menggunakan tag sebagaimana didefinisikan dalam "
|
||
"`Project Team Guide <https://docs.openstack.org/project-team-guide/open-"
|
||
"community.html#mailing-lists>` _."
|
||
|
||
msgid "All custom user metadata names"
|
||
msgstr "All custom user metadata names"
|
||
|
||
msgid ""
|
||
"All custom user object metadata values. For example, metadata sent using ``X-"
|
||
"Object-Meta-`` prefixed headers with PUT or POST requests"
|
||
msgstr ""
|
||
"Semua nilai metadata objek pengguna khusus. Misalnya, metadata dikirim "
|
||
"menggunakan header header ``X-Object-Meta-`` yang diawali dengan permintaan "
|
||
"PUT atau POST"
|
||
|
||
msgid "All database communications be isolated to a management network"
|
||
msgstr "Semua komunikasi database diisolasi ke jaringan manajemen"
|
||
|
||
msgid ""
|
||
"All domains should be secured with TLS, including the management domain "
|
||
"services and intra-service communications. TLS provides the mechanisms to "
|
||
"ensure authentication, non-repudiation, confidentiality, and integrity of "
|
||
"user communications to the OpenStack services and between the OpenStack "
|
||
"services themselves."
|
||
msgstr ""
|
||
"Semua domain harus diamankan dengan TLS, termasuk layanan domain manajemen "
|
||
"dan komunikasi intra-layanan. TLS menyediakan mekanisme untuk memastikan "
|
||
"otentikasi, non-penolakan, kerahasiaan, dan integritas komunikasi pengguna "
|
||
"terhadap layanan OpenStack dan antara layanan OpenStack itu sendiri."
|
||
|
||
msgid "All entry points into a system"
|
||
msgstr "Semua titik masuk (entry point) masuk ke sistem"
|
||
|
||
msgid ""
|
||
"All of the above are valid concerns, but none of them prevent SSL/TLS from "
|
||
"being used on the management network. Let's consider the next deployment "
|
||
"model."
|
||
msgstr ""
|
||
"Semua hal di atas adalah masalah yang valid, namun tidak ada satupun yang "
|
||
"mencegah SSL/TLS digunakan pada jaringan manajemen. Mari pertimbangkan model "
|
||
"penerapan berikutnya."
|
||
|
||
msgid ""
|
||
"All of the services within an OpenStack project access a single database. "
|
||
"There are presently no reference policies for creating table or row based "
|
||
"access restrictions to the database."
|
||
msgstr ""
|
||
"Semua layanan dalam proyek OpenStack mengakses database tunggal. Saat ini "
|
||
"tidak ada kebijakan referensi untuk membuat batasan akses berbasis tabel "
|
||
"atau baris ke database."
|
||
|
||
msgid ""
|
||
"All share drivers that use the OpenStack Compute service do not use network "
|
||
"plug-ins. In Mitaka release it is Windows and Generic drivers. These share "
|
||
"drives have other options and use different approach."
|
||
msgstr ""
|
||
"Semua driver share yang menggunakan layanan OpenStack Compute tidak "
|
||
"menggunakan plug-in jaringan. Di Mitaka rilis itu adalah driver Windows dan "
|
||
"Generic. Drive berbagi ini memiliki pilihan lain dan menggunakan pendekatan "
|
||
"yang berbeda."
|
||
|
||
msgid "Allow confined virtual guests to interact with the sanlock."
|
||
msgstr "Biarkan virtual gues terbatas untuk berinteraksi dengan sanlock."
|
||
|
||
msgid "Allow virt to manage CIFS mounted files."
|
||
msgstr "Izinkan virt untuk mengelola file yang dipasang CIFS."
|
||
|
||
msgid "Allow virt to manage NFS mounted files."
|
||
msgstr "Izinkan virt untuk mengelola file yang dipasang NFS."
|
||
|
||
msgid "Allow virt to manage device configuration (PCI)."
|
||
msgstr "Izinkan virt untuk mengatur konfigurasi perangkat (PCI)."
|
||
|
||
msgid "Allow virt to read FUSE mounted files."
|
||
msgstr "Izinkan virt untuk membaca file yang dipasang FUSE."
|
||
|
||
msgid "Allow virt to use USB devices."
|
||
msgstr "Izinkan virt untuk menggunakan perangkat USB."
|
||
|
||
msgid "Allow virt to use serial or parallel communication ports."
|
||
msgstr "Izinkan virt untuk menggunakan port komunikasi serial atau paralel."
|
||
|
||
msgid "Allow virtual machine to interact with the X Window System."
|
||
msgstr "Biarkan mesin virtual berinteraksi dengan X Window System."
|
||
|
||
msgid "Allowed hosts"
|
||
msgstr "Host yang diizinkan"
|
||
|
||
msgid "Allows a regular expression to validate user password complexity."
|
||
msgstr ""
|
||
"Mengizinkan ekspresi reguler untuk memvalidasi kompleksitas kata sandi "
|
||
"pengguna."
|
||
|
||
msgid ""
|
||
"Allows a user to authenticate with the Identity service to exchange the :"
|
||
"term:`unscoped token` for a :term:`scoped token`, by providing a project ID "
|
||
"or a domain ID."
|
||
msgstr ""
|
||
"Memungkinkan pengguna untuk melakukan otentikasi dengan layanan Identity "
|
||
"untuk pertukaran :term:`unscoped token` untuk :term:`scoped token`, dengan "
|
||
"menyediakan ID proyek atau ID domain."
|
||
|
||
msgid ""
|
||
"Allows a user to use all OpenStack services apart from the Identity service."
|
||
msgstr ""
|
||
"Memungkinkan pengguna untuk menggunakan semua layanan OpenStack selain dari "
|
||
"layanan Identity."
|
||
|
||
msgid "Allows secure login to nodes and guest VMs"
|
||
msgstr "Mengizinkan login yang aman ke node dan VM tamu"
|
||
|
||
msgid ""
|
||
"Also known as Data Execution Prevention (DEP), ensures that data sections of "
|
||
"the executable can not be executed."
|
||
msgstr ""
|
||
"Juga dikenal sebagai Data Execution Prevention (DEP), memastikan bahwa "
|
||
"bagian data executable tidak dapat dijalankan."
|
||
|
||
msgid ""
|
||
"Also of note is the Identity service. Users of the Data processing service "
|
||
"will need appropriate roles in their projects to allow the provisioning of "
|
||
"instances for their clusters. Installations that use the proxy domain "
|
||
"configuration require special consideration. See :ref:`data-processing-proxy-"
|
||
"domains`. Specifically, the Data processing service will need the ability to "
|
||
"create users within the proxy domain."
|
||
msgstr ""
|
||
"Yang juga diperhatikan adalah layanan Identitas. Pengguna layanan pengolahan "
|
||
"data memerlukan peran yang sesuai dalam proyek mereka untuk memungkinkan "
|
||
"penyediaan instance untuk cluster mereka. Instalasi yang menggunakan "
|
||
"konfigurasi domain proxy memerlukan pertimbangan khusus. Lihat :ref:`data-"
|
||
"processing-proxy-domains`. Secara khusus, layanan pengolahan data memerlukan "
|
||
"kemampuan untuk membuat pengguna dalam domain proxy."
|
||
|
||
msgid ""
|
||
"Alternate measures to provide data privacy, in the creation and destruction "
|
||
"of ephemeral storage, will be somewhat dependent on the chosen hypervisor "
|
||
"and the OpenStack Compute plug-in."
|
||
msgstr ""
|
||
"Langkah alternatif untuk memberikan privasi data, dalam penciptaan dan "
|
||
"penghancuran penyimpanan sementara, akan tergantung pada hypervisor yang "
|
||
"dipilih dan plug-in OpenStack Compute."
|
||
|
||
msgid ""
|
||
"Although SPICE has many advantages over VNC, the spice-html5 browser "
|
||
"integration currently does not allow administrators to take advantage of the "
|
||
"benefits. To take advantage of SPICE features like multi-monitor, USB pass "
|
||
"through, we recommend administrators use a standalone SPICE client within "
|
||
"the management network."
|
||
msgstr ""
|
||
"Meski SPICE memiliki banyak kelebihan dibanding VNC, integrasi browser spice-"
|
||
"html5 saat ini tidak memungkinkan administrator memanfaatkan keuntungannya. "
|
||
"Untuk memanfaatkan fitur SPICE seperti multi-monitor, melewati USB, "
|
||
"sebaiknya administrator menggunakan klien SPICE mandiri di dalam jaringan "
|
||
"manajemen."
|
||
|
||
msgid ""
|
||
"Although we recommend using the OpenStack Volume Encryption feature, Block "
|
||
"Storage supports a large variety of alternative back-ends for supplying "
|
||
"mountable volumes, and some of these may also provide volume encryption. "
|
||
"Since there are so many `back-ends <https://docs.openstack.org/cinder/latest/"
|
||
"drivers.html>`_, and since information from each vendor must be obtained, it "
|
||
"is outside the scope of this guide to specify recommendations for "
|
||
"implementing encryption in any of them."
|
||
msgstr ""
|
||
"Meskipun kami merekomendasikan penggunaan fitur OpenStack Volume Encryption, "
|
||
"Block Storage mendukung beragam alternatif back-end untuk memasok volume "
|
||
"mountable, dan beberapa di antaranya juga menyediakan enkripsi volume. "
|
||
"Karena ada begitu banyak `back-ends <https://docs.openstack.org/cinder/"
|
||
"latest/drivers.html>`_, dan karena informasi dari masing-masing vendor harus "
|
||
"diperoleh, di luar ruang lingkup panduan ini untuk menentukan rekomendasi "
|
||
"untuk menerapkan enkripsi di dalamnya."
|
||
|
||
msgid ""
|
||
"Although you may desire to break these domains down further (we later "
|
||
"discuss where this may be appropriate), we generally refer to four distinct "
|
||
"security domains which form the bare minimum that is required to deploy any "
|
||
"OpenStack cloud securely. These security domains are:"
|
||
msgstr ""
|
||
"Meskipun Anda mungkin ingin memecah domain ini lebih jauh (kami kemudian "
|
||
"membahas di mana hal ini mungkin sesuai), biasanya kami mengacu pada empat "
|
||
"domain keamanan yang berbeda yang membentuk standar minimum yang diperlukan "
|
||
"untuk menyebarkan awan OpenStack dengan aman. Domain keamanan ini adalah:"
|
||
|
||
msgid "An IP address or host name of a security service."
|
||
msgstr "Alamat IP atau nama host dari sebuah layanan keamanan."
|
||
|
||
msgid ""
|
||
"An Information Security Management System (ISMS) is a comprehensive set of "
|
||
"policies and processes that an organization creates and maintains to manage "
|
||
"risk to information assets. The most common ISMS for cloud deployments is "
|
||
"`ISO/IEC 27001/2 <http://www.27000.org/iso-27001.htm>`_, which creates a "
|
||
"solid foundation of security controls and practices for achieving more "
|
||
"stringent compliance certifications. This standard was updated in 2013 to "
|
||
"reflect the growing use of cloud services and places more emphasis on "
|
||
"measuring and evaluating how well an organization's ISMS is performing."
|
||
msgstr ""
|
||
"An Information Security Management System (ISMS) adalah seperangkat "
|
||
"kebijakan dan proses yang komprehensif yang diciptakan dan dikelola oleh "
|
||
"sebuah organisasi untuk mengelola risiko terhadap aset informasi. ISMS yang "
|
||
"paling umum untuk pengerahan awan adalah `ISO/IEC 27001/2 <http://www.27000."
|
||
"org/iso-27001.htm>`_, yang menciptakan fondasi yang kuat dari kontrol "
|
||
"keamanan dan praktik untuk mencapai sertifikasi kepatuhan yang lebih ketat. "
|
||
"Standar ini diperbarui pada tahun 2013 untuk mencerminkan meningkatnya "
|
||
"penggunaan layanan awan dan tempat-tempat yang lebih menekankan pada "
|
||
"pengukuran dan evaluasi seberapa baik kinerja ISMS organisasi."
|
||
|
||
msgid ""
|
||
"An Object Storage account is not a user account or credential. The following "
|
||
"explains the relations:"
|
||
msgstr ""
|
||
"Akun Object Storage bukanlah akun pengguna atau kredensial. Berikut ini "
|
||
"menjelaskan hubungan:"
|
||
|
||
msgid ""
|
||
"An Object Storage installation does not have to be on the Internet and could "
|
||
"also be a private cloud with the public switch a part of the organization's "
|
||
"internal network infrastructure."
|
||
msgstr ""
|
||
"Instalasi Object Storage tidak harus ada di Internet dan juga bisa menjadi "
|
||
"awan private dengan tombol publik sebagai bagian dari infrastruktur jaringan "
|
||
"internal organisasi."
|
||
|
||
msgid ""
|
||
"An OpenStack deployment may require compliance activities for many purposes, "
|
||
"such as regulatory and legal requirements, customer need, privacy "
|
||
"considerations, and security best practices. The Compliance function is "
|
||
"important for the business and its customers. Compliance means adhering to "
|
||
"regulations, specifications, standards and laws. It is also used when "
|
||
"describing an organizations status regarding assessments, audits, and "
|
||
"certifications. Compliance, when done correctly, unifies and strengthens the "
|
||
"other security topics discussed in this guide."
|
||
msgstr ""
|
||
"Penyebaran OpenStack mungkin memerlukan aktivitas kepatuhan untuk berbagai "
|
||
"tujuan, seperti persyaratan peraturan dan hukum, kebutuhan pelanggan, "
|
||
"pertimbangan privasi, dan praktik terbaik keamanan. Fungsi Kepatuhan penting "
|
||
"bagi bisnis dan pelanggannya. Kepatuhan berarti mematuhi peraturan, "
|
||
"spesifikasi, standar dan undang-undang. Ini juga digunakan saat "
|
||
"menggambarkan status organisasi mengenai penilaian, audit, dan sertifikasi. "
|
||
"Kepatuhan, bila dilakukan dengan benar, menyatukan dan memperkuat topik "
|
||
"keamanan lainnya yang dibahas dalam panduan ini."
|
||
|
||
msgid ""
|
||
"An OpenStack deployment will likely need to demonstrate compliance with an "
|
||
"organization's Privacy Policy, with the U.S.-E.U. Safe Harbor framework, the "
|
||
"ISO/IEC 29100:2011 privacy framework or with other privacy-specific "
|
||
"guidelines. In the U.S. the AICPA has `defined 10 privacy areas of focus "
|
||
"<http://www.aicpa.org/interestareas/informationtechnology/resources/privacy/"
|
||
"generallyacceptedprivacyprinciples/>`_, OpenStack deployments within a "
|
||
"commercial environment may desire to attest to some or all of these "
|
||
"principles."
|
||
msgstr ""
|
||
"Penyebaran OpenStack kemungkinan akan perlu menunjukkan kepatuhan terhadap "
|
||
"Privacy Policy organisasi, dengan A.S.-E.U. Kerangka kerja Safe Harbor, "
|
||
"kerangka privasi ISO/IEC 29100: 2011 atau dengan pedoman khusus privasi "
|
||
"lainnya. Di A.S., AICPA memiliki `defined 10 privacy areas of focus <http://"
|
||
"www.aicpa.org/interestareas/informationtechnology/resources/privacy/"
|
||
"generallyacceptedprivacyprinciples/>`_, Penyebaran OpenStack dalam "
|
||
"lingkungan komersial mungkin ingin membuktikan beberapa atau semua prinsip "
|
||
"ini."
|
||
|
||
msgid ""
|
||
"An administrator and users as share owners can manage the :ref:`access to "
|
||
"the shares <shared_fs_share_acl>` by creating access rules with "
|
||
"authentication though an IP address, user, group, or TLS certificates. "
|
||
"Authentication methods depend on which share driver and security service you "
|
||
"configure and use."
|
||
msgstr ""
|
||
"Administrator dan pengguna sebagai pemilik share dapat mengelola :ref:"
|
||
"`access to the shares <shared_fs_share_acl>` dengan membuat aturan akses "
|
||
"dengan otentikasi meskipun sertifikat alamat IP, pengguna, grup, atau TLS. "
|
||
"Metode otentikasi bergantung pada share driver dan layanan keamanan yang "
|
||
"Anda konfigurasikan dan gunakan."
|
||
|
||
msgid ""
|
||
"An administrator can create and delete share types, and also manage extra "
|
||
"specifications that give them meaning inside the Shared File Systems "
|
||
"service. Tenants can list the share types and can use them to create new "
|
||
"shares. For details of managing the share types, see `Shared File Systems "
|
||
"API <https://developer.openstack.org/api-ref-share-v2.html#share-type>`_ and "
|
||
"`Share types managing <https://docs.openstack.org/admin-guide/"
|
||
"shared_file_systems_share_types.html>`_ documentation."
|
||
msgstr ""
|
||
"Administrator dapat membuat dan menghapus jenis share, dan juga mengelola "
|
||
"spesifikasi tambahan yang memberi arti di dalam layanan Shared File Systems. "
|
||
"Penyewa dapat mencantumkan jenis share dan dapat menggunakannya untuk "
|
||
"membuat share baru. Untuk detail mengelola jenis share, lihat `Shared File "
|
||
"Systems API <https://developer.openstack.org/api-ref-share-v2.html#share-"
|
||
"type>`_ dan dokumentasi `Share types managing <https://docs.openstack.org/"
|
||
"admin-guide/shared_file_systems_share_types.html>`_."
|
||
|
||
msgid ""
|
||
"An administrator rather than a share driver manages the bare metal storage "
|
||
"with some net interface insteadof the presence of the share servers."
|
||
msgstr ""
|
||
"Administrator bukannya share driver mengelola penyimpanan bare metal dengan "
|
||
"beberapa net interface bukannya keberadaan share server."
|
||
|
||
msgid "An agreed set of findings and/or defects"
|
||
msgstr "Kumpulan temuan dan/atau cacat yang disepakati"
|
||
|
||
msgid ""
|
||
"An audit has four distinct phases, though most stakeholders and control "
|
||
"owners will only participate in one or two. The four phases are Planning, "
|
||
"Fieldwork, Reporting and Wrap-up. Each of these phases is discussed below."
|
||
msgstr ""
|
||
"Audit memiliki empat tahap yang berbeda, walaupun sebagian besar pemangku "
|
||
"kepentingan dan pemilik kontrol hanya akan berpartisipasi dalam satu atau "
|
||
"dua. Keempat tahapan tersebut adalah Planning, Fieldwork, Reporting and Wrap-"
|
||
"up. Masing-masing tahap ini dibahas di bawah ini."
|
||
|
||
msgid ""
|
||
"An authoritative list of software components may be critical when assessing "
|
||
"the impact of a compromise or vulnerability in a library, application or "
|
||
"class of software."
|
||
msgstr ""
|
||
"Daftar komponen perangkat lunak yang otoritatif mungkin penting saat menilai "
|
||
"dampak kompromi atau kerentanan di perpustakaan, aplikasi atau kelas "
|
||
"perangkat lunak."
|
||
|
||
msgid ""
|
||
"An encrypted tunnel is created between libvirtd processes on both source and "
|
||
"destination hosts."
|
||
msgstr ""
|
||
"Terowongan terenkripsi dibuat antara proses libvirtd pada host sumber dan "
|
||
"tujuan."
|
||
|
||
msgid ""
|
||
"An ephemeral disk encryption feature addresses data privacy. The ephemeral "
|
||
"disk is a temporary work space used by the virtual host operating system. "
|
||
"Without encryption, sensitive user information could be accessed on this "
|
||
"disk, and vestigial information could remain after the disk is unmounted. As "
|
||
"of the Kilo release, the following ephemeral disk encryption features are "
|
||
"supported:"
|
||
msgstr ""
|
||
"Fitur enkripsi disk fana (singkat) membahas privasi data. Disk fana adalah "
|
||
"ruang kerja sementara yang digunakan oleh sistem operasi virtual host. Tanpa "
|
||
"enkripsi, informasi pengguna yang sensitif dapat diakses pada disk ini, dan "
|
||
"informasi sisa bisa tetap ada setelah disk tidak terpasang. Pada rilis Kilo, "
|
||
"fitur enkripsi disk darurat berikut didukung:"
|
||
|
||
msgid ""
|
||
"An example diagram from the OpenStack Object Storage Administration Guide "
|
||
"(2013)"
|
||
msgstr ""
|
||
"Diagram contoh dari OpenStack Object Storage Administration Guide (2013)"
|
||
|
||
msgid ""
|
||
"An example of those secrets that require keystone authentication are "
|
||
"passwords and keys owned by specific projects. These include, for instance, "
|
||
"encryption keys for a project's encrypted cinder volumes or signing keys for "
|
||
"a project's glance images."
|
||
msgstr ""
|
||
"Contoh dari rahasia yang memerlukan otentikasi keystone adalah password dan "
|
||
"kunci yang dimiliki oleh proyek tertentu. Ini termasuk, misalnya, kunci "
|
||
"enkripsi untuk volume cinder terenkripsi proyek atau signing key untuk "
|
||
"glance image proyek."
|
||
|
||
msgid ""
|
||
"An exception process is an important component of an ISMS. When certain "
|
||
"actions are not compliant with security policies that an organization has "
|
||
"defined, they must be logged. Appropriate justification, description and "
|
||
"mitigation details need to be included, and signed off by appropriate "
|
||
"authorities. OpenStack default configurations may vary in meeting various "
|
||
"compliance criteria, areas that fail to meet compliance requirements should "
|
||
"be logged, with potential fixes considered for contribution to the community."
|
||
msgstr ""
|
||
"Proses pengecualian adalah komponen penting dari ISMS. Bila tindakan "
|
||
"tertentu tidak sesuai dengan kebijakan keamanan yang ditetapkan organisasi, "
|
||
"mereka harus masuk log. Pembenaran yang tepat, deskripsi dan rincian "
|
||
"mitigasi perlu disertakan, dan ditandatangani oleh pihak berwenang yang "
|
||
"pantas. Konfigurasi default OpenStack dapat bervariasi dalam memenuhi "
|
||
"berbagai kriteria kepatuhan, area yang gagal memenuhi persyaratan kepatuhan "
|
||
"harus dicatat, dengan potensi perbaikan dianggap sebagai kontribusi bagi "
|
||
"masyarakat."
|
||
|
||
msgid ""
|
||
"An existing security service entity can be associated with share network "
|
||
"entities that inform the Shared File Systems service about security and "
|
||
"network configuration for a group of shares. You can also see the list of "
|
||
"all security services for a specified share network and disassociate them "
|
||
"from a share network."
|
||
msgstr ""
|
||
"Entitas layanan keamanan yang ada dapat dikaitkan dengan entitas jaringan "
|
||
"share yang menginformasikan layanan Shared File Systems tentang keamanan dan "
|
||
"konfigurasi jaringan untuk sekelompok share. Anda juga dapat melihat daftar "
|
||
"semua layanan keamanan untuk jaringan share tertentu dan melepaskannya dari "
|
||
"jaringan share."
|
||
|
||
msgid ""
|
||
"An optional system to which a CA delegates certain management functions, "
|
||
"this includes functions such as, authentication of end entities before they "
|
||
"are issued a certificate by a CA."
|
||
msgstr ""
|
||
"Sistem opsional dimana CA mendelegasikan fungsi manajemen tertentu, ini "
|
||
"mencakup fungsi seperti, otentikasi entitas akhir sebelum dikeluarkan "
|
||
"sertifikat oleh CA."
|
||
|
||
msgid ""
|
||
"An optional system to which a CA delegates the publication of certificate "
|
||
"revocation lists."
|
||
msgstr ""
|
||
"Sistem opsional dimana CA mendelegasikan publikasi daftar pencabutan "
|
||
"sertifikat."
|
||
|
||
msgid "An overview of all services running within the cloud infrastructure."
|
||
msgstr "Ikhtisar semua layanan yang berjalan di dalam infrastruktur awan."
|
||
|
||
msgid ""
|
||
"Andrew Hay is the Director of Applied Security Research at CloudPassage, "
|
||
"Inc. where he leads the security research efforts for the company and its "
|
||
"server security products purpose-built for dynamic public, private, and "
|
||
"hybrid cloud hosting environments."
|
||
msgstr ""
|
||
"Andrew Hay adalah Direktur Applied Security Research di CloudPassage, Inc. "
|
||
"di mana dia memimpin upaya penelitian keamanan untuk perusahaan dan produk "
|
||
"keamanan server yang dibuat khusus untuk lingkungan hosting awan publik, "
|
||
"private, dan hibrida yang dinamis."
|
||
|
||
msgid ""
|
||
"Annual, role-specific, security training is a mandatory requirement for "
|
||
"almost all compliance certifications and attestations. To optimize the "
|
||
"effectiveness of security training, a common method is to provide role "
|
||
"specific training, for example to developers, operational personnel, and non-"
|
||
"technical employees. Additional cloud security or OpenStack security "
|
||
"training based on this hardening guide would be ideal."
|
||
msgstr ""
|
||
"Pelatihan keamanan ,role-specific, tahunan adalah persyaratan wajib untuk "
|
||
"hampir semua sertifikasi kepatuhan dan pengesahan. Untuk mengoptimalkan "
|
||
"efektivitas pelatihan keamanan, metode yang umum adalah memberikan pelatihan "
|
||
"khusus peran, misalnya kepada pengembang, personil operasional, dan pegawai "
|
||
"non-teknis. Keamanan awan tambahan atau pelatihan keamanan OpenStack "
|
||
"berdasarkan panduan pengerasan ini akan ideal."
|
||
|
||
msgid "Another as a private interface with access to the storage nodes."
|
||
msgstr "Lain sebagai antarmuka pribadi dengan akses ke node penyimpanan."
|
||
|
||
msgid ""
|
||
"Another feature in OpenStack Networking is Load-Balancer-as-a-service "
|
||
"(LBaaS). The LBaaS reference implementation is based on HA-Proxy. There are "
|
||
"third-party plug-ins in development for extensions in OpenStack Networking "
|
||
"to provide extensive L4-L7 functionality for virtual interface ports."
|
||
msgstr ""
|
||
"Fitur lain di OpenStack Networking adalah Load-Balancer-as-a-service "
|
||
"(LBaaS). Implementasi referensi LBaaS didasarkan pada HA-Proxy. Ada plug-in "
|
||
"pihak ketiga dalam pengembangan untuk ekstensi di OpenStack Networking untuk "
|
||
"menyediakan fungsionalitas L4-L7 yang luas untuk port antarmuka virtual."
|
||
|
||
msgid ""
|
||
"Another thing to look into when selecting a hypervisor platform is the "
|
||
"availability of specific security features. In particular, features. For "
|
||
"example, Xen Server's XSM or Xen Security Modules, sVirt, Intel TXT, or "
|
||
"AppArmor."
|
||
msgstr ""
|
||
"Hal lain yang perlu diperhatikan saat memilih platform hypervisor adalah "
|
||
"tersedianya fitur keamanan tertentu. Secara khusus, fitur. Misalnya, Xen "
|
||
"Server XSM atau Xen Security Modules, sVirt, Intel TXT, atau AppArmor."
|
||
|
||
msgid "Ansible"
|
||
msgstr "Ansible"
|
||
|
||
msgid ""
|
||
"Any changes to ``/etc/manila/policy.json`` are effective immediately, which "
|
||
"allows new policies to be implemented while the Shared File Systems service "
|
||
"is running. Manual modification of the policy can have unexpected side "
|
||
"effects and is not encouraged. For details, see `The policy.json file "
|
||
"<https://docs.openstack.org/ocata/config-reference/policy-json-file.html>`_."
|
||
msgstr ""
|
||
"Setiap perubahan pada ``/etc/manila/policy.json`` berlaku efektif, yang "
|
||
"memungkinkan kebijakan baru diterapkan sementara layanan Shared File Systems "
|
||
"berjalan. Modifikasi manual dari kebijakan tersebut dapat menimbulkan efek "
|
||
"samping yang tidak diharapkan dan tidak dianjurkan. Untuk detailnya, lihat "
|
||
"`The policy.json file <https://docs.openstack.org/ocata/config-reference/"
|
||
"policy-json-file.html>`_."
|
||
|
||
msgid "Any data assets in transit across that interface"
|
||
msgstr "Aset data apa pun yang transit di antarmuka itu"
|
||
|
||
msgid ""
|
||
"Any data or metadata not included in the list above are not encrypted, "
|
||
"including:"
|
||
msgstr ""
|
||
"Data atau metadata yang tidak termasuk dalam daftar di atas tidak "
|
||
"dienkripsi, termasuk:"
|
||
|
||
msgid ""
|
||
"Any domains without a domain-specific configuration file will use options in "
|
||
"the primary ``keystone.conf`` file."
|
||
msgstr ""
|
||
"Setiap domain tanpa file konfigurasi domain-specific akan menggunakan opsi "
|
||
"di file `keystone.conf`` utama."
|
||
|
||
msgid "Apache"
|
||
msgstr "Apache"
|
||
|
||
msgid "AppArmor"
|
||
msgstr "AppArmor"
|
||
|
||
msgid ""
|
||
"AppArmor profiles for OpenStack services do not currently exist, but the "
|
||
"OpenStack-Ansible project handles this by `applying AppArmor profiles to "
|
||
"each container`_ that runs an OpenStack service."
|
||
msgstr ""
|
||
"Profil AppArmor untuk layanan OpenStack saat ini tidak ada, namun proyek "
|
||
"OpenStack-Ansible menangani hal ini dengan `applying AppArmor profiles to "
|
||
"each container`_ yang menjalankan layanan OpenStack."
|
||
|
||
msgid ""
|
||
"AppArmor.net, AppArmor Main Page. 2011. `http://wiki.apparmor.net/index.php/"
|
||
"Main_Page <http://wiki.apparmor.net/index.php/Main_Page>`_"
|
||
msgstr ""
|
||
"AppArmor.net, AppArmor Main Page. 2011. `http://wiki.apparmor.net/index.php/"
|
||
"Main_Page <http://wiki.apparmor.net/index.php/Main_Page>`_"
|
||
|
||
msgid "Appendix"
|
||
msgstr "Lampiran"
|
||
|
||
msgid ""
|
||
"Application events such as start or stop events that were unscheduled would "
|
||
"also be events to monitor and examine for possible security implications."
|
||
msgstr ""
|
||
"Event aplikasi seperti memulai atau menghentikan event yang tidak terjadwal "
|
||
"juga merupakan event untuk memantau dan memeriksa kemungkinan implikasi "
|
||
"keamanan."
|
||
|
||
msgid ""
|
||
"Applications store and retrieve data in Object Storage via an industry-"
|
||
"standard HTTP RESTful API. Back end components of Object Storage follow the "
|
||
"same RESTful model, although some APIs, such as those managing durability, "
|
||
"are kept private to the cluster. For more details on the API see the "
|
||
"`OpenStack Storage API <https://developer.openstack.org/api-ref/object-"
|
||
"storage/>`_."
|
||
msgstr ""
|
||
"Aplikasi menyimpan dan mengambil data di Object Storage melalui industry-"
|
||
"standard HTTP RESTful API. Komponen back end dari Object Storage mengikuti "
|
||
"model RESTful yang sama, meskipun beberapa API, seperti yang mengatur daya "
|
||
"tahan, dijaga tetap tertutup oleh cluster. Untuk detail lebih lanjut tentang "
|
||
"API lihat `OpenStack Storage API <https://developer.openstack.org/api-ref/"
|
||
"object-storage/>`_."
|
||
|
||
msgid ""
|
||
"Apply checks :ref:`check_shared_fs_01` and :ref:`check_shared_fs_02` from "
|
||
"the checklist to verify that permissions are set properly."
|
||
msgstr ""
|
||
"Terapkan cek :ref:`check_shared_fs_01` dan :ref:`check_shared_fs_02` dari "
|
||
"checklist untuk memverifikasi bahwa izin ditetapkan dengan benar."
|
||
|
||
msgid ""
|
||
"Appropriate logging is implemented to monitor for unauthorized use, incident "
|
||
"response and forensics. We highly recommend selected audit subsystems be "
|
||
"Common Criteria certified, which provides non-attestable event records in "
|
||
"most countries."
|
||
msgstr ""
|
||
"Logging yang tepat diimplementasikan untuk memantau penggunaan yang tidak "
|
||
"sah, respon kejadian dan forensik. Kami sangat merekomendasikan subsistem "
|
||
"audit terpilih menjadi Common Criteria yang disertifikasi, yang menyediakan "
|
||
"rekaman acara yang tidak dapat dikesampingkan (non-attestable) di sebagian "
|
||
"besar negara."
|
||
|
||
msgid "Architecture"
|
||
msgstr "Arsitektur"
|
||
|
||
msgid "Architecture diagram"
|
||
msgstr "Diagram arsitektur"
|
||
|
||
msgid "Architecture page guidance"
|
||
msgstr "Panduan halaman arsitektur"
|
||
|
||
msgid ""
|
||
"Artho, Yagi, Iijima, Kuniyasu Suzaki. Memory Deduplication as a Threat to "
|
||
"the Guest OS. 2011. `https://staff.aist.go.jp/c.artho/papers/EuroSec2011-"
|
||
"suzaki.pdf <https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf>`_"
|
||
msgstr ""
|
||
"Artho, Yagi, Iijima, Kuniyasu Suzaki. Memory Deduplication sebagai Threat "
|
||
"bagi Guest OS. 2011. `https://staff.aist.go.jp/c.artho/papers/EuroSec2011-"
|
||
"suzaki.pdf <https://staff.aist.go.jp/c.artho/papers/EuroSec2011-suzaki.pdf>`_"
|
||
|
||
msgid ""
|
||
"As OpenStack adoption continues to grow and the product matures, security "
|
||
"has become a priority. The OpenStack Security Group has recognized the need "
|
||
"for a comprehensive and authoritative security guide. The **OpenStack "
|
||
"Security Guide** has been written to provide an overview of security best "
|
||
"practices, guidelines, and recommendations for increasing the security of an "
|
||
"OpenStack deployment. The authors bring their expertise from deploying and "
|
||
"securing OpenStack in a variety of environments."
|
||
msgstr ""
|
||
"Seiring adopsi OpenStack terus berkembang dan produknya akan matang, "
|
||
"keamanan menjadi prioritas. Grup Keamanan OpenStack telah mengenali "
|
||
"kebutuhan akan panduan keamanan komprehensif dan berwibawa. **OpenStack "
|
||
"Security Guide** telah ditulis untuk memberikan gambaran umum tentang "
|
||
"praktik terbaik keamanan, pedoman, dan rekomendasi untuk meningkatkan "
|
||
"keamanan penerapan OpenStack. Penulis membawa keahlian mereka untuk "
|
||
"menerapkan dan mengamankan OpenStack di berbagai lingkungan."
|
||
|
||
msgid ""
|
||
"As OpenStack is a popular open source project, much of the codebase and "
|
||
"architecture has been scrutinized by individual contributors, organizations, "
|
||
"and enterprises. This can be advantageous from a security perspective, "
|
||
"however the need for security reviews is still a critical consideration for "
|
||
"service providers, as deployments vary, and security is not always the "
|
||
"primary concern for contributors. A comprehensive security review process "
|
||
"may include architectural review, threat modeling, source code analysis and "
|
||
"penetration testing. There are many techniques and recommendations for "
|
||
"conducting security reviews that can be found publicly posted. A well-tested "
|
||
"example is the `Microsoft SDL <http://www.microsoft.com/security/sdl/process/"
|
||
"release.aspx>`_, created as part of the Microsoft Trustworthy Computing "
|
||
"Initiative."
|
||
msgstr ""
|
||
"Karena OpenStack adalah proyek open source yang populer, sebagian besar "
|
||
"basis kode dan arsitektur telah diteliti oleh kontributor, organisasi, dan "
|
||
"perusahaan individual. Hal ini dapat menguntungkan dari perspektif keamanan, "
|
||
"namun kebutuhan akan tinjauan keamanan masih merupakan pertimbangan penting "
|
||
"bagi penyedia layanan, karena penerapannya berbeda-beda, dan keamanan tidak "
|
||
"selalu menjadi perhatian utama kontributor. Proses tinjauan keamanan yang "
|
||
"komprehensif dapat mencakup tinjauan arsitektural, pemodelan ancaman, "
|
||
"analisis kode sumber dan pengujian penetrasi. Ada banyak teknik dan "
|
||
"rekomendasi untuk melakukan tinjauan keamanan yang dapat ditemukan di "
|
||
"publikasikan. Contoh yang teruji dengan baik adalah `Microsoft SDL <http://"
|
||
"www.microsoft.com/security/sdl/process/release.aspx>` _, dibuat sebagai "
|
||
"bagian dari Microsoft Trustworthy Computing Initiative."
|
||
|
||
msgid ""
|
||
"As a cloud administrator, the dashboard provides an overall view of the size "
|
||
"and state of your cloud. You can create users and tenants/projects, assign "
|
||
"users to tenant/projects and set limits on the resources available for them."
|
||
msgstr ""
|
||
"Sebagai administrator awan, dasbor memberikan tampilan keseluruhan tentang "
|
||
"ukuran dan keadaan awan Anda. Anda dapat membuat pengguna dan penyewa / "
|
||
"proyek, menetapkan pengguna ke penyewa / proyek dan menetapkan batasan pada "
|
||
"sumber daya yang tersedia untuk mereka."
|
||
|
||
msgid ""
|
||
"As a general practice, live migration traffic should be restricted to the "
|
||
"management security domain, see :doc:`../introduction/security-boundaries-"
|
||
"and-threats`. With live migration traffic, due to its plain text nature and "
|
||
"the fact that you are transferring the contents of disk and memory of a "
|
||
"running instance, it is recommended you further separate live migration "
|
||
"traffic onto a dedicated network. Isolating the traffic to a dedicated "
|
||
"network can reduce the risk of exposure."
|
||
msgstr ""
|
||
"Sebagai praktik umum, lalu lintas migrasi langsung harus dibatasi pada "
|
||
"domain keamanan manajemen, lihat :doc:`../introduction/security-boundaries-"
|
||
"and-threats`. Dengan lalu lintas migrasi langsung, karena sifat teksnya yang "
|
||
"biasa dan kenyataan bahwa Anda mentransfer isi disk dan memori instance yang "
|
||
"berjalan, sebaiknya Anda memisahkan lalu lintas migrasi langsung ke jaringan "
|
||
"dedicated. Mengisolasi lalu lintas ke jaringan dedicated dapat mengurangi "
|
||
"risiko terkena exposure (pembukaan)."
|
||
|
||
msgid ""
|
||
"As a web service, OpenStack API is susceptible to familiar web site attack "
|
||
"vectors such as denial of service attacks."
|
||
msgstr ""
|
||
"Sebagai layanan web, API OpenStack rentan terhadap vektor serangan situs web "
|
||
"yang familiar seperti serangan penolakan layanan (denial of service)."
|
||
|
||
msgid ""
|
||
"As an OpenStack virtual machine is a server image able to be replicated "
|
||
"across hosts, best practice in logging applies similarly between physical "
|
||
"and virtual hosts. Operating system-level and application-level events "
|
||
"should be logged, including access events to hosts and data, user additions "
|
||
"and removals, changes in privilege, and others as dictated by the "
|
||
"environment. Ideally, you can configure these logs to export to a log "
|
||
"aggregator that collects log events, correlates them for analysis, and "
|
||
"stores them for reference or further action. One common tool to do this is "
|
||
"an `ELK stack, or Elasticsearch, Logstash, and Kibana <https://www.elastic."
|
||
"co/>`_."
|
||
msgstr ""
|
||
"Sebagai mesin virtual OpenStack adalah image server yang dapat direplikasi "
|
||
"di host, praktik terbaik dalam logging berlaku serupa antara host fisik dan "
|
||
"virtual. Tingkat sistem operasi dan tingkat aplikasi harus dicatat, termasuk "
|
||
"aktivitas akses ke host dan data, penambahan dan kepindahan pengguna, "
|
||
"perubahan hak istimewa, dan lainnya seperti yang didikte oleh lingkungan. "
|
||
"Idealnya, Anda dapat mengonfigurasi log ini untuk diekspor ke agregator log "
|
||
"yang mengumpulkan peristiwa log, mengkorelasikannya untuk analisis, dan "
|
||
"menyimpannya untuk referensi atau tindakan lebih lanjut. Salah satu alat "
|
||
"yang umum dilakukan adalah `ELK stack, atau Elasticsearch, Logstash, dan "
|
||
"Kibana <https://www.elastic.co/>` _."
|
||
|
||
msgid ""
|
||
"As an administrator, you can connect through SSH to a host with "
|
||
"``10.254.0.3`` IP address, check the ``/etc/exports`` file on it and see "
|
||
"that it is empty:"
|
||
msgstr ""
|
||
"Sebagai administrator, Anda dapat terhubung melalui SSH ke host dengan "
|
||
"alamat IP ``10.254.0.3``, periksa file ``/etc/exports`` di dalamnya dan "
|
||
"lihat isinya kosong:"
|
||
|
||
msgid ""
|
||
"As an administrator, you can create share types that enable the scheduler to "
|
||
"filter back ends before you create a share. Share types have extra "
|
||
"specifications that you can set for the scheduler to filter and weigh back "
|
||
"ends so that an appropriate one is selected for a user that requests share "
|
||
"creation. Shares and share types can be created as public or private. This "
|
||
"level of visibility defines whether other tenants are able to see these "
|
||
"objects and operate with them, or not. An administrator can add :ref:`access "
|
||
"to the private share types <shared_fs_share_types_acl>` for specific users "
|
||
"or tenants in the Identity service. Thus users which you have granted access "
|
||
"can see available share types and create shares using them."
|
||
msgstr ""
|
||
"Sebagai administrator, Anda dapat membuat jenis share yang memungkinkan "
|
||
"penjadwal memfilter kembali sebelum Anda membuat share. Jenis share memiliki "
|
||
"spesifikasi tambahan dimana Anda dapat menetapkan penjadwal penyaringan dan "
|
||
"pembobotan back end sehingga share yang sesuai dipilih untuk pengguna yang "
|
||
"meminta pembuatan share. Share dan tipe share bisa dibuat sebagai publik "
|
||
"atau privat. Tingkat visibilitas ini mendefinisikan apakah penyewa lain "
|
||
"dapat melihat object ini dan beroperasi dengan mereka, atau tidak. "
|
||
"Administrator bisa menambahkan :ref:`access to the private share types "
|
||
"<shared_fs_share_types_acl>` untuk pengguna atau penyewa tertentu dalam "
|
||
"layanan Identity. Dengan demikian pengguna yang telah Anda berikan akses "
|
||
"dapat melihat jenis share yang tersedia dan membuat share yang "
|
||
"menggunakannya."
|
||
|
||
msgid ""
|
||
"As an alternative to VNC, OpenStack provides remote desktop access to guest "
|
||
"virtual machines using the Simple Protocol for Independent Computing "
|
||
"Environments (SPICE) protocol."
|
||
msgstr ""
|
||
"Sebagai alternatif untuk VNC, OpenStack menyediakan akses remote desktop ke "
|
||
"mesin virtual tamu menggunakan protokol Simple Protocol for Independent "
|
||
"Computing Environments (SPICE)."
|
||
|
||
msgid ""
|
||
"As an example, being an administrator user in admin tenant, you can create a "
|
||
"private share type named ``my_type`` and see it in the list. In the console "
|
||
"examples the logging in and out is omitted, and environment variables are "
|
||
"provided to show the current logged in user."
|
||
msgstr ""
|
||
"Sebagai contoh, sebagai pengguna administrator di penyewa admin, Anda dapat "
|
||
"membuat jenis share privat bernama ``my_type`` dan melihatnya dalam daftar. "
|
||
"Dalam contoh konsol, log in dan out dihilangkan, dan variabel lingkungan "
|
||
"disediakan untuk menunjukkan pengguna yang masuk saat ini."
|
||
|
||
msgid ""
|
||
"As is the case for VNC, at this time we recommend using SPICE from the "
|
||
"management network in addition to limiting use to few individuals."
|
||
msgstr ""
|
||
"Seperti kasus VNC, saat ini kami merekomendasikan penggunaan SPICE dari "
|
||
"jaringan manajemen selain membatasi penggunaan beberapa individu."
|
||
|
||
msgid ""
|
||
"As part of your hypervisor selection process, you must consider a number of "
|
||
"important factors to help increase your security posture. Specifically, you "
|
||
"must become familiar with these areas:"
|
||
msgstr ""
|
||
"Sebagai bagian dari proses seleksi hypervisor Anda, Anda harus "
|
||
"mempertimbangkan sejumlah faktor penting untuk membantu meningkatkan postur "
|
||
"keamanan Anda. Secara khusus, Anda harus terbiasa dengan area ini:"
|
||
|
||
msgid ""
|
||
"As technology has advanced the number of secret things that need to be "
|
||
"protected has increased beyond key materials to include certificate pairs, "
|
||
"API keys, system passwords, signing keys and so on. This increase has "
|
||
"created a need for a more scalable approach to key management, and resulted "
|
||
"in the creation of a number of software services that provide scalable "
|
||
"dynamic key management. This chapter describes the services that exist today "
|
||
"and focus on those that are able to be integrated into OpenStack clouds."
|
||
msgstr ""
|
||
"Sebagai teknologi telah maju, jumlah hal rahasia yang perlu dilindungi telah "
|
||
"meningkat melampaui materi kunci untuk memasukkan pasangan sertifikat, kunci "
|
||
"API, password sistem, kunci tanda tangan dan sebagainya. Peningkatan ini "
|
||
"telah menciptakan kebutuhan akan pendekatan yang lebih terukur untuk "
|
||
"manajemen kunci, dan menghasilkan pembuatan sejumlah layanan perangkat lunak "
|
||
"yang memberikan manajemen kunci dinamis terukur. Bab ini menjelaskan layanan "
|
||
"yang ada saat ini dan berfokus pada perangkat yang dapat diintegrasikan ke "
|
||
"dalam awan OpenStack."
|
||
|
||
msgid ""
|
||
"As the security requirements of organizations deploying this service will "
|
||
"vary based on their specific needs, we recommend that operators focus on "
|
||
"data privacy, cluster management, and end-user applications as a starting "
|
||
"point for evaluating the needs of their users. These decisions will help "
|
||
"guide the process of configuring user access to the service. For an expanded "
|
||
"discussion on data privacy see :doc:`../tenant-data`."
|
||
msgstr ""
|
||
"Karena persyaratan keamanan dari organisasi yang menerapkan layanan ini akan "
|
||
"bervariasi berdasarkan kebutuhan spesifik mereka, kami merekomendasikan agar "
|
||
"operator fokus pada privasi data, pengelolaan cluster, dan aplikasi pengguna "
|
||
"akhir sebagai titik awal untuk mengevaluasi kebutuhan pengguna mereka. "
|
||
"Keputusan ini akan membantu memandu proses konfigurasi akses pengguna ke "
|
||
"layanan. Untuk diskusi yang diperluas tentang privasi data lihat :doc:`../"
|
||
"tenant-data`."
|
||
|
||
msgid ""
|
||
"As with hardware, all software components within the OpenStack deployment "
|
||
"should be documented. Examples include:"
|
||
msgstr ""
|
||
"Seperti perangkat keras, semua komponen perangkat lunak dalam penyebaran "
|
||
"OpenStack harus didokumentasikan. Contohnya meliputi:"
|
||
|
||
msgid ""
|
||
"As with most things, there are trade-offs. The main trade-off is going to be "
|
||
"between security and performance. Encryption has a cost, but so does being "
|
||
"hacked. The security and performance requirements are going to be different "
|
||
"for every deployment, so how SSL/TLS is used will ultimately be an "
|
||
"individual decision."
|
||
msgstr ""
|
||
"Seperti kebanyakan hal, ada trade-off. Trade-off utama akan terjadi antara "
|
||
"keamanan dan kinerja. Enkripsi memiliki biaya, tapi begitu juga diretas. "
|
||
"Persyaratan keamanan dan kinerja akan berbeda untuk setiap penyebaran, jadi "
|
||
"bagaimana SSL/TLS digunakan pada akhirnya akan menjadi keputusan individual."
|
||
|
||
msgid ""
|
||
"As with the OpenStack Operations Guide, we followed the book sprint "
|
||
"methodology. The book sprint process allows for rapid development and "
|
||
"production of large bodies of written work. Coordinators from the OpenStack "
|
||
"Security Group re-enlisted the services of Adam Hyde as facilitator. "
|
||
"Corporate support was obtained and the project was formally announced during "
|
||
"the OpenStack summit in Portland, Oregon."
|
||
msgstr ""
|
||
"Seperti halnya OpenStack Operations Guide, kami mengikuti metodologi sprint "
|
||
"buku ini. Proses sprint buku memungkinkan perkembangan pesat dan produksi "
|
||
"benda besar karya tulis. Koordinator dari OpenStack Security Group kembali "
|
||
"mendaftarkan layanan Adam Hyde sebagai fasilitator. Dukungan perusahaan "
|
||
"diperoleh dan proyek tersebut diumumkan secara resmi saat KTT OpenStack di "
|
||
"Portland, Oregon."
|
||
|
||
msgid "Assets in flight"
|
||
msgstr "Assets in flight"
|
||
|
||
msgid ""
|
||
"Assets in flight: User keystone credentials, plaintext secrets, HTTP verb, "
|
||
"secret ID, path"
|
||
msgstr ""
|
||
"Assets in flight: Kredensial keystone pengguna, rahasia plaintext, kata "
|
||
"kerja HTTP, ID rahasia, jalur"
|
||
|
||
msgid ""
|
||
"At each level, you have ACLs that dictate who has what type of access. ACLs "
|
||
"are interpreted based on what authentication system is in use. The two most "
|
||
"common types of authentication providers used are Identity service "
|
||
"(keystone) and TempAuth. Custom authentication providers are also possible. "
|
||
"See :ref:`object_storage_authentication` for more information."
|
||
msgstr ""
|
||
"Pada setiap tingkat, Anda memiliki ACL yang mendikte siapa yang memiliki "
|
||
"jenis akses apa. ACL ditafsirkan berdasarkan sistem autentikasi yang "
|
||
"digunakan. Dua jenis penyedia otentikasi yang paling umum digunakan adalah "
|
||
"layanan Identity (keystone) dan TempAuth. Penyedia otentikasi kustom juga "
|
||
"dimungkinkan. Lihat :ref: `object_storage_authentication` untuk informasi "
|
||
"lebih lanjut."
|
||
|
||
msgid ""
|
||
"At its most basic, authentication is the process of confirming identity - "
|
||
"that a user is actually who they claim to be. A familiar example is "
|
||
"providing a username and password when logging in to a system."
|
||
msgstr ""
|
||
"Yang paling dasar, autentikasi adalah proses konfirmasi identitas - bahwa "
|
||
"pengguna sebenarnya adalah orang yang mereka klaim. Contoh yang familiar "
|
||
"adalah menyediakan username dan password saat login ke sebuah sistem."
|
||
|
||
msgid ""
|
||
"At the opposite end of the spectrum is the private cloud. As NIST defines "
|
||
"it, a private cloud is provisioned for exclusive use by a single "
|
||
"organization comprising multiple consumers, such as business units. The "
|
||
"cloud may be owned, managed, and operated by the organization, a third-"
|
||
"party, or some combination of them, and it may exist on or off premises. "
|
||
"Private-cloud use cases are diverse and, as such, their individual security "
|
||
"concerns vary."
|
||
msgstr ""
|
||
"Di ujung spektrum (opposite end) yang berlawanan adalah awan pribadi. "
|
||
"Sebagai NIST mendefinisikannya, awan pribadi ditetapkan untuk penggunaan "
|
||
"eksklusif oleh satu organisasi yang terdiri dari beberapa konsumen, seperti "
|
||
"unit bisnis. Awan dapat dimiliki, dikelola, dan dioperasikan oleh "
|
||
"organisasi, pihak ketiga, atau beberapa kombinasi dari keduanya, dan mungkin "
|
||
"ada di dalam atau di luar lokasi. Kasus penggunaan awan pribadi beragam dan, "
|
||
"karena itu, masalah keamanan individual mereka beragam."
|
||
|
||
msgid ""
|
||
"At the time of this writing, very few clouds are using secure boot "
|
||
"technologies in a production environment. As a result, these technologies "
|
||
"are still somewhat immature. We recommend planning carefully in terms of "
|
||
"hardware selection. For example, ensure that you have a TPM and Intel TXT "
|
||
"support. Then verify how the node hardware vendor populates the PCR values. "
|
||
"For example, which values will be available for validation. Typically the "
|
||
"PCR values listed under the software context in the table above are the ones "
|
||
"that a cloud architect has direct control over. But even these may change as "
|
||
"the software in the cloud is upgraded. Configuration management should be "
|
||
"linked into the PCR policy engine to ensure that the validation is always up "
|
||
"to date."
|
||
msgstr ""
|
||
"Pada saat penulisan ini, sedikit awan menggunakan teknologi boot aman di "
|
||
"lingkungan produksi. Akibatnya, teknologi ini masih belum matang. Sebaiknya "
|
||
"rencanakan dengan hati-hati dalam hal pemilihan perangkat keras. Misalnya, "
|
||
"pastikan Anda memiliki dukungan TPM dan Intel TXT. Kemudian verifikasi "
|
||
"bagaimana vendor perangkat keras node memasangkan nilai PCR. Misalnya, nilai "
|
||
"mana yang akan tersedia untuk validasi. Biasanya nilai PCR yang tercantum "
|
||
"dalam konteks perangkat lunak pada tabel di atas adalah yang arsitek awan "
|
||
"memiliki kontrol langsung. Tetapi bahkan ini mungkin berubah karena "
|
||
"perangkat lunak di awan ditingkatkan. Manajemen konfigurasi harus "
|
||
"dihubungkan ke dalam mesin kebijakan PCR untuk memastikan validasi selalu up "
|
||
"to date."
|
||
|
||
msgid ""
|
||
"At this point the SAML Assertion can be sent to the Service Provider "
|
||
"keystone, and a valid OpenStack token, issued by a Service Provider "
|
||
"keystone, will be returned."
|
||
msgstr ""
|
||
"Pada titik ini, SAML Assertion dapat dikirim ke Service Provider keystone, "
|
||
"dan token OpenStack yang valid, yang dikeluarkan oleh Service Provider "
|
||
"keystone akan dikembalikan."
|
||
|
||
msgid ""
|
||
"At this point we know that the node has booted with the correct kernel and "
|
||
"underlying components. The next step is to harden the operating system and "
|
||
"it starts with a set of industry-accepted hardening controls. The following "
|
||
"guides are good examples:"
|
||
msgstr ""
|
||
"Pada titik ini kita tahu bahwa node telah boot dengan kernel yang benar dan "
|
||
"komponen yang mendasarinya. Langkah selanjutnya adalah mengeraskan sistem "
|
||
"operasi dan dimulai dengan seperangkat kontrol pengerasan yang diterima "
|
||
"industri. Panduan berikut adalah contoh yang baik:"
|
||
|
||
msgid ""
|
||
"At this time, live migration is enabled in OpenStack by default. Live "
|
||
"migrations can be disabled by adding the following lines to the nova "
|
||
"``policy.json`` file:"
|
||
msgstr ""
|
||
"Pada saat ini, migrasi langsung diaktifkan di OpenStack secara default. "
|
||
"Migrasi langsung dapat dinonaktifkan dengan menambahkan baris berikut ke "
|
||
"file nova `policy.json``:"
|
||
|
||
msgid ""
|
||
"At various stages of the live migration process the contents of an instances "
|
||
"run time memory and disk are transmitted over the network in plain text. "
|
||
"Thus there are several risks that need to be addressed when using live "
|
||
"migration. The following in-exhaustive list details some of these risks:"
|
||
msgstr ""
|
||
"Pada berbagai tahap proses migrasi langsung, isi instance menjalankan memori "
|
||
"dan disk waktu dikirimkan melalui jaringan dalam teks biasa. Dengan demikian "
|
||
"ada beberapa risiko yang perlu diperhatikan saat menggunakan migrasi "
|
||
"langsung. Berikut daftar lengkap rincian beberapa dari risiko ini:"
|
||
|
||
msgid "Attack types"
|
||
msgstr "Jenis serangan"
|
||
|
||
msgid "Attacker position / Privilege level"
|
||
msgstr "Posisi penyerang / tingkat privilege"
|
||
|
||
msgid "Audit"
|
||
msgstr "Audit"
|
||
|
||
msgid "Audit reference"
|
||
msgstr "Referensi Audit"
|
||
|
||
msgid "Auth services"
|
||
msgstr "Layanan Auth"
|
||
|
||
msgid ""
|
||
"Authenticate externally and generate an :term:`unscoped token` in Identity "
|
||
"service."
|
||
msgstr ""
|
||
"Mengautentikasi secara eksternal dan menghasilkan sebuah :term:`unscoped "
|
||
"token` dalam layanan Identity."
|
||
|
||
msgid "Authentication"
|
||
msgstr "Otentikasi"
|
||
|
||
msgid ""
|
||
"Authentication and authorization policy in OpenStack may be delegated to "
|
||
"another service. A typical use case is an organization that seeks to deploy "
|
||
"a private cloud and already has a database of employees and users in an LDAP "
|
||
"system. Using this as the authentication authority, requests to the Identity "
|
||
"service are delegated to the LDAP system, which will then authorize or deny "
|
||
"based on its policies. Upon successful authentication, the Identity service "
|
||
"then generates a token that is used for access to authorized services."
|
||
msgstr ""
|
||
"Kebijakan otentikasi dan otorisasi di OpenStack dapat didelegasikan ke "
|
||
"layanan lain. Kasus penggunaan yang khas adalah organisasi yang berusaha "
|
||
"menyebarkan awan pribadi dan sudah memiliki database karyawan dan pengguna "
|
||
"dalam sistem LDAP. Dengan menggunakan ini sebagai otoritas otentikasi, "
|
||
"permintaan ke layanan Identitas didelegasikan ke sistem LDAP, yang kemudian "
|
||
"akan memberi otorisasi atau menolak berdasarkan kebijakannya. Setelah "
|
||
"otentikasi berhasil, layanan Identitas kemudian menghasilkan token yang "
|
||
"digunakan untuk akses ke layanan resmi."
|
||
|
||
msgid "Authentication configuration example: Qpid"
|
||
msgstr "Contoh konfigurasi otentikasi: Qpid"
|
||
|
||
msgid "Authentication configuration example: RabbitMQ"
|
||
msgstr "Contoh konfigurasi otentikasi: RabbitMQ"
|
||
|
||
msgid ""
|
||
"Authentication does not take place at the storage nodes. If you are able to "
|
||
"connect to a storage node on one of these ports, you can access or modify "
|
||
"data without authentication. In order to secure against this issue you "
|
||
"should follow the recommendations given previously about using a private "
|
||
"storage network."
|
||
msgstr ""
|
||
"Otentikasi tidak terjadi pada node penyimpanan. Jika Anda dapat terhubung ke "
|
||
"node penyimpanan di salah satu port ini, Anda dapat mengakses atau "
|
||
"memodifikasi data tanpa otentikasi. Untuk mengatasi masalah ini, Anda harus "
|
||
"mengikuti rekomendasi yang diberikan sebelumnya tentang penggunaan jaringan "
|
||
"penyimpanan pribadi."
|
||
|
||
msgid ""
|
||
"Authentication is an integral part of any real world OpenStack deployment "
|
||
"and so careful thought should be given to this aspect of system design. A "
|
||
"complete treatment of this topic is beyond the scope of this guide however "
|
||
"some key topics are presented in the following sections."
|
||
msgstr ""
|
||
"Otentikasi adalah bagian integral dari pengerahan OpenStack dunia nyata dan "
|
||
"pemikiran hati-hati harus diberikan pada aspek perancangan sistem ini. "
|
||
"Perlakuan lengkap terhadap topik ini berada di luar cakupan panduan ini "
|
||
"namun beberapa topik utama dipresentasikan pada bagian berikut."
|
||
|
||
msgid "Authentication methods"
|
||
msgstr "Metode otentikasi"
|
||
|
||
msgid "Authentication service"
|
||
msgstr "Layanan Authentication"
|
||
|
||
msgid "Authentication with X.509 certificates"
|
||
msgstr "Otentikasi dengan sertifikat X.509"
|
||
|
||
msgid "Authentication, key exchange"
|
||
msgstr "Otentikasi, pertukaran kunci"
|
||
|
||
msgid "Authentication?"
|
||
msgstr "Otentikasi?"
|
||
|
||
msgid "Authorization"
|
||
msgstr "Otorisasi"
|
||
|
||
msgid ""
|
||
"Automated vulnerability scanning/exploitation. Non-targeted attacks. Often "
|
||
"only a nuisance, compromise by one of these actors presents a major risk to "
|
||
"an organization's reputation."
|
||
msgstr ""
|
||
"Pemindaian/eksploitasi kerentanan otomatis. Serangan yang tidak ditargetkan. "
|
||
"Seringkali hanya gangguan, kompromi oleh salah satu aktor ini menghadirkan "
|
||
"risiko besar bagi reputasi sebuah organisasi."
|
||
|
||
msgid ""
|
||
"Availability Failure Impact: barbican could no longer create new secrets "
|
||
"without access to the queue."
|
||
msgstr ""
|
||
"Availability Failure Impact: barbican tidak bisa lagi menciptakan rahasia "
|
||
"baru tanpa akses ke antrian."
|
||
|
||
msgid ""
|
||
"Availability Failure Impact: barbican will not be able to validate user "
|
||
"credentials and fail. DoS."
|
||
msgstr ""
|
||
"Availability Failure Impact: barbican tidak akan bisa memvalidasi kredensial "
|
||
"pengguna dan gagal. DoS."
|
||
|
||
msgid "Availability of expertise"
|
||
msgstr "Ketersediaan keahlian"
|
||
|
||
msgid "Backup and disaster recovery"
|
||
msgstr "Backup dan pemulihan bencana"
|
||
|
||
msgid "Barbican"
|
||
msgstr "Barbican"
|
||
|
||
msgid "Barbican Role Based Access Control"
|
||
msgstr "Barbican Role Based Access Control"
|
||
|
||
msgid ""
|
||
"Barbican depends on the use of Hardware Security Module (HSM) appliance."
|
||
msgstr ""
|
||
"Barbican tergantung pada penggunaan alat Hardware Security Module (HSM)."
|
||
|
||
msgid ""
|
||
"Barbican has a number of back-end plugins that can be used to securely store "
|
||
"secrets in local databases or in HSMs."
|
||
msgstr ""
|
||
"Barbican memiliki sejumlah plugin back-end yang dapat digunakan untuk "
|
||
"menyimpan rahasia dengan aman di database lokal atau di HSM."
|
||
|
||
msgid ""
|
||
"Barbican has multiple pluggable back-ends which can communicate with "
|
||
"software and hardware based security modules using PKCS#11 or KMIP."
|
||
msgstr ""
|
||
"Barbican memiliki beberapa pluggable back-ends yang dapat berkomunikasi "
|
||
"dengan modul keamanan berbasis perangkat lunak dan perangkat keras "
|
||
"menggunakan PKCS#11 atau KMIP."
|
||
|
||
msgid ""
|
||
"Barbican is a REST API designed for the secure storage, provisioning and "
|
||
"management of secrets such as passwords, encryption keys and X.509 "
|
||
"certificates. It is aimed at being useful for all environments, including "
|
||
"large ephemeral clouds."
|
||
msgstr ""
|
||
"Barbican adalah REST API yang dirancang untuk penyimpanan, penyediaan dan "
|
||
"pengelolaan rahasia seperti password, kunci enkripsi dan sertifikat X.509. "
|
||
"Hal ini bertujuan berguna untuk semua lingkungan, termasuk awan fana yang "
|
||
"besar."
|
||
|
||
msgid ""
|
||
"Barbican is an OpenStack service that is multi-tenant aware and that uses "
|
||
"Keystone tokens for authentication. This means that access to secrets is "
|
||
"controlled via OpenStack policies for tenants and RBAC roles."
|
||
msgstr ""
|
||
"Barbican adalah layanan OpenStack yang menjaga multi-tenant dan menggunakan "
|
||
"token Keystone untuk otentikasi. Ini berarti bahwa akses terhadap rahasia "
|
||
"dikendalikan melalui kebijakan OpenStack untuk tenant dan peran RBAC."
|
||
|
||
msgid ""
|
||
"Barbican is integrated with several OpenStack features, either directly or "
|
||
"as a back end of `Castellan <https://wiki.openstack.org/wiki/Castellan>`_."
|
||
msgstr ""
|
||
"Barbican terintegrasi dengan beberapa fitur OpenStack, baik secara langsung "
|
||
"maupun sebagai back end `Castellan <https://wiki.openstack.org/wiki/"
|
||
"Castellan>`_."
|
||
|
||
msgid ""
|
||
"Barbican is often used as a key management system to enable use cases such "
|
||
"as Image signature verification, Volume encryption. These use cases are "
|
||
"outlined in the :doc:`secrets-management-use-cases`"
|
||
msgstr ""
|
||
"Barbican sering digunakan sebagai sistem manajemen kunci untuk memungkinkan "
|
||
"penggunaan kasus seperti verifikasi tanda tangan Image, enkripsi Volume. "
|
||
"Kasus penggunaan ini diuraikan di :doc:`secrets-management-use-cases`"
|
||
|
||
msgid "Bare metal server sanitization"
|
||
msgstr "Sanitasi server Bare Metal"
|
||
|
||
msgid ""
|
||
"Based upon system security category as defined in FIPS 199, an organization "
|
||
"utilizes FIPS 200 to identify specific security control requirements for the "
|
||
"information system. For example, if a system is categorized as \"moderate\" "
|
||
"a requirement may be introduced to mandate \"secure passwords\"."
|
||
msgstr ""
|
||
"Berdasarkan kategori keamanan sistem sebagaimana didefinisikan dalam FIPS "
|
||
"199, sebuah organisasi menggunakan FIPS 200 untuk mengidentifikasi "
|
||
"persyaratan pengendalian keamanan spesifik untuk sistem informasi. Misalnya, "
|
||
"jika sebuah sistem dikategorikan \"moderate\", sebuah persyaratan dapat "
|
||
"dikenalkan untuk mengamanatkan \"secure passwords\"."
|
||
|
||
msgid "Basic web server configuration"
|
||
msgstr "Konfigurasi server web dasar"
|
||
|
||
msgid ""
|
||
"Because API endpoints typically bridge multiple security domains, you must "
|
||
"pay particular attention to the compartmentalization of the API processes. "
|
||
"See :ref:`Bridging_security_domains` for additional information in this area."
|
||
msgstr ""
|
||
"Karena endpoint API biasanya menjembatani beberapa domain keamanan, Anda "
|
||
"harus memberi perhatian khusus pada kompartementalisasi proses API. Lihat: "
|
||
"ref: `Bridging_security_domains` untuk informasi tambahan di area ini."
|
||
|
||
msgid ""
|
||
"Because most management commands flow through the message queuing system, "
|
||
"message-queue security is a primary security concern for any OpenStack "
|
||
"deployment, and is discussed in detail later in this guide."
|
||
msgstr ""
|
||
"Karena sebagian besar perintah manajemen mengalir melalui sistem antrian "
|
||
"pesan, keamanan message-queue merupakan masalah keamanan utama untuk "
|
||
"penyebaran OpenStack, dan akan dibahas secara rinci nanti dalam panduan ini."
|
||
|
||
msgid ""
|
||
"Before an instance is created, a host for the image instantiation must be "
|
||
"selected. This selection is performed by the ``nova-scheduler`` which "
|
||
"determines how to dispatch compute and volume requests."
|
||
msgstr ""
|
||
"Sebelum sebuah instance dibuat, host untuk image instantiation harus "
|
||
"dipilih. Pilihan ini dilakukan oleh ``nova-scheduler`` yang menentukan "
|
||
"bagaimana mengirim dan menghitung permintaan volume."
|
||
|
||
msgid ""
|
||
"Before attempting to federate multiple Identity service deployments, you "
|
||
"must setup certain configuration options in the ``keystone.conf`` file."
|
||
msgstr ""
|
||
"Sebelum mencoba memasukkan beberapa pengerahan layanan Identity, Anda harus "
|
||
"menyiapkan beberapa opsi konfigurasi di file ``keystone.conf``."
|
||
|
||
msgid ""
|
||
"Before deployment, consider the TLS libraries that the queuing servers use. "
|
||
"Qpid uses Mozilla's NSS library, whereas RabbitMQ uses Erlang's TLS module "
|
||
"which uses OpenSSL."
|
||
msgstr ""
|
||
"Sebelum diterapkan, pertimbangkan perpustakaan TLS yang digunakan oleh "
|
||
"server antrian. Qpid menggunakan perpustakaan NSS milik Mozilla, sedangkan "
|
||
"RabbitMQ menggunakan modul TLS Erlang yang menggunakan OpenSSL."
|
||
|
||
msgid ""
|
||
"Before we delve into the configurations, we briefly discuss the ciphers' "
|
||
"configuration element and its format. A more exhaustive treatment on "
|
||
"available ciphers and the OpenSSL cipher list format can be found at: "
|
||
"`ciphers <https://www.openssl.org/docs/apps/ciphers.html>`_."
|
||
msgstr ""
|
||
"Sebelum kita menyelidiki konfigurasi, kita membahas secara singkat elemen "
|
||
"konfigurasi dan formatnya. Perlakuan yang lebih lengkap pada ciphers yang "
|
||
"tersedia dan format daftar sandi OpenSSL dapat ditemukan di: `ciphers "
|
||
"<https://www.openssl.org/docs/apps/ciphers.html>`_."
|
||
|
||
msgid ""
|
||
"Being able to detect the load on the OpenStack servers also enables "
|
||
"responding by way of introducing additional servers for load balancing to "
|
||
"ensure high availability."
|
||
msgstr ""
|
||
"Mampu mendeteksi beban pada server OpenStack juga memungkinkan untuk "
|
||
"merespons dengan cara menambahkan server tambahan untuk load balancing guna "
|
||
"memastikan ketersediaan yang tinggi."
|
||
|
||
msgid ""
|
||
"Below is an example of an NFS share with the Generic driver. After the share "
|
||
"was created it has export location ``10.254.0.3:/shares/share-b2874f8d-"
|
||
"d428-4a5c-b056-e6af80a995de``. If you try to mount it on the host with "
|
||
"``10.254.0.4`` IP address, you'll get a *\"Permission denied\"* message."
|
||
msgstr ""
|
||
"Berikut adalah contoh pembagian NFS dengan driver Generik. Setelah share itu "
|
||
"dibuat, ia memiliki lokasi ekspor ``10.254.0.3:/shares/share-b2874f8d-"
|
||
"d428-4a5c-b056-e6af80a995de``. Jika Anda mencoba me-mountnya di host dengan "
|
||
"alamat IP ``10.254.0.4``, Anda akan mendapatkan pesan *\"Permission denied"
|
||
"\"*."
|
||
|
||
msgid ""
|
||
"Below we provide sample recommended configuration settings for enabling TLS "
|
||
"in some of the more popular web servers/TLS terminators."
|
||
msgstr ""
|
||
"Di bawah ini kami menyediakan contoh pengaturan konfigurasi yang "
|
||
"direkomendasikan untuk mengaktifkan TLS di beberapa web servers/TLS "
|
||
"terminators yang lebih populer."
|
||
|
||
msgid ""
|
||
"Ben de Bont is the CSO for HP Cloud Services. Prior to his current role Ben "
|
||
"led the information security group at MySpace and the incident response team "
|
||
"at MSN Security. Ben holds a master's degree in Computer Science from the "
|
||
"Queensland University of Technology."
|
||
msgstr ""
|
||
"Ben de Bont adalah CSO untuk HP Cloud Services. Sebelum perannya saat ini, "
|
||
"Ben memimpin kelompok keamanan informasi di MySpace dan tim respons insiden "
|
||
"di MSN Security. Ben meraih gelar master di bidang Ilmu Komputer dari "
|
||
"Queensland University of Technology."
|
||
|
||
msgid ""
|
||
"Besides already described services you can see two other entities on the "
|
||
"image: ``python-manilaclient`` and ``storage controller``."
|
||
msgstr ""
|
||
"Selain sudah dijelaskan layanan Anda bisa melihat dua entitas lain pada "
|
||
"image: ``python-manilaclient`` dan ``storage controller``."
|
||
|
||
msgid "Bibliography"
|
||
msgstr "Bibliografi"
|
||
|
||
msgid "Bibliography:"
|
||
msgstr "Bibliografi:"
|
||
|
||
msgid "Block Storage"
|
||
msgstr "Block Storage"
|
||
|
||
msgid "Block Storage (optional)"
|
||
msgstr "Block Storage (optional)"
|
||
|
||
msgid "Block Storage performance and backends"
|
||
msgstr "Performa Block Storage dan backend"
|
||
|
||
msgid "Block Storage volume data"
|
||
msgstr "Data volume Block Storage"
|
||
|
||
msgid "Booleans"
|
||
msgstr "Booleans"
|
||
|
||
msgid ""
|
||
"Both RabbitMQ and Qpid are Advanced Message Queuing Protocol (AMQP) "
|
||
"frameworks, which provide message queues for peer-to-peer communication. "
|
||
"Queue implementations are typically deployed as a centralized or "
|
||
"decentralized pool of queue servers. ZeroMQ provides direct peer-to-peer "
|
||
"communication through TCP sockets."
|
||
msgstr ""
|
||
"RabbitMQ dan Qpid adalah kerangka protokol Advanced Message Queuing Protocol "
|
||
"(AMQP), yang menyediakan antrian pesan untuk komunikasi peer-to-peer. "
|
||
"Implementasi antrian biasanya digunakan sebagai server antrian terpusat atau "
|
||
"terdesentralisasi. ZeroMQ menyediakan komunikasi peer-to-peer langsung "
|
||
"melalui soket TCP."
|
||
|
||
msgid ""
|
||
"Both approaches provide `Perfect Forward Secrecy (PFS) <https://en.wikipedia."
|
||
"org/wiki/Forward_secrecy>`_. See :ref:`secure-communication-perfect-forward-"
|
||
"secrecy` for additional discussion on properly configuring PFS."
|
||
msgstr ""
|
||
"Kedua pendekatan itu memberikan `Perfect Forward Secrecy (PFS) <https://en."
|
||
"wikipedia.org/wiki/Forward_secrecy>`_. Lihat :ref:`secure-communication-"
|
||
"perfect-forward-secrecy` untuk diskusi tambahan tentang konfigurasi PFS "
|
||
"dengan benar."
|
||
|
||
msgid ""
|
||
"Both the horizon web service and the OpenStack API it uses to communicate "
|
||
"with the back end are susceptible to web attack vectors such as denial of "
|
||
"service and must be monitored."
|
||
msgstr ""
|
||
"Baik layanan web cakrawala maupun API OpenStack yang digunakannya untuk "
|
||
"berkomunikasi dengan back end rentan terhadap vektor serangan web seperti "
|
||
"penolakan layanan (denial of service) dan harus dipantau."
|
||
|
||
msgid "Bridging security domains"
|
||
msgstr "Menjembatani domain keamanan"
|
||
|
||
msgid ""
|
||
"Browser-based access to the OpenStack cloud, whether through the dashboard "
|
||
"or other applications, introduces additional considerations. Modern browsers "
|
||
"all support some form of password storage and autofilling of credentials for "
|
||
"remembered sites. This can be useful when using strong passwords that cannot "
|
||
"be easily remembered or typed, but may cause the browser to become the weak "
|
||
"link if the physical security of the client is compromised. If the browser's "
|
||
"password store itself is not protected by a strong password, or if the "
|
||
"password store is allowed to remain unlocked for the duration of the "
|
||
"session, unauthorized access to your system can be easily obtained."
|
||
msgstr ""
|
||
"Akses berbasis browser ke awan OpenStack, baik melalui dashboard maupun "
|
||
"aplikasi lainnya, memperkenalkan pertimbangan tambahan. Browser modern semua "
|
||
"mendukung beberapa bentuk penyimpanan kata sandi dan autofilling kredensial "
|
||
"untuk situs yang diingat. Ini bisa berguna saat menggunakan kata kunci kuat "
|
||
"yang tidak mudah diingat atau diketik, namun bisa menyebabkan browser "
|
||
"menjadi lemah jika keamanan fisik klien terganggu. Jika penyimpanan kata "
|
||
"kunci browser itu sendiri tidak dilindungi oleh kata sandi yang kuat, atau "
|
||
"jika penyimpanan kata sandi diizinkan tetap tidak terkunci selama sesi "
|
||
"berlangsung, akses yang tidak sah ke sistem Anda dapat diperoleh dengan "
|
||
"mudah."
|
||
|
||
msgid ""
|
||
"By default, Quality of Service (QoS) policies and rules are managed by the "
|
||
"cloud administrator, which results in tenants being unable to create "
|
||
"specific QoS rules, or to attach specific ports to policies. In some use "
|
||
"cases, such as some telecommunications applications, the administrator may "
|
||
"trust the tenants and therefore let them create and attach their own "
|
||
"policies to ports. This can be achieved by modifying the ``policy.json`` "
|
||
"file and `specific documentation <https://specs.openstack.org/openstack/"
|
||
"neutron-specs/specs/liberty/qos-api-extension.html>`_. will be released with "
|
||
"the extension."
|
||
msgstr ""
|
||
"Secara default, kebijakan dan aturan Quality of Service (QoS) dikelola oleh "
|
||
"administrator awan, yang mengakibatkan penyewa tidak dapat membuat aturan "
|
||
"QoS tertentu, atau untuk melampirkan port tertentu ke kebijakan. Dalam "
|
||
"beberapa kasus penggunaan, seperti beberapa aplikasi telekomunikasi, "
|
||
"administrator dapat mempercayai penyewa dan karena itu membiarkan mereka "
|
||
"membuat dan melampirkan kebijakan mereka sendiri ke port. Hal ini dapat "
|
||
"dicapai dengan memodifikasi file `policy.json` dan `specific documentation "
|
||
"<https://specs.openstack.org/openstack/neutron-specs/specs/liberty/qos-api-"
|
||
"extension.html>`_. akan dirilis dengan ekstensi."
|
||
|
||
msgid ""
|
||
"By default, each of the OpenStack services and their processes access the "
|
||
"database using a shared set of credentials. This makes auditing database "
|
||
"operations and revoking access privileges from a service and its processes "
|
||
"to the database particularly difficult."
|
||
msgstr ""
|
||
"Secara default, masing-masing layanan OpenStack dan prosesnya mengakses "
|
||
"database menggunakan sekumpulan kredensial bersama. Hal ini membuat operasi "
|
||
"database auditing dan mencabut hak akses dari sebuah layanan dan prosesnya "
|
||
"ke database sangat sulit dilakukan."
|
||
|
||
msgid ""
|
||
"By default, share types are created as public. While creating a share type, "
|
||
"use ``--is_public`` parameter set to ``False`` to make your share type "
|
||
"private which will prevent other tenants from seeing it in a list of share "
|
||
"types and creating new shares with it. On the other hand, *public* share "
|
||
"types are available to every tenant in a cloud."
|
||
msgstr ""
|
||
"Secara default, jenis share dibuat sebagai publik. Saat membuat jenis share, "
|
||
"gunakan parameter ``--is_public`` yang disetel ke ``False`` untuk menjadikan "
|
||
"tipe share Anda pribadi yang akan mencegah penyewa lain melihatnya di daftar "
|
||
"jenis share dan membuat share baru dengannya. Di sisi lain, jenis share "
|
||
"*public* tersedia untuk setiap penyewa di awan."
|
||
|
||
msgid ""
|
||
"By default, the Shared File Systems API service listens only on the port "
|
||
"``8786`` with ``tcp6`` type that supports both IPv4 and IPv6."
|
||
msgstr ""
|
||
"Secara default, layanan Shared File Systems API hanya mendengarkan pada port "
|
||
"``8786`` dengan tipe ``tcp6`` yang mendukung IPv4 dan IPv6."
|
||
|
||
msgid ""
|
||
"By default, the remote desktop traffic is not encrypted. TLS can be enabled "
|
||
"to encrypt the VNC traffic. Refer to :doc:`../secure-communication/"
|
||
"introduction-to-ssl-and-tls` for appropriate recommendations."
|
||
msgstr ""
|
||
"Secara default, lalu lintas desktop jarak jauh tidak dienkripsi. TLS dapat "
|
||
"diaktifkan untuk mengenkripsi lalu lintas VNC. Lihat :doc:`../secure-"
|
||
"communication/introduction-to-ssl-and-tls` untuk rekomendasi yang tepat."
|
||
|
||
msgid ""
|
||
"By default, when a share is created and has its export location, the Shared "
|
||
"File Systems service expects that nobody can access the share by mounting "
|
||
"it. Please note that the share driver you use can change this configuration, "
|
||
"or it can be directly changed on the share storage. To ensure access to the "
|
||
"share, check the mounting config for the export protocol."
|
||
msgstr ""
|
||
"Secara default, bila share dibuat dan memiliki lokasi ekspor, layanan Shared "
|
||
"File Systems mengharapkan tidak ada yang dapat mengakses share dengan "
|
||
"mounting. Harap dicatat bahwa share driver yang Anda gunakan dapat mengubah "
|
||
"konfigurasi ini, atau bisa langsung diubah pada penyimpanan share. Untuk "
|
||
"memastikan akses ke share, periksa konfigurasi pemasangan untuk protokol "
|
||
"ekspor."
|
||
|
||
msgid ""
|
||
"By their nature, public clouds are exposed to a higher degree of risk. As a "
|
||
"consumer of a public cloud, you should validate that your selected provider "
|
||
"has the necessary certifications, attestations, and other regulatory "
|
||
"considerations. As a public cloud provider, depending on your target "
|
||
"customers, you might be subject to one or more regulations. Additionally, "
|
||
"even if not required to meet regulatory requirements, a provider should "
|
||
"ensure tenant isolation as well as protecting management infrastructure from "
|
||
"external attacks."
|
||
msgstr ""
|
||
"Menurut sifatnya, awan publik terkena tingkat risiko yang lebih tinggi. "
|
||
"Sebagai konsumen awan publik, Anda harus memvalidasi bahwa penyedia pilihan "
|
||
"Anda memiliki sertifikasi, atestasi, dan pertimbangan peraturan lainnya yang "
|
||
"diperlukan. Sebagai penyedia awan publik, bergantung pada target pelanggan "
|
||
"Anda, Anda mungkin dikenai satu atau lebih peraturan. Selain itu, meski "
|
||
"tidak diharuskan memenuhi persyaratan peraturan, penyedia harus memastikan "
|
||
"isolasi penyewa sekaligus melindungi infrastruktur manajemen dari serangan "
|
||
"luar."
|
||
|
||
msgid ""
|
||
"By using the previously returned token, the user can issue requests to the "
|
||
"list projects and domains that are accessible."
|
||
msgstr ""
|
||
"Dengan menggunakan token yang sebelumnya dikembalikan, pengguna dapat "
|
||
"mengeluarkan permintaan ke daftar proyek dan domain yang dapat diakses."
|
||
|
||
msgid ""
|
||
"CA is a trusted entity, both by the end party and the party that relies upon "
|
||
"the certificate for certification policies, management handling, and "
|
||
"certificate issuance."
|
||
msgstr ""
|
||
"CA adalah entitas terpercaya, baik oleh end party maupun party yang "
|
||
"bergantung pada sertifikat untuk kebijakan sertifikasi, penanganan "
|
||
"manajemen, dan penerbitan sertifikat."
|
||
|
||
msgid ""
|
||
"CIS regularly publishes security benchmarks as well as automated tools that "
|
||
"apply those security controls automatically. These benchmarks are published "
|
||
"under a `Creative Commons license <https://creativecommons.org/licenses/by-"
|
||
"nc-sa/4.0/legalcode>`_ that has some limitations."
|
||
msgstr ""
|
||
"CIS secara teratur menerbitkan tolok ukur keamanan serta alat otomatis yang "
|
||
"menerapkan kontrol keamanan secara otomatis. Tolok ukur ini dipublikasikan "
|
||
"di bawah `Creative Commons license <https://creativecommons.org/licenses/by-"
|
||
"nc-sa/4.0/legalcode>`_ yang memiliki beberapa keterbatasan."
|
||
|
||
msgid "CRL issuer"
|
||
msgstr "CRL issuer"
|
||
|
||
msgid ""
|
||
"CSRF (Cross-site request forgery) is an attack which forces an end user to "
|
||
"execute unauthorized commands on a web application in which he/she is "
|
||
"currently authenticated. A successful CSRF exploit can compromise end user "
|
||
"data and operations. If the targeted end user has admin privileges, this can "
|
||
"compromise the entire web application."
|
||
msgstr ""
|
||
"CSRF (Cross-site request forgery) adalah serangan yang memaksa end user "
|
||
"untuk menjalankan perintah yang tidak sah pada aplikasi web yang saat ini "
|
||
"dia otentikasi. Eksploitasi CSRF yang berhasil dapat membahayakan data dan "
|
||
"operasi end user. Jika end user yang ditargetkan memiliki hak istimewa "
|
||
"admin, ini dapat membahayakan keseluruhan aplikasi web."
|
||
|
||
msgid "Capabilities"
|
||
msgstr "Capabilities"
|
||
|
||
msgid ""
|
||
"Careful consideration should be given to potential outbound abuse from a "
|
||
"cloud deployment. Whether public or private, clouds tend to have lots of "
|
||
"resource available. An attacker who has established a point of presence "
|
||
"within the cloud, either through hacking or entitled access, such as rogue "
|
||
"employee, can bring these resources to bear against the internet at large. "
|
||
"Clouds with compute services make for ideal DDoS and brute force engines. "
|
||
"The issue is more pressing for public clouds as their users are largely "
|
||
"unaccountable, and can quickly spin up numerous disposable instances for "
|
||
"outbound attacks. Major damage can be inflicted upon a company's reputation "
|
||
"if it becomes known for hosting malicious software or launching attacks on "
|
||
"other networks. Methods of prevention include egress security groups, "
|
||
"outbound traffic inspection, customer education and awareness, and fraud and "
|
||
"abuse mitigation strategies."
|
||
msgstr ""
|
||
"Pertimbangan yang cermat harus diberikan pada penyalahgunaan outbound "
|
||
"potensial dari penyebaran awan. Apakah publik atau private, awan cenderung "
|
||
"memiliki banyak sumber daya yang tersedia. Seorang penyerang yang telah "
|
||
"memiliki titik kehadiran (point of presence) di dalam awan, baik melalui "
|
||
"akses hacking atau berhak, seperti pegawai nakal, dapat membawa sumber daya "
|
||
"ini untuk menghadapi internet secara keseluruhan. Awan dengan layanan "
|
||
"komputasi membuat mesin DDoS dan brute force ideal. Masalahnya lebih "
|
||
"mendesak untuk awan publik karena pengguna mereka sebagian besar tidak "
|
||
"bertanggung jawab, dan dengan cepat dapat memutar banyak disposable instance "
|
||
"sekali pakai untuk serangan keluar. Kerusakan besar dapat ditimbulkan atas "
|
||
"reputasi perusahaan jika diketahui meng-host perangkat lunak berbahaya atau "
|
||
"meluncurkan serangan ke jaringan lain. Metode pencegahan meliputi kelompok "
|
||
"keamanan egress, inspeksi lalu lintas keluar, edukasi dan kesadaran "
|
||
"pelanggan, dan strategi mitigasi penyalahgunaan dan penyalahgunaan."
|
||
|
||
msgid "Castellan"
|
||
msgstr "Castellan"
|
||
|
||
msgid ""
|
||
"Castellan is a generic Key Manager interface developed by the Barbican team. "
|
||
"It enables projects to use a configurable key manager that can be deployment "
|
||
"specific."
|
||
msgstr ""
|
||
"Castellan adalah antarmuka Key Manager generik yang dikembangkan oleh tim "
|
||
"Barbican. Ini memungkinkan proyek menggunakan manajer kunci yang dapat "
|
||
"dikonfigurasi yang dapat diterapkan secara spesifik."
|
||
|
||
msgid "Certificate Repository"
|
||
msgstr "Certificate Repository"
|
||
|
||
msgid "Certificate Revocation Lists (CRL)"
|
||
msgstr "Certificate Revocation Lists (CRL)"
|
||
|
||
msgid ""
|
||
"Certificates used to support TLS on internet facing cloud endpoints (or "
|
||
"customer interfaces where the customer is not expected to have installed "
|
||
"anything other than standard operating system provided certificate bundles) "
|
||
"should be provisioned using Certificate Authorities that are installed in "
|
||
"the operating system certificate bundle. Typical well known vendors include "
|
||
"Let's Encrypt, Verisign and Thawte but many others exist."
|
||
msgstr ""
|
||
"Sertifikat yang digunakan untuk mendukung TLS di internet yang menghadapi "
|
||
"endpoint awan (atau antarmuka pelanggan yang tidak diharapkan pelanggannya "
|
||
"telah menginstal apa pun selain kumpulan berkas sistem operasi standar yang "
|
||
"disediakan) harus disediakan menggunakan Certificate Authorities yang "
|
||
"terpasang dalam berkas sertifikat sistem operasi. Vendor terkenal yang "
|
||
"terkenal termasuk Let's Encrypt, Verisign dan Thawte tapi ada banyak lainnya."
|
||
|
||
msgid "Certification Authority (:term:`CA <certificate authority (CA)>`)"
|
||
msgstr "Certification Authority (:term:`CA <certificate authority (CA)>`)"
|
||
|
||
msgid "Certification and compliance statements"
|
||
msgstr "Pernyataan sertifikasi dan kepatuhan"
|
||
|
||
msgid "Certification authorities"
|
||
msgstr "Otoritas sertifikasi"
|
||
|
||
msgid "Certifications and attestations"
|
||
msgstr "Sertifikasi dan pengesahan"
|
||
|
||
msgid ""
|
||
"Check-Block-01: Is user/group ownership of config files set to root/cinder?"
|
||
msgstr ""
|
||
"Check-Block-01: Apakah user/group ownership dari file konfigurasi diset ke "
|
||
"root/cinder?"
|
||
|
||
msgid "Check-Block-02: Are strict permissions set for configuration files?"
|
||
msgstr "Check-Block-02: Apakah izin ketat diatur untuk file konfigurasi?"
|
||
|
||
msgid "Check-Block-03: Is keystone used for authentication?"
|
||
msgstr "Check-Block-03: Apakah keystone digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Block-04: Is TLS enabled for authentication?"
|
||
msgstr "Check-Block-04: Apakah TLS diaktifkan untuk otentikasi?"
|
||
|
||
msgid "Check-Block-05: Does cinder communicate with nova over TLS?"
|
||
msgstr "Check-Block-05: Apakah cinder berkomunikasi dengan nova over TLS?"
|
||
|
||
msgid "Check-Block-06: Does cinder communicate with glance over TLS?"
|
||
msgstr ""
|
||
"Check-Block-06: Apakah cinder berkomunikasi dengan melirik (glance over) TLS?"
|
||
|
||
msgid "Check-Block-07: Is NAS operating in a secure environment?"
|
||
msgstr "Check-Block-07: Apakah NAS beroperasi di lingkungan yang aman?"
|
||
|
||
msgid ""
|
||
"Check-Block-08: Is max size for the body of a request set to default "
|
||
"(114688)?"
|
||
msgstr ""
|
||
"Check-Block-08: Apakah ukuran maks untuk body permintaan ditetapkan ke "
|
||
"default (114688)?"
|
||
|
||
msgid "Check-Block-09: Is the volume encryption feature enabled?"
|
||
msgstr "Check-Block-09: Apakah fitur encryption volume diaktifkan?"
|
||
|
||
msgid ""
|
||
"Check-Compute-01: Is user/group ownership of config files set to root/nova?"
|
||
msgstr ""
|
||
"Check-Compute-01: Apakah kepemilikan user/group dari file konfigurasi diatur "
|
||
"ke root/nova?"
|
||
|
||
msgid "Check-Compute-02: Are strict permissions set for configuration files?"
|
||
msgstr "Check-Compute-02: Apakah izin ketat diatur untuk file konfigurasi?"
|
||
|
||
msgid "Check-Compute-03: Is keystone used for authentication?"
|
||
msgstr "Check-Compute-03: Apakah keystone digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Compute-04: Is secure protocol used for authentication?"
|
||
msgstr "Check-Compute-04: Apakah protokol aman digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Compute-05: Does Nova communicate with Glance securely?"
|
||
msgstr "Check-Compute-05: Apakah Nova berkomunikasi dengan Glance dengan aman?"
|
||
|
||
msgid "Check-Dashboard-01: Is user/group of config files set to root/horizon?"
|
||
msgstr ""
|
||
"Check-Dashboard-01: Apakah user/grup file konfigurasi diset ke root/horizon?"
|
||
|
||
msgid ""
|
||
"Check-Dashboard-02: Are strict permissions set for horizon configuration "
|
||
"files?"
|
||
msgstr ""
|
||
"Check-Dashboard-02: Apakah izin ketat diatur untuk file konfigurasi horizon?"
|
||
|
||
msgid ""
|
||
"Check-Dashboard-03: Is ``DISALLOW_IFRAME_EMBED`` parameter set to ``True``?"
|
||
msgstr ""
|
||
"Check-Dashboard-03: Apakah parameter ``DISALLOW_IFRAME_EMBED`` disetel ke `` "
|
||
"True``?"
|
||
|
||
msgid ""
|
||
"Check-Dashboard-04: Is ``CSRF_COOKIE_SECURE`` parameter set to ``True``?"
|
||
msgstr ""
|
||
"Check-Dashboard-04: Apakah parameter ``CSRF_COOKIE_SECURE`` disetel ke "
|
||
"``True``?"
|
||
|
||
msgid ""
|
||
"Check-Dashboard-05: Is ``SESSION_COOKIE_SECURE`` parameter set to ``True``?"
|
||
msgstr ""
|
||
"Check-Dashboard-05: Apakah parameter ``SESSION_COOKIE_SECURE`` disetel ke "
|
||
"``True``?"
|
||
|
||
msgid ""
|
||
"Check-Dashboard-06: Is ``SESSION_COOKIE_HTTPONLY`` parameter set to ``True``?"
|
||
msgstr ""
|
||
"Check-Dashboard-06: Apakah parameter ``SESSION_COOKIE_HTTPONLY`` disetel ke "
|
||
"``True``?"
|
||
|
||
msgid "Check-Dashboard-07: Is ``PASSWORD_AUTOCOMPLETE`` set to ``False``?"
|
||
msgstr ""
|
||
"Check-Dashboard-07: Apakah ``PASSWORD_AUTOCOMPLETE`` disetel ke ``False``?"
|
||
|
||
msgid "Check-Dashboard-08: Is ``DISABLE_PASSWORD_REVEAL`` set to ``True``?"
|
||
msgstr ""
|
||
"Check-Dashboard-08: Apakah ``DISABLE_PASSWORD_REVEAL`` disetel ke ``True``?"
|
||
|
||
msgid "Check-Dashboard-09: Is ``ENFORCE_PASSWORD_CHECK`` set to ``True``?"
|
||
msgstr ""
|
||
"Check-Dashboard-09: Apakah ``ENFORCE_PASSWORD_CHECK`` disetel ke ``True``?"
|
||
|
||
msgid "Check-Dashboard-10: Is ``PASSWORD_VALIDATOR`` configured?"
|
||
msgstr "Check-Dashboard-10: Apakah ``PASSWORD_VALIDATOR`` dikonfigurasi?"
|
||
|
||
msgid "Check-Dashboard-11: Is ``SECURE_PROXY_SSL_HEADER`` configured?"
|
||
msgstr "Check-Dashboard-11: Apakah ``SECURE_PROXY_SSL_HEADER`` dikonfigurasi?"
|
||
|
||
msgid ""
|
||
"Check-Identity-01: Is user/group ownership of config files set to keystone?"
|
||
msgstr ""
|
||
"Check-Identity-01: Apakah kepemilikan user/group dari file konfigurasi "
|
||
"diatur ke keystone?"
|
||
|
||
msgid ""
|
||
"Check-Identity-02: Are strict permissions set for Identity configuration "
|
||
"files?"
|
||
msgstr ""
|
||
"Check-Identity-02: Apakah izin ketat ditetapkan untuk file konfigurasi "
|
||
"Identity?"
|
||
|
||
msgid "Check-Identity-03: is TLS enabled for Identity?"
|
||
msgstr "Check-Identity-03: Apakah TLS diaktifkan untuk Identity?"
|
||
|
||
msgid ""
|
||
"Check-Identity-04: Does Identity use strong hashing algorithms for PKI "
|
||
"tokens?"
|
||
msgstr ""
|
||
"Check-Identity-04: Apakah Identity menggunakan algoritma hashing yang kuat "
|
||
"untuk token PKI?"
|
||
|
||
msgid ""
|
||
"Check-Identity-05: Is ``max_request_body_size`` set to default (114688)?"
|
||
msgstr ""
|
||
"Check-Identity-05: Apakah ``max_request_body_size`` disetel ke default "
|
||
"(114688)?"
|
||
|
||
msgid ""
|
||
"Check-Identity-06: Disable admin token in ``/etc/keystone/keystone.conf``"
|
||
msgstr ""
|
||
"Check-Identity-06:Nonaktifkan token admin masuk ``/etc/keystone/keystone."
|
||
"conf``"
|
||
|
||
msgid ""
|
||
"Check-Identity-07: insecure_debug false in ``/etc/keystone/keystone.conf``"
|
||
msgstr ""
|
||
"Check-Identity-07: Insecure_debug salah di ``/etc/keystone/keystone.conf``"
|
||
|
||
msgid "Check-Identity-08: Use fernet token in ``/etc/keystone/keystone.conf``"
|
||
msgstr ""
|
||
"Check-Identity-08: Gunakan token fernet di ``/etc/keystone/keystone.conf``"
|
||
|
||
msgid ""
|
||
"Check-Image-01: Is user/group ownership of config files set to root/glance?"
|
||
msgstr ""
|
||
"Check-Image-01: Apakah kepemilikan user/group dari file konfigurasi diset ke "
|
||
"root/glance?"
|
||
|
||
msgid "Check-Image-02: Are strict permissions set for configuration files?"
|
||
msgstr "Check-Image-02: Apakah izin ketat diatur untuk file konfigurasi?"
|
||
|
||
msgid "Check-Image-03: Is keystone used for authentication?"
|
||
msgstr "Check-Image-03: Apakah keystone digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Image-04: Is TLS enabled for authentication?"
|
||
msgstr "Check-Image-04: Apakah TLS diaktifkan untuk otentikasi?"
|
||
|
||
msgid "Check-Image-05: Are masked port scans prevented?"
|
||
msgstr "Check-Image-05: Apakah scan port tertutup (masked) dicegah?"
|
||
|
||
msgid ""
|
||
"Check-Key-Manager-01: Is the ownership of config files set to root/barbican?"
|
||
msgstr ""
|
||
"Check-Key-Manager-01: Apakah kepemilikan file konfigurasi diset ke root/"
|
||
"barbican?"
|
||
|
||
msgid ""
|
||
"Check-Key-Manager-02: Are strict permissions set for configuration files?"
|
||
msgstr "Check-Key-Manager-02: Apakah izin ketat diatur untuk file konfigurasi?"
|
||
|
||
msgid "Check-Key-Manager-03: Is OpenStack Identity used for authentication?"
|
||
msgstr ""
|
||
"Check-Key-Manager-03: Apakah OpenStack Identity digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Key-Manager-04: Is TLS enabled for authentication?"
|
||
msgstr "Check-Key-Manager-04: Apakah TLS diaktifkan untuk otentikasi?"
|
||
|
||
msgid ""
|
||
"Check-Neutron-01: Is user/group ownership of config files set to root/"
|
||
"neutron?"
|
||
msgstr ""
|
||
"Check-Neutron-01: Apakah kepemilikan user/group dari file konfigurasi diset "
|
||
"ke root/neutron?"
|
||
|
||
msgid "Check-Neutron-02: Are strict permissions set for configuration files?"
|
||
msgstr "Check-Neutron-02: Apakah izin ketat diatur untuk file konfigurasi?"
|
||
|
||
msgid "Check-Neutron-03: Is keystone used for authentication?"
|
||
msgstr "Check-Neutron-03: Apakah keystone digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Neutron-04: Is secure protocol used for authentication?"
|
||
msgstr "Check-Neutron-04: Apakah protokol aman digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Neutron-05: Is TLS enabled on Neutron API server?"
|
||
msgstr "Check-Neutron-05: Apakah TLS diaktifkan pada server API Neutron?"
|
||
|
||
msgid ""
|
||
"Check-Shared-01: Is user/group ownership of config files set to root/manila?"
|
||
msgstr ""
|
||
"Check-Shared-01: Apakah user/group kepemilikan file konfigurasi diset ke "
|
||
"root/manila?"
|
||
|
||
msgid "Check-Shared-02: Are strict permissions set for configuration files?"
|
||
msgstr "Check-Shared-02: Apakah ada izin ketat diatur untuk file konfigurasi?"
|
||
|
||
msgid "Check-Shared-03: Is OpenStack Identity used for authentication?"
|
||
msgstr "Check-Shared-03: Apakah OpenStack Identity digunakan untuk otentikasi?"
|
||
|
||
msgid "Check-Shared-04: Is TLS enabled for authentication?"
|
||
msgstr "Check-Shared-04: Apakah TLS diaktifkan untuk otentikasi?"
|
||
|
||
msgid ""
|
||
"Check-Shared-05: Does Shared File Systems contact with Compute over TLS?"
|
||
msgstr ""
|
||
"Check-Shared-05: Apakah Shared File Systems kontak dengan Compute over TLS?"
|
||
|
||
msgid ""
|
||
"Check-Shared-06: Does Shared File Systems contact with Networking over TLS?"
|
||
msgstr ""
|
||
"Check-Shared-06: Apakah Shared File Systems kontak dengan Networking over "
|
||
"TLS?"
|
||
|
||
msgid ""
|
||
"Check-Shared-07: Does Shared File Systems contact with Block Storage over "
|
||
"TLS?"
|
||
msgstr ""
|
||
"Check-Shared-07: Apakah Shared File Systems kontak dengan Block Storage over "
|
||
"TLS?"
|
||
|
||
msgid ""
|
||
"Check-Shared-08: Is max size for the request body set to default (114688)?"
|
||
msgstr ""
|
||
"Check-Shared-08: Apakah ukuran maksimal untuk badan permintaan diatur ke "
|
||
"default (114688)?"
|
||
|
||
msgid "Checklist"
|
||
msgstr "Daftar periksa"
|
||
|
||
msgid "Chef"
|
||
msgstr "Chef"
|
||
|
||
msgid ""
|
||
"Cinder supports an NFS driver which works differently than a traditional "
|
||
"block storage driver. The NFS driver does not actually allow an instance to "
|
||
"access a storage device at the block level. Instead, files are created on an "
|
||
"NFS share and mapped to instances, which emulates a block device. Cinder "
|
||
"supports secure configuration for such files by controlling the file "
|
||
"permissions when cinder volumes are created. Cinder configuration can also "
|
||
"control whether file operations are run as the root user or the current "
|
||
"OpenStack process user."
|
||
msgstr ""
|
||
"Cinder mendukung driver NFS yang bekerja berbeda dari driver penyimpanan "
|
||
"blok tradisional. Driver NFS sebenarnya tidak mengizinkan sebuah instance "
|
||
"untuk mengakses perangkat penyimpanan di tingkat blok. Sebagai gantinya, "
|
||
"file dibuat pada pembagian NFS dan dipetakan ke instance, yang mengemulasi "
|
||
"perangkat blokir. Cinder mendukung konfigurasi yang aman untuk file seperti "
|
||
"itu dengan mengendalikan hak akses file saat volume cinder dibuat. "
|
||
"Konfigurasi cinder juga dapat mengontrol apakah operasi file dijalankan "
|
||
"sebagai pengguna root atau pengguna proses OpenStack saat ini."
|
||
|
||
msgid "Cinder volume data"
|
||
msgstr "Data volume Cinder"
|
||
|
||
msgid ""
|
||
"Cipher string options are separated by \":\", while \"!\" provides negation "
|
||
"of the immediately following element. Element order indicates preference "
|
||
"unless overridden by qualifiers such as HIGH. Let us take a closer look at "
|
||
"the elements in the above sample strings."
|
||
msgstr ""
|
||
"Pilihan string cipher dipisahkan oleh \":\", while \"!\" memberikan "
|
||
"penolakan dari elemen berikut ini. Urutan elemen menunjukkan preferensi "
|
||
"kecuali diganti oleh kualifikasi seperti HIGH. Mari kita lihat lebih dekat "
|
||
"unsur-unsur dalam contoh string di atas."
|
||
|
||
msgid ""
|
||
"Cipher suites using the `RSA <https://en.wikipedia.org/wiki/RSA_"
|
||
"%28cryptosystem%29>`_ exchange, authentication or either respectively."
|
||
msgstr ""
|
||
"Cipher suite menggunakan `RSA <https://en.wikipedia.org/wiki/RSA_"
|
||
"%28cryptosystem%29>`_ pertukaran, otentikasi atau masing-masing."
|
||
|
||
msgid ""
|
||
"Client authentication with TLS requires certificates be issued to services. "
|
||
"These certificates can be signed by an external or internal certificate "
|
||
"authority. OpenStack services check the validity of certificate signatures "
|
||
"against trusted CAs by default and connections will fail if the signature is "
|
||
"not valid or the CA is not trusted. Cloud deployers may use self-signed "
|
||
"certificates. In this case, the validity check must be disabled or the "
|
||
"certificate should be marked as trusted. To disable validation of self-"
|
||
"signed certificates, set ``insecure=False`` in the ``[filter:authtoken]`` "
|
||
"section in the ``/etc/nova/api.paste.ini`` file. This setting also disables "
|
||
"certificates for other components."
|
||
msgstr ""
|
||
"Otentikasi klien dengan TLS mengharuskan sertifikat dikeluarkan untuk "
|
||
"layanan. Sertifikat ini dapat ditandatangani oleh otoritas sertifikat "
|
||
"eksternal atau internal. Layanan OpenStack memeriksa validitas tanda tangan "
|
||
"sertifikat terhadap CA yang terpercaya secara default dan koneksi akan gagal "
|
||
"jika tanda tangan tidak valid atau CA tidak dipercaya. Penyebar awan dapat "
|
||
"menggunakan sertifikat yang ditandatangani sendiri. Dalam kasus ini, "
|
||
"pemeriksaan validitas harus dinonaktifkan atau sertifikat harus ditandai "
|
||
"sebagai terpercaya. Untuk menonaktifkan validasi sertifikat self-signed, set "
|
||
"``insecure = False`` di bagian ``[filter: authtoken]`` di file ``/etc/nova/"
|
||
"api.paste.ini``. Pengaturan ini juga menonaktifkan sertifikat untuk komponen "
|
||
"lainnya."
|
||
|
||
msgid "Client->API Process *[TLS]*:"
|
||
msgstr "Client->API Process *[TLS]*:"
|
||
|
||
msgid ""
|
||
"Clients' configuration data for authentication and authorization can be "
|
||
"stored by :ref:`security services <shared_fs_security_services>`. Such "
|
||
"protocols as LDAP, Kerberos, or Microsoft Active Directory authentication "
|
||
"service can be configured and used."
|
||
msgstr ""
|
||
"Data konfigurasi klien untuk otentikasi dan otorisasi dapat disimpan oleh :"
|
||
"ref:`security services <shared_fs_security_services>`. Protokol seperti "
|
||
"layanan otentikasi LDAP, Kerberos, atau Microsoft Active Directory dapat "
|
||
"dikonfigurasi dan digunakan."
|
||
|
||
msgid "Cloud admin"
|
||
msgstr "Cloud admin"
|
||
|
||
msgid ""
|
||
"Cloud administrators must define a user with the role of admin for each "
|
||
"service, as described in the `OpenStack Administrator Guide <https://docs."
|
||
"openstack.org/admin-guide/index.html>`__. This service account provides the "
|
||
"service with the authorization to authenticate users."
|
||
msgstr ""
|
||
"Administrator awan harus menentukan pengguna dengan peran admin untuk setiap "
|
||
"layanan, seperti yang dijelaskan di `OpenStack Administrator Guide <https://"
|
||
"docs.openstack.org/admin-guide/index.html>`__. Akun layanan ini menyediakan "
|
||
"layanan dengan otorisasi untuk mengotentikasi pengguna."
|
||
|
||
msgid ""
|
||
"Cloud administrators will use the administrative APIs to manage resource "
|
||
"quotas."
|
||
msgstr ""
|
||
"Cloud administrator akan menggunakan API administratif untuk mengelola kuota "
|
||
"sumber daya."
|
||
|
||
msgid "Cloud types"
|
||
msgstr "Tipe awan"
|
||
|
||
msgid "Cloud user"
|
||
msgstr "Cloud user"
|
||
|
||
msgid ""
|
||
"Clouds without stringent compliance requirements for written documentation "
|
||
"might benefit from having a Configuration Management Database (CMDB). CMDBs "
|
||
"are normally used for hardware asset tracking and overall life-cycle "
|
||
"management. By leveraging a CMDB, an organization can quickly identify cloud "
|
||
"infrastructure hardware such as compute nodes, storage nodes, or network "
|
||
"devices. A CMDB can assist in identifying assets that exist on the network "
|
||
"which may have vulnerabilities due to inadequate maintenance, inadequate "
|
||
"protection, or being displaced and forgotten. An OpenStack provisioning "
|
||
"system can provide some basic CMDB functions if the underlying hardware "
|
||
"supports the necessary auto-discovery features."
|
||
msgstr ""
|
||
"Awan (Cloud) tanpa persyaratan kepatuhan yang ketat untuk dokumentasi "
|
||
"tertulis mungkin akan mendapat manfaat dari memiliki Configuration "
|
||
"Management Database (CMDB). CMDB biasanya digunakan untuk pelacakan aset "
|
||
"perangkat keras dan pengelolaan siklus hidup secara keseluruhan. Dengan "
|
||
"memanfaatkan CMDB, sebuah organisasi dapat dengan cepat mengidentifikasi "
|
||
"perangkat keras infrastruktur awan seperti komputasi node, node penyimpanan, "
|
||
"atau perangkat jaringan. CMDB dapat membantu mengidentifikasi aset yang ada "
|
||
"pada jaringan yang mungkin memiliki kerentanan karena pemeliharaan yang "
|
||
"tidak memadai, perlindungan yang tidak memadai, atau dipindahkan dan "
|
||
"dilupakan. Sistem provisioning OpenStack dapat menyediakan beberapa fungsi "
|
||
"dasar CMDB jika perangkat keras yang mendasari mendukung fitur penemuan "
|
||
"otomatis yang diperlukan."
|
||
|
||
msgid ""
|
||
"Cody Bunch is a Private Cloud architect with Rackspace. Cody has co-authored "
|
||
"an update to \"The OpenStack Cookbook\" as well as books on VMware "
|
||
"automation."
|
||
msgstr ""
|
||
"Cody Bunch adalah arsitek Private Cloud dengan Rackspace. Cody telah turut "
|
||
"menulis pembaruan untuk \"The OpenStack Cookbook\" dan juga buku tentang "
|
||
"otomatisasi VMware."
|
||
|
||
msgid ""
|
||
"Collection of containers; not user accounts or authentication. Which users "
|
||
"are associated with the account and how they may access it depends on the "
|
||
"authentication system used. See :ref:`Object_Storage_authentication`."
|
||
msgstr ""
|
||
"Koleksi kontainer; bukan akun pengguna atau autentikasi. Pengguna mana yang "
|
||
"terkait dengan akun dan bagaimana mereka dapat mengaksesnya bergantung pada "
|
||
"sistem autentikasi yang digunakan. Lihat :ref: "
|
||
"`Object_Storage_authentication`."
|
||
|
||
msgid ""
|
||
"Collection of objects. Metadata on the container is available for ACLs. The "
|
||
"meaning of ACLs is dependent on the authentication system used."
|
||
msgstr ""
|
||
"Koleksi obyek. Metadata pada kontainer tersedia untuk ACL. Arti ACL "
|
||
"tergantung pada sistem otentikasi yang digunakan."
|
||
|
||
msgid ""
|
||
"Combining configuration management and security auditing tools creates a "
|
||
"powerful combination. The auditing tools will highlight deployment concerns. "
|
||
"And the configuration management tools simplify the process of changing each "
|
||
"system to address the audit concerns. Used together in this fashion, these "
|
||
"tools help to maintain a cloud that satisfies security requirements ranging "
|
||
"from basic hardening to compliance validation."
|
||
msgstr ""
|
||
"Menggabungkan alat manajemen konfigurasi dan keamanan audit menciptakan "
|
||
"kombinasi yang hebat. Alat audit akan menyoroti masalah penerapan. Dan alat "
|
||
"manajemen konfigurasi menyederhanakan proses perubahan setiap sistem untuk "
|
||
"mengatasi masalah audit. Digunakan bersamaan dengan cara ini, alat ini "
|
||
"membantu menjaga awan yang memenuhi persyaratan keamanan mulai dari "
|
||
"pengerasan (hardening) dasar sampai validasi kepatuhan."
|
||
|
||
msgid ""
|
||
"Command line interface to interact with the Shared File Systems service via "
|
||
"``manila-api`` and also a Python module to interact programmatically with "
|
||
"the Shared File Systems service."
|
||
msgstr ""
|
||
"Antarmuka command line untuk berinteraksi dengan layanan Shared File Systems "
|
||
"melalui ``manila-api`` dan juga modul Python untuk berinteraksi secara "
|
||
"terprogram dengan layanan Shared File Systems."
|
||
|
||
msgid "Commercial standards"
|
||
msgstr "Standar komersial"
|
||
|
||
msgid "Common Criteria"
|
||
msgstr "Kriteria Umum"
|
||
|
||
msgid ""
|
||
"Common Criteria is an internationally standardized software evaluation "
|
||
"process, used by governments and commercial companies to validate software "
|
||
"technologies perform as advertised. In the government sector, NSTISSP No. 11 "
|
||
"mandates that U.S. Government agencies only procure software which has been "
|
||
"Common Criteria certified, a policy which has been in place since July 2002."
|
||
msgstr ""
|
||
"Kriteria umum adalah proses evaluasi perangkat lunak yang distandarkan "
|
||
"secara internasional, yang digunakan oleh pemerintah dan perusahaan "
|
||
"komersial untuk memvalidasi kinerja teknologi perangkat lunak seperti yang "
|
||
"diiklankan. Di sektor pemerintah, NSTISSP No. 11 mengamanatkan bahwa "
|
||
"instansi Pemerintah A.S. hanya menyediakan perangkat lunak yang telah "
|
||
"disertifikasi oleh Common Criteria (kriteria umum), sebuah kebijakan yang "
|
||
"telah ada sejak Juli 2002."
|
||
|
||
msgid "Common control frameworks"
|
||
msgstr "Kerangka kerja kontrol yang umum"
|
||
|
||
msgid "Common criteria"
|
||
msgstr "Kriteria umum (Common Criteria)"
|
||
|
||
msgid ""
|
||
"Common feature that applications use to provide users a convenience is to "
|
||
"cache the password locally in the browser (on the client machine) and having "
|
||
"it 'pre-typed' in all subsequent requests. While this feature can be "
|
||
"perceived as extremely friendly for the average user, at the same time, it "
|
||
"introduces a flaw, as the user account becomes easily accessible to anyone "
|
||
"that uses the same account on the client machine and thus may lead to "
|
||
"compromise of the user account."
|
||
msgstr ""
|
||
"Fitur umum yang digunakan untuk memberikan kenyamanan bagi pengguna adalah "
|
||
"meng-cache kata sandi secara lokal di browser (di mesin klien) dan "
|
||
"memilikinya 'pre-typed'' di semua permintaan berikutnya. Meskipun fitur ini "
|
||
"dapat dianggap sangat ramah bagi pengguna rata-rata, pada saat bersamaan, ia "
|
||
"memperkenalkan kekurangan, karena akun pengguna mudah diakses oleh siapa "
|
||
"saja yang menggunakan akun yang sama di mesin klien dan karenanya dapat "
|
||
"menyebabkan kompromi terhadap akun pengguna."
|
||
|
||
msgid ""
|
||
"Common solutions for providing rate-limiting are :term:`Nginx`, HAProxy, "
|
||
"OpenRepose, or Apache Modules such as mod_ratelimit, mod_qos, or "
|
||
"mod_security."
|
||
msgstr ""
|
||
"Solusi umum untuk memberikan rate-limiting adalah :term:`Nginx`, HAProxy, "
|
||
"OpenRepose, atau Modul Apache seperti mod_ratelimit, mod_qos, atau "
|
||
"mod_security."
|
||
|
||
msgid ""
|
||
"Commonly, implementers add middleware to extend OpenStack's base "
|
||
"functionality. We recommend implementers make careful consideration of the "
|
||
"potential exposure introduced by the addition of non-standard software "
|
||
"components to their HTTP request pipeline."
|
||
msgstr ""
|
||
"Umumnya, pelaksana menambahkan middleware untuk memperluas fungsionalitas "
|
||
"dasar OpenStack. Sebaiknya pelaksana membuat pertimbangan cermat terhadap "
|
||
"paparan potensial yang diperkenalkan oleh penambahan komponen perangkat "
|
||
"lunak non-standar ke pipeline permintaan HTTP mereka."
|
||
|
||
msgid "Community cloud"
|
||
msgstr "Awan komunitas"
|
||
|
||
msgid ""
|
||
"Compared to PKI and PKIZ tokens, fernet tokens are smaller in size; usually "
|
||
"kept under a 250 byte limit. For PKI and PKIZ tokens, bigger service "
|
||
"catalogs will result in longer token lengths. This pattern does not exist "
|
||
"with fernet tokens because the contents of the encrypted payload is kept to "
|
||
"minimum."
|
||
msgstr ""
|
||
"Dibandingkan token PKI dan PKIZ, token fernet berukuran lebih kecil; "
|
||
"Biasanya disimpan di bawah batas 250 byte. Untuk token PKI dan PKIZ, katalog "
|
||
"layanan yang lebih besar akan menghasilkan panjang token yang lebih panjang. "
|
||
"Pola ini tidak ada dengan token fernet karena isi muatan terenkripsi dijaga "
|
||
"seminimal mungkin."
|
||
|
||
msgid "Compartmentalize"
|
||
msgstr "Kompartementalisasi"
|
||
|
||
msgid "Compiler hardening"
|
||
msgstr "Pengerasan kompilator"
|
||
|
||
msgid ""
|
||
"Compiler hardening makes it more difficult to attack the QEMU process. "
|
||
"However, if an attacker does succeed, you want to limit the impact of the "
|
||
"attack. Mandatory access controls accomplish this by restricting the "
|
||
"privileges on QEMU process to only what is needed. This can be accomplished "
|
||
"by using sVirt, SELinux, or AppArmor. When using sVirt, SELinux is "
|
||
"configured to run each QEMU process under a separate security context. "
|
||
"AppArmor can be configured to provide similar functionality. We provide more "
|
||
"details on sVirt and instance isolation in the section below :ref:`hardening-"
|
||
"the-virtualization-layers-svirt-selinux-and-virtualization`."
|
||
msgstr ""
|
||
"Pengerasan kompilator membuatnya lebih sulit untuk menyerang proses QEMU. "
|
||
"Namun, jika penyerang berhasil, Anda ingin membatasi dampak serangan "
|
||
"tersebut. Kontrol akses wajib melakukan hal ini dengan membatasi hak "
|
||
"istimewa pada proses QEMU hanya dengan apa yang dibutuhkan. Hal ini bisa "
|
||
"dilakukan dengan menggunakan sVirt, SELinux, atau AppArmor. Saat menggunakan "
|
||
"sVirt, SELinux dikonfigurasi untuk menjalankan setiap proses QEMU di bawah "
|
||
"konteks keamanan yang terpisah. AppArmor dapat dikonfigurasi untuk "
|
||
"menyediakan fungsionalitas serupa. Kami memberikan rincian lebih lanjut "
|
||
"tentang isolasi sVirt dan instance di bagian di bawah ini :ref:`hardening-"
|
||
"the-virtualization-layers-svirt-selinux-and-virtualization`."
|
||
|
||
msgid "Compliance"
|
||
msgstr "Kepatuhan"
|
||
|
||
msgid "Compliance activities"
|
||
msgstr "Aktivitas Kepatuhan"
|
||
|
||
msgid ""
|
||
"Compliance and security are not exclusive, and must be addressed together. "
|
||
"OpenStack deployments are unlikely to satisfy compliance requirements "
|
||
"without security hardening. The listing below provides an OpenStack "
|
||
"architect foundational knowledge and guidance to achieve compliance against "
|
||
"commercial and government certifications and standards."
|
||
msgstr ""
|
||
"Kepatuhan dan keamanan tidak eksklusif, dan harus diatasi bersama. Penerapan "
|
||
"OpenStack tidak mungkin memenuhi persyaratan kepatuhan tanpa pengerasan "
|
||
"keamanan. Daftar di bawah ini memberi pengetahuan dan panduan dasar bagi "
|
||
"para pendiri OpenStack untuk mendapatkan kepatuhan terhadap standar dan "
|
||
"sertifikasi pemerintah dan komersial."
|
||
|
||
msgid "Compliance maintenance"
|
||
msgstr "Pemeliharaan Kepatuhan"
|
||
|
||
msgid "Compliance overview"
|
||
msgstr "Ikhtisar Kepatuhan"
|
||
|
||
msgid "Components"
|
||
msgstr "Komponen"
|
||
|
||
msgid ""
|
||
"Components, services, and applications within the OpenStack ecosystem or "
|
||
"dependencies of OpenStack are implemented or can be configured to use TLS "
|
||
"libraries. The TLS and HTTP services within OpenStack are typically "
|
||
"implemented using OpenSSL which has a module that has been validated for "
|
||
"FIPS 140-2. However, keep in mind that each application or service can still "
|
||
"introduce weaknesses in how they use the OpenSSL libraries."
|
||
msgstr ""
|
||
"Komponen, layanan, dan aplikasi dalam ekosistem OpenStack atau dependensi "
|
||
"OpenStack diimplementasikan atau dapat dikonfigurasi untuk menggunakan "
|
||
"perpustakaan TLS. Layanan TLS dan HTTP dalam OpenStack biasanya "
|
||
"diimplementasikan dengan menggunakan OpenSSL yang memiliki modul yang telah "
|
||
"divalidasi untuk FIPS 140-2. Namun, perlu diingat bahwa setiap aplikasi atau "
|
||
"layanan masih dapat mengenalkan kelemahan dalam bagaimana mereka menggunakan "
|
||
"perpustakaan OpenSSL."
|
||
|
||
msgid ""
|
||
"Comprehensive privacy management requires significant preparation, thought "
|
||
"and investment. Additional complications are introduced when building global "
|
||
"OpenStack clouds, for example navigating the differences between U.S. and "
|
||
"more restrictive E.U. privacy laws. In addition, extra care needs to be "
|
||
"taken when dealing with sensitive PII that may include information such as "
|
||
"credit card numbers or medical records. This sensitive data is not only "
|
||
"subject to privacy laws but also regulatory and governmental regulations. By "
|
||
"deferring to established best practices, including those published by "
|
||
"governments, a holistic privacy management policy may be created and "
|
||
"practiced for OpenStack deployments."
|
||
msgstr ""
|
||
"Manajemen privasi yang komprehensif memerlukan persiapan, pemikiran dan "
|
||
"investasi yang signifikan. Komplikasi tambahan diperkenalkan saat membangun "
|
||
"awan OpenStack global, misalnya menavigasi perbedaan hukum privasi antara A."
|
||
"S. dan E.U yang lebih ketat. Selain itu, perhatian ekstra perlu dilakukan "
|
||
"saat menangani PII sensitif yang mungkin mencakup informasi seperti nomor "
|
||
"kartu kredit atau catatan medis. Data sensitif ini tidak hanya tunduk pada "
|
||
"hukum privasi tapi juga regulasi dan peraturan pemerintah. Dengan menunda "
|
||
"praktik terbaik yang telah ditetapkan, termasuk yang dipublikasikan oleh "
|
||
"pemerintah, kebijakan pengelolaan privasi holistik dapat dibuat dan "
|
||
"dipraktekkan untuk penerapan OpenStack."
|
||
|
||
msgid "Compute"
|
||
msgstr "Compute"
|
||
|
||
msgid ""
|
||
"Compute API SSL endpoint in Apache, which you must pair with a short WSGI "
|
||
"script."
|
||
msgstr ""
|
||
"Komputasi endpoint SSL API di Apache, yang harus Anda pasangkan dengan skrip "
|
||
"WSGI singkat."
|
||
|
||
msgid "Compute API endpoints"
|
||
msgstr "Compute API endpoints"
|
||
|
||
msgid "Compute instance ephemeral filesystem storage"
|
||
msgstr "Komputasi instance penyimpanan filesystem fana"
|
||
|
||
msgid "Compute instance ephemeral storage"
|
||
msgstr "Komputasi instance penyimpanan sementara"
|
||
|
||
msgid "Compute instance memory"
|
||
msgstr "Komputasi memori instance"
|
||
|
||
msgid ""
|
||
"Compute instances store and retrieve block storage via industry-standard "
|
||
"storage protocols such as iSCSI, ATA over Ethernet, or Fibre-Channel. These "
|
||
"resources are managed and configured via OpenStack native standard HTTP "
|
||
"RESTful API. For more details on the API see the `OpenStack Block Storage "
|
||
"documentation <http://developer.openstack.org/api-ref-blockstorage-v2."
|
||
"html>`__."
|
||
msgstr ""
|
||
"Menghitung instance menyimpan dan mengambil penyimpanan blok melalui "
|
||
"protokol penyimpanan industry-standard seperti iSCSI, ATA over Ethernet, "
|
||
"atau Fiber-Channel. Sumber daya ini dikelola dan dikonfigurasi melalui "
|
||
"OpenStack native standard HTTP RESTful API. Untuk detail lebih lanjut "
|
||
"tentang API lihat `OpenStack Block Storage documentation <http://developer."
|
||
"openstack.org/api-ref-blockstorage-v2.html> `__."
|
||
|
||
msgid ""
|
||
"Compute security is critical for an OpenStack deployment. Hardening "
|
||
"techniques should include support for strong instance isolation, secure "
|
||
"communication between Compute sub-components, and resiliency of public-"
|
||
"facing API endpoints."
|
||
msgstr ""
|
||
"Keamanan Compute sangat penting untuk pengerahan OpenStack. Teknik "
|
||
"pengerasan (hardening) harus mencakup dukungan untuk isolasi instance yang "
|
||
"kuat, komunikasi yang aman antara sub-komponen Compute, dan ketahanan "
|
||
"endpoint API yang dihadapi publik."
|
||
|
||
msgid "Compute soft delete feature"
|
||
msgstr "Komputasi fitur penghapusan soft"
|
||
|
||
msgid "Compute, storage, or other resource nodes"
|
||
msgstr "Compute, storage, atau node sumber daya lainnya"
|
||
|
||
msgid ""
|
||
"Computer Security Resource Centre. Guide to Security for Full Virtualization "
|
||
"Technologies. 2011. `http://csrc.nist.gov/publications/nistpubs/800-125/"
|
||
"SP800-125-final.pdf <http://csrc.nist.gov/publications/nistpubs/800-125/"
|
||
"SP800-125-final.pdf>`_"
|
||
msgstr ""
|
||
"Computer Security Resource Centre. Guide to Security for Full Virtualization "
|
||
"Technologies. 2011. `http://csrc.nist.gov/publications/nistpubs/800-125/"
|
||
"SP800-125-final.pdf <http://csrc.nist.gov/publications/nistpubs/800-125/"
|
||
"SP800-125-final.pdf>`_"
|
||
|
||
msgid ""
|
||
"Confidentiality Failure Impact: An attacker could add new tasks to the queue "
|
||
"which would be executed by workers. User quotas could be exhausted by an "
|
||
"attacker. DoS. User would be unable to create genuine secrets."
|
||
msgstr ""
|
||
"Confidentiality Failure Impact: Seorang penyerang bisa menambahkan tugas "
|
||
"baru ke antrian yang akan dilakukan oleh pekerja. Kuota pengguna bisa habis "
|
||
"oleh penyerang. DoS. Pengguna tidak akan bisa menciptakan rahasia asli."
|
||
|
||
msgid ""
|
||
"Confidentially Failure Impact: A malicious user might be able to abuse other "
|
||
"OpenStack services (depending on keystone role configurations) but barbican "
|
||
"is unaffected. If the service account for token validation also has barbican "
|
||
"admin privileges, then a malicious user could manipulate barbican admin "
|
||
"functions."
|
||
msgstr ""
|
||
"Confidentially Failure Impact: Pengguna jahat mungkin dapat menyalahgunakan "
|
||
"layanan OpenStack lainnya (tergantung pada konfigurasi peran keystone) namun "
|
||
"barbican tidak terpengaruh. Jika akun layanan untuk validasi token juga "
|
||
"memiliki hak adminican admin, maka pengguna jahat dapat memanipulasi fungsi "
|
||
"admin barbican."
|
||
|
||
msgid "Config option"
|
||
msgstr "Opsi konfig"
|
||
|
||
msgid "Configuration and hardening"
|
||
msgstr "Konfigurasi dan pengerasan"
|
||
|
||
msgid "Configuration example #1: (MySQL)"
|
||
msgstr "Configuration example #1: (MySQL)"
|
||
|
||
msgid "Configuration example #1: nova"
|
||
msgstr "Contoh konfigurasi #1: nova"
|
||
|
||
msgid "Configuration example #2: (PostgreSQL)"
|
||
msgstr "Configuration example #2: (PostgreSQL)"
|
||
|
||
msgid "Configuration example #2: cinder"
|
||
msgstr "Contoh konfigurasi #2: cinder"
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues causing a "
|
||
"denial of service to the other end users. Thus user and group ownership of "
|
||
"such critical configuration files must be set to that component owner."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tanpa sengaja memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang menyebabkan "
|
||
"penolakan layanan kepada pengguna akhir lainnya. Dengan demikian kepemilikan "
|
||
"pengguna dan kelompok dari file konfigurasi kritis tersebut harus ditetapkan "
|
||
"ke pemilik komponen tersebut."
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues causing a "
|
||
"denial of service to the other end users. Thus user ownership of such "
|
||
"critical configuration files must be set to root and group ownership must be "
|
||
"set to horizon."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tanpa sengaja memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang menyebabkan "
|
||
"penolakan layanan kepada end user lainnya. Dengan demikian kepemilikan "
|
||
"pengguna terhadap file konfigurasi kritis tersebut harus disetel ke "
|
||
"kepemilikan root dan grup harus disetel ke horizon."
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues causing a "
|
||
"denial of service to the other end users. Thus user ownership of such "
|
||
"critical configuration files must be set to root and group ownership must be "
|
||
"set to neutron."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tanpa sengaja memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang menyebabkan "
|
||
"penolakan layanan kepada pengguna akhir lainnya. Dengan demikian kepemilikan "
|
||
"pengguna terhadap file konfigurasi kritis tersebut harus diset ke root "
|
||
"(akar) dan kepemilikan kelompok harus disetel ke neutron."
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally, modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues causing a "
|
||
"denial of service to the other end users. User ownership of such critical "
|
||
"configuration files must be set to ``root`` and group ownership must be set "
|
||
"to ``nova``."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri, maka hal itu akan menyebabkan masalah ketersediaan parah "
|
||
"yang menyebabkan penolakan layanan kepada end user lainnya. Kepemilikan "
|
||
"pengguna terhadap file konfigurasi kritis tersebut harus disetel ke ``root`` "
|
||
"dan kepemilikan grup harus disetel ke ``nova``."
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally, modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues resulting in "
|
||
"a denial of service to the other end users. Therefore, user ownership of "
|
||
"such critical configuration files must be set to ``root`` and group "
|
||
"ownership must be set to ``glance``."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri, maka hal itu akan menyebabkan masalah ketersediaan yang "
|
||
"mengakibatkan penolakan layanan kepada end user lainnya. Oleh karena itu, "
|
||
"kepemilikan pengguna atas file konfigurasi kritis tersebut harus disetel ke "
|
||
"``root`` dan kepemilikan grup harus disetel ke ``glance``."
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally, modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues resulting in "
|
||
"a denial of service to the other end users. Thus user ownership of such "
|
||
"critical configuration files must be set to root and group ownership must be "
|
||
"set to cinder."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri, maka hal itu akan menyebabkan masalah ketersediaan yang "
|
||
"mengakibatkan penolakan layanan kepada end user lainnya. Dengan demikian "
|
||
"kepemilikan pengguna terhadap file konfigurasi kritis tersebut harus disetel "
|
||
"ke kepemilikan root dan grup harus disetel ke cinder."
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally, modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues resulting in "
|
||
"a denial of service to the other end users. Thus user ownership of such "
|
||
"critical configuration files must be set to root and group ownership must be "
|
||
"set to manila."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang "
|
||
"mengakibatkan penolakan layanan kepada pengguna akhir lainnya. Dengan "
|
||
"demikian kepemilikan pengguna terhadap file konfigurasi kritis tersebut "
|
||
"harus diset ke akar dan kepemilikan kelompok harus disetel ke manila."
|
||
|
||
msgid ""
|
||
"Configuration files contain critical parameters and information required for "
|
||
"smooth functioning of the component. If an unprivileged user, either "
|
||
"intentionally or accidentally, modifies or deletes any of the parameters or "
|
||
"the file itself then it would cause severe availability issues resulting in "
|
||
"a denial of service to the other end users. User ownership of such critical "
|
||
"configuration files must be set to root and group ownership must be set to "
|
||
"barbican."
|
||
msgstr ""
|
||
"File konfigurasi berisi parameter dan informasi penting yang diperlukan "
|
||
"untuk kelancaran fungsi komponen. Jika pengguna yang tidak berpengalaman, "
|
||
"baik sengaja atau tidak sengaja, memodifikasi atau menghapus parameter atau "
|
||
"file itu sendiri maka akan menyebabkan masalah ketersediaan yang "
|
||
"mengakibatkan penolakan layanan kepada end user lainnya. Kepemilikan "
|
||
"pengguna terhadap file konfigurasi kritis tersebut harus disetel ke "
|
||
"kepemilikan root dan grup harus disetel ke barbican."
|
||
|
||
msgid "Configuration management"
|
||
msgstr "Manajemen konfigurasi"
|
||
|
||
msgid ""
|
||
"Configuration management and security auditing tools will introduce another "
|
||
"layer of complexity into the cloud. This complexity brings additional "
|
||
"security concerns with it. We view this as an acceptable risk trade-off, "
|
||
"given their security benefits. Securing the operational use of these tools "
|
||
"is beyond the scope of this guide."
|
||
msgstr ""
|
||
"Alat manajemen konfigurasi dan keamanan audit akan mengenalkan lapisan "
|
||
"kompleksitas lain ke dalam awan. Kompleksitas ini membawa masalah keamanan "
|
||
"tambahan dengannya. Kami menganggap ini sebagai trade-off risiko yang dapat "
|
||
"diterima, mengingat manfaat keamanan mereka. Mengamankan penggunaan "
|
||
"operasional alat ini berada di luar cakupan panduan ini."
|
||
|
||
msgid "Configuration options"
|
||
msgstr "Pilihan konfigurasi"
|
||
|
||
msgid "Configure Apache to use a Federation capable authentication method."
|
||
msgstr ""
|
||
"Mengkonfigurasi Apache untuk menggunakan metode otentikasi yang mampu dengan "
|
||
"Federation."
|
||
|
||
msgid ""
|
||
"Configure HTTP requests to the dashboard domain to redirect to the fully "
|
||
"qualified HTTPS URL."
|
||
msgstr ""
|
||
"Konfigurasikan permintaan HTTP ke domain dasbor untuk mengalihkan ke URL "
|
||
"HTTPS yang memenuhi syarat."
|
||
|
||
msgid "Configure applications for internal URLs"
|
||
msgstr "Konfigurasikan aplikasi untuk URL internal"
|
||
|
||
msgid "Configure internal URLs in the Identity service catalog"
|
||
msgstr "Konfigurasikan URL internal dalam katalog layanan Identitas"
|
||
|
||
msgid ""
|
||
"Configure the Identity service virtual host and adjust the config to "
|
||
"properly handle SAML2 workflow."
|
||
msgstr ""
|
||
"Konfigurasikan virtual host layanan Identity dan sesuaikan konfigurasi agar "
|
||
"benar menangani alur kerja SAML2."
|
||
|
||
msgid ""
|
||
"Configure the ``ALLOWED_HOSTS`` setting with the fully qualified host "
|
||
"name(s) that are served by the OpenStack dashboard. Once this setting is "
|
||
"provided, if the value in the \"Host:\" header of an incoming HTTP request "
|
||
"does not match any of the values in this list an error will be raised and "
|
||
"the requestor will not be able to proceed. Failing to configure this option, "
|
||
"or the use of wild card characters in the specified host names, will cause "
|
||
"the dashboard to be vulnerable to security breaches associated with fake "
|
||
"HTTP Host headers."
|
||
msgstr ""
|
||
"Konfigurasikan pengaturan ``ALLOWED_HOSTS` dengan nama host yang memenuhi "
|
||
"syarat yang dilayani oleh dasbor OpenStack. Setelah pengaturan ini "
|
||
"diberikan, jika nilai pada header \"Host:\" dari permintaan HTTP yang masuk "
|
||
"tidak sesuai dengan salah satu nilai dalam daftar ini, kesalahan akan "
|
||
"diajukan dan peminta tidak dapat melanjutkan. Gagal mengkonfigurasi opsi "
|
||
"ini, atau penggunaan karakter wild card dalam nama host yang ditentukan, "
|
||
"akan menyebabkan dasbor rentan terhadap pelanggaran keamanan yang terkait "
|
||
"dengan header Host HTTP palsu."
|
||
|
||
msgid ""
|
||
"Configure your Service Provider by editing ``/etc/shibboleth/shibboleth2."
|
||
"xml``."
|
||
msgstr ""
|
||
"Konfigurasikan Service Provider Anda dengan mengedit ``/etc/shibboleth/"
|
||
"shibboleth2.xml``."
|
||
|
||
msgid ""
|
||
"Configure your web server to send a restrictive CORS header with each "
|
||
"response, allowing only the dashboard domain and protocol:"
|
||
msgstr ""
|
||
"Konfigurasikan server web Anda untuk mengirim header CORS yang terbatas "
|
||
"dengan setiap respons, sehingga hanya mengizinkan protokol dan domain dasbor:"
|
||
|
||
msgid "Configuring Federation"
|
||
msgstr "Mengkonfigurasi Federation"
|
||
|
||
msgid "Configuring Identity service for Federation"
|
||
msgstr "Mengkonfigurasi layanan Identity untuk Federation"
|
||
|
||
msgid ""
|
||
"Configuring TLS servers for perfect forward secrecy requires careful "
|
||
"planning around key size, session IDs, and session tickets. In addition, for "
|
||
"multi-server deployments, shared state is also an important consideration. "
|
||
"The example configurations for Apache and :term:`Nginx` above disable the "
|
||
"session tickets options to help mitigate some of these concerns. Real-world "
|
||
"deployments may desire to enable this feature for improved performance. This "
|
||
"can be done securely, but would require special consideration around key "
|
||
"management. Such configurations are beyond the scope of this guide. We "
|
||
"suggest reading `How to botch TLS forward secrecy by ImperialViolet <https://"
|
||
"www.imperialviolet.org/2013/06/27/botchingpfs.html>`_ as a starting place "
|
||
"for understanding the problem space."
|
||
msgstr ""
|
||
"Mengkonfigurasi server TLS untuk kerahasiaan baik yang sempurna memerlukan "
|
||
"perencanaan yang hati-hati seputar ukuran kunci, ID sesi, dan tiket sesi. "
|
||
"Selain itu, untuk penyebaran multi-server, shared state (keadaan berbagi) "
|
||
"juga merupakan pertimbangan penting. Contoh konfigurasi untuk Apache dan :"
|
||
"term:`Nginx` di atas menonaktifkan pilihan tiket sesi untuk membantu "
|
||
"mengurangi beberapa masalah ini. Penyebaran dunia nyata mungkin ingin "
|
||
"mengaktifkan fitur ini untuk meningkatkan kinerja. Hal ini dapat dilakukan "
|
||
"dengan aman, namun memerlukan pertimbangan khusus seputar manajemen kunci. "
|
||
"Konfigurasi seperti itu berada di luar jangkauan panduan ini. Kami "
|
||
"menyarankan untuk membaca `How to botch TLS forward secrecy by "
|
||
"ImperialViolet <https://www.imperialviolet.org/2013/06/27/botchingpfs."
|
||
"html>`_ sebagai tempat awal untuk memahami masalah ruang."
|
||
|
||
msgid ""
|
||
"Consider the supportability of the hardware on which the software will run. "
|
||
"Additionally, consider the additional features available in the hardware and "
|
||
"how those features are supported by the software you choose."
|
||
msgstr ""
|
||
"Pertimbangkan dukungan perangkat keras yang akan dijalankan perangkat lunak. "
|
||
"Selain itu, pertimbangkan fitur tambahan yang tersedia di perangkat keras "
|
||
"dan bagaimana fitur tersebut didukung oleh perangkat lunak yang Anda pilih."
|
||
|
||
msgid ""
|
||
"Considered by this guide as the most capable adversary. Intelligence "
|
||
"services and other state actors can bring tremendous resources to bear on a "
|
||
"target. They have capabilities beyond that of any other actor. It is very "
|
||
"difficult to defend against these actors without incredibly stringent "
|
||
"controls in place, both human and technical."
|
||
msgstr ""
|
||
"Dianggap oleh panduan ini sebagai musuh yang paling cakap. Layanan intelijen "
|
||
"(intelligence service) dan aktor negara lainnya dapat membawa sumber daya "
|
||
"yang luar biasa untuk menghasilkan target. Mereka memiliki kemampuan di luar "
|
||
"kemampuan aktor lainnya. Sangat sulit untuk mempertahankan diri terhadap "
|
||
"aktor-aktor ini tanpa kontrol yang sangat ketat, baik manusia maupun teknis."
|
||
|
||
msgid "Container service"
|
||
msgstr "Layanan Container"
|
||
|
||
msgid ""
|
||
"Contains information about a user as provided by an IdP. It is an indication "
|
||
"that a user has been authenticated."
|
||
msgstr ""
|
||
"Berisi informasi tentang pengguna seperti yang diberikan oleh IdP. Ini "
|
||
"adalah indikasi bahwa pengguna telah diautentikasi."
|
||
|
||
msgid ""
|
||
"Contains information that dictates which Mapping rules to use for an "
|
||
"incoming request made by an IdP. An IdP may support multiple protocols. "
|
||
"There are three major protocols for :term:`federated identity`: OpenID, "
|
||
"SAML, and OAuth."
|
||
msgstr ""
|
||
"Berisi informasi yang menentukan aturan Mapping yang akan digunakan untuk "
|
||
"permintaan masuk yang dilakukan oleh IdP. IdP dapat mendukung beberapa "
|
||
"protokol. Ada tiga protokol utama untuk :term:`federated identity`: OpenID, "
|
||
"SAML, dan OAuth."
|
||
|
||
msgid "Contents"
|
||
msgstr "Isi"
|
||
|
||
msgid "Context"
|
||
msgstr "Context"
|
||
|
||
msgid "Continuous systems management"
|
||
msgstr "Manajemen sistem kontinu"
|
||
|
||
msgid "Control plane"
|
||
msgstr "Control plane"
|
||
|
||
msgid "Control selection:"
|
||
msgstr "Pilihan kontrol:"
|
||
|
||
msgid "Control tailoring:"
|
||
msgstr "Kontrol menyesuaikan:"
|
||
|
||
msgid "Controller network access to clusters"
|
||
msgstr "Akses jaringan pengontrol ke cluster"
|
||
|
||
msgid "Cookies"
|
||
msgstr "Cookies"
|
||
|
||
msgid ""
|
||
"Copy the ``httpd/wsgi-keystone.conf`` file to the appropriate location for "
|
||
"your Apache server, for example, ``/etc/httpd/conf.d/wsgi-keystone.conf`` "
|
||
"file."
|
||
msgstr ""
|
||
"Salin file ``httpd/wsgi-keystone.conf`` ke lokasi yang sesuai untuk server "
|
||
"Apache Anda, misalnya, file ``/etc/httpd/conf.d/wsgi-keystone.conf``."
|
||
|
||
msgid ""
|
||
"Core Root of Trust Measurement (CRTM), BIOS code, Host platform extensions"
|
||
msgstr ""
|
||
"Core Root of Trust Measurement (CRTM), BIOS code, Host platform extensions"
|
||
|
||
msgid "Create Identity groups and assign roles."
|
||
msgstr "Buat kelompok Identity dan tetapkan peran."
|
||
|
||
msgid "Create a VM:"
|
||
msgstr "Buat VM:"
|
||
|
||
msgid ""
|
||
"Create a new region for the :term:`service provider`, for example, create a "
|
||
"new region with an ``ID`` of BETA, and ``URL`` of https://beta.com/"
|
||
"Shibboleth.sso/SAML2/POST. This URL will be used when creating a :term:`SAML "
|
||
"assertion` for BETA, and signed by the current keystone Identity Provider."
|
||
msgstr ""
|
||
"Buat wilayah baru untuk :term:`service provider`, misalnya, membuat daerah "
|
||
"baru dengan ``ID`` dari BETA, dan ``URL`` dari https://beta.com/Shibboleth."
|
||
"sso/SAML2/POST. URL ini akan digunakan saat membuat :term:`SAML assertion` "
|
||
"untuk BETA, dan ditandatangani oleh Identity Provider keystone saat ini."
|
||
|
||
msgid "Create a region for the Service Provider"
|
||
msgstr "Buat wilayah untuk Service Provider"
|
||
|
||
msgid "Create an encrypted volume and attach it to your VM:"
|
||
msgstr "Buat volume terenkripsi dan tempelkan ke VM Anda:"
|
||
|
||
msgid ""
|
||
"Create and manage security groups through dashboard. The security groups "
|
||
"allows L3-L4 packet filtering for security policies to protect virtual "
|
||
"machines."
|
||
msgstr ""
|
||
"Buat dan kelola grup keamanan melalui dasbor. Kelompok keamanan memungkinkan "
|
||
"penyaringan paket L3-L4 untuk kebijakan keamanan guna melindungi mesin "
|
||
"virtual."
|
||
|
||
msgid ""
|
||
"Create the Federation extension tables if using the provided SQL back end. "
|
||
"For example:"
|
||
msgstr ""
|
||
"Buat tabel ekstensi Federation jika menggunakan SQL back yang disediakan. "
|
||
"Sebagai contoh:"
|
||
|
||
msgid ""
|
||
"Create the directory ``/var/www/cgi-bin/keystone/``. Then link the files "
|
||
"``main`` and ``admin`` to the ``keystone.py`` file in this directory."
|
||
msgstr ""
|
||
"Buat direktori ``/var/www/cgi-bin/keystone/``. Kemudian tautkan file "
|
||
"``main`` dan ``admin`` ke file ``keystone.py`` di direktori ini."
|
||
|
||
msgid ""
|
||
"Creating unique database user accounts per OpenStack service endpoint "
|
||
"(illustrated below)"
|
||
msgstr ""
|
||
"Membuat akun pengguna database unik per endpoint layanan OpenStack "
|
||
"(diilustrasikan di bawah)"
|
||
|
||
msgid ""
|
||
"Creation and usage of encrypted LVM ephemeral disks (note: At this time "
|
||
"OpenStack Compute service only supports encrypting ephemeral disks in the "
|
||
"LVM format)"
|
||
msgstr ""
|
||
"Penciptaan dan penggunaan disk fana LVM yang dienkripsi (catatan: Saat ini "
|
||
"layanan OpenStack Compute hanya mendukung penyandian disk fana dalam format "
|
||
"LVM)"
|
||
|
||
msgid ""
|
||
"Creation and usage of encrypted volume types, initiated through the "
|
||
"dashboard or a command line interface"
|
||
msgstr ""
|
||
"Penciptaan dan penggunaan tipe volume terenkripsi, dimulai melalui dasbor "
|
||
"atau antarmuka command line."
|
||
|
||
msgid "Critical"
|
||
msgstr "Critical"
|
||
|
||
msgid "Critical / high"
|
||
msgstr "Critical / high"
|
||
|
||
msgid "Cross Origin Resource Sharing (CORS)"
|
||
msgstr "Cross Origin Resource Sharing (CORS)"
|
||
|
||
msgid "Cross Site Request Forgery (CSRF)"
|
||
msgstr "Cross Site Request Forgery (CSRF)"
|
||
|
||
msgid "Cross Site Scripting (XSS)"
|
||
msgstr "Cross Site Scripting (XSS)"
|
||
|
||
msgid "Cross-Frame Scripting (XFS)"
|
||
msgstr "Cross-Frame Scripting (XFS)"
|
||
|
||
msgid "Crypto plugins"
|
||
msgstr "Plugin kripto"
|
||
|
||
msgid ""
|
||
"Crypto plugins store secrets as encrypted blobs within the Barbican "
|
||
"database. The plugin is invoked to encrypt the secret on secret storage, and "
|
||
"decrypt the secret on secret retrieval. There are two flavors of storage "
|
||
"plugins currently available: the Simple Crypto plugin and the PKCS#11 crypto "
|
||
"plugin."
|
||
msgstr ""
|
||
"Plugin Crypto menyimpan rahasia sebagai gumpalan terenkripsi di dalam "
|
||
"database Barbican. Plugin ini dipanggil untuk mengenkripsi rahasia pada "
|
||
"penyimpanan rahasia, dan mendekripsi rahasia pada pengambilan kembali secara "
|
||
"rahasia. Ada dua atribut plugin penyimpanan yang tersedia saat ini: plugin "
|
||
"Simple Crypto dan plugin kripto PKCS # 11."
|
||
|
||
msgid "Cryptographic algorithms, cipher modes, and protocols"
|
||
msgstr "Algoritma kriptografi, mode cipher, dan protokol"
|
||
|
||
msgid "Cryptographic separation of external and internal environments"
|
||
msgstr "Pemisahan kriptografi lingkungan eksternal dan internal"
|
||
|
||
msgid "Cryptography standards"
|
||
msgstr "Standar kriptografi"
|
||
|
||
msgid ""
|
||
"Currently, Barbican is the only available back-end for Castellan. There are, "
|
||
"however, several back-ends that are being developed, including KMIP, Dogtag, "
|
||
"Hashicorp Vault and Custodia. For those deployers who do not wish to deploy "
|
||
"Barbican and have relatively simple key management needs, using one of these "
|
||
"back-ends could be a viable alternative. What would be lacking though is "
|
||
"multi-tenancy and tenant-policy enforcement when retrieving the secrets, as "
|
||
"well as any of the extra features mentioned above."
|
||
msgstr ""
|
||
"Saat ini, Barbican adalah satu-satunya back-end yang tersedia untuk "
|
||
"Castellan. Namun ada beberapa back-end yang sedang dikembangkan, termasuk "
|
||
"KMIP, Dogtag, Hashicorp Vault and Custodia. Bagi para pelaksana yang tidak "
|
||
"ingin menerapkan Barbican dan memiliki kebutuhan pengelolaan kunci yang "
|
||
"relatif sederhana, gunakan salah satu dari back-end ini bisa menjadi "
|
||
"alternatif yang tepat. Bagaimanapun ada yang kurang seperti penegakan tenant-"
|
||
"policy dan multi-tenancy ketika mengambil rahasia, serta fitur tambahan yang "
|
||
"disebutkan di atas."
|
||
|
||
msgid ""
|
||
"Currently, Vault and Custodia plugins are being developed for the Queens "
|
||
"cycle."
|
||
msgstr ""
|
||
"Saat ini, plugin Vault dan Custodia sedang dikembangkan untuk siklus Queens."
|
||
|
||
msgid ""
|
||
"Currently, the CLI supports the Enhanced Client or Proxy (ECP), (the non-"
|
||
"browser) support for ``keystoneclient`` from an API perspective. So, if you "
|
||
"are using the ``keystoneclient``, you can create a client instance and use "
|
||
"the SAML authorization plugin. There is no support for dashboard available "
|
||
"presently. With the upcoming OpenStack releases, Federated Identity should "
|
||
"be supported with both CLI and the dashboard."
|
||
msgstr ""
|
||
"Saat ini, CLI mendukung Enhanced Client atau Proxy (ECP), (non-browser) "
|
||
"mendukung ``keystoneclient`` dari perspektif API. Jadi, jika Anda "
|
||
"menggunakan ``keystoneclient``, Anda dapat membuat instance klien dan "
|
||
"menggunakan plugin otorisasi SAML. Tidak ada dukungan untuk dasbor yang "
|
||
"tersedia saat ini. Dengan rilis OpenStack yang akan datang, Federated "
|
||
"Identity harus didukung dengan CLI dan dasbor."
|
||
|
||
msgid "Custom criteria"
|
||
msgstr "Kriteria khusus"
|
||
|
||
msgid "Custom network topologies"
|
||
msgstr "Topologi jaringan kustom"
|
||
|
||
msgid "DEB packages:"
|
||
msgstr "DEB packages:"
|
||
|
||
msgid "DHCP agent (*neutron-dhcp-agent*)"
|
||
msgstr "Agen DHCP (*neutron-dhcp-agent*)"
|
||
|
||
msgid "DNS services"
|
||
msgstr "DNS services"
|
||
|
||
msgid "DSA"
|
||
msgstr "DSA"
|
||
|
||
msgid "Dashboard"
|
||
msgstr "Dasbor"
|
||
|
||
msgid ""
|
||
"Dashboard indication of volume encryption status. Includes indication that a "
|
||
"volume is encrypted, and includes the encryption parameters such as "
|
||
"algorithm and key size"
|
||
msgstr ""
|
||
"Indikasi status enkripsi volume Dashboard. Termasuk indikasi bahwa volume "
|
||
"dienkripsi, dan termasuk parameter enkripsi seperti algoritma dan ukuran "
|
||
"kunci"
|
||
|
||
msgid ""
|
||
"Dashboard provides tools for developers to avoid creating XSS "
|
||
"vulnerabilities, but they only work if developers use them correctly. Audit "
|
||
"any custom dashboards, paying particular attention to use of the "
|
||
"``mark_safe`` function, use of ``is_safe`` with custom template tags, the "
|
||
"``safe`` template tag, anywhere auto escape is turned off, and any "
|
||
"JavaScript which might evaluate improperly escaped data."
|
||
msgstr ""
|
||
"Dasbor menyediakan alat bagi pengembang untuk menghindari kerentanan XSS, "
|
||
"namun hanya berfungsi jika pengembang menggunakannya dengan benar. Mengaudit "
|
||
"setiap dasbor kustom, memperhatikan penggunaan fungsi ``mark_safe``, "
|
||
"penggunaan ``is_safe`` dengan tag template khusus, tag template ``safe``, di "
|
||
"mana saja pelarian otomatis (auto escape) dimatikan, dan JavaScript apa pun "
|
||
"yang bisa mengevaluasi data lolos (escaped data) dengan tidak semestinya."
|
||
|
||
msgid ""
|
||
"Dashboard's default configuration uses `django_compressor <http://django-"
|
||
"compressor.readthedocs.org/>`_ to compress and minify CSS and JavaScript "
|
||
"content before serving it. This process should be statically done before "
|
||
"deploying the dashboard, rather than using the default in-request dynamic "
|
||
"compression and copying the resulting files along with deployed code or to "
|
||
"the CDN server. Compression should be done in a non-production build "
|
||
"environment. If this is not practical, we recommend disabling resource "
|
||
"compression entirely. Online compression dependencies (less, Node.js) should "
|
||
"not be installed on production machines."
|
||
msgstr ""
|
||
"Konfigurasi default dasbor menggunakan `django_compressor <http://django-"
|
||
"compressor.readthedocs.org/>`_ untuk memampatkan dan memperkecil isi CSS dan "
|
||
"JavaScript sebelum menayangkannya. Proses ini harus dilakukan secara statis "
|
||
"sebelum menerapkan dasbor, daripada menggunakan kompresi dinamis dalam "
|
||
"permintaan default dan menyalin file yang dihasilkan beserta kode yang "
|
||
"dikerahkan atau ke server CDN. Kompresi harus dilakukan di lingkungan "
|
||
"pembangun non produksi. Jika ini tidak praktis, sebaiknya nonaktifkan "
|
||
"kompresi sumber daya sepenuhnya. Ketergantungan kompresi online (less, Node."
|
||
"js) tidak boleh dipasang pada mesin produksi."
|
||
|
||
msgid "Data"
|
||
msgstr "Data"
|
||
|
||
msgid ""
|
||
"Data Classification defines a method for classifying and handling "
|
||
"information, often to protect customer information from accidental or "
|
||
"deliberate theft, loss, or inappropriate disclosure. Most commonly, this "
|
||
"involves classifying information as sensitive or non-sensitive, or as "
|
||
"personally identifiable information (PII). Depending on the context of the "
|
||
"deployment various other classifying criteria may be used (government, "
|
||
"health-care). The underlying principle is that data classifications are "
|
||
"clearly defined and in-use. The most common protective mechanisms include "
|
||
"industry standard encryption technologies."
|
||
msgstr ""
|
||
"Klasifikasi Data mendefinisikan metode untuk mengklasifikasi dan menangani "
|
||
"informasi, seringkali untuk melindungi informasi pelanggan dari pencurian, "
|
||
"kehilangan, atau pengungkapan yang tidak disengaja atau disengaja. Paling "
|
||
"umum, ini mengklasifikasikan informasi sebagai informasi sensitif atau tidak "
|
||
"sensitif, atau sebagai personally identifiable information (PII). Bergantung "
|
||
"pada konteks penerapan berbagai kriteria klasifikasi lainnya dapat digunakan "
|
||
"(government, health-care). Prinsip dasarnya adalah klasifikasi data "
|
||
"didefinisikan secara jelas dan digunakan. Mekanisme perlindungan yang paling "
|
||
"umum termasuk teknologi enkripsi standar industri."
|
||
|
||
msgid "Data asset impact analysis"
|
||
msgstr "Analisis dampak aset data"
|
||
|
||
msgid "Data assets"
|
||
msgstr "Aset data"
|
||
|
||
msgid ""
|
||
"Data assets are user data, high-value data, configuration items, "
|
||
"authorization tokens or other items that an attacker may target. The set of "
|
||
"data items will vary between projects, but in general it should be "
|
||
"considered as classes of data which are vital to the intended operation of "
|
||
"the project. The level of detail required is somewhat dependent on the "
|
||
"context. Data can usually be grouped, such as 'user data', 'secret data', or "
|
||
"'configuration files', but may be singular, like 'admin identity token' or "
|
||
"'user identity token', or 'database configuration file'."
|
||
msgstr ""
|
||
"Aset data adalah data pengguna, data bernilai tinggi, item konfigurasi, "
|
||
"token otorisasi atau item lain yang mungkin ditargetkan oleh penyerang. "
|
||
"Kumpulan item data akan bervariasi antar proyek, namun secara umum harus "
|
||
"dianggap sebagai kelas data yang sangat penting untuk pengoperasian proyek "
|
||
"yang dimaksud. Tingkat detail yang dibutuhkan agak tergantung pada "
|
||
"konteksnya. Data biasanya dapat dikelompokkan, seperti 'user data', 'secret "
|
||
"data', atau 'configuration files', namun mungkin tunggal, seperti 'admin "
|
||
"identity token' atau 'user identity token', atau 'database configuration "
|
||
"file'."
|
||
|
||
msgid ""
|
||
"Data assets should include a statement of where that asset is persisted."
|
||
msgstr "Aset data harus mencakup pernyataan di mana aset tersebut bertahan."
|
||
|
||
msgid "Data classification"
|
||
msgstr "Klasifikasi Data"
|
||
|
||
msgid "Data disposal"
|
||
msgstr "Pembuangan data"
|
||
|
||
msgid "Data encryption"
|
||
msgstr "Enkripsi data"
|
||
|
||
msgid "Data formats and transformations"
|
||
msgstr "Format dan transformasi data"
|
||
|
||
msgid "Data not securely erased"
|
||
msgstr "Data tidak terhapus secara aman"
|
||
|
||
msgid "Data passed to OpenStack Compute's configuration-drive extension"
|
||
msgstr "Data dikirimkan ke ekstensi configuration-drive OpenStack Compute"
|
||
|
||
msgid "Data privacy concerns"
|
||
msgstr "Masalah privasi data"
|
||
|
||
msgid "Data processing"
|
||
msgstr "Pengolahan data"
|
||
|
||
msgid "Data processing interacts directly with several openstack services:"
|
||
msgstr ""
|
||
"Pengolahan data berinteraksi langsung dengan beberapa layanan openstack:"
|
||
|
||
msgid ""
|
||
"Data processing resources (clusters, jobs, and data sources) are segregated "
|
||
"by projects defined within the Identity service. These resources are shared "
|
||
"within a project and it is important to understand the access needs of those "
|
||
"who are using the service. Activities within projects (for example launching "
|
||
"clusters, uploading jobs, etc.) can be restricted further through the use of "
|
||
"role-based access controls."
|
||
msgstr ""
|
||
"Sumber daya pengolahan data (clusters, jobs, and data sources) dipisahkan "
|
||
"oleh proyek yang didefinisikan dalam layanan Identitas. Sumber daya ini "
|
||
"dibagi dalam sebuah proyek dan penting untuk memahami kebutuhan akses mereka "
|
||
"yang menggunakan layanan ini. Kegiatan dalam proyek (misalnya, launching "
|
||
"clusters, uploading jobs, dll.) dapat dibatasi lebih jauh melalui penggunaan "
|
||
"role-based access control."
|
||
|
||
msgid "Data processing service"
|
||
msgstr "Layanan pengolahan data"
|
||
|
||
msgid "Data residency"
|
||
msgstr "Data residensi"
|
||
|
||
msgid ""
|
||
"Database (MySQL): MySQL database to store barbican state data related to its "
|
||
"managed entities and their metadata."
|
||
msgstr ""
|
||
"Database (MySQL): Database MySQL untuk menyimpan barbican state data yang "
|
||
"terkait dengan entitas yang dikelola dan metadata mereka."
|
||
|
||
msgid "Database access control"
|
||
msgstr "Kontrol akses Database"
|
||
|
||
msgid "Database authentication and access control"
|
||
msgstr "Database otentikasi dan kontrol akses"
|
||
|
||
msgid "Database back end considerations"
|
||
msgstr "Pertimbangan back end database"
|
||
|
||
msgid "Database server"
|
||
msgstr "Server Database"
|
||
|
||
msgid "Database server IP address binding"
|
||
msgstr "Alamat IP server database mengikat"
|
||
|
||
msgid "Database transport"
|
||
msgstr "Transportasi database"
|
||
|
||
msgid "Database transport security"
|
||
msgstr "Keamanan transportasi database"
|
||
|
||
msgid "Databases"
|
||
msgstr "Databases"
|
||
|
||
msgid "Debug"
|
||
msgstr "Debug"
|
||
|
||
msgid "Default setting is True."
|
||
msgstr "Pengaturan default menjadi True."
|
||
|
||
msgid ""
|
||
"Demonstration to a neutral third-party that system security controls are "
|
||
"implemented and operating effectively, in compliance with in-scope standards "
|
||
"and regulations, is required before many information systems achieve "
|
||
"certified status. Many certifications require periodic audits to ensure "
|
||
"continued certification, considered part of an overarching continuous "
|
||
"monitoring practice."
|
||
msgstr ""
|
||
"Demonstrasi kepada pihak ketiga yang netral bahwa kontrol keamanan sistem "
|
||
"diimplementasikan dan beroperasi secara efektif, sesuai dengan standar dan "
|
||
"peraturan di dalam ruang, diperlukan sebelum banyak sistem informasi "
|
||
"mendapatkan status bersertifikat. Banyak sertifikasi memerlukan audit "
|
||
"berkala untuk memastikan sertifikasi lanjutan, yang dianggap sebagai bagian "
|
||
"dari keseluruhan praktik pemantauan berkelanjutan."
|
||
|
||
msgid ""
|
||
"Denial of Service refers to an exploited vulnerability that may cause "
|
||
"service or system disruption. This includes both distributed attacks to "
|
||
"overwhelm network resources, and single-user attacks that are typically "
|
||
"caused through resource allocation bugs or input induced system failure "
|
||
"flaws."
|
||
msgstr ""
|
||
"Denial of Service mengacu pada kerentanan yang dieksploitasi yang dapat "
|
||
"menyebabkan gangguan layanan atau sistem. Ini termasuk serangan "
|
||
"terdistribusi untuk membanjiri sumber daya jaringan, dan serangan pengguna "
|
||
"tunggal yang biasanya disebabkan oleh bug alokasi sumber daya atau "
|
||
"kekurangan kegagalan sistem yang disebabkan masukan."
|
||
|
||
msgid "Denial of service"
|
||
msgstr "Denial of service"
|
||
|
||
msgid ""
|
||
"Depending on the strategy selected, in the event of a failure the node will "
|
||
"either fail to boot or it can report the failure back to another entity in "
|
||
"the cloud. For secure boot, the node will fail to boot and a provisioning "
|
||
"service within the management security domain must recognize this and log "
|
||
"the event. For boot attestation, the node will already be running when the "
|
||
"failure is detected. In this case the node should be immediately quarantined "
|
||
"by disabling its network access. Then the event should be analyzed for the "
|
||
"root cause. In either case, policy should dictate how to proceed after a "
|
||
"failure. A cloud may automatically attempt to re-provision a node a certain "
|
||
"number of times. Or it may immediately notify a cloud administrator to "
|
||
"investigate the problem. The right policy here will be deployment and "
|
||
"failure mode specific."
|
||
msgstr ""
|
||
"Bergantung pada strategi yang dipilih, jika terjadi kegagalan, node akan "
|
||
"gagal booting atau dapat melaporkan kegagalan kembali ke entitas lain di "
|
||
"awan. Untuk boot aman, node terjadi gagal booting dan kemudian layanan "
|
||
"provisioning dalam domain keamanan manajemen harus mengenali ini dan "
|
||
"mencatat kejadian. Untuk pengesahan booting, node sudah akan berjalan saat "
|
||
"failure terdeteksi. Dalam hal ini node harus segera dikarantina dengan "
|
||
"menonaktifkan akses jaringannya. Maka event tersebut harus dianalisis untuk "
|
||
"akar permasalahannya. Dalam kasus tersebut, kebijakan harus mendikte "
|
||
"bagaimana melanjutkan setelah kegagalan. Awan secara otomatis dapat mencoba "
|
||
"menyediakan kembali node beberapa kali. Atau mungkin segera memberitahu "
|
||
"administrator awan untuk menyelidiki masalahnya. Kebijakan yang tepat disini "
|
||
"akan bersifat deployment dan failure mode yang spesifik."
|
||
|
||
msgid ""
|
||
"Deploy automated testing tools to ensure that the cloud remains compliant "
|
||
"over time."
|
||
msgstr ""
|
||
"Terapkan alat uji otomatis untuk memastikan bahwa awan tetap sesuai dengan "
|
||
"waktu."
|
||
|
||
msgid ""
|
||
"Deploy the dashboard behind a secure :term:`HTTPS <Hypertext Transfer "
|
||
"Protocol Secure (HTTPS)>` server by using a valid, trusted certificate from "
|
||
"a recognized certificate authority (CA). Private organization-issued "
|
||
"certificates are only appropriate when the root of trust is pre-installed in "
|
||
"all user browsers."
|
||
msgstr ""
|
||
"Terapkan dasbor di belakang yang aman :term:`HTTPS <Hypertext Transfer "
|
||
"Protocol Secure (HTTPS)>` server dengan menggunakan sertifikat terpercaya "
|
||
"dan valid dari certificate authority (CA) yang dikenali. Sertifikat yang "
|
||
"diterbitkan oleh organisasi private hanya sesuai bila akar kepercayaan telah "
|
||
"terinstal di semua browser pengguna."
|
||
|
||
msgid ""
|
||
"Deployers or users of OpenStack with strong security requirements may want "
|
||
"to consider deploying these technologies. Not all are applicable in every "
|
||
"situation. In some cases, technologies may be ruled out for use in a cloud "
|
||
"because of prescriptive business requirements. Similarly some technologies "
|
||
"inspect instance data such as run state which may be undesirable to the "
|
||
"users of the system."
|
||
msgstr ""
|
||
"Deployer atau pengguna OpenStack dengan persyaratan keamanan yang kuat "
|
||
"mungkin ingin mempertimbangkan penggelaran teknologi ini. Tidak semua bisa "
|
||
"diterapkan dalam setiap situasi. Dalam beberapa kasus, teknologi mungkin "
|
||
"dikesampingkan untuk digunakan di awan karena persyaratan bisnis yang "
|
||
"ditentukan. Demikian pula beberapa teknologi memeriksa data instance seperti "
|
||
"run state yang mungkin tidak diinginkan pengguna sistem."
|
||
|
||
msgid "Deploying the updates"
|
||
msgstr "Menyebarkan pembaruan"
|
||
|
||
msgid "Deployment"
|
||
msgstr "Pengerahan "
|
||
|
||
msgid "Description"
|
||
msgstr "Deskripsi"
|
||
|
||
msgid ""
|
||
"Destination libvirtd host copies the instances back to an underlying "
|
||
"hypervisor."
|
||
msgstr ""
|
||
"Tujuan libvirtd host menyalin instance kembali ke hypervisor yang "
|
||
"mendasarinya."
|
||
|
||
msgid "Destroy cloud system media that cannot be sanitized."
|
||
msgstr "Hancurkan media sistem cloud yang tidak bisa di sanitasi."
|
||
|
||
msgid ""
|
||
"Detecting the absence of log generation is an event of high value. Such an "
|
||
"event would indicate a service failure or even an intruder who has "
|
||
"temporarily switched off logging or modified the log level to hide their "
|
||
"tracks."
|
||
msgstr ""
|
||
"Mendeteksi tidak adanya generasi log adalah peristiwa bernilai tinggi. "
|
||
"Peristiwa semacam itu akan menunjukkan kegagalan layanan atau bahkan "
|
||
"penyusup yang mematikan sementara logging atau memodifikasi tingkat log "
|
||
"untuk menyembunyikan jejak mereka."
|
||
|
||
msgid "Determine accessible resources."
|
||
msgstr "Tentukan sumber daya yang dapat diakses."
|
||
|
||
msgid "Determining audit scope"
|
||
msgstr "Menentukan cakupan audit"
|
||
|
||
msgid ""
|
||
"Determining audit scope, specifically what controls are needed and how to "
|
||
"design or modify an OpenStack deployment to satisfy them, should be the "
|
||
"initial planning step."
|
||
msgstr ""
|
||
"Menentukan lingkup audit, khususnya kontrol apa yang dibutuhkan dan "
|
||
"bagaimana merancang atau memodifikasi penyebaran OpenStack untuk memuaskan "
|
||
"mereka, seharusnya hal ini merupakan langkah perencanaan awal."
|
||
|
||
msgid ""
|
||
"Different authentication services are supported by different share drivers. "
|
||
"For details of supporting of features by different drivers, see `Manila "
|
||
"share features support mapping <https://docs.openstack.org/manila/latest/"
|
||
"contributor/share_back_ends_feature_support_mapping.html>`_. Support for a "
|
||
"specific authentication service by a driver does not mean that it can be "
|
||
"configured with any shared file system protocol. Supported shared file "
|
||
"systems protocols are NFS, CIFS, GlusterFS, and HDFS. See the driver "
|
||
"vendor's documentation for information on a specific driver and its "
|
||
"configuration for security services."
|
||
msgstr ""
|
||
"Layanan otentikasi yang berbeda didukung oleh driver share yang berbeda. "
|
||
"Untuk rincian dukungan fitur oleh driver yang berbeda, lihat `Manila share "
|
||
"features support mapping <https://docs.openstack.org/manila/latest/"
|
||
"contributor/share_back_ends_feature_support_mapping.html>`_. Dukungan untuk "
|
||
"layanan otentikasi tertentu oleh driver tidak berarti dapat dikonfigurasi "
|
||
"dengan protokol sistem file shared. Protokol sistem file shared yang "
|
||
"didukung adalah NFS, CIFS, GlusterFS, dan HDFS. Lihat dokumentasi vendor "
|
||
"driver untuk mendapatkan informasi mengenai driver khusus dan konfigurasinya "
|
||
"untuk layanan keamanan."
|
||
|
||
msgid ""
|
||
"Different drivers support different access options depending on which shared "
|
||
"file system protocol is used. Supported shared file system protocols are "
|
||
"NFS, CIFS, GlusterFS, and HDFS. For example, the Generic (Block Storage as a "
|
||
"back end) driver does not support user and certificate authentication "
|
||
"methods. It also does not support any of the security services, such as "
|
||
"LDAP, Kerberos, or Active Directory. For details of features supported by "
|
||
"different drivers, see `Manila share features support mapping <https://docs."
|
||
"openstack.org/manila/latest/contributor/"
|
||
"share_back_ends_feature_support_mapping.html>`_."
|
||
msgstr ""
|
||
"Driver yang berbeda mendukung pilihan akses yang berbeda tergantung pada "
|
||
"protokol sistem file bersama yang digunakan. Protokol sistem file bersama "
|
||
"yang didukung adalah NFS, CIFS, GlusterFS, dan HDFS. Misalnya, driver "
|
||
"Generic (Block Storage as a back end) tidak mendukung metode otentikasi "
|
||
"pengguna dan sertifikat. Ini juga tidak mendukung layanan keamanan apa pun, "
|
||
"seperti LDAP, Kerberos, atau Active Directory. Untuk rincian fitur yang "
|
||
"didukung oleh driver yang berbeda, lihat `Manila share features support "
|
||
"mapping <https://docs.openstack.org/manila/latest/contributor/"
|
||
"share_back_ends_feature_support_mapping.html>`_."
|
||
|
||
msgid "Digital Certificates"
|
||
msgstr "Digital Certificates"
|
||
|
||
msgid ""
|
||
"Direct memory access (DMA) is a feature that permits certain hardware "
|
||
"devices to access arbitrary physical memory addresses in the host computer. "
|
||
"Often video cards have this capability. However, an instance should not be "
|
||
"given arbitrary physical memory access because this would give it full view "
|
||
"of both the host system and other instances running on the same node. "
|
||
"Hardware vendors use an input/output memory management unit (IOMMU) to "
|
||
"manage DMA access in these situations. We recommend cloud architects should "
|
||
"ensure that the hypervisor is configured to utilize this hardware feature."
|
||
msgstr ""
|
||
"Direct memory access (DMA) adalah fitur yang memungkinkan perangkat keras "
|
||
"tertentu mengakses alamat memori fisik secara acak di komputer host. "
|
||
"Seringkali kartu video memiliki kemampuan ini. Namun, sebuah instance tidak "
|
||
"boleh diberikan akses memori fisik yang acak karena ini akan memberikan "
|
||
"tampilan penuh dari kedua sistem host dan instance lainnya yang berjalan "
|
||
"pada node yang sama. Vendor perangkat keras menggunakan input/output memory "
|
||
"management unit (IOMMU) untuk mengelola akses DMA dalam situasi ini. Kami "
|
||
"merekomendasikan arsitek awan harus memastikan bahwa hypervisor "
|
||
"dikonfigurasi untuk memanfaatkan fitur perangkat keras ini."
|
||
|
||
msgid "Disable live migration"
|
||
msgstr "Nonaktifkan migrasi langsung"
|
||
|
||
msgid "Disabling ``admin_token`` means it has a value of ``<none>``."
|
||
msgstr "Menonaktifkan ``admin_token`` berarti memiliki nilai ``<none>``."
|
||
|
||
msgid "Disallows clear text."
|
||
msgstr "Tidak mengizinkan teks yang jelas."
|
||
|
||
msgid ""
|
||
"Disallows export encryption algorithms, which by design tend to be weak, "
|
||
"typically using 40 and 56 bit keys."
|
||
msgstr ""
|
||
"Tidak mengizinkan algoritma enkripsi ekspor, yang menurut desainnya "
|
||
"cenderung lemah, biasanya menggunakan kunci 40 dan 56 bit."
|
||
|
||
msgid ""
|
||
"Disallows low (56 or 64 bit long keys) and medium (128 bit long keys) "
|
||
"ciphers because of their vulnerability to brute force attacks (example 2-"
|
||
"DES). This rule still permits Triple Data Encryption Standard (Triple DES) "
|
||
"also known as Triple Data Encryption Algorithm (TDEA) and the Advanced "
|
||
"Encryption Standard (AES), each of which has keys greater than equal to 128 "
|
||
"bits and thus more secure."
|
||
msgstr ""
|
||
"Larang (56 or 64 bit long keys) rendah dan ciphers (128 bit long keys) "
|
||
"menengah karena kerentanannya terhadap serangan brute force (contoh 2-DES). "
|
||
"Aturan ini masih mengizinkan Triple Data Encryption Standard (Triple DES) "
|
||
"yang juga dikenal sebagai Triple Data Encryption Algorithm (TDEA) dan "
|
||
"Advanced Encryption Standard (AES), yang masing-masing memiliki kunci lebih "
|
||
"besar dari pada 128 bit dan lebih aman."
|
||
|
||
msgid ""
|
||
"Disaster Recovery (DR) and Business Continuity Planning (BCP) plans are "
|
||
"common requirements for ISMS and compliance activities. These plans must be "
|
||
"periodically tested as well as documented. In OpenStack, key areas are found "
|
||
"in the management security domain, and anywhere that single points of "
|
||
"failure (SPOFs) can be identified."
|
||
msgstr ""
|
||
"Disaster Recovery (DR) dan rencana Business Continuity Planning (BCP) adalah "
|
||
"persyaratan umum untuk ISMS dan kegiatan kepatuhan. Rencana ini harus diuji "
|
||
"secara berkala dan juga terdokumentasi. Di OpenStack, area utama ditemukan "
|
||
"di domain keamanan manajemen, dan di manapun single points of failure "
|
||
"(SPOFs) dapat diidentifikasi."
|
||
|
||
msgid "Discretionary Access Control"
|
||
msgstr "Discretionary Access Control"
|
||
|
||
msgid ""
|
||
"Discuss common control frameworks and certification resources to achieve "
|
||
"industry certifications or regulator attestations."
|
||
msgstr ""
|
||
"Diskusikan kerangka kerja pengendalian bersama dan sumber sertifikasi untuk "
|
||
"mendapatkan sertifikasi industri atau pengesahan regulator."
|
||
|
||
msgid "Discuss upcoming security features"
|
||
msgstr "Diskusikan fitur keamanan yang akan datang"
|
||
|
||
msgid ""
|
||
"Django has dedicated middleware for cross-site request forgery (CSRF). For "
|
||
"further details, see the `Django documentation <https://docs.djangoproject."
|
||
"com/>`_."
|
||
msgstr ""
|
||
"Django telah mendedikasikan middleware untuk cross-site request forgery "
|
||
"(CSRF). Untuk keterangan lebih lanjut, lihat `Django documentation <https://"
|
||
"docs.djangoproject.com/>`_."
|
||
|
||
msgid ""
|
||
"Django media settings are documented in the `Django documentation <https://"
|
||
"docs.djangoproject.com/>`_."
|
||
msgstr ""
|
||
"Pengaturan media Django didokumentasikan di `Django documentation <https://"
|
||
"docs.djangoproject.com/>`_."
|
||
|
||
msgid ""
|
||
"Documentation should provide a general description of the OpenStack "
|
||
"environment and cover all systems used (for example, production, "
|
||
"development, or test). Documenting system components, networks, services, "
|
||
"and software often provides the bird's-eye view needed to thoroughly cover "
|
||
"and consider security concerns, attack vectors, and possible security domain "
|
||
"bridging points. A system inventory may need to capture ephemeral resources "
|
||
"such as virtual machines or virtual disk volumes that would otherwise be "
|
||
"persistent resources in a traditional IT system."
|
||
msgstr ""
|
||
"Dokumentasi harus memberikan gambaran umum tentang lingkungan OpenStack dan "
|
||
"mencakup semua sistem yang digunakan (misalnya, produksi, pengembangan, atau "
|
||
"pengujian). Mendokumentasikan komponen sistem, jaringan, layanan, dan "
|
||
"perangkat lunak sering kali memberikan pandangan bird's-eye (mata burung) "
|
||
"untuk menutupi dan mempertimbangkan masalah keamanan, vektor serangan, dan "
|
||
"kemungkinan poin penjembatan domain keamanan. Inventarisasi sistem mungkin "
|
||
"perlu menangkap sumber daya singkat seperti mesin virtual atau volume disk "
|
||
"virtual yang jika tidak, sumber daya persisten akan ada dalam sistem "
|
||
"Teknologi Informasi tradisional."
|
||
|
||
msgid "Dogtag plugin"
|
||
msgstr "Plugin Dogtag"
|
||
|
||
msgid "Domain names"
|
||
msgstr "Nama domain"
|
||
|
||
msgid "Domain names, dashboard upgrades, and basic web server configuration"
|
||
msgstr "Nama domain, upgrade dasbor, dan konfigurasi server web dasar"
|
||
|
||
msgid ""
|
||
"Domain-specific authentication drivers allow the Identity service to be "
|
||
"configured for multiple domains using domain-specific configuration files. "
|
||
"Enabling the drivers and setting the domain-specific configuration file "
|
||
"location occur in the ``[identity]`` section of the ``keystone.conf`` file:"
|
||
msgstr ""
|
||
"Driver otentikasi domain-specific memungkinkan layanan Identity "
|
||
"dikonfigurasi untuk beberapa domain menggunakan file konfigurasi domain-"
|
||
"specific. Mengaktifkan driver dan menyetel lokasi file konfigurasi domain-"
|
||
"specific terjadi di bagian ``[identity] `` pada file ``keystone.conf``:"
|
||
|
||
msgid "Domains"
|
||
msgstr "Domain-domain"
|
||
|
||
msgid ""
|
||
"Domains are high-level containers for projects, users and groups. As such, "
|
||
"they can be used to centrally manage all keystone-based identity components. "
|
||
"With the introduction of account domains, server, storage and other "
|
||
"resources can now be logically grouped into multiple projects (previously "
|
||
"called tenants) which can themselves be grouped under a master account-like "
|
||
"container. In addition, multiple users can be managed within an account "
|
||
"domain and assigned roles that vary for each project."
|
||
msgstr ""
|
||
"Domain adalah wadah tingkat tinggi untuk proyek, pengguna, dan grup. Dengan "
|
||
"demikian, mereka dapat digunakan untuk mengelola semua komponen identity "
|
||
"keystone-based secara terpusat. Dengan diperkenalkannya domain akun, server, "
|
||
"penyimpanan dan sumber daya lainnya sekarang dapat dikelompokkan secara "
|
||
"logis ke dalam beberapa proyek (yang sebelumnya disebut tenant) yang dapat "
|
||
"dikelompokkan dalam wadah seperti akun induk. Selain itu, beberapa pengguna "
|
||
"dapat dikelola dalam domain akun dan peran yang ditetapkan berbeda untuk "
|
||
"setiap proyek."
|
||
|
||
msgid ""
|
||
"Dr. Bryan D. Payne is the Director of Security Research at Nebula and co-"
|
||
"founder of the OpenStack Security Group (OSSG). Prior to joining Nebula, he "
|
||
"worked at Sandia National Labs, the National Security Agency, BAE Systems, "
|
||
"and IBM Research. He graduated with a Ph.D. in Computer Science from the "
|
||
"Georgia Tech College of Computing, specializing in systems security. Bryan "
|
||
"was the editor and lead for the OpenStack Security Guide, responsible for "
|
||
"its continued growth for the two years after it was written."
|
||
msgstr ""
|
||
"Dr. Bryan D. Payne adalah Director of Security Research di Nebula dan salah "
|
||
"satu pendiri OpenStack Security Group (OSSG). Sebelum bergabung dengan "
|
||
"Nebula, dia bekerja di Sandia National Labs, National Security Agency, BAE "
|
||
"Systems, dan IBM Research. Dia lulus dengan gelar Ph.D. dalam Ilmu Komputer "
|
||
"dari Georgia Tech College of Computing, yang mengkhususkan diri dalam "
|
||
"keamanan sistem. Bryan adalah editor dan memimpin untuk OpenStack Security "
|
||
"Guide, bertanggung jawab atas pertumbuhannya yang terus berlanjut selama dua "
|
||
"tahun setelah ditulis."
|
||
|
||
msgid ""
|
||
"Drivers that support the GlusterFS protocol can be used with authentication "
|
||
"via TLS certificates."
|
||
msgstr ""
|
||
"Driver yang mendukung protokol GlusterFS dapat digunakan dengan otentikasi "
|
||
"melalui sertifikat TLS."
|
||
|
||
msgid ""
|
||
"Due to the published vulnerabilities in the Secure Sockets Layer (SSL) "
|
||
"protocols, we strongly recommend that TLS is used in preference to SSL, and "
|
||
"that SSL is disabled in all cases, unless compatibility with obsolete "
|
||
"browsers or libraries is required."
|
||
msgstr ""
|
||
"Karena kerentanan yang dipublikasikan dalam protokol Secure Sockets Layer "
|
||
"(SSL), kami sangat menyarankan agar TLS digunakan untuk preferensi SSL, dan "
|
||
"SSL dinonaktifkan dalam semua kasus, kecuali kompatibilitas dengan browser "
|
||
"usang atau perpustakaan diperlukan."
|
||
|
||
msgid ""
|
||
"Due to the risk and complexities associated with PCI passthrough, it should "
|
||
"be disabled by default. If enabled for a specific need, you will need to "
|
||
"have appropriate processes in place to ensure the hardware is clean before "
|
||
"re-issue."
|
||
msgstr ""
|
||
"Karena risiko dan kompleksitas yang terkait dengan PCI passthrough, harus "
|
||
"dinonaktifkan secara default. Jika diaktifkan untuk kebutuhan tertentu, Anda "
|
||
"harus memiliki proses yang sesuai untuk memastikan perangkat keras bersih "
|
||
"sebelum diterbitkan ulang."
|
||
|
||
msgid ""
|
||
"Due to the time constraints around a book sprint, the team chose to use KVM "
|
||
"as the hypervisor in our example implementations and architectures."
|
||
msgstr ""
|
||
"Karena kendala waktu seputar sprint buku, tim memilih untuk menggunakan KVM "
|
||
"sebagai hypervisor dalam implementasi dan arsitektur contoh kami."
|
||
|
||
msgid ""
|
||
"During the design of an OpenStack Networking infrastructure it is important "
|
||
"that you understand the current features and limitations of available "
|
||
"network services. Understanding the boundaries of your virtual and physical "
|
||
"networks will assist in adding required security controls in your "
|
||
"environment."
|
||
msgstr ""
|
||
"Selama perancangan infrastruktur OpenStack Networking, penting bagi Anda "
|
||
"untuk memahami fitur dan keterbatasan layanan jaringan yang ada saat ini. "
|
||
"Memahami batas jaringan virtual dan fisik Anda akan membantu menambahkan "
|
||
"kontrol keamanan yang diperlukan di lingkungan Anda."
|
||
|
||
msgid ""
|
||
"During the sprint we also had help from Anne Gentle, Warren Wang, Paul "
|
||
"McMillan, Brian Schott and Lorin Hochstein."
|
||
msgstr ""
|
||
"Selama sprint kami juga mendapat bantuan Anne Gentle, Warren Wang, Paul "
|
||
"McMillan, Brian Schott dan Lorin Hochstein."
|
||
|
||
msgid "ESXi"
|
||
msgstr "ESXi"
|
||
|
||
msgid ""
|
||
"Each KVM-based virtual machine is a process which is labeled by SELinux, "
|
||
"effectively establishing a security boundary around each virtual machine. "
|
||
"This security boundary is monitored and enforced by the Linux kernel, "
|
||
"restricting the virtual machine's access to resources outside of its "
|
||
"boundary, such as host machine data files or other VMs."
|
||
msgstr ""
|
||
"Setiap mesin virtual berbasis KVM adalah proses yang diberi label oleh "
|
||
"SELinux, yang secara efektif menetapkan batas keamanan di sekitar setiap "
|
||
"mesin virtual. Batas keamanan ini dipantau dan diterapkan oleh kernel Linux, "
|
||
"membatasi akses mesin virtual ke sumber daya di luar batasnya, seperti file "
|
||
"data mesin host atau VM lainnya."
|
||
|
||
msgid ""
|
||
"Each OpenStack deployment embraces a wide variety of technologies, spanning "
|
||
"Linux distributions, database systems, messaging queues, OpenStack "
|
||
"components themselves, access control policies, logging services, security "
|
||
"monitoring tools, and much more. It should come as no surprise that the "
|
||
"security issues involved are equally diverse, and their in-depth analysis "
|
||
"would require several guides. We strive to find a balance, providing enough "
|
||
"context to understand OpenStack security issues and their handling, and "
|
||
"provide external references for further information. The guide could be read "
|
||
"from start to finish or used like a reference."
|
||
msgstr ""
|
||
"Setiap pengerahan OpenStack mencakup beragam teknologi, mencakup distribusi "
|
||
"Linux, sistem database, antrian pesan, komponen OpenStack sendiri, kebijakan "
|
||
"kontrol akses, layanan logging, alat pemantauan keamanan, dan banyak lagi. "
|
||
"Tidak mengherankan jika masalah keamanan yang terlibat sama beragamnya, dan "
|
||
"analisis mendalam mereka memerlukan beberapa panduan. Kami berusaha untuk "
|
||
"menemukan keseimbangan, memberikan konteks yang cukup untuk memahami masalah "
|
||
"keamanan OpenStack dan penanganannya, dan memberikan referensi eksternal "
|
||
"untuk informasi lebih lanjut. Panduan bisa dibaca dari awal sampai akhir "
|
||
"atau digunakan seperti referensi."
|
||
|
||
msgid ""
|
||
"Each OpenStack service defines the access policies for its resources in an "
|
||
"associated policy file. A resource, for example, could be API access, the "
|
||
"ability to attach to a volume, or to fire up instances. The policy rules are "
|
||
"specified in JSON format and the file is called ``policy.json``. The syntax "
|
||
"and format of this file is discussed in the `Configuration Reference "
|
||
"<https://docs.openstack.org/ocata/config-reference/policy-json-file.html>`__."
|
||
msgstr ""
|
||
"Setiap layanan OpenStack mendefinisikan kebijakan akses untuk sumber dayanya "
|
||
"dalam file kebijakan terkait. Sumber daya, misalnya, bisa berupa akses API, "
|
||
"kemampuan untuk mengkaitkan volume, atau untuk mengaktifkan instance. Aturan "
|
||
"kebijakan ditentukan dalam format JSON dan file tersebut disebut ``policy."
|
||
"json``. Sintaks dan format file ini dibahas di `Configuration Reference "
|
||
"<https://docs.openstack.org/ocata/config-reference/policy-json-file.html>`__."
|
||
|
||
msgid ""
|
||
"Each TPM has at least 24 PCRs. The TCG Generic Server Specification, v1.0, "
|
||
"March 2005, defines the PCR assignments for boot-time integrity "
|
||
"measurements. The table below shows a typical PCR configuration. The context "
|
||
"indicates if the values are determined based on the node hardware (firmware) "
|
||
"or the software provisioned onto the node. Some values are influenced by "
|
||
"firmware versions, disk sizes, and other low-level information. Therefore, "
|
||
"it is important to have good practices in place around configuration "
|
||
"management to ensure that each system deployed is configured exactly as "
|
||
"desired."
|
||
msgstr ""
|
||
"Setiap TPM memiliki setidaknya 24 PCR. Spesifikasi Server Generik TCG, v1.0, "
|
||
"Maret 2005, mendefinisikan tugas PCR untuk pengukuran integritas waktu "
|
||
"booting. Tabel di bawah menunjukkan konfigurasi PCR yang khas. Konteksnya "
|
||
"menunjukkan jika nilai ditentukan berdasarkan perangkat keras node "
|
||
"(firmware) atau perangkat lunak yang ada pada node. Beberapa nilai "
|
||
"dipengaruhi oleh versi firmware, ukuran disk, dan informasi tingkat rendah "
|
||
"lainnya. Oleh karena itu, penting untuk memiliki praktik yang baik di tempat "
|
||
"seputar pengelolaan konfigurasi untuk memastikan bahwa setiap sistem yang "
|
||
"digunakan dikonfigurasi sesuai keinginan."
|
||
|
||
msgid ""
|
||
"Each manufacturer must provide the BIOS and firmware code for their servers. "
|
||
"Different servers, hypervisors, and operating systems will choose to "
|
||
"populate different PCRs. In most real world deployments, it will be "
|
||
"impossible to validate every PCR against a known good quantity (\"golden "
|
||
"measurement\"). Experience has shown that, even within a single vendor's "
|
||
"product line, the measurement process for a given PCR may not be consistent. "
|
||
"We recommend establishing a baseline for each server and monitoring the PCR "
|
||
"values for unexpected changes. Third-party software may be available to "
|
||
"assist in the TPM provisioning and monitoring process, depending upon your "
|
||
"chosen hypervisor solution."
|
||
msgstr ""
|
||
"Setiap pabrikan harus menyediakan kode BIOS dan firmware untuk server "
|
||
"mereka. Server yang berbeda, hypervisor, dan sistem operasi akan memilih "
|
||
"untuk mengisi PCR yang berbeda. Dalam kebanyakan penyebaran dunia nyata, "
|
||
"tidak mungkin memvalidasi setiap PCR terhadap kuantitas yang diketahui "
|
||
"(\"golden measurement\"). Pengalaman menunjukkan bahwa, bahkan dalam lini "
|
||
"produk vendor tunggal, proses pengukuran untuk PCR tertentu mungkin tidak "
|
||
"konsisten. Sebaiknya buat baseline untuk setiap server dan pantau nilai PCR "
|
||
"untuk perubahan yang tidak diharapkan. Perangkat lunak pihak ketiga mungkin "
|
||
"tersedia untuk membantu proses pengadaan dan pemantauan TPM, tergantung pada "
|
||
"solusi hypervisor yang Anda pilih."
|
||
|
||
msgid ""
|
||
"Each of the core OpenStack services (Compute, Identity, Networking, Block "
|
||
"Storage) store state and configuration information in databases. In this "
|
||
"chapter, we discuss how databases are used currently in OpenStack. We also "
|
||
"explore security concerns, and the security ramifications of database back "
|
||
"end choices."
|
||
msgstr ""
|
||
"Masing-masing layanan OpenStack inti (Compute, Identity, Networking, Block "
|
||
"Storage) menyimpan informasi keadaan dan konfigurasi di database. Pada bab "
|
||
"ini, kita membahas bagaimana database digunakan saat ini di OpenStack. Kami "
|
||
"juga mengeksplorasi masalah keamanan, dan konsekuensi keamanan dari pilihan "
|
||
"back end database."
|
||
|
||
msgid ""
|
||
"Each project may present an inconsistent way of defining target API "
|
||
"endpoints. Future releases of OpenStack seek to resolve these "
|
||
"inconsistencies through consistent use of the Identity service catalog."
|
||
msgstr ""
|
||
"Setiap proyek dapat menunjukkan cara yang tidak konsisten untuk menentukan "
|
||
"endpoint API target. Rilis OpenStack di masa depan berusaha untuk mengatasi "
|
||
"ketidakkonsistenan ini melalui penggunaan katalog layanan Identitas secara "
|
||
"konsisten."
|
||
|
||
msgid ""
|
||
"Each project provides a number of services which send and consume messages. "
|
||
"Each binary which sends a message is expected to consume messages, if only "
|
||
"replies, from the queue."
|
||
msgstr ""
|
||
"Setiap proyek menyediakan sejumlah layanan yang mengirim dan mengkonsumsi "
|
||
"pesan. Setiap biner yang mengirimkan pesan diharapkan bisa mengkonsumsi "
|
||
"pesan dari antrian, jika hanya menjawab."
|
||
|
||
msgid "Each share driver supports at least one of the possible driver modes:"
|
||
msgstr ""
|
||
"Setiap share driveri mendukung setidaknya satu dari mode driver yang mungkin:"
|
||
|
||
msgid ""
|
||
"Employ multi-factor authentication for network access to privileged user "
|
||
"accounts. The Identity service supports external authentication services "
|
||
"through the Apache web server that can provide this functionality. Servers "
|
||
"may also enforce client-side authentication using certificates."
|
||
msgstr ""
|
||
"Mempekerjakan otentikasi multi-faktor untuk akses jaringan ke akun pengguna "
|
||
"istimewa. Layanan Identitas mendukung layanan otentikasi eksternal melalui "
|
||
"server web Apache yang dapat menyediakan fungsionalitas ini. Server juga "
|
||
"dapat menegakkan otentikasi sisi klien menggunakan sertifikat."
|
||
|
||
msgid ""
|
||
"Enable TLS support. Install ``mod_nss`` according to your distribution, then "
|
||
"apply the following patch and restart HTTPD:"
|
||
msgstr ""
|
||
"Aktifkan dukungan TLS. Install ``mod_nss`` sesuai distribusinya, lalu "
|
||
"terapkan patch berikut dan restart HTTPD:"
|
||
|
||
msgid "Enable ``OS-FEDERATION`` extension:"
|
||
msgstr "Aktifkan ekstensi ``OS-FEDERATION``:"
|
||
|
||
msgid ""
|
||
"Enable encryption and select parameters such as encryption algorithm and key "
|
||
"size"
|
||
msgstr ""
|
||
"Aktifkan enkripsi dan pilih parameter seperti algoritma enkripsi dan ukuran "
|
||
"kunci"
|
||
|
||
msgid "Enable the Identity service virtual host:"
|
||
msgstr "Aktifkan virtual host layanan Identity:"
|
||
|
||
msgid "Enable the ``ssl`` and ``shib2`` modules:"
|
||
msgstr "Aktifkan modul ``ssl`` dan ``shib2``:"
|
||
|
||
msgid "Enabling Federation"
|
||
msgstr "Mengaktifkan Federasi"
|
||
|
||
msgid "Encrypted live migration"
|
||
msgstr "Migrasi langsung terenkripsi"
|
||
|
||
msgid "Encryption / decryption"
|
||
msgstr "Enkripsi / Dekripsi"
|
||
|
||
msgid ""
|
||
"Encryption of data at rest is implemented by middleware that may be included "
|
||
"in the proxy server WSGI pipeline. The feature is internal to a swift "
|
||
"cluster and not exposed through the API. Clients are unaware that data is "
|
||
"encrypted by this feature internally to the swift service; internally "
|
||
"encrypted data should never be returned to clients through the swift API."
|
||
msgstr ""
|
||
"Enkripsi data saat istirahat diimplementasikan oleh middleware yang mungkin "
|
||
"disertakan dalam pipeline WSGI server proxy. Fitur ini bersifat internal ke "
|
||
"cluster cepat dan tidak terpapar melalui API. Klien tidak menyadari bahwa "
|
||
"data dienkripsi oleh fitur ini secara internal ke layanan cepat; Data yang "
|
||
"dienkripsi secara internal tidak boleh dikembalikan ke klien melalui API "
|
||
"cepat."
|
||
|
||
msgid "End entity"
|
||
msgstr "End entity"
|
||
|
||
msgid "End users"
|
||
msgstr "Pengguna akhir (end user)"
|
||
|
||
msgid ""
|
||
"End users will use the system to store sensitive data, such as passphrases "
|
||
"encryption keys, etc."
|
||
msgstr ""
|
||
"End user akan menggunakan sistem untuk menyimpan data sensitif, seperti "
|
||
"kunci enkripsi frase, dll."
|
||
|
||
msgid ""
|
||
"Ensure only authenticated users and backup clients have access to the backup "
|
||
"server."
|
||
msgstr ""
|
||
"Pastikan hanya pengguna terotentikasi dan klien cadangan yang memiliki akses "
|
||
"ke server cadangan."
|
||
|
||
msgid ""
|
||
"Ensure that the .rc file which has your credential information is secured."
|
||
msgstr ""
|
||
"Pastikan file .rc yang memiliki informasi kredensial Anda telah diamankan."
|
||
|
||
msgid ""
|
||
"Ensure that the network interfaces are on their own private(management or a "
|
||
"separate) network. Segregate management domains with firewalls or other "
|
||
"network gear."
|
||
msgstr ""
|
||
"Pastikan bahwa antarmuka jaringan berada pada jaringan pribadi mereka "
|
||
"(manajemen atau yang terpisah). Pisahkan domain manajemen dengan firewall "
|
||
"atau peralatan jaringan lainnya."
|
||
|
||
msgid ""
|
||
"Ensure that the system has the fewest number of packages installed and "
|
||
"services running as possible. Removing unneeded packages makes patching "
|
||
"easier and it reduces the number of items on the system which could lead to "
|
||
"a breach. Stopping unneeded services shrinks the attack surface on the "
|
||
"system and makes it more difficult to attack."
|
||
msgstr ""
|
||
"Pastikan bahwa sistem memiliki jumlah paket terinstal dan layanan yang "
|
||
"paling sedikit yang mungkin dijalankan. Melepaskan paket yang tidak "
|
||
"dibutuhkan membuat tambalan lebih mudah dan mengurangi jumlah item pada "
|
||
"sistem yang dapat menyebabkan pelanggaran. Menghentikan layanan yang tidak "
|
||
"dibutuhkan mengecilkan permukaan serangan pada sistem dan membuatnya lebih "
|
||
"sulit diserang."
|
||
|
||
msgid ""
|
||
"Ensure your end users that the node has been properly sanitized of their "
|
||
"data prior to re-provisioning. Additionally, prior to reusing a node, you "
|
||
"must provide assurances that the hardware has not been tampered or otherwise "
|
||
"compromised."
|
||
msgstr ""
|
||
"Pastikan end user Anda bahwa nodus telah benar dibersihkan data mereka "
|
||
"sebelum re-provisioning. Selain itu, sebelum menggunakan kembali sebuah "
|
||
"node, Anda harus memberikan jaminan bahwa perangkat keras belum dirusak atau "
|
||
"dikompromikan."
|
||
|
||
msgid ""
|
||
"Ensure your iptables have the default policy filtering network traffic, and "
|
||
"consider examining the existing rule set to understand each rule and "
|
||
"determine if the policy needs to be expanded upon."
|
||
msgstr ""
|
||
"Pastikan iptables Anda memiliki kebijakan default yang memfilter lalu lintas "
|
||
"jaringan, dan pertimbangkan untuk memeriksa peraturan yang ada agar dapat "
|
||
"memahami setiap peraturan dan menentukan apakah kebijakan tersebut perlu "
|
||
"diperluas."
|
||
|
||
msgid "Entropy to instances"
|
||
msgstr "Entropy ke instance"
|
||
|
||
msgid "Environment based filters"
|
||
msgstr "Filter berbasis lingkungan"
|
||
|
||
msgid ""
|
||
"Ephemeral Diffie-Hellman (abbreviated either as EDH or DHE) uses prime field "
|
||
"groups."
|
||
msgstr ""
|
||
"Ephemeral Diffie-Hellman (disingkat sebagai EDH ataupun DHE) menggunakan "
|
||
"kelompok field utama"
|
||
|
||
msgid ""
|
||
"Ephemeral Elliptic Curve Diffie-Hellman (abbreviated as EECDH and ECDHE)."
|
||
msgstr "Ephemeral Elliptic Curve Diffie-Hellman (disingkat EECDH dan ECDHE)."
|
||
|
||
msgid ""
|
||
"Ephemeral Elliptic Curves require the server to be configured with a named "
|
||
"curve, and provide better security than prime field groups and at lower "
|
||
"computational cost. However, prime field groups are more widely implemented, "
|
||
"and thus typically both are included in list."
|
||
msgstr ""
|
||
"Ephemeral Elliptic Curves meminta server untuk dikonfigurasi dengan kurva "
|
||
"bernama, dan memberikan keamanan yang lebih baik daripada kelompok lapangan "
|
||
"utama dan dengan biaya komputasi yang lebih rendah. Namun, kelompok field "
|
||
"utama lebih banyak diimplementasikan, dan dengan demikian biasanya keduanya "
|
||
"termasuk dalam daftar."
|
||
|
||
msgid "Ephemeral disk encryption"
|
||
msgstr "Enkripsi disk sesaat"
|
||
|
||
msgid ""
|
||
"Ephemeral disk encryption is supported by back-end key storage for enhanced "
|
||
"security (for example, an HSM or a KMIP server can be used as a barbican "
|
||
"back-end secret store)"
|
||
msgstr ""
|
||
"Enkripsi disk ephemeral didukung oleh penyimpanan kunci back-end untuk "
|
||
"keamanan yang ditingkatkan (misalnya, server HSM atau KMIP dapat digunakan "
|
||
"sebagai penyimpanan rahasia back-end barbican)"
|
||
|
||
msgid ""
|
||
"Eric Lopez is Senior Solution Architect at VMware's Networking and Security "
|
||
"Business Unit where he helps customers implement OpenStack and VMware NSX "
|
||
"(formerly known as Nicira's Network Virtualization Platform). Prior to "
|
||
"joining VMware (through the company's acquisition of Nicira), he worked for "
|
||
"Q1 Labs, Symantec, Vontu, and Brightmail. He has a B.S in Electrical "
|
||
"Engineering/Computer Science and Nuclear Engineering from U.C. Berkeley and "
|
||
"MBA from the University of San Francisco."
|
||
msgstr ""
|
||
"Eric Lopez adalah Senior Solution Architect di VMware's Networking and "
|
||
"Security Business Unit dimana dia membantu pelanggan menerapkan OpenStack "
|
||
"dan VMware NSX (sebelumnya dikenal sebagai Platform Virtualisasi Jaringan "
|
||
"Nicira). Sebelum bergabung dengan VMware (melalui akuisisi Nicira "
|
||
"perusahaan), dia bekerja untuk Lab Q1, Symantec, Vontu, dan Brightmail. Dia "
|
||
"memiliki B.S di Teknik Elektro/Ilmu Komputer dan Teknik Nuklir dari U.C. "
|
||
"Berkeley dan MBA dari University of San Francisco."
|
||
|
||
msgid ""
|
||
"Eric Windisch is a Principal Engineer at Cloudscaling where he has been "
|
||
"contributing to OpenStack for over two years. Eric has been in the trenches "
|
||
"of hostile environments, building tenant isolation and infrastructure "
|
||
"security through more than a decade of experience in the web hosting "
|
||
"industry. He has been building cloud computing infrastructure and automation "
|
||
"since 2007."
|
||
msgstr ""
|
||
"Eric Windisch adalah seorang Principal Engineer di Cloudscaling dimana dia "
|
||
"telah berkontribusi pada OpenStack selama lebih dari dua tahun. Eric telah "
|
||
"berada di parit (trench) lingkungan yang tidak bersahabat, membangun isolasi "
|
||
"penyewa dan keamanan infrastruktur melalui lebih dari satu dekade pengalaman "
|
||
"di industri web hosting. Dia telah membangun infrastruktur komputasi awan "
|
||
"dan otomasi sejak 2007."
|
||
|
||
msgid "Establish formal access control policies"
|
||
msgstr "Menetapkan kebijakan kontrol akses formal"
|
||
|
||
msgid ""
|
||
"Even with ``prevent_arp_spoofing`` enabled, flat networking does not provide "
|
||
"a complete level of project isolation, as all project traffic is still sent "
|
||
"to the same VLAN."
|
||
msgstr ""
|
||
"Even dengan ``prevent_arp_spoofing`` diaktifkan, jaringan flat (datar) tidak "
|
||
"menyediakan tingkat isolasi proyek yang lengkap, karena semua lalu lintas "
|
||
"proyek masih dikirim ke VLAN yang sama."
|
||
|
||
msgid ""
|
||
"Event monitoring is a more pro-active approach to securing an environment, "
|
||
"providing real-time detection and response. Several tools exist which can "
|
||
"aid in monitoring."
|
||
msgstr ""
|
||
"Pemantauan kejadian adalah pendekatan yang lebih proaktif untuk mengamankan "
|
||
"lingkungan, memberikan deteksi dan respons real-time. Beberapa alat ada yang "
|
||
"bisa membantu dalam pemantauan."
|
||
|
||
msgid ""
|
||
"Examine your attributes map in the ``/etc/shibboleth/attributes-map.xml`` "
|
||
"file and adjust your requirements if needed. For more information see "
|
||
"`Shibboleth Attributes <https://wiki.shibboleth.net/confluence/display/SHIB2/"
|
||
"NativeSPAddAttribute>`__."
|
||
msgstr ""
|
||
"Periksa peta atribut Anda di file ``/etc/shibboleth/attributes-map.xml`` dan "
|
||
"sesuaikan kebutuhan Anda jika diperlukan. Untuk informasi lebih lanjut lihat "
|
||
"`Shibboleth Attributes <https://wiki.shibboleth.net/confluence/display/SHIB2/"
|
||
"NativeSPAddAttribute>`__."
|
||
|
||
msgid ""
|
||
"Example of RHEL 6 CCE-26976-1 which will help implement NIST 800-53 Section "
|
||
"*AC-19(d)* in Oz."
|
||
msgstr ""
|
||
"Contoh RHEL 6 CCE-26976-1 yang akan membantu mengimplementasikan NIST 800-53 "
|
||
"Section * AC-19 (d) * di Oz."
|
||
|
||
msgid ""
|
||
"Example of a ``:sql_connection`` string for X.509 certificate authentication "
|
||
"to MySQL:"
|
||
msgstr ""
|
||
"Contoh string ``:sql_connection`` untuk otentikasi sertifikat X.509 ke MySQL:"
|
||
|
||
msgid "Example of a ``:sql_connection`` string to MySQL:"
|
||
msgstr "Contoh string ``:sql_connection`` ke MySQL:"
|
||
|
||
msgid "Examples"
|
||
msgstr "Contoh"
|
||
|
||
msgid ""
|
||
"Examples of secrets that does not require a keystone token to access are "
|
||
"passwords for service users in service configuration files, or encryption "
|
||
"keys that do not belong to any particular project."
|
||
msgstr ""
|
||
"Contoh rahasia yang tidak memerlukan keystone token untuk diakses adalah "
|
||
"password untuk pengguna layanan dalam file konfigurasi layanan, atau kunci "
|
||
"enkripsi yang tidak termasuk dalam proyek tertentu."
|
||
|
||
msgid "Exception process"
|
||
msgstr "Proses Pengecualian"
|
||
|
||
msgid "Explanation"
|
||
msgstr "Penjelasan"
|
||
|
||
msgid ""
|
||
"Exposes all OpenStack APIs, including the OpenStack Networking API, to "
|
||
"tenants. The IP addresses on this network should be reachable by anyone on "
|
||
"the Internet. This may be the same network as the external network, as it is "
|
||
"possible to create a subnet for the external network that uses IP allocation "
|
||
"ranges to use only less than the full range of IP addresses in an IP block. "
|
||
"This network is considered the Public Security Domain."
|
||
msgstr ""
|
||
"Explose (bukalah) semua API OpenStack, termasuk OpenStack Networking API,ke "
|
||
"penyewa. Alamat IP pada jaringan ini harus dapat dijangkau oleh siapapun di "
|
||
"Internet. Ini mungkin jaringan yang sama dengan jaringan eksternal, karena "
|
||
"memungkinkan untuk membuat subnet untuk jaringan eksternal yang menggunakan "
|
||
"rentang alokasi IP untuk penggunaan hanya kurang dari kisaran penuh alamat "
|
||
"IP dalam blok IP. Jaringan ini dianggap sebagai Public Security Domain."
|
||
|
||
msgid "External"
|
||
msgstr "External"
|
||
|
||
msgid "External audit"
|
||
msgstr "Audit eksternal"
|
||
|
||
msgid "External authentication methods"
|
||
msgstr "Metode otentikasi eksternal"
|
||
|
||
msgid "External dependencies and associated security assumptions"
|
||
msgstr "Ketergantungan eksternal dan asumsi keamanan yang terkait"
|
||
|
||
msgid ""
|
||
"External dependencies are items outside of the control of the service that "
|
||
"are required for its operation, and may impact the service if they were "
|
||
"compromised or became unavailable. These items are usually outside the "
|
||
"control of the developer but within the control of the deployer, or they may "
|
||
"be operated by a third party. Appliances should be regarded as external "
|
||
"dependencies."
|
||
msgstr ""
|
||
"Ketergantungan eksternal adalah item di luar kendali layanan yang diperlukan "
|
||
"untuk pengoperasiannya, dan mungkin berdampak pada layanan jika disusupi "
|
||
"atau tidak tersedia. Item ini biasanya berada di luar kendali pengembang "
|
||
"namun berada dalam kendali pengirim, atau mungkin dioperasikan oleh pihak "
|
||
"ketiga. Peralatan harus dianggap sebagai dependensi eksternal."
|
||
|
||
msgid "External dependencies of the project"
|
||
msgstr "Ketergantungan eksternal proyek"
|
||
|
||
msgid "External network"
|
||
msgstr "Jaringan eksternal "
|
||
|
||
msgid "FIPS 140-2"
|
||
msgstr "FIPS 140-2"
|
||
|
||
msgid "FISMA"
|
||
msgstr "FISMA"
|
||
|
||
msgid ""
|
||
"FW-as-a-Service (FWaaS) is considered an experimental feature for the Kilo "
|
||
"release of OpenStack Networking. FWaaS addresses the need to manage and "
|
||
"leverage the rich set of security features provided by typical firewall "
|
||
"products which are typically far more comprehensive than what is currently "
|
||
"provided by security groups. Both Freescale and Intel developed third-party "
|
||
"plug-ins as extensions in OpenStack Networking to support this component in "
|
||
"the Kilo release. For more details on the administration of FWaaS, see "
|
||
"`Firewall-as-a-Service (FWaaS) overview <https://docs.openstack.org/admin-"
|
||
"guide/networking-introduction.html#firewall-as-a-service-fwaas-overview>`__ "
|
||
"in the OpenStack Administrator Guide."
|
||
msgstr ""
|
||
"FW-as-a-Service (FWaaS) dianggap sebagai fitur eksperimental untuk rilis "
|
||
"Kilo OpenStack Networking. FWaaS menangani kebutuhan untuk mengelola dan "
|
||
"memanfaatkan sekumpulan fitur keamanan yang kaya yang disediakan oleh produk "
|
||
"firewall biasa yang biasanya jauh lebih komprehensif daripada yang saat ini "
|
||
"disediakan oleh kelompok keamanan. Baik Freescale dan Intel mengembangkan "
|
||
"plug-in pihak ketiga sebagai ekstensi di OpenStack Networking untuk "
|
||
"mendukung komponen ini dalam rilis Kilo. Untuk rincian lebih lanjut tentang "
|
||
"administrasi FWaaS, lihat ikhtisar \"Firewall-as-a-Service (FWaaS) <https://"
|
||
"docs.openstack.org/admin-guide/networking-introduction.html#firewall-as-a-"
|
||
"service -fwaas-overview> `__ di OpenStack Administrator Guide."
|
||
|
||
msgid "Fail securely"
|
||
msgstr "Gagal dengan aman"
|
||
|
||
msgid ""
|
||
"False positives occur when the security monitoring tool produces a security "
|
||
"alert for a benign event. Due to the nature of security monitoring tools, "
|
||
"false positives will most certainly occur from time to time. Typically a "
|
||
"cloud administrator can tune security monitoring tools to reduce the false "
|
||
"positives, but this may also reduce the overall detection rate at the same "
|
||
"time. These classic trade-offs must be understood and accounted for when "
|
||
"setting up a security monitoring system in the cloud."
|
||
msgstr ""
|
||
"Positif palsu ((false positive) terjadi saat alat pemantau keamanan "
|
||
"menghasilkan peringatan keamanan untuk peristiwa jinak. Karena sifat alat "
|
||
"pemantauan keamanan, false positive pasti terjadi dari waktu ke waktu. "
|
||
"Biasanya administrator awan dapat menyetel alat pemantauan keamanan untuk "
|
||
"mengurangi false positive, namun ini juga dapat mengurangi tingkat deteksi "
|
||
"keseluruhan secara bersamaan. Trade-off klasik ini harus dipahami dan "
|
||
"dipertanggungjawabkan saat membuat sistem pemantauan keamanan di awan."
|
||
|
||
msgid ""
|
||
"Features in this table might not be applicable to all hypervisors or "
|
||
"directly mappable between hypervisors."
|
||
msgstr ""
|
||
"Fitur dalam tabel ini mungkin tidak berlaku untuk semua hypervisors atau "
|
||
"secara langsung dapat dipetakan di antara hypervisors."
|
||
|
||
msgid "FedRAMP"
|
||
msgstr "FedRAMP"
|
||
|
||
msgid ""
|
||
"Federated Identity provides a way to securely use existing credentials to "
|
||
"access cloud resources such as servers, volumes, and databases, across "
|
||
"multiple endpoints provided in multiple authorized clouds using a single set "
|
||
"of credentials, without having to provision additional identities or log in "
|
||
"multiple times. The credential is maintained by the user's Identity Provider."
|
||
msgstr ""
|
||
"Federated Identity menyediakan cara untuk dengan aman menggunakan kredensial "
|
||
"yang ada untuk mengakses sumber daya awan seperti server, volume, dan "
|
||
"database, di beberapa endpoint yang disediakan di beberapa awan resmi "
|
||
"menggunakan sekumpulan kredensial tunggal, tanpa harus memberikan identitas "
|
||
"tambahan atau masuk beberapa kali. Kredensial dikelola oleh Identity "
|
||
"Provider pengguna."
|
||
|
||
msgid "Federated keystone"
|
||
msgstr "Federated keystone"
|
||
|
||
msgid ""
|
||
"Federated users are not mirrored in the Identity service back end (for "
|
||
"example, using the SQL driver). The external IdP is responsible for "
|
||
"authenticating users, and communicates the result of the authentication to "
|
||
"Identity service using SAML assertions. Identity service maps the SAML "
|
||
"assertions to keystone user groups and assignments created in Identity "
|
||
"service."
|
||
msgstr ""
|
||
"Pengguna Federasi tidak tercermin dalam layana Identity back end (misalnya, "
|
||
"menggunakan driver SQL). IdP eksternal bertanggung jawab untuk "
|
||
"mengotentikasi pengguna, dan mengkomunikasikan hasil otentikasi ke layanan "
|
||
"Identity menggunakan pernyataan SAML. Layanan Identity memetakan pernyataan "
|
||
"SAML ke kelompok pengguna utama dan tugas yang dibuat di layanan Identity."
|
||
|
||
msgid "Fernet tokens"
|
||
msgstr "Token Fernet"
|
||
|
||
msgid ""
|
||
"Fernet tokens are the supported token provider for Pike (default). Fernet is "
|
||
"a secure messaging format explicitly designed for use in API tokens. They "
|
||
"are non-persistent (no need to be persisted to a database), lightweight "
|
||
"(fall in range of 180 to 240 bytes) and reduce the operational overhead "
|
||
"required to run a cloud. Authentication and authorization metadata is neatly "
|
||
"bundled into a message packed payload, which is then encrypted and signed in "
|
||
"as a fernet token."
|
||
msgstr ""
|
||
"Token Fernet adalah penyedia token yang didukung untuk Pike (default). "
|
||
"Fernet adalah format pesan aman yang dirancang secara eksplisit untuk "
|
||
"digunakan dalam token API. Mereka tidak gigih (tidak perlu bertahan ke "
|
||
"database), ringan (jatuh dalam kisaran 180 sampai 240 byte) dan mengurangi "
|
||
"biaya operasional yang diperlukan untuk menjalankan awan. Otentikasi dan "
|
||
"metadata otorisasi dibendel rapi ke dalam pesan muatan (payload) yang "
|
||
"dikemas, yang kemudian dienkripsi dan ditandatangani sebagai token fernet."
|
||
|
||
msgid "File integrity management (FIM)"
|
||
msgstr "File integrity management (FIM)"
|
||
|
||
msgid ""
|
||
"File integrity management (FIM) is the method of ensuring that files such as "
|
||
"sensitive system or application configuration files are not corrupted or "
|
||
"changed to allow unauthorized access or malicious behavior. This can be done "
|
||
"through a utility such as Samhain that will create a checksum hash of the "
|
||
"specified resource and then validate that hash at regular intervals, or "
|
||
"through a tool such as DMVerity that can take a hash of block devices and "
|
||
"will validate those hashes as they are accessed by the system before they "
|
||
"are presented to the user."
|
||
msgstr ""
|
||
"File integrity management (FIM) adalah metode untuk memastikan bahwa file "
|
||
"seperti sistem sensitif atau file konfigurasi aplikasi tidak rusak atau "
|
||
"diubah untuk memungkinkan akses yang tidak sah atau perilaku jahat. Hal ini "
|
||
"dapat dilakukan melalui utilitas seperti Samhain yang akan membuat hash "
|
||
"checksum dari sumber daya yang ditentukan dan kemudian memvalidasi hash "
|
||
"secara berkala, atau melalui tool seperti DMVerity yang dapat mengambil hash "
|
||
"dari perangkat blok dan akan memvalidasi hash tersebut sebagai mereka "
|
||
"diakses oleh sistem sebelum dipresentasikan kepada pengguna."
|
||
|
||
msgid "File permissions"
|
||
msgstr "Izin file"
|
||
|
||
msgid ""
|
||
"File system objects, memory, and IPC objects are cleared before they can be "
|
||
"reused by a process belonging to a different user."
|
||
msgstr ""
|
||
"Objek sistem file, memori, dan objek IPC dihapus sebelum dapat digunakan "
|
||
"kembali oleh proses yang dimiliki oleh pengguna yang berbeda."
|
||
|
||
msgid ""
|
||
"Filesystem storage is a more secure solution for ephemeral block storage "
|
||
"devices than LVM as dirty extents cannot be provisioned to users. However, "
|
||
"it is important to be mindful that user data is not destroyed, so it is "
|
||
"suggested to encrypt the backing filesystem."
|
||
msgstr ""
|
||
"Penyimpanan filesystem adalah solusi yang lebih aman untuk perangkat "
|
||
"penyimpanan blok sementara daripada LVM karena luapan limbah (dirty extent) "
|
||
"tidak dapat disediakan oleh pengguna. Namun, penting untuk diperhatikan "
|
||
"bahwa data pengguna tidak dihancurkan, jadi disarankan untuk mengenkripsi "
|
||
"filesystem backing."
|
||
|
||
msgid "Filter schedulers fall under four main categories:"
|
||
msgstr "Penjadwal filter termasuk dalam empat kategori utama:"
|
||
|
||
msgid ""
|
||
"Finally, the node kernel should have a mechanism to validate that the rest "
|
||
"of the node starts in a known good state. This provides the necessary link "
|
||
"from the boot validation process to validating the entire system. The steps "
|
||
"for doing this will be deployment specific. As an example, a kernel module "
|
||
"could verify a hash over the blocks comprising the file system before "
|
||
"mounting it using `dm-verity <https://gitlab.com/cryptsetup/cryptsetup/wikis/"
|
||
"DMVerity>`__."
|
||
msgstr ""
|
||
"Akhirnya, kernel node harus memiliki mekanisme untuk memvalidasi bahwa sisa "
|
||
"node dimulai dalam keadaan baik yang diketahui. Ini menyediakan link yang "
|
||
"diperlukan dari proses validasi booting untuk memvalidasi keseluruhan "
|
||
"sistem. Langkah-langkah untuk melakukan hal ini adalah penerapan yang "
|
||
"spesifik. Sebagai contoh, modul kernel dapat memverifikasi hash di atas blok "
|
||
"yang terdiri dari sistem file sebelum memasangnya `dm-verity <https://gitlab."
|
||
"com/cryptsetup/cryptsetup/wikis/DMVerity>`__."
|
||
|
||
msgid "Firewalls"
|
||
msgstr "Firewall"
|
||
|
||
msgid "Firewalls and other host-based security controls"
|
||
msgstr "Firewall dan kontrol keamanan berbasis host lainnya"
|
||
|
||
msgid "Flat network in *share servers* back-end mode"
|
||
msgstr "Jaringan datar di *share servers* mode back-end"
|
||
|
||
msgid "Flat vs segmented networking"
|
||
msgstr "Jaringan datar vs tersegmentasi"
|
||
|
||
msgid "For SQL, in ``/etc/keystone/keystone.conf`` , set:"
|
||
msgstr "Untuk SQL, di ``/etc/keystone/keystone.conf`` , set:"
|
||
|
||
msgid "For ``memcached``, in ``/etc/keystone/keystone.conf``, set:"
|
||
msgstr "Untuk ``memcached``, di ``/etc/keystone/keystone.conf``, set:"
|
||
|
||
msgid ""
|
||
"For a distribution appropriate place, it should probably be copied to ``/usr/"
|
||
"share/openstack/keystone/httpd/keystone.py``."
|
||
msgstr ""
|
||
"Untuk tempat distribusi yang sesuai, mungkin sebaiknya disalin ``/usr/share/"
|
||
"openstack/keystone/httpd/keystone.py``."
|
||
|
||
msgid "For additional configuration information see:"
|
||
msgstr "Untuk informasi konfigurasi tambahan lihat:"
|
||
|
||
msgid ""
|
||
"For additional information see the `OpenStack Administrator Guide <https://"
|
||
"docs.openstack.org/admin-guide/networking.html>`__."
|
||
msgstr ""
|
||
"Untuk informasi tambahan lihat `OpenStack Administrator Guide <https://docs."
|
||
"openstack.org/admin-guide/networking.html>`__."
|
||
|
||
msgid ""
|
||
"For announcements regarding security relevant changes, subscribe to the "
|
||
"`OpenStack Announce mailing list <http://lists.openstack.org/cgi-bin/mailman/"
|
||
"listinfo/openstack-announce>`__. The security notifications are also posted "
|
||
"through the downstream packages, for example, through Linux distributions "
|
||
"that you may be subscribed to as part of the package updates."
|
||
msgstr ""
|
||
"Untuk pengumuman terkait perubahan keamanan yang relevan, berlangganan ke "
|
||
"`OpenStack Announce mailing list <http://lists.openstack.org/cgi-bin/mailman/"
|
||
"listinfo/openstack-announce>`__. Pemberitahuan keamanan juga diposting "
|
||
"melalui paket hilir, misalnya melalui distribusi Linux yang mungkin Anda "
|
||
"andalkan sebagai bagian dari pembaruan paket."
|
||
|
||
msgid ""
|
||
"For authentication and authorization of clients, the Shared File Systems "
|
||
"Storage service can optionally be configured with different network "
|
||
"authentication protocols. Supported authentication protocols are LDAP, "
|
||
"Kerberos, and Microsoft Active directory authentication service."
|
||
msgstr ""
|
||
"Untuk otentikasi dan otorisasi klien, layanan Shared File Systems Storage "
|
||
"dapat dikonfigurasi secara opsional dengan protokol otentikasi jaringan yang "
|
||
"berbeda. Protokol otentikasi yang didukung adalah layanan otentikasi "
|
||
"direktori LDAP, Kerberos, dan Microsoft Active."
|
||
|
||
msgid ""
|
||
"For commercial deployments of OpenStack, we recommend SOC 1/2 is combined "
|
||
"with ISO 2700 1/2 to be considered as a starting point for OpenStack "
|
||
"certification activities. The required security activities mandated by these "
|
||
"certifications facilitate a foundation of security best practices and common "
|
||
"control criteria that can assist in achieving more stringent compliance "
|
||
"activities, including government attestations and certifications."
|
||
msgstr ""
|
||
"Untuk penyebaran komersial OpenStack, kami merekomendasikan SOC 1/2 "
|
||
"dikombinasikan dengan ISO 2700 1/2 untuk dianggap sebagai titik awal untuk "
|
||
"kegiatan sertifikasi OpenStack. Kegiatan keamanan yang dibutuhkan yang "
|
||
"diamanatkan oleh sertifikasi ini memfasilitasi landasan praktik terbaik "
|
||
"keamanan dan kriteria kontrol bersama yang dapat membantu dalam mencapai "
|
||
"aktivitas kepatuhan yang lebih ketat, termasuk pengesahan dan sertifikasi "
|
||
"pemerintah."
|
||
|
||
msgid "For configuration information see:"
|
||
msgstr "Untuk informasi konfigurasi, lihat:"
|
||
|
||
msgid ""
|
||
"For details of managing security services via API, see the `Security "
|
||
"services API <https://developer.openstack.org/api-ref-share-v2.html#share-"
|
||
"security-services>`_. You also can manage security services via python-"
|
||
"manilaclient, see `Security services CLI managing <https://docs.openstack."
|
||
"org/admin-guide/shared_file_systems_security_services.html>`_."
|
||
msgstr ""
|
||
"Untuk rincian pengelolaan layanan keamanan melalui API, lihat `Security "
|
||
"services API <https://developer.openstack.org/api-ref-share-v2.html#share-"
|
||
"security-services>`_. Anda juga bisa mengelola layanan keamanan via python-"
|
||
"manilaclient, lihat `Security services CLI managing <https://docs.openstack."
|
||
"org/admin-guide/shared_file_systems_security_services.html>`_."
|
||
|
||
msgid "For example,"
|
||
msgstr "Sebagai contoh,"
|
||
|
||
msgid "For example, in ``/etc/neutron/plugins/ml2/openvswitch_agent.ini``:"
|
||
msgstr "Misalnya, di ``/etc/neutron/plugins/ml2/openvswitch_agent.ini``:"
|
||
|
||
msgid ""
|
||
"For example, the following URL would be considered protected by ``mod_shib`` "
|
||
"and Apache, as such a request made to the URL would be redirected to the "
|
||
"Identity Provider, to start the SAML authentication procedure."
|
||
msgstr ""
|
||
"Misalnya, URL berikut akan dianggap dilindungi oleh ``mod_shib`` dan Apache, "
|
||
"karena permintaan yang dibuat pada URL akan dialihkan ke Identity Provider, "
|
||
"untuk memulai prosedur otentikasi SAML."
|
||
|
||
msgid "For example:"
|
||
msgstr "Sebagai contoh:"
|
||
|
||
msgid ""
|
||
"For further details, see the `Django documentation <https://docs."
|
||
"djangoproject.com/>`_."
|
||
msgstr ""
|
||
"Untuk keterangan lebih lanjut, lihat `Django documentation <https://docs."
|
||
"djangoproject.com/>`_."
|
||
|
||
msgid ""
|
||
"For information about the current state of feature support, see `OpenStack "
|
||
"Hypervisor Support Matrix <https://wiki.openstack.org/wiki/"
|
||
"HypervisorSupportMatrix>`__."
|
||
msgstr ""
|
||
"Untuk informasi tentang status terkini dari dukungan fitur, lihat `OpenStack "
|
||
"Hypervisor Support Matrix <https://wiki.openstack.org/wiki/"
|
||
"HypervisorSupportMatrix>`__."
|
||
|
||
msgid ""
|
||
"For installations in which the controller will have limited access to all "
|
||
"the instances of a cluster, due to limits on floating IP addresses or "
|
||
"security rules, indirect access may be configured. This allows some "
|
||
"instances to be designated as proxy gateways to the other instances of the "
|
||
"cluster."
|
||
msgstr ""
|
||
"Untuk instalasi di mana pengendali akan memiliki akses terbatas ke semua "
|
||
"instance cluster karena batasan pada alamat IP mengambang (floating IP "
|
||
"address) atau peraturan keamanan, akses tidak langsung dapat dikonfigurasi. "
|
||
"Hal ini memungkinkan beberapa instance ditunjuk sebagai gateway proxy ke "
|
||
"instance cluster lainnya."
|
||
|
||
msgid ""
|
||
"For instance, analyzing the access logs of Identity service or its "
|
||
"replacement authentication system would alert us to failed logins, "
|
||
"frequency, origin IP, whether the events are restricted to select accounts "
|
||
"and other pertinent information. Log analysis supports detection."
|
||
msgstr ""
|
||
"Misalnya, menganalisis log akses dari layanan Identity atau sistem "
|
||
"autentikasi penggantiannya akan mengingatkan kita pada login, frekuensi, IP "
|
||
"asal yang salah, apakah kejadian dibatasi untuk memilih akun dan informasi "
|
||
"terkait lainnya. Analisis log mendukung deteksi."
|
||
|
||
msgid ""
|
||
"For more details on setting up a certificate manager for Magnum, see the "
|
||
"`Container Infrastructure Management service <https://docs.openstack.org/"
|
||
"magnum/latest/install/>`_ documentation."
|
||
msgstr ""
|
||
"Untuk rincian lebih lanjut tentang membuat manajer sertifikat untuk Magnum, "
|
||
"lihat dokumentasi `Container Infrastructure Management service <https://docs."
|
||
"openstack.org/magnum/latest/install/>`_."
|
||
|
||
msgid ""
|
||
"For more details on the service see the `OpenStack Glance documentation "
|
||
"<https://docs.openstack.org/glance/latest/>`__."
|
||
msgstr ""
|
||
"Untuk rincian lebih lanjut tentang layanan ini, lihat `OpenStack Glance "
|
||
"documentation <https://docs.openstack.org/glance/latest/>`__."
|
||
|
||
msgid ""
|
||
"For more details see `FedRAMP <http://www.gsa.gov/portal/category/102371>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `FedRAMP <http://www.gsa.gov/portal/"
|
||
"category/102371>`_."
|
||
|
||
msgid "For more details see `ISO 27001 <http://www.27000.org/iso-27001.htm>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `ISO 27001 <http://www.27000.org/iso-27001.htm>`_."
|
||
|
||
msgid ""
|
||
"For more details see `PCI security standards <https://www."
|
||
"pcisecuritystandards.org/security_standards/>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `PCI security standards <https://www."
|
||
"pcisecuritystandards.org/security_standards/>`_."
|
||
|
||
msgid ""
|
||
"For more details see `The International Traffic in Arms Regulations (ITAR) "
|
||
"<https://www.pmddtc.state.gov/regulations_laws/itar.html>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `The International Traffic in Arms Regulations "
|
||
"(ITAR) <https://www.pmddtc.state.gov/regulations_laws/itar.html>`_."
|
||
|
||
msgid ""
|
||
"For more details see the `AICPA Report on Controls at a Service Organization "
|
||
"Relevant to Security, Availability, Processing Integrity, Confidentiality or "
|
||
"Privacy <http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/"
|
||
"Pages/AICPASOC2Report.aspx>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `AICPA Report on Controls at a Service "
|
||
"Organization Relevant to Security, Availability, Processing Integrity, "
|
||
"Confidentiality or Privacy <http://www.aicpa.org/InterestAreas/FRC/"
|
||
"AssuranceAdvisoryServices/Pages/AICPASOC2Report.aspx>`_."
|
||
|
||
msgid ""
|
||
"For more details see the `AICPA Report on Controls at a Service Organization "
|
||
"Relevant to User Entities' Internal Control over Financial Reporting <http://"
|
||
"www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/"
|
||
"AICPASOC1Report.aspx>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `AICPA Report on Controls at a Service "
|
||
"Organization Relevant to User Entities' Internal Control over Financial "
|
||
"Reporting <http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/"
|
||
"Pages/AICPASOC1Report.aspx>`_."
|
||
|
||
msgid ""
|
||
"For more details see the `AICPA Trust Services Report for Service "
|
||
"Organizations <http://www.aicpa.org/InterestAreas/FRC/"
|
||
"AssuranceAdvisoryServices/Pages/AICPASOC3Report.aspx>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `AICPA Trust Services Report for Service "
|
||
"Organizations <http://www.aicpa.org/InterestAreas/FRC/"
|
||
"AssuranceAdvisoryServices/Pages/AICPASOC3Report.aspx>`_."
|
||
|
||
msgid ""
|
||
"For more details see the `Health Insurance Portability And Accountability "
|
||
"Act <https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-"
|
||
"Simplification/HIPAAGenInfo/downloads/HIPAALaw.pdf>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya lihat `Health Insurance Portability And Accountability "
|
||
"Act <https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-"
|
||
"Simplification/HIPAAGenInfo/downloads/HIPAALaw.pdf>`_."
|
||
|
||
msgid ""
|
||
"For more details, see `How to create a TLS Loadbalancer <https://wiki."
|
||
"openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer>`_ and "
|
||
"`Deploy a TLS-terminated HTTPS load balancer <https://docs.openstack.org/"
|
||
"octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-"
|
||
"load-balancer>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya, lihat `How to create a TLS Loadbalancer <https://wiki."
|
||
"openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer>`_ dan "
|
||
"`Deploy a TLS-terminated HTTPS load balancer <https://docs.openstack.org/"
|
||
"octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-"
|
||
"load-balancer>`_."
|
||
|
||
msgid ""
|
||
"For more details, see `Object Encryption <https://docs.openstack.org/swift/"
|
||
"pike/overview_encryption.html>`_ within the official swift documentation."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya, lihat `Object Encryption <https://docs.openstack.org/"
|
||
"swift/pike/overview_encryption.html>`_ dalam dokumentasi swift resmi."
|
||
|
||
msgid ""
|
||
"For more details, see the `Data Encryption section <https://docs.openstack."
|
||
"org/security-guide/tenant-data/data-encryption.html>`_. and `Volume "
|
||
"encryption <https://docs.openstack.org/ocata/config-reference/block-storage/"
|
||
"volume-encryption.html>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya, lihat `Data Encryption section <https://docs.openstack."
|
||
"org/security-guide/tenant-data/data-encryption.html>`_. and `Volume "
|
||
"encryption <https://docs.openstack.org/ocata/config-reference/block-storage/"
|
||
"volume-encryption.html>`_."
|
||
|
||
msgid ""
|
||
"For more details, see the `Ephemeral disk encryption documentation <https://"
|
||
"docs.openstack.org/security-guide/tenant-data/data-encryption.html#ephemeral-"
|
||
"disk-encryption>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya, lihat `Ephemeral disk encryption documentation "
|
||
"<https://docs.openstack.org/security-guide/tenant-data/data-encryption."
|
||
"html#ephemeral-disk-encryption>`_."
|
||
|
||
msgid ""
|
||
"For more details, see the `Trusted Images documentation <https://docs."
|
||
"openstack.org/security-guide/instance-management/security-services-for-"
|
||
"instances.html#trusted-images/>`_."
|
||
msgstr ""
|
||
"Untuk lebih jelasnya, lihat `Trusted Images documentation <https://docs."
|
||
"openstack.org/security-guide/instance-management/security-services-for-"
|
||
"instances.html#trusted-images/>`_."
|
||
|
||
msgid ""
|
||
"For more information about Paste Deploy, see `Python Paste Deployment "
|
||
"documentation <http://pythonpaste.org/deploy/>`__."
|
||
msgstr ""
|
||
"Untuk informasi lebih lanjut tentang Paste Deploy, lihat `Python Paste "
|
||
"Deployment documentation <http://pythonpaste.org/deploy/>`__."
|
||
|
||
msgid ""
|
||
"For more information about the ``lvm_type`` parameter, see sections `LVM "
|
||
"<https://docs.openstack.org/cinder/latest/configuration/block-storage/"
|
||
"drivers/lvm-volume-driver.html>`__ and `Oversubscription in thin "
|
||
"provisioning <https://docs.openstack.org/cinder/latest/admin/blockstorage-"
|
||
"over-subscription.html>`__ of the *cinder* project documentation."
|
||
msgstr ""
|
||
"Untuk informasi lebih lanjut tentang parameter ``lvm_type``, lihat bagian "
|
||
"`LVM <https://docs.openstack.org/cinder/latest/configuration/block-storage/"
|
||
"drivers/lvm-volume-driver.html>` __ dan `Oversubscription in thin "
|
||
"provisioning <https://docs.openstack.org/cinder/latest/admin/blockstorage-"
|
||
"over-subscription.html>` __ dari dokumentasi proyek *cinder*."
|
||
|
||
msgid ""
|
||
"For more information about the ``volume_clear`` parameter, see section "
|
||
"`Cinder Configuration Options <https://docs.openstack.org/cinder/latest/"
|
||
"sample_config.html>`__ of the *cinder* project documentation."
|
||
msgstr ""
|
||
"Untuk informasi lebih lanjut tentang parameter ``volume_clear``, lihat "
|
||
"bagian `Cinder Configuration Options <https://docs.openstack.org/cinder/"
|
||
"latest/sample_config.html>` __ dari dokumentasi proyek *cinder*."
|
||
|
||
msgid "For more information on RabbitMQ SSL configuration see:"
|
||
msgstr "Untuk informasi lebih lanjut tentang konfigurasi SSL RabbitMQ lihat:"
|
||
|
||
msgid ""
|
||
"For more information on the deployment, operation, or implementation of "
|
||
"Object Storage encryption, see the swift Developer Documentation on `Object "
|
||
"Encryption <https://docs.openstack.org/swift/latest/overview_encryption."
|
||
"html>`_."
|
||
msgstr ""
|
||
"Untuk informasi lebih lanjut tentang penerapan, pengoperasian, atau "
|
||
"penerapan enkripsi Obyek Penyimpanan, lihat Dokumentasi Pengembang yang "
|
||
"cepat pada `Object Encryption <https://docs.openstack.org/swift/latest/"
|
||
"overview_encryption.html>`_."
|
||
|
||
msgid ""
|
||
"For more information on the rootwrap project, please see the official "
|
||
"documentation: `https://wiki.openstack.org/wiki/Rootwrap <https://wiki."
|
||
"openstack.org/wiki/Rootwrap>`_"
|
||
msgstr ""
|
||
"Untuk informasi lebih lanjut tentang proyek rootwrap, silakan lihat "
|
||
"dokumentasi resmi :`https://wiki.openstack.org/wiki/Rootwrap <https://wiki."
|
||
"openstack.org/wiki/Rootwrap>`_"
|
||
|
||
msgid ""
|
||
"For more information, see `Shibboleth Service Provider Configuration "
|
||
"<https://wiki.shibboleth.net/confluence/display/SHIB2/Configuration>`__."
|
||
msgstr ""
|
||
"Untuk informasi lebih lanjut, lihat `Shibboleth Service Provider "
|
||
"Configuration <https://wiki.shibboleth.net/confluence/display/SHIB2/"
|
||
"Configuration>`__."
|
||
|
||
msgid ""
|
||
"For more information, see the `Sahara advanced configuration guide <https://"
|
||
"docs.openstack.org/sahara/latest/admin/advanced-configuration-guide."
|
||
"html#external-key-manager-usage>`_."
|
||
msgstr ""
|
||
"Untuk informasi lebih lanjut, lihat `Sahara advanced configuration guide "
|
||
"<https://docs.openstack.org/sahara/latest/admin/advanced-configuration-guide."
|
||
"html#external-key-manager-usage>`_."
|
||
|
||
msgid ""
|
||
"For production environments we recommend controlling the security groups "
|
||
"manually and creating a set of group rules that are appropriate for the "
|
||
"installation. In this manner the operator can ensure that the default "
|
||
"security group will contain all the appropriate rules. For an expanded "
|
||
"discussion of security groups please see :ref:`networking-security-groups`."
|
||
msgstr ""
|
||
"Untuk lingkungan produksi sebaiknya Anda mengendalikan kelompok keamanan "
|
||
"secara manual dan membuat seperangkat aturan kelompok yang sesuai untuk "
|
||
"pemasangan. Dengan cara ini, operator dapat memastikan bahwa grup keamanan "
|
||
"default akan berisi semua peraturan yang sesuai. Untuk diskusi kelompok "
|
||
"keamanan yang diperluas, lihat :ref:`networking-security-groups`."
|
||
|
||
msgid ""
|
||
"For publicly facing services, the threats are pretty straightforward. Users "
|
||
"will be authenticating against horizon and keystone with their username and "
|
||
"password. Users will also be accessing the API endpoints for other services "
|
||
"using their keystone tokens. If this network traffic is unencrypted, "
|
||
"passwords and tokens can be intercepted by an attacker using a man-in-the-"
|
||
"middle attack. The attacker can then use these valid credentials to perform "
|
||
"malicious operations. All real deployments should be using SSL/TLS to "
|
||
"protect publicly facing services."
|
||
msgstr ""
|
||
"Untuk layanan yang dihadapi publik, ancamannya sangat mudah. Pengguna akan "
|
||
"melakukan otentikasi terhadap horizon dan keystone dengan nama pengguna dan "
|
||
"kata sandinya. Pengguna juga akan mengakses API endpoint untuk layanan lain "
|
||
"menggunakan token kunci mereka. Jika lalu lintas jaringan ini tidak "
|
||
"terenkripsi, kata sandi dan tanda dapat dicegat oleh penyerang menggunakan "
|
||
"serangan man-in-the-middle. Penyerang kemudian dapat menggunakan kredensial "
|
||
"yang valid ini untuk melakukan operasi berbahaya. Semua penerapan sebenarnya "
|
||
"harus menggunakan SSL/TLS untuk melindungi layanan yang dihadapi secara "
|
||
"publik."
|
||
|
||
msgid ""
|
||
"For services that are deployed on management networks, the threats aren't so "
|
||
"clear due to the bridging of security domains with network security. There "
|
||
"is always the chance that an administrator with access to the management "
|
||
"network decides to do something malicious. SSL/TLS isn't going to help in "
|
||
"this situation if the attacker is allowed to access the private key. Not "
|
||
"everyone on the management network would be allowed to access the private "
|
||
"key of course, so there is still value in using SSL/TLS to protect yourself "
|
||
"from internal attackers. Even if everyone that is allowed to access your "
|
||
"management network is 100% trusted, there is still a threat that an "
|
||
"unauthorized user gains access to your internal network by exploiting a "
|
||
"misconfiguration or software vulnerability. One must keep in mind that you "
|
||
"have users running their own code on instances in the OpenStack Compute "
|
||
"nodes, which are deployed on the management network. If a vulnerability "
|
||
"allows them to break out of the hypervisor, they will have access to your "
|
||
"management network. Using SSL/TLS on the management network can minimize the "
|
||
"damage that an attacker can cause."
|
||
msgstr ""
|
||
"Untuk layanan yang dikerahkan di jaringan manajemen, ancamannya tidak begitu "
|
||
"jelas karena menjembatani domain keamanan dengan keamanan jaringan. Selalu "
|
||
"ada kemungkinan administrator dengan akses ke jaringan manajemen memutuskan "
|
||
"untuk melakukan sesuatu yang jahat. SSL/TLS tidak akan membantu dalam "
|
||
"situasi ini jika penyerang diizinkan untuk mengakses kunci privat. Tidak "
|
||
"semua orang di jaringan manajemen akan diizinkan untuk mengakses kunci "
|
||
"privat tentunya, jadi masih ada nilai dalam menggunakan SSL/TLS untuk "
|
||
"melindungi diri dari penyerang internal. Bahkan jika setiap orang yang "
|
||
"diizinkan mengakses jaringan manajemen Anda 100% dipercaya, masih ada "
|
||
"ancaman bahwa pengguna yang tidak berwenang mendapatkan akses ke jaringan "
|
||
"internal Anda dengan memanfaatkan kerentanan misconfiguration atau perangkat "
|
||
"lunak. Kita harus ingat bahwa Anda memiliki pengguna yang menjalankan kode "
|
||
"mereka sendiri pada instance di node OpenStack Compute, yang digunakan pada "
|
||
"jaringan manajemen. Jika kerentanan memungkinkan mereka keluar dari "
|
||
"hypervisor, mereka akan memiliki akses ke jaringan manajemen Anda. "
|
||
"Menggunakan SSL/TLS pada jaringan manajemen dapat meminimalkan kerusakan "
|
||
"yang dapat menyebabkan penyerang."
|
||
|
||
msgid ""
|
||
"For situations where the fixed and floating IP addresses do not provide the "
|
||
"functionality required the controller can provide access through two "
|
||
"alternate methods: custom network topologies and indirect access. The custom "
|
||
"network topologies feature allows the controller to access the instances "
|
||
"through a supplied shell command in the configuration file. Indirect access "
|
||
"is used to specify instances that can be used as proxy gateways by the user "
|
||
"during cluster provisioning. These options are discussed with examples of "
|
||
"usage in :doc:`configuration-and-hardening`."
|
||
msgstr ""
|
||
"Untuk situasi di mana alamat IP tetap dan mengambang tidak menyediakan "
|
||
"fungsionalitas yang dibutuhkan, controller dapat menyediakan akses melalui "
|
||
"dua metode alternatif: topologi jaringan custom dan akses tidak langsung. "
|
||
"Fitur topologi jaringan custom memungkinkan controller mengakses instance "
|
||
"melalui perintah shell yang disediakan pada file konfigurasi. Akses tidak "
|
||
"langsung digunakan untuk menentukan instance yang dapat digunakan sebagai "
|
||
"gateway proxy oleh pengguna selama pemberian klaster. Pilihan ini dibahas "
|
||
"dengan contoh penggunaan di :doc:`configuration-and-hardening`."
|
||
|
||
msgid ""
|
||
"For storage of secrets, it's strongly recommended to a Hardware Security "
|
||
"Modules (HSMs). HSMs can come in multiple forms. The traditional device is a "
|
||
"rack mounted appliance such as the one `shown in the following blog post "
|
||
"<https://vakwetu.wordpress.com/2015/11/30/barbican-and-dogtagipa/>`_."
|
||
msgstr ""
|
||
"Untuk penyimpanan rahasia, sangat disarankan ke Hardware Security Modules "
|
||
"(HSMs). HSM bisa datang dalam berbagai bentuk. Perangkat tradisional adalah "
|
||
"alat yang dipasang rak seperti yang ditunjukkan pada entri blog berikut "
|
||
"<https://vakwetu.wordpress.com/2015/11/30/barbican-and-dogtagipa/> `_."
|
||
|
||
msgid ""
|
||
"For these and other hypervisors, we recommend referring to hypervisor-"
|
||
"specific documentation."
|
||
msgstr ""
|
||
"Untuk hypervisor ini dan lainnya, sebaiknya rujuk ke dokumentasi khusus "
|
||
"hypervisor."
|
||
|
||
msgid "Forensics and incident response"
|
||
msgstr "Respon forensik dan insiden"
|
||
|
||
msgid ""
|
||
"Fortunately, a cloud architect may address these issues by providing a high "
|
||
"quality source of entropy to the cloud instances. This can be done by having "
|
||
"enough hardware random number generators (HRNG) in the cloud to support the "
|
||
"instances. In this case, \"enough\" is somewhat domain specific. For "
|
||
"everyday operations, a modern HRNG is likely to produce enough entropy to "
|
||
"support 50-100 compute nodes. High bandwidth HRNGs, such as the RdRand "
|
||
"instruction available with Intel Ivy Bridge and newer processors could "
|
||
"potentially handle more nodes. For a given cloud, an architect needs to "
|
||
"understand the application requirements to ensure that sufficient entropy is "
|
||
"available."
|
||
msgstr ""
|
||
"Untungnya, seorang arsitek awan dapat mengatasi masalah ini dengan "
|
||
"menyediakan sumber entropi berkualitas tinggi ke awan. Hal ini dapat "
|
||
"dilakukan dengan memiliki cukup banyak hardware random number generator "
|
||
"(HRNG) di awan untuk mendukung kejadian tersebut. Dalam hal ini, \"enough\" "
|
||
"agak spesifik domain. Untuk operasi sehari-hari, HRNG modern kemungkinan "
|
||
"menghasilkan entropi yang cukup untuk menopang 50-100 node. HRNG dengan "
|
||
"bandwidth tinggi, seperti instruksi RdRand yang tersedia dengan Intel Ivy "
|
||
"Bridge dan prosesor yang lebih baru berpotensi menangani lebih banyak node. "
|
||
"Untuk awan yang ada, seorang arsitek perlu memahami persyaratan aplikasi "
|
||
"untuk memastikan entropi yang memadai tersedia."
|
||
|
||
msgid "Frequently Asked Questions"
|
||
msgstr "Pertanyaan yang Sering Diajukan"
|
||
|
||
msgid ""
|
||
"From the Kilo release onward the data processing controller allows direct "
|
||
"TLS connections, which we recommend. Enabling this behavior requires some "
|
||
"small adjustments to the controller configuration file."
|
||
msgstr ""
|
||
"Dari pelepasan Kilo dan pengontrol pengolah data memungkinkan koneksi TLS "
|
||
"langsung, yang kami rekomendasikan. Mengaktifkan perilaku ini memerlukan "
|
||
"sedikit penyesuaian pada file konfigurasi controller."
|
||
|
||
msgid "From->To *[Transport]*:"
|
||
msgstr "From->To *[Transport]*:"
|
||
|
||
msgid "Front-end caching"
|
||
msgstr "Caching front-end"
|
||
|
||
msgid "Front-end caching and session back end"
|
||
msgstr "Caching front-end dan sesi back end"
|
||
|
||
msgid ""
|
||
"Fully hardening a system is a challenging process and it may require a "
|
||
"substantial amount of changes to some systems. Some of these changes could "
|
||
"impact production workloads. If a system cannot be fully hardened, the "
|
||
"following two changes are highly recommended to increase security without "
|
||
"large disruptions:"
|
||
msgstr ""
|
||
"Pengerasan sistem secara keseluruhan adalah proses yang menantang dan "
|
||
"mungkin memerlukan sejumlah besar perubahan pada beberapa sistem. Beberapa "
|
||
"perubahan ini bisa berdampak pada beban kerja produksi. Jika sistem tidak "
|
||
"dapat sepenuhnya dikeraskan, dua perubahan berikut sangat dianjurkan untuk "
|
||
"meningkatkan keamanan tanpa gangguan besar:"
|
||
|
||
msgid ""
|
||
"Further, the quality of community, as it surrounds an open source hypervisor "
|
||
"like KVM or Xen, has a direct impact on the timeliness of bug fixes and "
|
||
"security updates. When investigating both commercial and open source "
|
||
"hypervisors, you must look into their release and support cycles as well as "
|
||
"the time delta between the announcement of a bug or security issue and a "
|
||
"patch or response. Lastly, the supported capabilities of OpenStack compute "
|
||
"vary depending on the hypervisor chosen. See the `OpenStack Hypervisor "
|
||
"Support Matrix <https://wiki.openstack.org/wiki/HypervisorSupportMatrix>`_ "
|
||
"for OpenStack compute feature support by hypervisor."
|
||
msgstr ""
|
||
"Selanjutnya, kualitas komunitas, karena ia mengelilingi hypervisor open "
|
||
"source seperti KVM atau Xen, memiliki dampak langsung pada ketepatan waktu "
|
||
"perbaikan bug dan pembaruan keamanan. Saat menyelidiki hypervisors komersial "
|
||
"dan open source, Anda harus melihat siklus rilis dan dukungan serta delta "
|
||
"waktu antara pengumuman bug atau masalah keamanan dan patch atau respons. "
|
||
"Terakhir, kemampuan OpenStack yang didukung bervariasi tergantung pada "
|
||
"hypervisor yang dipilih. Lihat `OpenStack Hypervisor Support Matrix <https://"
|
||
"wiki.openstack.org/wiki/HypervisorSupportMatrix>`_ untuk dukungan fitur "
|
||
"komputasi OpenStack dengan hypervisor."
|
||
|
||
msgid ""
|
||
"Futher information can be found in the `Django documentation <https://docs."
|
||
"djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header/>`_."
|
||
msgstr ""
|
||
"Informasi lebih lanjut dapat ditemukan di `Django documentation <https://"
|
||
"docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header/>`_."
|
||
|
||
msgid "Future"
|
||
msgstr "Masa depan"
|
||
|
||
msgid "GUEST"
|
||
msgstr "GUEST"
|
||
|
||
msgid ""
|
||
"General data disposal and sanitization guidelines as adopted from NIST "
|
||
"recommended security controls. Cloud operators should:"
|
||
msgstr ""
|
||
"Petunjuk pembuangan dan sanitasi data umum yang diadopsi dari kontrol "
|
||
"keamanan NIST yang direkomendasikan. Operator awan harus:"
|
||
|
||
msgid "General security information"
|
||
msgstr "Informasi keamanan umum"
|
||
|
||
msgid "General service security"
|
||
msgstr "Keamanan layanan umum"
|
||
|
||
msgid "Generate metadata"
|
||
msgstr "Buat metadata"
|
||
|
||
msgid "Get a scoped token."
|
||
msgstr "Dapatkan scoped token."
|
||
|
||
msgid ""
|
||
"Given the complexity of the OpenStack components and the number of "
|
||
"deployment possibilities, you must take care to ensure that each component "
|
||
"gets the appropriate configuration of TLS certificates, keys, and CAs. "
|
||
"Subsequent sections discuss the following services:"
|
||
msgstr ""
|
||
"Mengingat kompleksitas komponen OpenStack dan jumlah kemungkinan penyebaran, "
|
||
"Anda harus berhati-hati untuk memastikan bahwa setiap komponen mendapatkan "
|
||
"konfigurasi TLS certificates, keys, and CAs yang sesuai. Bagian selanjutnya "
|
||
"membahas layanan berikut:"
|
||
|
||
msgid ""
|
||
"Given the risks around access to the database, we strongly recommend that "
|
||
"unique database user accounts be created per node needing access to the "
|
||
"database. Doing this facilitates better analysis and auditing for ensuring "
|
||
"compliance or in the event of a compromise of a node allows you to isolate "
|
||
"the compromised host by removing access for that node to the database upon "
|
||
"detection. When creating these per service endpoint database user accounts, "
|
||
"care should be taken to ensure that they are configured to require TLS. "
|
||
"Alternatively, for increased security it is recommended that the database "
|
||
"accounts be configured using X.509 certificate authentication in addition to "
|
||
"user names and passwords."
|
||
msgstr ""
|
||
"Mengingat risiko seputar akses ke database, kami sangat menyarankan agar "
|
||
"akun pengguna database unik dibuat per node yang memerlukan akses ke "
|
||
"database. Melakukan hal ini memudahkan analisis dan audit yang lebih baik "
|
||
"untuk memastikan kepatuhan atau jika kompromi sebuah node memungkinkan Anda "
|
||
"untuk mengisolasi host yang dikompromikan dengan menghapus akses node "
|
||
"tersebut ke database pada saat deteksi. Saat membuat akun pengguna database "
|
||
"endpoint per layanan ini, perhatian harus dilakukan untuk memastikan bahwa "
|
||
"mereka dikonfigurasi untuk mewajibkan TLS. Sebagai alternatif, untuk "
|
||
"keamanan yang meningkat, disarankan agar akun database dikonfigurasi "
|
||
"menggunakan otentikasi sertifikat X.509 selain nama pengguna dan kata sandi."
|
||
|
||
msgid "Government standards"
|
||
msgstr "Standar Pemerintah"
|
||
|
||
msgid "Granular access control"
|
||
msgstr "Kontrol akses Granular"
|
||
|
||
msgid ""
|
||
"Gregg Tally is the Chief Engineer at JHU/APL's Cyber Systems Group within "
|
||
"the Asymmetric Operations Department. He works primarily in systems security "
|
||
"engineering. Previously, he has worked at SPARTA, McAfee, and Trusted "
|
||
"Information Systems where he was involved in cyber security research "
|
||
"projects."
|
||
msgstr ""
|
||
"Gregg Tally adalah Chief Engineer di JHU/APL's Cyber Systems Group di dalam "
|
||
"Asymmetric Operations Department. Dia bekerja terutama dalam rekayasa "
|
||
"keamanan sistem. Sebelumnya, dia pernah bekerja di SPARTA, McAfee, dan "
|
||
"Trusted Information Systems dimana dia terlibat dalam proyek penelitian "
|
||
"keamanan cyber."
|
||
|
||
msgid "Guest"
|
||
msgstr "Guest"
|
||
|
||
msgid "Guest VMs"
|
||
msgstr "Guest VMs"
|
||
|
||
msgid "Guest network"
|
||
msgstr "Guest network (jaringan tamu)"
|
||
|
||
msgid "HIPAA / HITECH"
|
||
msgstr "HIPAA / HITECH"
|
||
|
||
msgid ""
|
||
"HIPAA is not a certification, rather a guide for protecting healthcare data. "
|
||
"Similar to the PCI-DSS, the most important issues with both PCI and HIPPA is "
|
||
"that a breach of credit card information, and health data, does not occur. "
|
||
"In the instance of a breach, the cloud provider will be scrutinized for "
|
||
"compliance with PCI and HIPPA controls. If proven compliant, the provider "
|
||
"can be expected to immediately implement remedial controls, breach "
|
||
"notification responsibilities, and significant expenditure on additional "
|
||
"compliance activities. If not compliant, the cloud provider can expect on-"
|
||
"site audit teams, fines, potential loss of merchant ID (PCI), and massive "
|
||
"reputation impact."
|
||
msgstr ""
|
||
"HIPAA bukan sertifikasi, melainkan panduan untuk melindungi data kesehatan. "
|
||
"Serupa dengan PCI-DSS, masalah yang paling penting dengan PCI dan HIPPA "
|
||
"adalah pelanggaran informasi kartu kredit, dan data kesehatan, tidak "
|
||
"terjadi. Dalam kasus pelanggaran, penyedia awan akan diteliti untuk mematuhi "
|
||
"kontrol PCI dan HIPPA. Jika terbukti memenuhi syarat, provider dapat "
|
||
"diharapkan segera menerapkan remedial controls, melanggar notifikasi "
|
||
"pemberitahuan, dan pengeluaran yang signifikan untuk kegiatan kepatuhan "
|
||
"tambahan. Jika tidak memenuhi syarat, penyedia awan dapat terancam on-site "
|
||
"audit team, denda, potensi kehilangan merchant ID (PCI), dan dampak reputasi "
|
||
"besar."
|
||
|
||
msgid "HTTP Strict Transport Security (HSTS)"
|
||
msgstr "HTTP Strict Transport Security (HSTS)"
|
||
|
||
msgid "HTTP listening port"
|
||
msgstr "HTTP listening port"
|
||
|
||
msgid "HTTP strict transport security"
|
||
msgstr "Keamanan transportasi ketat HTTP"
|
||
|
||
msgid "HTTPS"
|
||
msgstr "HTTPS"
|
||
|
||
msgid "HTTPS, HSTS, XSS, and SSRF"
|
||
msgstr "HTTPS, HSTS, XSS, and SSRF"
|
||
|
||
msgid ""
|
||
"Harden QEMU using compiler hardening options. Modern compilers provide a "
|
||
"variety of compile time options to improve the security of the resulting "
|
||
"binaries. These features include relocation read-only (RELRO), stack "
|
||
"canaries, never execute (NX), position independent executable (PIE), and "
|
||
"address space layout randomization (ASLR)."
|
||
msgstr ""
|
||
"Harden QEMU menggunakan opsi pengerasan kompiler. Kompiler modern "
|
||
"menyediakan berbagai opsi waktu kompilasi untuk meningkatkan keamanan binari "
|
||
"yang dihasilkan. Fitur-fitur ini termasuk relocation read-only (RELRO), "
|
||
"stack canaries, never execute (NX), position independent executable (PIE), "
|
||
"dan address space layout randomization (ASLR)."
|
||
|
||
msgid "Hardening Compute deployments"
|
||
msgstr "Pengerasan Pengerahan Compute"
|
||
|
||
msgid "Hardening the virtualization layers"
|
||
msgstr "Pengerasan lapisan virtualisasi"
|
||
|
||
msgid ""
|
||
"Hardens the data sections of an executable. Both full and partial RELRO "
|
||
"modes are supported by gcc. For QEMU full RELRO is your best choice. This "
|
||
"will make the global offset table read-only and place various internal data "
|
||
"sections before the program data section in the resulting executable."
|
||
msgstr ""
|
||
"Hardens bagian data dari executable. Baik mode RELRO penuh maupun parsial "
|
||
"didukung oleh gcc. Untuk QEMU full RELRO adalah pilihan terbaik anda. Ini "
|
||
"akan membuat tabel offset global hanya bisa dibaca dan menempatkan berbagai "
|
||
"bagian data internal sebelum bagian data program dieksekusi."
|
||
|
||
msgid "Hardware"
|
||
msgstr "Hardware"
|
||
|
||
msgid "Hardware concerns"
|
||
msgstr "Masalah perangkat keras"
|
||
|
||
msgid "Hardware inventory"
|
||
msgstr "Inventarisasi perangkat keras"
|
||
|
||
msgid ""
|
||
"Having a share as remote mountable instance of a file system, you can manage "
|
||
"access to a specified share, and list permissions for a specified share."
|
||
msgstr ""
|
||
"Dengan memiliki share sebagai instance sistem file yang dapat di mount jauh, "
|
||
"Anda dapat mengatur akses ke bagian tertentu, dan mendaftarkan perizinan "
|
||
"untuk bagian tertentu."
|
||
|
||
msgid ""
|
||
"Here are a few important use cases to consider when implementing log "
|
||
"aggregation, analysis and monitoring. These use cases can be implemented and "
|
||
"monitored through various applications, tools or scripts. There are open "
|
||
"source and commercial solutions and some operators develop their own in-"
|
||
"house solutions. These tools and scripts can generate events that can be "
|
||
"sent to administrators through email or viewed in the integrated dashboard. "
|
||
"It is important to consider additional use cases that may apply to your "
|
||
"specific network and what you may consider anomalous behavior."
|
||
msgstr ""
|
||
"Berikut adalah beberapa kasus penggunaan penting yang perlu dipertimbangkan "
|
||
"saat menerapkan agregasi, analisis dan pemantauan log. Kasus penggunaan ini "
|
||
"dapat diimplementasikan dan dipantau melalui berbagai aplikasi, peralatan "
|
||
"atau skrip. Ada solusi open source dan komersial dan beberapa operator "
|
||
"mengembangkan solusi in-house mereka sendiri. Alat dan skrip ini dapat "
|
||
"menghasilkan event (kejadian) yang dapat dikirim ke administrator melalui "
|
||
"email atau dilihat di dasbor terpadu. Penting untuk mempertimbangkan kasus "
|
||
"penggunaan tambahan yang mungkin berlaku untuk jaringan spesifik Anda dan "
|
||
"apa yang mungkin Anda anggap sebagai perilaku anomali."
|
||
|
||
msgid "High"
|
||
msgstr "High"
|
||
|
||
msgid "Higher impact"
|
||
msgstr "Dampak lebih tinggi"
|
||
|
||
msgid ""
|
||
"Highlight security concerns and potential mitigations in present day "
|
||
"OpenStack"
|
||
msgstr ""
|
||
"Sorot (highlight) masalah keamanan dan potensi mitigasi di OpenStack saat ini"
|
||
|
||
msgid ""
|
||
"Highly capable and financially driven groups of attackers. Able to fund in-"
|
||
"house exploit development and target research. In recent years the rise of "
|
||
"organizations such as the Russian Business Network, a massive cyber-criminal "
|
||
"enterprise, has demonstrated how cyber attacks have become a commodity. "
|
||
"Industrial espionage falls within the serious organized crime group."
|
||
msgstr ""
|
||
"Kelompok penyerang yang sangat mampu dan digerakkan secara finansial. Mampu "
|
||
"mendanai pengembangan eksploitasi in house dan target penelitian. Dalam "
|
||
"beberapa tahun terakhir, bangkitnya organisasi seperti Russian Business "
|
||
"Network, sebuah perusahaan cyber-criminal masif, telah menunjukkan bagaimana "
|
||
"serangan maya telah menjadi komoditas. Spionase industri berada di dalam "
|
||
"kelompok kejahatan terorganisasi serius."
|
||
|
||
msgid "Highly capable groups"
|
||
msgstr "Kelompok yang sangat mampu"
|
||
|
||
msgid "Horizon image upload"
|
||
msgstr "Upload image Horizon"
|
||
|
||
msgid ""
|
||
"Hortonworks, Hortonworks. 2016. `Hortonworks Data Platform documentation "
|
||
"<http://docs.hortonworks.com>`__"
|
||
msgstr ""
|
||
"Hortonworks, Hortonworks. 2016. `Hortonworks Data Platform documentation "
|
||
"<http://docs.hortonworks.com>`__"
|
||
|
||
msgid "Host key fingerprints"
|
||
msgstr "Host key fingerprints"
|
||
|
||
msgid "Host platform configuration"
|
||
msgstr "Konfigurasi platform host"
|
||
|
||
msgid "Host platform manufacturer control"
|
||
msgstr "Kontrol pabrikan platform host"
|
||
|
||
msgid ""
|
||
"Host-based intrusion detection tools are also useful for automated "
|
||
"validation of the cloud internals. There are a wide variety of host-based "
|
||
"intrusion detection tools available. Some are open source projects that are "
|
||
"freely available, while others are commercial. Typically these tools analyze "
|
||
"data from a variety of sources and produce security alerts based on rule "
|
||
"sets and/or training. Typical capabilities include log analysis, file "
|
||
"integrity checking, policy monitoring, and rootkit detection. More advanced "
|
||
"-- often custom -- tools can validate that in-memory process images match "
|
||
"the on-disk executable and validate the execution state of a running process."
|
||
msgstr ""
|
||
"Alat deteksi intrusi berbasis host juga berguna untuk validasi otomatis "
|
||
"internal awan. Ada berbagai alat deteksi intrusi berbasis host yang "
|
||
"tersedia. Beberapa proyek open source yang tersedia secara bebas, sementara "
|
||
"yang lainnya bersifat komersial. Biasanya alat ini menganalisis data dari "
|
||
"berbagai sumber dan menghasilkan peringatan keamanan berdasarkan rangkaian "
|
||
"aturan dan / atau pelatihan. Kemampuan khas meliputi analisis log, "
|
||
"pengecekan integritas berkas, pemantauan kebijakan, dan deteksi rootkit. "
|
||
"Lebih alat -- often custom -- yang canggih dapat memvalidasi bahwa image "
|
||
"proses in-memory sesuai dengan on-disk yang dapat dieksekusi dan memvalidasi "
|
||
"keadaan eksekusi dari proses yang sedang berjalan."
|
||
|
||
msgid "How"
|
||
msgstr "Bagaimana"
|
||
|
||
msgid "How are users granted access to build systems?"
|
||
msgstr "Bagaimana pengguna diberi akses untuk membangun sistem?"
|
||
|
||
msgid "How can I use Vault, Keywhiz, Custodia etc ...?"
|
||
msgstr "Bagaimana cara menggunakan Vault, Keywhiz, Custodia dll ...?"
|
||
|
||
msgid "How data travels between components of the system"
|
||
msgstr "Bagaimana data bergerak antar komponen sistem"
|
||
|
||
msgid "How is source code management performed?"
|
||
msgstr "Bagaimana pengelolaan kode sumber dilakukan?"
|
||
|
||
msgid "How the project interacts with external dependencies"
|
||
msgstr "Bagaimana proyek berinteraksi dengan dependensi eksternal"
|
||
|
||
msgid "How to contribute to this book"
|
||
msgstr "Bagaimana berkontribusi pada buku ini"
|
||
|
||
msgid "How to select virtual consoles"
|
||
msgstr "Cara memilih konsol virtual"
|
||
|
||
msgid ""
|
||
"However, as this book does not intend to be a thorough reference on "
|
||
"cryptography we do not wish to be prescriptive about what specific "
|
||
"algorithms or cipher modes you should enable or disable in your OpenStack "
|
||
"services. There are some authoritative references we would like to recommend "
|
||
"for further information:"
|
||
msgstr ""
|
||
"Namun, karena buku ini tidak bermaksud menjadi referensi menyeluruh tentang "
|
||
"kriptografi, kami tidak ingin menjadi preskriptif tentang algoritma atau "
|
||
"mode cipher tertentu yang harus Anda aktifkan atau nonaktifkan di layanan "
|
||
"OpenStack Anda. Ada beberapa referensi terpercaya yang ingin kami "
|
||
"rekomendasikan untuk informasi lebih lanjut:"
|
||
|
||
msgid "Hybrid cloud"
|
||
msgstr "Awan hibrida"
|
||
|
||
msgid "Hyper-V"
|
||
msgstr "Hyper-V"
|
||
|
||
msgid "Hypervisor mailinglists"
|
||
msgstr "Hypervisor milis"
|
||
|
||
msgid "Hypervisor memory optimization"
|
||
msgstr "Pengoptimalan memori hypervisor"
|
||
|
||
msgid "Hypervisor selection"
|
||
msgstr "Seleksi hypervisor"
|
||
|
||
msgid "Hypervisor threats"
|
||
msgstr "Ancaman hypervisor"
|
||
|
||
msgid "Hypervisor versus bare metal"
|
||
msgstr "Hypervisor versus bare metal"
|
||
|
||
msgid "Hypervisor vs. baremetal"
|
||
msgstr "Hypervisor versus baremetal"
|
||
|
||
msgid "Hypervisors in OpenStack"
|
||
msgstr "Hypervisors di OpenStack"
|
||
|
||
msgid "I/O MMU"
|
||
msgstr "I/O MMU"
|
||
|
||
msgid "IP addresses of users"
|
||
msgstr "Alamat IP pengguna"
|
||
|
||
msgid "IPL code configuration and data"
|
||
msgstr "Konfigurasi dan data kode IPL"
|
||
|
||
msgid "ISO 27001/2"
|
||
msgstr "ISO 27001/2"
|
||
|
||
msgid "ITAR"
|
||
msgstr "ITAR"
|
||
|
||
msgid ""
|
||
"Ideally, to test that the Identity Provider and the Identity service are "
|
||
"communicating, navigate to the protected URL and attempt to sign in. If you "
|
||
"get a response back from keystone, even if it is a wrong response, indicates "
|
||
"the communication."
|
||
msgstr ""
|
||
"Idealnya, untuk menguji bahwa Identity Provider dan layanan Identity "
|
||
"berkomunikasi, navigasikan ke URL yang dilindungi dan cobalah masuk. Jika "
|
||
"Anda mendapat tanggapan balik dari keystone, meskipun itu adalah respons "
|
||
"yang salah, tunjukkan komunikasi."
|
||
|
||
msgid "Identification and Authentication"
|
||
msgstr "Identification dan Authentication"
|
||
|
||
msgid ""
|
||
"Identification and authentication using pluggable authentication modules "
|
||
"(PAM) based upon user passwords. The quality of the passwords used can be "
|
||
"enforced through configuration options."
|
||
msgstr ""
|
||
"Identification dan authentication menggunakan pluggable authentication "
|
||
"modules (PAM) berdasarkan password pengguna. Kualitas kata kunci yang "
|
||
"digunakan bisa ditegakkan melalui pilihan konfigurasi."
|
||
|
||
msgid "Identification and authentication, protected data transfer"
|
||
msgstr "Identifikasi dan otentikasi, transfer data yang dilindungi"
|
||
|
||
msgid "Identify the security domains in OpenStack"
|
||
msgstr "Identifikasi domain keamanan di OpenStack"
|
||
|
||
msgid ""
|
||
"Identify where risks exist in a cloud architecture and apply controls to "
|
||
"mitigate the risks. In areas of significant concern, layered defenses "
|
||
"provide multiple complementary controls to manage risk down to an acceptable "
|
||
"level. For example, to ensure adequate isolation between cloud tenants, we "
|
||
"recommend hardening :term:`QEMU <Quick EMUlator (QEMU)>`, using a hypervisor "
|
||
"with SELinux support, enforcing mandatory access control policies, and "
|
||
"reducing the overall attack surface. The foundational principle is to harden "
|
||
"an area of concern with multiple layers of defense such that if any one "
|
||
"layer is compromised, other layers will exist to offer protection and "
|
||
"minimize exposure."
|
||
msgstr ""
|
||
"Identifikasi dimana ada risiko dalam arsitektur awan dan menerapkan kontrol "
|
||
"untuk mengurangi risiko. Di bidang yang menjadi perhatian penting, "
|
||
"pertahanan berlapis memberikan beberapa kontrol komplementer untuk mengelola "
|
||
"risiko hingga tingkat yang dapat diterima. Misalnya, untuk memastikan "
|
||
"isolasi yang memadai antara penyewa awan, kami merekomendasikan pengerasan "
|
||
"(hardening) :term:`QEMU <Quick EMUlator (QEMU)>`, menggunakan hypervisor "
|
||
"dengan dukungan SELinux, menerapkan kebijakan kontrol akses wajib, dan "
|
||
"mengurangi keseluruhan permukaan serangan. Prinsip dasarnya adalah untuk "
|
||
"mengeraskan area yang menjadi perhatian dengan banyak lapisan pertahanan "
|
||
"sehingga jika ada satu lapisan yang terganggu, lapisan lain akan ada untuk "
|
||
"menawarkan perlindungan dan meminimalkan pemaparan."
|
||
|
||
# #-#-#-#-# data-processing.pot (Security Guide 0.0.1) #-#-#-#-#
|
||
# #-#-#-#-# identity.pot (Security Guide 0.0.1) #-#-#-#-#
|
||
msgid "Identity"
|
||
msgstr "Identitas"
|
||
|
||
msgid "Identity API endpoints"
|
||
msgstr "Identity API endpoints"
|
||
|
||
msgid "Identity Provider (IdP)"
|
||
msgstr "Identity Provider (IdP)"
|
||
|
||
msgid "Identity service"
|
||
msgstr "Layanan Identity"
|
||
|
||
msgid ""
|
||
"Identity service (keystone) provides identity, token, catalog, and policy "
|
||
"services for use specifically by services in the OpenStack family. Identity "
|
||
"service is organized as a group of internal services exposed on one or many "
|
||
"endpoints. Many of these services are used in a combined fashion by the "
|
||
"front end. For example, an authentication call validates user and project "
|
||
"credentials with the identity service. If successful, it will create and "
|
||
"return a token with the token service. More information can be found by "
|
||
"reading the `keystone Developer Documentation <https://docs.openstack.org/"
|
||
"keystone/latest/index.html>`_."
|
||
msgstr ""
|
||
"Layanan Identity (keystone) menyediakan layanan identitas, token, katalog, "
|
||
"dan kebijakan untuk digunakan secara khusus oleh layanan di keluarga "
|
||
"OpenStack. Layanan Identity diatur sebagai sekelompok layanan internal yang "
|
||
"terpapar pada satu atau banyak endpoint. Banyak dari layanan ini digunakan "
|
||
"secara gabungan oleh front end. Misalnya, panggilan otentikasi memvalidasi "
|
||
"kredensial pengguna dan proyek dengan layanan Identity. Jika berhasil, maka "
|
||
"akan membuat dan mengembalikan token dengan layanan token. Informasi lebih "
|
||
"lanjut dapat ditemukan dengan membaca `keystone Developer Documentation "
|
||
"<https://docs.openstack.org/keystone/latest/index.html>`_."
|
||
|
||
msgid ""
|
||
"Identity service enforces ``external`` authentication when environment "
|
||
"variable ``REMOTE_USER`` is present so make sure Shibboleth does not set the "
|
||
"``REMOTE_USER`` environment variable. To do so, scan through the ``/etc/"
|
||
"shibboleth/shibboleth2.xml`` configuration file and remove the "
|
||
"``REMOTE_USER`` directives."
|
||
msgstr ""
|
||
"Layanan Identity memaksa otentikasi ``external``` saat variabel lingkungan "
|
||
"``REMOTE_USER`` hadir sehingga pastikan Shibboleth tidak menyetel variabel "
|
||
"lingkungan ``REMOTE_USER``. Untuk melakukannya, pindai melalui file "
|
||
"konfigurasi ``/etc/shibboleth/shibboleth2.xml`` dan hapus directive "
|
||
"``REMOTE_USER``."
|
||
|
||
msgid ""
|
||
"If :ref:`check_compute_01` and permissions set to 640, root has read/write "
|
||
"access and nova has read access to these configuration files. The access "
|
||
"rights can also be validated using the following command. This command will "
|
||
"only be available on your system if it supports ACLs."
|
||
msgstr ""
|
||
"Jika :ref:`check_compute_01` dan izin diset ke 640, root telah membaca/"
|
||
"menulis akses dan nova telah membaca akses ke file konfigurasi ini. Hak "
|
||
"akses juga dapat divalidasi dengan menggunakan perintah berikut. Perintah "
|
||
"ini hanya akan tersedia di sistem Anda jika mendukung ACL."
|
||
|
||
msgid ""
|
||
"If ``insecure_debug`` is set to true, then the server will return "
|
||
"information in HTTP responses that may allow an unauthenticated or "
|
||
"authenticated user to get more information than normal, such as additional "
|
||
"details about why authentication failed."
|
||
msgstr ""
|
||
"Jika ``insecure_debug`` disetel ke true, server akan mengembalikan informasi "
|
||
"dalam tanggapan HTTP yang memungkinkan pengguna yang tidak berkepentingan "
|
||
"atau dikonfirmasi untuk mendapatkan lebih banyak informasi daripada "
|
||
"biasanya, seperti detail tambahan mengapa otentikasi gagal."
|
||
|
||
msgid ""
|
||
"If a cloud deployment requires strong separation of tenants, as is the "
|
||
"situation with public clouds and some private clouds, deployers should "
|
||
"consider disabling TPS and KSM memory optimizations."
|
||
msgstr ""
|
||
"Jika penyebaran awan memerlukan pemisahan penyewa yang kuat, seperti situasi "
|
||
"dengan awan publik dan beberapa awan pribadi, pengawas harus "
|
||
"mempertimbangkan untuk menonaktifkan pengoptimalan memori TPS dan KSM."
|
||
|
||
msgid ""
|
||
"If network namespace support is not present, a further limitation of the L3 "
|
||
"agent is that only a single logical router is supported."
|
||
msgstr ""
|
||
"Jika dukungan namespace jaringan tidak ada, batasan lebih lanjut dari agen "
|
||
"L3 adalah bahwa hanya satu router logis yang didukung."
|
||
|
||
msgid ""
|
||
"If new certificates are required, they can be easily created by executing:"
|
||
msgstr ""
|
||
"Jika sertifikat baru diperlukan, mereka dapat dengan mudah dibuat dengan "
|
||
"menjalankan:"
|
||
|
||
msgid ""
|
||
"If nodes that run either neutron-l3-agent or neutron-dhcp-agent use "
|
||
"overlapping IP addresses, those nodes must use Linux network namespaces. By "
|
||
"default, the DHCP and L3 agents use Linux network namespaces and run in "
|
||
"their own respective namespaces. However, if the host does not support "
|
||
"multiple namespaces, the DHCP and L3 agents should be run on separate hosts. "
|
||
"This is due to the fact that there is no isloation between the IP addresses "
|
||
"created by the L3 agent and the DHCP agent."
|
||
msgstr ""
|
||
"Jika node yang menjalankan agen neutron-l3-agent atau neutron-dhcp-agent "
|
||
"menggunakan alamat IP yang tumpang tindih, node tersebut harus menggunakan "
|
||
"namespace jaringan Linux. Secara default, agen DHCP dan L3 menggunakan "
|
||
"namespace jaringan Linux dan berjalan di namespace masing-masing. Namun, "
|
||
"jika host tidak mendukung beberapa namespace, agen DHCP dan L3 harus "
|
||
"dijalankan di host yang terpisah. Hal ini disebabkan fakta bahwa tidak ada "
|
||
"isolasi antara alamat IP yang dibuat oleh agen L3 dan agen DHCP."
|
||
|
||
msgid ""
|
||
"If prevention is not an option, detection can be used to mitigate damage. "
|
||
"Detection involves frequent review of access control logs to identify "
|
||
"unauthorized attempts to access accounts. Possible remediation would include "
|
||
"reviewing the strength of the user password, or blocking the network source "
|
||
"of the attack through firewall rules. Firewall rules on the keystone server "
|
||
"that restrict the number of connections could be used to reduce the attack "
|
||
"effectiveness, and thus dissuade the attacker."
|
||
msgstr ""
|
||
"Jika pencegahan bukan pilihan, deteksi bisa digunakan untuk mengurangi "
|
||
"kerusakan. Deteksi melibatkan tinjauan berulang terhadap log kontrol akses "
|
||
"untuk mengidentifikasi upaya yang tidak sah untuk mengakses akun. Remediasi "
|
||
"yang mungkin dilakukan mencakup meninjau kekuatan kata sandi pengguna, atau "
|
||
"memblokir sumber serangan jaringan melalui peraturan firewall. Aturan "
|
||
"firewall pada server keystone yang membatasi jumlah koneksi dapat digunakan "
|
||
"untuk mengurangi efektivitas serangan, dan dengan demikian mencegah "
|
||
"penyerang."
|
||
|
||
msgid ""
|
||
"If ssync is used instead of rsync, the object service port is used for "
|
||
"maintaining durability."
|
||
msgstr ""
|
||
"Jika ssync digunakan sebagai pengganti rsync, port layanan objek digunakan "
|
||
"untuk menjaga daya tahan."
|
||
|
||
msgid ""
|
||
"If subscribing to a public cloud service, you should check with the cloud "
|
||
"provider for an outline of the process used to produce their default images. "
|
||
"If the provider allows you to upload your own images, you will want to "
|
||
"ensure that you are able to verify that your image was not modified before "
|
||
"using it to create an instance. To do this, refer to the following section "
|
||
"on Image Signature Verification, or the following paragraph if signatures "
|
||
"cannot be used."
|
||
msgstr ""
|
||
"Jika berlangganan layanan awan publik, Anda harus memeriksa dengan penyedia "
|
||
"awan untuk garis besar (outline) proses yang digunakan untuk menghasilkan "
|
||
"image default mereka. Jika penyedia memungkinkan Anda untuk mengunggah image "
|
||
"Anda sendiri, Anda akan ingin memastikan bahwa Anda dapat memverifikasi "
|
||
"bahwa image Anda tidak dimodifikasi sebelum menggunakannya untuk membuat "
|
||
"sebuah instance. Untuk melakukan ini, lihat bagian berikut pada Image "
|
||
"Signature Verification, atau paragraf berikut jika tanda tangan tidak dapat "
|
||
"digunakan."
|
||
|
||
msgid ""
|
||
"If the OpenStack Dashboard is deployed behind a proxy and the proxy strips "
|
||
"``X-Forwarded-Proto`` header from all incoming requests, or sets the ``X-"
|
||
"Forwarded-Proto`` header and sends it to the Dashboard, but only for "
|
||
"requests that originally come in via HTTPS, then you should consider "
|
||
"configuring ``SECURE_PROXY_SSL_HEADER``"
|
||
msgstr ""
|
||
"Jika Dasbor OpenStack ditempatkan di belakang proxy dan proxy strips ``X-"
|
||
"Forwarded-Proto`` header dari semua permintaan masuk, atau setel ``X-"
|
||
"Forwarded-Proto`` header dan kirimkan ke Dashboard, tapi hanya untuk "
|
||
"permintaan yang awalnya masuk melalui HTTPS, maka Anda harus "
|
||
"mempertimbangkan untuk mengkonfigurasi ``SECURE_PROXY_SSL_HEADER``"
|
||
|
||
msgid ""
|
||
"If the OpenStack volume encryption feature is not used, then other "
|
||
"approaches generally would be more difficult to enable. If a back-end plug-"
|
||
"in is being used, there may be independent ways of doing encryption or non-"
|
||
"standard overwrite solutions. Plug-ins to OpenStack Block Storage will store "
|
||
"data in a variety of ways. Many plug-ins are specific to a vendor or "
|
||
"technology, whereas others are more DIY solutions around filesystems such as "
|
||
"LVM or ZFS. Methods to securely destroy data will vary from one plug-in to "
|
||
"another, from one vendor's solution to another, and from one filesystem to "
|
||
"another."
|
||
msgstr ""
|
||
"Jika fitur enkripsi volume OpenStack tidak digunakan, maka pendekatan lain "
|
||
"pada umumnya akan lebih sulit untuk diaktifkan. Jika plug-in back-end "
|
||
"digunakan, mungkin ada cara independen untuk melakukan solusi enkripsi atau "
|
||
"non-standar akan menimpa. Plug-in ke OpenStack Block Storage akan menyimpan "
|
||
"data dengan berbagai cara. Banyak plug-in khusus untuk vendor atau "
|
||
"teknologi, sedangkan yang lain akan lebih banyak solusi DIY seputar "
|
||
"filesystem seperti LVM atau ZFS. Metode untuk menghancurkan data dengan aman "
|
||
"akan bervariasi dari satu plug-in ke yang lain, dari satu solusi vendor ke "
|
||
"yang lain, dan dari satu sistem berkas ke file lainnya."
|
||
|
||
msgid ""
|
||
"If the maximum body size per request is not defined, the attacker can craft "
|
||
"an arbitrary OSAPI request of large size causing the service to crash and "
|
||
"finally resulting in Denial Of Service attack. Assigning the maximum value "
|
||
"ensures that any malicious oversized request gets blocked ensuring continued "
|
||
"availability of the service."
|
||
msgstr ""
|
||
"Jika ukuran tubuh maksimum per permintaan tidak ditentukan, penyerang dapat "
|
||
"menghasilkan permintaan OSAPI yang sewenang-wenang (arbitrary) dengan ukuran "
|
||
"besar menyebabkan layanan mogok dan akhirnya mengakibatkan serangan Denial "
|
||
"Of Service. Menetapkan nilai maksimum memastikan bahwa permintaan besar yang "
|
||
"berbahaya diblokir untuk memastikan ketersediaan layanan lanjutan."
|
||
|
||
msgid ""
|
||
"If the maximum body size per request is not defined, the attacker can craft "
|
||
"an arbitrary osapi request of large size causing the service to crash and "
|
||
"finally resulting in Denial Of Service attack. Assigning the maximum value "
|
||
"ensures that any malicious oversized request gets blocked ensuring continued "
|
||
"availability of the service."
|
||
msgstr ""
|
||
"Jika ukuran body maksimum per permintaan tidak ditentukan, penyerang bisa "
|
||
"menggunakan permintaan osilator yang sewenang-wenang dengan ukuran besar "
|
||
"menyebabkan layanan mogok dan akhirnya mengakibatkan serangan Denial Of "
|
||
"Service. Menetapkan nilai maksimum memastikan bahwa permintaan besar yang "
|
||
"berbahaya diblokir untuk memastikan ketersediaan layanan lanjutan."
|
||
|
||
msgid ""
|
||
"If the option of using Apache is not feasible, or for performance you wish "
|
||
"to offload your TLS work, you may employ a dedicated network device load "
|
||
"balancer. This is a common way to provide redundancy and load balancing when "
|
||
"using multiple proxy nodes."
|
||
msgstr ""
|
||
"Jika pilihan untuk menggunakan Apache tidak layak, atau untuk kinerja yang "
|
||
"Anda inginkan untuk melepaskan pekerjaan TLS Anda, Anda dapat menggunakan "
|
||
"perangkat penyeimbang beban jaringan khusus. Ini adalah cara yang umum untuk "
|
||
"memberikan redundansi dan load balancing saat menggunakan beberapa node "
|
||
"proxy."
|
||
|
||
msgid ""
|
||
"If there is a sufficient business case for keeping live migration enabled, "
|
||
"then libvirtd can provide encrypted tunnels for the live migrations. "
|
||
"However, this feature is not currently exposed in either the OpenStack "
|
||
"Dashboard or nova-client commands, and can only be accessed through manual "
|
||
"configuration of libvirtd. The live migration process then changes to the "
|
||
"following high-level steps:"
|
||
msgstr ""
|
||
"Jika ada kasus bisnis yang memadai untuk mengaktifkan migrasi aktif, "
|
||
"libvirtd dapat menyediakan terowongan (tunnel) terenkripsi untuk migrasi "
|
||
"langsung. Namun, fitur ini saat ini tidak terbuka di OpenStack Dashboard "
|
||
"atau perintah nova-client, dan hanya dapat diakses melalui konfigurasi "
|
||
"manual libvirtd. Proses migrasi langsung kemudian berubah ke langkah tingkat "
|
||
"tinggi berikut:"
|
||
|
||
msgid ""
|
||
"If using a version of Open vSwitch that supports ARP field matching, you can "
|
||
"help mitigate this risk by enabling the ``prevent_arp_spoofing`` option for "
|
||
"the Open vSwitch agent. This option prevents instances from performing spoof "
|
||
"attacks; it does not protect them from spoof attacks. Note that this setting "
|
||
"is expected to be removed in Ocata, with the behavior becoming permanently "
|
||
"active."
|
||
msgstr ""
|
||
"Jika menggunakan versi Open vSwitch yang mendukung pencocokan ARP field, "
|
||
"Anda dapat membantu mengurangi risiko ini dengan mengaktifkan opsi "
|
||
"``prevention_arp_spoofing`` untuk agen Open vSwitch. Pilihan ini mencegah "
|
||
"terjadinya serangan spoof; itu tidak melindungi mereka dari serangan spoof. "
|
||
"Perhatikan bahwa pengaturan ini diharapkan dapat dihapus di Ocata, dengan "
|
||
"perilaku menjadi aktif secara permanen."
|
||
|
||
msgid ""
|
||
"If you are running with SELinux enabled ensure that the file has the "
|
||
"appropriate SELinux context to access the linked file. For example, if you "
|
||
"have the file in ``/var/www/cgi-bin`` location, you can do this by running:"
|
||
msgstr ""
|
||
"Jika Anda menjalankan dengan SELinux diaktifkan pastikan file tersebut "
|
||
"memiliki konteks SELinux yang sesuai untuk mengakses file yang ditautkan. "
|
||
"Misalnya, jika Anda memiliki file di lokasi ``/var/www/cgi-bin``, Anda bisa "
|
||
"melakukan ini dengan menjalankan:"
|
||
|
||
msgid ""
|
||
"If you are using an HTTPS proxy in front of your web server, rather than "
|
||
"using an HTTP server with HTTPS functionality, modify the "
|
||
"``SECURE_PROXY_SSL_HEADER`` variable. Refer to the `Django documentation "
|
||
"<https://docs.djangoproject.com/>`_ for information about modifying the "
|
||
"``SECURE_PROXY_SSL_HEADER`` variable."
|
||
msgstr ""
|
||
"Jika Anda menggunakan proxy HTTPS di depan server web Anda, daripada "
|
||
"menggunakan server HTTP dengan fungsionalitas HTTPS, ubah variabel "
|
||
"``SECURE_PROXY_SSL_HEADER``. Lihat `Django documentation <https://docs."
|
||
"djangoproject.com/> `_ untuk informasi tentang memodifikasi variabel "
|
||
"``SECURE_PROXY_SSL_HEADER``."
|
||
|
||
msgid ""
|
||
"If you choose to offload your TLS, ensure that the network link between the "
|
||
"load balancer and your proxy nodes are on a private (V)LAN segment such that "
|
||
"other nodes on the network (possibly compromised) cannot wiretap (sniff) the "
|
||
"unencrypted traffic. If such a breach were to occur, the attacker could gain "
|
||
"access to end-point client or cloud administrator credentials and access the "
|
||
"cloud data."
|
||
msgstr ""
|
||
"Jika Anda memilih untuk melepaskan TLS Anda, pastikan bahwa hubungan "
|
||
"jaringan antara penyeimbang beban dan nodus proxy Anda berada pada segmen "
|
||
"private (V)LAN sehingga node lain di jaringan (kemungkinan dikompromikan) "
|
||
"tidak dapat menyadap (mengendus) lalu lintas yang tidak dienkripsi. Jika "
|
||
"pelanggaran semacam itu terjadi, penyerang bisa mendapatkan akses ke "
|
||
"kredensial klien endpoint atau kredensial administrator awan dan mengakses "
|
||
"data awan."
|
||
|
||
msgid ""
|
||
"If you do not follow this recommendation regarding second-level domains, "
|
||
"avoid a cookie-backed session store and employ HTTP Strict Transport "
|
||
"Security (HSTS). When deployed on a subdomain, the dashboard's security is "
|
||
"equivalent to the least secure application deployed on the same second-level "
|
||
"domain."
|
||
msgstr ""
|
||
"Jika Anda tidak mengikuti saran ini mengenai domain tingkat kedua, "
|
||
"hindaricookie-backed session dan gunakan HTTP Strict Transport Security "
|
||
"(HSTS). Saat ditempatkan di subdomain, keamanan dasbor setara dengan "
|
||
"aplikasi yang paling tidak aman yang diterapkan pada domain tingkat kedua "
|
||
"yang sama."
|
||
|
||
msgid ""
|
||
"If you have a firewall in place, configure it to allow TLS traffic. For "
|
||
"example:"
|
||
msgstr ""
|
||
"Jika Anda memasang firewall, konfigurasikan untuk mengizinkan lalu lintas "
|
||
"TLS. Sebagai contoh:"
|
||
|
||
msgid ""
|
||
"If you intend for your network to support more than 4094 tenants VLAN is "
|
||
"probably not the correct option for you as multiple 'hacks' are required to "
|
||
"extend the VLAN tags to more than 4094 tenants."
|
||
msgstr ""
|
||
"Jika Anda ingin jaringan Anda mendukung lebih dari 4094 penyewa VLAN mungkin "
|
||
"bukan pilihan yang tepat untuk Anda karena beberapa 'hacks' diperlukan untuk "
|
||
"memperpanjang tag VLAN ke lebih dari 4094 penyewa."
|
||
|
||
msgid ""
|
||
"If you use a web interface to interact with the :term:`BMC <BMC (Baseboard "
|
||
"Management Controller)>`/IPMI, always use the TLS interface, such as HTTPS "
|
||
"or port 443. This TLS interface should **NOT** use self-signed certificates, "
|
||
"as is often default, but should have trusted certificates using the "
|
||
"correctly defined fully qualified domain names (FQDNs)."
|
||
msgstr ""
|
||
"Jika Anda menggunakan antarmuka web untuk berinteraksi dengan :term:`BMC "
|
||
"<BMC (Baseboard Management Controller)>`/IPMI, selalu gunakan antarmuka TLS, "
|
||
"seperti HTTPS atau port 443. Antarmuka TLS ini seharusnya **NOT** "
|
||
"menggunakan sertifikat yang ditandatangani sendiri, seperti yang sering "
|
||
"default, namun harus memiliki sertifikat terpercaya dengan menggunakan nama "
|
||
"domain yang memenuhi syarat dengan benar (FQDNs)."
|
||
|
||
msgid ""
|
||
"If you use the HTTP/WSGI server for Identity, you should enable TLS on the "
|
||
"HTTP/WSGI server."
|
||
msgstr ""
|
||
"Jika Anda menggunakan server HTTP/WSGI I untuk Identity, Anda harus "
|
||
"mengaktifkan TLS di server HTTP/WSGI."
|
||
|
||
msgid ""
|
||
"If your architecture allows for shared storage and and if you have "
|
||
"configured your cache correctly, we recommend setting your "
|
||
"``SESSION_ENGINE`` to ``django.contrib.sessions.backends.cache`` and using "
|
||
"it as cache-based session backend with memcached as the cache. Memcached is "
|
||
"an efficient in-memory key-value store for chunks of data that can be used "
|
||
"in a high availability and distributed environment and is easy to configure. "
|
||
"However, you need to ensure that there is no data leakage. Memcached makes "
|
||
"use of spare RAM to store frequently accessed data blocks, acting like "
|
||
"memory cache for repeatedly accessed information. Since memcached utilizes "
|
||
"local memory, there is no overhead of database and file system usage leading "
|
||
"to direct access of data from RAM rather than from disk."
|
||
msgstr ""
|
||
"Jika arsitektur Anda mengizinkan penyimpanan bersama dan dan jika Anda telah "
|
||
"mengonfigurasi cache dengan benar, sebaiknya setel ``SESSION_ENGINE` ke "
|
||
"``django.contrib.sessions.backends.cache`` dan gunakan sebagai backend sesi "
|
||
"berbasis cache dengan Memcached sebagai cache. Memcached adalah penyimpanan "
|
||
"key-value dalam memori yang efisien untuk potongan data yang dapat digunakan "
|
||
"dalam ketersediaan tinggi dan lingkungan terdistribusi dan mudah "
|
||
"dikonfigurasi. Namun, Anda perlu memastikan bahwa tidak ada kebocoran data. "
|
||
"Memcached menggunakan RAM cadangan untuk menyimpan blok data yang sering "
|
||
"diakses, berfungsi seperti cache memori untuk informasi yang diakses "
|
||
"berulang kali. Karena memcached memanfaatkan memori lokal, tidak ada "
|
||
"overhead penggunaan sistem database dan file yang menyebabkan akses data "
|
||
"langsung dari RAM dan bukan dari disk."
|
||
|
||
msgid ""
|
||
"If your database server is configured for TLS transport, you will need to "
|
||
"specify the certificate authority information for use with the initial "
|
||
"connection string in the SQLAlchemy query."
|
||
msgstr ""
|
||
"Jika server database Anda dikonfigurasi untuk transport TLS, Anda harus "
|
||
"menentukan informasi otoritas sertifikat untuk digunakan dengan string "
|
||
"koneksi awal dalam query SQLAlchemy."
|
||
|
||
msgid ""
|
||
"If your database server is configured to require X.509 certificates for "
|
||
"authentication you will need to specify the appropriate SQLAlchemy query "
|
||
"parameters for the database back end. These parameters specify the "
|
||
"certificate, private key, and certificate authority information for use with "
|
||
"the initial connection string."
|
||
msgstr ""
|
||
"Jika server database Anda dikonfigurasi untuk meminta sertifikat X.509 untuk "
|
||
"otentikasi, Anda perlu menentukan parameter kueri SQLAlchemy yang sesuai "
|
||
"untuk database back end. Parameter ini menentukan sertifikat, private key, "
|
||
"dan informasi otoritas sertifikat untuk digunakan dengan string koneksi awal."
|
||
|
||
msgid ""
|
||
"If your deployment does not require full virtual machine backups, we "
|
||
"recommend excluding the ``/var/lib/nova/instances`` directory as it will be "
|
||
"as large as the combined space of each vm running on that node. If your "
|
||
"deployment does require full VM backups, you will need to ensure this "
|
||
"directory is backed up successfully."
|
||
msgstr ""
|
||
"Jika penggelaran Anda tidak memerlukan backup mesin virtual sepenuhnya, "
|
||
"sebaiknya tidak menyertakan direktori ``/var/lib/nova/instances`` karena "
|
||
"akan sama besarnya dengan ruang gabungan dari setiap vm yang berjalan pada "
|
||
"node tersebut. Jika penempatan Anda memerlukan backup VM penuh, Anda harus "
|
||
"memastikan agar direktori ini berhasil dicadangkan dengan sukses."
|
||
|
||
msgid ""
|
||
"If your deployment of OpenStack provides multiple external access points "
|
||
"into different security domains it is important that you limit the project's "
|
||
"ability to attach multiple vNICs to multiple external access points—this "
|
||
"would bridge these security domains and could lead to unforeseen security "
|
||
"compromise. It is possible mitigate this risk by utilizing the host "
|
||
"aggregates functionality provided by OpenStack Compute or through splitting "
|
||
"the project VMs into multiple project projects with different virtual "
|
||
"network configurations."
|
||
msgstr ""
|
||
"Jika penggelaran OpenStack Anda menyediakan beberapa jalur akses eksternal "
|
||
"ke domain keamanan yang berbeda, penting bagi Anda untuk membatasi kemampuan "
|
||
"proyek untuk menghubungkan beberapa vNIC ke beberapa access point eksternal "
|
||
"- ini akan menjembatani domain keamanan ini dan dapat menyebabkan kompromi "
|
||
"keamanan yang tak terduga. Hal ini dimungkinkan mengurangi risiko ini dengan "
|
||
"memanfaatkan fungsi agregat host yang disediakan oleh OpenStack Compute atau "
|
||
"melalui pemisahan proyek VM menjadi beberapa proyek dengan konfigurasi "
|
||
"jaringan virtual yang berbeda."
|
||
|
||
msgid "Image Storage"
|
||
msgstr "Image Storage (penyimpanan image)"
|
||
|
||
msgid "Image based filters"
|
||
msgstr "Filter berbasis image"
|
||
|
||
msgid "Image creation process"
|
||
msgstr "Proses pembuatan image"
|
||
|
||
msgid "Image service"
|
||
msgstr "Layanan Image"
|
||
|
||
msgid "Image service delay delete feature"
|
||
msgstr "Fitur penghapusan penundaan layanan Image"
|
||
|
||
msgid ""
|
||
"Image services include discovering, registering, and retrieving virtual "
|
||
"machine images. Glance has a RESTful API that allows querying of VM image "
|
||
"metadata as well as retrieval of the actual image."
|
||
msgstr ""
|
||
"Layanan Image meliputi menemukan, mendaftar, dan mengambil image mesin "
|
||
"virtual. Glance memiliki RESTful API yang memungkinkan kueri metadata mage "
|
||
"VM serta pengambilan image sebenarnya."
|
||
|
||
msgid "Image signature verification"
|
||
msgstr "Verifikasi tanda tangan (signature) image"
|
||
|
||
msgid ""
|
||
"Images come from the Image service to the Compute service on a node. This "
|
||
"transfer should be protected by running over TLS. Once the image is on the "
|
||
"node, it is verified with a basic checksum and then its disk is expanded "
|
||
"based on the size of the instance being launched. If, at a later time, the "
|
||
"same image is launched with the same instance size on this node, it is "
|
||
"launched from the same expanded image. Since this expanded image is not re-"
|
||
"verified by default before launching, it is possible that it has undergone "
|
||
"tampering. The user would not be aware of tampering, unless a manual "
|
||
"inspection of the files is performed in the resulting image."
|
||
msgstr ""
|
||
"Image berasal dari layanan Image ke layanan Compute pada sebuah simpul. "
|
||
"Transfer ini harus dilindungi dengan menjalankan lebih dari TLS. Begitu "
|
||
"image ada di simpul, maka diverifikasi dengan checksum dasar dan kemudian "
|
||
"disk diperluas berdasarkan ukuran instance yang diluncurkan. Jika, di lain "
|
||
"waktu, image yang sama diluncurkan dengan ukuran instance yang sama pada "
|
||
"simpul ini, diluncurkan dari image yang sama. Karena image yang diperluas "
|
||
"ini tidak diverifikasi ulang secara default sebelum diluncurkan, mungkin "
|
||
"saja telah mengalami gangguan. Pengguna tidak akan menyadari adanya "
|
||
"gangguan, kecuali jika dilakukan pemeriksaan manual terhadap file yang "
|
||
"dihasilkan pada image yang dihasilkan."
|
||
|
||
msgid "Implementation and operation of security controls"
|
||
msgstr "Implementasi dan pengoperasian kontrol keamanan"
|
||
|
||
msgid "Implementation standard"
|
||
msgstr "Implementation Standard (standar implementasi)"
|
||
|
||
msgid "Improves performance of network I/O on hypervisors"
|
||
msgstr "Meningkatkan kinerja jaringan I/O pada hypervisors"
|
||
|
||
msgid ""
|
||
"In *no share servers mode* the Shared File Systems service will assume that "
|
||
"the network interfaces through which any shares are exported are already "
|
||
"reachable by all tenants."
|
||
msgstr ""
|
||
"Dalam *no share servers mode* layanan Shared File Systems akan mengasumsikan "
|
||
"bahwa antarmuka jaringan dimana share yang diekspor sudah dapat dijangkau "
|
||
"oleh semua penyewa."
|
||
|
||
msgid ""
|
||
"In :ref:`share servers <share-servers-vs-no-share-servers>` back-end mode a "
|
||
"share driver creates and manages a share server for each share network. This "
|
||
"mode can be divided in two variations:"
|
||
msgstr ""
|
||
"Di :ref:`share servers <share-servers-vs-no-share-servers>` mode back-end, "
|
||
"share driver menciptakan dan mengelola share server untuk setiap jaringan "
|
||
"berbagi. Mode ini dapat dibagi dalam dua variasi:"
|
||
|
||
msgid ""
|
||
"In Newton, the QoS rule ``QosDscpMarkingRule`` was added. This rule marks "
|
||
"the Differentiated Service Code Point (DSCP) value in the type of service "
|
||
"header on IPv4 (RFC 2474) and traffic class header on IPv6 on all traffic "
|
||
"leaving a virtual machine, where the rule is applied. This is a 6-bit header "
|
||
"with 21 valid values that denote the drop priority of a packet as it crosses "
|
||
"networks should it meet congestion. It can also be used by firewalls to "
|
||
"match valid or invalid traffic against its access control list."
|
||
msgstr ""
|
||
"Di Newton, aturan QoS ``QosDscpMarkingRule`` ditambahkan. Aturan ini "
|
||
"menandai nilai Differentialated Service Code Point (DSCP) pada tipe header "
|
||
"layanan pada header IPv4 (RFC 2474) dan header kelas lalu lintas pada IPv6 "
|
||
"pada semua lalu lintas yang meninggalkan mesin virtual, tempat aturan "
|
||
"diterapkan. Ini adalah header 6-bit dengan 21 nilai valid yang menunjukkan "
|
||
"prioritas drop dari sebuah paket saat ia melintasi jaringan jika memenuhi "
|
||
"kemacetan. Ini juga dapat digunakan oleh firewall untuk mencocokkan lalu "
|
||
"lintas yang valid atau tidak benar terhadap daftar kontrol aksesnya (access "
|
||
"control list)."
|
||
|
||
msgid ""
|
||
"In OpenStack Newton release, there are four supported token types: UUID, "
|
||
"PKI, PKIZ and fernet. Since OpenStack Ocata release, there are two supported "
|
||
"token types: UUID and fernet."
|
||
msgstr ""
|
||
"Dalam rilis OpenStack Newton, ada empat tipe token yang didukung: UUID, PKI, "
|
||
"PKIZ dan fernet. Sejak rilis OpenStack Ocata, ada dua tipe token yang "
|
||
"didukung: UUID dan fernet."
|
||
|
||
msgid ""
|
||
"In ``/etc/swift``, on every node, there is a ``swift_hash_path_prefix`` "
|
||
"setting and a ``swift_hash_path_suffix`` setting. These are provided to "
|
||
"reduce the chance of hash collisions for objects being stored and avert one "
|
||
"user overwriting the data of another user."
|
||
msgstr ""
|
||
"Di ``/etc/swift``, pada setiap simpul, ada pengaturan "
|
||
"``swift_hash_path_prefix`` dan pengaturan ``swift_hash_path_suffix``. Ini "
|
||
"disediakan untuk mengurangi kemungkinan benturan hash untuk objek yang "
|
||
"disimpan dan mencegah satu pengguna menimpa data pengguna lain."
|
||
|
||
msgid "In ``my.cnf``:"
|
||
msgstr "Di ``my.cnf``:"
|
||
|
||
msgid "In ``postgresql.conf``:"
|
||
msgstr "Di ``postgresql.conf``:"
|
||
|
||
msgid ""
|
||
"In a cloud environment, users work with either pre-installed images or "
|
||
"images they upload themselves. In both cases, users should be able to ensure "
|
||
"the image they are utilizing has not been tampered with. The ability to "
|
||
"verify images is a fundamental imperative for security. A chain of trust is "
|
||
"needed from the source of the image to the destination where it's used. This "
|
||
"can be accomplished by signing images obtained from trusted sources and by "
|
||
"verifying the signature prior to use. Various ways to obtain and create "
|
||
"verified images will be discussed below, followed by a description of the "
|
||
"image signature verification feature."
|
||
msgstr ""
|
||
"Di lingkungan awan, pengguna bekerja dengan image atau image pra-instal yang "
|
||
"mereka upload sendiri. Dalam kedua kasus tersebut, pengguna harus dapat "
|
||
"memastikan image yang mereka gunakan belum dirusak. Kemampuan untuk "
|
||
"memverifikasi image adalah keharusan mendasar untuk keamanan. Sebuah rantai "
|
||
"kepercayaan dibutuhkan dari sumber image ke tempat tujuan penggunaannya. Hal "
|
||
"ini dapat dilakukan dengan menandatangani image yang diperoleh dari sumber "
|
||
"terpercaya dan dengan memverifikasi tanda tangan sebelum digunakan. Berbagai "
|
||
"cara untuk mendapatkan dan membuat image terverifikasi akan dibahas di bawah "
|
||
"ini, disusul dengan deskripsi fitur verifikasi tanda tangan image."
|
||
|
||
msgid ""
|
||
"In a typical deployment all traffic transmitted over public networks is "
|
||
"secured, but security best practice dictates that internal traffic must also "
|
||
"be secured. It is insufficient to rely on security domain separation for "
|
||
"protection. If an attacker gains access to the hypervisor or host resources, "
|
||
"compromises an API endpoint, or any other service, they must not be able to "
|
||
"easily inject or capture messages, commands, or otherwise affect the "
|
||
"management capabilities of the cloud."
|
||
msgstr ""
|
||
"Dalam penyebaran yang khas, semua lalu lintas yang dikirim melalui jaringan "
|
||
"publik dijamin, namun praktik keamanan terbaik menentukan bahwa lalu lintas "
|
||
"internal juga harus diamankan. Tidak cukup mengandalkan pemisahan domain "
|
||
"keamanan untuk perlindungan. Jika penyerang memperoleh akses ke hypervisor "
|
||
"atau sumber daya host, kompromi API endpoint, atau layanan lainnya, mereka "
|
||
"tidak boleh dapat dengan mudah menyuntikkan atau menangkap pesan, perintah, "
|
||
"atau mempengaruhi kemampuan pengelolaan awan."
|
||
|
||
msgid ""
|
||
"In addition to restricting database communications to the management "
|
||
"network, we also strongly recommend that the cloud administrator configure "
|
||
"their database back end to require TLS. Using TLS for the database client "
|
||
"connections protects the communications from tampering and eavesdropping. As "
|
||
"will be discussed in the next section, using TLS also provides the framework "
|
||
"for doing database user authentication through X.509 certificates (commonly "
|
||
"referred to as PKI). Below is guidance on how TLS is typically configured "
|
||
"for the two popular database back ends MySQL and PostgreSQL."
|
||
msgstr ""
|
||
"Selain membatasi komunikasi database ke jaringan manajemen, kami juga sangat "
|
||
"menyarankan administrator awan untuk mengkonfigurasi database mereka agar "
|
||
"memerlukan TLS. Menggunakan TLS untuk koneksi klien basis data melindungi "
|
||
"komunikasi dari gangguan dan penyadapan. Seperti yang akan dibahas pada "
|
||
"bagian selanjutnya, dengan menggunakan TLS juga menyediakan framework untuk "
|
||
"melakukan otentikasi pengguna database melalui sertifikat X.509 (biasa "
|
||
"disebut PKI). Berikut adalah panduan tentang bagaimana TLS biasanya "
|
||
"dikonfigurasi untuk dua database populer yang berakhir dengan MySQL dan "
|
||
"PostgreSQL."
|
||
|
||
msgid ""
|
||
"In addition to validating a technologies capabilities, the Common Criteria "
|
||
"process evaluates how technologies are developed."
|
||
msgstr ""
|
||
"Selain memvalidasi kemampuan teknologi, proses Common Criteria mengevaluasi "
|
||
"bagaimana teknologi dikembangkan."
|
||
|
||
msgid ""
|
||
"In addition, it is useful to examine account activity for unusual login "
|
||
"times and suspicious actions, and take corrective actions such as disabling "
|
||
"the account. Oftentimes this approach is taken by credit card providers for "
|
||
"fraud detection and alert."
|
||
msgstr ""
|
||
"Selain itu, hal itu berguna untuk memeriksa aktivitas akun untuk waktu masuk "
|
||
"yang tidak biasa dan tindakan mencurigakan, dan melakukan tindakan perbaikan "
|
||
"seperti menonaktifkan akun. Seringkali pendekatan ini diambil oleh penyedia "
|
||
"kartu kredit untuk deteksi dan kewaspadaan penipuan."
|
||
|
||
msgid "In an OpenStack deployment you will need to address the following:"
|
||
msgstr "Dalam penyebaran OpenStack Anda harus mengatasi hal berikut:"
|
||
|
||
msgid ""
|
||
"In an Openstack context, there are two types of secrets that need to be "
|
||
"managed - those that require a keystone token for access, and those that do "
|
||
"not."
|
||
msgstr ""
|
||
"Dalam konteks Openstack, ada dua jenis rahasia yang perlu dikelola - yang "
|
||
"memerlukan token keystone untuk akses, dan yang tidak."
|
||
|
||
msgid ""
|
||
"In both cases, all servers that are storing tokens need a shared back end. "
|
||
"This means either that both point to the same database server, or both point "
|
||
"to a common memcached instance."
|
||
msgstr ""
|
||
"Dalam kedua kasus tersebut, semua server yang menyimpan token memerlukan "
|
||
"back end bersama. Ini berarti keduanya menunjuk ke server database yang "
|
||
"sama, atau keduanya menunjukkan instance memcached yang umum."
|
||
|
||
msgid ""
|
||
"In cases where a security review has already been performed by a third "
|
||
"party, or where a project prefers to use a third party to perform their "
|
||
"review, information on how to take the output of that third party review and "
|
||
"submit it to the OSSP for validation will be available in the upcoming third "
|
||
"party security review process."
|
||
msgstr ""
|
||
"Dalam kasus di mana review keamanan telah dilakukan oleh pihak ketiga, atau "
|
||
"bila sebuah proyek lebih suka menggunakan pihak ketiga untuk melakukan "
|
||
"review mereka, informasi tentang bagaimana mengambil hasil dari review pihak "
|
||
"ketiga tersebut dan menyerahkannya kepada OSSP untuk validasi akan tersedia "
|
||
"dalam proses pemeriksaan keamanan pihak ketiga yang akan datang."
|
||
|
||
msgid ""
|
||
"In cases where software termination offers insufficient performance, "
|
||
"hardware accelerators may be worth exploring as an alternative option. It is "
|
||
"important to be mindful of the size of requests that will be processed by "
|
||
"any chosen TLS proxy."
|
||
msgstr ""
|
||
"Dalam kasus di mana penghentian perangkat lunak menawarkan kinerja yang "
|
||
"tidak mencukupi, akselerator perangkat keras mungkin perlu ditelusuri "
|
||
"sebagai opsi alternatif. Penting untuk memperhatikan ukuran permintaan yang "
|
||
"akan diproses oleh proxy TLS yang dipilih."
|
||
|
||
msgid ""
|
||
"In either case, the requirements for documentation artefacts are similar - "
|
||
"the project must provide an architecture diagram for a best practise "
|
||
"deployment. Vulnerability scans and static analysis scans are not sufficient "
|
||
"evidence for a third party review, although they are strongly recommended as "
|
||
"part of the development cycle for all teams."
|
||
msgstr ""
|
||
"Bagaimanapun, persyaratan untuk artefak dokumentasi serupa - proyek harus "
|
||
"menyediakan diagram arsitektur untuk penerapan praktik terbaik. Pemindaian "
|
||
"kerentanan dan analisis analisis statis bukanlah bukti yang cukup untuk "
|
||
"tinjauan pihak ketiga, walaupun mereka sangat disarankan sebagai bagian dari "
|
||
"siklus pengembangan untuk semua tim."
|
||
|
||
msgid ""
|
||
"In general, there are two different strategies for verifying the boot "
|
||
"process. Traditional *secure boot* will validate the code run at each step "
|
||
"in the process, and stop the boot if code is incorrect. *Boot attestation* "
|
||
"will record which code is run at each step, and provide this information to "
|
||
"another machine as proof that the boot process completed as expected. In "
|
||
"both cases, the first step is to measure each piece of code before it is "
|
||
"run. In this context, a measurement is effectively a SHA-1 hash of the code, "
|
||
"taken before it is executed. The hash is stored in a platform configuration "
|
||
"register (PCR) in the TPM."
|
||
msgstr ""
|
||
"Secara umum, ada dua strategi yang berbeda untuk memverifikasi proses "
|
||
"booting. *secure boot* akan memvalidasi kode yang dijalankan pada setiap "
|
||
"langkah dalam proses, dan menghentikan boot jika kode salah. *Boot "
|
||
"attestation * akan mencatat kode mana yang dijalankan pada setiap langkah, "
|
||
"dan berikan informasi ini ke mesin lain sebagai bukti bahwa proses boot "
|
||
"selesai seperti yang diharapkan. Dalam kedua kasus tersebut, langkah pertama "
|
||
"adalah mengukur setiap potongan kode sebelum dijalankan. Dalam konteks ini, "
|
||
"pengukuran secara efektif merupakan hash kode SHA-1, yang diambil sebelum "
|
||
"dijalankan. Hash disimpan dalam platform configuration register (PCR) di TPM."
|
||
|
||
msgid ""
|
||
"In most deployments this domain is considered *trusted*. However, when "
|
||
"considering an OpenStack deployment, there are many systems that bridge this "
|
||
"domain with others, potentially reducing the level of trust you can place on "
|
||
"this domain. See :ref:`Bridging_security_domains` for more information."
|
||
msgstr ""
|
||
"Dalam kebanyakan penyebaran domain ini dianggap *trusted*. Namun, ketika "
|
||
"mempertimbangkan penyebaran OpenStack, ada banyak sistem yang menjembatani "
|
||
"domain ini dengan orang lain, yang berpotensi mengurangi tingkat kepercayaan "
|
||
"yang dapat Anda tempatkan pada domain ini. Lihat :ref: "
|
||
"`Bridging_security_domains` untuk informasi lebih lanjut."
|
||
|
||
msgid ""
|
||
"In older OpenStack releases, ``lvm_type=default`` was used to signify a "
|
||
"wipe. While this method still works, ``lvm_type=default`` is not recommended "
|
||
"for setting secure delete."
|
||
msgstr ""
|
||
"Pada rilis OpenStack yang lebih lawas, ``lvm_type = default`` digunakan "
|
||
"untuk menandakan penghapusan. Meskipun metode ini masih bekerja, ``lvm_type "
|
||
"= default`` tidak disarankan untuk menyetel hapus aman."
|
||
|
||
msgid ""
|
||
"In order to create a trust between the Identity Provider and the Service "
|
||
"Provider, metadata must be exchanged. To create metadata for your Identity "
|
||
"service, run the :command:`keystone-manage` command and pipe the output to a "
|
||
"file. For example:"
|
||
msgstr ""
|
||
"Untuk menciptakan kepercayaan antara Identity Provider dan Service Provider, "
|
||
"metadata harus dipertukarkan. Untuk membuat metadata untuk layanan Identity "
|
||
"Anda, jalankan perintah :command: `keystone-manage` dan isikan output ke "
|
||
"file. Sebagai contoh:"
|
||
|
||
msgid ""
|
||
"In order to select the best supporting software, consider these factors:"
|
||
msgstr ""
|
||
"Untuk memilih perangkat lunak pendukung terbaik, pertimbangkan faktor-faktor "
|
||
"berikut:"
|
||
|
||
msgid ""
|
||
"In some cases deployers may want to consider securing a bridge to a higher "
|
||
"standard than any of the domains in which it resides. Given the above "
|
||
"example of an API endpoint, an adversary could potentially target the API "
|
||
"endpoint from the public domain, leveraging it in the hopes of compromising "
|
||
"or gaining access to the management domain."
|
||
msgstr ""
|
||
"Dalam beberapa kasus, pelaksana mungkin ingin mempertimbangkan untuk "
|
||
"mengamankan jembatan dengan standar yang lebih tinggi daripada domain mana "
|
||
"pun tempat tinggalnya. Dengan contoh API endpoint di atas, musuh berpotensi "
|
||
"menargetkan API endpoint dari domain publik, memanfaatkannya dengan harapan "
|
||
"mengorbankan atau mendapatkan akses ke domain manajemen."
|
||
|
||
msgid ""
|
||
"In some cases, it is required to explicitly specify one of the security "
|
||
"services, for example, NetApp, EMC and Windows drivers require Active "
|
||
"Directory for the creation of shares with the CIFS protocol."
|
||
msgstr ""
|
||
"Dalam beberapa kasus, diperlukan untuk menentukan secara eksplisit salah "
|
||
"satu layanan keamanan, misalnya, driver NetApp, EMC dan Windows memerlukan "
|
||
"Active Directory untuk pembuatan share dengan protokol CIFS."
|
||
|
||
msgid ""
|
||
"In some deployments it may be required to add host-based IDS on sensitive "
|
||
"components on security domain bridges. A host-based IDS may detect anomalous "
|
||
"activity by compromised or unauthorized processes on the component. The IDS "
|
||
"should transmit alert and log information on the Management network."
|
||
msgstr ""
|
||
"Dalam beberapa penerapan, mungkin diperlukan penambahan IDS berbasis host "
|
||
"pada komponen sensitif pada jembatan domain keamanan. IDS berbasis host "
|
||
"dapat mendeteksi aktivitas anomali dengan proses yang membahayakan atau "
|
||
"tidak sah pada komponen. IDS harus mengirimkan informasi waspada dan log "
|
||
"pada jaringan Management."
|
||
|
||
msgid ""
|
||
"In the *no share servers* mode a share driver does not handle storage life "
|
||
"cycle. An administrator is expected to handle the storage, network "
|
||
"interfaces, and other host configurations. In this mode an administrator can "
|
||
"set storage as a host which exports shares. The main characteristic of this "
|
||
"mode is that the storage is not handled by the Shared File Systems service. "
|
||
"Users in a tenant share common network, host, processor, and network pipe. "
|
||
"They can hinder each other if there is no correct balancing adjustment on "
|
||
"the storage configured by admin or proxy before it. In public clouds it is "
|
||
"possible that all network capacity is used by one client, so an "
|
||
"administrator should care for this not to happen. Balancing adjustment can "
|
||
"be done by any means, not necessarily with OpenStack tools."
|
||
msgstr ""
|
||
"Dalam mode *no share servers* , driver share tidak menangani siklus hidup "
|
||
"penyimpanan. Administrator diharapkan menangani penyimpanan, antarmuka "
|
||
"jaringan, dan konfigurasi host lainnya. Dalam mode ini, administrator dapat "
|
||
"mengatur penyimpanan sebagai host yang mengekspor share. Karakteristik utama "
|
||
"dari mode ini adalah penyimpanan tidak ditangani oleh layanan Shared File "
|
||
"Systems. Pengguna di jaringan penyewa berbagi jaringan umum, host, prosesor, "
|
||
"dan jaringan pipa. Mereka dapat saling menghalangi jika tidak ada "
|
||
"penyesuaian penyeimbang yang benar pada penyimpanan yang dikonfigurasi oleh "
|
||
"admin atau proxy sebelum itu. Di awan publik ada kemungkinan bahwa semua "
|
||
"kapasitas jaringan digunakan oleh satu klien, jadi administrator harus "
|
||
"memperhatikan hal ini agar tidak terjadi. Penyesuaian balancing bisa "
|
||
"dilakukan dengan cara apapun, belum tentu dengan alat OpenStack."
|
||
|
||
msgid ""
|
||
"In the United States, the National Institute of Science and Technology "
|
||
"(NIST) certifies cryptographic algorithms through a process known the "
|
||
"Cryptographic Module Validation Program. NIST certifies algorithms for "
|
||
"conformance against Federal Information Processing Standard 140-2 (FIPS "
|
||
"140-2), which ensures...:"
|
||
msgstr ""
|
||
"Di Amerika Serikat, National Institute of Science and Technology (NIST) "
|
||
"mengesahkan algoritma kriptografi melalui sebuah proses yang dikenal dengan "
|
||
"Cryptographic Module Validation Program. NIST mengesahkan algoritma untuk "
|
||
"kesesuaian terhadap Federal Information Processing Standard 140-2 (FIPS "
|
||
"140-2), yang memastikan ...:"
|
||
|
||
msgid ""
|
||
"In the ``/etc/manila/`` directory you can find several configuration files:"
|
||
msgstr ""
|
||
"Di direktori ``/etc/manila/`` Anda dapat menemukan beberapa file "
|
||
"konfigurasi:"
|
||
|
||
msgid ""
|
||
"In the beginning of this chapter we discuss the use of both physical and "
|
||
"virtual hardware by instances, the associated security risks, and some "
|
||
"recommendations for mitigating those risks. We conclude the chapter with a "
|
||
"discussion of sVirt, an open source project for integrating SELinux "
|
||
"mandatory access controls with the virtualization components."
|
||
msgstr ""
|
||
"Pada awal bab ini, kami membahas penggunaan perangkat keras fisik dan "
|
||
"virtual oleh beberapa instance, risiko keamanan terkait, dan beberapa "
|
||
"rekomendasi untuk mengurangi risiko tersebut. Kami menyimpulkan bab ini "
|
||
"dengan diskusi tentang sVirt, sebuah proyek open source untuk "
|
||
"mengintegrasikan kontrol akses wajib SELinux dengan komponen virtualisasi."
|
||
|
||
msgid ""
|
||
"In the case of an OpenStack cloud instance, we need to monitor the hardware, "
|
||
"the OpenStack services, and the cloud resource usage. The latter stems from "
|
||
"wanting to be elastic, to scale to the dynamic needs of the users."
|
||
msgstr ""
|
||
"Dalam kasus instance awan OpenStack, kita perlu memantau perangkat keras, "
|
||
"layanan OpenStack, dan penggunaan sumber daya awan. Yang terakhir ini "
|
||
"berasal dari keinginan untuk menjadi elastis, untuk disesuaikan dengan "
|
||
"kebutuhan dinamis pengguna."
|
||
|
||
msgid ""
|
||
"In the case of failure, systems should be configured to fail into a closed "
|
||
"secure state. For example, TLS certificate verification should fail closed "
|
||
"by severing the network connection if the CNAME does not match the server's "
|
||
"DNS name. Software often fails open in this situation, allowing the "
|
||
"connection to proceed without a CNAME match, which is less secure and not "
|
||
"recommended."
|
||
msgstr ""
|
||
"Jika terjadi kegagalan, sistem harus dikonfigurasi untuk gagal dalam keadaan "
|
||
"aman tertutup. Misalnya, verifikasi sertifikat TLS gagal ditutup dengan "
|
||
"memutuskan sambungan jaringan jika CNAME tidak sesuai dengan nama DNS "
|
||
"server. Perangkat lunak sering gagal terbuka dalam situasi ini, memungkinkan "
|
||
"koneksi berlanjut tanpa kecocokan CNAME, yang kurang aman dan tidak "
|
||
"disarankan."
|
||
|
||
msgid "In the file ``pg_hba.conf``:"
|
||
msgstr "Dalam file ``pg_hba.conf``:"
|
||
|
||
msgid ""
|
||
"In the initial architectural phases of designing your OpenStack Network "
|
||
"infrastructure it is important to ensure appropriate expertise is available "
|
||
"to assist with the design of the physical networking infrastructure, to "
|
||
"identify proper security controls and auditing mechanisms."
|
||
msgstr ""
|
||
"Pada tahap arsitektur awal untuk merancang infrastruktur OpenStack Network "
|
||
"Anda, penting untuk memastikan keahlian yang sesuai tersedia untuk membantu "
|
||
"perancangan infrastruktur jaringan fisik, untuk mengidentifikasi mekanisme "
|
||
"kontrol keamanan dan audit yang tepat."
|
||
|
||
msgid ""
|
||
"In the returned unscoped token, a list of Identity service groups the user "
|
||
"belongs to will be included."
|
||
msgstr ""
|
||
"Dalam token yang tidak terkunci, daftar grup layanan Identity yang menjadi "
|
||
"milik pengguna akan disertakan."
|
||
|
||
msgid ""
|
||
"In this chapter we discuss how to assess the needs of data processing users "
|
||
"with respect to their applications, the data that they use, and their "
|
||
"expected capabilities within a project. We will also demonstrate a number of "
|
||
"hardening techniques for the service controller and its clusters, and "
|
||
"provide examples of various controller configurations and user management "
|
||
"approaches to ensure an adequate level of security and privacy."
|
||
msgstr ""
|
||
"Dalam bab ini kita membahas bagaimana menilai kebutuhan pengguna pengolahan "
|
||
"data sehubungan dengan aplikasinya, data yang mereka gunakan, dan kemampuan "
|
||
"yang diharapkan dalam suatu proyek. Kami juga akan menunjukkan sejumlah "
|
||
"teknik pengerasan untuk pengendali layanan dan clusternya, dan memberikan "
|
||
"contoh berbagai konfigurasi controller dan pendekatan manajemen pengguna "
|
||
"untuk memastikan tingkat keamanan dan privasi yang memadai."
|
||
|
||
msgid ""
|
||
"In this chapter we explore these technologies and describe the situations "
|
||
"where they can be used to enhance security for instances or underlying "
|
||
"instances. We also seek to highlight where privacy concerns may exist. These "
|
||
"include data pass through, introspection, or providing a source of entropy. "
|
||
"In this section we highlight the following additional security services:"
|
||
msgstr ""
|
||
"Dalam bab ini, kita mengeksplorasi teknologi ini dan menggambarkan situasi "
|
||
"di mana mereka dapat digunakan untuk meningkatkan keamanan untuk instance "
|
||
"atau instance yang mendasarinya. Kami juga berusaha untuk menyoroti di mana "
|
||
"masalah privasi mungkin ada. Ini termasuk data yang lewat, introspeksi, atau "
|
||
"penyediaan sumber entropi. Pada bagian ini kami menyoroti layanan keamanan "
|
||
"tambahan berikut ini:"
|
||
|
||
msgid ""
|
||
"In this chapter we will call out general best practice around Compute "
|
||
"security as well as specific known configurations that can lead to security "
|
||
"issues. The ``nova.conf`` file and the ``/var/lib/nova`` locations should be "
|
||
"secured. Controls like centralized logging, the ``policy.json`` file, and a "
|
||
"mandatory access control framework should be implemented."
|
||
msgstr ""
|
||
"Dalam bab ini kita akan memanggil praktik umum terbaik seputar keamanan "
|
||
"Compute dan juga konfigurasi yang diketahui yang dapat menyebabkan masalah "
|
||
"keamanan. File ``nova.conf`` dan lokasi ``/var/lib/nova``` harus diamankan. "
|
||
"Kontrol seperti logging terpusat, file ``policy.json``, dan kerangka kontrol "
|
||
"akses wajib harus diimplementasikan."
|
||
|
||
msgid ""
|
||
"In this document, we treat community and hybrid similarly, dealing "
|
||
"explicitly only with the extremes of public and private clouds from a "
|
||
"security perspective. Your security measures depend where your deployment "
|
||
"falls upon the private public continuum."
|
||
msgstr ""
|
||
"Dalam dokumen ini, kita memperlakukan masyarakat dan hibrida dengan cara "
|
||
"yang sama, berurusan secara eksplisit hanya dengan awan publik dan awan "
|
||
"ekstrem yang ekstrem dari perspektif keamanan. Langkah keamanan Anda "
|
||
"bergantung di tempat penempatan Anda berada di atas rangkaian publik privat."
|
||
|
||
msgid ""
|
||
"In this example we introduce a scoring matrix that places vulnerabilities in "
|
||
"three categories: Privilege Escalation, Denial of Service and Information "
|
||
"Disclosure. Understanding the type of vulnerability and where it occurs in "
|
||
"your infrastructure will enable you to make reasoned response decisions."
|
||
msgstr ""
|
||
"Dalam contoh ini kami memperkenalkan matriks penilaian yang menempatkan "
|
||
"kerentanan dalam tiga kategori: rivilege Escalation, Denial of Service dan "
|
||
"Information Disclosure. Memahami jenis kerentanan dan di mana hal itu "
|
||
"terjadi di infrastruktur Anda akan memungkinkan Anda membuat keputusan "
|
||
"respons beralasan."
|
||
|
||
msgid ""
|
||
"In this mode, a driver is able to create share servers and plug them to "
|
||
"existing networks. When providing a new share server, drivers expect an IP "
|
||
"address and subnet from the Shared File Systems service."
|
||
msgstr ""
|
||
"Dalam mode ini, driver mampu membuat share server dan menyambungkannya ke "
|
||
"jaringan yang ada. Saat menyediakan server share baru, driver mengharapkan "
|
||
"alamat IP dan subnet dari layanan Shared File Systems."
|
||
|
||
msgid ""
|
||
"In this mode, a share driver is able to create share servers and plug them "
|
||
"to an existing segmented network. Share drivers expect the Shared File "
|
||
"Systems service to provide a subnet definition for every new share server. "
|
||
"This definition should include segmentation type, segmentation ID, and any "
|
||
"other info relevant to the segmentation type."
|
||
msgstr ""
|
||
"Dalam mode ini, share driver dapat membuat server berbagi dan "
|
||
"menyambungkannya ke jaringan tersegmentasi yang ada. Share driver "
|
||
"mengharapkan layanan Shared File Systems untuk menyediakan definisi subnet "
|
||
"untuk setiap server berbagi baru. Definisi ini harus mencakup tipe "
|
||
"segmentasi, ID segmentasi, dan info lainnya yang relevan dengan tipe "
|
||
"segmentasi."
|
||
|
||
msgid ""
|
||
"In this mode, drivers have basically no network requirements whatsoever. "
|
||
"It's assumed that storage controller being managed by the driver has all of "
|
||
"the network interfaces it's going to need. The Shared File Systems service "
|
||
"will expect the driver to provision shares directly without creating any "
|
||
"share server beforehand. This mode corresponds to what some existing drivers "
|
||
"are already doing, but it makes the choice explicit for the administrator. "
|
||
"In this mode, the share networks are not needed at share creation time and "
|
||
"must not be provided."
|
||
msgstr ""
|
||
"Dalam mode ini, driver pada dasarnya tidak memiliki persyaratan jaringan "
|
||
"sama sekali. Diasumsikan bahwa pengendali penyimpanan yang dikelola oleh "
|
||
"driver memiliki semua antarmuka jaringan yang dibutuhkannya. Layanan Shared "
|
||
"File Systems akan mengharapkan driver untuk menyediakan share secara "
|
||
"langsung tanpa membuat share server terlebih dahulu. Mode ini sesuai dengan "
|
||
"beberapa driver yang sudah ada, namun ini membuat pilihan eksplisit bagi "
|
||
"administrator. Dalam mode ini, jaringan share tidak diperlukan pada waktu "
|
||
"pembuatan share dan tidak boleh disediakan."
|
||
|
||
msgid ""
|
||
"In this mode, some storage controllers can create share servers but due to "
|
||
"various limitations of physical or logical network all of share servers have "
|
||
"to be on a flat network. In this mode, a share driver needs something to "
|
||
"provision IP addresses for share servers, but IPs will all come out of the "
|
||
"same subnet and that subnet itself is assumed to be reachable by all tenants."
|
||
msgstr ""
|
||
"Dalam mode ini, beberapa controller penyimpanan dapat membuat share server "
|
||
"namun karena berbagai keterbatasan jaringan fisik atau logis, semua share "
|
||
"server harus berada pada jaringan datar. Dalam mode ini, share driver "
|
||
"membutuhkan sesuatu untuk menyediakan alamat IP untuk share serveri, namun "
|
||
"semua IP keluar dari subnet yang sama dan subnet itu sendiri diasumsikan "
|
||
"dapat dijangkau oleh semua penyewa."
|
||
|
||
msgid "Incidence response"
|
||
msgstr "Respon insiden"
|
||
|
||
msgid "Independent verification and validation"
|
||
msgstr "Verifikasi dan validasi independen"
|
||
|
||
msgid "Indirect access"
|
||
msgstr "Akses tidak langsung"
|
||
|
||
msgid ""
|
||
"Industry standard security principles provide a baseline for compliance "
|
||
"certifications and attestations. If these principles are considered and "
|
||
"referenced throughout an OpenStack deployment, certification activities may "
|
||
"be simplified."
|
||
msgstr ""
|
||
"Prinsip keamanan standar industri memberikan dasar untuk sertifikasi "
|
||
"kepatuhan dan pengesahan. Jika prinsip-prinsip ini dipertimbangkan dan "
|
||
"dirujuk sepanjang penerapan OpenStack, kegiatan sertifikasi dapat "
|
||
"disederhanakan."
|
||
|
||
msgid ""
|
||
"Information Disclosure vulnerabilities reveal information about your system "
|
||
"or operations. These vulnerabilities range from debugging information "
|
||
"disclosure, to exposure of critical security data, such as authentication "
|
||
"credentials and passwords."
|
||
msgstr ""
|
||
"Kerentanan Information Disclosurei mengungkapkan informasi tentang sistem "
|
||
"atau operasi Anda. Kerentanan ini berkisar dari debugging pengungkapan "
|
||
"informasi, hingga pemaparan (exposure) data keamanan penting, seperti "
|
||
"kredensial dan kata kunci otentikasi."
|
||
|
||
msgid "Information Security Management system (ISMS)"
|
||
msgstr "Information Security Management System (ISMS)"
|
||
|
||
msgid "Information disclosure"
|
||
msgstr "Information disclosure"
|
||
|
||
msgid "Information on authentication used to connect to that interface"
|
||
msgstr ""
|
||
"Informasi tentang otentikasi yang digunakan untuk terhubung ke antarmuka itu"
|
||
|
||
msgid ""
|
||
"Information system security compliance is reliant on the completion of two "
|
||
"foundational processes:"
|
||
msgstr ""
|
||
"Kepatuhan keamanan sistem informasi bergantung pada penyelesaian dua proses "
|
||
"dasar:"
|
||
|
||
msgid "Infrastructure nodes"
|
||
msgstr "Node infrastruktur"
|
||
|
||
msgid "Initial Program Loader (IPL) code. For example, master boot record."
|
||
msgstr "Kode Initial Program Loader (IPL). Contohnya, master boot record."
|
||
|
||
msgid ""
|
||
"Initially, when creating a share network, you can set up either a network "
|
||
"and subnet of the OpenStack Networking (neutron) or a network of Legacy "
|
||
"networking (nova-network) services. The third approach is to configure the "
|
||
"networking without Legacy networking and Networking services. "
|
||
"``StandaloneNetworkPlugin`` can be used with any network platform. You can "
|
||
"set network parameters in its configuration file."
|
||
msgstr ""
|
||
"Awalnya, saat membuat jaringan berbagi, Anda dapat mengatur jaringan dan "
|
||
"subnet jaringan OpenStack (neutron) atau jaringan layanan Legacy networking "
|
||
"(nova-network). Pendekatan ketiga adalah mengkonfigurasi jaringan tanpa "
|
||
"layanan Legacy networking dan Networking. `StandaloneNetworkPlugin`` dapat "
|
||
"digunakan dengan platform jaringan apapun. Anda dapat mengatur parameter "
|
||
"jaringan pada file konfigurasinya."
|
||
|
||
msgid ""
|
||
"Inside The Shared File Systems API, a ``security_service`` is associated "
|
||
"with the ``share_networks``."
|
||
msgstr ""
|
||
"Di dalam File Systems API, sebuah ``security_service`` dikaitkan dengan "
|
||
"``share_networks``."
|
||
|
||
msgid "Install Shibboleth:"
|
||
msgstr "Memasang Shibboleth:"
|
||
|
||
msgid "Instance data is copied from the hypervisor to libvirtd."
|
||
msgstr "Instance data disalin dari hypervisor ke libvirt."
|
||
|
||
msgid "Instance memory scrubbing"
|
||
msgstr "Instance memory scrubbing"
|
||
|
||
msgid "Instance migrations"
|
||
msgstr "Migrasi instance"
|
||
|
||
msgid "Instance security management"
|
||
msgstr "Manajemen keamanan instance"
|
||
|
||
msgid ""
|
||
"Integrity Failure Impact: barbican and Workers can no longer access the "
|
||
"queue. Denial of service."
|
||
msgstr ""
|
||
"Integrity Failure Impact: barbican dan Workers tidak bisa lagi mengakses "
|
||
"antrian. Denial of service."
|
||
|
||
msgid ""
|
||
"Integrity Failure Impact: barbican will not be able to validate user "
|
||
"credentials and fail. DoS."
|
||
msgstr ""
|
||
"Integrity Failure Impact: barbican tidak akan bisa memvalidasi kredensial "
|
||
"pengguna dan gagal. DoS."
|
||
|
||
msgid "Integrity life-cycle"
|
||
msgstr "Integritas siklus hidup"
|
||
|
||
msgid "Intel TXT / SEM"
|
||
msgstr "Intel TXT / SEM"
|
||
|
||
msgid "Intel Trusted Execution Technology"
|
||
msgstr "Intel Trusted Execution Technology"
|
||
|
||
msgid ""
|
||
"Intel.com, Trusted Compute Pools with Intel Trusted Execution Technology "
|
||
"(Intel TXT). `http://www.intel.com/txt <http://www.intel.com/txt>`_"
|
||
msgstr ""
|
||
"Intel.com, Trusted Compute Pools dengan Intel Trusted Execution Technology "
|
||
"(Intel TXT). `http://www.intel.com/txt <http://www.intel.com/txt>`_"
|
||
|
||
msgid "Intelligence services"
|
||
msgstr "Intelligence services"
|
||
|
||
msgid "Intended purpose"
|
||
msgstr "Intended Purpose (tujuan yang diinginkan)"
|
||
|
||
msgid ""
|
||
"Inter-device communication is a serious security concern. Between large "
|
||
"project errors, such as Heartbleed, or more advanced attacks such as BEAST "
|
||
"and CRIME, secure methods of communication over a network are becoming more "
|
||
"important. It should be remembered, however that encryption should be "
|
||
"applied as one part of a larger security strategy. The compromise of an "
|
||
"endpoint means that an attacker no longer needs to break the encryption "
|
||
"used, but is able to view and manipulate messages as they are processed by "
|
||
"the system."
|
||
msgstr ""
|
||
"Komunikasi antar perangkat merupakan masalah keamanan yang serius. Antara "
|
||
"kesalahan proyek besar, seperti serangan Heartbleed, atau yang lebih maju "
|
||
"seperti BEAST dan CRIME, metode komunikasi yang aman melalui jaringan "
|
||
"menjadi lebih penting. Harus diingat, bagaimanapun enkripsi itu harus "
|
||
"diterapkan sebagai salah satu bagian dari strategi keamanan yang lebih "
|
||
"besar. Kompromi dari endpoint berarti bahwa penyerang tidak lagi perlu "
|
||
"memecahkan enkripsi yang digunakan, namun mampu melihat dan memanipulasi "
|
||
"pesan saat diproses oleh sistem."
|
||
|
||
msgid "Interface with the Key management service through a secure wrapper"
|
||
msgstr "Interface dengan layanan manajemen Key melalui pembungkus yang aman"
|
||
|
||
msgid "Interfaces"
|
||
msgstr "Antarmuka"
|
||
|
||
msgid "Internal API communications"
|
||
msgstr "Komunikasi API internal"
|
||
|
||
msgid "Internal audit"
|
||
msgstr "Audit internal"
|
||
|
||
msgid "Internally generated private keys for compute image bundling"
|
||
msgstr "Private key yang dibuat secara internal untuk komputasi bundling image"
|
||
|
||
msgid "Internally implemented authentication methods"
|
||
msgstr "Metode otentikasi yang diimplementasikan secara internal"
|
||
|
||
msgid ""
|
||
"Introduce privacy considerations specific to OpenStack and cloud "
|
||
"environments."
|
||
msgstr ""
|
||
"Perkenalkan pertimbangan privasi yang spesifik untuk lingkungan OpenStack "
|
||
"dan cloud."
|
||
|
||
msgid ""
|
||
"Introduced into the Linux kernel in version 2.6.32, Kernel Samepage Merging "
|
||
"(KSM) consolidates identical memory pages between Linux processes. As each "
|
||
"guest VM under the KVM hypervisor runs in its own process, KSM can be used "
|
||
"to optimize memory use between VMs."
|
||
msgstr ""
|
||
"Diperkenalkan ke dalam kernel Linux di versi 2.6.32, Kernel Samepage Merging "
|
||
"(KSM) mengkonsolidasikan halaman memori identik di antara proses Linux. "
|
||
"Karena setiap guest VM di bawah hypervisor KVM berjalan dalam prosesnya "
|
||
"sendiri, KSM dapat digunakan untuk mengoptimalkan penggunaan memori di "
|
||
"antara VM."
|
||
|
||
msgid "Introduction"
|
||
msgstr "Pengantar"
|
||
|
||
msgid "Introduction to Data processing"
|
||
msgstr "Pengantar pengolahan Data"
|
||
|
||
msgid "Introduction to OpenStack"
|
||
msgstr "Pengantar OpenStack"
|
||
|
||
msgid "Introduction to TLS and SSL"
|
||
msgstr "Pengantar TLS dan SSL"
|
||
|
||
msgid "Introduction to security services"
|
||
msgstr "Pengantar layanan keamanan"
|
||
|
||
msgid "Intrusion detection system"
|
||
msgstr "Sistem pendeteksi intrusi"
|
||
|
||
msgid "Invalid login attempts"
|
||
msgstr "Upaya login tidak valid"
|
||
|
||
msgid "Is the technology cryptographically signed before distribution?"
|
||
msgstr ""
|
||
"Apakah teknologi itu kriptografis ditandatangani sebelum distribusinya?"
|
||
|
||
msgid "Isolated migration network"
|
||
msgstr "Jaringan migrasi terisolasi"
|
||
|
||
msgid ""
|
||
"It has become industry practice to use secure shell (SSH) access for the "
|
||
"management of Linux and Unix systems. SSH uses secure cryptographic "
|
||
"primitives for communication. With the scope and importance of SSH in "
|
||
"typical OpenStack deployments, it is important to understand best practices "
|
||
"for deploying SSH."
|
||
msgstr ""
|
||
"Sudah menjadi praktik industri untuk menggunakan secure shell (SSH) akses "
|
||
"untuk pengelolaan sistem Linux dan Unix. SSH menggunakan primitif "
|
||
"kriptografi yang aman untuk komunikasi. Dengan cakupan dan pentingnya SSH "
|
||
"dalam penerapan OpenStack yang tipikal, penting untuk memahami praktik "
|
||
"terbaik untuk menerapkan SSH."
|
||
|
||
msgid ""
|
||
"It is a burden on the clients to deal with multiple tokens across multiple "
|
||
"cloud service providers. Federated Identity provides single sign on to the "
|
||
"user, who can use the credentials provided and maintained by the user's IdP "
|
||
"to access many different services on the Internet."
|
||
msgstr ""
|
||
"Ini adalah beban pada klien untuk menangani beberapa token di beberapa "
|
||
"penyedia layanan awan.Federated Identity memberikan tanda tunggal pada "
|
||
"pengguna, yang dapat menggunakan kredensial yang disediakan dan dikelola "
|
||
"oleh pengguna IdP untuk mengakses berbagai layanan di Internet."
|
||
|
||
msgid "It is also recommended the following ``Contact`` options are set."
|
||
msgstr "Juga disarankan opsi ``Contact`` berikut disetel."
|
||
|
||
msgid ""
|
||
"It is an extensible :term:`Django` web application that allows easy plug-in "
|
||
"of third-party products and services, such as billing, monitoring, and "
|
||
"additional management tools."
|
||
msgstr ""
|
||
"Ini adalah aplikasi web :term:`Django` extensible yang memungkinkan "
|
||
"kemudahan plug-in produk dan layanan pihak ketiga, seperti penagihan, "
|
||
"pemantauan, dan alat manajemen tambahan."
|
||
|
||
msgid ""
|
||
"It is assumed that the ``keystone`` service is running on port ``5000``."
|
||
msgstr "Diasumsikan bahwa layanan ``keystone`` berjalan pada port ``5000``."
|
||
|
||
msgid ""
|
||
"It is generally accepted that it is best to encrypt sensitive data as early "
|
||
"as possible and decrypt it as late as possible. Despite this best practice, "
|
||
"it seems that it's common to use a SSL/TLS proxy in front of the OpenStack "
|
||
"services and use clear communication afterwards as shown below:"
|
||
msgstr ""
|
||
"Umumnya diterima bahwa yang terbaik adalah mengenkripsi data sensitif sedini "
|
||
"mungkin dan mendekripsinya selambat mungkin. Meskipun ada praktik terbaik "
|
||
"ini, nampaknya umum menggunakan proxy SSL/TLS di depan layanan OpenStack dan "
|
||
"menggunakan komunikasi yang jelas setelahnya seperti yang ditunjukkan di "
|
||
"bawah ini:"
|
||
|
||
msgid ""
|
||
"It is highly recommended that OpenStack deployments have information similar "
|
||
"to this on record. The table can be created from information derived from a "
|
||
"CMDB or can be constructed manually."
|
||
msgstr ""
|
||
"Sangat disarankan agar pengerahan OpenStack memiliki informasi yang serupa "
|
||
"dengan catatan ini. Tabel dapat dibuat dari informasi yang berasal dari CMDB "
|
||
"atau dapat dibangun secara manual."
|
||
|
||
msgid "It is highly recommended to use HTTP Strict Transport Security (HSTS)."
|
||
msgstr ""
|
||
"Hal ini sangat dianjurkan untuk digunakan HTTP Strict Transport Security "
|
||
"(HSTS)."
|
||
|
||
msgid ""
|
||
"It is important to consider the placement of the Network IDS on the cloud "
|
||
"(for example, adding it to the network boundary and/or around sensitive "
|
||
"networks). The placement depends on your network environment but make sure "
|
||
"to monitor the impact the IDS may have on your services depending on where "
|
||
"you choose to add it. Encrypted traffic, such as TLS, cannot generally be "
|
||
"inspected for content by a Network IDS. However, the Network IDS may still "
|
||
"provide some benefit in identifying anomalous unencrypted traffic on the "
|
||
"network."
|
||
msgstr ""
|
||
"Penting untuk mempertimbangkan penempatan Network IDS di atas awan "
|
||
"(misalnya, menambahkannya ke batas jaringan dan / atau jaringan sensitif). "
|
||
"Penempatan tergantung pada lingkungan jaringan Anda namun pastikan untuk "
|
||
"memantau dampak IDS terhadap layanan Anda bergantung pada tempat Anda "
|
||
"memilih untuk menambahkannya. Lalu lintas terenkripsi, seperti TLS, biasanya "
|
||
"tidak dapat diperiksa untuk konten oleh Network IDS. Namun, Network IDS "
|
||
"masih dapat memberikan beberapa keuntungan dalam mengidentifikasi lalu "
|
||
"lintas anomali yang tidak terenkripsi pada jaringan."
|
||
|
||
msgid ""
|
||
"It is important to include backup procedures and policies in the overall "
|
||
"System Security Plan. For a good overview of OpenStack's Backup and Recovery "
|
||
"capabilities and procedures, refer to the `OpenStack Operations Guide on "
|
||
"backup and recovery <https://docs.openstack.org/openstack-ops/content/"
|
||
"backup_and_recovery.html>`__."
|
||
msgstr ""
|
||
"Penting untuk menyertakan prosedur dan kebijakan cadangan dalam keseluruhan "
|
||
"System Security Plan. Untuk gambaran umum tentang kemampuan dan prosedur "
|
||
"Backup dan Pemulihan OpenStack, lihat `OpenStack Operations Guide on backup "
|
||
"and recovery <https://docs.openstack.org/openstack-ops/content/"
|
||
"backup_and_recovery.html>`__."
|
||
|
||
msgid ""
|
||
"It is important to note that use of the Xen memory balloon feature is likely "
|
||
"to result in information disclosure. We strongly recommended to avoid use of "
|
||
"this feature."
|
||
msgstr ""
|
||
"Penting untuk dicatat bahwa penggunaan fitur balon memori Xen cenderung "
|
||
"menghasilkan keterbukaan informasi. Kami sangat disarankan untuk menghindari "
|
||
"penggunaan fitur ini."
|
||
|
||
msgid ""
|
||
"It is important to protect the cloud deployment from being configured or "
|
||
"manipulated by malicious entities. With many systems in a cloud employing "
|
||
"compute and networking virtualization, there are distinct challenges "
|
||
"applicable to OpenStack which must be addressed through integrity lifecycle "
|
||
"management."
|
||
msgstr ""
|
||
"Penting untuk melindungi pengerahan awan agar tidak dikonfigurasi atau "
|
||
"dimanipulasi oleh entitas jahat. Dengan banyak sistem di awan yang "
|
||
"menggunakan komputasi dan virtualisasi jaringan, ada tantangan yang berbeda "
|
||
"yang berlaku untuk OpenStack yang harus ditangani melalui manajemen siklus "
|
||
"hidup integritas."
|
||
|
||
msgid ""
|
||
"It is important to recognize the difference between using Linux Containers "
|
||
"(LXC) or bare metal systems versus using a hypervisor like KVM. "
|
||
"Specifically, the focus of this security guide is largely based on having a "
|
||
"hypervisor and virtualization platform. However, should your implementation "
|
||
"require the use of a baremetal or LXC environment, you must pay attention to "
|
||
"the particular differences in regard to deployment of that environment."
|
||
msgstr ""
|
||
"Penting untuk mengenali perbedaan antara penggunaan Linux Containers (LXC) "
|
||
"atau sistem baremetal versus menggunakan hypervisor seperti KVM. Secara "
|
||
"khusus, fokus panduan keamanan ini sebagian besar didasarkan pada platform "
|
||
"hypervisor dan virtualisasi. Namun, jika penerapan Anda memerlukan "
|
||
"penggunaan lingkungan baremetal atau LXC, Anda harus memperhatikan perbedaan "
|
||
"tertentu sehubungan dengan penyebaran lingkungan itu."
|
||
|
||
msgid ""
|
||
"It is important to review the default networking resource policy, as this "
|
||
"policy can be modified to suit your security posture."
|
||
msgstr ""
|
||
"Penting untuk meninjau ulang kebijakan sumber daya jaringan default, karena "
|
||
"kebijakan ini dapat diubah agar sesuai dengan postur keamanan Anda."
|
||
|
||
msgid ""
|
||
"It is important to take proactive steps to harden QEMU. We recommend three "
|
||
"specific steps:"
|
||
msgstr ""
|
||
"Penting untuk mengambil langkah proaktif untuk mengeras QEMU. Kami "
|
||
"merekomendasikan tiga langkah spesifik:"
|
||
|
||
msgid ""
|
||
"It is important to understand that object storage differs from traditional "
|
||
"file system storage. Object storage is best used for static data such as "
|
||
"media files (MP3s, images, or videos), virtual machine images, and backup "
|
||
"files."
|
||
msgstr ""
|
||
"Penting untuk dipahami bahwa penyimpanan objek berbeda dari penyimpanan "
|
||
"sistem file tradisional. Penyimpanan objek paling baik digunakan untuk data "
|
||
"statis seperti file media (MP3, image, atau video), image mesin virtual, dan "
|
||
"file cadangan."
|
||
|
||
msgid ""
|
||
"It is key that the operator carefully plans and considers the individual "
|
||
"performance needs of users and services within their OpenStack cloud when "
|
||
"configuring and implementing any rate limiting functionality."
|
||
msgstr ""
|
||
"Adalah kunci bahwa operator dengan hati-hati merencanakan dan "
|
||
"mempertimbangkan kebutuhan kinerja individual pengguna dan layanan di dalam "
|
||
"awan OpenStack mereka saat mengkonfigurasi dan menerapkan fungsi rate "
|
||
"limiting."
|
||
|
||
msgid ""
|
||
"It is necessary for administrators to perform command and control over the "
|
||
"cloud for various operational functions. It is important these command and "
|
||
"control facilities are understood and secured."
|
||
msgstr ""
|
||
"Hal ini diperlukan agar administrator melakukan komando dan kontrol atas "
|
||
"awan untuk berbagai fungsi operasional. Penting agar fasilitas komando dan "
|
||
"kontrol ini dipahami dan dijamin."
|
||
|
||
msgid ""
|
||
"It is now possible (though there are numerous deployment/security "
|
||
"implications) to upload an image file directly from a user's hard disk to "
|
||
"OpenStack Image service through the dashboard. For multi-gigabyte images it "
|
||
"is still strongly recommended that the upload be done using the ``glance`` "
|
||
"CLI."
|
||
msgstr ""
|
||
"Sekarang mungkin (meskipun ada banyak penerapan / implikasi keamanan) untuk "
|
||
"mengunggah file image langsung dari hard disk pengguna ke layanan OpenStack "
|
||
"Image melalui dasbor. Untuk image multi-gigabyte masih sangat disarankan "
|
||
"agar upload dilakukan dengan menggunakan CLI ``glance`."
|
||
|
||
msgid ""
|
||
"It is our recommendation to leverage per tenant L3 routing and Floating IPs "
|
||
"for more granular connectivity of tenant VMs."
|
||
msgstr ""
|
||
"Ini adalah rekomendasi kami untuk memanfaatkan per tenant L3 routing dan "
|
||
"Floating IP untuk konektivitas granular tenant VM yang lebih terperinci."
|
||
|
||
msgid ""
|
||
"It is possible to have separate drivers for different modes use the same "
|
||
"hardware, if you want to have different configurations. Depending on which "
|
||
"mode is chosen, an administrator may need to provide more configuration "
|
||
"details through the configuration file."
|
||
msgstr ""
|
||
"Hal ini dimungkinkan untuk memiliki driver terpisah untuk mode yang berbeda "
|
||
"menggunakan perangkat keras yang sama, jika Anda ingin memiliki konfigurasi "
|
||
"yang berbeda. Bergantung pada mode mana yang dipilih, administrator mungkin "
|
||
"perlu memberikan rincian konfigurasi lebih banyak melalui file konfigurasi."
|
||
|
||
msgid ""
|
||
"It is recommended that the OpenStack cloud architect consider using separate "
|
||
"PKI deployments for internal systems and customer facing services. This "
|
||
"allows the cloud deployer to maintain control of their PKI infrastructure "
|
||
"and among other things makes requesting, signing and deploying certificates "
|
||
"for internal systems easier. Advanced configurations may use separate PKI "
|
||
"deployments for different security domains. This allows deployers to "
|
||
"maintain cryptographic separation of environments, ensuring that "
|
||
"certificates issued to one are not recognized by another."
|
||
msgstr ""
|
||
"Dianjurkan agar arsitek awan OpenStack mempertimbangkan untuk menggunakan "
|
||
"penerapan PKI terpisah untuk sistem internal dan layanan yang dihadapi "
|
||
"pelanggan. Hal ini memungkinkan deployer awan untuk mengendalikan "
|
||
"infrastruktur PKI mereka dan antara lain membuat permintaan, penandatanganan "
|
||
"dan penggelaran sertifikat untuk sistem internal menjadi lebih mudah. "
|
||
"Konfigurasi lanjutan dapat menggunakan penerapan PKI yang terpisah untuk "
|
||
"domain keamanan yang berbeda. Hal ini memungkinkan deployer untuk menjaga "
|
||
"pemisahan kriptografi lingkungan, memastikan bahwa sertifikat yang "
|
||
"dikeluarkan untuk satu tidak dikenali pihak lain."
|
||
|
||
msgid ""
|
||
"It is recommended that the following ``Organization`` configuration options "
|
||
"be setup."
|
||
msgstr ""
|
||
"Disarankan agar opsi konfigurasi `` Organization`` yang lain disiapkan."
|
||
|
||
msgid ""
|
||
"It is recommended that you configure the Shared File Systems service to run "
|
||
"under a non-root service account, and change file permissions so that only "
|
||
"the system administrator can modify them. The Shared File Systems service "
|
||
"expects that only administrators can write to configuration files and "
|
||
"services can only read them through their group membership in ``manila`` "
|
||
"group. Others must not be able to read these files because the files contain "
|
||
"admin passwords for different services."
|
||
msgstr ""
|
||
"Disarankan agar Anda mengkonfigurasi layanan Shared File Systems agar "
|
||
"berjalan di bawah akun layanan non-root, dan mengubah perizinan file "
|
||
"sehingga hanya administrator sistem yang dapat memodifikasinya. Layanan "
|
||
"Shared File Systems mengharapkan bahwa hanya administrator yang dapat "
|
||
"menulis ke file konfigurasi dan layanan hanya dapat membacanya melalui "
|
||
"keanggotaan grup mereka di grup ``manila``. Yang lain tidak boleh bisa "
|
||
"membaca file ini karena file tersebut mengandung kata sandi admin untuk "
|
||
"berbagai layanan."
|
||
|
||
msgid ""
|
||
"It is recommended that you follow the guidelines provided in :ref:`database-"
|
||
"authentication-and-access-control` for all components which require direct "
|
||
"DB connections."
|
||
msgstr ""
|
||
"Disarankan agar Anda mengikuti panduan yang diberikan di :ref:`database-"
|
||
"authentication-and-access-control` untuk semua komponen yang memerlukan "
|
||
"koneksi DB langsung."
|
||
|
||
msgid ""
|
||
"It is recommended that you follow the guidelines provided in :ref:`queue-"
|
||
"authentication-and-access-control` for all components which require RPC "
|
||
"communication."
|
||
msgstr ""
|
||
"Disarankan agar Anda mengikuti panduan yang diberikan di :ref:`queue-"
|
||
"authentication-and-access-control` untuk semua komponen yang memerlukan "
|
||
"komunikasi RPC."
|
||
|
||
msgid ""
|
||
"It is recommended to avoid the manual image building process as it is "
|
||
"complex and prone to error. Additionally, using an automated system like Oz "
|
||
"for image building or a configuration management utility like Chef or Puppet "
|
||
"for post-boot image hardening gives you the ability to produce a consistent "
|
||
"image as well as track compliance of your base image to its respective "
|
||
"hardening guidelines over time."
|
||
msgstr ""
|
||
"Dianjurkan untuk menghindari proses pembuatan image manual karena kompleks "
|
||
"dan rentan terhadap kesalahan. Selain itu, dengan menggunakan sistem "
|
||
"otomatis seperti Oz untuk pembuatan image atau utilitas pengelolaan "
|
||
"konfigurasi seperti Chef atau Puppet untuk pengerasan image post-boot "
|
||
"memberi Anda kemampuan untuk menghasilkan image yang konsisten serta melacak "
|
||
"kepatuhan image dasar Anda untuk masing-masing panduan pengerasan dari waktu "
|
||
"ke waktu."
|
||
|
||
msgid ""
|
||
"It should be noted that with this type of implementation sensitive access "
|
||
"tokens will be stored in the browser and will be transmitted with each "
|
||
"request made. The back end ensures the integrity of session data, even "
|
||
"though the transmitted data is only encrypted by HTTPS."
|
||
msgstr ""
|
||
"Perlu dicatat bahwa dengan jenis pelaksanaan ini token akses yang sensitif "
|
||
"akan disimpan di browser dan akan dikirimkan dengan setiap permintaan yang "
|
||
"dilakukan. Back end memastikan integritas data sesi, meskipun data yang "
|
||
"dikirim hanya dienkripsi oleh HTTPS."
|
||
|
||
msgid "KMIP plugin"
|
||
msgstr "Plugin KMIP"
|
||
|
||
msgid "KVM"
|
||
msgstr "KVM"
|
||
|
||
msgid "KVM Kernel Samepage Merging"
|
||
msgstr "KVM Kernel Samepage Merging"
|
||
|
||
msgid ""
|
||
"KVM-based virtual machine instances are labelled with their own SELinux data "
|
||
"type, known as ``svirt_image_t``. Kernel level protections prevent "
|
||
"unauthorized system processes, such as malware, from manipulating the "
|
||
"virtual machine image files on disk. When virtual machines are powered off, "
|
||
"images are stored as ``svirt_image_t`` as shown below:"
|
||
msgstr ""
|
||
"Instance mesin virtual berbasis KVM diberi label dengan tipe data SELinux "
|
||
"mereka sendiri, yang dikenal sebagai ``svirt_image_t``. Perlindungan tingkat "
|
||
"kernel mencegah proses sistem yang tidak sah, seperti perangkat lunak "
|
||
"perusak, dari memanipulasi file image mesin virtual pada disk. Saat mesin "
|
||
"virtual dimatikan, image disimpan sebagai ``svirt_image_t`` seperti di bawah "
|
||
"ini:"
|
||
|
||
msgid "KVM:"
|
||
msgstr "KVM:"
|
||
|
||
msgid ""
|
||
"KVM: Kernal-based Virtual Machine. Kernal Samepage Merging. 2010. `http://"
|
||
"www.linux-kvm.org/page/KSM <http://www.linux-kvm.org/page/KSM>`_"
|
||
msgstr ""
|
||
"KVM: Kernal-based Virtual Machine. Kernal Samepage Merging. 2010. `http://"
|
||
"www.linux-kvm.org/page/KSM <http://www.linux-kvm.org/page/KSM>`_"
|
||
|
||
msgid ""
|
||
"Keith Basil is a Principal Product Manager for Red Hat OpenStack and is "
|
||
"focused on Red Hat's OpenStack product management, development and strategy. "
|
||
"Within the US public sector, Basil brings previous experience from the "
|
||
"design of an authorized, secure, high-performance cloud architecture for "
|
||
"Federal civilian agencies and contractors."
|
||
msgstr ""
|
||
"Keith Basil adalah Principal Product Manager untuk Red Hat OpenStack dan "
|
||
"berfokus pada pengelolaan, pengembangan dan strategi produk di Red Hat. Di "
|
||
"sektor publik AS, Basil membawa pengalaman sebelumnya dari disain arsitektur "
|
||
"awan yang berwenang (authorized), aman, berkinerja tinggi untuk agen sipil "
|
||
"Federal dan kontraktor."
|
||
|
||
msgid "Kerberos"
|
||
msgstr "Kerberos"
|
||
|
||
msgid ""
|
||
"Kernel.org, CGroups. 2004. `https://www.kernel.org/doc/Documentation/cgroup-"
|
||
"v1/cgroups.txt <https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups."
|
||
"txt>`_"
|
||
msgstr ""
|
||
"Kernel.org, CGroups. 2004. `https://www.kernel.org/doc/Documentation/cgroup-"
|
||
"v1/cgroups.txt <https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups."
|
||
"txt>`_"
|
||
|
||
msgid "Key length"
|
||
msgstr "Key Length (panjang kunci)"
|
||
|
||
msgid "Key management"
|
||
msgstr "Manajemen kunci"
|
||
|
||
msgid ""
|
||
"Key management service will support data isolation by providing ephemeral "
|
||
"disk encryption keys on a per-tenant basis"
|
||
msgstr ""
|
||
"Layanan manajemen Key akan mendukung isolasi data dengan menyediakan kunci "
|
||
"enkripsi disk sesaat pada basis per-penyewa"
|
||
|
||
msgid "Keystone"
|
||
msgstr "Keystone"
|
||
|
||
msgid ""
|
||
"Keystone is the commonly used Identity provider in OpenStack. It may also be "
|
||
"used for authentication in Object Storage. Coverage of securing keystone is "
|
||
"already provided in :doc:`identity`."
|
||
msgstr ""
|
||
"Keystone adalah penyedia Identitas yang umum digunakan di OpenStack. Ini "
|
||
"juga bisa digunakan untuk otentikasi di Object Storage. Cakupan pengamanan "
|
||
"keystone i sudah tersedia di :doc:`identity`."
|
||
|
||
msgid ""
|
||
"Knowing information about organizational assets is typically a best "
|
||
"practice. An assets table can assist with validating security requirements "
|
||
"and help to maintain standard security components such as firewall "
|
||
"configuration, service port conflicts, security remediation areas, and "
|
||
"compliance. Additionally, the table can help to understand the relationship "
|
||
"between OpenStack components. The table might include:"
|
||
msgstr ""
|
||
"Mengetahui informasi tentang aset organisasi biasanya merupakan praktik "
|
||
"terbaik. Tabel aset dapat membantu memvalidasi persyaratan keamanan dan "
|
||
"membantu menjaga komponen keamanan standar seperti konfigurasi firewall, "
|
||
"konflik port servis, area remediasi keamanan, dan kepatuhan. Selain itu, "
|
||
"tabel dapat membantu untuk memahami hubungan antara komponen OpenStack. "
|
||
"Table termasuk:"
|
||
|
||
msgid "L2 isolation using VLANs and tunneling"
|
||
msgstr "Isolasi L2 menggunakan VLAN dan tunneling"
|
||
|
||
msgid "L2 tunneling"
|
||
msgstr "L2 tunneling"
|
||
|
||
msgid "L3 agent (*neutron-l3-agent*)"
|
||
msgstr "Agen L3 (*neutron-l3-agent*)"
|
||
|
||
msgid "L3 routing and NAT"
|
||
msgstr "L3 routing dan NAT"
|
||
|
||
msgid "L=1024, N=160 bits"
|
||
msgstr "L=1024, N=160 bits"
|
||
|
||
msgid "LDAP"
|
||
msgstr "LDAP"
|
||
|
||
msgid ""
|
||
"LDAP simplifies integration of Identity authentication into an "
|
||
"organization's existing directory service and user account management "
|
||
"processes."
|
||
msgstr ""
|
||
"LDAP menyederhanakan integrasi otentikasi Identitas ke dalam layanan "
|
||
"direktori dan proses pengelolaan akun perusahaan yang ada."
|
||
|
||
msgid "Labels and categories"
|
||
msgstr "Label dan kategori"
|
||
|
||
msgid ""
|
||
"Lastly, if a scoped token and a Service Provider region are presented to "
|
||
"keystone, the result will be a full SAML Assertion, signed by the IdP "
|
||
"keystone, specifically intended for the Service Provider keystone."
|
||
msgstr ""
|
||
"Terakhir, jika token scoped dan wilayah Service Provider disajikan ke "
|
||
"keystone, hasilnya akan menjadi pernyataan lengkap SAML, yang ditandatangani "
|
||
"oleh IdP keystone, yang khusus ditujukan untuk Service Provider keystone."
|
||
|
||
msgid ""
|
||
"Later in the guide, we focus generically on the virtualization stack as it "
|
||
"relates to hypervisors."
|
||
msgstr ""
|
||
"Kemudian dalam panduan ini, kami fokus secara umum pada tumpukan "
|
||
"virtualisasi yang berkaitan dengan hypervisor."
|
||
|
||
msgid "Layered defenses"
|
||
msgstr "Pertahanan Berlapis"
|
||
|
||
msgid ""
|
||
"Learn more about how to contribute to the OpenStack docs, see the `OpenStack "
|
||
"Documentation Contributor Guide <https://docs.openstack.org/doc-contrib-"
|
||
"guide/index.html>`__."
|
||
msgstr ""
|
||
"Pelajari lebih lanjut tentang bagaimana berkontribusi pada dokumen "
|
||
"OpenStack, lihat `OpenStack Documentation Contributor Guide <https://docs."
|
||
"openstack.org/doc-contrib-guide/index.html>`__."
|
||
|
||
msgid "Least privilege"
|
||
msgstr "Hak istimewa yang paling sedikit"
|
||
|
||
msgid ""
|
||
"Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) "
|
||
"vulnerability, so the OpenStack dashboard provides an option "
|
||
"``DISALLOW_IFRAME_EMBED`` that allows extra security hardening where iframes "
|
||
"are not used in deployment."
|
||
msgstr ""
|
||
"Browser lawas masih rentan terhadap kerentanan Cross-Frame Scripting (XFS), "
|
||
"jadi dasbor OpenStack memberikan opsi ``DISALLOW_IFRAME_EMBED`` yang "
|
||
"memungkinkan pengerasan keamanan ekstra dimana iframe tidak digunakan dalam "
|
||
"penempatan."
|
||
|
||
msgid ""
|
||
"Legacy browsers are still vulnerable to a Cross-Frame Scripting (XFS) "
|
||
"vulnerability, so this option allows extra security hardening where iframes "
|
||
"are not used in deployment."
|
||
msgstr ""
|
||
"Browser lawas masih rentan terhadap kerentanan Cross-Frame Scripting (XFS), "
|
||
"jadi opsi ini memungkinkan pengerasan keamanan ekstra jika iframe tidak "
|
||
"digunakan dalam penerapan."
|
||
|
||
msgid ""
|
||
"Likewise, encrypted data will remain encrypted as it is transferred over the "
|
||
"network."
|
||
msgstr ""
|
||
"Demikian juga, data terenkripsi akan tetap dienkripsi saat ditransfer "
|
||
"melalui jaringan."
|
||
|
||
msgid "Limitations"
|
||
msgstr "Keterbatasan"
|
||
|
||
msgid ""
|
||
"List domains a federated user can access: ``GET /OS-FEDERATION/domains``"
|
||
msgstr ""
|
||
"Daftar domain dimana dapat diakses pengguna federasi: ``GET /OS-FEDERATION/"
|
||
"domains``"
|
||
|
||
msgid ""
|
||
"List projects a federated user can access: ``GET /OS-FEDERATION/projects``"
|
||
msgstr ""
|
||
"Daftar proyek dimana pengguna federasi dapat mengakses: ``GET /OS-FEDERATION/"
|
||
"projects``"
|
||
|
||
msgid ""
|
||
"List resources relevant to the project, such as wiki pages describing its "
|
||
"deployment and usage, and links to code repositories and relevant "
|
||
"presentations."
|
||
msgstr ""
|
||
"Buat daftar sumber daya yang relevan dengan proyek, seperti halaman wiki "
|
||
"yang menjelaskan penyebaran dan penggunaannya, dan tautkan ke repositori "
|
||
"kode dan presentasi yang relevan."
|
||
|
||
msgid "Live migration mitigations"
|
||
msgstr "Keterbatasan migrasi langsung"
|
||
|
||
msgid "Live migration risks"
|
||
msgstr "Resiko migrasi langsung (live). "
|
||
|
||
msgid "Load balancer"
|
||
msgstr "Load balancer (penyeimbang beban)"
|
||
|
||
msgid "Load balancing"
|
||
msgstr "Penyeimbang beban (load balancing)"
|
||
|
||
msgid "Logging"
|
||
msgstr "Logging"
|
||
|
||
msgid "Logging capability"
|
||
msgstr "Kemampuan logging"
|
||
|
||
msgid ""
|
||
"Logs are not only valuable for proactive security and continuous compliance "
|
||
"activities, but they are also a valuable information source for "
|
||
"investigating and responding to incidents."
|
||
msgstr ""
|
||
"Log tidak hanya bermanfaat untuk keamanan proaktif dan aktivitas kepatuhan "
|
||
"yang berkelanjutan, namun juga merupakan sumber informasi yang berharga "
|
||
"untuk menyelidiki dan merespons insiden."
|
||
|
||
msgid "Low"
|
||
msgstr "Low"
|
||
|
||
msgid "Lower impact"
|
||
msgstr "Dampak lebih rendah"
|
||
|
||
msgid "MAC Policy"
|
||
msgstr "MAC Policy"
|
||
|
||
msgid ""
|
||
"MD5 is a weak and depreciated hashing algorithm. It can be cracked using "
|
||
"brute force attack. Identity tokens are sensitive and need to be protected "
|
||
"with a stronger hashing algorithm to prevent unauthorized disclosure and "
|
||
"subsequent access."
|
||
msgstr ""
|
||
"MD5 adalah algoritma hashing yang lemah dan terdepresiasi. Bisa retak "
|
||
"menggunakan serangan brute force. Token identitas sensitif dan perlu "
|
||
"dilindungi dengan algoritma hashing yang lebih kuat untuk mencegah "
|
||
"pengungkapan yang tidak sah dan akses berikutnya."
|
||
|
||
msgid "MGMT"
|
||
msgstr "MGMT"
|
||
|
||
msgid "MGMT, GUEST, and PUBLIC as configured"
|
||
msgstr "MGMT, GUEST, and PUBLIC as configured"
|
||
|
||
msgid "Machine snapshots"
|
||
msgstr "Snapshot mesin"
|
||
|
||
msgid "Magnum"
|
||
msgstr "Magnum"
|
||
|
||
msgid ""
|
||
"Maintain good records from your internal audit. These will prove useful "
|
||
"during the external audit so you can be prepared to answer questions about "
|
||
"mapping the compliance controls to a particular deployment."
|
||
msgstr ""
|
||
"Pertahankan catatan bagus dari audit internal Anda. Ini akan terbukti "
|
||
"berguna selama audit eksternal sehingga Anda dapat siap untuk menjawab "
|
||
"pertanyaan tentang pemetaan kontrol kepatuhan terhadap penerapan tertentu."
|
||
|
||
msgid ""
|
||
"Make sure you use either the SQL or the ``memcached`` driver for tokens, "
|
||
"otherwise the tokens will not be shared between the processes of the Apache "
|
||
"HTTPD server."
|
||
msgstr ""
|
||
"Pastikan Anda menggunakan driver SQL atau ``memcached`` untuk token, jika "
|
||
"tidak, token tidak akan dibagi antara proses server HTTPD Apache."
|
||
|
||
msgid ""
|
||
"Malini Bhandaru is a security architect at Intel. She has a varied "
|
||
"background, having worked on platform power and performance at Intel, speech "
|
||
"products at Nuance, remote monitoring and management at ComBrio, and web "
|
||
"commerce at Verizon. She has a Ph.D. in Artificial Intelligence from the "
|
||
"University of Massachusetts, Amherst."
|
||
msgstr ""
|
||
"Malini Bhandaru adalah seorang arsitek keamanan di Intel. Dia memiliki latar "
|
||
"belakang yang bervariasi, setelah mengerjakan kekuatan dan kinerja platform "
|
||
"di Intel, produk ucapan (speech) di Nuance, pemantauan jarak jauh dan "
|
||
"manajemen di ComBrio, dan perdagangan web di Verizon. Dia memiliki gelar Ph."
|
||
"D. dalam Artificial Intelligence dari University of Massachusetts, Amherst."
|
||
|
||
msgid "Management"
|
||
msgstr "Management"
|
||
|
||
msgid "Management interfaces"
|
||
msgstr "Antarmuka manajemen"
|
||
|
||
msgid "Management network"
|
||
msgstr "Jaringan manajemen"
|
||
|
||
msgid "Management utilities"
|
||
msgstr "Utilitas manajemen"
|
||
|
||
msgid "Mandatory Access Control"
|
||
msgstr "Mandatory Access Control"
|
||
|
||
msgid "Mandatory Access Control (MAC)"
|
||
msgstr "Mandatory Access Control (MAC)"
|
||
|
||
msgid ""
|
||
"Mandatory Access Control (MAC) restricts access to objects based on labels "
|
||
"assigned to subjects and objects. Sensitivity labels are automatically "
|
||
"attached to processes and objects. The access control policy enforced using "
|
||
"these labels is derived from the :term:`Bell-LaPadula model`. SELinux "
|
||
"categories are attached to virtual machines and its resources. The access "
|
||
"control policy enforced using these categories grant virtual machines access "
|
||
"to resources if the category of the virtual machine is identical to the "
|
||
"category of the accessed resource. The TOE implements non-hierarchical "
|
||
"categories to control access to virtual machines."
|
||
msgstr ""
|
||
"Mandatory Access Control (MAC) membatasi akses ke objek berdasarkan label "
|
||
"yang ditetapkan untuk subjek dan objek. Label sensitivitas secara otomatis "
|
||
"melekat pada proses dan objek. Kebijakan kontrol akses yang diberlakukan "
|
||
"dengan menggunakan label ini berasal dari :term:`Bell-LaPadula model`. "
|
||
"Kategori SELinux dilekatkan pada mesin virtual dan sumber dayanya. Kebijakan "
|
||
"kontrol akses yang diberlakukan dengan menggunakan kategori ini memberi "
|
||
"akses mesin virtual ke sumber daya jika kategori mesin virtual identik "
|
||
"dengan kategori sumber daya yang diakses. TOE menerapkan kategori non-"
|
||
"hierarkis untuk mengendalikan akses ke mesin virtual."
|
||
|
||
msgid "Mandatory access controls"
|
||
msgstr "Kontrol akses wajib (Mandatory Access Control)"
|
||
|
||
msgid ""
|
||
"Mandatory access controls affect all users on the system, including root, "
|
||
"and it is the kernel's job to review the activity against the current "
|
||
"security policy. If the activity isn't within the allowed policy, it is "
|
||
"blocked, even for the root user. Review the discussion on sVirt, SELinux, "
|
||
"and AppArmor below for more details."
|
||
msgstr ""
|
||
"Kontrol akses wajib mempengaruhi semua pengguna di sistem, termasuk root, "
|
||
"dan ini adalah tugas kernel untuk meninjau aktivitas terhadap kebijakan "
|
||
"keamanan saat ini. Jika aktivitas tidak sesuai dengan kebijakan yang "
|
||
"diijinkan, maka hal itu diblokir, bahkan untuk pengguna root. Tinjaulah "
|
||
"diskusi di sVirt, SELinux, dan AppArmor di bawah ini untuk lebih jelasnya."
|
||
|
||
msgid ""
|
||
"Many hypervisors offer a functionality known as PCI passthrough. This allows "
|
||
"an instance to have direct access to a piece of hardware on the node. For "
|
||
"example, this could be used to allow instances to access video cards or GPUs "
|
||
"offering the compute unified device architecture (CUDA) for high performance "
|
||
"computation. This feature carries two types of security risks: direct memory "
|
||
"access and hardware infection."
|
||
msgstr ""
|
||
"Banyak hypervisor menawarkan fungsionalitas yang dikenal sebagai passthrough "
|
||
"PCI. Hal ini memungkinkan sebuah instance untuk memiliki akses langsung ke "
|
||
"perangkat keras pada node. Misalnya, ini bisa digunakan untuk mengizinkan "
|
||
"instance mengakses kartu video atau GPU yang menawarkan compute unified "
|
||
"device architecture (CUDA) untuk perhitungan kinerja tinggi. Fitur ini "
|
||
"membawa dua jenis risiko keamanan: akses memori langsung dan infeksi "
|
||
"perangkat keras."
|
||
|
||
msgid ""
|
||
"Many hypervisors use memory optimization techniques to overcommit memory to "
|
||
"guest virtual machines. This is a useful feature that allows you to deploy "
|
||
"very dense compute clusters. One way to achieve this is through de-"
|
||
"duplication or sharing of memory pages. When two virtual machines have "
|
||
"identical data in memory, there are advantages to having them reference the "
|
||
"same memory."
|
||
msgstr ""
|
||
"Banyak hypervisor menggunakan teknik pengoptimalan memori untuk overcommit "
|
||
"memory ke mesin virtual guest. Ini adalah fitur berguna yang memungkinkan "
|
||
"Anda untuk menggunakan cluster komputasi yang sangat padat. Salah satu cara "
|
||
"untuk mencapainya adalah melalui de-duplicatio atau pembagian halaman "
|
||
"memori. Ketika dua mesin virtual memiliki data yang sama dalam memori, ada "
|
||
"keuntungan untuk meminta mereka untuk merujuk memori yang sama."
|
||
|
||
msgid ""
|
||
"Many modern Linux distributions already build QEMU with compiler hardening "
|
||
"enabled, we recommend verifying your existing executable before proceeding. "
|
||
"One tool that can assist you with this verification is called `checksec.sh "
|
||
"<http://www.trapkit.de/tools/checksec.html>`_"
|
||
msgstr ""
|
||
"Banyak distribusi Linux modern yang sudah membangun QEMU dengan pengerasan "
|
||
"kompilator, kami sarankan untuk memverifikasi executable yang ada sebelum "
|
||
"melanjutkan. Salah satu alat yang dapat membantu Anda dengan verifikasi ini "
|
||
"disebut `checksec.sh <http://www.trapkit.de/tools/checksec.html>`_"
|
||
|
||
msgid ""
|
||
"Many operating systems now provide compartmentalization support. Linux "
|
||
"supports namespaces to assign processes into independent domains. Other "
|
||
"parts of this guide cover system compartmentalization in more detail."
|
||
msgstr ""
|
||
"Banyak sistem operasi sekarang menyediakan dukungan kompartementalisasi. "
|
||
"Linux mendukung namespace untuk menetapkan proses ke dalam domain "
|
||
"independen. Bagian lain dari panduan ini mencakup kompartementalisasi sistem "
|
||
"secara lebih rinci."
|
||
|
||
msgid ""
|
||
"Many organizations have an established Public Key Infrastructure with their "
|
||
"own Certification Authority (CA), certificate policies, and management for "
|
||
"which they should use to issue certificates for internal OpenStack users or "
|
||
"services. Organizations in which the public security domain is Internet "
|
||
"facing will additionally need certificates signed by a widely recognized "
|
||
"public CA. For cryptographic communications over the management network, it "
|
||
"is recommended one not use a public CA. Instead, we expect and recommend "
|
||
"most deployments deploy their own internal CA."
|
||
msgstr ""
|
||
"Banyak organisasi memiliki Public Key Infrastructure yang mapan dengan "
|
||
"Certification Authority (CA) mereka sendiri, kebijakan sertifikat, dan "
|
||
"manajemen yang harus mereka gunakan untuk menerbitkan sertifikat untuk "
|
||
"pengguna atau layanan OpenStack internal. Organisasi di mana domain keamanan "
|
||
"publik yang dihadapi Internet juga memerlukan sertifikat yang ditandatangani "
|
||
"oleh CA publik yang diakui secara luas. Untuk komunikasi kriptografi melalui "
|
||
"jaringan manajemen, disarankan agar tidak menggunakan CA publik. Sebagai "
|
||
"gantinya, kami mengharapkan dan merekomendasikan sebagian besar penerapan "
|
||
"menggunakan CA internal mereka sendiri."
|
||
|
||
msgid ""
|
||
"Many organizations typically deploy web applications at subdomains of an "
|
||
"overarching organization domain. It is natural for users to expect a domain "
|
||
"of the form ``openstack.example.org``. In this context, there are often "
|
||
"applications which are deployed in the same second-level namespace. This "
|
||
"name structure is convenient and simplifies name server maintenance."
|
||
msgstr ""
|
||
"Banyak organisasi biasanya menyebarkan aplikasi web di subdomain dari domain "
|
||
"organisasi yang melindunginya (overarching). Adalah wajar bagi pengguna "
|
||
"untuk mengharapkan sebuah domain dengan bentuk ``openstack.example.org``. "
|
||
"Dalam konteks ini, sering ada aplikasi yang digunakan dalam namespace second-"
|
||
"level yang sama. Struktur nama ini nyaman dan menyederhanakan pemeliharaan "
|
||
"server nama."
|
||
|
||
msgid ""
|
||
"Many times interesting events trigger an alert which is sent to a responder "
|
||
"for action. Frequently this alert takes the form of an email with the "
|
||
"messages of interest. An interesting event could be a significant failure, "
|
||
"or known health indicator of a pending failure. Two common utilities for "
|
||
"managing alerts are `Nagios <https://www.nagios.org>`_ and `Zabbix <https://"
|
||
"www.zabbix.com/>`_."
|
||
msgstr ""
|
||
"Sering kali peristiwa menarik memicu peringatan yang dikirim ke penjawab "
|
||
"untuk bertindak. Seringkali lansiran ini berbentuk email dengan pesan "
|
||
"menarik. Peristiwa yang menarik bisa berupa kegagalan yang signifikan, atau "
|
||
"indikator kesehatan yang diketahui tentang kegagalan yang tertunda. Dua "
|
||
"utilitas umum untuk mengelola peringatan adalah `Nagios <https://www.nagios."
|
||
"org>`_ dan `Zabbix <https://www.zabbix.com/>`_."
|
||
|
||
msgid ""
|
||
"MapR Technologies, Apache Hadoop for the MapR Converged Data Platform. 2016. "
|
||
"`MapR project <https://www.mapr.com/products/mapr-distribution-including-"
|
||
"apache-hadoop>`__"
|
||
msgstr ""
|
||
"MapR Technologies, Apache Hadoop for the MapR Converged Data Platform. 2016. "
|
||
"`MapR project <https://www.mapr.com/products/mapr-distribution-including-"
|
||
"apache-hadoop>`__"
|
||
|
||
msgid "Mapping"
|
||
msgstr "Pemetaan"
|
||
|
||
msgid "Medium"
|
||
msgstr "Medium"
|
||
|
||
msgid "Medium / low"
|
||
msgstr "Medium / low"
|
||
|
||
msgid "Message Digest"
|
||
msgstr "Message Digest"
|
||
|
||
msgid "Message queue process isolation and policy"
|
||
msgstr "Isolasi proses antrian pesan dan kebijakan"
|
||
|
||
msgid ""
|
||
"Message queue service processes should be isolated from each other and other "
|
||
"processes on a machine."
|
||
msgstr ""
|
||
"Proses pelayanan antrian pesan harus diisolasi satu sama lain dan proses "
|
||
"lainnya pada mesin."
|
||
|
||
msgid ""
|
||
"Message queues effectively facilitate command and control functions across "
|
||
"OpenStack deployments. Once access to the queue is permitted, no further "
|
||
"authorization checks are performed. Services accessible through the queue do "
|
||
"validate the contexts and tokens within the actual message payload. However, "
|
||
"you must note the expiration date of the token because tokens are "
|
||
"potentially re-playable and can authorize other services in the "
|
||
"infrastructure."
|
||
msgstr ""
|
||
"Antrian pesan secara efektif memfasilitasi fungsi perintah dan kontrol di "
|
||
"seluruh penerapan OpenStack. Setelah akses ke antrian diizinkan, tidak ada "
|
||
"pemeriksaan otorisasi lebih lanjut yang dilakukan. Layanan yang dapat "
|
||
"diakses melalui antrian memvalidasi konteks dan token di dalam muatan pesan "
|
||
"aktual. Namun, Anda harus mencatat tanggal kedaluwarsa token karena token "
|
||
"berpotensi dimainkan ulang dan dapat memberi otorisasi pada layanan lain di "
|
||
"infrastruktur."
|
||
|
||
msgid "Message queuing"
|
||
msgstr "Antrian pesan"
|
||
|
||
msgid ""
|
||
"Message queuing services facilitate inter-process communication in "
|
||
"OpenStack. OpenStack supports these message queuing service back ends:"
|
||
msgstr ""
|
||
"Layanan antrian pesan memudahkan komunikasi antar proses di OpenStack. "
|
||
"OpenStack mendukung layanan antrian pesan ini kembali:"
|
||
|
||
msgid ""
|
||
"Messaging is used for internal communication between several OpenStack "
|
||
"services. By default, OpenStack uses message queues based on the :term:`AMQP "
|
||
"<Advanced Message Queuing Protocol (AMQP)>`. Like most OpenStack services, "
|
||
"AMQP supports pluggable components. Today the implementation back end could "
|
||
"be RabbitMQ, Qpid, or ZeroMQ."
|
||
msgstr ""
|
||
"Messaging digunakan untuk komunikasi internal antara beberapa layanan "
|
||
"OpenStack. Secara default, OpenStack menggunakan antrian pesan berdasarkan :"
|
||
"term:`AMQP <Advanced Message Queuing Protocol (AMQP)>`. Seperti kebanyakan "
|
||
"layanan OpenStack, AMQP mendukung komponen pluggable. Saat ini penerapan "
|
||
"back end bisa berupa RabbitMQ, Qpid, atau ZeroMQ."
|
||
|
||
msgid "Messaging security"
|
||
msgstr "Keamanan pesan"
|
||
|
||
msgid "Messaging server"
|
||
msgstr "Server Messaging"
|
||
|
||
msgid "Messaging transport security"
|
||
msgstr "Keamanan pengiriman pesan"
|
||
|
||
msgid ""
|
||
"Metadata stored by an OpenStack cloud includes the following non-exhaustive "
|
||
"items:"
|
||
msgstr ""
|
||
"Metadata yang disimpan oleh awan OpenStack mencakup item berikut yang tidak "
|
||
"lengkap (non-exhaustive):"
|
||
|
||
msgid "Migration network"
|
||
msgstr "Jaringan migrasi"
|
||
|
||
msgid "Minimizing the QEMU code base"
|
||
msgstr "Meminimalkan basis kode QEMU"
|
||
|
||
msgid "Minimizing the code base."
|
||
msgstr "Meminimalkan basis kode."
|
||
|
||
msgid "Mitigate ARP spoofing"
|
||
msgstr "Mengurangi spoofing ARP"
|
||
|
||
msgid "Mode"
|
||
msgstr "Mode"
|
||
|
||
msgid ""
|
||
"Monitor the traffic on the management network. The anomalies might be easier "
|
||
"to track than on the busier compute nodes."
|
||
msgstr ""
|
||
"Pantau lalu lintas di jaringan manajemen. Anomali mungkin lebih mudah "
|
||
"dilacak daripada pada node komptasi yang sibuk."
|
||
|
||
msgid "Monitoring and logging"
|
||
msgstr "Pemantauan dan logging"
|
||
|
||
msgid ""
|
||
"Monitoring is a critical component of IT infrastructure, we recommend the "
|
||
"`Compute logfiles <https://docs.openstack.org/newton/config-reference/"
|
||
"compute/logs.html>`_ be monitored and analyzed so that meaningful alerts can "
|
||
"be created."
|
||
msgstr ""
|
||
"Pemantauan merupakan komponen penting dari infrastruktur TI, kami "
|
||
"merekomendasikan `Compute logfiles <https://docs.openstack.org/newton/config-"
|
||
"reference/compute/logs.html>`_ dipantau dan dianalisis sehingga peringatan "
|
||
"yang berarti dapat diciptakan."
|
||
|
||
msgid ""
|
||
"Monitoring the output of the service controller is a powerful forensic tool, "
|
||
"as described more thoroughly in :doc:`../monitoring-logging`. The Data "
|
||
"processing service controller offers a few options for setting the location "
|
||
"and level of logging."
|
||
msgstr ""
|
||
"Pemantauan output dari pengontrol layanan adalah alat forensik yang hebat, "
|
||
"seperti yang dijelaskan lebih teliti di :doc:`../monitoring-logging`. "
|
||
"Pengontrol layanan pengolahan data menawarkan beberapa pilihan untuk "
|
||
"mengatur lokasi dan tingkat logging."
|
||
|
||
msgid "Monitoring use cases"
|
||
msgstr "Memantau kasus penggunaan"
|
||
|
||
msgid "Monitoring, alerting, and reporting"
|
||
msgstr "Monitoring, peringatan, dan pelaporan"
|
||
|
||
msgid ""
|
||
"Most API endpoints and other HTTP services in OpenStack use the Python Paste "
|
||
"Deploy library. From a security perspective, this library enables "
|
||
"manipulation of the request filter pipeline through the application's "
|
||
"configuration. Each element in this chain is referred to as *middleware*. "
|
||
"Changing the order of filters in the pipeline or adding additional "
|
||
"middleware might have unpredictable security impact."
|
||
msgstr ""
|
||
"Sebagian besar endpoint API dan layanan HTTP lainnya di OpenStack "
|
||
"menggunakan pustaka Python Paste Deploy. Dari perspektif keamanan, "
|
||
"perpustakaan ini memungkinkan manipulasi aliran filter permintaan melalui "
|
||
"konfigurasi aplikasi. Setiap elemen dalam rantai ini disebut sebagai "
|
||
"*middleware *. Mengubah urutan filter dalam pipa atau menambahkan middleware "
|
||
"tambahan mungkin memiliki dampak keamanan yang tidak dapat diprediksi."
|
||
|
||
msgid ""
|
||
"Most cloud deployments will not build software, such as QEMU, by hand. It is "
|
||
"better to use packaging to ensure that the process is repeatable and to "
|
||
"ensure that the end result can be easily deployed throughout the cloud. The "
|
||
"references below provide some additional details on applying compiler "
|
||
"hardening options to existing packages."
|
||
msgstr ""
|
||
"Sebagian besar penyebaran awan tidak akan membangun perangkat lunak, seperti "
|
||
"QEMU, dengan tangan. Lebih baik menggunakan kemasan untuk memastikan "
|
||
"prosesnya berulang dan untuk memastikan bahwa hasil akhirnya dapat dengan "
|
||
"mudah digunakan di seluruh awan. Referensi di bawah ini memberikan beberapa "
|
||
"rincian tambahan tentang penerapan opsi pengerasan kompiler ke paket yang "
|
||
"ada."
|
||
|
||
msgid ""
|
||
"Most common operating systems include host-based firewalls for additional "
|
||
"security. While we recommend that virtual machines run as few applications "
|
||
"as possible (to the point of being single-purpose instances, if possible), "
|
||
"all applications running on a virtual machine should be profiled to "
|
||
"determine what system resources the application needs access to, the lowest "
|
||
"level of privilege required for it to run, and what the expected network "
|
||
"traffic is that will be going into and coming from the virtual machine. This "
|
||
"expected traffic should be added to the host-based firewall as allowed "
|
||
"traffic (or whitelisted), along with any necessary logging and management "
|
||
"communication such as SSH or RDP. All other traffic should be explicitly "
|
||
"denied in the firewall configuration."
|
||
msgstr ""
|
||
"Sistem operasi yang paling umum mencakup firewall berbasis host untuk "
|
||
"keamanan tambahan. Meskipun kami menyarankan agar mesin virtual menjalankan "
|
||
"aplikasi sesedikit mungkin (sampai pada titik tujuan tunggal, jika mungkin), "
|
||
"semua aplikasi yang berjalan pada mesin virtual harus diprofilkan untuk "
|
||
"menentukan sumber daya sistem yang dibutuhkan akses aplikasi, yang terendah "
|
||
"tingkat hak istimewa yang dibutuhkan agar bisa berjalan, dan lalu lintas "
|
||
"lalu lintas yang diharapkan akan masuk dan masuk dari mesin virtual. Lalu "
|
||
"lintas yang diharapkan ini harus ditambahkan ke firewall berbasis host "
|
||
"sebagai lalu lintas yang diizinkan (atau masuk whitelisted), bersamaan "
|
||
"dengan komunikasi logging dan manajemen yang diperlukan seperti SSH atau "
|
||
"RDP. Semua lalu lintas lainnya harus ditolak secara eksplisit dalam "
|
||
"konfigurasi firewall."
|
||
|
||
msgid ""
|
||
"Most likely, the most important aspect in hypervisor selection is the "
|
||
"expertise of your staff in managing and maintaining a particular hypervisor "
|
||
"platform. The more familiar your team is with a given product, its "
|
||
"configuration, and its eccentricities, the fewer the configuration mistakes. "
|
||
"Additionally, having staff expertise spread across an organization on a "
|
||
"given hypervisor increases availability of your systems, allows segregation "
|
||
"of duties, and mitigates problems in the event that a team member is "
|
||
"unavailable."
|
||
msgstr ""
|
||
"Kemungkinan besar, aspek terpenting dalam pemilihan hypervisor adalah "
|
||
"keahlian staf Anda dalam mengelola dan memelihara platform hypervisor "
|
||
"tertentu. Semakin akrab tim Anda dengan produk tertentu, konfigurasinya, dan "
|
||
"eksentrisitasnya, semakin sedikit kesalahan konfigurasi. Selain itu, "
|
||
"memiliki keahlian staf yang tersebar di seluruh organisasi pada hypervisor "
|
||
"tertentu meningkatkan ketersediaan sistem Anda, memungkinkan pemisahan "
|
||
"tugas, dan mengurangi masalah jika anggota tim tidak tersedia."
|
||
|
||
msgid ""
|
||
"Most types of cloud deployment, public or private, are exposed to some form "
|
||
"of attack. In this chapter we categorize attackers and summarize potential "
|
||
"types of attacks in each security domain."
|
||
msgstr ""
|
||
"Sebagian besar jenis penyebaran awan, publik atau private, terkena beberapa "
|
||
"bentuk serangan. Dalam bab ini kami mengkategorikan penyerang dan meringkas "
|
||
"jenis serangan potensial di setiap domain keamanan."
|
||
|
||
msgid "Motivated individuals"
|
||
msgstr "Individu termotivasi"
|
||
|
||
msgid "Multi-factor authentication"
|
||
msgstr "Autentikasi mult-faktor"
|
||
|
||
msgid "Multi-host DHCP-agent"
|
||
msgstr "Multi-host DHCP-agent"
|
||
|
||
msgid ""
|
||
"Multiple filters can be applied at once, such as the ``ServerGroupAffinity`` "
|
||
"filter to ensure an instance is created on a member of a specific set of "
|
||
"hosts and ``ServerGroupAntiAffinity`` filter to ensure that same instance is "
|
||
"not created on another specific set of hosts. These filters should be "
|
||
"analyzed carefully to ensure they do not conflict with each other and result "
|
||
"in rules that prevent the creation of instances."
|
||
msgstr ""
|
||
"Beberapa filter dapat diterapkan sekaligus, seperti filter "
|
||
"``ServerGroupAffinity`` untuk memastikan sebuah instance dibuat pada anggota "
|
||
"host tertentu dan filter `ServerGroupAntiAffinity`` untuk memastikan bahwa "
|
||
"instance yang sama tidak dibuat pada set host spesifik yang lain. Filter "
|
||
"ini harus dianalisis dengan seksama untuk memastikan mereka tidak saling "
|
||
"bertentangan dan menghasilkan peraturan yang mencegah pembuatan instance."
|
||
|
||
msgid "MySQL SSL configuration"
|
||
msgstr "Konfigurasi SSL MySQL"
|
||
|
||
msgid "MySQL database service"
|
||
msgstr "Layanan database MySQL"
|
||
|
||
msgid ""
|
||
"MySQL has a large community, widespread adoption, and provides high "
|
||
"availability options. MySQL also has the ability to provide enhanced client "
|
||
"authentication by way of plug-in authentication mechanisms. Forked "
|
||
"distributions in the MySQL community provide many options for consideration. "
|
||
"It is important to choose a specific implementation of MySQL based on a "
|
||
"thorough evaluation of the security posture and the level of support "
|
||
"provided for the given distribution."
|
||
msgstr ""
|
||
"MySQL memiliki komunitas besar, adopsi yang luas, dan menyediakan pilihan "
|
||
"ketersediaan tinggi. MySQL juga memiliki kemampuan untuk menyediakan "
|
||
"otentikasi klien yang disempurnakan dengan cara mekanisme otentikasi plug-"
|
||
"in. Forked distribution di komunitas MySQL memberikan banyak pilihan untuk "
|
||
"dipertimbangkan. Penting untuk memilih implementasi spesifik dari MySQL "
|
||
"berdasarkan evaluasi menyeluruh terhadap postur keamanan dan tingkat "
|
||
"dukungan yang diberikan untuk distribusi yang diberikan."
|
||
|
||
msgid "MySQL:"
|
||
msgstr "MySQL:"
|
||
|
||
msgid ""
|
||
"NIST defines a community cloud as one whose infrastructure is provisioned "
|
||
"for the exclusive use by a specific community of consumers from "
|
||
"organizations that have shared concerns (for example, mission, security "
|
||
"requirements, policy, or compliance considerations). The cloud might be "
|
||
"owned, managed, and operated by one or more of organizations in the "
|
||
"community, a third-party, or some combination of them, and it may exist on "
|
||
"or off premises."
|
||
msgstr ""
|
||
"NIST mendefinisikan awan komunitas sebagai infrastruktur yang disediakan "
|
||
"untuk penggunaan eksklusif oleh komunitas konsumen tertentu dari organisasi "
|
||
"yang memiliki keprihatinan bersama (misalnya, pertimbangan misi, persyaratan "
|
||
"keamanan, kebijakan, atau kepatuhan). Awan mungkin dimiliki, dikelola, dan "
|
||
"dioperasikan oleh satu atau lebih organisasi di masyarakat, pihak ketiga, "
|
||
"atau beberapa kombinasi dari keduanya, dan mungkin ada di dalam atau di luar "
|
||
"lokasi."
|
||
|
||
msgid "Namespaces"
|
||
msgstr "Namespace"
|
||
|
||
msgid ""
|
||
"Nathanael Burton is a Computer Scientist at the National Security Agency. He "
|
||
"has worked for the Agency for over 10 years working on distributed systems, "
|
||
"large-scale hosting, open source initiatives, operating systems, security, "
|
||
"storage, and virtualization technology. He has a B.S. in Computer Science "
|
||
"from Virginia Tech."
|
||
msgstr ""
|
||
"Nathanael Burton adalah seorang Ilmuwan Komputer di National Security "
|
||
"Agency. Dia telah bekerja untuk Agency selama lebih dari 10 tahun bekerja "
|
||
"pada sistem terdistribusi, hosting berskala besar, inisiatif open source, "
|
||
"sistem operasi, keamanan, penyimpanan, dan teknologi virtualisasi. Dia "
|
||
"memiliki B.S. di Ilmu Komputer dari Virginia Tech."
|
||
|
||
msgid ""
|
||
"National Information Assurance Partnership, National Security "
|
||
"Telecommunications and Information Systems Security Policy. 2003. `http://"
|
||
"www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf <http://www."
|
||
"niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf>`_"
|
||
msgstr ""
|
||
"National Information Assurance Partnership, National Security "
|
||
"Telecommunications dan Information Systems Security Policy. 2003. `http://"
|
||
"www.niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf <http://www."
|
||
"niap-ccevs.org/cc-scheme/nstissp_11_revised_factsheet.pdf>`_"
|
||
|
||
msgid ""
|
||
"Native SSL/TLS configuration is difficult (not well documented, tested, or "
|
||
"consistent across services)."
|
||
msgstr ""
|
||
"Konfigurasi SSL/TLS native sulit (tidak terdokumentasi dengan baik, teruji, "
|
||
"atau konsisten di seluruh layanan)."
|
||
|
||
msgid ""
|
||
"Native SSL/TLS in OpenStack services does not perform/scale as well as SSL "
|
||
"proxies (particularly for Python implementations like Eventlet)."
|
||
msgstr ""
|
||
"SSL/TLS native di layanan OpenStack tidak melakukan/skala serta proxy SSL "
|
||
"(terutama untuk implementasi Python seperti Eventlet)."
|
||
|
||
msgid ""
|
||
"Native SSL/TLS in OpenStack services not as well scrutinized/ audited as "
|
||
"more proven solutions."
|
||
msgstr ""
|
||
"SSL/TLS native di layanan OpenStack tidak dicermati/diaudit serta bukan "
|
||
"solusi yang lebih terjamin."
|
||
|
||
msgid "Network and security models"
|
||
msgstr "Model jaringan dan keamanan"
|
||
|
||
msgid "Network connectivity of physical servers"
|
||
msgstr "Konektivitas jaringan server fisik"
|
||
|
||
msgid "Network data"
|
||
msgstr "Network data"
|
||
|
||
msgid ""
|
||
"Network intrusion detection tools complement the host-based tools. OpenStack "
|
||
"doesn't have a specific network IDS built-in, but OpenStack Networking "
|
||
"provides a plug-in mechanism to enable different technologies through the "
|
||
"Networking API. This plug-in architecture will allow tenants to develop API "
|
||
"extensions to insert and configure their own advanced networking services "
|
||
"like a firewall, an intrusion detection system, or a VPN between the VMs."
|
||
msgstr ""
|
||
"Alat deteksi intrusi jaringan melengkapi alat berbasis host. OpenStack tidak "
|
||
"memiliki jaringan khusus IDS built-in, namun OpenStack Networking "
|
||
"menyediakan mekanisme plug-in untuk mengaktifkan teknologi yang berbeda "
|
||
"melalui Networking API. Arsitektur plug-in ini akan memungkinkan penyewa "
|
||
"mengembangkan ekstensi API untuk memasukkan dan mengkonfigurasi layanan "
|
||
"jaringan lanjutan mereka sendiri seperti firewall, sistem deteksi intrusi, "
|
||
"atau VPN antara VM."
|
||
|
||
msgid ""
|
||
"Network namespaces are highly recommended for all services running on "
|
||
"OpenStack Compute Hypervisors. This will help prevent against the bridging "
|
||
"of network traffic between VM guests and the management network."
|
||
msgstr ""
|
||
"Namespace jaringan sangat dianjurkan untuk semua layanan yang berjalan di "
|
||
"OpenStack Compute Hypervisors. Ini akan membantu mencegah terjerembabnya "
|
||
"lalu lintas jaringan antara VM guest dan jaringan manajemen."
|
||
|
||
msgid "Network plug-ins"
|
||
msgstr "Plug-in jaringan"
|
||
|
||
msgid ""
|
||
"Network plug-ins allow to use any functions, configurations of the OpenStack "
|
||
"Networking and Legacy networking services. One can use any network "
|
||
"segmentation that the Networking service supports, you can use flat networks "
|
||
"or VLAN-segmented networks of the Legacy networking (nova-network) service, "
|
||
"or you can use plug-ins for specifying networks independently from OpenStack "
|
||
"networking services. For more information of how to use different network "
|
||
"plug-ins, see `Shared File Systems service Network plug-ins <https://docs."
|
||
"openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-"
|
||
"plug-ins>`_."
|
||
msgstr ""
|
||
"Jaringan plug-in memungkinkan untuk menggunakan fungsi apapun, konfigurasi "
|
||
"layanan jaringan OpenStack Networking and Legacy. Seseorang dapat "
|
||
"menggunakan segmentasi jaringan yang didukung oleh layanan Networking, Anda "
|
||
"dapat menggunakan jaringan datar atau jaringan terstruktur VLAN dari "
|
||
"jaringan jaringan Legacy (nova-network), atau Anda dapat menggunakan plug-in "
|
||
"untuk menentukan jaringan secara terpisah dari layanan jaringan OpenStack. "
|
||
"Untuk informasi lebih lanjut tentang cara menggunakan berbagai plug-in "
|
||
"jaringan, lihat `Shared File Systems service Network plug-ins <https://docs."
|
||
"openstack.org/admin-guide/shared_file_systems_network_plugins.html#network-"
|
||
"plug-ins>`_."
|
||
|
||
msgid "Network policy"
|
||
msgstr "Kebijakan jaringan"
|
||
|
||
msgid "Network security"
|
||
msgstr "Keamanan jaringan"
|
||
|
||
msgid "Network services"
|
||
msgstr "Layanan jaringan"
|
||
|
||
msgid "Network services extensions"
|
||
msgstr "Ekstensi layanan jaringan"
|
||
|
||
msgid "Network topology"
|
||
msgstr "Topologi jaringan"
|
||
|
||
msgid ""
|
||
"Network tunneling encapsulates each tenant/network combination with a unique "
|
||
"\"tunnel-id\" that is used to identify the network traffic belonging to that "
|
||
"combination. The tenant's L2 network connectivity is independent of physical "
|
||
"locality or underlying network design. By encapsulating traffic inside IP "
|
||
"packets, that traffic can cross Layer-3 boundaries, removing the need for "
|
||
"preconfigured VLANs and VLAN trunking. Tunneling adds a layer of obfuscation "
|
||
"to network data traffic, reducing the visibility of individual tenant "
|
||
"traffic from a monitoring point of view."
|
||
msgstr ""
|
||
"Jaringan tunneling merangkum masing-masing penyewa jaringan kombinasi dengan "
|
||
"unik \"tunnel-id\" yang digunakan untuk mengidentifikasi lalu lintas "
|
||
"jaringan milik kombinasi itu. Konektivitas jaringan L2 penyewa tidak "
|
||
"bergantung pada lokasi fisik atau disain jaringan yang mendasarinya. Dengan "
|
||
"mengenkapsulasi lalu lintas di dalam paket IP, lalu lintas tersebut dapat "
|
||
"melintasi batas Layer-3, menghapus kebutuhan akan VLAN yang telah "
|
||
"dikonfigurasikan sebelumnya dan trunking VLAN. Tunneling menambahkan lapisan "
|
||
"obfuscation ke lalu lintas data jaringan, mengurangi visibilitas lalu lintas "
|
||
"penyewa individu dari sudut pandang pemantauan."
|
||
|
||
msgid "Network virtualization"
|
||
msgstr "Virtualisasi jaringan"
|
||
|
||
msgid "Networking"
|
||
msgstr "Networking"
|
||
|
||
msgid "Networking API endpoints"
|
||
msgstr "Networking API endpoints"
|
||
|
||
msgid "Networking architecture"
|
||
msgstr "Arsitektur jaringan"
|
||
|
||
msgid "Networking resource policy engine"
|
||
msgstr "Mesin kebijakan sumber daya jaringan"
|
||
|
||
msgid "Networking services"
|
||
msgstr "Layanan Networking"
|
||
|
||
msgid "Networking services limitations"
|
||
msgstr "Keterbatasan layanan jaringan"
|
||
|
||
msgid "Networking services security best practices"
|
||
msgstr "Praktik terbaik keamanan layanan jaringan"
|
||
|
||
msgid "Never allow the wild card origin."
|
||
msgstr "Jangan biarkan wild card origin."
|
||
|
||
msgid ""
|
||
"Never configure CSRF or session cookies to have a wild card domain with a "
|
||
"leading dot. Horizon's session and CSRF cookie should be secured when "
|
||
"deployed with HTTPS:"
|
||
msgstr ""
|
||
"Jangan pernah mengonfigurasi CSRF atau cookie sesi untuk memiliki wild card "
|
||
"domain dengan dot terkemuka. Sesi Horizon dan cookie CSRF harus diamankan "
|
||
"saat dikerahkan dengan HTTPS:"
|
||
|
||
msgid "Never eXecute (NX)"
|
||
msgstr "Never eXecute (NX)"
|
||
|
||
msgid "Nginx"
|
||
msgstr "Nginx"
|
||
|
||
msgid "No IPv6 support for L3 agents"
|
||
msgstr "Tidak ada dukungan IPv6 untuk agen L3"
|
||
|
||
msgid ""
|
||
"No MD5. MD5 is not collision resistant, and thus not acceptable for Message "
|
||
"Authentication Codes (MAC) or signatures."
|
||
msgstr ""
|
||
"Tidak ada MD5. MD5 tidak tahan benturan, dan karenanya tidak dapat diterima "
|
||
"untuk Message Authentication Codes (MAC) atau signatures."
|
||
|
||
msgid ""
|
||
"No RC4. RC4 has flaws in the context of TLS V3. See `On the Security of RC4 "
|
||
"in TLS and WPA <http://cr.yp.to/streamciphers/rc4biases-20130708.pdf>`_."
|
||
msgstr ""
|
||
"Tidak ada RC4. RC4 memiliki kekurangan dalam konteks TLS V3. Lihat `On the "
|
||
"Security of RC4 in TLS and WPA <http://cr.yp.to/streamciphers/"
|
||
"rc4biases-20130708.pdf>`_."
|
||
|
||
msgid ""
|
||
"No new users will be added to the Identity back end, but the Identity "
|
||
"service requires group-based role assignments to authorize federated users. "
|
||
"The Federation mapping function will map the user into local Identity "
|
||
"service groups objects, and hence to local role assignments."
|
||
msgstr ""
|
||
"Tidak ada pengguna baru yang akan ditambahkan ke Identity back end, namun "
|
||
"layanan Identity memerlukan tugas peran berbasis kelompok untuk memberi "
|
||
"otorisasi kepada pengguna yang tergabung. Fungsi pemetaan Federation akan "
|
||
"memetakan pengguna ke dalam kelompok pengguna layanan Identity lokal, dan "
|
||
"karenanya untuk tugas peran lokal."
|
||
|
||
msgid "No share servers mode"
|
||
msgstr "No share servers mode"
|
||
|
||
msgid "Node hardening"
|
||
msgstr "Pengerasan node"
|
||
|
||
msgid "Node provisioning"
|
||
msgstr "Penyediaan Node"
|
||
|
||
msgid ""
|
||
"Nodes in the cloud—including compute, storage, network, service, and hybrid "
|
||
"nodes—should have an automated provisioning process. This ensures that nodes "
|
||
"are provisioned consistently and correctly. This also facilitates security "
|
||
"patching, upgrading, bug fixing, and other critical changes. Since this "
|
||
"process installs new software that runs at the highest privilege levels in "
|
||
"the cloud, it is important to verify that the correct software is installed. "
|
||
"This includes the earliest stages of the boot process."
|
||
msgstr ""
|
||
"Node di awan -termasuk komputasi, penyimpanan, jaringan, layanan, dan node "
|
||
"hibrida- harus memiliki proses penyediaan otomatis. Hal ini memastikan bahwa "
|
||
"node ditetapkan secara konsisten dan benar. Ini juga memfasilitasi keamanan "
|
||
"patch, upgrade, perbaikan bug, dan perubahan penting lainnya. Karena proses "
|
||
"ini menginstal perangkat lunak baru yang berjalan pada tingkat hak istimewa "
|
||
"tertinggi di awan, penting untuk memastikan perangkat lunak yang benar "
|
||
"diinstal. Ini termasuk tahap awal proses boot."
|
||
|
||
msgid ""
|
||
"Nodes should use Preboot eXecution Environment (PXE) for provisioning. This "
|
||
"significantly reduces the effort required for redeploying nodes. The typical "
|
||
"process involves the node receiving various boot stages—that is "
|
||
"progressively more complex software to execute— from a server."
|
||
msgstr ""
|
||
"Node harus menggunakan Preboot eXecution Environment (PXE) untuk penyediaan. "
|
||
"Hal ini secara signifikan mengurangi upaya yang diperlukan untuk memindahkan "
|
||
"node. Proses yang khas melibatkan node yang menerima berbagai tahap boot -"
|
||
"yaitu perangkat lunak yang semakin kompleks untuk dijalankan- dari server."
|
||
|
||
msgid ""
|
||
"Note that Castellan does not provide any authentication. It simply passes "
|
||
"through the authentication credentials (a Keystone token, for example) to "
|
||
"the back-end."
|
||
msgstr ""
|
||
"Perhatikan bahwa Castellan tidak memberikan otentikasi apapun. Ini hanya "
|
||
"melewati kredensial otentikasi (token Keystone, misalnya) ke back-end."
|
||
|
||
msgid ""
|
||
"Note that if the LDAP system has attributes defined for the user such as "
|
||
"admin, finance, HR etc, these must be mapped into roles and groups within "
|
||
"Identity for use by the various OpenStack services. The ``/etc/keystone/"
|
||
"keystone.conf`` file maps LDAP attributes to Identity attributes."
|
||
msgstr ""
|
||
"Perhatikan bahwa jika sistem LDAP memiliki atribut yang didefinisikan untuk "
|
||
"pengguna seperti admin, finance, HR dll, ini harus dipetakan ke dalam peran "
|
||
"dan kelompok di dalam Identity untuk digunakan oleh berbagai layanan "
|
||
"OpenStack. File ``/etc/keystone/keystone.conf`` memetakan atribut LDAP ke "
|
||
"atribut Identitas."
|
||
|
||
msgid ""
|
||
"Note that the OpenStack `Ephemeral disk encryption <https://docs.openstack."
|
||
"org/security-guide/tenant-data/data-encryption.html>`__ feature provides a "
|
||
"means of improving ephemeral storage privacy and isolation, during both "
|
||
"active use as well as when the data is to be destroyed. As in the case of "
|
||
"encrypted block storage, one can simply delete the encryption key to "
|
||
"effectively destroy the data."
|
||
msgstr ""
|
||
"Perhatikan bahwa OpenStack fitur `Ephemeral disk encryption <https://docs."
|
||
"openstack.org/security-guide/tenant-data/data-encryption.html>`__ "
|
||
"menyediakan sarana untuk meningkatkan privasi penyimpanan sementara dan "
|
||
"isolasi, selama penggunaan aktif maupun saat data dihancurkan. Seperti dalam "
|
||
"kasus penyimpanan blok terenkripsi, seseorang dapat dengan mudah menghapus "
|
||
"kunci enkripsi untuk menghancurkan data secara efektif."
|
||
|
||
msgid ""
|
||
"Note that there may be a key size limitation from the backend key manager "
|
||
"that could require the use of 'key_size = 256', which would only provide an "
|
||
"AES key size of 128-bits. XTS requires it's own \"tweak key\" in addition to "
|
||
"the encryption key AES requires. This is typically expressed as a single "
|
||
"large key. In this case, using the 512-bit setting, 256 bits will be used by "
|
||
"AES and 256 bits by XTS. (see NIST_)"
|
||
msgstr ""
|
||
"Perhatikan bahwa mungkin ada batasan ukuran kunci dari manajer kunci backend "
|
||
"yang memerlukan penggunaan 'key_size = 256', yang hanya akan memberikan "
|
||
"ukuran kunci AES 128-bit. XTS membutuhkan \"tweak key\" itu sendiri selain "
|
||
"kunci enkripsi yang dibutuhkan AES. Hal ini biasanya dinyatakan sebagai satu "
|
||
"kunci besar. Dalam kasus ini, dengan menggunakan pengaturan 512-bit, 256 bit "
|
||
"akan digunakan oleh AES dan 256 bit oleh XTS. (lihat NIST_)"
|
||
|
||
msgid ""
|
||
"Note this command only adds the ability to communicate over SSL and is non-"
|
||
"exclusive. Other access methods that may allow unencrypted transport should "
|
||
"be disabled so that SSL is the sole access method."
|
||
msgstr ""
|
||
"Perhatikan perintah ini hanya menambahkan kemampuan untuk berkomunikasi "
|
||
"melalui SSL dan tidak eksklusif. Metode akses lain yang memungkinkan "
|
||
"pengangkutan yang tidak dienkripsi harus dinonaktifkan sehingga SSL adalah "
|
||
"satu-satunya metode akses."
|
||
|
||
msgid "Note this needs to be added before your reject all rule which might be:"
|
||
msgstr ""
|
||
"Catatan ini perlu ditambahkan sebelum Anda menolak semua peraturan yang "
|
||
"mungkin:"
|
||
|
||
msgid ""
|
||
"Note, as nova-conductor only applies to OpenStack Compute, direct database "
|
||
"access from compute hosts may still be necessary for the operation of other "
|
||
"OpenStack components such as Telemetry (ceilometer), Networking, and Block "
|
||
"Storage."
|
||
msgstr ""
|
||
"Catatan, karena nova-konduktor hanya berlaku untuk OpenStack Compute, akses "
|
||
"database langsung dari host komputasi mungkin masih diperlukan untuk "
|
||
"pengoperasian komponen OpenStack lainnya seperti Telemetry (ceilometer), "
|
||
"Networking, dan Block Storage."
|
||
|
||
msgid ""
|
||
"Note, however, that authentication via IP is the least secure type of "
|
||
"authentication."
|
||
msgstr ""
|
||
"Namun, perhatikan bahwa otentikasi melalui IP adalah jenis otentikasi yang "
|
||
"paling tidak aman."
|
||
|
||
msgid ""
|
||
"Note, legacy nova-network security groups are applied to all virtual "
|
||
"interface ports on an instance using iptables."
|
||
msgstr ""
|
||
"Perhatikan, grup keamanan nova-jaringan legacy diterapkan ke semua port "
|
||
"antarmuka virtual pada sebuah instance menggunakan iptable."
|
||
|
||
msgid ""
|
||
"Note, the ``tcp_listeners`` option is set to ``[]`` to prevent it from "
|
||
"listening on a non-SSL port. The ``ssl_listeners`` option should be "
|
||
"restricted to only listen on the management network for the services."
|
||
msgstr ""
|
||
"Perhatikan, opsi ``tcp_listeners`` diset ke ``[]`` untuk mencegahnya "
|
||
"mendengarkan port non-SSL. Opsi ``ssl_listeners`` harus dibatasi hanya untuk "
|
||
"mendengarkan pada jaringan manajemen untuk layanan."
|
||
|
||
msgid ""
|
||
"Nova compute service depends on an external authentication and authorization "
|
||
"service. In a typical deployment this dependency will be fulfilled by the "
|
||
"keystone service."
|
||
msgstr ""
|
||
"Layanan komputasi Nova bergantung pada layanan otentikasi dan otorisasi "
|
||
"eksternal. Dalam penyebaran tipikal, ketergantungan ini akan dipenuhi oleh "
|
||
"layanan keystone."
|
||
|
||
msgid "Nova-conductor"
|
||
msgstr "Nova-conductor"
|
||
|
||
msgid ""
|
||
"Nova-conductor receives requests over RPC and performs actions on behalf of "
|
||
"the calling service without granting granular access to the database, its "
|
||
"tables, or data within. Nova-conductor essentially abstracts direct database "
|
||
"access away from compute nodes."
|
||
msgstr ""
|
||
"Nova-conductor menerima permintaan di atas RPC dan melakukan tindakan atas "
|
||
"nama layanan panggilan tanpa memberikan akses terperinci ke database, tabel, "
|
||
"atau data di dalamnya. Nova-konduktor pada dasarnya abstrak akses database "
|
||
"langsung dari node komputasi."
|
||
|
||
msgid ""
|
||
"Now that the Identity Provider and Identity service are communicating, you "
|
||
"can start to configure the ``OS-FEDERATION`` extension."
|
||
msgstr ""
|
||
"Setelah Identity Provider and layanan Identity berkomunikasi, Anda dapat "
|
||
"mulai mengkonfigurasi ekstensi ``OS-FEDERATION``."
|
||
|
||
msgid ""
|
||
"Now we can mount a share on the host with IP address ``10.254.0.4`` and have "
|
||
"``rw`` permissions to the share:"
|
||
msgstr ""
|
||
"Sekarang kita bisa me-mount share di host dengan alamat IP ``10.254.0.4`` "
|
||
"dan memiliki permission ``rw`` untuk share:"
|
||
|
||
msgid "Number of hours running instances or storing data"
|
||
msgstr "Jumlah jam instance yang sedang berjalan atau menyimpan data"
|
||
|
||
msgid ""
|
||
"Number or size of running instances, buckets, objects, volumes, and other "
|
||
"quota-related items"
|
||
msgstr ""
|
||
"Jumlah atau ukuran instance yang sedang berjalan, buckets, objek, volume, "
|
||
"dan barang terkait kuota lainnya"
|
||
|
||
msgid ""
|
||
"Numerous OpenStack services maintain data and metadata belonging to tenants "
|
||
"or reference tenant information."
|
||
msgstr ""
|
||
"Sejumlah layanan OpenStack menjaga data dan metadata milik penyewa atau "
|
||
"informasi penyewa referensi."
|
||
|
||
msgid "Object Content-Type values"
|
||
msgstr "Object Content-Type values"
|
||
|
||
msgid "Object Reuse"
|
||
msgstr "Object Reuse"
|
||
|
||
msgid "Object Service"
|
||
msgstr "Object Service"
|
||
|
||
msgid "Object Storage"
|
||
msgstr "Object Storage"
|
||
|
||
msgid ""
|
||
"Object Storage (swift) supports the optional encryption of object data at "
|
||
"rest on storage nodes. The encryption of object data is intended to mitigate "
|
||
"the risk of users’ data being read if an unauthorized party were to gain "
|
||
"physical access to a disk."
|
||
msgstr ""
|
||
"Object Storage (swift) mendukung enkripsi opsional data objek saat istirahat "
|
||
"pada node penyimpanan. Enkripsi data objek dimaksudkan untuk mengurangi "
|
||
"risiko data pengguna dibaca jika pihak yang tidak berwenang memperoleh akses "
|
||
"fisik ke disk."
|
||
|
||
msgid "Object Storage account terminology"
|
||
msgstr "Terminologi akun Object Storage"
|
||
|
||
msgid "Object Storage authentication"
|
||
msgstr "Otentikasi Object Storage"
|
||
|
||
msgid ""
|
||
"Object Storage comes with two authentication middleware modules by default, "
|
||
"either of which can be used as sample code for developing a custom "
|
||
"authentication middleware."
|
||
msgstr ""
|
||
"Object Storage dilengkapi dengan dua modul middleware otentikasi secara "
|
||
"default, salah satunya dapat digunakan sebagai kode contoh untuk "
|
||
"mengembangkan middleware otentikasi kustom."
|
||
|
||
msgid ""
|
||
"Object Storage does not employ encryption or authentication with inter-node "
|
||
"communications. This is why you see a private switch or private network "
|
||
"([V]LAN) in the architecture diagrams. This data domain should be separate "
|
||
"from other OpenStack data networks as well. For further discussion on "
|
||
"security domains please see :doc:`introduction/security-boundaries-and-"
|
||
"threats`."
|
||
msgstr ""
|
||
"Object Storage tidak menggunakan enkripsi atau otentikasi dengan komunikasi "
|
||
"antar node. Inilah sebabnya mengapa Anda melihat private switch atau private "
|
||
"network ([V] LAN) dalam diagram arsitektur. Data domain ini harus terpisah "
|
||
"dari jaringan data OpenStack lainnya. Untuk pembahasan lebih lanjut tentang "
|
||
"domain keamanan silahkan lihat :doc:`introduction/security-boundaries-and-"
|
||
"threats`."
|
||
|
||
msgid "Object Storage network architecture with a management node (OSAM)"
|
||
msgstr "Object Storage network architecture with a management node (OSAM)"
|
||
|
||
msgid "Object Storage objects"
|
||
msgstr "Object Storage objects"
|
||
|
||
msgid ""
|
||
"Object Storage uses a WSGI model to provide for a middleware capability that "
|
||
"not only provides general extensibility, but is also used for authentication "
|
||
"of end-point clients. The authentication provider defines what roles and "
|
||
"user types exist. Some use traditional user name and password credentials, "
|
||
"while others may leverage API key tokens or even client-side x.509 "
|
||
"certificates. Custom providers can be integrated in using custom middleware."
|
||
msgstr ""
|
||
"Object Storage menggunakan model WSGI untuk menyediakan kemampuan middleware "
|
||
"yang tidak hanya menyediakan perluasan secara umum, namun juga digunakan "
|
||
"untuk otentikasi klien end-point. Penyedia otentikasi menentukan peran dan "
|
||
"jenis pengguna yang ada. Beberapa menggunakan nama pengguna dan kredensial "
|
||
"kata kunci tradisional, sementara yang lain mungkin memanfaatkan token kunci "
|
||
"API atau sertifikat x.509 sisi klien. Penyedia kustom dapat diintegrasikan "
|
||
"dalam menggunakan middleware kustom."
|
||
|
||
msgid ""
|
||
"Object content. For example, the content of an object PUT request’s body"
|
||
msgstr "Isi objek. Misalnya, isi dari objek PUT request body"
|
||
|
||
msgid ""
|
||
"Object security should focus on access control and encryption of data in "
|
||
"transit and at rest. Other concerns might relate to system abuse, illegal or "
|
||
"malicious content storage, and cross-authentication attack vectors."
|
||
msgstr ""
|
||
"Keamanan objek harus fokus pada kontrol akses dan enkripsi data saat transit "
|
||
"dan saat istirahat. Masalah lainnya mungkin terkait dengan penyalahgunaan "
|
||
"sistem, penyimpanan konten ilegal atau berbahaya, dan vektor serangan cross-"
|
||
"authentication."
|
||
|
||
msgid "Object service"
|
||
msgstr "Layanan Object"
|
||
|
||
msgid "Object size"
|
||
msgstr "Object size"
|
||
|
||
msgid "Objectives"
|
||
msgstr "Tujuan"
|
||
|
||
msgid "Octavia/LBaaS"
|
||
msgstr "Octavia/LBaaS"
|
||
|
||
msgid ""
|
||
"Often overlooked is the need for key management for SSH hosts. As most or "
|
||
"all hosts in an OpenStack deployment will provide an SSH service, it is "
|
||
"important to have confidence in connections to these hosts. It cannot be "
|
||
"understated that failing to provide a reasonably secure and accessible "
|
||
"method to verify SSH host key fingerprints is ripe for abuse and "
|
||
"exploitation."
|
||
msgstr ""
|
||
"Sering diabaikan adalah kebutuhan akan manajemen kunci untuk host SSH. "
|
||
"Karena kebanyakan atau semua host dalam penyebaran OpenStack akan "
|
||
"menyediakan layanan SSH, penting untuk memiliki kepercayaan dalam koneksi ke "
|
||
"host ini. Tidak dapat dipungkiri bahwa gagal menyediakan metode yang cukup "
|
||
"aman dan mudah diakses untuk memverifikasi sidik jari utama host SSH (SSH "
|
||
"host key fingerprint) menjadi rentan untuk penyalahgunaan dan eksploitasi."
|
||
|
||
msgid ""
|
||
"Often, data encryption relates positively to the ability to reliably destroy "
|
||
"tenant and per-instance data, simply by throwing away the keys. It should be "
|
||
"noted that in doing so, it becomes of great importance to destroy those keys "
|
||
"in a reliable and secure manner."
|
||
msgstr ""
|
||
"Seringkali, enkripsi data berhubungan secara positif dengan kemampuan untuk "
|
||
"menghancurkan data penyewa dan per-instance dengan mudah, cukup dengan "
|
||
"membuang kunci. Perlu dicatat bahwa dengan berbuat demikian, menjadi sangat "
|
||
"penting untuk menghancurkan kunci tersebut dengan cara yang andal dan aman."
|
||
|
||
msgid ""
|
||
"On Linux virtual machines, the application profile above can be used in "
|
||
"conjunction with a tool like `audit2allow <http://wiki.centos.org/HowTos/"
|
||
"SELinux#head-faa96b3fdd922004cdb988c1989e56191c257c01>`_ to build an SELinux "
|
||
"policy that will further protect sensitive system information on most Linux "
|
||
"distributions. SELinux uses a combination of users, policies and security "
|
||
"contexts to compartmentalize the resources needed for an application to run, "
|
||
"and segmenting it from other system resources that are not needed."
|
||
msgstr ""
|
||
"Pada mesin virtual Linux, profil aplikasi di atas bisa digunakan bersamaan "
|
||
"dengan tool seperti `audit2allow <http://wiki.centos.org/HowTos/SELinux#head-"
|
||
"faa96b3fdd922004cdb988c1989e56191c257c01>`_ untuk membangun sebuah kebijakan "
|
||
"SELinux yang selanjutnya akan melindungi informasi sistem yang sensitif pada "
|
||
"sebagian besar distribusi Linux. SELinux menggunakan kombinasi antara "
|
||
"pengguna, kebijakan dan konteks keamanan untuk mengelompokkan sumber daya "
|
||
"yang dibutuhkan agar aplikasi dapat berjalan, dan melakukan segmentasi dari "
|
||
"sumber daya sistem lain yang tidak diperlukan."
|
||
|
||
msgid "On the RabbitMQ server, delete the default ``guest`` user:"
|
||
msgstr "Di server RabbitMQ, hapus pengguna ``guest`` default:"
|
||
|
||
msgid ""
|
||
"On the RabbitMQ server, for each OpenStack service or node that communicates "
|
||
"with the message queue set up user accounts and privileges:"
|
||
msgstr ""
|
||
"Di server RabbitMQ, untuk setiap layanan atau simpul OpenStack yang "
|
||
"berkomunikasi dengan antrian pesan, siapkan akun pengguna dan hak istimewa "
|
||
"(privileges):"
|
||
|
||
msgid ""
|
||
"On the VM, send some text to the newly attached volume and synchronize it:"
|
||
msgstr ""
|
||
"Di VM, kirim beberapa teks ke volume yang baru dilampirkan dan sinkronkan:"
|
||
|
||
msgid ""
|
||
"On the image below you can see how different parts of the Shared File System "
|
||
"service interact with each other."
|
||
msgstr ""
|
||
"Pada image di bawah ini Anda dapat melihat bagaimana berbagai bagian layanan "
|
||
"Shared File System berinteraksi satu sama lain."
|
||
|
||
msgid ""
|
||
"On the system hosting cinder volume services, synchronize to flush the I/O "
|
||
"cache then test to see if your string can be found:"
|
||
msgstr ""
|
||
"Pada sistem hosting layanan volume cinder, sinkronkan untuk menyiram (flush) "
|
||
"cache I/O kemudian menguji untuk melihat apakah string Anda dapat ditemukan:"
|
||
|
||
msgid ""
|
||
"Once a cloud is deployed, it is time for an internal audit. This is the time "
|
||
"to compare the controls you identified above with the design, features, and "
|
||
"deployment strategies utilized in your cloud. The goal is to understand how "
|
||
"each control is handled and where gaps exist. Document all of the findings "
|
||
"for future reference."
|
||
msgstr ""
|
||
"Begitu awan digunakan, sekarang saatnya untuk melakukan audit internal. "
|
||
"Inilah saatnya membandingkan kontrol yang Anda identifikasi di atas dengan "
|
||
"desain, fitur, dan strategi penyebaran yang digunakan di awan Anda. "
|
||
"Tujuannya adalah untuk memahami bagaimana setiap kontrol ditangani dan di "
|
||
"mana ada kesenjangan. Dokumentasikan semua temuan untuk referensi di "
|
||
"kemudian hari."
|
||
|
||
msgid ""
|
||
"Once a user is authenticated, a token is generated for authorization and "
|
||
"access to an OpenStack environment. A token can have a variable life span; "
|
||
"however the default value for expiry is one hour. The recommended expiry "
|
||
"value should be set to a lower value that allows enough time for internal "
|
||
"services to complete tasks. In the event that the token expires before tasks "
|
||
"complete, the cloud may become unresponsive or stop providing services. An "
|
||
"example of expended time during use would be the time needed by the Compute "
|
||
"service to transfer a disk image onto the hypervisor for local caching. "
|
||
"Fetching expired tokens when using a valid service token is allowed."
|
||
msgstr ""
|
||
"Setelah pengguna diautentikasi, token dihasilkan untuk otorisasi dan akses "
|
||
"ke lingkungan OpenStack. Token dapat memiliki rentang hidup variabel; namun "
|
||
"nilai default untuk kedaluwarsa adalah satu jam. Nilai kedaluwarsa yang "
|
||
"disarankan harus ditetapkan ke nilai yang lebih rendah yang memungkinkan "
|
||
"cukup waktu bagi layanan internal untuk menyelesaikan tugas. Jika token "
|
||
"berakhir sebelum tugas selesai, cloud mungkin menjadi tidak responsif atau "
|
||
"berhenti memberikan layanan. Contoh dari waktu yang dikeluarkan selama "
|
||
"penggunaan adalah waktu yang dibutuhkan oleh layanan Compute untuk "
|
||
"mentransfer image disk ke hypervisor untuk caching lokal. Mengambil token "
|
||
"yang kedaluwarsa saat menggunakan token layanan yang valid diizinkan."
|
||
|
||
msgid ""
|
||
"Once system security controls are identified, an OpenStack architect will "
|
||
"utilize NIST 800-53 to extract tailored control selection. For example, "
|
||
"specification of what constitutes a \"secure password\"."
|
||
msgstr ""
|
||
"Setelah kontrol keamanan sistem diidentifikasi, arsitek OpenStack akan "
|
||
"menggunakan NIST 800-53 untuk mengekstrak pilihan kontrol yang disesuaikan. "
|
||
"Misalnya, spesifikasi apa yang dimaksud dengan \"secure password\"."
|
||
|
||
msgid ""
|
||
"Once the SSH host key is generated, the host key fingerprint should be "
|
||
"stored in a secure and queryable location. One particularly convenient "
|
||
"solution is DNS using SSHFP resource records as defined in RFC-4255. For "
|
||
"this to be secure, it is necessary that DNSSEC be deployed."
|
||
msgstr ""
|
||
"Setelah SSH host key dihasilkan, host key fingerprint harus disimpan di "
|
||
"lokasi yang aman dan queryable. Salah satu solusi yang sangat mudah "
|
||
"digunakan adalah DNS menggunakan SSHFP resource record sebagaimana "
|
||
"didefinisikan dalam RFC-4255. Agar aman, DNSSEC perlu dikerahkan."
|
||
|
||
msgid ""
|
||
"Once the internal audit results look good, it is time to prepare for an "
|
||
"external audit. There are several key actions to take at this stage, these "
|
||
"are outlined below:"
|
||
msgstr ""
|
||
"Begitu hasil audit internal terlihat bagus, sekarang saatnya mempersiapkan "
|
||
"audit eksternal. Ada beberapa tindakan penting yang harus dilakukan pada "
|
||
"tahap ini, ini diuraikan di bawah ini:"
|
||
|
||
msgid ""
|
||
"Once the node is running, we need to ensure that it remains in a good state "
|
||
"over time. Broadly speaking, this includes both configuration management and "
|
||
"security monitoring. The goals for each of these areas are different. By "
|
||
"checking both, we achieve higher assurance that the system is operating as "
|
||
"desired. We discuss configuration management in the management section, and "
|
||
"security monitoring below."
|
||
msgstr ""
|
||
"Setelah node berjalan, kita perlu memastikan bahwa itu tetap dalam keadaan "
|
||
"baik dari waktu ke waktu. Secara umum, ini mencakup pengelolaan konfigurasi "
|
||
"dan pemantauan keamanan. Tujuan masing-masing daerah berbeda. Dengan "
|
||
"memeriksa keduanya, kami mencapai kepastian yang lebih tinggi bahwa sistem "
|
||
"beroperasi sesuai keinginan. Kami membahas manajemen konfigurasi di bagian "
|
||
"manajemen, dan pemantauan keamanan di bawah ini."
|
||
|
||
msgid ""
|
||
"Once the updates are fully tested, they can be deployed to the production "
|
||
"environment. This deployment should be fully automated using the "
|
||
"configuration management tools described below."
|
||
msgstr ""
|
||
"Setelah pembaruan diuji sepenuhnya, mereka dapat dikirim ke lingkungan "
|
||
"produksi. Penyebaran ini harus sepenuhnya otomatis menggunakan alat "
|
||
"manajemen konfigurasi yang dijelaskan di bawah ini."
|
||
|
||
msgid ""
|
||
"Once you have your Identity service virtual host ready, configure Shibboleth "
|
||
"and upload your metadata to the Identity Provider."
|
||
msgstr ""
|
||
"Setelah Anda menyiapkan host virtualisasi layanan Identity Anda, "
|
||
"konfigurasikan Shibboleth dan unggah metadata Anda ke Identity Provider."
|
||
|
||
msgid ""
|
||
"One additional consideration when selecting a hypervisor is the availability "
|
||
"of various formal certifications and attestations. While they may not be "
|
||
"requirements for your specific organization, these certifications and "
|
||
"attestations speak to the maturity, production readiness, and thoroughness "
|
||
"of the testing a particular hypervisor platform has been subjected to."
|
||
msgstr ""
|
||
"Satu pertimbangan tambahan saat memilih hypervisor adalah tersedianya "
|
||
"berbagai sertifikasi dan pengesahan formal. Meskipun persyaratan tersebut "
|
||
"mungkin bukan persyaratan untuk organisasi khusus Anda, sertifikasi dan "
|
||
"pengesahan ini berbicara mengenai kedewasaan, kesiapan produksi, dan "
|
||
"ketelitian pengujian platform hypervisor tertentu telah menjadi sasaran."
|
||
|
||
msgid "One as a public interface for consumers to reach."
|
||
msgstr ""
|
||
"Salah satunya sebagai antarmuka publik bagi konsumen untuk mencapainya."
|
||
|
||
msgid ""
|
||
"One critical policy decision for a cloud architect is what to do with the "
|
||
"output from a security monitoring tool. There are effectively two options. "
|
||
"The first is to alert a human to investigate and/or take corrective action. "
|
||
"This could be done by including the security alert in a log or events feed "
|
||
"for cloud administrators. The second option is to have the cloud take some "
|
||
"form of remedial action automatically, in addition to logging the event. "
|
||
"Remedial actions could include anything from re-installing a node to "
|
||
"performing a minor service configuration. However, automated remedial action "
|
||
"can be challenging due to the possibility of false positives."
|
||
msgstr ""
|
||
"Salah satu keputusan kebijakan penting untuk arsitek awan adalah apa yang "
|
||
"harus dilakukan dengan keluaran dari alat pemantau keamanan. Ada dua pilihan "
|
||
"yang efektif. Yang pertama adalah mengingatkan manusia untuk menyelidiki "
|
||
"dan / atau melakukan tindakan korektif. Ini bisa dilakukan dengan memasukkan "
|
||
"peringatan keamanan di log atau event feed untuk administrator awan. Pilihan "
|
||
"kedua adalah meminta agar awan mengambil beberapa bentuk tindakan perbaikan "
|
||
"secara otomatis, selain mencatat kejadian tersebut. Tindakan perbaikan bisa "
|
||
"mencakup apa saja dari menginstal ulang node untuk melakukan konfigurasi "
|
||
"layanan kecil. Namun, tindakan perbaikan otomatis bisa jadi tantangan karena "
|
||
"kemungkinan adanya positif palsu (false positive)."
|
||
|
||
msgid ""
|
||
"One decision a cloud architect will need to make regarding Compute service "
|
||
"configuration is whether to use :term:`VNC <Virtual Network Computing "
|
||
"(VNC)>` or :term:`SPICE <Simple Protocol for Independent Computing "
|
||
"Environments (SPICE)>`."
|
||
msgstr ""
|
||
"Salah satu keputusan arsitek awan yang perlu dibuat mengenai konfigurasi "
|
||
"layanan Compute adalah apakah akan digunakan :term:`VNC <Virtual Network "
|
||
"Computing (VNC)>` atau :term:`SPICE <Simple Protocol for Independent "
|
||
"Computing Environments (SPICE)>`."
|
||
|
||
msgid ""
|
||
"One of the biggest indicators of a hypervisor's maturity is the size and "
|
||
"vibrancy of the community that surrounds it. As this concerns security, the "
|
||
"quality of the community affects the availability of expertise if you need "
|
||
"additional cloud operators. It is also a sign of how widely deployed the "
|
||
"hypervisor is, in turn leading to the battle readiness of any reference "
|
||
"architectures and best practices."
|
||
msgstr ""
|
||
"Salah satu indikator terbesar kematangan hypervisor adalah ukuran dan "
|
||
"semangat komunitas yang mengelilinginya. Karena ini menyangkut keamanan, "
|
||
"kualitas masyarakat akan mempengaruhi ketersediaan keahlian jika Anda "
|
||
"membutuhkan operator awan tambahan. Ini juga merupakan tanda betapa luasnya "
|
||
"penyebaran hypervisor ini, yang pada gilirannya menuju ke kesiapan "
|
||
"perjuangan (battle readiness) setiap arsitektur referensi dan praktik "
|
||
"terbaik."
|
||
|
||
msgid ""
|
||
"One of the main security concerns with any OpenStack deployment is the "
|
||
"security and controls around sensitive files, such as the ``nova.conf`` "
|
||
"file. Normally contained in the ``/etc`` directory, this configuration file "
|
||
"contains many sensitive options including configuration details and service "
|
||
"passwords. All such sensitive files should be given strict file level "
|
||
"permissions, and monitored for changes through file integrity monitoring "
|
||
"(FIM) tools such as iNotify or Samhain. These utilities will take a hash of "
|
||
"the target file in a known good state, and then periodically take a new hash "
|
||
"of the file and compare it to the known good hash. An alert can be created "
|
||
"if it was found to have been modified unexpectedly."
|
||
msgstr ""
|
||
"Salah satu masalah keamanan utama dengan penyebaran OpenStack adalah "
|
||
"keamanan dan kontrol di sekitar file sensitif, seperti file ``nova.conf``. "
|
||
"Biasanya terdapat di direktori ``/etc``, file konfigurasi ini berisi banyak "
|
||
"pilihan sensitif termasuk rincian konfigurasi dan kata sandi layanan. Semua "
|
||
"file sensitif tersebut harus diberi hak akses tingkat file yang ketat, dan "
|
||
"memantau perubahan melalui alat file integrity monitoring (FIM) seperti "
|
||
"iNotify atau Samhain. Utilitas ini akan mengambil hash dari file target "
|
||
"dalam keadaan baik yang diketahui, dan kemudian secara berkala mengambil "
|
||
"hash baru dari file tersebut dan membandingkannya dengan hash yang "
|
||
"diketahui. Peringatan dapat dibuat jika ditemukan telah dimodifikasi secara "
|
||
"tidak terduga."
|
||
|
||
msgid ""
|
||
"One of the primary tasks of the data processing controller is to communicate "
|
||
"with the instances it spawns. These instances are provisioned and then "
|
||
"configured depending on the framework being used. The communication between "
|
||
"the controller and the instances uses :term:`secure shell (SSH)` and HTTP "
|
||
"protocols."
|
||
msgstr ""
|
||
"Salah satu tugas utama pengendali pengolahan data adalah berkomunikasi "
|
||
"dengan instance yang ditimbulkannya. Instance ini tersedia dan kemudian "
|
||
"dikonfigurasi tergantung pada kerangka yang digunakan. Komunikasi antara "
|
||
"controller dan instance menggunakan :term:`secure shell (SSH)`dan protokol "
|
||
"HTTP."
|
||
|
||
msgid ""
|
||
"One of the virtues of running instances in a virtualized environment is that "
|
||
"it opens up new opportunities for security controls that are not typically "
|
||
"available when deploying onto bare metal. There are several technologies "
|
||
"that can be applied to the virtualization stack that bring improved "
|
||
"information assurance for cloud tenants."
|
||
msgstr ""
|
||
"Salah satu kebajikan menjalankan instance di lingkungan virtual adalah "
|
||
"membuka kesempatan baru untuk kontrol keamanan yang biasanya tidak tersedia "
|
||
"saat menggunakan bare metal. Ada beberapa teknologi yang bisa diterapkan "
|
||
"pada virtualization stack yang membawa perbaikan kepastian informasi bagi "
|
||
"cloud tenant."
|
||
|
||
msgid ""
|
||
"Only the minimum level of access for users and system services is granted. "
|
||
"This access is based upon role, responsibility and job function. This "
|
||
"security principle of least privilege is written into several international "
|
||
"government security policies, such as NIST 800-53 Section AC-6 within the "
|
||
"United States."
|
||
msgstr ""
|
||
"Hanya tingkat akses minimum untuk pengguna dan layanan sistem yang "
|
||
"diberikan. Akses ini didasarkan pada peran, tanggung jawab dan fungsi "
|
||
"pekerjaan. Prinsip keamanan yang paling tidak istimewa ini ditulis dalam "
|
||
"beberapa kebijakan keamanan pemerintah internasional, seperti NIST 800-53 "
|
||
"Section AC-6 di Amerika Serikat."
|
||
|
||
msgid ""
|
||
"OpenSCAP is an open source tool which takes SCAP content (XML files that "
|
||
"describe security controls) and applies that content to various systems. "
|
||
"Most of the available content available today is for Red Hat Enterprise "
|
||
"Linux and CentOS, but the tools work on any Linux or Windows system."
|
||
msgstr ""
|
||
"OpenSCAP adalah alat open source yang mengambil konten SCAP (file XML yang "
|
||
"menjelaskan kontrol keamanan) dan menerapkan konten tersebut ke berbagai "
|
||
"sistem. Sebagian besar konten yang tersedia saat ini tersedia untuk Red Hat "
|
||
"Enterprise Linux dan CentOS, namun alat ini bekerja pada sistem Linux atau "
|
||
"Windows manapun."
|
||
|
||
msgid ""
|
||
"OpenStack :term:`Compute service (nova)` provides services to support the "
|
||
"management of virtual machine instances at scale, instances that host multi-"
|
||
"tiered applications, dev or test environments, \"Big Data\" crunching Hadoop "
|
||
"clusters, or high-performance computing."
|
||
msgstr ""
|
||
"OpenStack :term:`Compute service (nova)` menyediakan layanan untuk mendukung "
|
||
"pengelolaan instance mesin virtual dalam skala, instance yang menjadi tuan "
|
||
"rumah aplikasi multi-tier, lingkungan dev atau test, pemrosesan (crunching) "
|
||
"\"Big Data\" di klaster Hadoop, atau komputasi berperforma tinggi."
|
||
|
||
msgid "OpenStack API"
|
||
msgstr "OpenStack API"
|
||
|
||
msgid ""
|
||
"OpenStack Admin Guide. SPICE Console. `SPICE Console <https://docs.openstack."
|
||
"org/admin-guide/compute-remote-console-access.html>`_."
|
||
msgstr ""
|
||
"OpenStack Admin Guide. SPICE Console. `SPICE Console <https://docs.openstack."
|
||
"org/admin-guide/compute-remote-console-access.html>`_."
|
||
|
||
msgid ""
|
||
"OpenStack Block Storage (cinder) is a service that provides software "
|
||
"(services and libraries) to self-service manage persistent block-level "
|
||
"storage devices. This creates on-demand access to Block Storage resources "
|
||
"for use with OpenStack Compute (nova) instances. This creates software-"
|
||
"defined storage via abstraction by virtualizing pools of block storage to a "
|
||
"variety of back-end storage devices which can be either software "
|
||
"implementations or traditional hardware storage products. The primary "
|
||
"functions of this is to manage the creation, attaching and detaching of the "
|
||
"block devices. The consumer requires no knowledge of the type of back-end "
|
||
"storage equipment or where it is located."
|
||
msgstr ""
|
||
"OpenStack Block Storage (cinder) adalah layanan yang menyediakan perangkat "
|
||
"lunak (services and libraries) untuk self-service mengelola perangkat "
|
||
"penyimpanan block-level yang tetap. Ini menciptakan akses sesuai permintaan "
|
||
"ke sumber Block Storage untuk digunakan dengan instance OpenStack Compute "
|
||
"(nova). Ini menciptakan software-defined storage melalui abstraksi dengan "
|
||
"virtualizing pool penyimpanan blok ke berbagai perangkat penyimpanan back-"
|
||
"end yang dapat berupa implementasi perangkat lunak ataupun produk "
|
||
"penyimpanan perangkat keras tradisional. Fungsi utama dari ini adalah "
|
||
"mengelola creation, attaching dan detaching perangkat blok. Konsumen tidak "
|
||
"memerlukan pengetahuan tentang jenis peralatan penyimpanan back-end atau "
|
||
"tentang lokasinya."
|
||
|
||
msgid ""
|
||
"OpenStack Compute has a soft-delete feature, which enables an instance that "
|
||
"is deleted to be in a soft-delete state for a defined time period. The "
|
||
"instance can be restored during this time period. To disable the soft-delete "
|
||
"feature, edit the ``etc/nova/nova.conf`` file and leave the "
|
||
"``reclaim_instance_interval`` option empty."
|
||
msgstr ""
|
||
"OpenStack Compute memiliki fitur soft-delete, yang memungkinkan sebuah "
|
||
"instance yang dihapus berada dalam keadaan soft-delete untuk jangka waktu "
|
||
"yang ditentukan. Instance dapat dipulihkan selama periode ini. Untuk "
|
||
"menonaktifkan fitur soft-delete, edit file ``etc/nova/nova.conf`` dan "
|
||
"biarkan opsi ``reclaim_instance_interval``` kosong."
|
||
|
||
msgid ""
|
||
"OpenStack Compute offers a sub-service called nova-conductor which proxies "
|
||
"database connections, with the primary purpose of having the nova compute "
|
||
"nodes interfacing with nova-conductor to meet data persistence needs as "
|
||
"opposed to directly communicating with the database."
|
||
msgstr ""
|
||
"OpenStack Compute menawarkan sub-service yang disebut nova-conductor yang "
|
||
"menghubungkan koneksi database, dengan tujuan utama memiliki nova compute "
|
||
"node yang berinteraksi dengan nova-conductor untuk memenuhi kebutuhan "
|
||
"persistensi data yang bertentangan dengan komunikasi langsung dengan "
|
||
"database."
|
||
|
||
msgid ""
|
||
"OpenStack Compute supports tenant network traffic access controls directly "
|
||
"when deployed with the legacy nova-network service, or may defer access "
|
||
"control to the OpenStack Networking service."
|
||
msgstr ""
|
||
"OpenStack Compute mendukung kontrol akses lalu lintas jaringan tenant secara "
|
||
"langsung saat digunakan dengan layanan nova-network legacy (lawas), atau "
|
||
"dapat menunda kontrol akses ke layanan OpenStack Networking."
|
||
|
||
msgid ""
|
||
"OpenStack Identity service provides ``uuid`` and ``fernet`` as token "
|
||
"providers. The ``uuid`` tokens must be persisted and is considered as "
|
||
"insecure."
|
||
msgstr ""
|
||
"Layanan OpenStack Identity menyediakan ``uuid`` dan ``fernet`` sebagai token "
|
||
"provider. Token ``uuid`` harus tetap bertahan dan dianggap tidak aman."
|
||
|
||
msgid "OpenStack Identity: Management"
|
||
msgstr "OpenStack Identity: Management"
|
||
|
||
msgid ""
|
||
"OpenStack Image Storage (glance) is a service where users can upload and "
|
||
"discover data assets that are meant to be used with other services. This "
|
||
"currently includes images and metadata definitions."
|
||
msgstr ""
|
||
"OpenStack Image Storage (glance) adalah layanan dimana pengguna dapat "
|
||
"mengunggah dan menemukan aset data yang dimaksudkan untuk digunakan dengan "
|
||
"layanan lainnya. Ini mencakup definisi image dan metadata."
|
||
|
||
msgid ""
|
||
"OpenStack Image service has a delayed delete feature, which will pend the "
|
||
"deletion of an image for a defined time period. It is recommended to disable "
|
||
"this feature if it is a security concern, by editing the ``etc/glance/glance-"
|
||
"api.conf`` file and setting the ``delayed_delete`` option as False."
|
||
msgstr ""
|
||
"Layanan OpenStack Image memiliki fitur hapus tertunda, yang akan menunggu "
|
||
"penghapusan image untuk jangka waktu yang ditentukan. Dianjurkan untuk "
|
||
"menonaktifkan fitur ini jika ini adalah masalah keamanan, dengan mengedit "
|
||
"file ``etc/glance/glance-api.conf`` dan menetapkan opsi ``delayed_delete`` "
|
||
"ke False."
|
||
|
||
msgid ""
|
||
"OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. "
|
||
"2014. `OpenStack nova-novnc SSL Configuration <http://lists.openstack.org/"
|
||
"pipermail/openstack/2014-February/005357.html>`_"
|
||
msgstr ""
|
||
"OpenStack Mailing List, [OpenStack] nova-novnc SSL configuration - Havana. "
|
||
"2014. `OpenStack nova-novnc SSL Configuration <http://lists.openstack.org/"
|
||
"pipermail/openstack/2014-February/005357.html>`_"
|
||
|
||
msgid ""
|
||
"OpenStack Networking adds a layer of virtualized network services which "
|
||
"gives tenants the capability to architect their own virtual networks. "
|
||
"Currently, these virtualized services are not as mature as their traditional "
|
||
"networking counterparts. Consider the current state of these virtualized "
|
||
"services before adopting them as it dictates what controls you may have to "
|
||
"implement at the virtualized and traditional network boundaries."
|
||
msgstr ""
|
||
"OpenStack Networking menambahkan lapisan layanan jaringan virtual yang "
|
||
"memberi penyewa kemampuan untuk membuat arsitek jaringan virtual mereka "
|
||
"sendiri. Saat ini, layanan virtual ini tidak semewah jaringan jejaring "
|
||
"tradisional mereka. Pertimbangkan keadaan saat ini dari layanan virtual ini "
|
||
"sebelum mengadopsi mereka karena menentukan kontrol apa yang mungkin harus "
|
||
"Anda terapkan di network boundary (batas jaringan) virtual dan tradisional."
|
||
|
||
msgid ""
|
||
"OpenStack Networking allows cloud tenants to manage their guest network "
|
||
"configurations. Security concerns with the networking service include "
|
||
"network traffic isolation, availability, integrity, and confidentiality."
|
||
msgstr ""
|
||
"OpenStack Networking memungkinkan penyewa awan mengelola konfigurasi "
|
||
"jaringan tamu mereka. Masalah keamanan dengan layanan jaringan meliputi "
|
||
"isolasi lalu lintas jaringan, ketersediaan, integritas, dan kerahasiaan."
|
||
|
||
msgid ""
|
||
"OpenStack Networking also supports per-project quotas limit through a quota "
|
||
"extension API. To enable per-project quotas, you must set the "
|
||
"``quota_driver`` option in ``neutron.conf``."
|
||
msgstr ""
|
||
"OpenStack Networking juga mendukung batas kuota per proyek melalui API "
|
||
"ekstensi kuota. Untuk mengaktifkan kuota per proyek, Anda harus mengatur "
|
||
"opsi ``quota_driver`` di ``neutron.conf``."
|
||
|
||
msgid ""
|
||
"OpenStack Networking can employ two different mechanisms for traffic "
|
||
"segregation on a per tenant/network combination: VLANs (IEEE 802.1Q tagging) "
|
||
"or L2 tunnels using GRE encapsulation. The scope and scale of your OpenStack "
|
||
"deployment determines which method you should utilize for traffic "
|
||
"segregation or isolation."
|
||
msgstr ""
|
||
"Jaringan OpenStack dapat menggunakan dua mekanisme yang berbeda untuk "
|
||
"segregasi lalu lintas pada kombinasi per tenant/network: VLAN (IEEE 802.1Q "
|
||
"tagging) atau L2 tunnel menggunakan enkapsulasi GRE. Ruang lingkup dan skala "
|
||
"penyebaran OpenStack Anda menentukan metode mana yang harus Anda gunakan "
|
||
"untuk segregasi lalu lintas atau isolasi."
|
||
|
||
msgid ""
|
||
"OpenStack Networking currently supports both GRE and VXLAN encapsulation."
|
||
msgstr "OpenStack Networking saat ini mendukung enkapsulasi GRE dan VXLAN."
|
||
|
||
msgid "OpenStack Networking has the following known limitations:"
|
||
msgstr "OpenStack Networking memiliki keterbatasan yang diketahui berikut ini:"
|
||
|
||
msgid ""
|
||
"OpenStack Networking is a standalone service that often deploys several "
|
||
"processes across a number of nodes. These processes interact with each other "
|
||
"and other OpenStack services. The main process of the OpenStack Networking "
|
||
"service is *neutron-server*, a Python daemon that exposes the OpenStack "
|
||
"Networking API and passes tenant requests to a suite of plug-ins for "
|
||
"additional processing."
|
||
msgstr ""
|
||
"OpenStack Networking adalah layanan standalone yang sering kali deploy "
|
||
"(mengerahkan) beberapa proses ke sejumlah node. Proses ini saling "
|
||
"berinteraksi satu sama lain dan layanan OpenStack lainnya. Proses utama "
|
||
"layanan OpenStack Networking adalah *neutron-server*, sebuah daemon Python "
|
||
"yang mengekspos OpenStack Networking API dan melewati permintaan penyewa ke "
|
||
"rangkaian plug-in untuk pemrosesan tambahan."
|
||
|
||
msgid ""
|
||
"OpenStack Networking provides users self services of network resources and "
|
||
"configurations. It is important that cloud architects and operators evaluate "
|
||
"their design use cases in providing users the ability to create, update, and "
|
||
"destroy available network resources."
|
||
msgstr ""
|
||
"OpenStack Networking menyediakan pengguna layanan jaringan dan sumber daya "
|
||
"jaringan. Adalah penting bahwa arsitek dan operator awan mengevaluasi kasus "
|
||
"penggunaan desain mereka dalam memberikan pengguna kemampuan untuk membuat, "
|
||
"memperbarui, dan menghancurkan sumber daya jaringan yang tersedia."
|
||
|
||
msgid ""
|
||
"OpenStack Networking routers can connect multiple L2 networks, and can also "
|
||
"provide a *gateway* that connects one or more private L2 networks to a "
|
||
"shared *external* network, such as a public network for access to the "
|
||
"Internet."
|
||
msgstr ""
|
||
"Router OpenStack Networking dapat menghubungkan beberapa jaringan L2, dan "
|
||
"juga dapat menyediakan *gateway* yang menghubungkan satu atau beberapa "
|
||
"jaringan L2 pribadi ke jaringan *external* bersama, seperti jaringan publik "
|
||
"untuk akses ke Internet."
|
||
|
||
msgid "OpenStack Networking service configuration"
|
||
msgstr "Konfigurasi layanan OpenStack Networking"
|
||
|
||
msgid "OpenStack Networking service placement on physical servers"
|
||
msgstr "Penyediaan layanan OpenStack Networking pada server fisik"
|
||
|
||
msgid ""
|
||
"OpenStack Networking supports multiple L3 and DHCP agents with load "
|
||
"balancing. However, tight coupling of the location of the virtual machine is "
|
||
"not supported. In other words, the default Virtual Machine scheduler will "
|
||
"not take the location of the agents into account when creating virtual "
|
||
"machines."
|
||
msgstr ""
|
||
"OpenStack Networking mendukung beberapa agen L3 dan DHCP dengan load "
|
||
"balancing. Namun, coupling yang ketat dari lokasi mesin virtual tidak "
|
||
"didukung. Dengan kata lain, penjadwal Virtual Machine default tidak akan "
|
||
"mempertimbangkan lokasi agen saat membuat mesin virtual."
|
||
|
||
msgid ""
|
||
"OpenStack Networking was designed with a plug-in architecture that provides "
|
||
"extensibility of the API through open source community or third-party "
|
||
"services. As you evaluate your architectural design requirements, it is "
|
||
"important to determine what features are available in OpenStack Networking "
|
||
"core services, any additional services that are provided by third-party "
|
||
"products, and what supplemental services are required to be implemented in "
|
||
"the physical infrastructure."
|
||
msgstr ""
|
||
"OpenStack Networking dirancang dengan arsitektur plug-in yang memberikan "
|
||
"perluasan API melalui komunitas open source atau layanan pihak ketiga. Saat "
|
||
"Anda mengevaluasi persyaratan disain arsitektural Anda, penting untuk "
|
||
"menentukan fitur apa yang tersedia di layanan inti OpenStack Networking, "
|
||
"layanan tambahan yang disediakan oleh produk pihak ketiga, dan layanan "
|
||
"tambahan apa yang harus diimplementasikan di infrastruktur fisik."
|
||
|
||
msgid ""
|
||
"OpenStack Object Storage (swift) service provides software that stores and "
|
||
"retrieves data over HTTP. Objects (blobs of data) are stored in an "
|
||
"organizational hierarchy that offers anonymous read-only access, ACL defined "
|
||
"access, or even temporary access. Object Storage supports multiple token-"
|
||
"based authentication mechanisms implemented via middleware."
|
||
msgstr ""
|
||
"Layanan OpenStack Object Storage (swift) menyediakan perangkat lunak yang "
|
||
"menyimpan dan mengambil data melalui HTTP. Objek (blobs of data) disimpan "
|
||
"dalam hirarki organisasi yang menawarkan akses anonymous read-only, akses "
|
||
"yang ditentukan ACL, atau bahkan akses sementara. Object Storage mendukung "
|
||
"beberapa mekanisme otentikasi berbasis token yang diimplementasikan melalui "
|
||
"middleware."
|
||
|
||
msgid "OpenStack Object Storage account"
|
||
msgstr "Akun OpenStack Object Storage"
|
||
|
||
msgid "OpenStack Object Storage containers"
|
||
msgstr "Kontainer OpenStack Object Storage"
|
||
|
||
msgid "OpenStack Object Storage objects"
|
||
msgstr "Obyek OpenStack Object Storage"
|
||
|
||
msgid ""
|
||
"OpenStack Security Advisories (OSSA) are created by the OpenStack "
|
||
"Vulnerability Management Team (VMT). They pertain to security holes in core "
|
||
"OpenStack services. More information on the VMT can be found in "
|
||
"`Vulnerability Management Process <https://security.openstack.org/vmt-"
|
||
"process.html>`_."
|
||
msgstr ""
|
||
"OpenStack Security Advisories (OSSA) dibuat oleh OpenStack Vulnerability "
|
||
"Management Team (VMT). Mereka terkait dengan lubang keamanan di layanan inti "
|
||
"OpenStack. Informasi lebih lanjut tentang VMT dapat ditemukan di "
|
||
"`Vulnerability Management Process <https://security.openstack.org/vmt-"
|
||
"process.html>`_."
|
||
|
||
msgid "OpenStack Security Guide"
|
||
msgstr "Panduan Keamanan OpenStack"
|
||
|
||
msgid ""
|
||
"OpenStack Security Notes (OSSN) are created by the OpenStack Security Group "
|
||
"(OSSG) to support the work of the VMT. OSSN address issues in supporting "
|
||
"software and common deployment configurations. They are referenced "
|
||
"throughout this guide. Security Notes are archived at `OSSN <https://wiki."
|
||
"openstack.org/wiki/OSSN>`_."
|
||
msgstr ""
|
||
"OpenStack Security Notes (OSSN) dibuat oleh OpenStack Security Group (OSSG) "
|
||
"untuk mendukung pekerjaan VMT. OSSN mengatasi masalah dalam mendukung "
|
||
"perangkat lunak dan konfigurasi penggunaan umum. Mereka dirujuk di seluruh "
|
||
"panduan ini. Catatan Keamanan diarsipkan di `OSSN <https://wiki.openstack."
|
||
"org/wiki/OSSN>`_."
|
||
|
||
msgid ""
|
||
"OpenStack and the underlying virtualization layers provide for the live "
|
||
"migration of images between OpenStack nodes, allowing you to seamlessly "
|
||
"perform rolling upgrades of your OpenStack compute nodes without instance "
|
||
"downtime. However, live migrations also carry significant risk. To "
|
||
"understand the risks involved, the following are the high-level steps "
|
||
"performed during a live migration:"
|
||
msgstr ""
|
||
"OpenStack dan lapisan virtualisasi yang mendasari menyediakan migrasi "
|
||
"langsung image antara node OpenStack, yang memungkinkan Anda melakukan "
|
||
"upgrade rolling node OpenStack tanpa downtime tanpa batas. Namun, migrasi "
|
||
"langsung juga membawa risiko signifikan. Untuk memahami risiko yang "
|
||
"terlibat, berikut adalah langkah tingkat tinggi yang dilakukan selama "
|
||
"migrasi langsung:"
|
||
|
||
msgid ""
|
||
"OpenStack architects interpret and respond to HIPAA statements, with data "
|
||
"encryption remaining a core practice. Currently, this would require any "
|
||
"protected health information contained within an OpenStack deployment to be "
|
||
"encrypted with industry standard encryption algorithms. Potential future "
|
||
"OpenStack projects such as object encryption will facilitate HIPAA "
|
||
"guidelines for compliance with the act."
|
||
msgstr ""
|
||
"Arsitek OpenStack menafsirkan dan menanggapi pernyataan HIPAA, dengan "
|
||
"enkripsi data tetap menjadi praktik inti. Saat ini, ini memerlukan informasi "
|
||
"kesehatan terlindungi yang terkandung dalam penerapan OpenStack untuk "
|
||
"dienkripsi dengan algoritma enkripsi standar industri. Potensi proyek "
|
||
"OpenStack masa depan seperti enkripsi objek akan memfasilitasi pedoman HIPAA "
|
||
"untuk mematuhi undang-undang tersebut."
|
||
|
||
msgid ""
|
||
"OpenStack can be configured to provide remote desktop console access to "
|
||
"instances for tenants and administrators using the Virtual Network Computer "
|
||
"(VNC) protocol."
|
||
msgstr ""
|
||
"OpenStack dapat dikonfigurasi untuk menyediakan akses konsol remote desktop "
|
||
"ke beberapa instance penyewa dan administrator menggunakan protokol Virtual "
|
||
"Network Computer (VNC)."
|
||
|
||
msgid ""
|
||
"OpenStack components communicate with each other using various protocols and "
|
||
"communication might involve sensitive or confidential data. An attacker may "
|
||
"try to eavesdrop on the channel in order to get access to sensitive "
|
||
"information. Therefore all components must communicate with each other using "
|
||
"a secured communication protocol."
|
||
msgstr ""
|
||
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
|
||
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
|
||
"Penyerang dapat mencoba menguping saluran untuk mendapatkan akses ke "
|
||
"informasi sensitif. Oleh karena itu semua komponen harus berkomunikasi satu "
|
||
"sama lain menggunakan protokol komunikasi yang aman."
|
||
|
||
msgid ""
|
||
"OpenStack components communicate with each other using various protocols and "
|
||
"the communication might involve sensitive / confidential data. An attacker "
|
||
"may try to eavesdrop on the channel in order to get access to sensitive "
|
||
"information. Thus all the components must communicate with each other using "
|
||
"a secured communication protocol."
|
||
msgstr ""
|
||
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
|
||
"protokol dan komunikasi mungkin melibatkan data sensitif / rahasia. "
|
||
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
|
||
"akses ke informasi sensitif. Dengan demikian semua komponen harus saling "
|
||
"berkomunikasi menggunakan protokol komunikasi yang aman."
|
||
|
||
msgid ""
|
||
"OpenStack components communicate with each other using various protocols and "
|
||
"the communication might involve sensitive or confidential data. An attacker "
|
||
"may try to eavesdrop on the channel in order to get access to sensitive "
|
||
"information. All components must communicate with each other using a secured "
|
||
"communication protocol."
|
||
msgstr ""
|
||
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
|
||
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
|
||
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
|
||
"akses ke informasi sensitif. Semua komponen harus berkomunikasi satu sama "
|
||
"lain menggunakan protokol komunikasi aman."
|
||
|
||
msgid ""
|
||
"OpenStack components communicate with each other using various protocols and "
|
||
"the communication might involve sensitive or confidential data. An attacker "
|
||
"may try to eavesdrop on the channel in order to get access to sensitive "
|
||
"information. All the components must communicate with each other using a "
|
||
"secured communication protocol."
|
||
msgstr ""
|
||
"Komponen OpenStack berkomunikasi satu sama lain menggunakan berbagai "
|
||
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
|
||
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
|
||
"akses ke informasi sensitif. Semua komponen harus berkomunikasi satu sama "
|
||
"lain menggunakan protokol komunikasi aman."
|
||
|
||
msgid ""
|
||
"OpenStack components communicate with each other using various protocols and "
|
||
"the communication might involve sensitive or confidential data. An attacker "
|
||
"may try to eavesdrop on the channel in order to get access to sensitive "
|
||
"information. Thus all the components must communicate with each other using "
|
||
"a secured communication protocol like HTTPS."
|
||
msgstr ""
|
||
"Komponen OpenStack berkomunikasi satu sama lain menggunakan berbagai "
|
||
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
|
||
"Penyerang dapat mencoba menguping (eavesdrop) saluran untuk mendapatkan "
|
||
"akses ke informasi sensitif. Dengan demikian semua komponen harus "
|
||
"berkomunikasi satu sama lain menggunakan protokol komunikasi aman seperti "
|
||
"HTTPS."
|
||
|
||
msgid ""
|
||
"OpenStack components communicate with each other using various protocols and "
|
||
"the communication might involve sensitive or confidential data. An attacker "
|
||
"may try to eavesdrop on the channel in order to get access to sensitive "
|
||
"information. Thus all the components must communicate with each other using "
|
||
"a secured communication protocol."
|
||
msgstr ""
|
||
"Komponen OpenStack berkomunikasi satu sama lain dengan menggunakan berbagai "
|
||
"protokol dan komunikasi mungkin melibatkan data sensitif atau rahasia. "
|
||
"Penyerang dapat mencoba menguping saluran untuk mendapatkan akses ke "
|
||
"informasi sensitif. Dengan demikian semua komponen harus berkomunikasi satu "
|
||
"sama lain menggunakan protokol komunikasi yang aman."
|
||
|
||
msgid "OpenStack compute node: Management and guest"
|
||
msgstr "OpenStack compute node: Management and guest"
|
||
|
||
msgid "OpenStack dashboard (horizon)"
|
||
msgstr "OpenStack dashboard (horizon)"
|
||
|
||
msgid "OpenStack dashboard: Public and management"
|
||
msgstr "OpenStack dashboard: Public and management"
|
||
|
||
msgid "OpenStack database access model"
|
||
msgstr "Model akses database OpenStack"
|
||
|
||
msgid ""
|
||
"OpenStack deployments that store, process, or transmit payment card details "
|
||
"are in scope for the PCI-DSS. All OpenStack components that are not properly "
|
||
"segmented from systems or networks that handle payment data fall under the "
|
||
"guidelines of the PCI-DSS. Segmentation in the context of PCI-DSS does not "
|
||
"support multi-tenancy, but rather physical separation (host/network)."
|
||
msgstr ""
|
||
"Pengerahan OpenStack yang menyimpan, memproses, atau mengirimkan rincian "
|
||
"kartu pembayaran berada dalam cakupan PCI-DSS. Semua komponen OpenStack yang "
|
||
"tidak tersegmentasi dengan benar dari sistem atau jaringan yang menangani "
|
||
"data pembayaran termasuk dalam pedoman PCI-DSS. Segmentasi dalam konteks PCI-"
|
||
"DSS tidak mendukung multi-tenancy, melainkan pemisahan fisik (host/network)."
|
||
|
||
msgid ""
|
||
"OpenStack does not support message-level confidence, such as message "
|
||
"signing. Consequently, you must secure and authenticate the message "
|
||
"transport itself. For high-availability (HA) configurations, you must "
|
||
"perform queue-to-queue authentication and encryption."
|
||
msgstr ""
|
||
"OpenStack tidak mendukung tingkat kepercayaan pesan, seperti penandatanganan "
|
||
"pesan. Akibatnya, Anda harus mengamankan dan mengotentikasi transportasi "
|
||
"pesan itu sendiri. Untuk konfigurasi high-availability (HA), Anda harus "
|
||
"melakukan otentikasi dan enkripsi queue-to-queue."
|
||
|
||
msgid ""
|
||
"OpenStack embraces a modular architecture to provide a set of core services "
|
||
"that facilitates scalability and elasticity as core design tenets. This "
|
||
"chapter briefly reviews OpenStack components, their use cases and security "
|
||
"considerations."
|
||
msgstr ""
|
||
"OpenStack menganut arsitektur modular untuk menyediakan satu set layanan "
|
||
"inti yang memfasilitasi skalabilitas dan elastisitas sebagai prinsip desain "
|
||
"inti. Bab ini secara singkat mengulas komponen OpenStack, kasus penggunaan "
|
||
"dan pertimbangan keamanan mereka."
|
||
|
||
msgid ""
|
||
"OpenStack endpoints are HTTP services providing APIs to both end-users on "
|
||
"public networks and to other OpenStack services on the management network. "
|
||
"It is highly recommended that all of these requests, both internal and "
|
||
"external, operate over TLS. To achieve this goal, API services must be "
|
||
"deployed behind a TLS proxy that can establish and terminate TLS sessions. "
|
||
"The following table offers a non-exhaustive list of open source software "
|
||
"that can be used for this purpose:"
|
||
msgstr ""
|
||
"Endpoint OpenStack adalah layanan HTTP yang menyediakan API kepada endpoint "
|
||
"di jaringan publik dan layanan OpenStack lainnya di jaringan manajemen. "
|
||
"Sangat disarankan agar semua permintaan ini, baik internal maupun eksternal, "
|
||
"beroperasi di atas TLS. Untuk mencapai tujuan ini, layanan API harus "
|
||
"ditempatkan di belakang proxy TLS yang dapat menetapkan dan menghentikan "
|
||
"sesi TLS. Tabel berikut ini menawarkan daftar lengkap perangkat lunak open "
|
||
"source yang dapat digunakan untuk tujuan ini:"
|
||
|
||
msgid ""
|
||
"OpenStack has not undergone Common Criteria certification, however many of "
|
||
"the available hypervisors have."
|
||
msgstr ""
|
||
"OpenStack belum mengikuti sertifikasi Common Criteria, namun banyak "
|
||
"hypervisor yang tersedia."
|
||
|
||
msgid ""
|
||
"OpenStack is a key enabler in the adoption of cloud technology and has "
|
||
"several common deployment use cases. These are commonly known as Public, "
|
||
"Private, and Hybrid models. The following sections use the National "
|
||
"Institute of Standards and Technology (NIST) `definition of cloud <http://"
|
||
"nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf>`__ to "
|
||
"introduce these different types of cloud as they apply to OpenStack."
|
||
msgstr ""
|
||
"OpenStack adalah enabler kunci dalam penerapan teknologi awan dan memiliki "
|
||
"beberapa kasus penggunaan umum. Ini umumnya dikenal sebagai model Public, "
|
||
"Private, and Hybrid. Bagian berikut menggunakan National Institute of "
|
||
"Standards and Technology (NIST) `definition of cloud <http://nvlpubs.nist."
|
||
"gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf>`__ untuk "
|
||
"mengenalkan berbagai jenis awan ini saat mereka mendaftar ke OpenStack."
|
||
|
||
msgid ""
|
||
"OpenStack is designed to support multitenancy and those tenants will most "
|
||
"probably have different data requirements. As a cloud builder or operator, "
|
||
"you must ensure your OpenStack environment addresses data privacy concerns "
|
||
"and regulations. In this chapter we will address data residency and disposal "
|
||
"as it pertains to OpenStack implementations."
|
||
msgstr ""
|
||
"OpenStack dirancang untuk mendukung multitenancy dan tenant (penyewa) "
|
||
"tersebut kemungkinan besar memiliki persyaratan data yang berbeda. Sebagai "
|
||
"pembangun atau operator awan, Anda harus memastikan lingkungan OpenStack "
|
||
"Anda menangani masalah dan persyaratan privasi data. Dalam bab ini kita akan "
|
||
"membahas residensi data dan pembuangan karena berkaitan dengan implementasi "
|
||
"OpenStack."
|
||
|
||
msgid ""
|
||
"OpenStack is innovative in many ways however the process used to audit an "
|
||
"OpenStack deployment is fairly common. Auditors will evaluate a process by "
|
||
"two criteria: Is the control designed effectively and if the control is "
|
||
"operating effectively. An understanding of how an auditor evaluates if a "
|
||
"control is designed and operating effectively will be discussed in the "
|
||
"section called :doc:`understanding-the-audit-process`."
|
||
msgstr ""
|
||
"OpenStack inovatif dalam banyak hal namun proses yang digunakan untuk "
|
||
"mengaudit penyebaran OpenStack cukup umum terjadi. Auditor akan mengevaluasi "
|
||
"suatu proses dengan dua kriteria: Apakah pengendalian dirancang secara "
|
||
"efektif dan jika pengendaliannya berjalan efektif. Pemahaman tentang "
|
||
"bagaimana auditor mengevaluasi jika suatu pengendalian dirancang dan "
|
||
"beroperasi secara efektif akan dibahas di bagian yang disebut :doc:"
|
||
"`understanding-the-audit-process`."
|
||
|
||
msgid ""
|
||
"OpenStack management relies on out-of-band management interfaces such as the "
|
||
"IPMI protocol to access into nodes running OpenStack components. IPMI is a "
|
||
"very popular specification to remotely manage, diagnose, and reboot servers "
|
||
"whether the operating system is running or the system has crashed."
|
||
msgstr ""
|
||
"Manajemen OpenStack mengandalkan antarmuka manajemen out-of-band seperti "
|
||
"protokol IPMI untuk mengakses node yang menjalankan komponen OpenStack. IPMI "
|
||
"adalah spesifikasi yang sangat populer untuk mengelola, mendiagnosis, dan "
|
||
"server reboot jarak jauh apakah sistem operasi berjalan atau sistem mogok "
|
||
"(crashed)."
|
||
|
||
msgid "OpenStack management utilities such as nova-manage and glance-manage"
|
||
msgstr ""
|
||
"Utilitas manajemen OpenStack seperti manajemen nova-manage dan glance-manage"
|
||
|
||
msgid ""
|
||
"OpenStack network node: Management, guest, and possibly public depending "
|
||
"upon neutron-plugin in use."
|
||
msgstr ""
|
||
"OpenStack network node: Management, guest, dan mungkin publik tergantung "
|
||
"pada plugin neutron yang digunakan."
|
||
|
||
msgid ""
|
||
"OpenStack operators should strive to provide a certain level of tenant data "
|
||
"disposal assurance. Best practices suggest that the operator sanitize cloud "
|
||
"system media (digital and non-digital) prior to disposal, release out of "
|
||
"organization control or release for reuse. Sanitization methods should "
|
||
"implement an appropriate level of strength and integrity given the specific "
|
||
"security domain and sensitivity of the information."
|
||
msgstr ""
|
||
"Operator OpenStack harus berusaha memberikan tingkat jaminan penyewa data "
|
||
"tingkat tertentu. Praktik terbaik menunjukkan bahwa operator membersihkan "
|
||
"media sistem awan (digital dan non-digital) sebelum dibuang, bebas dari "
|
||
"pengendalian organisasi atau pelepasan untuk digunakan kembali. Metode "
|
||
"sanitasi harus menerapkan tingkat kekuatan dan integritas yang tepat "
|
||
"mengingat domain keamanan dan kepekaan informasi yang spesifik."
|
||
|
||
msgid ""
|
||
"OpenStack provides both public facing and private API endpoints. By default, "
|
||
"OpenStack components use the publicly defined endpoints. The recommendation "
|
||
"is to configure these components to use the API endpoint within the proper "
|
||
"security domain."
|
||
msgstr ""
|
||
"OpenStack menyediakan endpoint API yang dihadapi publik maupun pribadi. "
|
||
"Secara default, komponen OpenStack menggunakan endpoint yang ditentukan "
|
||
"secara umum. Rekomendasinya adalah mengkonfigurasi komponen ini untuk "
|
||
"menggunakan endpoint API dalam domain keamanan yang tepat."
|
||
|
||
msgid ""
|
||
"OpenStack provides security groups for both hosts and the network to add "
|
||
"defense in depth to the virtual machines in a given project. These are "
|
||
"similar to host-based firewalls as they allow or deny incoming traffic based "
|
||
"on port, protocol, and address, however security group rules are applied to "
|
||
"incoming traffic only, while host-based firewall rules are able to be "
|
||
"applied to both incoming and outgoing traffic. It is also possible for host "
|
||
"and network security group rules to conflict and deny legitimate traffic. We "
|
||
"recommend ensuring that security groups are configured correctly for the "
|
||
"networking being used. See :ref:`networking-security-groups` in this guide "
|
||
"for more detail."
|
||
msgstr ""
|
||
"OpenStack menyediakan kelompok keamanan untuk kedua host dan jaringan untuk "
|
||
"menambahkan pertahanan secara mendalam ke mesin virtual dalam proyek "
|
||
"tertentu. Ini mirip dengan firewall berbasis host saat mereka mengizinkan "
|
||
"atau menolak lalu lintas masuk berdasarkan port, protokol, dan alamat, namun "
|
||
"peraturan kelompok keamanan hanya berlaku untuk lalu lintas masuk, sementara "
|
||
"aturan firewall berbasis host dapat diterapkan pada masuk dan masuk lalu "
|
||
"lintas keluar. Hal ini juga memungkinkan peraturan kelompok host dan "
|
||
"keamanan jaringan bertentangan dan menolak lalu lintas yang sah. Sebaiknya "
|
||
"pastikan bahwa kelompok keamanan dikonfigurasi dengan benar untuk jaringan "
|
||
"yang sedang digunakan. Lihat :ref: `networking-security-groups` dalam "
|
||
"panduan ini untuk detail lebih lanjut."
|
||
|
||
msgid ""
|
||
"OpenStack provides several management interfaces for operators and tenants:"
|
||
msgstr ""
|
||
"OpenStack menyediakan beberapa antarmuka manajemen untuk operator dan "
|
||
"penyewa:"
|
||
|
||
msgid "OpenStack releases security information through two channels."
|
||
msgstr "OpenStack merilis informasi keamanan melalui dua saluran."
|
||
|
||
msgid "OpenStack security notes"
|
||
msgstr "Catatan keamanan OpenStack"
|
||
|
||
msgid "OpenStack service configuration: Qpid"
|
||
msgstr "Konfigurasi layanan OpenStack: Qpid"
|
||
|
||
msgid "OpenStack service configuration: RabbitMQ"
|
||
msgstr "Konfigurasi layanan OpenStack: RabbitMQ"
|
||
|
||
msgid "OpenStack service database configuration"
|
||
msgstr "Konfigurasi database layanan OpenStack"
|
||
|
||
msgid "OpenStack service overview"
|
||
msgstr "Ikhtisar layanan OpenStack"
|
||
|
||
msgid "OpenStack software components, such as Identity or Compute"
|
||
msgstr "Komponen perangkat lunak OpenStack, seperti Identity or Compute"
|
||
|
||
msgid ""
|
||
"OpenStack supports various authentication strategies including noauth, and "
|
||
"keystone. If the ``noauth`` strategy is used, then users can interact with "
|
||
"OpenStack services without any authentication. This could be a potential "
|
||
"risk since an attacker might gain unauthorized access to the OpenStack "
|
||
"components. We strongly recommend that all services must be authenticated "
|
||
"with keystone using their service accounts."
|
||
msgstr ""
|
||
"OpenStack mendukung berbagai strategi otentikasi termasuk noauth, dan "
|
||
"keystone. Jika strategi ``noauth`` digunakan, pengguna dapat berinteraksi "
|
||
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
|
||
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
|
||
"OpenStack. Kami sangat menyarankan agar semua layanan harus diotentikasi "
|
||
"dengan keystone menggunakan akun layanan mereka."
|
||
|
||
msgid ""
|
||
"OpenStack supports various authentication strategies like ``noauth`` and "
|
||
"``keystone``. If the ``noauth`` strategy is used then the users can interact "
|
||
"with OpenStack services without any authentication. This could be a "
|
||
"potential risk since an attacker might gain unauthorized access to the "
|
||
"OpenStack components. We strongly recommend that all services must be "
|
||
"authenticated with keystone using their service accounts."
|
||
msgstr ""
|
||
"OpenStack mendukung berbagai strategi otentikasi seperti ``noauth`` dan "
|
||
"``keystone``. Jika strategi ``noauth`` digunakan maka pengguna dapat "
|
||
"berinteraksi dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa "
|
||
"menjadi risiko potensial karena penyerang bisa mendapatkan akses tidak sah "
|
||
"ke komponen OpenStack. Kami sangat menyarankan agar semua layanan harus "
|
||
"diotentikasi dengan keystone menggunakan akun layanan mereka."
|
||
|
||
msgid ""
|
||
"OpenStack supports various authentication strategies like noauth and "
|
||
"keystone. If the '``noauth``' strategy is used then the users could interact "
|
||
"with OpenStack services without any authentication. This could be a "
|
||
"potential risk since an attacker might gain unauthorized access to the "
|
||
"OpenStack components. Thus it is strongly recommended that all services must "
|
||
"be authenticated with keystone using their service accounts."
|
||
msgstr ""
|
||
"OpenStack mendukung berbagai strategi otentikasi seperti noauth dan "
|
||
"keystone. Jika strategi ``noauth``' digunakan maka pengguna dapat "
|
||
"berinteraksi dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa "
|
||
"menjadi risiko potensial karena penyerang bisa mendapatkan akses tidak sah "
|
||
"ke komponen OpenStack. Jadi sangat disarankan agar semua layanan harus "
|
||
"diautentikasi dengan keystone menggunakan akun layanan mereka."
|
||
|
||
msgid ""
|
||
"OpenStack supports various authentication strategies like noauth, and "
|
||
"keystone. If the noauth strategy is used, then the users could interact with "
|
||
"OpenStack services without any authentication. This could be a potential "
|
||
"risk since an attacker might gain unauthorized access to the OpenStack "
|
||
"components. We strongly recommend that all services must be authenticated "
|
||
"with keystone using their service accounts."
|
||
msgstr ""
|
||
"OpenStack mendukung berbagai strategi otentikasi seperti noauth, dan "
|
||
"keystone. Jika strategi noauth digunakan, maka pengguna bisa berinteraksi "
|
||
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
|
||
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
|
||
"OpenStack. Kami sangat menyarankan agar semua layanan harus diotentikasi "
|
||
"dengan keystone menggunakan akun layanan mereka."
|
||
|
||
msgid ""
|
||
"OpenStack supports various authentication strategies like noauth, keystone "
|
||
"etc. If the 'noauth' strategy is used then the users could interact with "
|
||
"OpenStack services without any authentication. This could be a potential "
|
||
"risk since an attacker might gain unauthorized access to the OpenStack "
|
||
"components. Thus it is strongly recommended that all services must be "
|
||
"authenticated with keystone using their service accounts."
|
||
msgstr ""
|
||
"OpenStack mendukung berbagai strategi otentikasi seperti noauth, keystone "
|
||
"dll. Jika strategi 'noauth' digunakan maka pengguna dapat berinteraksi "
|
||
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
|
||
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
|
||
"OpenStack. Jadi sangat disarankan agar semua layanan harus diautentikasi "
|
||
"dengan keystone menggunakan akun layanan mereka."
|
||
|
||
msgid ""
|
||
"OpenStack supports various authentication strategies like noauth, keystone "
|
||
"etc. If the 'noauth' strategy is used then the users could interact with "
|
||
"OpenStack services without any authentication. This could be a potential "
|
||
"risk since an attacker might gain unauthorized access to the OpenStack "
|
||
"components. Thus we strongly recommend that all services must be "
|
||
"authenticated with keystone using their service accounts."
|
||
msgstr ""
|
||
"OpenStack mendukung berbagai strategi otentikasi seperti noauth, keystone "
|
||
"dll. Jika strategi 'noauth' digunakan maka pengguna dapat berinteraksi "
|
||
"dengan layanan OpenStack tanpa autentikasi apapun. Ini bisa menjadi risiko "
|
||
"potensial karena penyerang bisa mendapatkan akses tidak sah ke komponen "
|
||
"OpenStack. Dengan demikian, kami sangat menyarankan agar semua layanan harus "
|
||
"diotentikasi dengan keystone menggunakan akun layanan mereka."
|
||
|
||
msgid "OpenStack vulnerability management team"
|
||
msgstr "Tim manajemen kerentanan OpenStack"
|
||
|
||
msgid ""
|
||
"OpenStack's sVirt implementation aspires to protect hypervisor hosts and "
|
||
"virtual machines against two primary threat vectors:"
|
||
msgstr ""
|
||
"Implementasi OpenStack's sVirt bercita-cita untuk melindungi host "
|
||
"hypervisor dan mesin virtual terhadap dua vektor ancaman utama:"
|
||
|
||
msgid "OpenStack-dev mailinglist"
|
||
msgstr "Daftar mailing OpenStack-dev"
|
||
|
||
msgid "OpenStack-discuss mailing list"
|
||
msgstr "OpenStack-discuss milis"
|
||
|
||
msgid ""
|
||
"OpenStack.org, OpenStack End User Guide section. 2016. `OpenStack command-"
|
||
"line clients overview <https://docs.openstack.org/user-guide/common/"
|
||
"cli_overview.html>`__"
|
||
msgstr ""
|
||
"OpenStack.org, OpenStack End User Guide section. 2016. `OpenStack command-"
|
||
"line clients overview <https://docs.openstack.org/user-guide/common/"
|
||
"cli_overview.html>`__"
|
||
|
||
msgid ""
|
||
"OpenStack.org, ReleaseNotes/Liberty. 2015. `OpenStack Liberty Release Notes "
|
||
"<https://wiki.openstack.org/wiki/ReleaseNotes/Liberty>`__"
|
||
msgstr ""
|
||
"OpenStack.org, ReleaseNotes/Liberty. 2015. `OpenStack Liberty Release Notes "
|
||
"<https://wiki.openstack.org/wiki/ReleaseNotes/Liberty>`__"
|
||
|
||
msgid ""
|
||
"OpenStack.org, Set environment variables using the OpenStack RC file. 2016. "
|
||
"`Download and source the OpenStack RC file <https://docs.openstack.org/user-"
|
||
"guide/common/cli_set_environment_variables_using_openstack_rc.html#download-"
|
||
"and-source-the-openstack-rc-file>`__"
|
||
msgstr ""
|
||
"OpenStack.org, Set environment variables using the OpenStack RC file. 2016. "
|
||
"`Download and source the OpenStack RC file <https://docs.openstack.org/user-"
|
||
"guide/common/cli_set_environment_variables_using_openstack_rc.html#download-"
|
||
"and-source-the-openstack-rc-file>`__"
|
||
|
||
msgid ""
|
||
"OpenStack.org, Welcome to Sahara!. 2016. `Sahara project documentation "
|
||
"<https://docs.openstack.org/sahara/latest/>`__"
|
||
msgstr ""
|
||
"OpenStack.org, Welcome to Sahara!. 2016. `Sahara project documentation "
|
||
"<https://docs.openstack.org/sahara/latest/>`__"
|
||
|
||
msgid ""
|
||
"OpenStack.org, Welcome to barbican's Developer Documentation!. 2014. "
|
||
"`Barbican developer documentation <https://docs.openstack.org/barbican/"
|
||
"latest/>`__"
|
||
msgstr ""
|
||
"OpenStack.org, Welcome to barbican's Developer Documentation!. 2014. "
|
||
"`Barbican developer documentation <https://docs.openstack.org/barbican/"
|
||
"latest/>`__"
|
||
|
||
msgid ""
|
||
"Operating system events on the OpenStack service machines such as user "
|
||
"logins or restarts also provide valuable insight into proper and improper "
|
||
"usage of systems."
|
||
msgstr ""
|
||
"Event sistem operasi pada mesin layanan OpenStack seperti login pengguna "
|
||
"atau restart juga memberikan wawasan berharga tentang penggunaan sistem yang "
|
||
"tepat dan tidak tepat."
|
||
|
||
msgid ""
|
||
"Operators protect sensitive information in cloud deployments by using "
|
||
"various applications of cryptography. For example, encrypting data at rest "
|
||
"or signing an image to prove that it has not been tampered with. In all "
|
||
"cases, these cryptographic capabilities require some sort of *key material* "
|
||
"in order to operate."
|
||
msgstr ""
|
||
"Operator melindungi informasi sensitif dalam penyebaran awan dengan "
|
||
"menggunakan berbagai aplikasi kriptografi. Misalnya, mengenkripsi data saat "
|
||
"istirahat atau menandatangani gambar untuk membuktikan bahwa foto itu tidak "
|
||
"dirusak. Dalam semua kasus, kemampuan kriptografi ini memerlukan semacam "
|
||
"*key material* agar bisa beroperasi."
|
||
|
||
msgid "Opportunities to encrypt data for users are present:"
|
||
msgstr "Kesempatan mengenkripsi data untuk pengguna sekarang:"
|
||
|
||
msgid "Option ROM code"
|
||
msgstr "Opsi kode ROM"
|
||
|
||
msgid "Option ROM configuration and data"
|
||
msgstr "Pilihan konfigurasi dan data ROM"
|
||
|
||
msgid ""
|
||
"Optionally, if using SASL with Qpid specify the SASL mechanisms in use by "
|
||
"adding:"
|
||
msgstr ""
|
||
"Opsional, jika menggunakan SASL dengan Qpid tentukan mekanisme SASL yang "
|
||
"digunakan dengan menambahkan:"
|
||
|
||
msgid ""
|
||
"Optionally, if you wish to restrict the set of SSL ciphers used for the "
|
||
"encrypted connection. See `ciphers <https://www.openssl.org/docs/manmaster/"
|
||
"man1/ciphers.html>`_ for a list of ciphers and the syntax for specifying the "
|
||
"cipher string:"
|
||
msgstr ""
|
||
"Opsional, jika Anda ingin membatasi sekumpulan ciphers SSL yang digunakan "
|
||
"untuk koneksi terenkripsi. Lihat `ciphers <https://www.openssl.org/docs/"
|
||
"manmaster/man1/ciphers.html>`_ untuk daftar ciphers dan sintaks untuk "
|
||
"menentukan string cipher:"
|
||
|
||
msgid "Orchestration"
|
||
msgstr "Orchestration"
|
||
|
||
msgid "Organization name"
|
||
msgstr "Nama Organisasi"
|
||
|
||
msgid ""
|
||
"Organizations may desire to implement external authentication for "
|
||
"compatibility with existing authentication services or to enforce stronger "
|
||
"authentication policy requirements. Although passwords are the most common "
|
||
"form of authentication, they can be compromised through numerous methods, "
|
||
"including keystroke logging and password compromise. External authentication "
|
||
"services can provide alternative forms of authentication that minimize the "
|
||
"risk from weak passwords."
|
||
msgstr ""
|
||
"Organisasi mungkin ingin menerapkan otentikasi eksternal untuk "
|
||
"kompatibilitas dengan layanan autentikasi yang ada atau untuk menerapkan "
|
||
"persyaratan kebijakan otentikasi yang lebih kuat. Meskipun password adalah "
|
||
"bentuk otentikasi yang paling umum, namun dapat dikompromikan melalui banyak "
|
||
"metode, termasuk logging keystroke dan kompromi kata sandi. Layanan "
|
||
"otentikasi eksternal dapat memberikan bentuk otentikasi alternatif yang "
|
||
"meminimalkan risiko dari lemahnya kata kunci."
|
||
|
||
msgid ""
|
||
"Other events that are actionable are networking bridges going down, ip "
|
||
"tables being flushed on compute nodes and consequential loss of access to "
|
||
"instances resulting in unhappy customers."
|
||
msgstr ""
|
||
"Event lain yang dapat ditindaklanjuti adalah jaringan jembatan yang mati, "
|
||
"tabel ip disiram (flushed) pada node perhitungan dan hilangnya akses "
|
||
"terhadap instance yang mengakibatkan pelanggan yang tidak bahagia."
|
||
|
||
msgid "Other notable items"
|
||
msgstr "Barang penting lainnya"
|
||
|
||
msgid ""
|
||
"Other solutions exist including KeyWhiz, Confidant, Conjur, EJSON, Knox and "
|
||
"Red October, however it is outside the scope of this document to cover every "
|
||
"Key Manager available."
|
||
msgstr ""
|
||
"Solusi lain ada termasuk KeyWhiz, Confidant, Conjur, EJSON, Knox dan Red "
|
||
"October, namun berada di luar cakupan dokumen ini untuk mencakup setiap Key "
|
||
"Manager yang ada."
|
||
|
||
msgid "Other supporting technology"
|
||
msgstr "Teknologi pendukung lainnya"
|
||
|
||
msgid "Others (KVM, and more):"
|
||
msgstr "Lainnya (KVM, dan lainnya):"
|
||
|
||
msgid ""
|
||
"Out of band management interfaces also often include graphical machine "
|
||
"console access. It is often possible, although not necessarily default, that "
|
||
"these interfaces are encrypted. Consult with your system software "
|
||
"documentation for encrypting these interfaces."
|
||
msgstr ""
|
||
"Antarmuka manajemen Out of band juga sering menyertakan akses konsol mesin "
|
||
"grafis. Hal ini sering mungkin, meski belum tentu default, bahwa interface "
|
||
"ini dienkripsi. Konsultasikan dengan dokumentasi perangkat lunak sistem Anda "
|
||
"untuk mengenkripsi antarmuka ini."
|
||
|
||
msgid "Out-of-band management interface"
|
||
msgstr "Antarmuka manajemen out-of-band"
|
||
|
||
msgid "Out-of-band management interfaces, such as IPMI"
|
||
msgstr "Antarmuka manajemen out-of-band, seperti IPMI"
|
||
|
||
msgid "Outbound attacks and reputational risk"
|
||
msgstr "Serangan outbound dan risiko reputasi"
|
||
|
||
msgid "Overlapping IP addresses"
|
||
msgstr "Alamat IP yang tumpang tindih"
|
||
|
||
msgid "Overview"
|
||
msgstr "Ikhtisar"
|
||
|
||
msgid "PCI-DSS"
|
||
msgstr "PCI-DSS"
|
||
|
||
msgid "PCI-SIG I/O virtualization"
|
||
msgstr "Virtualisasi PCI-SIG I/O"
|
||
|
||
msgid "PCR-00"
|
||
msgstr "PCR-00"
|
||
|
||
msgid "PCR-01"
|
||
msgstr "PCR-01"
|
||
|
||
msgid "PCR-02"
|
||
msgstr "PCR-02"
|
||
|
||
msgid "PCR-03"
|
||
msgstr "PCR-03"
|
||
|
||
msgid "PCR-04"
|
||
msgstr "PCR-04"
|
||
|
||
msgid "PCR-05"
|
||
msgstr "PCR-05"
|
||
|
||
msgid "PCR-06"
|
||
msgstr "PCR-06"
|
||
|
||
msgid "PCR-07"
|
||
msgstr "PCR-07"
|
||
|
||
msgid "PCR-08"
|
||
msgstr "PCR-08"
|
||
|
||
msgid "PCR-09"
|
||
msgstr "PCR-09"
|
||
|
||
msgid "PCR-10 to PCR-23"
|
||
msgstr "PCR-10 to PCR-23"
|
||
|
||
msgid "PKCS#11 crypto plugin"
|
||
msgstr "Plugin kripto PKCS # 11"
|
||
|
||
msgid "PKI and PKIZ tokens"
|
||
msgstr "Token PKI dan PKIZ"
|
||
|
||
msgid ""
|
||
"PKI and PKIZ tokens are deprecated and not supported in Ocata. They are "
|
||
"nearly identical and share the same payload. They are signed documents that "
|
||
"contain the authentication content, as well as the service catalog. "
|
||
"Depending on the size of the OpenStack deployment, PKI tokens can be very "
|
||
"long. PKI and PKIZ tokens typically exceed 1600 bytes length. The length of "
|
||
"a PKI or PKIZ token is dependent on the size of the deployment. Bigger "
|
||
"service catalogs will result in longer token lengths. The Identity service "
|
||
"uses public and private key pairs and certificates in order to create and "
|
||
"validate these tokens. The difference between the two is PKIZ tokens are "
|
||
"compressed to help mitigate the size issues of PKI."
|
||
msgstr ""
|
||
"Token PKI dan PKIZ sudah tidak berlaku lagi dan tidak didukung di Ocata. "
|
||
"Mereka hampir identik dan berbagi muatan yang sama. Mereka menandatangani "
|
||
"dokumen yang berisi konten otentikasi, serta katalog layanan. Bergantung "
|
||
"pada ukuran penyebaran OpenStack, token PKI bisa sangat panjang. Token PKI "
|
||
"dan PKIZ biasanya melebihi 1600 byte. Panjang token PKI atau PKIZ tergantung "
|
||
"pada ukuran penyebarannya. Katalog layanan yang lebih besar akan "
|
||
"menghasilkan panjang token yang lebih panjang. Layanan Identity menggunakan "
|
||
"pasangan kunci publik dan private dan sertifikat untuk membuat dan "
|
||
"memvalidasi token ini. Perbedaan antara keduanya adalah token PKIZ dikompres "
|
||
"untuk membantu mengurangi masalah ukuran PKI."
|
||
|
||
msgid ""
|
||
"PKI builds the framework on which to provide encryption algorithms, cipher "
|
||
"modes, and protocols for securing data and authentication. We strongly "
|
||
"recommend securing all services with Public Key Infrastructure (PKI), "
|
||
"including the use of TLS for API endpoints. It is impossible for the "
|
||
"encryption or signing of transports or messages alone to solve all these "
|
||
"problems. Hosts themselves must be secure and implement policy, namespaces, "
|
||
"and other controls to protect their private credentials and keys. However, "
|
||
"the challenges of key management and protection do not reduce the necessity "
|
||
"of these controls, or lessen their importance."
|
||
msgstr ""
|
||
"PKI membangun kerangka kerja untuk menyediakan algoritma enkripsi, mode "
|
||
"cipher, dan protokol untuk mengamankan data dan otentikasi. Kami sangat "
|
||
"menyarankan untuk mengamankan semua layanan dengan Public Key Infrastructure "
|
||
"(PKI), termasuk penggunaan TLS untuk API endpoint. Tidak mungkin untuk "
|
||
"enkripsi atau penandatanganan transport atau pesan saja untuk menyelesaikan "
|
||
"semua masalah ini. Host sendiri harus aman dan menerapkan kebijakan, ruang "
|
||
"nama, dan kontrol lainnya untuk melindungi kredensial dan kunci pribadi "
|
||
"mereka. Namun, tantangan pengelolaan dan perlindungan utama tidak mengurangi "
|
||
"perlunya pengendalian ini, atau mengurangi kepentingan mereka."
|
||
|
||
msgid "PRIVATE(data network)"
|
||
msgstr "PRIVATE(data network)"
|
||
|
||
msgid "PUBLIC"
|
||
msgstr "PUBLIC"
|
||
|
||
msgid ""
|
||
"Password management applications such as `KeePassX <http://www.keepassx."
|
||
"org>`_ and `Password Safe <http://www.pwsafe.org>`_ can be useful as most "
|
||
"support the generation of strong passwords and periodic reminders to "
|
||
"generate new passwords. Most importantly, the password store remains "
|
||
"unlocked only briefly, which reduces the risk of password exposure and "
|
||
"unauthorized resource access through browser or system compromise."
|
||
msgstr ""
|
||
"Aplikasi manajemen password seperti `KeePassX <http://www.keepassx.org>` _ "
|
||
"dan `Password Safe <http://www.pwsafe.org>` _ dapat berguna karena sebagian "
|
||
"besar mendukung pembuatan kata kunci yang kuat dan berkala. Pengingat untuk "
|
||
"menghasilkan password baru. Yang terpenting, penyimpanan kata sandi tetap "
|
||
"tidak terkunci hanya sebentar, yang mengurangi risiko pembongkaran kata "
|
||
"sandi dan akses sumber yang tidak sah melalui browser atau membahayakan "
|
||
"(compromise) sistem."
|
||
|
||
msgid ""
|
||
"Password management should be an integral part of your cloud administration "
|
||
"plan. A definitive tutorial about passwords is beyond the scope of this "
|
||
"book; however, cloud administrators should refer to the best practices "
|
||
"recommended in Chapter 4 of NIST Special Publication `Guide to Enterprise "
|
||
"Password Management <http://csrc.nist.gov/publications/drafts/800-118/draft-"
|
||
"sp800-118.pdf>`_."
|
||
msgstr ""
|
||
"Manajemen kata sandi harus menjadi bagian integral dari rencana administrasi "
|
||
"awan Anda. Tutorial definitif tentang kata sandi berada di luar cakupan buku "
|
||
"ini; Namun, administrator awan harus mengacu pada praktik terbaik yang "
|
||
"direkomendasikan di Chapter 4 of NIST Special Publication `Guide to "
|
||
"Enterprise Password Management <http://csrc.nist.gov/publications/"
|
||
"drafts/800-118/draft-sp800-118.pdf > `_."
|
||
|
||
msgid "Password policy enforcement"
|
||
msgstr "Penegakan kebijakan password"
|
||
|
||
msgid "Passwords"
|
||
msgstr "Password (kata sandi)"
|
||
|
||
msgid "Passwords in Config Files"
|
||
msgstr "Password di File Config"
|
||
|
||
msgid "Paste and middleware"
|
||
msgstr "Tempel dan middleware"
|
||
|
||
msgid ""
|
||
"Per-instance or per-object encryption is preferable over, in descending "
|
||
"order, per-project, per-tenant, per-host, and per-cloud aggregations. This "
|
||
"recommendation is inverse to the complexity and difficulty of "
|
||
"implementation. Presently, in some projects it is difficult or impossible to "
|
||
"implement encryption as loosely granular as even per-tenant. We recommend "
|
||
"implementors make a best-effort in encrypting tenant data."
|
||
msgstr ""
|
||
"Enkripsi per-instance atau per-object lebih disukai, dalam urutan menurun, "
|
||
"agregat per-project, per-tenant, per-host, dan per-cloud. Rekomendasi ini "
|
||
"bertentangan dengan kompleksitas dan kesulitan pelaksanaannya. Saat ini, "
|
||
"dalam beberapa proyek sulit atau tidak mungkin menerapkan enkripsi seperti "
|
||
"granulasi longgar bahkan per-tenant. Sebaiknya pelaksana melakukan upaya "
|
||
"terbaik dalam mengenkripsi data penyewa."
|
||
|
||
msgid "Perfect forward secrecy"
|
||
msgstr "Kerahasiaan maju yang sempurna"
|
||
|
||
msgid "Performing Federation authentication"
|
||
msgstr "Melakukan otentikasi Federation"
|
||
|
||
msgid ""
|
||
"Periodic access and log reviews are required to ensure authentication, "
|
||
"authorization, and accountability in a service deployment. Specific guidance "
|
||
"for OpenStack on these topics are discussed in-depth in :ref:`monitoring-and-"
|
||
"logging`."
|
||
msgstr ""
|
||
"Akses berkala dan tinjauan log diperlukan untuk memastikan otentikasi, "
|
||
"otorisasi, dan akuntabilitas dalam penyebaran layanan. Petunjuk khusus untuk "
|
||
"OpenStack mengenai topik ini dibahas secara mendalam di :ref:`monitoring-and-"
|
||
"logging`."
|
||
|
||
msgid ""
|
||
"Permissions for API calls for different users and their roles are determined "
|
||
"by :ref:`policies <shared_fs_policies>` like in other OpenStack services."
|
||
msgstr ""
|
||
"Izin untuk panggilan API untuk pengguna yang berbeda dan peran mereka "
|
||
"ditentukan oleh :ref:`policies <shared_fs_policies>` seperti di layanan "
|
||
"OpenStack lainnya."
|
||
|
||
msgid "Phases of an audit"
|
||
msgstr "Tahapan audit"
|
||
|
||
msgid "Physical hardware (PCI passthrough)"
|
||
msgstr "Perangkat keras fisik (passthrough PCI)"
|
||
|
||
msgid ""
|
||
"Places values on the stack and verifies their presence to help prevent "
|
||
"buffer overflow attacks."
|
||
msgstr ""
|
||
"Tempatkan nilai pada stack dan verifikasi keberadaan mereka untuk membantu "
|
||
"mencegah serangan buffer overflow."
|
||
|
||
msgid "Platform specific"
|
||
msgstr "Platform specific"
|
||
|
||
msgid "Platform specific, often Initramfs"
|
||
msgstr "Platform specific, often Initramfs"
|
||
|
||
msgid "Platform specific, often kernel, kernel extensions, and drivers"
|
||
msgstr "Platform specific, often kernel, kernel extensions, dan drivers"
|
||
|
||
msgid ""
|
||
"Plug-ins other than Open vSwitch may also include similar mitigation "
|
||
"measures; it is recommended you enable this feature, where appropriate."
|
||
msgstr ""
|
||
"Plug-in selain Open vSwitch mungkin juga mencakup langkah-langkah mitigasi "
|
||
"yang serupa; Sebaiknya aktifkan fitur ini, bila sesuai."
|
||
|
||
msgid "Policies"
|
||
msgstr "Kebijakan"
|
||
|
||
msgid "Policy changes"
|
||
msgstr "Perubahan kebijakan"
|
||
|
||
msgid "Port"
|
||
msgstr "Port"
|
||
|
||
msgid ""
|
||
"Port mirroring service involves sending a copy of packets entering or "
|
||
"leaving one port to another port, which is usually different from the "
|
||
"original destinations of the packets being mirrored. Tap-as-a-Service (TaaS) "
|
||
"is an extension to the OpenStack networking service (neutron). It provides "
|
||
"remote port mirroring capability for tenant virtual networks. This service "
|
||
"has been primarily designed to help tenants (or the cloud administrator) "
|
||
"debug complex virtual networks and gain visibility into their VMs, by "
|
||
"monitoring the network traffic associated with them. TaaS honors tenant "
|
||
"boundaries and its mirror sessions are capable of spanning across multiple "
|
||
"compute and network nodes. It serves as an essential infrastructure "
|
||
"component that can be utilized for supplying data to a variety of network "
|
||
"analytics and security applications."
|
||
msgstr ""
|
||
"Layanan mirroring port melibatkan pengiriman salinan paket yang masuk atau "
|
||
"meninggalkan satu port ke port lain, yang biasanya berbeda dari tujuan asli "
|
||
"dari paket yang dicerminkan. Tap-as-a-Service (TaaS) merupakan perpanjangan "
|
||
"layanan jaringan OpenStack (neutron). Ini menyediakan kemampuan mirroring "
|
||
"port jarak jauh untuk jaringan virtual penyewa. Layanan ini dirancang "
|
||
"terutama untuk membantu administrator jaringan penyewa (atau administrator "
|
||
"awan) debug kompleks dan mendapatkan visibilitas ke VM mereka, dengan "
|
||
"memantau lalu lintas jaringan yang terkait dengannya. TaaS menghormati batas "
|
||
"penyewa dan sesi cerminnya mampu mencakup beberapa node komputasi dan "
|
||
"jaringan. Ini berfungsi sebagai komponen infrastruktur penting yang dapat "
|
||
"digunakan untuk memasok data ke berbagai analisis jaringan dan aplikasi "
|
||
"keamanan."
|
||
|
||
msgid "Ports"
|
||
msgstr "Ports"
|
||
|
||
msgid "Position Independent Executable (PIE)"
|
||
msgstr "Position Independent Executable (PIE)"
|
||
|
||
msgid "PostgreSQL SSL configuration"
|
||
msgstr "Konfigurasi SSL PostgreSQL"
|
||
|
||
msgid ""
|
||
"PostgreSQL has a number of desirable security features such as Kerberos "
|
||
"authentication, object-level security, and encryption support. The "
|
||
"PostgreSQL community has done well to provide solid guidance, documentation, "
|
||
"and tooling to promote positive security practices."
|
||
msgstr ""
|
||
"PostgreSQL memiliki sejumlah fitur keamanan yang diinginkan seperti "
|
||
"otentikasi Kerberos, keamanan object-leve, dan dukungan enkripsi. Komunitas "
|
||
"PostgreSQL telah berhasil menyediakan panduan, dokumentasi, dan perkakas "
|
||
"yang solid untuk mempromosikan praktik keamanan yang positif."
|
||
|
||
msgid "PostgreSQL:"
|
||
msgstr "PostgreSQL:"
|
||
|
||
msgid "Pound"
|
||
msgstr "Pound"
|
||
|
||
msgid ""
|
||
"Pre-Kilo releases will require a TLS proxy as the controller does not allow "
|
||
"direct TLS connections. Configuring TLS proxies is covered in :doc:`../"
|
||
"secure-communication/tls-proxies-and-http-services`, and we recommend "
|
||
"following the advice there to create this type of installation."
|
||
msgstr ""
|
||
"Rilis Pre-Kilo akan memerlukan proxy TLS karena pengontrol tidak mengizinkan "
|
||
"koneksi TLS langsung. Mengkonfigurasi proxy TLS tercakup dalam :doc:`../"
|
||
"secure-communication/tls-proxies-and-http-services`, dan sebaiknya ikuti "
|
||
"saran di sana untuk membuat jenis instalasi ini."
|
||
|
||
msgid "Prepare for external audit"
|
||
msgstr "Siapkan audit eksternal"
|
||
|
||
msgid ""
|
||
"Prevention is possible by using an external authentication system that "
|
||
"blocks out an account after some configured number of failed login attempts. "
|
||
"The account then may only be unlocked with further side-channel intervention."
|
||
msgstr ""
|
||
"Pencegahan dimungkinkan dengan menggunakan sistem otentikasi eksternal yang "
|
||
"memblokir akun setelah beberapa percobaan gagal masuk gagal. Akun itu "
|
||
"mungkin hanya dibuka dengan intervensi side-channel lebih lanjut."
|
||
|
||
msgid "Primary users and use-cases"
|
||
msgstr "Pengguna utama dan use-cases"
|
||
|
||
msgid ""
|
||
"Prior to configuring roles, groups, and users, document your required access "
|
||
"control policies for the OpenStack installation. The policies should be "
|
||
"consistent with any regulatory or legal requirements for the organization. "
|
||
"Future modifications to the access control configuration should be done "
|
||
"consistently with the formal policies. The policies should include the "
|
||
"conditions and processes for creating, deleting, disabling, and enabling "
|
||
"accounts, and for assigning privileges to the accounts. Periodically review "
|
||
"the policies and ensure that the configuration is in compliance with "
|
||
"approved policies."
|
||
msgstr ""
|
||
"Sebelum mengkonfigurasi peran, kelompok, dan pengguna, dokumentasikan "
|
||
"kebijakan kontrol akses yang diperlukan untuk instalasi OpenStack. Kebijakan "
|
||
"harus konsisten dengan peraturan atau persyaratan hukum untuk organisasi. "
|
||
"Modifikasi kontrol konfigurasi akses harus dilakukan secara konsisten dengan "
|
||
"kebijakan formal. Kebijakan harus mencakup kondisi dan proses untuk membuat, "
|
||
"menghapus, melumpuhkan (disabling), dan mengaktifkan akun, dan menetapkan "
|
||
"hak istimewa ke akun. Tinjau ulang kebijakan secara berkala dan pastikan "
|
||
"konfigurasi tersebut sesuai dengan kebijakan yang disetujui."
|
||
|
||
msgid "Privacy"
|
||
msgstr "Privasi"
|
||
|
||
msgid ""
|
||
"Privacy concerns for public and private cloud users are typically "
|
||
"diametrically opposed. The data generated and stored in private clouds is "
|
||
"normally owned by the operator of the cloud, who is able to deploy "
|
||
"technologies such as :term:`data loss prevention (DLP) <Data loss prevention "
|
||
"(DLP) software>` protection, file inspection, deep packet inspection and "
|
||
"prescriptive firewalling. In contrast, privacy is one of the primary "
|
||
"barriers for the adoption of public cloud infrastructures, as many of the "
|
||
"previously mentioned controls do not exist."
|
||
msgstr ""
|
||
"Masalah privasi untuk pengguna awan publik dan private biasanya bertentangan "
|
||
"secara diametris. Data yang dihasilkan dan disimpan di awan private biasanya "
|
||
"dimiliki oleh operator awan, yang mampu menerapkan teknologi seperti "
|
||
"proteksi:term:`data loss prevention (DLP) <Data loss prevention (DLP) "
|
||
"software>`, pemeriksaan berkas , inspeksi paket yang dalam dan firewall "
|
||
"preskriptif. Sebaliknya, privasi adalah salah satu penghalang utama untuk "
|
||
"adopsi infrastruktur awan publik, karena banyak kontrol yang telah "
|
||
"disebutkan sebelumnya tidak ada."
|
||
|
||
msgid ""
|
||
"Privacy is an increasingly important element of a compliance program. "
|
||
"Businesses are being held to a higher standard by their customers, who have "
|
||
"increased interest in understanding how their data is treated from a privacy "
|
||
"perspective."
|
||
msgstr ""
|
||
"Privasi adalah elemen yang semakin penting dari program kepatuhan. Bisnis "
|
||
"dipegang dengan standar yang lebih tinggi oleh pelanggan mereka, yang telah "
|
||
"meningkatkan minat untuk memahami bagaimana data mereka diperlakukan dari "
|
||
"perspektif privasi."
|
||
|
||
msgid "Private cloud"
|
||
msgstr "Awan pribadi"
|
||
|
||
msgid ""
|
||
"Private clouds are typically deployed by enterprises or institutions inside "
|
||
"their networks and behind their firewalls. Enterprises will have strict "
|
||
"policies on what data is allowed to exit their network and may even have "
|
||
"different clouds for specific purposes. Users of a private cloud are "
|
||
"typically employees of the organization that owns the cloud and are able to "
|
||
"be held accountable for their actions. Employees often attend training "
|
||
"sessions before accessing the cloud and will likely take part in regularly "
|
||
"scheduled security awareness training. Public clouds by contrast cannot make "
|
||
"any assertions about their users, cloud use-cases or user motivations. This "
|
||
"immediately pushes the guest security domain into a completely *untrusted* "
|
||
"state for public cloud providers."
|
||
msgstr ""
|
||
"Awan private biasanya digunakan oleh perusahaan atau institusi di dalam "
|
||
"jaringan mereka dan di balik firewall mereka. Perusahaan akan memiliki "
|
||
"kebijakan yang tegas mengenai data yang diizinkan keluar dari jaringan "
|
||
"mereka dan mungkin juga memiliki awan yang berbeda untuk tujuan tertentu. "
|
||
"Pengguna awan private biasanya adalah karyawan organisasi yang memiliki awan "
|
||
"dan dapat dimintai pertanggungjawaban atas tindakan mereka. Karyawan sering "
|
||
"menghadiri sesi pelatihan sebelum mengakses awan dan kemungkinan akan "
|
||
"mengikuti pelatihan kesadaran keamanan terjadwal secara reguler. Sebaliknya "
|
||
"awan publik tidak dapat membuat pernyataan tentang pengguna mereka, kasus "
|
||
"penggunaan awan atau motivasi pengguna. Ini segera mendorong domain keamanan "
|
||
"tamu (guest security domain) ke status *untrusted * sepenuhnya untuk "
|
||
"penyedia awan publik."
|
||
|
||
msgid ""
|
||
"Privilege Escalation describes the ability of a user to act with the "
|
||
"privileges of some other user in a system, bypassing appropriate "
|
||
"authorization checks. A guest user performing an operation that allows them "
|
||
"to conduct unauthorized operations with the privileges of an administrator "
|
||
"is an example of this type of vulnerability."
|
||
msgstr ""
|
||
"Privilege Escalation menggambarkan kemampuan pengguna untuk bertindak dengan "
|
||
"hak istimewa beberapa pengguna lain dalam sebuah sistem, melewati "
|
||
"pemeriksaan otorisasi yang tepat. Pengguna tamu yang melakukan operasi yang "
|
||
"memungkinkan mereka melakukan operasi yang tidak sah dengan hak istimewa "
|
||
"administrator adalah contoh jenis kerentanan ini."
|
||
|
||
msgid "Privilege elevation (1 level)"
|
||
msgstr "Privilege elevation (1 tingkat)"
|
||
|
||
msgid "Privilege elevation (2 levels)"
|
||
msgstr "Privilege elevation (2 tingkat)"
|
||
|
||
msgid "Privilege elevation (3 levels)"
|
||
msgstr "Privilege elevation (3 tingkat)"
|
||
|
||
msgid ""
|
||
"Privilege separation (OpenStack service processes should not have direct "
|
||
"access to private keys used for SSL/TLS)."
|
||
msgstr ""
|
||
"Pemisahan hak istimewa (proses layanan OpenStack seharusnya tidak memiliki "
|
||
"akses langsung ke kunci privat yang digunakan untuk SSL/TLS)."
|
||
|
||
msgid "Privileges"
|
||
msgstr "Hak istimewa"
|
||
|
||
msgid ""
|
||
"Produces a position independent executable, which is necessary for ASLR."
|
||
msgstr ""
|
||
"Menghasilkan posisi independent executable, yang diperlukan untuk ASLR."
|
||
|
||
msgid "Product or project maturity"
|
||
msgstr "Kematangan produk atau proyek"
|
||
|
||
msgid "Project description and purpose"
|
||
msgstr "Uraian dan tujuan proyek"
|
||
|
||
msgid "Project network services workflow"
|
||
msgstr "Alur kerja layanan jaringan proyek"
|
||
|
||
msgid "Promote privacy"
|
||
msgstr "Promosikan privasi"
|
||
|
||
msgid "Protected data transfer"
|
||
msgstr "Transfer data terlindungi"
|
||
|
||
msgid "Protected data transfer, protection for data at rest"
|
||
msgstr "Transfer data terlindungi, perlindungan data saat istirahat"
|
||
|
||
msgid "Protection for data at rest, identification and authentication"
|
||
msgstr "Perlindungan untuk data saat istirahat, identifikasi dan otentikasi"
|
||
|
||
msgid "Protection of data at rest"
|
||
msgstr "Perlindungan data saat istirahat"
|
||
|
||
msgid "Protection of data at rest, protected data transfer"
|
||
msgstr "Perlindungan data saat istirahat, transfer data yang terlindungi"
|
||
|
||
msgid "Protocol"
|
||
msgstr "Protocol"
|
||
|
||
msgid "Protocols"
|
||
msgstr "Protocols"
|
||
|
||
msgid ""
|
||
"Protocols are enabled/disabled through SSL_CTX_set_options. We recommend "
|
||
"disabling SSLv2/v3 and enabling TLS."
|
||
msgstr ""
|
||
"Protokol diaktifkan/dinonaktifkan melalui SSL_CTX_set_options. Sebaiknya "
|
||
"nonaktifkan SSLv2/v3 dan aktifkan TLS."
|
||
|
||
msgid "Provide guidance to secure your OpenStack deployment"
|
||
msgstr "Berikan panduan untuk mengamankan penyebaran OpenStack Anda"
|
||
|
||
msgid "Provide storage capacity or virtual machines for your cloud."
|
||
msgstr "Menyediakan kapasitas penyimpanan atau mesin virtual untuk awan Anda."
|
||
|
||
msgid ""
|
||
"Provides DHCP services to tenant networks. This agent is the same across all "
|
||
"plug-ins and is responsible for maintaining DHCP configuration. The *neutron-"
|
||
"dhcp-agent* requires message queue access. *Optional depending on plug-in.*"
|
||
msgstr ""
|
||
"Menyediakan layanan DHCP ke jaringan penyewa. Agen ini sama di semua plug-in "
|
||
"dan bertanggung jawab untuk menjaga konfigurasi DHCP. The *neutron-dhcp-"
|
||
"agent* memerlukan akses antrian pesan. *Optional depending on plug-in.*"
|
||
|
||
msgid ""
|
||
"Provides L3/NAT forwarding for external network access of VMs on tenant "
|
||
"networks. Requires message queue access. *Optional depending on plug-in.*"
|
||
msgstr ""
|
||
"Menyediakan forwarding L3/NAT untuk akses jaringan eksternal VM pada "
|
||
"jaringan penyewa. Memerlukan akses antrian pesan. *Optional depending on "
|
||
"plug-in.*"
|
||
|
||
msgid ""
|
||
"Provides additional networking services to tenant networks. These SDN "
|
||
"services may interact with *neutron-server*, *neutron-plugin*, and plugin-"
|
||
"agents through communication channels such as REST APIs."
|
||
msgstr ""
|
||
"Menyediakan layanan jaringan tambahan untuk jaringan penyewa. Layanan SDN "
|
||
"ini dapat berinteraksi dengan *neutron-server*, *neutron-plugin*, dan plugin-"
|
||
"agents melalui saluran komunikasi seperti REST API."
|
||
|
||
msgid ""
|
||
"Provisioning new identities often incurs some security risk. It is difficult "
|
||
"to secure credential storage and to deploy it with proper policies. A common "
|
||
"identity store is useful as it can be set up properly once and used in "
|
||
"multiple places. With Federated Identity, there is no longer a need to "
|
||
"provision user entries in Identity service, since the user entries already "
|
||
"exist in the IdP's databases."
|
||
msgstr ""
|
||
"Penyediaan identitas baru sering menimbulkan beberapa risiko keamanan. Sulit "
|
||
"untuk mengamankan penyimpanan kredensial dan menerapkannya dengan kebijakan "
|
||
"yang tepat. Identity store umum berguna karena dapat disiapkan dengan benar "
|
||
"sekali dan digunakan di banyak tempat. Dengan Federasi Identity, tidak ada "
|
||
"lagi kebutuhan untuk menyediakan entri pengguna di layanan Identity, karena "
|
||
"entri pengguna sudah ada di database IdP."
|
||
|
||
msgid "Proxy domains"
|
||
msgstr "Domain proxy"
|
||
|
||
msgid "Proxy services"
|
||
msgstr "Layanan Proxy"
|
||
|
||
msgid "Public"
|
||
msgstr "Publik"
|
||
|
||
msgid ""
|
||
"Public Key Infrastructure (PKI) is the framework for securing communication "
|
||
"in a network. It consists of a set of systems and processes to ensure "
|
||
"traffic can be sent securely while validating the identity of the parties. "
|
||
"The PKI profile described here is the Internet Engineering Task Force (:term:"
|
||
"`IETF`) Public Key Infrastructure (PKIX) profile developed by the PKIX "
|
||
"working group. The core components of PKI are:"
|
||
msgstr ""
|
||
"Public Key Infrastructure (PKI) adalah kerangka kerja untuk mengamankan "
|
||
"komunikasi dalam jaringan. Ini terdiri dari seperangkat sistem dan proses "
|
||
"untuk memastikan lalu lintas dapat dikirim dengan aman sambil memvalidasi "
|
||
"identitas para pihak. Profil PKI yang dijelaskan di sini adalah Internet "
|
||
"Engineering Task Force (:term:`IETF`) profil Public Key Infrastructure "
|
||
"(PKIX) yang dikembangkan oleh kelompok kerja PKIX. Komponen inti PKI adalah:"
|
||
|
||
msgid "Public and private cloud considerations"
|
||
msgstr "Pertimbangan awan publik dan private"
|
||
|
||
msgid ""
|
||
"Public and private cloud providers that do not have stringent controls on "
|
||
"instance use or allow unrestricted internet access to VMs should consider "
|
||
"this domain to be *untrusted*. Private cloud providers may want to consider "
|
||
"this network as internal and *trusted* only if the proper controls are "
|
||
"implemented to assert that the instances and all associated tenants are to "
|
||
"be trusted."
|
||
msgstr ""
|
||
"Penyedia awan publik dan private yang tidak memiliki kontrol ketat saat "
|
||
"menggunakan atau mengizinkan akses internet yang tidak terbatas ke VMs harus "
|
||
"menganggap domain ini sebagai *untrusted*. Penyedia awan private mungkin "
|
||
"ingin menganggap jaringan ini sebagai internal dan *trusted* hanya jika "
|
||
"kontrol yang tepat diterapkan untuk memastikan bahwa instance dan semua "
|
||
"penyewa yang terkait harus dipercaya."
|
||
|
||
msgid "Public cloud"
|
||
msgstr "Awan publik"
|
||
|
||
msgid "Public keys for Compute access"
|
||
msgstr "Public key untuk akses Compute"
|
||
|
||
msgid "Puppet"
|
||
msgstr "Puppet"
|
||
|
||
msgid "Purpose"
|
||
msgstr "Purpose"
|
||
|
||
msgid "Qpid"
|
||
msgstr "Qpid"
|
||
|
||
msgid "Qpid server SSL configuration"
|
||
msgstr "Konfigurasi SSL server Qpid"
|
||
|
||
msgid "Quality of Service (QoS)"
|
||
msgstr "Quality of Service (QoS)"
|
||
|
||
msgid "Queue authentication and access control"
|
||
msgstr "Antrian otentikasi dan kontrol akses"
|
||
|
||
msgid ""
|
||
"Queue servers should only accept connections from the management network. "
|
||
"This applies to all implementations. This should be implemented through "
|
||
"configuration of services and optionally enforced through global network "
|
||
"policy."
|
||
msgstr ""
|
||
"Server antrian seharusnya hanya menerima koneksi dari jaringan manajemen. "
|
||
"Ini berlaku untuk semua implementasi. Ini harus dilaksanakan melalui "
|
||
"konfigurasi layanan dan secara opsional ditegakkan melalui kebijakan "
|
||
"jaringan global."
|
||
|
||
msgid "Quotas"
|
||
msgstr "Kuota-kuota"
|
||
|
||
msgid ""
|
||
"Quotas provide the ability to limit the number of network resources "
|
||
"available to projects. You can enforce default quotas for all projects. The "
|
||
"``/etc/neutron/neutron.conf`` includes these options for quota:"
|
||
msgstr ""
|
||
"Kuota memberikan kemampuan untuk membatasi jumlah sumber daya jaringan yang "
|
||
"tersedia untuk proyek. Anda dapat menerapkan kuota default untuk semua "
|
||
"proyek. The ``/etc/neutron/neutron.conf`` menyertakan opsi ini untuk kuota:"
|
||
|
||
msgid "RELocation Read-Only (RELRO)"
|
||
msgstr "RELocation Read-Only (RELRO)"
|
||
|
||
msgid "RPM packages:"
|
||
msgstr "Paket RPM:"
|
||
|
||
msgid "RSA"
|
||
msgstr "RSA"
|
||
|
||
msgid "RabbitMQ"
|
||
msgstr "RabbitMQ"
|
||
|
||
msgid ""
|
||
"RabbitMQ and Qpid offer authentication and access control mechanisms for "
|
||
"controlling access to queues. ZeroMQ offers no such mechanisms."
|
||
msgstr ""
|
||
"RabbitMQ dan Qpid menawarkan otentikasi dan mekanisme kontrol akses untuk "
|
||
"mengendalikan akses ke antrian. ZeroMQ tidak menawarkan mekanisme semacam "
|
||
"itu."
|
||
|
||
msgid "RabbitMQ server SSL configuration"
|
||
msgstr "Konfigurasi SSL server RabbitMQ"
|
||
|
||
msgid ""
|
||
"Rate Limiting is a means to control the frequency of events received by a "
|
||
"network based application. When robust rate limiting is not present, it can "
|
||
"result in an application being susceptible to various denial of service "
|
||
"attacks. This is especially true for APIs, which by their nature are "
|
||
"designed to accept a high frequency of similar request types and operations."
|
||
msgstr ""
|
||
"Rate Limiting adalah sarana untuk mengontrol frekuensi kejadian yang "
|
||
"diterima oleh aplikasi berbasis jaringan. Bila pembatas laju yang kuat tidak "
|
||
"ada, hal itu dapat mengakibatkan aplikasi menjadi rentan terhadap berbagai "
|
||
"penolakan serangan layanan. Hal ini terutama berlaku untuk API, yang menurut "
|
||
"sifatnya dirancang untuk menerima frekuensi permintaan dan jenis permintaan "
|
||
"yang sama."
|
||
|
||
msgid "Read-only file system"
|
||
msgstr "Sistem file read-only"
|
||
|
||
msgid ""
|
||
"Recommendations given in this guide cannot effectively guard against known "
|
||
"attacks if you deploy the dashboard in a domain that also hosts user-"
|
||
"generated content, even when this content resides on a separate sub-domain. "
|
||
"User-generated content can consist of scripts, images, or uploads of any "
|
||
"type. Most major web presences, including googleusercontent.com, fbcdn.com, "
|
||
"github.io, and twimg.co, use this approach to segregate user-generated "
|
||
"content from cookies and security tokens."
|
||
msgstr ""
|
||
"Rekomendasi yang diberikan dalam panduan ini tidak dapat secara efektif "
|
||
"mencegah serangan yang diketahui jika Anda memasang dasbor di domain yang "
|
||
"juga menghosting konten buatan pengguna, meskipun konten ini berada pada sub-"
|
||
"domain terpisah. Konten buatan pengguna dapat terdiri dari skrip, gambar, "
|
||
"atau upload jenis apa pun. Sebagian besar kehadiran web utama, termasuk "
|
||
"googleusercontent.com, fbcdn.com, github.io, dan twimg.co, gunakan "
|
||
"pendekatan ini untuk memisahkan konten buatan pengguna dari cookie dan token "
|
||
"keamanan."
|
||
|
||
msgid "Recommended in: :doc:`../compute`."
|
||
msgstr "Direkomendasikan di: :doc:`../compute`."
|
||
|
||
msgid "Recommended in: :doc:`../secure-communication`."
|
||
msgstr "Direkomendasikan di: :doc:`../secure-communication`."
|
||
|
||
msgid "Recommended in: :doc:`cookies`."
|
||
msgstr "Direkomendasikan di: :doc:`cookies`."
|
||
|
||
msgid "Recommended in: :doc:`https-hsts-xss-ssrf`."
|
||
msgstr "Direkomendasikan di: :doc:`https-hsts-xss-ssrf`."
|
||
|
||
msgid "Recommended in: :doc:`tokens`."
|
||
msgstr "Direkomendasikan di: :doc:`tokens`."
|
||
|
||
msgid "Recommended in: :ref:`internally-implemented-authentication-methods`."
|
||
msgstr ""
|
||
"Direkomendasikan di: :ref:`internally-implemented-authentication-methods`."
|
||
|
||
msgid ""
|
||
"Red Hat Enterprise Linux-based KVM deployments utilize the following sVirt "
|
||
"booleans:"
|
||
msgstr ""
|
||
"Pengerahan KVM berbasis Linux Red Hat Enterprise memanfaatkan boolean sVirt "
|
||
"berikut:"
|
||
|
||
msgid ""
|
||
"Redhat.com/solutions, Using SSL Encryption with OpenStack nova-novacproxy. "
|
||
"2014. `OpenStack nova-novncproxy SSL encryption <https://access.redhat.com/"
|
||
"solutions/514143>`_"
|
||
msgstr ""
|
||
"Redhat.com/solutions, Using SSL Encryption with OpenStack nova-novacproxy. "
|
||
"2014. `OpenStack nova-novncproxy SSL encryption <https://access.redhat.com/"
|
||
"solutions/514143>`_"
|
||
|
||
msgid "Register"
|
||
msgstr "Register"
|
||
|
||
msgid "Registration Authority (RA)"
|
||
msgstr "Registration Authority (RA)"
|
||
|
||
msgid "Related Openstack Projects"
|
||
msgstr "Proyek Openstack Terkait"
|
||
|
||
msgid "Relying party"
|
||
msgstr "Relying party"
|
||
|
||
msgid "Remove packages and stop services"
|
||
msgstr "Hapus paket dan stop service"
|
||
|
||
msgid ""
|
||
"Removes a blocker to cloud brokering and multi-cloud workload management. "
|
||
"There is no need to build additional authentication mechanisms to "
|
||
"authenticate users, since the IdPs take care of authenticating their own "
|
||
"users using whichever technologies they deem to be appropriate. In most "
|
||
"organizations, multiple authentication technologies are already in use."
|
||
msgstr ""
|
||
"Menghapus blocker ke cloud brokering dan multi-cloud workload management. "
|
||
"Tidak perlu membuat mekanisme otentikasi tambahan untuk mengotentikasi "
|
||
"pengguna, karena IdPs menangani otentikasi pengguna mereka sendiri dengan "
|
||
"menggunakan teknologi mana pun yang mereka anggap sesuai. Di kebanyakan "
|
||
"organisasi, beberapa teknologi otentikasi sudah digunakan."
|
||
|
||
msgid "Replace RABBIT\\_PASS with a suitable password."
|
||
msgstr "Ganti RABBIT \\ _PASS dengan password yang sesuai."
|
||
|
||
msgid ""
|
||
"Replace ``MANAGEMENT_IP`` with the management IP address of your controller "
|
||
"node."
|
||
msgstr ""
|
||
"Ganti `` MANAGEMENT_IP`` dengan alamat IP manajemen dari node controller "
|
||
"Anda."
|
||
|
||
msgid ""
|
||
"Reported security bugs that are found to be the result of a "
|
||
"misconfiguration, or are not strictly part of OpenStack are drafted into "
|
||
"OpenStack Security Notes (OSSNs). These include configuration issues such as "
|
||
"ensuring Identity provider mappings as well as non-OpenStack but critical "
|
||
"issues such as the Bashbug/Ghost or Venom vulnerabilities that affect the "
|
||
"platform OpenStack utilizes. The current set of OSSNs is in the `Security "
|
||
"Note wiki <https://wiki.openstack.org/wiki/Security_Notes>`_."
|
||
msgstr ""
|
||
"Bug keamanan yang dilaporkan yang ditemukan sebagai akibat dari kesalahan "
|
||
"konfigurasi, atau bukan bagian dari OpenStack yang dikonsep secara otomatis "
|
||
"ke dalam OpenStack Security Notes (OSSNs). Ini termasuk masalah konfigurasi "
|
||
"seperti memastikan pemetaan penyedia Identity serta non-OpenStack tetapi "
|
||
"masalah kritis seperti kerentanan Bashbug / Ghost atau Venom yang "
|
||
"memengaruhi platform yang digunakan OpenStack. Set OSSN saat ini ada di "
|
||
"`Security Note wiki <https://wiki.openstack.org/wiki/Security_Notes>` _."
|
||
|
||
msgid ""
|
||
"Reported security bugs that are found to be the result of a "
|
||
"misconfiguration, or are not strictly part of OpenStack, are drafted into "
|
||
"OpenStack Security Notes (OSSNs). These include configuration issues such as "
|
||
"ensuring identity provider mappings as well as non-OpenStack, but critical, "
|
||
"issues such as the Bashbug/Ghost or Venom vulnerabilities that affect the "
|
||
"platform OpenStack utilizes. The current set of OSSNs is in the `Security "
|
||
"Note wiki <https://wiki.openstack.org/wiki/Security_Notes>`_."
|
||
msgstr ""
|
||
"Bug keamanan yang dilaporkan yang ditemukan sebagai hasil misconfiguration, "
|
||
"atau tidak secara ketat merupakan bagian dari OpenStack, dirancang ke dalam "
|
||
"OpenStack Security Notes (OSSNs). Ini termasuk masalah konfigurasi seperti "
|
||
"memastikan pemetaan penyedia identitas dan juga masalah non-OpenStack, namun "
|
||
"kritis, seperti kerentanan Bashbug/Ghost atau Venom yang mempengaruhi "
|
||
"platform yang digunakan OpenStack. Kumpulan OSSN saat ini ada di `Security "
|
||
"Note wiki <https://wiki.openstack.org/wiki/Security_Notes>`_."
|
||
|
||
msgid "Require user accounts to require SSL transport"
|
||
msgstr "Perlu akun pengguna untuk meminta transport SSL"
|
||
|
||
msgid "Required for dynamic attestation services"
|
||
msgstr "Diperlukan untuk layanan pengesahan dinamis"
|
||
|
||
msgid "Required for protecting PCI-passthrough"
|
||
msgstr "Diperlukan untuk melindungi PCI-passthrough"
|
||
|
||
msgid "Required to allow secure sharing of PCI Express devices"
|
||
msgstr "Diperlukan untuk mengizinkan berbagi perangkat PCI Express yang aman"
|
||
|
||
msgid ""
|
||
"Requires user passwords to conform to minimum standards for length, "
|
||
"diversity of characters, expiration, or failed login attempts. In an "
|
||
"external authentication scenario this would be the password policy on the "
|
||
"original identity store."
|
||
msgstr ""
|
||
"Memerlukan password pengguna agar sesuai dengan standar panjang minimum, "
|
||
"keragaman karakter, kekedaluwarsaan, atau usaha login yang gagal. Dalam "
|
||
"skenario otentikasi eksternal, ini adalah kebijakan password pada identity "
|
||
"store aslinya."
|
||
|
||
msgid "Resource based filters"
|
||
msgstr "Filter berbasis sumber daya"
|
||
|
||
msgid "Resources"
|
||
msgstr "Sumber daya"
|
||
|
||
msgid ""
|
||
"Responsible for managing Shared File Service devices, specifically the back-"
|
||
"end devices."
|
||
msgstr ""
|
||
"Bertanggung jawab untuk mengelola perangkat Shared File Service, khususnya "
|
||
"perangkat back-end."
|
||
|
||
msgid ""
|
||
"Responsible for scheduling and routing requests to the appropriate ``manila-"
|
||
"share`` service. It does that by picking one back-end while filtering all "
|
||
"except one back-end."
|
||
msgstr ""
|
||
"Bertanggung jawab atas penjadwalan dan permintaan routing ke layanan `manila-"
|
||
"share` yang sesuai. Hal itu dilakukan dengan memilih satu back-end sambil "
|
||
"menyaring semua kecuali satu back-end."
|
||
|
||
msgid "Restart Apache:"
|
||
msgstr "Restart Apache:"
|
||
|
||
msgid "Restart the Shibboleth daemon:"
|
||
msgstr "Restart daemon Shibboleth:"
|
||
|
||
msgid "Restrict DB and RPC communication of the OpenStack Networking services"
|
||
msgstr "Batasi komunikasi DB dan RPC dari layanan OpenStack Networking"
|
||
|
||
msgid "Restrict bind address of the API server: neutron-server"
|
||
msgstr "Batasi alamat pengikat dari server API: neutron-server"
|
||
|
||
msgid "Restricting bind address for MySQL"
|
||
msgstr "Membatasi alamat pengikat untuk MySQL"
|
||
|
||
msgid "Restricting listen address for PostgreSQL"
|
||
msgstr "Membatasi alamat mendengarkan PostgreSQL"
|
||
|
||
msgid "Review by OpenStack Security Project"
|
||
msgstr "Review oleh OpenStack Security Project"
|
||
|
||
msgid ""
|
||
"Review by a third party review body, with validation from the OpenStack "
|
||
"Security Project"
|
||
msgstr ""
|
||
"Review oleh badan review pihak ketiga, dengan pengesahan dari OpenStack "
|
||
"Security Project"
|
||
|
||
msgid "Review common security principles."
|
||
msgstr "Tinjau kembali prinsip keamanan bersama."
|
||
|
||
msgid "Risk assessment"
|
||
msgstr "Penilaian Risiko"
|
||
|
||
msgid ""
|
||
"Robert Clark is the Lead Security Architect for HP Cloud Services and co-"
|
||
"founder of the OpenStack Security Group (OSSG). Prior to being recruited by "
|
||
"HP, he worked in the UK Intelligence Community. Robert has a strong "
|
||
"background in threat modeling, security architecture and virtualization "
|
||
"technology. Robert has a master's degree in Software Engineering from the "
|
||
"University of Wales."
|
||
msgstr ""
|
||
"Robert Clark adalah Lead Security Architect untuk HP Cloud Services dan "
|
||
"salah satu pendiri OpenStack Security Group (OSSG). Sebelum direkrut oleh "
|
||
"HP, dia bekerja di UK Intelligence Community. Robert memiliki latar belakang "
|
||
"yang kuat dalam pemodelan ancaman, arsitektur keamanan dan teknologi "
|
||
"virtualisasi. Robert memiliki gelar master di bidang Software Engineering "
|
||
"dari University of Wales."
|
||
|
||
msgid "Role-Based Access Control"
|
||
msgstr "Role-Based Access Control"
|
||
|
||
msgid ""
|
||
"Role-based access control (RBAC) allows separation of roles to eliminate the "
|
||
"need for an all-powerful system administrator."
|
||
msgstr ""
|
||
"Role-based access control (RBAC) memungkinkan pemisahan peran untuk "
|
||
"menghilangkan kebutuhan akan administrator sistem yang hebat."
|
||
|
||
msgid "Role-based access control policies"
|
||
msgstr "Kebijakan kontrol akses berbasis peran"
|
||
|
||
msgid "Rootwrap"
|
||
msgstr "Rootwrap"
|
||
|
||
msgid "Rsync [1]_"
|
||
msgstr "Rsync [1]_"
|
||
|
||
msgid "Run services as non-root user"
|
||
msgstr "Jalankan layanan sebagai pengguna non-root"
|
||
|
||
msgid ""
|
||
"Run the Identity service under Apache, instead of using ``keystone-all``."
|
||
msgstr ""
|
||
"Jalankan layanan Identity di bawah Apache, daripada menggunakan ``keystone-"
|
||
"all``."
|
||
|
||
msgid ""
|
||
"Run the cloud related services such as the OpenStack Identity service, the "
|
||
"message queuing service, storage, networking, and other services required to "
|
||
"support the operation of the cloud."
|
||
msgstr ""
|
||
"Jalankan layanan terkait awan seperti layanan OpenStack Identity, layanan "
|
||
"antrean pesan, penyimpanan, jaringan, dan layanan lainnya yang diperlukan "
|
||
"untuk mendukung pengoperasian awan."
|
||
|
||
msgid "Run the following commands:"
|
||
msgstr "Jalankan perintah berikut:"
|
||
|
||
msgid ""
|
||
"Runs on each compute node to manage local virtual switch (vswitch) "
|
||
"configuration. The plug-in that you use determine which agents run. This "
|
||
"service requires message queue access and depends on the plugin used. *Some "
|
||
"plugins like OpenDaylight(ODL) and Open Virtual Network (OVN) do not require "
|
||
"any python agents on compute nodes.*"
|
||
msgstr ""
|
||
"Jalankan pada setiap node untuk mengelola konfigurasi virtual switch "
|
||
"(vswitch) lokal. Plug-in yang Anda gunakan menentukan agen mana yang "
|
||
"dijalankan. Layanan ini membutuhkan akses antrian pesan dan tergantung pada "
|
||
"plugin yang digunakan. *Some plugins like OpenDaylight(ODL) and Open "
|
||
"Virtual Network (OVN) do not require any python agents on compute nodes.*"
|
||
|
||
msgid "Runtime verification"
|
||
msgstr "Verifikasi runtime"
|
||
|
||
msgid "SAML assertion"
|
||
msgstr "SAML assertion"
|
||
|
||
msgid ""
|
||
"SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking "
|
||
"servers that are turned off <https://isc.sans.edu/diary/IPMI%3A+Hacking"
|
||
"+servers+that+are+turned+%22off%22/13399>`__"
|
||
msgstr ""
|
||
"SANS Technology Institute, InfoSec Handlers Diary Blog. 2012. `Hacking "
|
||
"servers that are turned off <https://isc.sans.edu/diary/IPMI%3A+Hacking"
|
||
"+servers+that+are+turned+%22off%22/13399>`__"
|
||
|
||
msgid ""
|
||
"SDN services node: Management, guest and possibly public depending upon "
|
||
"product used."
|
||
msgstr ""
|
||
"SDN services node: Management, guest dan mungkin publik tergantung produk "
|
||
"yang digunakan."
|
||
|
||
msgid ""
|
||
"SELinux Project, SVirt. 2011. `http://selinuxproject.org/page/SVirt <http://"
|
||
"selinuxproject.org/page/SVirt>`_"
|
||
msgstr ""
|
||
"SELinux Project, SVirt. 2011. `http://selinuxproject.org/page/SVirt <http://"
|
||
"selinuxproject.org/page/SVirt>`_"
|
||
|
||
msgid ""
|
||
"SELinux manages user roles. These can be viewed through the ``-Z`` flag, or "
|
||
"with the :command:`semanage` command. On the hypervisor, only administrators "
|
||
"should be able to access the system, and should have an appropriate context "
|
||
"around both the administrative users and any other users that are on the "
|
||
"system. For more information, see the `SELinux users documentation <http://"
|
||
"selinuxproject.org/page/BasicConcepts#Users>`_."
|
||
msgstr ""
|
||
"SELinux mengelola peran pengguna. Ini dapat dilihat melalui flag ``-Z``, "
|
||
"atau dengan perintah :command: `semanage`. Pada hypervisor, hanya "
|
||
"administrator yang harus dapat mengakses sistem, dan harus memiliki konteks "
|
||
"yang sesuai di seputar pengguna administratif dan pengguna lain yang berada "
|
||
"di sistem. Untuk informasi lebih lanjut, lihat `SELinux users documentation "
|
||
"<http://selinuxproject.org/page/BasicConcepts#Users> `_."
|
||
|
||
msgid "SELinux users and roles"
|
||
msgstr "Pengguna dan peran SELinux"
|
||
|
||
msgid "SHA-1"
|
||
msgstr "SHA-1"
|
||
|
||
msgid "SHA-1 is used here because this is what the TPM chips support."
|
||
msgstr ""
|
||
"SHA-1 digunakan disini karena ini adalah apa yang didukung oleh chip TPM."
|
||
|
||
msgid "SHA-2 (224, 256, 384, or 512 bits)"
|
||
msgstr "SHA-2 (224, 256, 384, atau 512 bits)"
|
||
|
||
msgid "SOC 1 (SSAE 16) / ISAE 3402"
|
||
msgstr "SOC 1 (SSAE 16) / ISAE 3402"
|
||
|
||
msgid "SOC 2"
|
||
msgstr "SOC 2"
|
||
|
||
msgid "SOC 3"
|
||
msgstr "SOC 3"
|
||
|
||
msgid ""
|
||
"SPICE is supported by the OpenStack Dashboard (horizon) directly on the "
|
||
"instance web page. This requires the ``nova-spicehtml5proxy`` service."
|
||
msgstr ""
|
||
"SPICE didukung oleh OpenStack Dashboard (horizon) langsung pada halaman web "
|
||
"instance. Ini membutuhkan layanan ``nova-spicehtml5proxy``."
|
||
|
||
msgid "SR-IOV, MR-IOV, ATS"
|
||
msgstr "SR-IOV, MR-IOV, ATS"
|
||
|
||
msgid "SSL/TLS on same physical hosts as API endpoints"
|
||
msgstr "SSL/TLS pada host fisik yang sama dengan endpoint API"
|
||
|
||
msgid "SSL/TLS over load balancer"
|
||
msgstr "SSL/TLS over load balancer"
|
||
|
||
msgid "SSL/TLS proxy in front"
|
||
msgstr "Proxy SSL/TLS di depan"
|
||
|
||
msgid "Sahara"
|
||
msgstr "Sahara"
|
||
|
||
msgid ""
|
||
"Sahara generates and stores several passwords during the course of "
|
||
"operation. To harden sahara’s usage of passwords it can be instructed to use "
|
||
"an external key manager for storage and retrieval of these secrets. To "
|
||
"enable this feature, there must first be an OpenStack Key Manager service "
|
||
"deployed within the stack."
|
||
msgstr ""
|
||
"Sahara membuat dan menyimpan beberapa password selama operasi berlangsung. "
|
||
"Untuk mengeras penggunaan password sahara, hal itu dapat diinstruksikan "
|
||
"untuk menggunakan manajer kunci eksternal untuk penyimpanan dan pengambilan "
|
||
"kembali rahasia ini. Untuk mengaktifkan fitur ini, pertama-tama harus ada "
|
||
"layanan OpenStack Key Manager yang ditempatkan di dalam stack."
|
||
|
||
msgid "Salt Stack"
|
||
msgstr "Salt Stack"
|
||
|
||
msgid ""
|
||
"Sanitize portable, removable storage devices prior to connecting such "
|
||
"devices to the cloud infrastructure."
|
||
msgstr ""
|
||
"Sanitasi portabel, perangkat penyimpanan yang dapat dilepas sebelum "
|
||
"menghubungkan perangkat tersebut ke infrastruktur awan."
|
||
|
||
msgid "Scheduling instances to nodes"
|
||
msgstr "Penjadwalan instance ke node"
|
||
|
||
msgid ""
|
||
"Scope reduction helps ensure OpenStack architects establish high quality "
|
||
"security controls which are tailored to a particular deployment, however it "
|
||
"is paramount to ensure these practices do not omit areas or features from "
|
||
"security hardening. A common example is applicable to PCI-DSS guidelines, "
|
||
"where payment related infrastructure may be scrutinized for security issues, "
|
||
"but supporting services are left ignored, and vulnerable to attack."
|
||
msgstr ""
|
||
"Pengurangan ruang lingkup membantu memastikan arsitek OpenStack membentuk "
|
||
"kontrol keamanan berkualitas tinggi yang disesuaikan dengan penerapan "
|
||
"tertentu, namun sangat penting untuk memastikan praktik ini tidak "
|
||
"menghilangkan area atau fitur dari pengerasan keamanan. Contoh umum berlaku "
|
||
"untuk pedoman PCI-DSS, di mana infrastruktur terkait pembayaran dapat "
|
||
"diteliti untuk masalah keamanan, namun layanan pendukung tidak diperhatikan, "
|
||
"dan rentan diserang."
|
||
|
||
msgid "Scoped token"
|
||
msgstr "Scoped token"
|
||
|
||
msgid "Script kiddies"
|
||
msgstr "Script kiddies"
|
||
|
||
msgid "Secret key"
|
||
msgstr "Kunci rahasia (secret key)"
|
||
|
||
msgid "Secret store back ends"
|
||
msgstr "Secret store back ends"
|
||
|
||
msgid "Secret store plugins"
|
||
msgstr "Plugin penyimpanan rahasia"
|
||
|
||
msgid ""
|
||
"Secret store plugins interface with secure storage systems to store the "
|
||
"secrets within those systems. There are two types of secret store plugins: "
|
||
"the KMIP plugin and the Dogtag plugin."
|
||
msgstr ""
|
||
"Plugin penyimpanan rahasia terhubung dengan sistem penyimpanan yang aman "
|
||
"untuk menyimpan rahasia di dalam sistem tersebut. Ada dua jenis plugin "
|
||
"penyimpanan rahasia: plugin KMIP dan plugin Dogtag."
|
||
|
||
msgid "Secrets Management"
|
||
msgstr "Secrets Management (manajemen rahasia)"
|
||
|
||
msgid "Secrets Management :ref:`secrets-management`"
|
||
msgstr "Secrets Management :ref:`secrets-management`"
|
||
|
||
msgid ""
|
||
"Secrets Management describes a group of technologies that are designed to "
|
||
"protect key materials within a software system. Traditionally, key "
|
||
"management involves deployment of `Hardware Security Modules (HSM) <https://"
|
||
"en.wikipedia.org/wiki/Hardware_security_module>`_. These devices have been "
|
||
"physically hardened against tampering."
|
||
msgstr ""
|
||
"Secrets Management menguraikan sekelompok teknologi yang dirancang untuk "
|
||
"melindungi materi kunci dalam sistem perangkat lunak. Secara tradisional, "
|
||
"manajemen kunci (key management) melibatkan penyebaran `Hardware Security "
|
||
"Modules (HSM) <https://en.wikipedia.org/wiki/Hardware_security_module>` _. "
|
||
"Perangkat ini secara fisik hardened (mengeras) terhadap gangguan."
|
||
|
||
msgid ""
|
||
"Secrets that do not require keystone authentication can be stored in any "
|
||
"secret store that implements the simple key storage API that is exposed "
|
||
"through Castellan. This also includes Barbican."
|
||
msgstr ""
|
||
"Rahasia yang tidak memerlukan otentikasi keystone dapat disimpan di "
|
||
"penyimpanan rahasia manapun yang menerapkan API penyimpanan kunci sederhana "
|
||
"yang terpapar melalui Castellan. Ini juga termasuk Barbican."
|
||
|
||
msgid "Secrets that require a keystone token should be stored using Barbican."
|
||
msgstr ""
|
||
"Rahasia yang membutuhkan keystone token harus disimpan menggunakan Barbican."
|
||
|
||
msgid "Secure Communication"
|
||
msgstr "Secure Communication"
|
||
|
||
msgid "Secure backup and recovery"
|
||
msgstr "Amankan backup dan recovery"
|
||
|
||
msgid "Secure bootstrapping"
|
||
msgstr "Amankan bootstrapping"
|
||
|
||
msgid "Secure communication"
|
||
msgstr "Komunikasi yang aman"
|
||
|
||
msgid "Secure data erasure"
|
||
msgstr "Mengamankan penghapusan data"
|
||
|
||
msgid "Secure reference architectures"
|
||
msgstr "Arsitektur referensi yang aman"
|
||
|
||
msgid "Secure shell (SSH)"
|
||
msgstr "Secure shell (SSH)"
|
||
|
||
msgid "Securing OpenStack networking services"
|
||
msgstr "Mengamankan layanan jaringan OpenStack"
|
||
|
||
msgid "Securing communications using TLS"
|
||
msgstr "Mengamankan komunikasi dengan menggunakan TLS"
|
||
|
||
msgid "Securing proxy services"
|
||
msgstr "Mengamankan layanan proxy"
|
||
|
||
msgid "Securing storage services"
|
||
msgstr "Mengamankan layanan penyimpanan"
|
||
|
||
msgid ""
|
||
"Securing the Object Storage service begins with securing the networking "
|
||
"component. If you skipped the networking chapter, return to :doc:"
|
||
"`networking`."
|
||
msgstr ""
|
||
"Mengamankan layanan bject Storage dimulai dengan mengamankan komponen "
|
||
"jaringan. Jika Anda melewatkan bab jaringan, kembali ke :doc:`networking`."
|
||
|
||
msgid "Security Checklist"
|
||
msgstr "Daftar periksa keamanan"
|
||
|
||
msgid "Security Management"
|
||
msgstr "Security Management"
|
||
|
||
msgid "Security auditing tools"
|
||
msgstr "Alat audit keamanan"
|
||
|
||
msgid ""
|
||
"Security auditing tools can complement the configuration management tools. "
|
||
"Security auditing tools automate the process of verifying that a large "
|
||
"number of security controls are satisfied for a given system configuration. "
|
||
"These tools help to bridge the gap from security configuration guidance "
|
||
"documentation (for example, the STIG and NSA Guides) to a specific system "
|
||
"installation. For example, `SCAP <https://fedorahosted.org/scap-security-"
|
||
"guide/>`__ can compare a running system to a pre-defined profile. SCAP "
|
||
"outputs a report detailing which controls in the profile were satisfied, "
|
||
"which ones failed, and which ones were not checked."
|
||
msgstr ""
|
||
"Alat audit keamanan dapat melengkapi alat manajemen konfigurasi. Alat audit "
|
||
"keamanan mengotomatisasi proses verifikasi bahwa sejumlah besar kontrol "
|
||
"keamanan terpenuhi untuk konfigurasi sistem yang diberikan. Alat ini "
|
||
"membantu menjembatani kesenjangan dari dokumentasi panduan konfigurasi "
|
||
"keamanan (misalnya, the STIG and NSA Guides) ke instalasi sistem tertentu. "
|
||
"Misalnya, `SCAP <https://fedorahosted.org/scap-security-guide/>`__ dapat "
|
||
"membandingkan sistem yang berjalan dengan profil yang telah ditentukan "
|
||
"sebelumnya. SCAP mengeluarkan sebuah laporan yang merinci kontrol mana dalam "
|
||
"profil yang terpenuhi, mana yang gagal, dan mana yang tidak diperiksa."
|
||
|
||
msgid "Security boundaries and threats"
|
||
msgstr "Batas dan ancaman keamanan"
|
||
|
||
msgid ""
|
||
"Security concerns with the Identity service include trust in authentication, "
|
||
"the management of authorization tokens, and secure communication."
|
||
msgstr ""
|
||
"Masalah keamanan dengan layanan Identity meliputi kepercayaan dalam "
|
||
"otentikasi, pengelolaan token otorisasi, dan komunikasi yang aman."
|
||
|
||
msgid "Security considerations"
|
||
msgstr "Pertimbangan keamanan"
|
||
|
||
msgid ""
|
||
"Security considerations for block storage are similar to that of object "
|
||
"storage."
|
||
msgstr ""
|
||
"Pertimbangan keamanan untuk penyimpanan blok sama dengan penyimpanan objek."
|
||
|
||
msgid ""
|
||
"Security considerations for data processing should focus on data privacy and "
|
||
"secure communications to provisioned clusters."
|
||
msgstr ""
|
||
"Pertimbangan keamanan untuk pengolahan data harus berfokus pada privasi data "
|
||
"dan komunikasi yang aman ke kelompok yang ada."
|
||
|
||
msgid "Security considerations for memory optimization"
|
||
msgstr "Pertimbangan keamanan untuk pengoptimalan memori"
|
||
|
||
msgid "Security domains"
|
||
msgstr "Domain keamanan"
|
||
|
||
msgid "Security domains(s)"
|
||
msgstr "Security domains(s)"
|
||
|
||
msgid "Security function"
|
||
msgstr "Security Function (fungsi keamanan)"
|
||
|
||
msgid "Security groups"
|
||
msgstr "Kelompok keamanan"
|
||
|
||
msgid ""
|
||
"Security groups allow administrators and tenants the ability to specify the "
|
||
"type of traffic, and direction (ingress/egress) that is allowed to pass "
|
||
"through a virtual interface port. Security groups rules are stateful L2-L4 "
|
||
"traffic filters."
|
||
msgstr ""
|
||
"Kelompok keamanan memungkinkan administrator dan penyewa kemampuan untuk "
|
||
"menentukan jenis lalu lintas, dan arah (ingress/egress) yang diizinkan "
|
||
"melewati port antarmuka virtual. Aturan kelompok keamanan adalah filter lalu "
|
||
"lintas L2-L4 stateful."
|
||
|
||
msgid ""
|
||
"Security may be enhanced by requiring X.509 client certificates for "
|
||
"authentication. Authenticating to the database in this manner provides "
|
||
"greater identity assurance of the client making the connection to the "
|
||
"database and ensures that the communications are encrypted."
|
||
msgstr ""
|
||
"Keamanan dapat ditingkatkan dengan mewajibkan sertifikat klien X.509 untuk "
|
||
"otentikasi. Mengotentikasi ke database dengan cara ini memberikan jaminan "
|
||
"identitas yang lebih besar dari klien yang membuat koneksi ke database dan "
|
||
"memastikan bahwa komunikasi dienkripsi."
|
||
|
||
msgid ""
|
||
"Security monitoring controls such as intrusion detection software, antivirus "
|
||
"software, and spyware detection and removal utilities can generate logs that "
|
||
"show when and how an attack or intrusion took place. Deploying these tools "
|
||
"on the cloud machines provides value and protection. Cloud users, those "
|
||
"running instances on the cloud, may also want to run such tools on their "
|
||
"instances."
|
||
msgstr ""
|
||
"Kontrol pemantauan keamanan seperti perangkat lunak deteksi intrusi, "
|
||
"perangkat lunak antivirus, dan deteksi spyware dan utilitas penghapusan "
|
||
"dapat menghasilkan log yang menunjukkan kapan dan bagaimana serangan atau "
|
||
"gangguan terjadi. Penerapan alat ini pada mesin awan memberikan nilai dan "
|
||
"perlindungan. Pengguna awan, mereka yang menjalankan instance di atas awan, "
|
||
"mungkin juga ingin menjalankan alat semacam itu pada instance mereka."
|
||
|
||
msgid "Security principles"
|
||
msgstr "Prinsip Keamanan"
|
||
|
||
msgid "Security references for database back ends"
|
||
msgstr "Referensi keamanan untuk database back end"
|
||
|
||
msgid "Security review"
|
||
msgstr "Ulasan keamanan"
|
||
|
||
msgid ""
|
||
"Security review by the OSSP is expected to be the normal route for new "
|
||
"projects and for cases where third parties have not performed security "
|
||
"reviews or are unable to share their results. Information for projects that "
|
||
"require a security review by the OSSP will be available in the upcoming "
|
||
"security review process."
|
||
msgstr ""
|
||
"Review keamanan oleh OSSP diharapkan menjadi rute normal untuk proyek baru "
|
||
"dan untuk kasus dimana pihak ketiga belum melakukan review keamanan atau "
|
||
"tidak dapat membagikan hasilnya. Informasi untuk proyek yang memerlukan "
|
||
"review keamanan oleh OSSP akan tersedia dalam proses review keamanan yang "
|
||
"akan datang."
|
||
|
||
msgid "Security reviews"
|
||
msgstr "Tinjauan keamanan"
|
||
|
||
msgid "Security services"
|
||
msgstr "Layanan keamanan"
|
||
|
||
msgid "Security services for instances"
|
||
msgstr "Layanan Security untuk instance"
|
||
|
||
msgid "Security services management"
|
||
msgstr "Manajemen layanan keamanan"
|
||
|
||
msgid "Security training"
|
||
msgstr "Pelatihan keamanan"
|
||
|
||
msgid ""
|
||
"Security updates are critical to any IaaS deployment, whether private or "
|
||
"public. Vulnerable systems expand attack surfaces, and are obvious targets "
|
||
"for attackers. Common scanning technologies and vulnerability notification "
|
||
"services can help mitigate this threat. It is important that scans are "
|
||
"authenticated and that mitigation strategies extend beyond simple perimeter "
|
||
"hardening. Multi-tenant architectures such as OpenStack are particularly "
|
||
"prone to hypervisor vulnerabilities, making this a critical part of the "
|
||
"system for vulnerability management."
|
||
msgstr ""
|
||
"Pembaruan keamanan sangat penting untuk penyebaran IaaS, baik pribadi maupun "
|
||
"publik. Sistem yang rentan memperluas permukaan serangan, dan merupakan "
|
||
"target yang jelas bagi penyerang. Teknologi pemindaian umum dan layanan "
|
||
"pemberitahuan kerentanan dapat membantu mengurangi ancaman ini. Penting agar "
|
||
"pemindaian diautentikasi dan strategi mitigasi melampaui pengerasan "
|
||
"perimeter sederhana. Arsitektur multi-tenant seperti OpenStack sangat rentan "
|
||
"terhadap kerentanan hypervisor, menjadikannya bagian penting dari sistem "
|
||
"pengelolaan kerentanan."
|
||
|
||
msgid ""
|
||
"See the chapter on :doc:`../secure-communication` for more specific "
|
||
"recommendations and server configurations for HTTPS configurations, "
|
||
"including the configuration of HSTS."
|
||
msgstr ""
|
||
"Lihat bab di :doc:`../secure-communication` untuk rekomendasi lebih spesifik "
|
||
"dan konfigurasi server untuk konfigurasi HTTPS, termasuk konfigurasi HSTS."
|
||
|
||
msgid "Segmented network in *share servers* back-end mode"
|
||
msgstr "Jaringan tersegmentasi di *share servers * mode back-end"
|
||
|
||
msgid "Select an auditor."
|
||
msgstr "Pilih auditor."
|
||
|
||
msgid ""
|
||
"Selecting an auditor can be challenging. Ideally, you are looking for "
|
||
"someone with experience in cloud compliance audits. OpenStack experience is "
|
||
"another big plus. Often it is best to consult with people who have been "
|
||
"through this process for referrals. Cost can vary greatly depending on the "
|
||
"scope of the engagement and the audit firm considered."
|
||
msgstr ""
|
||
"Memilih auditor bisa menjadi tantangan. Idealnya, Anda mencari seseorang "
|
||
"yang berpengalaman dalam audit kepatuhan awan. Pengalaman OpenStack adalah "
|
||
"plus besar lainnya. Seringkali yang terbaik adalah berkonsultasi dengan "
|
||
"orang-orang yang telah melalui proses ini untuk referensi. Biaya dapat "
|
||
"sangat bervariasi tergantung pada cakupan perjanjian dan perusahaan audit "
|
||
"yang dipertimbangkan."
|
||
|
||
msgid "Selecting supporting software"
|
||
msgstr "Memilih perangkat lunak pendukung"
|
||
|
||
msgid "Selection criteria"
|
||
msgstr "Kriteria seleksi"
|
||
|
||
msgid ""
|
||
"Selects highest possible security cipher in the negotiation phase. These "
|
||
"typically have keys of length 128 bits or longer."
|
||
msgstr ""
|
||
"Memilih sekuriti keamanan tertinggi dalam tahap negosiasi. Ini biasanya "
|
||
"memiliki kunci dengan panjang 128 bit atau lebih."
|
||
|
||
msgid "Serious organized crime"
|
||
msgstr "Kejahatan terorganisir serius"
|
||
|
||
msgid "Serpent"
|
||
msgstr "Serpent"
|
||
|
||
msgid "Server hardening"
|
||
msgstr "Pengerasan server"
|
||
|
||
msgid ""
|
||
"Servers in the cloud, including undercloud and overcloud infrastructure, "
|
||
"should implement hardening best practices. As OS and server hardening is "
|
||
"common, applicable best practices including but not limited to logging, user "
|
||
"account restrictions, and regular updates will not be covered here, but "
|
||
"should be applied to all infrastructure."
|
||
msgstr ""
|
||
"Server di awan, termasuk infrastruktur yang undercloud dan overcloud, harus "
|
||
"menerapkan praktik terbaik pengerasan. Karena pengerasan OS dan server biasa "
|
||
"terjadi, praktik terbaik yang berlaku termasuk namun tidak terbatas pada "
|
||
"logging, batasan akun pengguna, dan pembaruan reguler tidak akan dibahas di "
|
||
"sini, namun harus diterapkan pada semua infrastruktur."
|
||
|
||
msgid "Service"
|
||
msgstr "Service"
|
||
|
||
msgid ""
|
||
"Service Organization Controls (SOC) 2 is a self attestation of controls that "
|
||
"affect the security, availability, and processing integrity of the systems a "
|
||
"service organization uses to process users' data and the confidentiality and "
|
||
"privacy of information processed by these system. Examples of users are "
|
||
"those responsible for governance of the service organization, customers of "
|
||
"the service organization, regulators, business partners, suppliers, and "
|
||
"others who have an understanding of the service organization and its "
|
||
"controls."
|
||
msgstr ""
|
||
"Service Organization Controls (SOC) 2 adalah pengesahan diri terhadap "
|
||
"kontrol yang mempengaruhi keamanan, ketersediaan, dan integritas proses "
|
||
"sistem yang digunakan oleh organisasi layanan untuk memproses data pengguna "
|
||
"dan kerahasiaan dan privasi informasi yang diproses oleh sistem ini. Contoh "
|
||
"pengguna adalah mereka yang bertanggung jawab atas tata kelola organisasi "
|
||
"layanan, pelanggan dari organisasi layanan, regulator, mitra bisnis, "
|
||
"pemasok, dan pihak lain yang memiliki pemahaman tentang organisasi layanan "
|
||
"dan kontrolnya."
|
||
|
||
msgid ""
|
||
"Service Organization Controls (SOC) 3 is a trust services report for service "
|
||
"organizations. These reports are designed to meet the needs of users who "
|
||
"want assurance on the controls at a service organization related to "
|
||
"security, availability, processing integrity, confidentiality, or privacy "
|
||
"but do not have the need for or the knowledge necessary to make effective "
|
||
"use of a SOC 2 Report. These reports are prepared using the AICPA/Canadian "
|
||
"Institute of Chartered Accountants (CICA) Trust Services Principles, "
|
||
"Criteria, and Illustrations for Security, Availability, Processing "
|
||
"Integrity, Confidentiality, and Privacy. Because they are general use "
|
||
"reports, SOC 3 Reports can be freely distributed or posted on a website as a "
|
||
"seal."
|
||
msgstr ""
|
||
"Service Organization Controls (SOC) 3 adalah laporan layanan kepercayaan "
|
||
"untuk organisasi layanan. Laporan ini dirancang untuk memenuhi kebutuhan "
|
||
"pengguna yang menginginkan kepastian kontrol pada organisasi layanan yang "
|
||
"berkaitan dengan keamanan, ketersediaan, integritas pemrosesan, kerahasiaan, "
|
||
"atau privasi namun tidak memerlukan atau pengetahuan yang diperlukan untuk "
|
||
"memanfaatkan secara efektif SOC 2 Report. Laporan ini disiapkan dengan "
|
||
"menggunakan AICPA/Canadian Institute of Chartered Accountants (CICA) Trust "
|
||
"Services Principles, Criteria, and Illustrations for Security, Availability, "
|
||
"Processing Integrity, Confidentiality, and Privacy. Karena mereka adalah "
|
||
"laporan penggunaan umum, SOC 3 Reports dapat didistribusikan secara gratis "
|
||
"atau diposkan di situs web sebagai meterai."
|
||
|
||
msgid ""
|
||
"Service Organization Controls (SOC) criteria are defined by the `American "
|
||
"Institute of Certified Public Accountants <http://www.aicpa.org/>`_ (AICPA). "
|
||
"SOC controls assess relevant financial statements and assertions of a :term:"
|
||
"`service provider`, such as compliance with the Sarbanes-Oxley Act. SOC 1 is "
|
||
"a replacement for Statement on Auditing Standards No. 70 (SAS 70) Type II "
|
||
"report. These controls commonly include physical data centers in scope."
|
||
msgstr ""
|
||
"Kriteria Service Organization Controls (SOC) didefinisikan oleh `American "
|
||
"Institute of Certified Public Accountants <http://www.aicpa.org/>`_ (AICPA). "
|
||
"Kontrol SOC menilai laporan keuangan dan asersi yang relevan dari :term:"
|
||
"`service provider`, seperti kepatuhan terhadap Sarbanes-Oxley Act. SOC 1 "
|
||
"adalah pengganti Statement on Auditing Standards No. 70 (SAS 70) Tipe II "
|
||
"report. Kontrol ini biasanya mencakup cakupan data fisik."
|
||
|
||
msgid "Service Provider (SP)"
|
||
msgstr "Service Provider (SP)"
|
||
|
||
msgid "Service architecture diagram"
|
||
msgstr "Diagram arsitektur layanan"
|
||
|
||
msgid "Service authorization"
|
||
msgstr "Otorisasi layanan"
|
||
|
||
msgid "Service name"
|
||
msgstr "Service name"
|
||
|
||
msgid ""
|
||
"Services select their respective API endpoints based on the OpenStack "
|
||
"service catalog. These services might not obey the listed public or internal "
|
||
"API end point values. This can lead to internal management traffic being "
|
||
"routed to external API endpoints."
|
||
msgstr ""
|
||
"Layanan memilih endpoints API masing-masing berdasarkan katalog layanan "
|
||
"OpenStack. Layanan ini mungkin tidak mematuhi nilai endpoints API publik "
|
||
"atau internal yang terdaftar. Hal ini dapat menyebabkan lalu lintas "
|
||
"manajemen internal diarahkan ke endpoints API eksternal."
|
||
|
||
msgid "Services, protocols, and ports"
|
||
msgstr "Layanan, protokol, dan port"
|
||
|
||
msgid ""
|
||
"Services, protocols, and ports being utilized in the OpenStack deployment."
|
||
msgstr "Layanan, protokol, dan port yang digunakan dalam pengerahan OpenStack."
|
||
|
||
msgid "Session back end"
|
||
msgstr "Sesi back end"
|
||
|
||
msgid "Session cookies should be set to HTTPONLY:"
|
||
msgstr "Cookie sesi harus diatur ke HTTPONLY:"
|
||
|
||
msgid "Setting Identity service as Identity Provider"
|
||
msgstr "Menetapkan layanan Identity sebagai Identity Provider"
|
||
|
||
msgid ""
|
||
"Setting ``ENFORCE_PASSWORD_CHECK`` to True will display an 'Admin Password' "
|
||
"field on the Change Password form to verify that it is indeed the admin "
|
||
"logged-in who wants to change the password."
|
||
msgstr ""
|
||
"Menetapkan ``ENFORCE_PASSWORD_CHECK`` ke True akan menampilkan field 'Admin "
|
||
"Password' pada form Change Password untuk memverifikasi bahwa memang admin "
|
||
"logged-in yang ingin mengganti kata sandinya."
|
||
|
||
msgid ""
|
||
"Several cryptography algorithms are available within OpenStack for "
|
||
"identification and authorization, data transfer and protection of data at "
|
||
"rest. When selecting a hypervisor, we recommend the following algorithms and "
|
||
"implementation standards:"
|
||
msgstr ""
|
||
"Beberapa algoritma kriptografi tersedia di dalam OpenStack untuk "
|
||
"identifikasi dan otorisasi, transfer data dan perlindungan data saat "
|
||
"istirahat. Saat memilih hypervisor, kami menganjurkan algoritma dan standar "
|
||
"implementasi berikut:"
|
||
|
||
msgid ""
|
||
"Several features related to image signing are now available in OpenStack. As "
|
||
"of the Mitaka release, the Image service can verify these signed images, "
|
||
"and, to provide a full chain of trust, the Compute service has the option to "
|
||
"perform image signature verification prior to image boot. Successful "
|
||
"signature validation before image boot ensures the signed image hasn't "
|
||
"changed. With this feature enabled, unauthorized modification of images (e."
|
||
"g., modifying the image to include malware or rootkits) can be detected."
|
||
msgstr ""
|
||
"Beberapa fitur yang terkait dengan penandatanganan image sekarang tersedia "
|
||
"di OpenStack. Pada rilis Mitaka, layanan Image dapat memverifikasi image "
|
||
"yang ditandatangani ini, dan, untuk menyediakan rantai kepercayaan penuh, "
|
||
"layanan Compute memiliki opsi untuk melakukan verifikasi tanda tangan image "
|
||
"sebelum melakukan booting image. Validasi tanda tangan yang berhasil sebelum "
|
||
"boot image memastikan image yang ditandatangani tidak berubah. Dengan fitur "
|
||
"ini diaktifkan, modifikasi image yang tidak sah (mis., memodifikasi image "
|
||
"untuk menyertakan perangkat lunak perusak atau rootkit) dapat terdeteksi."
|
||
|
||
msgid ""
|
||
"Several of the components use databases though it is not explicitly called "
|
||
"out. Securing database access is yet another security concern, and "
|
||
"consequently discussed in more detail later in this guide."
|
||
msgstr ""
|
||
"Beberapa komponen menggunakan database meskipun tidak secara eksplisit "
|
||
"dipanggil. Pengamanan akses database adalah masalah keamanan lainnya, dan "
|
||
"akibatnya dibahas lebih rinci nanti dalam panduan ini."
|
||
|
||
msgid "Share access control"
|
||
msgstr "Share (membagi) kontrol akses"
|
||
|
||
msgid "Share back ends modes"
|
||
msgstr "Share back ends modes"
|
||
|
||
msgid ""
|
||
"Share drivers use data in the security service to configure newly created "
|
||
"share servers."
|
||
msgstr ""
|
||
"Share driver menggunakan data dalam layanan keamanan untuk mengkonfigurasi "
|
||
"share server yang baru dibuat."
|
||
|
||
msgid "Share servers mode"
|
||
msgstr "Share servers mode"
|
||
|
||
msgid "Share type access control"
|
||
msgstr "Bagikan jenis kontrol akses"
|
||
|
||
msgid ""
|
||
"Share types can be created as *public* and *private*. This is the level of "
|
||
"visibility for the share type that defines whether other tenants can or "
|
||
"cannot see it in a share types list and use it to create a new share."
|
||
msgstr ""
|
||
"Jenis share dapat dibuat sebagai *public* dan *private*. Ini adalah tingkat "
|
||
"visibilitas untuk tipe share yang menentukan apakah penyewa lain dapat atau "
|
||
"tidak dapat melihatnya dalam daftar jenis share dan menggunakannya untuk "
|
||
"membuat share baru."
|
||
|
||
msgid "Shared File Systems"
|
||
msgstr "Shared File Systems (sistem file bersama)"
|
||
|
||
msgid ""
|
||
"Shared File Systems service has its own role-based access policies. They "
|
||
"determine which user can access which objects in which way, and are defined "
|
||
"in the service's ``policy.json`` file."
|
||
msgstr ""
|
||
"Layanan Shared File Systems memiliki kebijakan akses berbasis perannya "
|
||
"sendiri. Mereka menentukan pengguna mana yang dapat mengakses objek mana "
|
||
"dengan cara mana, dan didefinisikan di file ``policy.json`` layanan."
|
||
|
||
msgid ""
|
||
"Shawn Wells is the Director, Innovation Programs at Red Hat, focused on "
|
||
"improving the process of adopting, contributing to, and managing open source "
|
||
"technologies within the U.S. Government. Additionally, Shawn is an upstream "
|
||
"maintainer of the SCAP Security Guide project which forms virtualization and "
|
||
"operating system hardening policy with the U.S. Military, NSA, and DISA. "
|
||
"Formerly aa NSA civilian, Shawn developed SIGINT collection systems "
|
||
"utilizing large distributed computing infrastructures."
|
||
msgstr ""
|
||
"Shawn Wells adalah Direktur, Innovation Programs di Red Hat, yang berfokus "
|
||
"pada peningkatan proses adopsi, kontribusi, dan pengelolaan teknologi open "
|
||
"source di dalam Pemerintah A.S. Selain itu, Shawn adalah pengelola hulu dari "
|
||
"proyek SCAP Security Guide yang membentuk kebijakan pengerasan sistem "
|
||
"virtualisasi dan operasi dengan AS, NSA, dan DISA. Dahulu aa NSA sipil, "
|
||
"Shawn mengembangkan sistem pengumpulan SIGINT yang memanfaatkan "
|
||
"infrastruktur komputasi terdistribusi besar."
|
||
|
||
msgid ""
|
||
"Signed public key certificates are data structures that have verifiable data "
|
||
"of an entity, its public key along with some other attributes. These "
|
||
"certificates are issued by a Certificate Authority (CA). As the certificates "
|
||
"are signed by a CA that is trusted, once verified, the public key associated "
|
||
"with the entity is guaranteed to be associated with the said entity. The "
|
||
"most common standard used to define these certificates is the :term:`X.509` "
|
||
"standard. The :term:`X.509` v3 which is the current standard is described in "
|
||
"detail in `RFC5280 <http://tools.ietf.org/html/5280>`_. Certificates are "
|
||
"issued by CAs as a mechanism to prove the identity of online entities. The "
|
||
"CA digitally signs the certificate by creating a message digest from the "
|
||
"certificate and encrypting the digest with its private key."
|
||
msgstr ""
|
||
"Sertifikat kunci publik yang masuk adalah struktur data yang memiliki data "
|
||
"yang dapat diverifikasi dari suatu entitas, kunci publiknya beserta beberapa "
|
||
"atribut lainnya. Sertifikat ini dikeluarkan oleh Certificate Authority (CA). "
|
||
"Karena sertifikat ditandatangani oleh CA yang dipercaya, setelah "
|
||
"diverifikasi, kunci publik yang terkait dengan entitas dijamin terkait "
|
||
"dengan entitas tersebut. Standar yang paling umum digunakan untuk "
|
||
"mendefinisikan sertifikat ini adalah : erm: `X.509` standard. The :term: "
|
||
"`X.509` v3 yang merupakan standar saat ini dijelaskan secara rinci di "
|
||
"`RFC5280 <http://tools.ietf.org/html/5280> `_. Sertifikat dikeluarkan oleh "
|
||
"CA sebagai mekanisme untuk membuktikan identitas entitas online. CA secara "
|
||
"digital menandatangani sertifikat dengan membuat pesan yang dicerna dari "
|
||
"sertifikat dan mengenkripsi mencerna dengan kunci privatnya."
|
||
|
||
msgid ""
|
||
"Similar to host-based tools, the selection and configuration of a network-"
|
||
"based intrusion detection tool is deployment specific. `Snort <https://www."
|
||
"snort.org/>`__ is the leading open source networking intrusion detection "
|
||
"tool, and a good starting place to learn more."
|
||
msgstr ""
|
||
"Serupa dengan alat berbasis host, pemilihan dan konfigurasi alat deteksi "
|
||
"intrusi berbasis jaringan adalah pengerahan yang spesifik. `Snort <https://"
|
||
"www.snort.org/>` __ adalah alat deteksi intrusi jaringan sumber terbuka "
|
||
"terkemuka, dan tempat awal yang baik untuk belajar lebih banyak."
|
||
|
||
msgid ""
|
||
"Similar to other OpenStack projects, the Shared File Systems service is "
|
||
"registered with the Identity service, so you can find API endpoints of the "
|
||
"share service v1 and v2 using **manila endpoints** command:"
|
||
msgstr ""
|
||
"Serupa dengan proyek OpenStack lainnya, layanan Shared File Systems "
|
||
"didaftarkan pada layanan Identity, sehingga Anda dapat menemukan API "
|
||
"endpoint dari layanan share v1 dan v2 menggunakan perintah **manila "
|
||
"endpoints **:"
|
||
|
||
msgid ""
|
||
"Similar to previous check (:ref:`check_block_05`), we recommend that all "
|
||
"components communicate with each other using a secured communication "
|
||
"protocol."
|
||
msgstr ""
|
||
"Serupa dengan sebelumnya cek (:ref:`check_block_05`), kami merekomendasikan "
|
||
"agar semua komponen berkomunikasi satu sama lain menggunakan protokol "
|
||
"komunikasi aman."
|
||
|
||
msgid ""
|
||
"Similar to previous check (:ref:`check_shared_fs_05`), it is recommended all "
|
||
"the components must communicate with each other using a secured "
|
||
"communication protocol."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya (:ref:`check_shared_fs_05`), disarankan semua "
|
||
"komponen harus berkomunikasi satu sama lain menggunakan protokol komunikasi "
|
||
"aman."
|
||
|
||
msgid ""
|
||
"Similar to the previous check, it is recommended not to reveal password "
|
||
"fields."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya, disarankan untuk tidak mengungkapkan field "
|
||
"kata kunci."
|
||
|
||
msgid ""
|
||
"Similar to the previous check, it is recommended to enable secure "
|
||
"communication on API server."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya, disarankan untuk mengaktifkan komunikasi yang "
|
||
"aman di server API."
|
||
|
||
msgid ""
|
||
"Similar to the previous check, it is recommended to set strict access "
|
||
"permissions for such configuration files."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya, disarankan untuk menetapkan izin akses yang "
|
||
"ketat untuk file konfigurasi tersebut."
|
||
|
||
msgid ""
|
||
"Similar to the previous check, we recommend setting strict access "
|
||
"permissions for such configuration files."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya, kami menyarankan untuk menetapkan izin akses "
|
||
"yang ketat untuk file konfigurasi tersebut."
|
||
|
||
msgid ""
|
||
"Similar to the previous check, we recommend to set strict access permissions "
|
||
"for such configuration files."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya, kami menyarankan untuk menetapkan izin akses "
|
||
"yang ketat untuk file konfigurasi tersebut."
|
||
|
||
msgid ""
|
||
"Similar to the previous check, we recommend you set strict access "
|
||
"permissions for such configuration files."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya, sebaiknya Anda menetapkan izin akses yang "
|
||
"ketat untuk file konfigurasi tersebut."
|
||
|
||
msgid ""
|
||
"Similar to the previous check, we recommended to set strict access "
|
||
"permissions for such configuration files."
|
||
msgstr ""
|
||
"Serupa dengan cek sebelumnya, kami merekomendasikan untuk menetapkan izin "
|
||
"akses yang ketat untuk file konfigurasi tersebut."
|
||
|
||
msgid ""
|
||
"Simple Authentication and Security Layer (SASL) is a framework for "
|
||
"authentication and data security in Internet protocols. Both RabbitMQ and "
|
||
"Qpid offer SASL and other pluggable authentication mechanisms beyond simple "
|
||
"user names and passwords that allow for increased authentication security. "
|
||
"While RabbitMQ supports SASL, support in OpenStack does not currently allow "
|
||
"for requesting a specific SASL authentication mechanism. RabbitMQ support in "
|
||
"OpenStack allows for either user name and password authentication over an "
|
||
"unencrypted connection or user name and password in conjunction with X.509 "
|
||
"client certificates to establish the secure TLS connection."
|
||
msgstr ""
|
||
"Simple Authentication and Security Layer (SASL) adalah kerangka kerja untuk "
|
||
"otentikasi dan keamanan data dalam protokol Internet. Kedua RabbitMQ dan "
|
||
"Qpid menawarkan SASL dan mekanisme otentikasi pluggable lainnya di luar nama "
|
||
"pengguna dan password sederhana yang memungkinkan peningkatan keamanan "
|
||
"otentikasi. Sementara RabbitMQ mendukung SASL, dukungan di OpenStack saat "
|
||
"ini tidak mengizinkan mekanisme otentikasi SASL yang spesifik. Dukungan "
|
||
"RabbitMQ di OpenStack memungkinkan otentikasi nama pengguna dan password "
|
||
"melalui koneksi atau nama pengguna dan password yang tidak dienkripsi "
|
||
"bersamaan dengan sertifikat klien X.509 untuk menetapkan koneksi TLS yang "
|
||
"aman."
|
||
|
||
msgid "Simple Protocol for Independent Computing Environments (SPICE)"
|
||
msgstr "Simple Protocol for Independent Computing Environments (SPICE)"
|
||
|
||
msgid "Simple crypto plugin"
|
||
msgstr "Plugin kripto sederhana"
|
||
|
||
msgid ""
|
||
"Since share types due to their extra specifications help to filter or choose "
|
||
"back ends before users create a share, using access to the share types you "
|
||
"can limit clients in choice of specific back ends."
|
||
msgstr ""
|
||
"Karena jenis share menggunakan spesifikasi tambahan mereka membantu "
|
||
"menyaring atau memilih kembali sebelum pengguna membuat share, dengan "
|
||
"menggunakan akses ke jenis share Anda dapat membatasi klien dalam pilihan "
|
||
"tujuan akhir tertentu."
|
||
|
||
msgid ""
|
||
"Since the HDFS shared file system protocol uses NFS access it also can be "
|
||
"configured to authenticate via IP address."
|
||
msgstr ""
|
||
"Karena protokol sistem file shared HDFS menggunakan akses NFS, ia juga dapat "
|
||
"dikonfigurasi untuk melakukan otentikasi melalui alamat IP."
|
||
|
||
msgid ""
|
||
"Siwczak, Piotr. `Some Practical Considerations for Monitoring in the "
|
||
"OpenStack Cloud <https://www.mirantis.com/blog/openstack-monitoring/>`_. "
|
||
"2012."
|
||
msgstr ""
|
||
"Siwczak, Piotr. `Some Practical Considerations for Monitoring in the "
|
||
"OpenStack Cloud <https://www.mirantis.com/blog/openstack-monitoring/>`_. "
|
||
"2012."
|
||
|
||
msgid "Software"
|
||
msgstr "Software"
|
||
|
||
msgid "Software inventory"
|
||
msgstr "Inventarisasi perangkat lunak"
|
||
|
||
msgid ""
|
||
"Solutions to the hardware infection problem are domain specific. The "
|
||
"strategy is to identify how an instance can modify hardware state then "
|
||
"determine how to reset any modifications when the instance is done using the "
|
||
"hardware. For example, one option could be to re-flash the firmware after "
|
||
"use. There is a need to balance hardware longevity with security as some "
|
||
"firmwares will fail after a large number of writes. TPM technology, "
|
||
"described in :ref:`management-secure-bootstrapping`, is a solution for "
|
||
"detecting unauthorized firmware changes. Regardless of the strategy "
|
||
"selected, it is important to understand the risks associated with this kind "
|
||
"of hardware sharing so that they can be properly mitigated for a given "
|
||
"deployment scenario."
|
||
msgstr ""
|
||
"Solusi untuk masalah infeksi perangkat keras adalah domain yang spesifik. "
|
||
"Strateginya adalah untuk mengidentifikasi bagaimana sebuah instance dapat "
|
||
"memodifikasi keadaan perangkat keras kemudian menentukan bagaimana mengatur "
|
||
"ulang modifikasi apa pun bila instance dilakukan dengan menggunakan "
|
||
"perangkat keras. Sebagai contoh, satu pilihan bisa untuk re-flash firmware "
|
||
"setelah digunakan. Ada kebutuhan untuk menyeimbangkan umur panjang hardware "
|
||
"dengan keamanan karena beberapa Firmwares akan gagal setelah sejumlah besar "
|
||
"penulisan. Teknologi TPM, dijelaskan dalam :ref: `management-secure-"
|
||
"bootstrapping`, adalah solusi untuk mendeteksi perubahan firmware yang tidak "
|
||
"sah. Terlepas dari strategi yang dipilih, penting untuk memahami risiko yang "
|
||
"terkait dengan pembagian perangkat keras semacam ini sehingga dapat "
|
||
"dimitigasi dengan benar untuk skenario penerapan tertentu."
|
||
|
||
msgid ""
|
||
"Some back-ends such as ZFS will support copy-on-write to prevent data "
|
||
"exposure. In these cases, reads from unwritten blocks will always return "
|
||
"zero. Other back ends such as LVM may not natively support this, thus the "
|
||
"Block Storage plug-in takes the responsibility to override previously "
|
||
"written blocks before handing them to users. It is important to review what "
|
||
"assurances your chosen volume back-end provides and to see what mediations "
|
||
"may be available for those assurances not provided."
|
||
msgstr ""
|
||
"Beberapa back-end seperti ZFS akan mendukung copy-on-write untuk mencegah "
|
||
"pemaparan data. Dalam kasus ini, pembacaan dari blok tidak tertulis akan "
|
||
"selalu kembali nol. Back-end lainnya seperti LVM mungkin tidak mendukungnya "
|
||
"secara native, sehingga plug-in Block Storage bertanggung jawab untuk "
|
||
"mengganti blok yang sebelumnya ditulis sebelum menyerahkannya kepada "
|
||
"pengguna. Penting untuk meninjau kembali pilihan Anda jaminan (assurance) "
|
||
"yang tersedia untuk back-end volume dan untuk melihat mediasi apa yang "
|
||
"mungkin tersedia untuk jaminan yang tidak diberikan."
|
||
|
||
msgid ""
|
||
"Some drivers support security services and other drivers do not support any "
|
||
"of the security services mentioned above. For example, Generic Driver with "
|
||
"the NFS or the CIFS shared file system protocol supports only authentication "
|
||
"method through the IP address."
|
||
msgstr ""
|
||
"Beberapa driver mendukung layanan keamanan dan driver lainnya tidak "
|
||
"mendukung layanan keamanan yang disebutkan di atas. Sebagai contoh, Generic "
|
||
"Driver dengan NFS atau protokol file shared CIFS hanya mendukung metode "
|
||
"otentikasi melalui alamat IP."
|
||
|
||
msgid "Some important definitions:"
|
||
msgstr "Beberapa definisi penting:"
|
||
|
||
msgid "Some of the concerns with the use of SSL/TLS proxies as pictured above:"
|
||
msgstr ""
|
||
"Beberapa kekhawatiran dengan penggunaan proxy SSL/TLS seperti yang "
|
||
"digambarkan di atas:"
|
||
|
||
msgid ""
|
||
"Some share drivers may not support all types of segmentation, for details "
|
||
"see specification for the driver in use."
|
||
msgstr ""
|
||
"Beberapa share driver mungkin tidak mendukung semua jenis segmentasi, untuk "
|
||
"detail lihat spesifikasi driver yang sedang digunakan."
|
||
|
||
msgid ""
|
||
"Specific SELinux policies are available for many OpenStack services. CentOS "
|
||
"users can review these policies by `installing the selinux-policy source "
|
||
"package`_. The most up to date policies appear in `Fedora's selinux-policy`_ "
|
||
"repository. The `rawhide-contrib`_ branch has files that end in ``.te``, "
|
||
"such as ``cinder.te``, that can be used on systems running SELinux."
|
||
msgstr ""
|
||
"Kebijakan SELinux khusus tersedia untuk banyak layanan OpenStack. Pengguna "
|
||
"CentOS dapat meninjau kebijakan ini dengan `installing the selinux-policy "
|
||
"source package`_. Kebijakan yang paling mutakhir muncul di repositori "
|
||
"'selinux-policy`_ Fedora. The `rawhide-contrib`_ branch memiliki file yang "
|
||
"diakhiri dengan ``.te``, seperti ``cinder.te``, yang dapat digunakan pada "
|
||
"sistem yang menjalankan SELinux."
|
||
|
||
msgid ""
|
||
"Specific to various hypervisors is the treatment of instance memory. This "
|
||
"behavior is not defined in OpenStack Compute, although it is generally "
|
||
"expected of hypervisors that they will make a best effort to scrub memory "
|
||
"either upon deletion of an instance, upon creation of an instance, or both."
|
||
msgstr ""
|
||
"Khusus untuk berbagai hypervisor adalah perawatan memori instance. Perilaku "
|
||
"ini tidak didefinisikan dalam OpenStack Compute, meskipun pada umumnya "
|
||
"diharapkan hypervisors bahwa mereka akan melakukan upaya terbaik untuk "
|
||
"menghilangkan memori baik saat penghapusan sebuah instance, pada saat "
|
||
"pembuatan sebuah instance, atau keduanya."
|
||
|
||
msgid "Stack canaries"
|
||
msgstr "Stack canaries"
|
||
|
||
msgid "Start instance on destination host"
|
||
msgstr "Start instance di host tujuan"
|
||
|
||
msgid "Start the guest"
|
||
msgstr "Start guest"
|
||
|
||
msgid ""
|
||
"Start with a short timeout of 1 day during testing, and raise it to one year "
|
||
"after testing has shown that you have not introduced problems for users. "
|
||
"Note that once this header is set to a large timeout, it is (by design) very "
|
||
"difficult to disable."
|
||
msgstr ""
|
||
"Mulailah dengan jangka waktu singkat (short timeout) 1 hari selama "
|
||
"pengujian, dan naikkan ke satu tahun setelah pengujian telah menunjukkan "
|
||
"bahwa Anda belum memperkenalkan masalah bagi pengguna. Perhatikan bahwa "
|
||
"sekali header ini diatur ke batas waktu yang besar, (by design) itu menjadi "
|
||
"sangat sulit untuk dinonaktifkan."
|
||
|
||
msgid "State transition and wake events"
|
||
msgstr "State transition dan wake events"
|
||
|
||
msgid "Static media"
|
||
msgstr "Media statis"
|
||
|
||
msgid "Stop the guest and sync disks"
|
||
msgstr "Hentikan guest and sync disk"
|
||
|
||
msgid "Storage API endpoints"
|
||
msgstr "Storage API endpoints"
|
||
|
||
msgid "Storage Encryption"
|
||
msgstr "Storage Encryption"
|
||
|
||
msgid "Storage services"
|
||
msgstr "Layanan Storage"
|
||
|
||
msgid "Stud"
|
||
msgstr "Stud"
|
||
|
||
msgid "Summary"
|
||
msgstr "Ringkasan"
|
||
|
||
msgid "Summary of existing technologies"
|
||
msgstr "Ringkasan teknologi yang ada"
|
||
|
||
msgid ""
|
||
"Sunar, Eisenbarth, Inci, Gorka Irazoqui Apecechea. Fine Grain Cross-VM "
|
||
"Attacks on Xen and VMware are possible!. 2014. `https://eprint.iacr."
|
||
"org/2014/248.pfd <https://eprint.iacr.org/2014/248.pdf>`_"
|
||
msgstr ""
|
||
"Sunar, Eisenbarth, Inci, Gorka Irazoqui Apecechea. Fine Grain Cross-VM "
|
||
"Attacks pada Xen dan VMware adalah mungkin. 2014. `https://eprint.iacr."
|
||
"org/2014/248.pfd <https://eprint.iacr.org/2014/248.pdf>`_"
|
||
|
||
msgid ""
|
||
"Supported authentication methods depend on which share driver, security "
|
||
"service and shared file system protocol you configure and use. Supported "
|
||
"shared file system protocols are NFS, CIFS, GlusterFS, and HDFS. Supported "
|
||
"security services are LDAP, Kerberos protocols, or Microsoft Active "
|
||
"Directory service. For details of supporting of features by different "
|
||
"drivers, see `Manila share features support mapping <http://docs.openstack. "
|
||
"org/developer/manila/devref/share_back_ends_feature_support_ mapping.html>`_."
|
||
msgstr ""
|
||
"Metode otentikasi yang didukung bergantung pada share driver, layanan "
|
||
"keamanan dan protokol sistem file shared yang Anda konfigurasikan dan "
|
||
"gunakan. Protokol sistem file shared yang didukung adalah NFS, CIFS, "
|
||
"GlusterFS, dan HDFS. Layanan keamanan yang didukung adalah LDAP, protokol "
|
||
"Kerberos, atau layanan Microsoft Active Directory. Untuk rincian dukungan "
|
||
"fitur oleh driver yang berbeda, lihat `Manila share features support mapping "
|
||
"<http://docs.openstack. org/developer/manila/devref/"
|
||
"share_back_ends_feature_support_ mapping.html>`_."
|
||
|
||
msgid ""
|
||
"Supporting components, such as load-balancers, reverse proxies, DNS, or DHCP "
|
||
"services"
|
||
msgstr ""
|
||
"Komponen pendukung, seperti load-balancer, reverse proxy, DNS, atau layanan "
|
||
"DHCP"
|
||
|
||
msgid "Supports encrypted backups if the original volume is encrypted"
|
||
msgstr "Mendukung backup terenkripsi jika volume asli dienkripsi"
|
||
|
||
msgid "Swift"
|
||
msgstr "Swift"
|
||
|
||
msgid ""
|
||
"Symmetric keys can be used to encrypt Swift containers to mitigate the risk "
|
||
"of users data being read if an unauthorised party were to gain physical "
|
||
"access to a disk."
|
||
msgstr ""
|
||
"Kunci simetris dapat digunakan untuk mengenkripsi kontainer Swift untuk "
|
||
"mengurangi risiko data pengguna dibaca jika pihak yang tidak berwenang "
|
||
"memperoleh akses fisik ke disk."
|
||
|
||
msgid "System categorization:"
|
||
msgstr "Kategorisasi sistem:"
|
||
|
||
msgid "System databases, such as MySQL or mongoDB"
|
||
msgstr "Sistem database, seperti MySQL atau mongoDB"
|
||
|
||
msgid "System documentation"
|
||
msgstr "Dokumentasi sistem"
|
||
|
||
msgid "System documentation requirements"
|
||
msgstr "Persyaratan dokumentasi sistem"
|
||
|
||
msgid "System inventory"
|
||
msgstr "Inventarisasi sistem"
|
||
|
||
msgid "System metadata"
|
||
msgstr "System metadata"
|
||
|
||
msgid "System roles and types"
|
||
msgstr "Peran dan tipe sistem"
|
||
|
||
msgid "System validation"
|
||
msgstr "Validasi sistem"
|
||
|
||
msgid ""
|
||
"Systems should be segregated in such a way that if one machine, or system-"
|
||
"level service, is compromised the security of the other systems will remain "
|
||
"intact. Practically, the enablement and proper usage of SELinux helps "
|
||
"accomplish this goal."
|
||
msgstr ""
|
||
"Sistem harus dipisahkan sedemikian rupa sehingga jika satu mesin, atau "
|
||
"layanan tingkat sistem, dikompromikan, keamanan sistem lain akan tetap utuh. "
|
||
"Praktis, pemakaian dan penggunaan SELinux yang tepat membantu mencapai "
|
||
"tujuan ini."
|
||
|
||
msgid "TCP"
|
||
msgstr "TCP"
|
||
|
||
msgid "TDES"
|
||
msgstr "TDES"
|
||
|
||
msgid "TLS"
|
||
msgstr "TLS"
|
||
|
||
msgid "TLS libraries"
|
||
msgstr "Perpustakaan TLS"
|
||
|
||
msgid "TLS proxies and HTTP services"
|
||
msgstr "Proxy TLS dan layanan HTTP"
|
||
|
||
msgid "TSF Protection"
|
||
msgstr "TSF Protection"
|
||
|
||
msgid "TXT"
|
||
msgstr "TXT"
|
||
|
||
msgid "Team expertise"
|
||
msgstr "Keahlian tim"
|
||
|
||
msgid "Technologies involved"
|
||
msgstr "Teknologi terlibat"
|
||
|
||
msgid "Technology"
|
||
msgstr "Teknologi"
|
||
|
||
msgid "TempAuth"
|
||
msgstr "TempAuth"
|
||
|
||
msgid ""
|
||
"TempAuth is the default authentication for Object Storage. In contrast to "
|
||
"Identity, it stores the user accounts, credentials, and metadata in object "
|
||
"storage itself. More information can be found in the section `The Auth "
|
||
"System <https://docs.openstack.org/swift/latest/overview_auth.html>`_ of the "
|
||
"Object Storage (swift) documentation."
|
||
msgstr ""
|
||
"TempAuth adalah otentikasi default untuk Object Storage. Berbeda dengan "
|
||
"Identity, ia menyimpan akun pengguna, kredensial, dan metadata dalam "
|
||
"penyimpanan objek itu sendiri. Informasi lebih lanjut dapat ditemukan di "
|
||
"bagian ini `The Auth System <https://docs.openstack.org/swift/latest/"
|
||
"overview_auth.html>`_ dari dokumentasi Object Storage (swift)."
|
||
|
||
msgid ""
|
||
"Tenant data for compute could be encrypted over IPsec or other tunnels. This "
|
||
"is not functionality common or standard in OpenStack, but is an option "
|
||
"available to motivated and interested implementors."
|
||
msgstr ""
|
||
"Data penyewa untuk komputasi bisa dienkripsi melalui IPsec atau tunnel "
|
||
"lainnya. Ini bukan fungsi umum atau standar di OpenStack, namun merupakan "
|
||
"pilihan yang tersedia bagi pelaksana yang termotivasi dan tertarik."
|
||
|
||
msgid "Tenant data privacy"
|
||
msgstr "Privasi data penyewa"
|
||
|
||
msgid ""
|
||
"Tenant data stored in an OpenStack cloud may include the following items:"
|
||
msgstr ""
|
||
"Data penyewa yang tersimpan dalam awan OpenStack mungkin termasuk item "
|
||
"berikut:"
|
||
|
||
msgid "Tenants"
|
||
msgstr "Tenants"
|
||
|
||
msgid "Tenants provide details for the security service."
|
||
msgstr "Tenant (penyewa) memberikan rincian untuk layanan keamanan."
|
||
|
||
msgid ""
|
||
"Test data recovery options regularly. One of the things that can be restored "
|
||
"from secured backups is the images. In case of a compromise, the best "
|
||
"practice would be to terminate running instances immediately and then "
|
||
"relaunch the instances from the images in the secured backup repository."
|
||
msgstr ""
|
||
"Uji opsi pemulihan data secara teratur. Salah satu hal yang bisa dipulihkan "
|
||
"dari backup yang aman adalah image nya. Jika terjadi bahaya, praktik terbaik "
|
||
"adalah segera menghentikan instance yang sedang berjalan dan kemudian "
|
||
"meluncurkan kembali instance dari image di repositori cadangan yang aman."
|
||
|
||
msgid "Test sanitation equipment and procedures to verify proper performance."
|
||
msgstr ""
|
||
"Uji peralatan dan prosedur sanitasi untuk memverifikasi kinerja yang tepat."
|
||
|
||
msgid "Testing it all out"
|
||
msgstr "Menguji semuanya"
|
||
|
||
msgid "Testing the updates"
|
||
msgstr "Menguji pembaruan"
|
||
|
||
msgid ""
|
||
"The \"HTTPONLY\" cookie attribute instructs web browsers not to allow "
|
||
"scripts (e.g. JavaScript or VBscript) an ability to access the cookies via "
|
||
"the DOM ``document.cookie`` object. This session ID protection is mandatory "
|
||
"to prevent session ID stealing through XSS attacks."
|
||
msgstr ""
|
||
"Atribut cookie \"HTTPONLY\" menginstruksikan browser web untuk tidak "
|
||
"mengizinkan skrip (mis., JavaScript atau VBscript) kemampuan untuk mengakses "
|
||
"cookie melalui objek DOM ``document.cookie``. Perlindungan ID sesi ini "
|
||
"adalah wajib untuk mencegah ID sesi mencuri melalui serangan XSS."
|
||
|
||
msgid ""
|
||
"The \"SECURE\" cookie attribute instructs web browsers to only send the "
|
||
"cookie through an encrypted HTTPS (SSL/TLS) connection. This session "
|
||
"protection mechanism is mandatory to prevent the disclosure of the session "
|
||
"ID through MitM (Man-in-the-Middle) attacks. It ensures that an attacker "
|
||
"cannot simply capture the session ID from web browser traffic."
|
||
msgstr ""
|
||
"Atribut cookie \"SECURE\" menginstruksikan browser web untuk hanya mengirim "
|
||
"cookie melalui sambungan HTTPS (SSL/TLS) terenkripsi. Mekanisme perlindungan "
|
||
"sesi ini wajib untuk mencegah pengungkapan ID sesi melalui serangan MitM "
|
||
"(Man-in-the-Middle). Ini memastikan bahwa penyerang tidak bisa begitu saja "
|
||
"menangkap ID sesi dari lalu lintas browser web."
|
||
|
||
msgid ""
|
||
"The *ciphers* line can be tweaked based on your needs, however this is a "
|
||
"reasonable starting place. The default configuration file is located in the "
|
||
"``/etc/stud`` directory. However, it is not provided by default."
|
||
msgstr ""
|
||
"Baris *ciphers * dapat di-tweak berdasarkan kebutuhan Anda, namun ini adalah "
|
||
"tempat awal yang masuk akal. File konfigurasi default terletak di direktori "
|
||
"``/etc/stud``. Namun, itu tidak disediakan secara default."
|
||
|
||
msgid ""
|
||
"The *share servers* mode can be configured with flat network, or with "
|
||
"segmented network. This depends on the network provider."
|
||
msgstr ""
|
||
"Mode *share server * dapat dikonfigurasi dengan jaringan datar, atau dengan "
|
||
"jaringan tersegmentasi. Hal ini tergantung pada penyedia jaringan."
|
||
|
||
msgid ""
|
||
"The :ref:`security service part <shared_fs_security_services>` of share "
|
||
"networks specify security requirements such as AD or LDAP domains or a "
|
||
"Kerberos realm. The Shared File Systems service assumes that any hosts "
|
||
"referred to in security service are reachable from a subnet where a share "
|
||
"server is created, which limits the number of cases where this mode could be "
|
||
"used."
|
||
msgstr ""
|
||
"The :ref:`security service part <shared_fs_security_services>` dari jaringan "
|
||
"berbagi menentukan persyaratan keamanan seperti domain AD atau LDAP atau "
|
||
"wilayah Kerberos. Layanan Shared File Systems mengasumsikan bahwa setiap "
|
||
"host yang disebutkan dalam layanan keamanan dapat dijangkau dari subnet "
|
||
"tempat server berbagi dibuat, yang membatasi jumlah kasus dimana mode ini "
|
||
"dapat digunakan."
|
||
|
||
msgid ""
|
||
"The :term:`Data Processing service (sahara)` provides a platform for the "
|
||
"provisioning, management, and usage of clusters running popular processing "
|
||
"frameworks."
|
||
msgstr ""
|
||
"The :term:`Data Processing service (sahara)` menyediakan platform untuk "
|
||
"penyediaan, pengelolaan, dan penggunaan cluster yang menjalankan kerangka "
|
||
"pemrosesan populer."
|
||
|
||
msgid ""
|
||
"The :term:`Shared File Systems service (manila)` provides a set of services "
|
||
"for managing shared file systems in a multi-tenant cloud environment, "
|
||
"similar to how OpenStack provides for block-based storage management through "
|
||
"the OpenStack Block Storage service project. With the Shared File Systems "
|
||
"service, you can create a remote file system, mount the file system on your "
|
||
"instances, and then read and write data from your instances to and from your "
|
||
"file system."
|
||
msgstr ""
|
||
"The :term:`Shared File Systems service (manila)` menyediakan seperangkat "
|
||
"layanan untuk mengelola sistem file bersama di lingkungan awan multi-"
|
||
"penyewa, serupa dengan bagaimana OpenStack menyediakan pengelolaan "
|
||
"penyimpanan berbasis blok melalui proyek layanan OpenStack Block Storage. "
|
||
"Dengan layanan Shared File Systems, Anda dapat membuat sistem file jauh, me-"
|
||
"mount sistem file pada instance Anda, dan kemudian membaca dan menulis data "
|
||
"dari instance Anda ke dan dari sistem file Anda."
|
||
|
||
msgid ""
|
||
"The API provides a tenant interface for provisioning, managing, and "
|
||
"accessing their resources."
|
||
msgstr ""
|
||
"API menyediakan antarmuka penyewa untuk penyediaan, pengelolaan, dan akses "
|
||
"sumber daya mereka."
|
||
|
||
msgid ""
|
||
"The API service should be configured for TLS to ensure data is encrypted."
|
||
msgstr ""
|
||
"Layanan API harus dikonfigurasi untuk TLS untuk memastikan data dienkripsi."
|
||
|
||
msgid "The Apache Foundation has a messaging security guide for Qpid. See:"
|
||
msgstr ""
|
||
"Apache Foundation memiliki panduan keamanan olahpesan untuk Qpid. Lihat:"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Apache Hive. 2016. `Hive <https://hive."
|
||
"apache.org>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Apache Hive. 2016. `Hive <https://hive."
|
||
"apache.org>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Apache Oozie Workflow Scheduler for Hadoop. "
|
||
"2016. `Oozie project <https://oozie.apache.org>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Apache Oozie Workflow Scheduler for Hadoop. "
|
||
"2016. `Oozie project <https://oozie.apache.org>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Apache Storm. 2016. `Storm project <https://"
|
||
"storm.apache.org>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Apache Storm. 2016. `Storm project <https://"
|
||
"storm.apache.org>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Apache Zookeeper. 2016. `Zookeeper project "
|
||
"<https://zookeeper.apache.org>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Apache Zookeeper. 2016. `Zookeeper project "
|
||
"<https://zookeeper.apache.org>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Cloudera Product Documentation. 2016. "
|
||
"`Cloudera CDH documentation <https://www.cloudera.com/content/cloudera/en/"
|
||
"documentation.html#CDH>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Cloudera Product Documentation. 2016. "
|
||
"`Cloudera CDH documentation <https://www.cloudera.com/content/cloudera/en/"
|
||
"documentation.html#CDH>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, HDFS User Guide. 2016. `Hadoop HDFS "
|
||
"documentation <https://hadoop.apache.org/docs/stable/hadoop-project-dist/"
|
||
"hadoop-hdfs/HdfsUserGuide.html>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, HDFS User Guide. 2016. `Hadoop HDFS "
|
||
"documentation <https://hadoop.apache.org/docs/stable/hadoop-project-dist/"
|
||
"hadoop-hdfs/HdfsUserGuide.html>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Hadoop in Secure Mode. 2016. `Hadoop secure "
|
||
"mode docs <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-"
|
||
"common/SecureMode.html>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Hadoop in Secure Mode. 2016. `Hadoop secure "
|
||
"mode docs <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-"
|
||
"common/SecureMode.html>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Spark Security. 2016. `Spark security "
|
||
"documentation <https://spark.apache.org/docs/latest/security.html>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Spark Security. 2016. `Spark security "
|
||
"documentation <https://spark.apache.org/docs/latest/security.html>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Spark. 2016. `Spark project <https://spark."
|
||
"apache.org>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Spark. 2016. `Spark project <https://spark."
|
||
"apache.org>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Welcome to Apache Hadoop!. 2016. `Apache "
|
||
"Hadoop project <https://hadoop.apache.org>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Welcome to Apache Hadoop!. 2016. `Apache "
|
||
"Hadoop project <https://hadoop.apache.org>`__"
|
||
|
||
msgid ""
|
||
"The Apache Software Foundation, Welcome to Apache Pig. 2016. `Pig <https://"
|
||
"pig.apache.org>`__"
|
||
msgstr ""
|
||
"The Apache Software Foundation, Welcome to Apache Pig. 2016. `Pig <https://"
|
||
"pig.apache.org>`__"
|
||
|
||
msgid ""
|
||
"The Barbican team worked with the OpenStack Security Project to perform a "
|
||
"security review of a best practise Barbican deployment. The objective of the "
|
||
"security review is to identify weaknesses and defects in the design and "
|
||
"architecture of services, and propose controls or fixes to resolve these "
|
||
"issues."
|
||
msgstr ""
|
||
"Tim Barbican bekerja dengan OpenStack Security Project untuk melakukan "
|
||
"tinjauan keamanan terhadap penerapan barbecue praktik terbaik. Tujuan dari "
|
||
"tinjauan keamanan adalah untuk mengidentifikasi kelemahan dan kekurangan "
|
||
"dalam desain dan arsitektur layanan, dan mengusulkan kontrol atau perbaikan "
|
||
"untuk menyelesaikan masalah ini."
|
||
|
||
msgid ""
|
||
"The Barbican threat analysis identified eight security findings and two "
|
||
"recommendations to improve the security of a barbican deployment. These "
|
||
"results can be reviewed in the `security analysis repo <https://github.com/"
|
||
"openstack/security-analysis/tree/master/doc/source/artifacts/barbican/"
|
||
"newton>`_., along with the Barbican architecture diagram and architecture "
|
||
"description page."
|
||
msgstr ""
|
||
"Analisis ancaman Barbican mengidentifikasi delapan temuan keamanan dan dua "
|
||
"rekomendasi untuk memperbaiki keamanan penyebaran barbican. Hasil ini dapat "
|
||
"ditinjau ulang di `security analysis repo <https://github.com/openstack/"
|
||
"security-analysis/tree/master/doc/source/artifacts/barbican/newton>`_., "
|
||
"bersama dengan diagram arsitektur Barbican dan halaman deskripsi arsitektur."
|
||
|
||
msgid ""
|
||
"The CSA CCM is specifically designed to provide fundamental security "
|
||
"principles to guide cloud vendors and to assist prospective cloud customers "
|
||
"in assessing the overall security risk of a cloud provider. The CSA CCM "
|
||
"provides a controls framework that are aligned across 16 security domains. "
|
||
"The foundation of the Cloud Controls Matrix rests on its customized "
|
||
"relationship to other industry standards, regulations, and controls "
|
||
"frameworks such as: ISO 27001:2013, COBIT 5.0, PCI:DSS v3, AICPA 2014 Trust "
|
||
"Service Principles and Criteria and augments internal control direction for "
|
||
"service organization control reports attestations."
|
||
msgstr ""
|
||
"CSA CCM dirancang khusus untuk memberikan prinsip keamanan mendasar untuk "
|
||
"membimbing vendor cloud dan untuk membantu pelanggan awan prospektif dalam "
|
||
"menilai risiko keamanan keseluruhan dari penyedia awan. CSA CCM menyediakan "
|
||
"kerangka kerja kontrol yang diselaraskan di 16 domain keamanan. Dasar dari "
|
||
"Cloud Controls Matrix terletak pada hubungan yang disesuaikan dengan "
|
||
"standar, peraturan, dan kerangka kerja industri lainnya, seperti: ISO 27001: "
|
||
"2013, COBIT 5.0, PCI: DSS v3, AICPA 2014 Trust Service Principles and "
|
||
"Criteria dan menambah arahan pengendalian internal untuk pengendalian "
|
||
"organisasi layanan melaporkan pengesahan."
|
||
|
||
msgid ""
|
||
"The CSA CCM strengthens existing information security control environments "
|
||
"by enabling the reduction of security threats and vulnerabilities in the "
|
||
"cloud, provides standardized security and operational risk management, and "
|
||
"seeks to normalize security expectations, cloud taxonomy and terminology, "
|
||
"and security measures implemented in the cloud."
|
||
msgstr ""
|
||
"CSA CCM memperkuat lingkungan kontrol keamanan informasi yang ada dengan "
|
||
"memungkinkan pengurangan ancaman keamanan dan kerentanan di awan, memberikan "
|
||
"keamanan standar dan manajemen risiko operasional, dan berupaya "
|
||
"menormalisasi ekspektasi keamanan, taksonomi awan dan terminologi, dan "
|
||
"tindakan pengamanan yang diterapkan di awan."
|
||
|
||
msgid ""
|
||
"The Compute and Object Storage services can be configured to use the "
|
||
"Identity service to store authentication information. Other options to store "
|
||
"authentication information include the use of the \"tempAuth\" file, however "
|
||
"this should not be deployed in a production environment as the password is "
|
||
"displayed in plain text."
|
||
msgstr ""
|
||
"Layanan Compute and Object Storage dapat dikonfigurasi untuk menggunakan "
|
||
"layanan Identity untuk menyimpan informasi otentikasi. Pilihan lain untuk "
|
||
"menyimpan informasi otentikasi mencakup penggunaan file \"tempAuth\", namun "
|
||
"hal ini tidak boleh digunakan di lingkungan produksi karena kata sandi "
|
||
"ditampilkan dalam teks biasa."
|
||
|
||
msgid ""
|
||
"The Compute service facilitates this management through an abstraction layer "
|
||
"that interfaces with supported hypervisors (we address this later on in more "
|
||
"detail)."
|
||
msgstr ""
|
||
"Layanan Compute memfasilitasi pengelolaan ini melalui lapisan abstraksi yang "
|
||
"berinteraksi dengan hypervisor yang didukung (kami akan membahasnya nanti "
|
||
"secara lebih rinci)."
|
||
|
||
msgid ""
|
||
"The Dashboard (horizon) is the OpenStack dashboard that provides users a "
|
||
"self-service portal to provision their own resources within the limits set "
|
||
"by administrators. These include provisioning users, defining instance "
|
||
"flavors, uploading virtual machine (VM) images, managing networks, setting "
|
||
"up security groups, starting instances, and accessing the instances through "
|
||
"a console."
|
||
msgstr ""
|
||
"Dasbor (horizon) adalah dasbor OpenStack yang memberi pengguna portal "
|
||
"layanan mandiri untuk menyediakan sumber daya mereka sendiri sesuai batasan "
|
||
"yang ditetapkan oleh administrator. Ini termasuk pengguna provisioning, "
|
||
"mendefinisikan instance flavor, mengupload image mesin virtual (VM), "
|
||
"mengelola jaringan, menyiapkan grup keamanan, memulai menjalankan instance, "
|
||
"dan mengakses instance melalui konsol."
|
||
|
||
msgid ""
|
||
"The Dashboard is based on the Django web framework, ensuring secure "
|
||
"deployment practices for Django apply directly to horizon. This guide "
|
||
"provides a set of Django security recommendations. Further information can "
|
||
"be found by reading the `Django documentation <https://docs.djangoproject."
|
||
"com/>`_."
|
||
msgstr ""
|
||
"Dasbor didasarkan pada kerangka web Django, memastikan praktek penerapan "
|
||
"yang aman untuk Django berlaku langsung ke horizon. Panduan ini menyediakan "
|
||
"satu set rekomendasi keamanan Django. Informasi lebih lanjut dapat ditemukan "
|
||
"dengan membaca `Django documentation <https://docs.djangoproject.com/> `_."
|
||
|
||
msgid ""
|
||
"The Dashboard ships with default security settings, and has `deployment and "
|
||
"configuration documentation <https://docs.openstack.org/horizon/latest/user/"
|
||
"index.html>`_."
|
||
msgstr ""
|
||
"Dashboard dilengkapi dengan pengaturan keamanan default, dan memiliki "
|
||
"`deployment and configuration documentation <https://docs.openstack.org/"
|
||
"horizon/latest/user/index.html>`_."
|
||
|
||
msgid ""
|
||
"The Data Processing service (sahara) provides a platform for the "
|
||
"provisioning and management of instance clusters using processing frameworks "
|
||
"such as Hadoop and Spark. Through the OpenStack Dashboard, or REST API, "
|
||
"users are able to upload and execute framework applications which may access "
|
||
"data in object storage or external providers. The data processing controller "
|
||
"uses the Orchestration service (heat) to create clusters of instances which "
|
||
"may exist as long-running groups that can grow and shrink as requested, or "
|
||
"as transient groups created for a single workload."
|
||
msgstr ""
|
||
"Layanan Pengolahan Data (sahara) menyediakan platform untuk penyediaan dan "
|
||
"pengelolaan cluster instance menggunakan kerangka pemrosesan seperti Hadoop "
|
||
"dan Spark. Melalui OpenStack Dashboard, atau REST API, pengguna dapat "
|
||
"mengunggah dan menjalankan aplikasi kerangka yang dapat mengakses data di "
|
||
"penyimpanan objek atau penyedia eksternal. Pengontrol pengolahan data "
|
||
"menggunakan layanan Orchestration (heat) untuk membuat kumpulan instance "
|
||
"yang mungkin ada sebagai long-running group yang dapat tumbuh dan menyusut "
|
||
"sesuai permintaan, atau sebagai kelompok sementara yang dibuat untuk satu "
|
||
"beban kerja."
|
||
|
||
msgid ""
|
||
"The Data Processing service is responsible for the deployment and management "
|
||
"of several applications. For a complete understanding of the security "
|
||
"options provided we recommend that operators have a general familiarity with "
|
||
"these applications. The list of highlighted technologies is broken into two "
|
||
"sections: first, high priority applications that have a greater impact on "
|
||
"security, and second, supporting applications with a lower impact."
|
||
msgstr ""
|
||
"Layanan Data Processing bertanggung jawab atas pengerahan dan pengelolaan "
|
||
"beberapa aplikasi. Untuk pemahaman lengkap tentang opsi keamanan yang "
|
||
"diberikan, kami merekomendasikan agar operator memiliki keakraban umum "
|
||
"dengan aplikasi ini. Daftar teknologi yang disorot dibagi menjadi dua "
|
||
"bagian: pertama, aplikasi prioritas tinggi yang memiliki dampak lebih besar "
|
||
"pada keamanan, dan kedua, mendukung aplikasi dengan dampak yang lebih rendah."
|
||
|
||
msgid ""
|
||
"The Data processing service allows for the association of security groups "
|
||
"with instances provisioned for its clusters. With no additional "
|
||
"configuration the service will use the default security group for any "
|
||
"project that provisions clusters. A different security group may be used if "
|
||
"requested, or an automated option exists which instructs the service to "
|
||
"create a security group based on ports specified by the framework being "
|
||
"accessed."
|
||
msgstr ""
|
||
"Layanan pemrosesan data memungkinkan untuk asosiasi kelompok keamanan dengan "
|
||
"instance yang ditetapkan (provisioned) untuk kelompoknya. Tanpa konfigurasi "
|
||
"tambahan, layanan akan menggunakan grup keamanan default untuk setiap proyek "
|
||
"yang menyediakan cluster. Kelompok keamanan yang berbeda dapat digunakan "
|
||
"jika diminta, atau ada opsi otomatis yang menginstruksikan layanan untuk "
|
||
"membuat grup keamanan berdasarkan port yang ditentukan oleh kerangka "
|
||
"(framework) yang diakses."
|
||
|
||
msgid ""
|
||
"The Data processing service controller will be responsible for creating, "
|
||
"maintaining, and destroying any instances created for its clusters. The "
|
||
"controller will use the Networking service to establish network paths "
|
||
"between itself and the cluster instances. It will also manage the deployment "
|
||
"and life-cycle of user applications that are to be run on the clusters. The "
|
||
"instances within a cluster contain the core of a framework's processing "
|
||
"engine and the Data processing service provides several options for creating "
|
||
"and managing the connections to these instances."
|
||
msgstr ""
|
||
"Pengontrol layanan pengolahan Data akan bertanggung jawab untuk menciptakan, "
|
||
"memelihara, dan menghancurkan segala hal yang diciptakan untuk clusternya. "
|
||
"Pengontrol akan menggunakan layanan Networking untuk membangun jalur "
|
||
"jaringan antara dirinya dan cluster. Ini juga akan mengelola penyebaran dan "
|
||
"siklus hidup aplikasi pengguna yang akan dijalankan di cluster. Instance "
|
||
"dalam sebuah cluster berisi inti mesin pemrosesan kerangka dan layanan "
|
||
"pemrosesan Data menyediakan beberapa opsi untuk membuat dan mengelola "
|
||
"koneksi ke instance ini."
|
||
|
||
msgid ""
|
||
"The Data processing service controller, like many other OpenStack "
|
||
"controllers, can be configured to require TLS connections."
|
||
msgstr ""
|
||
"Pengontrol layanan pengolah data, seperti banyak pengendali OpenStack "
|
||
"lainnya, dapat dikonfigurasi untuk meminta koneksi TLS."
|
||
|
||
msgid ""
|
||
"The Data processing service is deployed, like many other OpenStack services, "
|
||
"as an application running on a host connected to the stack. As of the Kilo "
|
||
"release, it has the ability to be deployed in a distributed manner with "
|
||
"several redundant controllers. Like other services, it also requires a "
|
||
"database to store information about its resources. See :doc:`../databases`. "
|
||
"It is important to note that the Data processing service will need to manage "
|
||
"several Identity service trusts, communicate directly with the Orchestration "
|
||
"and Networking services, and potentially create users in a proxy domain. For "
|
||
"these reasons the controller will need access to the control plane and as "
|
||
"such we recommend installing it alongside other service controllers."
|
||
msgstr ""
|
||
"Layanan pengolahan Data dikerahkan, seperti banyak layanan OpenStack "
|
||
"lainnya, sebagai aplikasi yang berjalan pada host yang terhubung ke stack. "
|
||
"Pada rilis Kilo, ia memiliki kemampuan untuk ditempatkan secara "
|
||
"terdistribusi dengan beberapa pengendali yang berlebihan. Seperti layanan "
|
||
"lainnya, juga membutuhkan database untuk menyimpan informasi tentang sumber "
|
||
"dayanya. Lihat :doc:`../databases`. Penting untuk dicatat bahwa layanan "
|
||
"pemrosesan Data perlu mengelola beberapa kepercayaan layanan Identity, "
|
||
"berkomunikasi langsung dengan layanan Orchestration dan Networking, dan "
|
||
"berpotensi membuat pengguna di domain proxy. Untuk alasan ini pengendali "
|
||
"akan memerlukan akses ke control plane (bidang) dan karena itu sebaiknya "
|
||
"pasang di samping controller layanan lainnya."
|
||
|
||
msgid ""
|
||
"The Data processing service makes heavy use of the Compute, Orchestration, "
|
||
"Image, and Block Storage services during the provisioning of clusters. It "
|
||
"will also use one or more networks, created by the Networking service, "
|
||
"provided during cluster creation for administrative access to the instances. "
|
||
"While users are running framework applications the controller and the "
|
||
"clusters will be accessing the Object Storage service. Given these service "
|
||
"usages, we recommend following the instructions outlined in :doc:`../"
|
||
"documentation` for cataloging all the components of an installation."
|
||
msgstr ""
|
||
"Layanan pengolahan Data membuat penggunaan berat dari layanan Compute, "
|
||
"Orchestration, Image, dan Block Storage selama penyediaan cluster. Ini juga "
|
||
"akan menggunakan satu atau beberapa jaringan, yang diciptakan oleh layanan "
|
||
"Networking, yang disediakan selama pembuatan cluster untuk akses "
|
||
"administratif ke instance. Sementara pengguna menjalankan aplikasi framework "
|
||
"controller dan cluster akan mengakses layanan Object Storage. Dengan "
|
||
"penggunaan layanan ini, sebaiknya ikuti petunjuk yang diuraikan di :doc:`../"
|
||
"documentation` untuk membuat katalog semua komponen instalasi."
|
||
|
||
msgid ""
|
||
"The Data processing service uses a policy file, as described in :doc:`../"
|
||
"identity/policies`, to configure role-based access control. Using the policy "
|
||
"file an operator can restrict a group’s access to specific data processing "
|
||
"functionality."
|
||
msgstr ""
|
||
"Layanan pemrosesan data menggunakan file kebijakan, seperti yang dijelaskan "
|
||
"di :doc:`../identity/policies`, untuk mengkonfigurasi kontrol akses berbasis "
|
||
"peran. Dengan menggunakan file kebijakan, operator dapat membatasi akses "
|
||
"grup ke fungsionalitas pemrosesan data tertentu."
|
||
|
||
msgid ""
|
||
"The Defense Information Systems Agency (DISA) (part of the United States "
|
||
"Department of Defense) publishes STIG content for various operating systems, "
|
||
"applications, and hardware. The controls are published without any license "
|
||
"attached."
|
||
msgstr ""
|
||
"The Defense Information Systems Agency (DISA) (bagian dari United States "
|
||
"Department of Defense) menerbitkan konten STIG untuk berbagai sistem "
|
||
"operasi, aplikasi, dan perangkat keras. Kontrol diterbitkan tanpa lisensi "
|
||
"apapun."
|
||
|
||
msgid ""
|
||
"The Dogtag secret store plugin is used to communicate with `Dogtag <http://"
|
||
"pki.fedoraproject.org/wiki/PKI_Main_Page>`_. Dogtag is the upstream project "
|
||
"corresponding to the Red Hat Certificate System, a Common Criteria/FIPS "
|
||
"certified PKI solution that contains a Certificate Manager (CA) and a Key "
|
||
"Recovery Authority (KRA) which is use to securely store secrets. The KRA "
|
||
"stores secrets as encrypted blobs in its internal database, with the master "
|
||
"encryption keys being stored either in a software-based NSS security "
|
||
"database, or in a Hardware Security Module (HSM). The software-based NSS "
|
||
"database configuration provides a secure option for deployments that do not "
|
||
"wish to use a HSM. The KRA is a component of FreeIPA, therefore it is "
|
||
"possible to configure the plugin with a FreeIPA server. More detailed "
|
||
"instructions on how to set up Barbican with FreeIPA are provided `in the "
|
||
"following blog post <https://vakwetu.wordpress.com/2015/11/30/barbican-and-"
|
||
"dogtagipa/>`_."
|
||
msgstr ""
|
||
"Plugin penyimpanan rahasia Dogtag digunakan untuk berkomunikasi dengan "
|
||
"`Dogtag <http://pki.fedoraproject.org/wiki/PKI_Main_Page>`_. Dogtag adalah "
|
||
"proyek hulu yang sesuai dengan Red Hat Certificate System, Common Criteria / "
|
||
"FIPS certified PKI solution yang berisi Certificate Manager (CA) dan Key "
|
||
"Recovery Authority (KRA) yang digunakan untuk menyimpan rahasia dengan aman. "
|
||
"KRA menyimpan rahasia sebagai gumpalan terenkripsi di database internalnya, "
|
||
"dengan kunci enkripsi utama disimpan dalam basis data keamanan NSS berbasis "
|
||
"perangkat lunak, atau di Hardware Security Module (HSM). Konfigurasi "
|
||
"database NSS berbasis perangkat lunak menyediakan opsi aman untuk penerapan "
|
||
"yang tidak ingin menggunakan HSM. KRA adalah komponen FreeIPA, oleh karena "
|
||
"itu dimungkinkan untuk mengkonfigurasi plugin dengan server FreeIPA. "
|
||
"Instruksi lebih rinci tentang cara mengatur Barbican dengan FreeIPA "
|
||
"disediakan `in the following blog post <https://vakwetu.wordpress."
|
||
"com/2015/11/30/barbican-and-dogtagipa/>`_."
|
||
|
||
msgid ""
|
||
"The Federal Information Security Management Act requires that government "
|
||
"agencies create a comprehensive plan to implement numerous government "
|
||
"security standards, and was enacted within the E-Government Act of 2002. "
|
||
"FISMA outlines a process, which utilizing multiple NIST publications, "
|
||
"prepares an information system to store and process government data."
|
||
msgstr ""
|
||
"The Federal Information Security Management Act mensyaratkan bahwa instansi "
|
||
"pemerintah membuat rencana komprehensif untuk menerapkan banyak standar "
|
||
"keamanan pemerintah, dan diundangkan dalam E-Government Act tahun 2002. "
|
||
"FISMA menguraikan sebuah proses, yang memanfaatkan beberapa publikasi NIST, "
|
||
"menyiapkan sebuah sistem informasi untuk menyimpan dan memproses data "
|
||
"pemerintah."
|
||
|
||
msgid ""
|
||
"The Fieldwork phase is the most visible portion of the audit. This is where "
|
||
"the auditors are onsite, interviewing the control owners, documenting the "
|
||
"controls that are in place, and identifying any issues. It is important to "
|
||
"note that the auditors will use a two part process for evaluating the "
|
||
"controls in place. The first part is evaluating the design effectiveness of "
|
||
"the control. This is where the auditor will evaluate whether the control is "
|
||
"capable of effectively preventing or detecting and correcting weaknesses and "
|
||
"deficiencies. A control must pass this test to be evaluated in the second "
|
||
"phase. This is because with a control that is designed ineffectually, there "
|
||
"is no point considering whether it is operating effectively. The second part "
|
||
"is operational effectiveness. Operational effectiveness testing will "
|
||
"determine how the control was applied, the consistency with which the "
|
||
"control was applied and by whom or by what means the control was applied. A "
|
||
"control may depend upon other controls (indirect controls) and, if they do, "
|
||
"additional evidence that demonstrates the operating effectiveness of those "
|
||
"indirect controls may be required for the auditor to determine the overall "
|
||
"operating effectiveness of the control."
|
||
msgstr ""
|
||
"Tahap Fieldwork adalah bagian audit yang paling terlihat. Di sinilah auditor "
|
||
"berada di tempat, mewawancarai pemilik kontrol, mendokumentasikan kontrol "
|
||
"yang ada, dan mengidentifikasi masalah apa pun. Penting untuk dicatat bahwa "
|
||
"auditor akan menggunakan dua bagian proses untuk mengevaluasi kontrol yang "
|
||
"ada. Bagian pertama adalah mengevaluasi keefektifan desain kontrol. Di "
|
||
"sinilah auditor akan mengevaluasi apakah pengendalian mampu secara efektif "
|
||
"mencegah atau mendeteksi dan memperbaiki kelemahan dan kekurangan. Suatu "
|
||
"kontrol harus lulus uji ini untuk dievaluasi pada tahap kedua. Ini karena "
|
||
"dengan kontrol yang dirancang tidak efektif, tidak ada gunanya "
|
||
"mempertimbangkan apakah operasi itu berjalan efektif. Bagian kedua adalah "
|
||
"efektivitas operasional. Pengujian efektivitas operasional akan menentukan "
|
||
"bagaimana kontrol diterapkan, konsistensi pengendalian diterapkan dan oleh "
|
||
"siapa atau dengan cara apa kontrol diterapkan. Pengendalian mungkin "
|
||
"bergantung pada kontrol lain (kontrol tidak langsung) dan, jika memang, "
|
||
"bukti tambahan yang menunjukkan efektivitas operasi dari kontrol tidak "
|
||
"langsung tersebut mungkin diperlukan auditor untuk menentukan keseluruhan "
|
||
"efektivitas operasi pengendalian."
|
||
|
||
msgid ""
|
||
"The Generic driver we use in example does not support any of the security "
|
||
"services, thus with NFS shared file system protocol we can grant access only "
|
||
"through the IP address:"
|
||
msgstr ""
|
||
"Driver Generik yang kami gunakan misalnya tidak mendukung layanan keamanan "
|
||
"apa pun, sehingga dengan protokol sistem file shared NFS kami dapat "
|
||
"memberikan akses hanya melalui alamat IP:"
|
||
|
||
msgid ""
|
||
"The Health Insurance Portability and Accountability Act (HIPAA) is a United "
|
||
"States congressional act that governs the collection, storage, use and "
|
||
"destruction of patient health records. The act states that Protected Health "
|
||
"Information (PHI) must be rendered \"unusable, unreadable, or indecipherable"
|
||
"\" to unauthorized persons and that encryption for data 'at-rest' and "
|
||
"'inflight' should be addressed."
|
||
msgstr ""
|
||
"The Health Insurance Portability and Accountability Act (HIPAA) adalah "
|
||
"keputusan kongres Amerika Serikat yang mengatur pengumpulan, penyimpanan, "
|
||
"penggunaan dan penghancuran catatan kesehatan pasien. Keputusan tersebut "
|
||
"menyatakan bahwa Protected Health Information (PHI) harus diberikan "
|
||
"\"unusable, unreadable, or indecipherable\" kepada orang-orang yang tidak "
|
||
"berwenang dan bahwa enkripsi untuk data 'at-rest' dan 'inflight' harus "
|
||
"ditangani."
|
||
|
||
msgid "The IOMMU feature is marketed as VT-d by Intel and AMD-Vi by AMD."
|
||
msgstr "Fitur IOMMU dipasarkan sebagai VT-d oleh Intel dan AMD-Vi oleh AMD."
|
||
|
||
msgid ""
|
||
"The ISO 27001 Information Security standard and certification has been used "
|
||
"for many years to evaluate and distinguish an organizations alignment with "
|
||
"information Security best practices. The standard is comprised of two parts: "
|
||
"Mandatory Clauses that define the Information Security Management System "
|
||
"(ISMS) and Annex A which contains a list of controls organized by domain."
|
||
msgstr ""
|
||
"Sertifikasi dan standar ISO 27001 Information Security telah digunakan "
|
||
"bertahun-tahun untuk mengevaluasi dan membedakan penyelarasan organisasi "
|
||
"dengan informasi praktik terbaik keamanan. Standar ini terdiri dari dua "
|
||
"bagian: Mandatory Clause yang menetapkan Information Security Management "
|
||
"System (ISMS) dan Annex A yang berisi daftar kontrol yang diatur oleh domain."
|
||
|
||
msgid ""
|
||
"The ISO/IEC 27001/2 standards replace BS7799-2, and are specifications for "
|
||
"an Information Security Management System (ISMS). An ISMS is a comprehensive "
|
||
"set of policies and processes that an organization creates and maintains to "
|
||
"manage risk to information assets. These risks are based upon the "
|
||
"confidentiality, integrity, and availability (CIA) of user information. The "
|
||
"CIA security triad has been used as a foundation for much of the chapters in "
|
||
"this book."
|
||
msgstr ""
|
||
"Standar ISO / IEC 27001/2 menggantikan BS7799-2, dan merupakan spesifikasi "
|
||
"untuk Information Security Management System (ISMS). ISMS adalah serangkaian "
|
||
"kebijakan dan proses yang komprehensif yang diciptakan dan dikelola oleh "
|
||
"sebuah organisasi untuk mengelola risiko terhadap aset informasi. Risiko ini "
|
||
"didasarkan pada confidentiality, integrity, and availability (CIA) informasi "
|
||
"pengguna. Triad keamanan CIA telah digunakan sebagai landasan bagi sebagian "
|
||
"besar bab dalam buku ini."
|
||
|
||
msgid ""
|
||
"The Identity V3 API supports multiple domains. Users of different domains "
|
||
"may be represented in different authentication back ends and even have "
|
||
"different attributes that must be mapped to a single set of roles and "
|
||
"privileges, that are used in the policy definitions to access the various "
|
||
"service resources."
|
||
msgstr ""
|
||
"Identity V3 API mendukung beberapa domain. Pengguna domain yang berbeda "
|
||
"dapat diwakili dalam otentikasi yang berbeda dan bahkan memiliki atribut "
|
||
"yang berbeda yang harus dipetakan ke satu set peran dan hak istimewa, yang "
|
||
"digunakan dalam definisi kebijakan untuk mengakses berbagai sumber layanan."
|
||
|
||
msgid ""
|
||
"The Identity service **MUST NOT** be allowed to write to LDAP services used "
|
||
"for authentication outside of the OpenStack deployment as this would allow a "
|
||
"sufficiently privileged keystone user to make changes to the LDAP directory. "
|
||
"This would allow privilege escalation within the wider organization or "
|
||
"facilitate unauthorized access to other information and resources. In such a "
|
||
"deployment, user provisioning would be out of the realm of the OpenStack "
|
||
"deployment."
|
||
msgstr ""
|
||
"Layanan Identity **MUST NOT** diizinkan untuk menulis ke layanan LDAP yang "
|
||
"digunakan untuk otentikasi di luar penerapan OpenStack karena hal ini akan "
|
||
"memungkinkan keystone user yang memiliki hak istimewa untuk membuat "
|
||
"perubahan pada direktori LDAP. Hal ini akan memungkinkan eskalasi hak "
|
||
"istimewa di dalam organisasi yang lebih luas atau memfasilitasi akses tidak "
|
||
"sah ke informasi dan sumber daya lainnya. Dalam penyebaran seperti itu, user "
|
||
"provisioning akan berada di luar wilayah penerapan OpenStack."
|
||
|
||
msgid ""
|
||
"The Identity service administrator can create as many groups as there are "
|
||
"SAML attributes, whatever the mapping calls for."
|
||
msgstr ""
|
||
"Administrator layanan Identity dapat membuat sebanyak mungkin kelompok "
|
||
"karena ada atribut SAML, apa pun pemanggilan pemetaannya."
|
||
|
||
msgid ""
|
||
"The Identity service can be used for authentication in the Shared File "
|
||
"Systems service. See details of the Identity service security in :doc:`../"
|
||
"identity` section."
|
||
msgstr ""
|
||
"Layanan Identity dapat digunakan untuk otentikasi dalam layanan Shared File "
|
||
"Systems. Lihat rincian keamanan layanan Identity di bagian :doc:`../"
|
||
"identity`."
|
||
|
||
msgid ""
|
||
"The Identity service can directly provide end-user authentication, or can be "
|
||
"configured to use external authentication methods to conform to an "
|
||
"organization's security policies and requirements."
|
||
msgstr ""
|
||
"Layanan Identity dapat secara langsung memberikan otentikasi pengguna akhir, "
|
||
"atau dapat dikonfigurasi untuk menggunakan metode otentikasi eksternal agar "
|
||
"sesuai dengan kebijakan dan persyaratan keamanan organisasi."
|
||
|
||
msgid ""
|
||
"The Identity service can store user credentials in an SQL Database, or may "
|
||
"use an LDAP-compliant directory server. The Identity database may be "
|
||
"separate from databases used by other OpenStack services to reduce the risk "
|
||
"of a compromise of the stored credentials."
|
||
msgstr ""
|
||
"Layanan Identitas dapat menyimpan kredensial pengguna di Database SQL, atau "
|
||
"mungkin menggunakan server direktori LDAP-compliant. Database Identitas "
|
||
"mungkin terpisah dari database yang digunakan oleh layanan OpenStack lainnya "
|
||
"untuk mengurangi risiko kompromi kredensial yang tersimpan."
|
||
|
||
msgid ""
|
||
"The Identity service catalog should be aware of your internal URLs. While "
|
||
"this feature is not utilized by default, it may be leveraged through "
|
||
"configuration. Additionally, it should be forward-compatible with expectant "
|
||
"changes once this behavior becomes the default."
|
||
msgstr ""
|
||
"Katalog layanan identitas harus mengetahui URL internal Anda. Sementara "
|
||
"fitur ini tidak digunakan secara default, mungkin leveraged melalui "
|
||
"konfigurasi. Selain itu, harus kompatibel dengan perubahan yang harus "
|
||
"dilakukan jika perilaku ini menjadi default."
|
||
|
||
msgid ""
|
||
"The Identity service does not provide a method to limit access to accounts "
|
||
"after repeated unsuccessful login attempts. A pattern of repetitive failed "
|
||
"login attempts is generally an indicator of brute-force attacks (refer to :"
|
||
"ref:`introduction_attack_types`). This type of attack is more prevalent in "
|
||
"public cloud deployments."
|
||
msgstr ""
|
||
"Layanan Identitas tidak menyediakan metode untuk membatasi akses ke akun "
|
||
"setelah upaya masuk gagal berulang kali. Pola upaya login gagal berulang "
|
||
"pada umumnya merupakan indikator serangan brute force (lihat :ref: "
|
||
"`introduction_attack_type`). Jenis serangan ini lebih lazim dalam penyebaran "
|
||
"awan publik."
|
||
|
||
msgid ""
|
||
"The Identity service supports client authentication for TLS which may be "
|
||
"enabled. TLS client authentication provides an additional authentication "
|
||
"factor, in addition to the user name and password, that provides greater "
|
||
"reliability on user identification. It reduces the risk of unauthorized "
|
||
"access when user names and passwords may be compromised. However, there is "
|
||
"additional administrative overhead and cost to issue certificates to users "
|
||
"that may not be feasible in every deployment."
|
||
msgstr ""
|
||
"Layanan Identitas mendukung otentikasi klien untuk TLS yang mungkin "
|
||
"diaktifkan. Otentikasi klien TLS memberikan faktor otentikasi tambahan, "
|
||
"selain nama pengguna dan kata sandi, yang memberikan keandalan yang lebih "
|
||
"besar pada identifikasi pengguna. Ini mengurangi risiko akses tidak sah saat "
|
||
"nama pengguna dan kata sandi dapat dikompromikan. Namun, ada biaya "
|
||
"administrasi tambahan dan biaya untuk menerbitkan sertifikat kepada pengguna "
|
||
"yang mungkin tidak layak dilakukan di setiap penempatan."
|
||
|
||
msgid ""
|
||
"The Identity service supports the notion of groups and roles. Users belong "
|
||
"to groups while a group has a list of roles. OpenStack services reference "
|
||
"the roles of the user attempting to access the service. The OpenStack policy "
|
||
"enforcer middleware takes into consideration the policy rule associated with "
|
||
"each resource then the user's group/roles and association to determine if "
|
||
"access is allowed to the requested resource."
|
||
msgstr ""
|
||
"Layanan Identitas mendukung gagasan tentang kelompok dan peran. Pengguna "
|
||
"termasuk dalam kelompok sementara sebuah kelompok memiliki daftar peran. "
|
||
"Layanan OpenStack merujuk pada peran pengguna yang mencoba mengakses layanan "
|
||
"ini. Middleware penegakan kebijakan OpenStack mempertimbangkan aturan "
|
||
"kebijakan yang terkait dengan setiap sumber daya, maka kelompok/peran "
|
||
"pengguna dan asosiasi menentukan apakah akses diizinkan ke sumber yang "
|
||
"diminta."
|
||
|
||
msgid ""
|
||
"The Identity service supports token revocation. This manifests as an API to "
|
||
"revoke a token, to list revoked tokens and individual OpenStack services "
|
||
"that cache tokens to query for the revoked tokens and remove them from their "
|
||
"cache and append the same to their list of cached revoked tokens."
|
||
msgstr ""
|
||
"Layanan Identity mendukung pencabutan token. Ini bermanifestasi sebagai API "
|
||
"untuk mencabut token, mencantumkan token dicabut dan layanan OpenStack "
|
||
"individual yang menyimpan token cache untuk kueri atas tolak ukur yang "
|
||
"dicabut dan menghapusnya dari cache dan menambahkannya ke daftar kuota "
|
||
"pencekalan yang tersimpan."
|
||
|
||
msgid ""
|
||
"The International Traffic in Arms Regulations (ITAR) is a set of United "
|
||
"States government regulations that control the export and import of defense-"
|
||
"related articles and services on the United States Munitions List (USML) and "
|
||
"related technical data. ITAR is often approached by cloud providers as an "
|
||
"\"operational alignment\" rather than a formal certification. This typically "
|
||
"involves implementing a segregated cloud environment following practices "
|
||
"based on the NIST 800-53 framework, as per FISMA requirements, complemented "
|
||
"with additional controls restricting access to \"U.S. Persons\" only and "
|
||
"background screening."
|
||
msgstr ""
|
||
"The International Traffic in Arms Regulations (ITAR) adalah seperangkat "
|
||
"peraturan pemerintah Amerika Serikat yang mengendalikan ekspor dan impor "
|
||
"artikel dan layanan yang berkaitan dengan pertahanan di United States "
|
||
"Munitions List (USML) dan data teknis terkait. ITAR sering didekati oleh "
|
||
"penyedia awan sebagai \"operational alignment\" dan bukan sertifikasi "
|
||
"formal. Ini biasanya melibatkan penerapan lingkungan awan terpisah mengikuti "
|
||
"praktik berdasarkan kerangka NIST 800-53, sesuai persyaratan FISMA, "
|
||
"dilengkapi dengan kontrol tambahan yang membatasi akses terhadap \"U.S. "
|
||
"Persons\" saja dan pemutaran latar belakang."
|
||
|
||
msgid ""
|
||
"The KVM hypervisor has been Common Criteria certified through the U.S. "
|
||
"Government and commercial distributions. These have been validated to "
|
||
"separate the runtime environment of virtual machines from each other, "
|
||
"providing foundational technology to enforce instance isolation. In addition "
|
||
"to virtual machine isolation, KVM has been Common Criteria certified to...:"
|
||
msgstr ""
|
||
"Hypervisor KVM telah menjadi kriteria umum (Common Criteria) yang "
|
||
"disertifikasi melalui Pemerintah A.S. dan distribusi komersial. Ini telah "
|
||
"divalidasi untuk memisahkan lingkungan runtime mesin virtual satu sama lain, "
|
||
"menyediakan teknologi dasar untuk menerapkan isolasi misalnya. Selain "
|
||
"isolasi mesin virtual, KVM telah menjadi Common Criteria yang disertifikasi "
|
||
"untuk ...:"
|
||
|
||
msgid ""
|
||
"The Key Manager service has a plugin architecture that allows the deployer "
|
||
"to store secrets in one or more secret stores. Secret stores can be software-"
|
||
"based, such as a software token, or hardware devices such as a hardware "
|
||
"security module (HSM). This section describes the plugins that are currently "
|
||
"available and discusses the security posture of each one. Plugins are "
|
||
"enabled and configured with settings in the ``/etc/barbican/barbican.conf`` "
|
||
"configuration file."
|
||
msgstr ""
|
||
"Layanan Key Manager memiliki arsitektur plugin yang memungkinkan penyebar "
|
||
"untuk menyimpan rahasia di satu atau lebih penyimpanan rahasia. Penyimpanan "
|
||
"rahasia dapat berbasis perangkat lunak, seperti token perangkat lunak, atau "
|
||
"perangkat keras seperti hardware security module (HSM). Bagian ini "
|
||
"menjelaskan plugin yang tersedia saat ini dan membahas postur keamanan "
|
||
"masing-masing. Plugin diaktifkan dan dikonfigurasi dengan pengaturan di file "
|
||
"konfigurasi ``/etc/barbican/barbican.conf``."
|
||
|
||
msgid ""
|
||
"The L3 router provides basic Network Address Translation (NAT) capabilities "
|
||
"on *gateway* ports that uplink the router to external networks. This router "
|
||
"SNATs (Static NAT) all traffic by default, and supports floating IPs, which "
|
||
"creates a static one-to-one mapping from a public IP on the external network "
|
||
"to a private IP on one of the other subnets attached to the router."
|
||
msgstr ""
|
||
"Router L3 menyediakan kemampuan Network Address Translation (NAT) dasar pada "
|
||
"port *gateway * yang menghubungkan router ke jaringan eksternal. SNAT router "
|
||
"ini (Static NAT) semua lalu lintas secara default, dan mendukung floating "
|
||
"IP, yang menciptakan pemetaan one-to-one statis dari IP publik di jaringan "
|
||
"eksternal ke IP private di salah satu subnet lainnya yang terhubung ke "
|
||
"router."
|
||
|
||
msgid ""
|
||
"The LBaaS (Load-Balancer-as-a-Service) feature of Neutron and the Octavia "
|
||
"project need certificates and their private keys to provide load balancing "
|
||
"for TLS connections. Barbican can be used to store this sensitive "
|
||
"information."
|
||
msgstr ""
|
||
"Fitur LBaaS (Load-Balancer-as-a-Service) dari Neutron dan proyek Octavia "
|
||
"memerlukan sertifikat dan private key mereka untuk memberikan load balancing "
|
||
"untuk koneksi TLS. Barbican bisa digunakan untuk menyimpan informasi "
|
||
"sensitif ini."
|
||
|
||
msgid ""
|
||
"The Lightweight Directory Access Protocol. An application protocol for "
|
||
"accessing and maintaining distributed directory information services over an "
|
||
"IP network."
|
||
msgstr ""
|
||
"The Lightweight Directory Access Protocol. Protokol aplikasi untuk mengakses "
|
||
"dan memelihara layanan informasi direktori terdistribusi melalui jaringan IP."
|
||
|
||
msgid ""
|
||
"The Networking service (neutron) supports bandwidth-limiting QoS rules in "
|
||
"Liberty and later. This QoS rule is named ``QosBandwidthLimitRule`` and it "
|
||
"accepts two non-negative integers measured in kilobits per second:"
|
||
msgstr ""
|
||
"Layanan Networking (Netron) mendukung aturan QoS yang membatasi bandwidth di "
|
||
"Liberty dan versi kemudian. Aturan QoS ini diberi nama `` "
|
||
"QosBandwidthLimitRule`` dan menerima dua bilangan bulat non-negatif yang "
|
||
"diukur dalam kilobit per detik:"
|
||
|
||
msgid ""
|
||
"The Networking service plays an important role in the provisioning of "
|
||
"clusters. Prior to provisioning, the user is expected to provide one or more "
|
||
"networks for the cluster instances. The action of associating networks is "
|
||
"similar to the process of assigning networks when launching instances "
|
||
"through the dashboard. These networks are used by the controller for "
|
||
"administrative access to the instances and frameworks of its clusters."
|
||
msgstr ""
|
||
"Layanan Networking memainkan peran penting dalam penyediaan cluster. Sebelum "
|
||
"melakukan provisioning, pengguna diharapkan menyediakan satu atau lebih "
|
||
"jaringan untuk cluster instance. Tindakan mengaitkan jaringan mirip dengan "
|
||
"proses menugaskan jaringan saat meluncurkan instance melalui dasbor. "
|
||
"Jaringan ini digunakan oleh pengendali untuk akses administratif terhadap "
|
||
"instance dan kerangka clusternya."
|
||
|
||
msgid ""
|
||
"The Object Storage service is used by the Data processing service to store "
|
||
"job binaries and data sources. Users wishing to have access to the full Data "
|
||
"processing service functionality will need an object store in the projects "
|
||
"they are using."
|
||
msgstr ""
|
||
"Layanan Object Storage digunakan oleh layanan pengolahan Data untuk "
|
||
"menyimpan job binary dan data source. Pengguna yang ingin memiliki akses ke "
|
||
"fungsionalitas pemrosesan Data penuh akan membutuhkan object store dalam "
|
||
"proyek yang mereka gunakan."
|
||
|
||
msgid ""
|
||
"The OpenStack :term:`Block Storage service (cinder)` provides persistent "
|
||
"block storage for compute instances. The Block Storage service is "
|
||
"responsible for managing the life-cycle of block devices, from the creation "
|
||
"and attachment of volumes to instances, to their release."
|
||
msgstr ""
|
||
"OpenStack :term:`Block Storage service (cinder)` menyediakan penyimpanan "
|
||
"blok persisten untuk komputasi instance. Layanan Block Storage bertanggung "
|
||
"jawab untuk mengelola siklus hidup perangkat blok, mulai dari pembuatan dan "
|
||
"pelekatan volume ke instance, hingga pembebasannya."
|
||
|
||
msgid ""
|
||
"The OpenStack :term:`Dashboard (horizon)` provides a web-based interface for "
|
||
"both cloud administrators and cloud tenants. Using this interface, "
|
||
"administrators and tenants can provision, manage, and monitor cloud "
|
||
"resources. The dashboard is commonly deployed in a public-facing manner with "
|
||
"all the usual security concerns of public web portals."
|
||
msgstr ""
|
||
"The OpenStack :term:`Dashboard (horizon)` menyediakan antarmuka berbasis web "
|
||
"untuk administrator awan dan penyewa awan. Dengan menggunakan antarmuka ini, "
|
||
"administrator dan penyewa dapat menyediakan, mengelola, dan memantau sumber "
|
||
"daya awan. Dasbor biasanya dipasang dengan cara yang berhadapan dengan "
|
||
"publik dengan semua masalah keamanan biasa dari portal web umum."
|
||
|
||
msgid ""
|
||
"The OpenStack :term:`Identity service (keystone)` is a **shared service** "
|
||
"that provides authentication and authorization services throughout the "
|
||
"entire cloud infrastructure. The Identity service has pluggable support for "
|
||
"multiple forms of authentication."
|
||
msgstr ""
|
||
"The OpenStack :term:`Identity service (keystone)` adalah **shared service** "
|
||
"yang menyediakan layanan autentikasi dan otorisasi di seluruh infrastruktur "
|
||
"awan. Layanan Identitas memiliki dukungan pluggable untuk berbagai bentuk "
|
||
"otentikasi."
|
||
|
||
msgid ""
|
||
"The OpenStack :term:`Image service (glance)` provides disk-image management "
|
||
"services, including image discovery, registration, and delivery services to "
|
||
"the Compute service, as needed."
|
||
msgstr ""
|
||
"The OpenStack :term:`Image service (glance)` menyediakan layanan pengelolaan "
|
||
"disk-image, termasuk penemuan image, registrasi, dan layanan pengiriman ke "
|
||
"layanan Compute, sesuai kebutuhan."
|
||
|
||
msgid ""
|
||
"The OpenStack :term:`Networking service <Networking service (neutron)>` "
|
||
"(neutron, previously called quantum) provides various networking services to "
|
||
"cloud users (tenants) such as IP address management, DNS, DHCP, load "
|
||
"balancing, and security groups (network access rules, like firewall "
|
||
"policies). This service provides a framework for software defined networking "
|
||
"(SDN) that allows for pluggable integration with various networking "
|
||
"solutions."
|
||
msgstr ""
|
||
"The OpenStack :term:`Networking service <Networking service (neutron)>` "
|
||
"(neutron, yang sebelumnya disebut quantum) menyediakan berbagai layanan "
|
||
"jaringan untuk pengguna awan (penyewa) seperti manajemen alamat IP, DNS, "
|
||
"DHCP, load balancing, dan kelompok keamanan (aturan akses jaringan, seperti "
|
||
"kebijakan firewall). Layanan ini menyediakan framework untuk software "
|
||
"defined networking (SDN) yang memungkinkan integrasi pluggable dengan "
|
||
"berbagai solusi jaringan."
|
||
|
||
msgid ""
|
||
"The OpenStack :term:`Object Storage service (swift)` provides support for "
|
||
"storing and retrieving arbitrary data in the cloud. The Object Storage "
|
||
"service provides both a native API and an Amazon Web Services S3-compatible "
|
||
"API. The service provides a high degree of resiliency through data "
|
||
"replication and can handle petabytes of data."
|
||
msgstr ""
|
||
"OpenStack :term:`Object Storage service (swift)` memberikan dukungan untuk "
|
||
"menyimpan dan mengambil data secara acak di awan. Layanan Object Storage "
|
||
"menyediakan native API dan Amazon Web Services S3-compatible API. Layanan "
|
||
"ini memberikan tingkat ketahanan yang tinggi melalui replikasi data dan "
|
||
"dapat menangani petabyte data."
|
||
|
||
msgid ""
|
||
"The OpenStack API is a RESTful web service endpoint to access, provision and "
|
||
"automate cloud-based resources. Operators and users typically access the API "
|
||
"through command-line utilities (for example, ``nova`` or ``glance``), "
|
||
"language-specific libraries, or third-party tools."
|
||
msgstr ""
|
||
"API OpenStack adalah endpoint layanan Web RESTful untuk mengakses, "
|
||
"menyediakan dan mengotomatisasi sumber daya berbasis awan. Operator dan "
|
||
"pengguna biasanya mengakses API melalui utilitas command-line (misalnya, "
|
||
"``nova`` atau ``glance``), language-specific libraries, atau alat pihak "
|
||
"ketiga."
|
||
|
||
msgid ""
|
||
"The OpenStack Compute service (nova) runs in many locations throughout the "
|
||
"cloud and interacts with a variety of internal services. The OpenStack "
|
||
"Compute service offers a variety of configuration options which may be "
|
||
"deployment specific."
|
||
msgstr ""
|
||
"Layanan OpenStack Compute (nova) berjalan di banyak lokasi di seluruh awan "
|
||
"dan berinteraksi dengan berbagai layanan internal. Layanan OpenStack Compute "
|
||
"menawarkan berbagai opsi konfigurasi yang mungkin spesifik untuk pemasangan."
|
||
|
||
msgid ""
|
||
"The OpenStack Dashboard (horizon) can provide a VNC console for instances "
|
||
"directly on the web page using the HTML5 noVNC client. This requires the "
|
||
"``nova-novncproxy`` service to bridge from the public network to the "
|
||
"management network."
|
||
msgstr ""
|
||
"Dashboar OpenStack (horizon) dapat menyediakan konsol VNC untuk instance "
|
||
"langsung di halaman web menggunakan klien HTML5 noVNC. Ini memerlukan "
|
||
"layanan ``nova-novncproxy`` untuk menjembatani dari jaringan publik ke "
|
||
"jaringan manajemen."
|
||
|
||
msgid ""
|
||
"The OpenStack Documentation provides guidance on how to create and upload an "
|
||
"image to the Image service. Additionally it is assumed that you have a "
|
||
"process by which you install and harden operating systems. Thus, the "
|
||
"following items will provide additional guidance on how to ensure your "
|
||
"images are transferred securely into OpenStack. There are a variety of "
|
||
"options for obtaining images. Each has specific steps that help validate the "
|
||
"image's provenance."
|
||
msgstr ""
|
||
"OpenStack Documentation memberikan panduan bagaimana membuat dan mengunggah "
|
||
"image ke layanan Image. Selain itu diasumsikan bahwa Anda memiliki proses di "
|
||
"mana Anda menginstal dan mengeras sistem operasi. Dengan demikian, item "
|
||
"berikut akan memberikan panduan tambahan tentang bagaimana memastikan image "
|
||
"Anda ditransfer dengan aman ke dalam OpenStack. Ada berbagai pilihan untuk "
|
||
"mendapatkan image. Masing-masing memiliki langkah-langkah khusus yang "
|
||
"membantu memvalidasi asalnya image."
|
||
|
||
msgid ""
|
||
"The OpenStack Identity service (keystone) supports multiple methods of "
|
||
"authentication, including user name & password, LDAP, and external "
|
||
"authentication methods. Upon successful authentication, The Identity service "
|
||
"provides the user with an authorization token used for subsequent service "
|
||
"requests."
|
||
msgstr ""
|
||
"Layanan OpenStack Identity (keystone) mendukung beberapa metode otentikasi, "
|
||
"termasuk nama pengguna & password, LDAP, dan metode otentikasi eksternal. "
|
||
"Setelah otentikasi berhasil, layanan Identitas memberi pengguna sebuah token "
|
||
"otorisasi yang digunakan untuk permintaan layanan berikutnya."
|
||
|
||
msgid ""
|
||
"The OpenStack Identity service supports Cloud Auditing Data Federation "
|
||
"(CADF) notification, providing auditing data for compliance with security, "
|
||
"operational, and business processes. For more information, see the `Keystone "
|
||
"developer documentation <https://docs.openstack.org/keystone/latest/advanced-"
|
||
"topics/event_notifications.html#auditing-with-cadf>`_."
|
||
msgstr ""
|
||
"Layanan OpenStack Identity mendukung pemberitahuan Cloud Auditing Data "
|
||
"Federation (CADF), memberikan data audit untuk mematuhi proses keamanan, "
|
||
"operasional, dan bisnis. Untuk informasi lebih lanjut, lihat `Keystone "
|
||
"developer documentation <https://docs.openstack.org/keystone/latest/advanced-"
|
||
"topics/event_notifications.html#auditing-with-cadf>`_."
|
||
|
||
msgid ""
|
||
"The OpenStack Management Utilities are open-source Python command-line "
|
||
"clients that make API calls. There is a client for each OpenStack service "
|
||
"(for example, nova, glance). In addition to the standard CLI client, most of "
|
||
"the services have a management command-line utility which makes direct calls "
|
||
"to the database. These dedicated management utilities are slowly being "
|
||
"deprecated."
|
||
msgstr ""
|
||
"OpenStack Management Utilities adalah klien command-line Python open-source "
|
||
"yang membuat panggilan API. Ada klien untuk setiap layanan OpenStack "
|
||
"(misalnya, nova, glance). Selain klien CLI standar, sebagian besar layanan "
|
||
"memiliki utilitas command-line manajemen yang membuat panggilan langsung ke "
|
||
"database. Utilitas manajemen dedicated ini perlahan tidak digunakan lagi."
|
||
|
||
msgid "The OpenStack Networking components are:"
|
||
msgstr "Komponen OpenStack Networking adalah:"
|
||
|
||
msgid ""
|
||
"The OpenStack Networking service (neutron) enables the end-user or tenant to "
|
||
"define, utilize, and consume networking resources. OpenStack Networking "
|
||
"provides a tenant-facing API for defining network connectivity and IP "
|
||
"addressing for instances in the cloud, in addition to orchestrating the "
|
||
"network configuration. With the transition to an API-centric networking "
|
||
"service, cloud architects and administrators should take into consideration "
|
||
"best practices to secure physical and virtual network infrastructure and "
|
||
"services."
|
||
msgstr ""
|
||
"Layanan OpenStack Networking (neutron) memungkinkan end-user atau penyewa "
|
||
"untuk menentukan, memanfaatkan, dan mengkonsumsi sumber daya jaringan. "
|
||
"OpenStack Networking menyediakan tenant-facing API untuk menentukan "
|
||
"konektivitas jaringan dan pengalamatan IP untuk instance di awan, selain "
|
||
"mengatur konfigurasi jaringan. Dengan transisi ke layanan jaringan API-"
|
||
"centric, arsitek dan administrator awan harus mempertimbangkan best practice "
|
||
"(praktik terbaik) untuk mengamankan infrastruktur dan layanan jaringan fisik "
|
||
"dan virtual."
|
||
|
||
msgid ""
|
||
"The OpenStack Networking service provides security group functionality using "
|
||
"a mechanism that is more flexible and powerful than the security group "
|
||
"capabilities built into OpenStack Compute. Thus, ``nova.conf`` should always "
|
||
"disable built-in security groups and proxy all security group calls to the "
|
||
"OpenStack Networking API when using OpenStack Networking. Failure to do so "
|
||
"results in conflicting security policies being simultaneously applied by "
|
||
"both services. To proxy security groups to OpenStack Networking, use the "
|
||
"following configuration values:"
|
||
msgstr ""
|
||
"Layanan OpenStack Networking menyediakan fungsionalitas kelompok keamanan "
|
||
"dengan menggunakan mekanisme yang lebih fleksibel dan kuat daripada "
|
||
"kemampuan kelompok keamanan yang ada di dalam OpenStack Compute. Dengan "
|
||
"demikian, ``nova.conf`` harus selalu menonaktifkan grup keamanan bawaan dan "
|
||
"proxy semua grup keamanan menghubungi OpenStack Networking API saat "
|
||
"menggunakan OpenStack Networking. Kegagalan untuk melakukannya menghasilkan "
|
||
"kebijakan keamanan yang saling bertentangan yang secara bersamaan diterapkan "
|
||
"oleh kedua layanan tersebut. Untuk mengelompokkan grup keamanan ke OpenStack "
|
||
"Networking, gunakan nilai konfigurasi berikut:"
|
||
|
||
msgid ""
|
||
"The OpenStack Security Group would like to acknowledge contributions from "
|
||
"the following organizations that were instrumental in making this book "
|
||
"possible. The organizations are:"
|
||
msgstr ""
|
||
"OpenStack Security Group ingin mengakui kontribusi dari organisasi berikut "
|
||
"yang berperan dalam membuat buku ini menjadi ada. Organisasi adalah:"
|
||
|
||
msgid ""
|
||
"The OpenStack Security Guide is the result of a five day sprint of "
|
||
"collaborative work of many individuals. The purpose of this document is to "
|
||
"provide the best practice guidelines for deploying a secure OpenStack cloud. "
|
||
"It is designed to reflect the current state of security within the OpenStack "
|
||
"community and provide frameworks for decision making where listing specific "
|
||
"security controls are not feasible due to complexity or other environment "
|
||
"specific details."
|
||
msgstr ""
|
||
"OpenStack Security Guide adalah hasil sprint lima hari kerja kolaboratif "
|
||
"banyak individu. Tujuan dari dokumen ini adalah untuk memberikan panduan "
|
||
"praktik terbaik untuk menerapkan awan OpenStack yang aman. Ini dirancang "
|
||
"untuk mencerminkan keadaan keamanan saat ini dalam komunitas OpenStack dan "
|
||
"menyediakan kerangka kerja untuk pengambilan keputusan di mana daftar "
|
||
"kontrol keamanan tertentu tidak dimungkinkan karena kompleksitas atau "
|
||
"rincian spesifik lingkungan lainnya."
|
||
|
||
msgid ""
|
||
"The OpenStack Security Project (OSSP) has worked with the VMT to agree that "
|
||
"an architectural review of the best practice deployment for a project is an "
|
||
"appropriate form of security review, balancing the need for review with the "
|
||
"resource requirements for a project of the scale of OpenStack. Security "
|
||
"architecture review is also often referred to as *threat analysis*, "
|
||
"*security analysis* or *threat modeling*. In the context of OpenStack "
|
||
"security review, these terms are synonymous for an architectural security "
|
||
"review which may identify defects in the design of a project or reference "
|
||
"architecture, and may lead to further investigative work to verify parts of "
|
||
"the implementation."
|
||
msgstr ""
|
||
" OpenStack Security Project (OSSP) telah bekerja dengan VMT untuk menyetujui "
|
||
"bahwa tinjauan arsitektur penerapan praktik terbaik untuk sebuah proyek "
|
||
"adalah bentuk tinjauan keamanan yang sesuai, menyeimbangkan kebutuhan untuk "
|
||
"ditinjau dengan persyaratan sumber daya untuk proyek skala OpenStack. "
|
||
"Tinjauan arsitektur keamanan juga sering disebut sebagai *threat analysis*, "
|
||
"*security analysis* atau *threat modeling*. Dalam konteks tinjauan keamanan "
|
||
"OpenStack, istilah-istilah ini identik untuk tinjauan keamanan arsitektural "
|
||
"yang dapat mengidentifikasi cacat pada desain proyek atau arsitektur "
|
||
"referensi, dan dapat menyebabkan pekerjaan investigasi lebih lanjut untuk "
|
||
"memverifikasi bagian-bagian dari pelaksanaan."
|
||
|
||
msgid ""
|
||
"The OpenStack Security team is based on voluntary contributions from the "
|
||
"OpenStack community. You can contact the security community directly in the "
|
||
"#openstack-security channel on Freenode IRC, or by sending mail to the "
|
||
"openstack-discuss mailing list with the [security] prefix in the subject "
|
||
"header."
|
||
msgstr ""
|
||
"Tim OpenStack Security didasarkan pada kontribusi sukarela dari komunitas "
|
||
"OpenStack. Anda dapat menghubungi komunitas keamanan secara langsung di "
|
||
"saluran #openstack-security di Freenode IRC, atau dengan mengirim email ke "
|
||
"daftar mailing openstack-discuss dengan awalan [security] di header subjek."
|
||
|
||
msgid ""
|
||
"The OpenStack components are only a small fraction of the software in a "
|
||
"cloud. It is important to keep up to date with all of these other "
|
||
"components, too. While certain data sources will be deployment specific, it "
|
||
"is important that a cloud administrator subscribe to the necessary mailing "
|
||
"lists in order to receive notification of any security updates applicable to "
|
||
"the organization's environment. Often this is as simple as tracking an "
|
||
"upstream Linux distribution."
|
||
msgstr ""
|
||
"Komponen OpenStack hanya sebagian kecil dari perangkat lunak di awan. "
|
||
"Penting untuk tetap up to date dengan semua komponen lainnya juga. Sementara "
|
||
"sumber data tertentu akan diterapkan secara khusus, administrator awan harus "
|
||
"berlangganan milis yang diperlukan untuk menerima pemberitahuan tentang "
|
||
"pembaruan keamanan apa pun yang berlaku untuk lingkungan organisasi. "
|
||
"Seringkali ini sesederhana melacak distribusi Linux hulu."
|
||
|
||
msgid ""
|
||
"The OpenStack dashboard (horizon) provides administrators and tenants with a "
|
||
"web-based graphical interface to provision and access cloud-based resources. "
|
||
"The dashboard communicates with the back-end services through calls to the "
|
||
"OpenStack API."
|
||
msgstr ""
|
||
"Dasbor OpenStack (horizon) menyediakan administrator dan penyewa dengan "
|
||
"antarmuka grafis berbasis web untuk menyediakan dan mengakses sumber daya "
|
||
"berbasis awan. Dasbor berkomunikasi dengan layanan back-end melalui "
|
||
"panggilan ke API OpenStack."
|
||
|
||
msgid ""
|
||
"The OpenStack dashboard is designed to discourage developers from "
|
||
"introducing cross-site scripting vulnerabilities with custom dashboards as "
|
||
"threads can be introduced. Dashboards that utilize multiple instances of "
|
||
"JavaScript should be audited for vulnerabilities such as inappropriate use "
|
||
"of the ``@csrf_exempt`` decorator. Any dashboard that does not follow these "
|
||
"recommended security settings should be carefully evaluated before "
|
||
"restrictions are relaxed."
|
||
msgstr ""
|
||
"Dasbor OpenStack dirancang untuk mencegah pengembang mengenalkan kerentanan "
|
||
"skrip lintas situs dengan dasbor kustom sebagai thread dapat diperkenalkan. "
|
||
"Dasbor yang menggunakan beberapa instance JavaScript harus diaudit untuk "
|
||
"kerentanan seperti penggunaan dekorator ```@csrf_exempt` yang tidak tepat. "
|
||
"Setiap dasbor yang tidak mengikuti pengaturan keamanan yang disarankan ini "
|
||
"harus dievaluasi secara hati-hati sebelum batasan rileks."
|
||
|
||
msgid ""
|
||
"The PKCS#11 crypto plugin can be used to interface with a Hardware Security "
|
||
"Module (HSM) using the PKCS#11 protocol. Secrets are encrypted (and "
|
||
"decrypted on retrieval) by a project specific Key Encryption Key (KEK) which "
|
||
"resides in the HSM. Since a different KEK is used for each project, and "
|
||
"since the KEKs are stored inside an HSM (instead of in plaintext in the "
|
||
"configuration file) the PKCS#11 plugin is much more secure than the simple "
|
||
"crypto plugin. It is the most popular back end amongst Barbican deployments."
|
||
msgstr ""
|
||
"Plugin kripto PKCS # 11 dapat digunakan untuk berinteraksi dengan Hardware "
|
||
"Security Module (HSM) menggunakan protokol PKCS # 11. Rahasia dienkripsi "
|
||
"(dan didekripsi saat pengambilan) oleh Key Key Enkripsi (KEK) spesifik "
|
||
"proyek yang berada di HSM. Karena KEK yang berbeda digunakan untuk setiap "
|
||
"proyek, dan karena KEK disimpan di dalam sebuah HSM (bukan di plaintext "
|
||
"dalam file konfigurasi) plugin PKCS # 11 jauh lebih aman daripada plugin "
|
||
"kripto sederhana. Ini adalah bagian belakang yang paling populer di antara "
|
||
"penyebaran Barbican."
|
||
|
||
msgid ""
|
||
"The Payment Card Industry Data Security Standard (PCI DSS) is defined by the "
|
||
"Payment Card Industry Standards Council, and created to increase controls "
|
||
"around card holder data to reduce credit card fraud. Annual compliance "
|
||
"validation is assessed by an external Qualified Security Assessor (QSA) who "
|
||
"creates a Report on Compliance (ROC), or by a Self-Assessment Questionnaire "
|
||
"(SAQ) dependent on volume of card-holder transactions."
|
||
msgstr ""
|
||
"The Payment Card Industry Data Security Standard (PCI DSS) didefinisikan "
|
||
"oleh Payment Card Industry Standards Council, dan dibuat untuk meningkatkan "
|
||
"kontrol seputar data pemegang kartu untuk mengurangi kecurangan kartu "
|
||
"kredit. Verifikasi kepatuhan tahunan dinilai oleh Qualified Security "
|
||
"Assessor (QSA) eksternal yang membuat Report on Compliance (Compliance "
|
||
"Comporiance / ROC), atau dengan Self Assessment Questionnaire (SAQ) "
|
||
"tergantung pada volume transaksi card-holder."
|
||
|
||
msgid ""
|
||
"The Planning phase is typically performed two weeks to six months before "
|
||
"Fieldwork begins. In this phase audit items such as the timeframe, timeline, "
|
||
"controls to be evaluated, and control owners are discussed and finalized. "
|
||
"Concerns about resource availability, impartiality, and costs are also "
|
||
"resolved."
|
||
msgstr ""
|
||
"Tahap Planning biasanya dilakukan dua minggu sampai enam bulan sebelum "
|
||
"Fieldwork dimulai. Dalam item audit tahap ini seperti kerangka waktu, garis "
|
||
"waktu, kontrol yang akan dievaluasi, dan pemilik kontrol dibahas dan "
|
||
"diselesaikan. Kekhawatiran tentang ketersediaan sumber daya, "
|
||
"ketidakberpihakan, dan biaya juga dipecahkan."
|
||
|
||
msgid ""
|
||
"The RO access level can be helpful in public shares when the administrator "
|
||
"gives read and write (RW) access for some certain editors or contributors "
|
||
"and gives read-only (RO) access for the rest of users (viewers)."
|
||
msgstr ""
|
||
"Tingkat akses RO dapat membantu dalam public share saat administrator "
|
||
"memberikan akses read and write (RW) untuk beberapa editor atau kontributor "
|
||
"tertentu dan memberikan akses read-only (RO) untuk pengguna lainnya (viewer)."
|
||
|
||
msgid ""
|
||
"The Reporting phase is where any issues that were identified during the "
|
||
"Fieldwork phase will be validated by management. For logistics purposes, "
|
||
"some activities such as issue validation may be performed during the "
|
||
"Fieldwork phase. Management will also need to provide remediation plans to "
|
||
"address the issues and ensure that they do not reoccur. A draft of the "
|
||
"overall report will be circulated for review to the stakeholders and "
|
||
"management. Agreed upon changes are incorporated and the updated draft is "
|
||
"sent to senior management for review and approval. Once senior management "
|
||
"approves the report, it is finalized and distributed to executive "
|
||
"management. Any issues are entered into the issue tracking or risk tracking "
|
||
"mechanism the organization uses."
|
||
msgstr ""
|
||
"Tahap Reporting adalah dimana setiap masalah yang diidentifikasi selama fase "
|
||
"Fieldwork akan divalidasi oleh manajemen. Untuk keperluan logistik, beberapa "
|
||
"kegiatan seperti validasi masalah dapat dilakukan selama fase kerja "
|
||
"lapangan. Manajemen juga perlu memberikan rencana pemulihan untuk mengatasi "
|
||
"masalah dan memastikan bahwa mereka tidak terulang kembali. Draft laporan "
|
||
"keseluruhan akan diedarkan untuk ditinjau kembali kepada pemangku "
|
||
"kepentingan dan manajemen. Menyetujui perubahan digabungkan dan draf yang "
|
||
"diperbarui dikirim ke manajemen senior untuk diperiksa dan disetujui. "
|
||
"Setelah manajemen senior menyetujui laporan tersebut, akhirnya diselesaikan "
|
||
"dan didistribusikan ke manajemen eksekutif. Semua masalah dimasukkan ke "
|
||
"dalam pelacakan masalah atau mekanisme pelacakan risiko yang digunakan "
|
||
"organisasi."
|
||
|
||
msgid "The Security Guide currently focuses on PostgreSQL and MySQL."
|
||
msgstr "Security Guide saat ini fokus pada PostgreSQL dan MySQL."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service (manila) is intended to be ran on a single-"
|
||
"node or across multiple nodes. The Shared File Systems service consists of "
|
||
"four main services, which are similar to those of the Block Storage service:"
|
||
msgstr ""
|
||
"Layanan Shared File Systems (manila) dimaksudkan untuk dijalankan pada node "
|
||
"tunggal atau beberapa node. Layanan Shared File Systems terdiri dari empat "
|
||
"layanan utama, yang serupa dengan layanan Block Storage:"
|
||
|
||
msgid ""
|
||
"The Shared File Systems service (manila) provides a set of services for "
|
||
"management of shared file systems in a multi-tenant cloud environment. It is "
|
||
"similar to how OpenStack provides block-based storage management through the "
|
||
"OpenStack Block Storage service (cinder) project. With the Shared File "
|
||
"Systems service, you can create a shared file system and manage its "
|
||
"properties, such as visibility, accessibility and usage quotas."
|
||
msgstr ""
|
||
"Layanan Shared File Systems (manila) menyediakan seperangkat layanan untuk "
|
||
"pengelolaan sistem file bersama di lingkungan awan multi-tenant. Ini mirip "
|
||
"dengan bagaimana OpenStack menyediakan manajemen penyimpanan berbasis blok "
|
||
"melalui proyek layanan OpenStack Block Storage (cinder). Dengan layanan "
|
||
"Shared File Systems, Anda dapat membuat sistem file bersama dan mengelola "
|
||
"propertinya, seperti visibilitas, aksesibilitas dan kuota penggunaan."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service allows an administrator to grant or deny "
|
||
"access to the *private* share types for tenants. It is also possible to get "
|
||
"information about access for a specified private share type."
|
||
msgstr ""
|
||
"Layanan Shared File Systems memungkinkan administrator untuk memberikan atau "
|
||
"menolak akses ke tipe share *private* untuk penyewa. Hal ini juga "
|
||
"memungkinkan untuk mendapatkan informasi tentang akses untuk jenis share "
|
||
"pribadi tertentu."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service allows to grant or deny access to different "
|
||
"entities of the service for other clients."
|
||
msgstr ""
|
||
"Layanan Shared File Systems memungkinkan untuk memberikan atau menolak akses "
|
||
"ke entitas layanan yang berbeda untuk klien lain."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service allows to work with different types of a "
|
||
"network:"
|
||
msgstr ""
|
||
"Layanan Shared File Systems memungkinkan untuk bekerja dengan berbagai jenis "
|
||
"jaringan:"
|
||
|
||
msgid ""
|
||
"The Shared File Systems service allows you to configure a security service "
|
||
"with these options:"
|
||
msgstr ""
|
||
"Layanan Shared File Systems memungkinkan Anda mengkonfigurasi layanan "
|
||
"keamanan dengan opsi ini:"
|
||
|
||
msgid ""
|
||
"The Shared File Systems service architecture defines an abstraction layer "
|
||
"for network resource provisioning. It allows administrators to choose from "
|
||
"different options for how network resources are assigned to their tenants’ "
|
||
"networked storage. There are several network plug-ins that provide a variety "
|
||
"of integration approaches with the network services that are available with "
|
||
"OpenStack."
|
||
msgstr ""
|
||
"Arsitektur layanan Shared File Systems mendefinisikan lapisan abstraksi "
|
||
"untuk penyediaan sumber daya jaringan. Hal ini memungkinkan administrator "
|
||
"untuk memilih dari pilihan yang berbeda untuk bagaimana sumber daya jaringan "
|
||
"ditugaskan ke penyimpanan jaringan penyewa mereka. Ada beberapa plug-in "
|
||
"jaringan yang menyediakan berbagai pendekatan integrasi dengan layanan "
|
||
"jaringan yang tersedia dengan OpenStack."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service can work with different network types: flat, "
|
||
"VLAN, VXLAN, or GRE, and supports segmented networking. There are also "
|
||
"different :ref:`network plug-ins <shared_fs_network_plugins>` that provide a "
|
||
"variety of integration approaches with the network services that are "
|
||
"available with OpenStack."
|
||
msgstr ""
|
||
"Layanan Shared File Systems dapat bekerja dengan berbagai jenis jaringan: "
|
||
"flat, VLAN, VXLAN, atau GRE, dan mendukung jaringan tersegmentasi. Ada juga "
|
||
"jenis yang berbeda :ref:`network plug-ins <shared_fs_network_plugins>` yang "
|
||
"menyediakan berbagai pendekatan integrasi dengan layanan jaringan yang "
|
||
"tersedia dengan OpenStack."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service is merely keeping the information about "
|
||
"networks in the database, and real networks are provided by the network "
|
||
"provider. In OpenStack it can be Legacy networking (nova-network) or "
|
||
"Networking (neutron) services, but the Shared File Systems service can work "
|
||
"even out of OpenStack. That is allowed by ``StandaloneNetworkPlugin`` that "
|
||
"can be used with any network platform and does not require some specific "
|
||
"network services in OpenStack like Networking or Legacy networking services. "
|
||
"You can set the network parameters in its configuration file."
|
||
msgstr ""
|
||
"Layanan Shared File Systems hanya menyimpan informasi tentang jaringan di "
|
||
"database, dan jaringan nyata disediakan oleh penyedia jaringan. Di "
|
||
"OpenStack, hal itu dapat terjadi di layanan Legacy networking (nova-network) "
|
||
"atau Networking (neutron), namun layanan Shared File Systems dapat bekerja "
|
||
"bahkan bekerja di luar OpenStack. Itu diperbolehkan oleh "
|
||
"``StandaloneNetworkPlugin`` yang dapat digunakan dengan platform jaringan "
|
||
"dan tidak memerlukan beberapa layanan jaringan tertentu di OpenStack seperti "
|
||
"layanan Networking atau Legacy networking. Anda dapat mengatur parameter "
|
||
"jaringan dalam file konfigurasinya."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service serves the same purpose as Amazon Elastic "
|
||
"File System (EFS)."
|
||
msgstr ""
|
||
"Layanan Shared File Systems melayani tujuan yang sama seperti Amazon Elastic "
|
||
"File System (EFS)."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service uses an SQL-based central database that is "
|
||
"shared by all Shared File Systems services in the system. It can use any SQL "
|
||
"dialect supported by ORM SQLALchemy, but is tested only with MySQL and "
|
||
"PostgreSQL data bases."
|
||
msgstr ""
|
||
"Layanan Shared File Systems menggunakan basis data berbasis SQL yang dibagi "
|
||
"oleh semua layanan Shared File Systems di sistem. Hal ini dapat menggunakan "
|
||
"dialek SQL yang didukung oleh ORM SQLALchemy, namun hanya diuji dengan basis "
|
||
"data MySQL dan PostgreSQL."
|
||
|
||
msgid ""
|
||
"The Shared File Systems service works with various storage providers that "
|
||
"use the following shared file system protocols: :term:`NFS <Network File "
|
||
"System (NFS)>`, :term:`CIFS <Common Internet File System (CIFS)>`, :term:"
|
||
"`GlusterFS`, and :term:`HDFS <Hadoop Distributed File System (HDFS)>`."
|
||
msgstr ""
|
||
"Layanan Shared File Systems bekerja dengan berbagai penyedia penyimpanan "
|
||
"yang menggunakan protokol sistem file bersama berikut: :term:`NFS <Network "
|
||
"File System (NFS)>`, :term:`CIFS <Common Internet File System (CIFS)>`, :"
|
||
"term:`GlusterFS`, dan :term:`HDFS <Hadoop Distributed File System (HDFS)>`."
|
||
|
||
msgid ""
|
||
"The Virtio RNG is a random number generator that uses ``/dev/random`` as the "
|
||
"source of entropy by default, however can be configured to use a hardware "
|
||
"RNG or a tool such as the entropy gathering daemon (`EGD <http://egd."
|
||
"sourceforge.net>`_) to provide a way to fairly and securely distribute "
|
||
"entropy through a distributed system. The Virtio RNG is enabled using the "
|
||
"``hw_rng`` property of the metadata used to create the instance."
|
||
msgstr ""
|
||
"Virtio RNG adalah generator bilangan acak yang menggunakan ``/dev/random`` "
|
||
"sebagai sumber entropi secara default, namun dapat dikonfigurasi untuk "
|
||
"menggunakan perangkat keras RNG atau alat seperti entropy gathering daemon "
|
||
"(`EGD <http: //egd.sourceforge.net>`_) untuk menyediakan cara "
|
||
"mendistribusikan distribusi entropi secara adil dan aman melalui sistem "
|
||
"terdistribusi. Virtio RNG diaktifkan menggunakan properti ``hw_rng`` dari "
|
||
"metadata yang digunakan untuk membuat instance."
|
||
|
||
msgid ""
|
||
"The Wrap-up phase is where the audit is officially spun down. Management "
|
||
"will begin remediation activities at this point. Processes and notifications "
|
||
"are used to ensure that any audit related information is moved to a secure "
|
||
"repository."
|
||
msgstr ""
|
||
"Tahap Wrap-up adalah tempat audit secara resmi diputar mundur. Manajemen "
|
||
"akan memulai kegiatan remediasi pada saat ini. Proses dan notifikasi "
|
||
"digunakan untuk memastikan bahwa informasi terkait audit dipindahkan ke "
|
||
"repositori yang aman."
|
||
|
||
msgid ""
|
||
"The `Cloud Security Alliance Cloud Controls Matrix <https://"
|
||
"cloudsecurityalliance.org/group/cloud-controls-matrix/>`_ (CCM) assists both "
|
||
"cloud providers and consumers in assessing the overall security of a cloud "
|
||
"provider. The CSA CMM provides a controls framework that map to many "
|
||
"industry-accepted standards and regulations including the ISO 27001/2, "
|
||
"ISACA, COBIT, PCI, NIST, Jericho Forum and NERC CIP."
|
||
msgstr ""
|
||
"The `Cloud Security Alliance Cloud Controls Matrix <https://"
|
||
"cloudsecurityalliance.org/group/cloud-controls-matrix/>`_ (CCM) membantu "
|
||
"penyedia awan dan konsumen dalam menilai keamanan keseluruhan penyedia awan. "
|
||
"CSA CMM menyediakan kerangka kerja kontrol yang memetakan standar dan "
|
||
"peraturan yang berlaku di industri termasuk ISO 27001/2, ISACA, COBIT, PCI, "
|
||
"NIST, Forum Jericho dan NERC CIP."
|
||
|
||
msgid ""
|
||
"The `Key Management Interoperability Protocol (KMIP) <https://www.oasis-open."
|
||
"org/committees/tc_home.php?wg_abbrev=kmip>`_ secret store plugin is used to "
|
||
"communicate with a KMIP-enabled device, such as a Hardware Security Module "
|
||
"(HSM). The secret is securely stored in the KMIP-enabled device directly, "
|
||
"rather than in the Barbican database. The Barbican database maintains a "
|
||
"reference to the secret's location for later retrieval. The plugin can be "
|
||
"configured to authenticate to the KMIP-enabled device using either a "
|
||
"username and password, or using a client certificate. This information is "
|
||
"stored in the Barbican configuration file."
|
||
msgstr ""
|
||
"Plugin penyimpanan rahasia `Key Management Interoperability Protocol (KMIP) "
|
||
"<https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip>`_ "
|
||
"digunakan untuk berkomunikasi dengan perangkat berkemampuan KMIP, seperti "
|
||
"Hardware Security Module (HSM). Rahasianya disimpan dengan aman di perangkat "
|
||
"berkemampuan KMIP secara langsung, bukan di database Barbican. Database "
|
||
"Barbican menyimpan referensi ke lokasi rahasia untuk pengambilan nanti. "
|
||
"Plugin ini dapat dikonfigurasi untuk melakukan otentikasi ke perangkat "
|
||
"berkemampuan KMIP menggunakan nama pengguna dan kata sandi, atau menggunakan "
|
||
"sertifikat klien. Informasi ini disimpan dalam file konfigurasi Barbican."
|
||
|
||
msgid ""
|
||
"The `SCAP Security Guide <https://github.com/OpenSCAP/scap-security-guide/"
|
||
">`_ is another useful reference. This is still an emerging source, but we "
|
||
"anticipate that this will grow into a tool with controls mappings that are "
|
||
"more focused on the US federal government certifications and "
|
||
"recommendations. For example, the SCAP Security Guide currently has some "
|
||
"mappings for security technical implementation guides (STIGs) and "
|
||
"NIST-800-53."
|
||
msgstr ""
|
||
"The `SCAP Security Guide <https://github.com/OpenSCAP/scap-security-guide/"
|
||
">`_ adalah referensi lain yang berguna. Ini masih merupakan sumber yang "
|
||
"muncul, namun kami mengantisipasi bahwa ini akan tumbuh menjadi alat dengan "
|
||
"pemetaan kontrol yang lebih terfokus pada sertifikasi dan rekomendasi "
|
||
"pemerintah federal AS. Misalnya, SCAP Security Guide saat ini memiliki "
|
||
"beberapa pemetaan untuk panduan penerapan teknis keamanan (STIG) dan "
|
||
"NIST-800-53."
|
||
|
||
msgid ""
|
||
"The ``/etc/swift`` directory contains information about the ring topology "
|
||
"and environment configuration. The following permissions are recommended:"
|
||
msgstr ""
|
||
"Direktori ``/etc/swift`` berisi informasi tentang topologi ring dan "
|
||
"konfigurasi lingkungan. Izin berikut direkomendasikan:"
|
||
|
||
msgid ""
|
||
"The ``/var/lib/nova`` directory is used to hold details about the instances "
|
||
"on a given compute host. This directory should be considered sensitive as "
|
||
"well, with strictly enforced file permissions. Additionally, it should be "
|
||
"backed up regularly as it contains information and metadata for the "
|
||
"instances associated with that host."
|
||
msgstr ""
|
||
"Direktori ``/var/lib/nova`` digunakan untuk menyimpan rincian tentang "
|
||
"instance pada compute host tertentu. Direktori ini harus dianggap sensitif "
|
||
"juga, dengan hak akses file yang ketat. Selain itu, ini harus dicadangkan "
|
||
"secara teratur karena berisi informasi dan metadata untuk instance yang "
|
||
"terkait dengan host tersebut."
|
||
|
||
msgid ""
|
||
"The ``DiskFilter`` filter is capable of oversubscribing disk space. While "
|
||
"not normally an issue, this can be a concern on storage devices that are "
|
||
"thinly provisioned, and this filter should be used with well-tested quotas "
|
||
"applied."
|
||
msgstr ""
|
||
"Filter ``DiskFilter`` mampu melampaui batas ruang disk. Meskipun biasanya "
|
||
"tidak menjadi masalah, ini bisa menjadi perhatian pada perangkat penyimpanan "
|
||
"yang tersedia secara tipis, dan filter ini harus digunakan dengan kuota yang "
|
||
"teruji dengan baik."
|
||
|
||
msgid ""
|
||
"The ``FilterScheduler`` is the default scheduler for OpenStack Compute, "
|
||
"although other schedulers exist (see the section `Scheduling <https://docs."
|
||
"openstack.org/ocata/config-reference/compute/schedulers.html>`_ in the "
|
||
"`OpenStack Configuration Reference <https://docs.openstack.org/ocata/config-"
|
||
"reference/config-overview.html>`_ ). This works in collaboration with "
|
||
"'filter hints' to decide where an instance should be started. This process "
|
||
"of host selection allows administrators to fulfill many different security "
|
||
"and compliance requirements. Depending on the cloud deployment type for "
|
||
"example, one could choose to have tenant instances reside on the same hosts "
|
||
"whenever possible if data isolation was a primary concern. Conversely one "
|
||
"could attempt to have instances for a tenant reside on as many different "
|
||
"hosts as possible for availability or fault tolerance reasons."
|
||
msgstr ""
|
||
"The ``FilterScheduler`` adalah penjadwal default untuk OpenStack Compute, "
|
||
"meskipun penjadwal lain ada (lihat bagian `Scheduling <https://docs."
|
||
"openstack.org/ocata/config-reference/compute/schedulers.html>`_ dalam "
|
||
"`OpenStack Configuration Reference <https://docs.openstack.org/ocata/config-"
|
||
"reference/config-overview.html>`_ ). Ini bekerja sama dengan 'filter hints' "
|
||
"untuk memutuskan di mana instance harus dimulai. Proses pemilihan host ini "
|
||
"memungkinkan administrator untuk memenuhi berbagai persyaratan keamanan dan "
|
||
"kepatuhan. Bergantung pada jenis penyebaran cloud misalnya, seseorang dapat "
|
||
"memilih untuk memiliki instance penyewa yang berada di host yang sama bila "
|
||
"memungkinkan jika isolasi data menjadi perhatian utama. Sebaliknya seseorang "
|
||
"dapat mencoba untuk memiliki instance untuk penyewa tinggal di sebanyak "
|
||
"mungkin host yang berbeda untuk ketersediaan atau toleransi kesalahan (fault "
|
||
"tolerance reason).."
|
||
|
||
msgid ""
|
||
"The ``GroupAffinity`` and ``GroupAntiAffinity`` filters conflict and should "
|
||
"not both be enabled at the same time."
|
||
msgstr ""
|
||
"Filter ``GroupAffinity`` dan ``GroupAntiAffinity`` terjadi konflik dan "
|
||
"seharusnya keduanya tidak diaktifkan secara bersamaan."
|
||
|
||
msgid ""
|
||
"The ``QoSBandwidthLimitRule`` has been implemented in the neutron Open "
|
||
"vSwitch, Linux bridge and single root input/output virtualization (SR-IOV) "
|
||
"drivers."
|
||
msgstr ""
|
||
"The `` QoSBandwidthLimitRule`` telah diimplementasikan di netron Open "
|
||
"vSwitch, Linux bridge dan driver single root input/output virtualization (SR-"
|
||
"IOV)."
|
||
|
||
msgid ""
|
||
"The ``ShibRequireSession`` rule is invalid in Apache 2.4 or newer and should "
|
||
"be dropped in that specific setup."
|
||
msgstr ""
|
||
"Aturan `` ShibRequireSession`` tidak valid di Apache 2.4 atau yang lebih "
|
||
"baru dan harus dijatuhkan (dropped) di setup yang spesifik."
|
||
|
||
msgid ""
|
||
"The ``apt-get`` command is Ubuntu specific. For other distributions, replace "
|
||
"with appropriate command."
|
||
msgstr ""
|
||
"Perintah `` apt-get`` adalah Ubuntu yang spesifik. Untuk distro lain, ganti "
|
||
"dengan perintah yang sesuai."
|
||
|
||
msgid ""
|
||
"The ``copy_from`` feature in Image Service API v1 supplied by Glance can "
|
||
"allow an attacker to perform masked network port scans. If the v1 API is "
|
||
"enabled, this policy should be set to a restricted value."
|
||
msgstr ""
|
||
"Fitur ``copy_from`` pada Image Service API v1 yang disuplai oleh Glance "
|
||
"memungkinkan penyerang melakukan scan port jaringan bertopeng (masked). Jika "
|
||
"API v1 diaktifkan, kebijakan ini harus ditetapkan ke nilai yang dibatasi."
|
||
|
||
msgid ""
|
||
"The ``external`` method should be dropped to avoid any interference with "
|
||
"some Apache and Shibboleth SP setups, where a ``REMOTE_USER`` environment "
|
||
"variable is always set, even as an empty value."
|
||
msgstr ""
|
||
"Metode ``external`` harus dijatuhkan (dropped) untuk menghindari gangguan "
|
||
"pada beberapa setup Apache dan Shibboleth SP, di mana variabel lingkungan "
|
||
"``REMOTE_USER` selalu ditetapkan, bahkan sebagai nilai kosong."
|
||
|
||
msgid ""
|
||
"The ``md5`` parameter defines the authentication method as a hashed "
|
||
"password. We provide a secure authentication example in the section below."
|
||
msgstr ""
|
||
"Parameter ``md5`` mendefinisikan metode otentikasi sebagai hashed password. "
|
||
"Kami memberikan contoh otentikasi yang aman pada bagian di bawah ini."
|
||
|
||
msgid ""
|
||
"The ``nova-novncproxy`` and ``nova-xvpvncproxy`` services by default open "
|
||
"public-facing ports that are token authenticated."
|
||
msgstr ""
|
||
"Layanan ``nova-novncproxy`` dan ``nova-xvpvncproxy`` secara default terbuka "
|
||
"menghadap ke publik port yang token dikonfirmasi."
|
||
|
||
msgid ""
|
||
"The ``nova-spicehtml5proxy`` service by default opens public-facing ports "
|
||
"that are token authenticated."
|
||
msgstr ""
|
||
"Layanan ``nova-spicehtml5proxy`` secara default membuka port yang menghadap "
|
||
"ke publik yang diberi tanda bukti."
|
||
|
||
msgid ""
|
||
"The ``nova`` command-line utility can return a URL for the VNC console for "
|
||
"access by the nova Java VNC client. This requires the ``nova-xvpvncproxy`` "
|
||
"service to bridge from the public network to the management network."
|
||
msgstr ""
|
||
"Utilitas baris perintah ``nova`` dapat mengembalikan URL untuk konsol VNC "
|
||
"untuk diakses oleh klien VNC nova Java. Ini memerlukan layanan ``nova-"
|
||
"xvpvncproxy`` untuk menjembatani dari jaringan publik ke jaringan manajemen."
|
||
|
||
msgid ""
|
||
"The ``service apache2 restart`` command is Ubuntu-specific. For other "
|
||
"distributions, replace with appropriate command."
|
||
msgstr ""
|
||
"Perintah ``service apache2 restart`` adalah Ubuntu-specific. Untuk distro "
|
||
"lain, ganti dengan perintah yang sesuai."
|
||
|
||
msgid ""
|
||
"The ``svirt_image_t`` label uniquely identifies image files on disk, "
|
||
"allowing for the SELinux policy to restrict access. When a KVM-based compute "
|
||
"image is powered on, sVirt appends a random numerical identifier to the "
|
||
"image. sVirt is capable of assigning numeric identifiers to a maximum of "
|
||
"524,288 virtual machines per hypervisor node, however most OpenStack "
|
||
"deployments are highly unlikely to encounter this limitation."
|
||
msgstr ""
|
||
"Label ``svirt_image_t`` secara unik mengidentifikasi file image pada disk, "
|
||
"memungkinkan kebijakan SELinux membatasi akses. Saat image komputasi "
|
||
"berbasis KVM diaktifkan, sVirt menambahkan pengenal numerik acak ke image. "
|
||
"SVirt mampu menugaskan pengenal numerik (numeric identifier) ke maksimum "
|
||
"524.288 mesin virtual per node hypervisor, namun sebagian besar penerapan "
|
||
"OpenStack sangat tidak mungkin untuk menghadapi keterbatasan ini."
|
||
|
||
msgid ""
|
||
"The ``volume_clear`` parameter can be set to ``zero``. The ``zero`` argument "
|
||
"will write a single pass of zeroes to the device."
|
||
msgstr ""
|
||
"Parameter ``volume_clear`` dapat disetel ke ``zero``. Argumen ``zero`` akan "
|
||
"menulis single pass nol ke perangkat."
|
||
|
||
msgid "The above link defaults to the Ubuntu version."
|
||
msgstr "Tautan di atas default ke versi Ubuntu."
|
||
|
||
msgid ""
|
||
"The actual data objects. ACLs at the object level are also possible with "
|
||
"metadata and are dependent on the authentication system used."
|
||
msgstr ""
|
||
"Objek data sebenarnya. ACL pada tingkat objek juga dimungkinkan dengan "
|
||
"metadata dan bergantung pada sistem otentikasi yang digunakan."
|
||
|
||
msgid ""
|
||
"The admin token is generally used to bootstrap Identity. This token is the "
|
||
"most valuable Identity asset, which could be used to gain cloud admin "
|
||
"privileges."
|
||
msgstr ""
|
||
"Token admin umumnya digunakan untuk bootstrap Identity. Token ini adalah "
|
||
"aset Identity yang paling berharga, yang bisa digunakan untuk mendapatkan "
|
||
"hak istimewa admin awan."
|
||
|
||
msgid ""
|
||
"The administrator can grant access to the private share type for the demo "
|
||
"tenant with the tenant ID equal to df29a37db5ae48d19b349fe947fada46:"
|
||
msgstr ""
|
||
"Administrator dapat memberikan akses ke jenis share privat untuk penyewa "
|
||
"demo dengan ID penyewa sama dengan df29a37db5ae48d19b349fe947fada46:"
|
||
|
||
msgid ""
|
||
"The amount of information that can be gathered about a system and its users "
|
||
"should be minimized."
|
||
msgstr ""
|
||
"Jumlah informasi yang bisa dikumpulkan tentang suatu sistem dan penggunanya "
|
||
"harus diminimalkan."
|
||
|
||
msgid ""
|
||
"The ansible-hardening project provides an Ansible role that applies security "
|
||
"controls to a wide array of Linux operating systems. It can also be used to "
|
||
"audit an existing system. Each control is carefully reviewed to determine if "
|
||
"it could cause harm to a production system. The controls are based on the "
|
||
"Red Hat Enterprise Linux 7 STIG."
|
||
msgstr ""
|
||
"Proyek ansible-hardening memberikan peran penting yang menerapkan kontrol "
|
||
"keamanan ke beragam sistem operasi Linux. Ini juga bisa digunakan untuk "
|
||
"mengaudit sistem yang ada. Setiap kontrol ditinjau ulang secara seksama "
|
||
"untuk menentukan apakah hal itu dapat menyebabkan kerusakan pada sistem "
|
||
"produksi. Kontrol didasarkan pada Red Hat Enterprise Linux 7 STIG."
|
||
|
||
msgid ""
|
||
"The architecture diagram shows the logical layout of the system so the "
|
||
"security reviewers can step through the architecture with the project team. "
|
||
"It is a logical diagram which shows how the components interact, how they "
|
||
"connect to external entities, and where communications cross trust "
|
||
"boundaries. Further information on architecture diagram, including a key of "
|
||
"symbols, will be given in the upcoming architecture diagram guidance. "
|
||
"Diagrams can be drawn in any tool that can produce a diagram which uses the "
|
||
"symbols in the key, however `draw.io <https://draw.io>`__ is strongly "
|
||
"recommended."
|
||
msgstr ""
|
||
"Diagram arsitektur menunjukkan tata letak logis dari sistem sehingga "
|
||
"peninjau keamanan dapat melangkah melalui arsitektur dengan tim proyek. Ini "
|
||
"adalah diagram logis yang menunjukkan bagaimana komponen berinteraksi, "
|
||
"bagaimana mereka terhubung ke entitas eksternal, dan di mana komunikasi "
|
||
"melintasi batas kepercayaan. Informasi lebih lanjut tentang diagram "
|
||
"arsitektur, termasuk kunci simbol, akan diberikan dalam panduan diagram "
|
||
"arsitektur yang akan datang. Diagram dapat ditarik dalam alat yang dapat "
|
||
"menghasilkan diagram yang menggunakan simbol pada kunci, namun `draw.io "
|
||
"<https://draw.io>` __ sangat disarankan."
|
||
|
||
msgid ""
|
||
"The authentication service requires the user to provide information based on "
|
||
"something they have, such as a one-time password token or X.509 certificate, "
|
||
"and something they know, such as a password."
|
||
msgstr ""
|
||
"Layanan otentikasi mengharuskan pengguna memberikan informasi berdasarkan "
|
||
"sesuatu yang mereka miliki, seperti token password one-time atau sertifikat "
|
||
"X.509, dan sesuatu yang mereka ketahui, seperti password."
|
||
|
||
msgid ""
|
||
"The authentication service you use, such as Identity service (keystone) or "
|
||
"TempAuth, will determine how you configure a different URL in the responses "
|
||
"to end-point clients so they use your load balancer instead of an individual "
|
||
"proxy node."
|
||
msgstr ""
|
||
"Layanan otentikasi yang Anda gunakan, seperti layanan Identity (keystone) "
|
||
"atau TempAuth, akan menentukan bagaimana Anda mengkonfigurasi URL yang "
|
||
"berbeda dalam tanggapan ke klien end-point sehingga mereka menggunakan "
|
||
"penyeimbang beban Anda daripada sebuah node proxy individual."
|
||
|
||
msgid ""
|
||
"The basics of logging: configuration, setting log level, location of the log "
|
||
"files, and how to use and customize logs, as well as how to do centralized "
|
||
"collections of logs is well covered in the `OpenStack Operations Guide "
|
||
"<https://docs.openstack.org/ops/>`_."
|
||
msgstr ""
|
||
"Dasar logging: konfigurasi, pengaturan tingkat log, lokasi file log, dan "
|
||
"bagaimana cara menggunakan dan menyesuaikan log, serta bagaimana melakukan "
|
||
"koleksi log terpusat tercakup dalam `OpenStack Operations Guide <https://"
|
||
"docs.openstack.org/ops/>`_."
|
||
|
||
msgid ""
|
||
"The best test of interoperability in the cloud is the ability to enable a "
|
||
"user with one set of credentials in an IdP to access multiple cloud "
|
||
"services. Organizations, each using its own IdP can easily allow their users "
|
||
"to collaborate and quickly share the same cloud services."
|
||
msgstr ""
|
||
"Tes interoperabilitas terbaik di awan adalah kemampuan untuk memungkinkan "
|
||
"pengguna dengan satu set kredensial dalam IdP untuk mengakses beberapa "
|
||
"layanan awan. Organisasi, masing-masing menggunakan IdP sendiri dapat dengan "
|
||
"mudah membiarkan pengguna mereka berkolaborasi dan dengan cepat berbagi "
|
||
"layanan awan yang sama."
|
||
|
||
msgid ""
|
||
"The choice of database server is an important consideration in the security "
|
||
"of an OpenStack deployment. Multiple factors should be considered when "
|
||
"deciding on a database server, however for the scope of this book only "
|
||
"security considerations will be discussed. OpenStack supports a variety of "
|
||
"database types. See the `OpenStack Administrator Guide <https://docs."
|
||
"openstack.org/admin-guide/>`_ for more information."
|
||
msgstr ""
|
||
"Pemilihan server database merupakan pertimbangan penting dalam keamanan "
|
||
"pengerahan OpenStack. Beberapa faktor harus dipertimbangkan saat menentukan "
|
||
"database server, namun untuk lingkup buku ini hanya pertimbangan keamanan "
|
||
"yang akan dibahas. OpenStack mendukung berbagai jenis database. Lihat "
|
||
"`OpenStack Administrator Guide <https://docs.openstack.org/admin-guide/>`_ "
|
||
"untuk informasi lebih lanjut."
|
||
|
||
msgid ""
|
||
"The choice of technology to provide L2 isolation is dependent upon the scope "
|
||
"and size of tenant networks that will be created in your deployment. If your "
|
||
"environment has limited VLAN ID availability or will have a large number of "
|
||
"L2 networks, it is our recommendation that you utilize tunneling."
|
||
msgstr ""
|
||
"Pilihan teknologi untuk memberikan isolasi L2 bergantung pada cakupan dan "
|
||
"ukuran jaringan penyewa yang akan dibuat dalam penerapan Anda. Jika "
|
||
"lingkungan Anda memiliki ketersediaan VLAN ID terbatas atau akan memiliki "
|
||
"sejumlah besar jaringan L2, ini adalah rekomendasi kami untuk memanfaatkan "
|
||
"tunneling."
|
||
|
||
msgid ""
|
||
"The choice of tenant network isolation affects how the network security and "
|
||
"control boundary is implemented for tenant services. The following "
|
||
"additional network services are either available or currently under "
|
||
"development to enhance the security posture of the OpenStack network "
|
||
"architecture."
|
||
msgstr ""
|
||
"Pilihan isolasi jaringan penyewa mempengaruhi bagaimana keamanan jaringan "
|
||
"dan batas kontrol diterapkan untuk layanan penyewa. Layanan jaringan "
|
||
"tambahan berikut tersedia atau sedang dalam pengembangan untuk meningkatkan "
|
||
"postur keamanan dari arsitektur jaringan OpenStack."
|
||
|
||
msgid ""
|
||
"The client configuration data for authentication and authorization (AuthN/"
|
||
"AuthZ) can be stored by ``security services``. LDAP, Kerberos, or Microsoft "
|
||
"Active directory can be used by the Shared File Systems service if they are "
|
||
"supported by used drivers and back ends. Authentication services can also be "
|
||
"configured without the Shared File Systems service."
|
||
msgstr ""
|
||
"Data konfigurasi klien untuk otentikasi dan otorisasi (AuthN/AuthZ) dapat "
|
||
"disimpan oleh ``security services``. Active Directory LDAP, Kerberos, atau "
|
||
"Microsoft dapat digunakan oleh layanan Shared File Systems jika didukung "
|
||
"oleh driver dan back end yang digunakan. Layanan otentikasi juga dapat "
|
||
"dikonfigurasi tanpa layanan Shared File Systems."
|
||
|
||
msgid ""
|
||
"The cloud administrator should protect sensitive configuration files from "
|
||
"unauthorized modification. This can be achieved with mandatory access "
|
||
"control frameworks such as SELinux, including ``/etc/keystone/keystone."
|
||
"conf`` and X.509 certificates."
|
||
msgstr ""
|
||
"Administrator awan harus melindungi file konfigurasi sensitif dari "
|
||
"modifikasi yang tidak sah. Hal ini dapat dicapai dengan kerangka kontrol "
|
||
"akses wajib seperti SELinux, termasuk sertifikat ``/etc/keystone/keystone."
|
||
"conf`` dan X.509."
|
||
|
||
msgid ""
|
||
"The components of Object Storage are grouped into the following primary "
|
||
"groups:"
|
||
msgstr ""
|
||
"Komponen Object Storage dikelompokkan ke dalam kelompok primer berikut:"
|
||
|
||
msgid ""
|
||
"The compute configuration, ``nova.conf``, has the following default "
|
||
"parameters within the \"[ephemeral_storage_encryption]\" section"
|
||
msgstr ""
|
||
"Konfigurasi komputasi, ``nova.conf``, memiliki parameter default berikut di "
|
||
"bagian \"[ephemeral_storage_encryption]\""
|
||
|
||
msgid ""
|
||
"The compute nodes are the least trusted of the services in OpenStack because "
|
||
"they host tenant instances. The ``nova-conductor`` service has been "
|
||
"introduced to serve as a database proxy, acting as an intermediary between "
|
||
"the compute nodes and the database. We discuss its ramifications later in "
|
||
"this chapter."
|
||
msgstr ""
|
||
"Node komputasi adalah yang paling tidak dipercaya dari layanan di OpenStack "
|
||
"karena mereka menghosting instance penyewa. Layanan ``nova-conductor`` telah "
|
||
"diperkenalkan untuk dijadikan basis data proxy, bertindak sebagai perantara "
|
||
"antara node dan database. Kami mendiskusikan ramalannya nanti di bab ini."
|
||
|
||
msgid ""
|
||
"The configuration file ``policy.json`` may be placed anywhere. The path ``/"
|
||
"etc/manila/policy.json`` is expected by default."
|
||
msgstr ""
|
||
"File konfigurasi ``policy.json`` dapat ditempatkan dimana saja. Path ``/etc/"
|
||
"manila/policy.json`` diharapkan secara default."
|
||
|
||
msgid ""
|
||
"The configuration files for the OpenStack services contain a number of "
|
||
"passwords which are in plain text. These include, for instance, the "
|
||
"passwords used by service users to authenticate to keystone to validate "
|
||
"keystone tokens."
|
||
msgstr ""
|
||
"File konfigurasi untuk layanan OpenStack berisi sejumlah password yang ada "
|
||
"dalam teks biasa. Ini termasuk, misalnya, password yang digunakan oleh "
|
||
"pengguna layanan untuk melakukan otentikasi ke keystone untuk memvalidasi "
|
||
"token keystone."
|
||
|
||
msgid ""
|
||
"The configuration for manila-rootwrap in file ``rootwrap.conf`` and the "
|
||
"manila-rootwrap command filters for share nodes in file ``rootwrap.d/share."
|
||
"filters`` should be owned by, and only-writeable by, the root user."
|
||
msgstr ""
|
||
"Konfigurasi untuk manila-rootwrap di file ``rootwrap.conf`` dan filter "
|
||
"perintah manila-rootwrap untuk share node dalam file ``rootwrap.d/share."
|
||
"filters`` harus dimiliki oleh, dan hanya dapat ditulisi oleh, pengguna root"
|
||
|
||
msgid ""
|
||
"The configuration option in ``manila.conf`` that sets *share servers* mode "
|
||
"or *no share servers* mode is the ``driver_handles_share_servers`` option. "
|
||
"It indicates whether a driver handles share servers by itself or it expects "
|
||
"the Shared File Systems service to do it."
|
||
msgstr ""
|
||
"Pilihan konfigurasi pada ``manila.conf`` yang mengatur mode *share servers* "
|
||
"atau mode *no share servers * adalah opsi ``driver_handles_share_servers``. "
|
||
"Ini menunjukkan apakah driver menangani server berbagi dengan sendirinya "
|
||
"atau mengharapkan layanan Shared File Systems untuk melakukannya."
|
||
|
||
msgid ""
|
||
"The dashboard can also be branded for service providers and other commercial "
|
||
"vendors."
|
||
msgstr ""
|
||
"Dasbor juga bisa dicap (branded) untuk penyedia layanan dan vendor komersial "
|
||
"lainnya."
|
||
|
||
msgid ""
|
||
"The dashboard depends on a shared ``SECRET_KEY`` setting for some security "
|
||
"functions. The secret key should be a randomly generated string at least 64 "
|
||
"characters long, which must be shared across all active dashboard instances. "
|
||
"Compromise of this key may allow a remote attacker to execute arbitrary "
|
||
"code. Rotating this key invalidates existing user sessions and caching. Do "
|
||
"not commit this key to public repositories."
|
||
msgstr ""
|
||
"Dasbor tergantung pada pengaturan ``SECRET_KEY` yang dipakai bersama untuk "
|
||
"beberapa fungsi keamanan. Kunci rahasia harus berupa string yang dihasilkan "
|
||
"secara acak minimal 64 karakter, yang harus dibagi di semua instance dasbor "
|
||
"aktif. Kompromi kunci ini memungkinkan penyerang remote untuk mengeksekusi "
|
||
"kode secara acak. Memutar tombol ini akan membuat user session dan caching "
|
||
"tidak valid. Jangan masukkan kunci ini ke public repository."
|
||
|
||
msgid ""
|
||
"The dashboard provides GUI support for routers and load-balancers. For "
|
||
"example, the dashboard now implements all of the main Networking features."
|
||
msgstr ""
|
||
"Dasbor menyediakan dukungan GUI untuk router dan load-balancers. Misalnya, "
|
||
"dasbor sekarang menerapkan semua fitur Networking utama."
|
||
|
||
msgid ""
|
||
"The dashboard provides tenant-users a self-service portal to provision their "
|
||
"own resources within the limits set by administrators."
|
||
msgstr ""
|
||
"Dasbor menyediakan portal layanan mandiri (self-service) bagi pengguna "
|
||
"penyewa untuk menyediakan sumber daya mereka sendiri sesuai batasan yang "
|
||
"ditetapkan oleh administrator."
|
||
|
||
msgid ""
|
||
"The dashboard requires cookies and JavaScript to be enabled in the web "
|
||
"browser."
|
||
msgstr "Dasbor mengharuskan cookie dan JavaScript diaktifkan di browser web."
|
||
|
||
msgid ""
|
||
"The dashboard should be deployed as a Web Services Gateway Interface (WSGI) "
|
||
"application behind an HTTPS proxy such as Apache or :term:`Nginx`. If Apache "
|
||
"is not already in use, we recommend :term:`Nginx` since it is lightweight "
|
||
"and easier to configure correctly."
|
||
msgstr ""
|
||
"Dasbor harus digunakan sebagai aplikasi Web Services Gateway Interface "
|
||
"(WSGI) di belakang proxy HTTPS seperti Apache atau :term:`Nginx`. Jika "
|
||
"Apache belum digunakan, kami sarankan :term:`Nginx` karena sudah ringan dan "
|
||
"mudah dikonfigurasi dengan benar."
|
||
|
||
msgid ""
|
||
"The dashboard's static media should be deployed to a subdomain of the "
|
||
"dashboard domain and served by the web server. The use of an external "
|
||
"content delivery network (CDN) is also acceptable. This subdomain should not "
|
||
"set cookies or serve user-provided content. The media should also be served "
|
||
"with HTTPS."
|
||
msgstr ""
|
||
"Media statis dasbor harus dikirim ke subdomain dari domain dasbor dan "
|
||
"dilayani oleh server web. Penggunaan content delivery network (CDN) "
|
||
"eksternal juga dapat diterima. Subdomain ini tidak boleh menyetel cookies "
|
||
"atau menyajikan konten yang disediakan pengguna. Media juga harus dilayani "
|
||
"dengan HTTPS."
|
||
|
||
msgid ""
|
||
"The data asset impact analysis breaks down the impact of the loss of "
|
||
"confidentiality, integrity or availability for each data asset. Project "
|
||
"architects should attempt to complete this, as they understand their project "
|
||
"in the most detail, but the OpenStack Security Project (OSSP) will work "
|
||
"through this with the project during the security review and are likely to "
|
||
"add or update the impact details."
|
||
msgstr ""
|
||
"Analisis dampak aset data memecah dampak hilangnya kerahasiaan, integritas "
|
||
"atau ketersediaan setiap aset data. Arsitek proyek harus berusaha "
|
||
"menyelesaikan ini, karena mereka memahami proyek mereka secara terinci, "
|
||
"OpenStack Security Project (OSSP) akan menyelesaikannya dengan proyek selama "
|
||
"tinjauan keamanan dan cenderung menambahkan atau memperbarui rincian "
|
||
"dampaknya."
|
||
|
||
msgid ""
|
||
"The data processing controller can be configured to use proxy commands for "
|
||
"accessing its cluster instances. In this manner custom network topologies "
|
||
"can be created for installations which will not use the networks provided "
|
||
"directly by the Networking service. We recommend using this option for "
|
||
"installations which require limiting access between the controller and the "
|
||
"instances."
|
||
msgstr ""
|
||
"Pengontrol pengolahan data dapat dikonfigurasi untuk menggunakan perintah "
|
||
"proxy untuk mengakses instance clusternya. Dengan cara ini topologi jaringan "
|
||
"kustom dapat dibuat untuk instalasi yang tidak akan menggunakan jaringan "
|
||
"yang disediakan secara langsung oleh layanan Networking. Sebaiknya gunakan "
|
||
"opsi ini untuk pemasangan yang memerlukan pembatasan akses antara pengontrol "
|
||
"dan instances."
|
||
|
||
msgid ""
|
||
"The data processing controller retains temporary storage of the username and "
|
||
"password provided for object store access. When using proxy domains the "
|
||
"controller will generate this pair for the proxy user, and the access of "
|
||
"this user will be limited to that of the identity trust. We recommend using "
|
||
"proxy domains in any installation where the controller or its database have "
|
||
"routes to or from public networks."
|
||
msgstr ""
|
||
"The data processing controller retains temporary storage of the username and "
|
||
"password provided for object store access. When using proxy domains the "
|
||
"controller will generate this pair for the proxy user, and the access of "
|
||
"this user will be limited to that of the identity trust. We recommend using "
|
||
"proxy domains in any installation where the controller or its database have "
|
||
"routes to or from public networks."
|
||
|
||
msgid ""
|
||
"The data security domain is concerned primarily with information pertaining "
|
||
"to the storage services within OpenStack. Most of the data transmitted "
|
||
"across this network requires high levels of integrity and confidentiality. "
|
||
"In some cases, depending on the type of deployment there may also be strong "
|
||
"availability requirements."
|
||
msgstr ""
|
||
"Domain keamanan data terutama terkait dengan informasi yang berkaitan dengan "
|
||
"layanan penyimpanan di dalam OpenStack. Sebagian besar data yang dikirim "
|
||
"melalui jaringan ini memerlukan tingkat integritas dan kerahasiaan yang "
|
||
"tinggi. Dalam beberapa kasus, tergantung pada jenis penempatan, mungkin juga "
|
||
"ada persyaratan ketersediaan yang kuat."
|
||
|
||
msgid ""
|
||
"The database user accounts created for the OpenStack services and for each "
|
||
"node should have privileges limited to just the database relevant to the "
|
||
"service where the node is a member."
|
||
msgstr ""
|
||
"Akun pengguna database dibuat untuk layanan OpenStack dan untuk setiap node "
|
||
"harus memiliki hak istimewa terbatas hanya pada database yang relevan dengan "
|
||
"layanan di mana node adalah anggota."
|
||
|
||
msgid ""
|
||
"The dedicated management utilities (\\*-manage) in some cases use the direct "
|
||
"database connection."
|
||
msgstr ""
|
||
"Utilitas manajemen dedicated (\\*-manage) dalam beberapa kasus menggunakan "
|
||
"koneksi database langsung."
|
||
|
||
msgid ""
|
||
"The default assumption for a data processing installation is that users will "
|
||
"have access to all functionality within their projects. In the event that "
|
||
"more granular control is required the Data processing service provides a "
|
||
"policy file (as described in :doc:`../identity/policies`). These "
|
||
"configurations will be highly dependent on the needs of the installing "
|
||
"organization, and as such there is no general advice on their usage: see :"
|
||
"ref:`data-processing-rbac-policies` for details."
|
||
msgstr ""
|
||
"Asumsi default untuk instalasi pengolahan data adalah pengguna akan memiliki "
|
||
"akses ke semua fungsi dalam proyek mereka. Jika diperlukan kontrol yang "
|
||
"lebih terperinci, layanan pengolahan data menyediakan file kebijakan "
|
||
"(seperti yang dijelaskan di :doc:`../identity/policies`). Konfigurasi ini "
|
||
"akan sangat tergantung pada kebutuhan organisasi penginstalan, dan karena "
|
||
"itu tidak ada saran umum mengenai penggunaannya: lihat :ref:`data-processing-"
|
||
"rbac-policies` untuk rinciannya."
|
||
|
||
msgid ""
|
||
"The default configuration file is ``/etc/apache2/apache2.conf`` on Ubuntu, "
|
||
"``/etc/httpd/conf/httpd.conf`` on RHEL and CentOS, ``/etc/apache2/httpd."
|
||
"conf`` on openSUSE and SUSE Linux Enterprise."
|
||
msgstr ""
|
||
"File konfigurasi defaultnya adalah ``/etc/apache2/apache2.conf`` di Ubuntu, "
|
||
"``/etc/httpd/conf/httpd.conf`` di RHEL dan CentOS, ``/etc/apache2/httpd."
|
||
"conf`` di openSUSE dan SUSE Linux Enterprise."
|
||
|
||
msgid ""
|
||
"The default session back end for horizon ``django.contrib.sessions.backends."
|
||
"signed_cookies`` saves user data in signed, but unencrypted cookies stored "
|
||
"in the browser. Due to the fact that each dashboard instance is stateless, "
|
||
"the previously mentioned methodology provides the ability to implement the "
|
||
"most simple session back-end scaling."
|
||
msgstr ""
|
||
"Sesi back end default horizon ``django.contrib.sessions.backends."
|
||
"signed_cookies`` menyimpan data pengguna yang masuk, tapi cookie yang tidak "
|
||
"dienkripsi disimpan di browser. Karena fakta bahwa setiap instance dasbor "
|
||
"stateless, metodologi yang disebutkan sebelumnya memberi kemampuan untuk "
|
||
"menerapkan penskalaan sesi back-end yang paling sederhana."
|
||
|
||
msgid ""
|
||
"The design of OpenStack is such that separation of security domains is "
|
||
"difficult. Because core services will usually bridge at least two domains, "
|
||
"special consideration must be given when applying security controls to them."
|
||
msgstr ""
|
||
"Desain OpenStack sedemikian rupa sehingga pemisahan domain keamanan sulit "
|
||
"dilakukan. Karena layanan inti biasanya akan menjembatani setidaknya dua "
|
||
"domain, pertimbangan khusus harus diberikan saat menerapkan kontrol keamanan "
|
||
"kepada mereka."
|
||
|
||
msgid ""
|
||
"The diagram above shows a compute node bridging the data and management "
|
||
"domains; as such, the compute node should be configured to meet the security "
|
||
"requirements of the management domain. Similarly, the API Endpoint in this "
|
||
"diagram is bridging the untrusted public domain and the management domain, "
|
||
"which should be configured to protect against attacks from the public domain "
|
||
"propagating through to the management domain."
|
||
msgstr ""
|
||
"Diagram di atas menunjukkan sebuah node komputasi yang menjembatani data dan "
|
||
"domain manajemen; Dengan demikian, node komputasi harus dikonfigurasi untuk "
|
||
"memenuhi persyaratan keamanan dari domain manajemen. Demikian pula, Endpoint "
|
||
"API dalam diagram ini menjembatani domain publik yang tidak tepercaya dan "
|
||
"domain manajemen, yang harus dikonfigurasi untuk melindungi dari serangan "
|
||
"dari domain publik yang memperbanyak melalui domain manajemen."
|
||
|
||
msgid ""
|
||
"The diagram shows the typical types of attacks that may be expected from the "
|
||
"actors described in the previous section. Note that there will always be "
|
||
"exceptions to this diagram."
|
||
msgstr ""
|
||
"Diagram menunjukkan jenis serangan khas yang mungkin diharapkan dari aktor "
|
||
"yang dijelaskan pada bagian sebelumnya. Perhatikan bahwa akan selalu ada "
|
||
"pengecualian pada diagram ini."
|
||
|
||
msgid ""
|
||
"The endpoint that receives the digitally signed certificate that is "
|
||
"verifiable with reference to the public key listed on the certificate. The "
|
||
"relying party should be in a position to verify the certificate up the "
|
||
"chain, ensure that it is not present in the :term:`CRL` and also must be "
|
||
"able to verify the expiry date on the certificate."
|
||
msgstr ""
|
||
"Endpoint yang menerima sertifikat yang ditandatangani secara digital yang "
|
||
"dapat diverifikasi dengan mengacu pada kunci publik yang tercantum pada "
|
||
"sertifikat. Pihak yang mengandalkan harus berada dalam posisi untuk "
|
||
"memverifikasi sertifikat atas rantai tersebut, memastikan bahwa hal itu "
|
||
"tidak ada dalam :term:`CRL` dan juga harus dapat memverifikasi tanggal "
|
||
"kadaluarsa sertifikat."
|
||
|
||
msgid "The entity tag (ETag) of objects that have non-zero content"
|
||
msgstr "The entity tag (ETag) dari objek yang memiliki konten tidak nol"
|
||
|
||
msgid ""
|
||
"The ephemeral disk encryption feature addresses data privacy. The ephemeral "
|
||
"disk is a temporary work space used by the virtual host operating system. "
|
||
"Without encryption, sensitive user information could be accessed on this "
|
||
"disk, and vestigial information could remain after the disk is unmounted."
|
||
msgstr ""
|
||
"Fitur enkripsi disk sesaat membahas privasi data. Disk fana adalah ruang "
|
||
"kerja sementara yang digunakan oleh sistem operasi virtual host. Tanpa "
|
||
"enkripsi, informasi pengguna yang sensitif dapat diakses pada disk ini, dan "
|
||
"informasi sisa bisa tetap ada setelah disk tidak terpasang."
|
||
|
||
msgid ""
|
||
"The ephemeral disk encryption feature, can interface with a key management "
|
||
"service through a secure wrapper and support data isolation by providing "
|
||
"ephemeral disk encryption keys on a per-tenant basis. Back-end key storage "
|
||
"is recommended for enhanced security (for example, an HSM or KMIP server can "
|
||
"be used as a barbican back-end secret store)."
|
||
msgstr ""
|
||
"Fitur enkripsi disk sesaat, dapat berinteraksi dengan layanan manajemen "
|
||
"kunci melalui pembungkus yang aman dan mendukung isolasi data dengan "
|
||
"menyediakan kunci enkripsi disk sesaat pada basis per-penyewa. Penyimpanan "
|
||
"kunci back-end direkomendasikan untuk keamanan yang ditingkatkan (misalnya, "
|
||
"server HSM atau KMIP dapat digunakan sebagai penyimpanan rahasia back-end "
|
||
"barbican)."
|
||
|
||
msgid ""
|
||
"The file location should match the value of the configuration option "
|
||
"``idp_metadata_path`` that was assigned in the list of ``[saml]`` updates."
|
||
msgstr ""
|
||
"Lokasi file harus sesuai dengan nilai opsi konfigurasi ``idp_metadata_path`` "
|
||
"yang ditugaskan dalam daftar update ``[saml] ``."
|
||
|
||
msgid ""
|
||
"The final option is to use an automated image builder. The following example "
|
||
"uses the Oz image builder. The OpenStack community has recently created a "
|
||
"newer tool worth investigating: disk-image-builder. We have not evaluated "
|
||
"this tool from a security perspective."
|
||
msgstr ""
|
||
"Pilihan terakhir adalah menggunakan pembangun image otomatis. Contoh berikut "
|
||
"menggunakan pembangun image Oz. Komunitas OpenStack baru-baru ini "
|
||
"menciptakan alat baru yang layak untuk penyeledikan: disk-image-builder. "
|
||
"Kami belum mengevaluasi alat ini dari perspektif keamanan."
|
||
|
||
msgid "The first option is to obtain boot media from a trusted source."
|
||
msgstr ""
|
||
"Pilihan pertama adalah untuk mendapatkan media boot dari sumber terpercaya."
|
||
|
||
msgid ""
|
||
"The first thing one should do when evaluating their OpenStack SSL/TLS needs "
|
||
"is to identify the threats. You can divide these threats into external and "
|
||
"internal attacker categories, but the lines tend to get blurred since "
|
||
"certain components of OpenStack operate on both the public and management "
|
||
"networks."
|
||
msgstr ""
|
||
"Hal pertama yang harus dilakukan saat mengevaluasi kebutuhan OpenStack SSL/"
|
||
"TLS adalah untuk mengidentifikasi ancaman. Anda dapat membagi ancaman ini ke "
|
||
"dalam kategori penyerang eksternal dan internal, namun garis tersebut "
|
||
"cenderung menjadi kabur karena beberapa komponen OpenStack beroperasi pada "
|
||
"jaringan publik dan manajemen."
|
||
|
||
msgid ""
|
||
"The following are the default listening ports for the various storage "
|
||
"services:"
|
||
msgstr ""
|
||
"Berikut adalah listening port default untuk berbagai layanan penyimpanan:"
|
||
|
||
msgid ""
|
||
"The following compiler options are recommend for GCC when compiling QEMU:"
|
||
msgstr ""
|
||
"Pilihan kompilator berikut direkomendasikan untuk GCC saat mengkompilasi "
|
||
"QEMU:"
|
||
|
||
msgid "The following data are encrypted while at rest in swift:"
|
||
msgstr "Data berikut dienkripsi saat istirahat dengan cepat:"
|
||
|
||
msgid ""
|
||
"The following diagram presents a conceptual view of how the Data processing "
|
||
"service fits into the greater OpenStack ecosystem."
|
||
msgstr ""
|
||
"Diagram berikut menyajikan pandangan konseptual tentang bagaimana layanan "
|
||
"pemrosesan Data sesuai dengan ekosistem OpenStack yang lebih besar."
|
||
|
||
msgid ""
|
||
"The following example shows a PKI token. Note that token ID values are "
|
||
"typically 3500 bytes. In this example, the value has been truncated."
|
||
msgstr ""
|
||
"Contoh berikut menunjukkan token PKI. Perhatikan bahwa nilai-nilai token ID "
|
||
"biasanya 3500 byte. Dalam contoh ini, nilainya telah terpotong."
|
||
|
||
msgid ""
|
||
"The following example shows how the service can restrict access to create, "
|
||
"update and delete resources to only those users which have the role of "
|
||
"``cloud_admin``, which has been defined as being the conjunction of ``role = "
|
||
"admin`` and ``domain_id = admin_domain_id``, while the get and list "
|
||
"resources are made available to users which have the role of ``cloud_admin`` "
|
||
"or ``admin``."
|
||
msgstr ""
|
||
"Contoh berikut menunjukkan bagaimana layanan dapat membatasi akses untuk "
|
||
"membuat, memperbarui dan menghapus sumber daya hanya untuk pengguna yang "
|
||
"memiliki peran ``cloud_admin``, yang telah didefinisikan sebagai gabungan "
|
||
"dari ``role = admin`` dan ``domain_id = admin_domain_id``, sedangkan sumber "
|
||
"daya get and list tersedia bagi pengguna yang memiliki peran ``cloud_admin`` "
|
||
"atau ``admin``."
|
||
|
||
msgid "The following figure demonstrates one possible network architecture."
|
||
msgstr "Gambar berikut menunjukkan satu kemungkinan arsitektur jaringan."
|
||
|
||
msgid ""
|
||
"The following figure shows an architectural and networking flow diagram of "
|
||
"the OpenStack Networking components:"
|
||
msgstr ""
|
||
"Gambar berikut menunjukkan diagram alir arsitektur dan jaringan komponen "
|
||
"OpenStack Networking:"
|
||
|
||
msgid ""
|
||
"The following is a list of Control Frameworks that an organization can use "
|
||
"to build their security controls."
|
||
msgstr ""
|
||
"Berikut ini adalah daftar Control Frameworks yang dapat digunakan organisasi "
|
||
"untuk membangun kontrol keamanan mereka."
|
||
|
||
msgid ""
|
||
"The following lines should be added in the system-wide MySQL configuration "
|
||
"file:"
|
||
msgstr "Baris berikut harus ditambahkan di file konfigurasi system-wide MySQL:"
|
||
|
||
msgid ""
|
||
"The following lines should be added in the system-wide PostgreSQL "
|
||
"configuration file, ``postgresql.conf``."
|
||
msgstr ""
|
||
"Baris berikut harus ditambahkan di file konfigurasi system-wide PostgreSQL, "
|
||
"``postgresql.conf``."
|
||
|
||
msgid ""
|
||
"The following lines should be added to the system-wide RabbitMQ "
|
||
"configuration file, typically ``/etc/rabbitmq/rabbitmq.config``:"
|
||
msgstr ""
|
||
"Baris berikut harus ditambahkan ke file konfigurasi RabbitMQ sistem secara "
|
||
"keseluruhan ``/etc/rabbitmq/rabbitmq.config``:"
|
||
|
||
msgid ""
|
||
"The following table calls out these features by common hypervisor platforms."
|
||
msgstr "Tabel berikut memanggil fitur ini oleh platform hypervisor umum."
|
||
|
||
msgid ""
|
||
"The functionality and integration are still evolving. We will access the "
|
||
"features in the next release and make recommendations."
|
||
msgstr ""
|
||
"Fungsionalitas dan integrasi masih terus berkembang. Kami akan mengakses "
|
||
"fitur di rilis berikutnya dan membuat rekomendasi."
|
||
|
||
msgid ""
|
||
"The generation and collection of logs is an important component of securely "
|
||
"monitoring an OpenStack infrastructure. Logs provide visibility into the day-"
|
||
"to-day actions of administrators, tenants, and guests, in addition to the "
|
||
"activity in the compute, networking, and storage and other components that "
|
||
"comprise your OpenStack deployment."
|
||
msgstr ""
|
||
"Generasi dan koleksi log merupakan komponen penting untuk memantau "
|
||
"infrastruktur OpenStack secara aman. Log memberikan visibilitas ke tindakan "
|
||
"administrator, penyewa, dan tamu sehari-hari, selain aktivitas dalam "
|
||
"penghitungan, jaringan, dan penyimpanan dan komponen lainnya yang menyusun "
|
||
"penerapan OpenStack Anda."
|
||
|
||
msgid ""
|
||
"The goal of security review in the OpenStack community is to identify "
|
||
"weaknesses in design or implementation of OpenStack projects. While rare, "
|
||
"these weaknesses could potentially have catastrophic effects on the security "
|
||
"of an OpenStack deployment, and therefore work should be undertaken to "
|
||
"minimize the likelihood of these defects in released projects. The OpenStack "
|
||
"Security Project asserts that once a security review of a project has been "
|
||
"completed, the following are known and documented:"
|
||
msgstr ""
|
||
"Tujuan tinjauan keamanan di komunitas OpenStack adalah untuk "
|
||
"mengidentifikasi kelemahan dalam perancangan atau pelaksanaan proyek "
|
||
"OpenStack. Meskipun jarang terjadi, kelemahan ini berpotensi menimbulkan "
|
||
"dampak bencana terhadap keamanan penempatan OpenStack, dan oleh karena itu, "
|
||
"pekerjaan harus dilakukan untuk meminimalkan kemungkinan cacat pada proyek "
|
||
"yang diluncurkan. OpenStack Security Project menegaskan bahwa setelah "
|
||
"tinjauan keamanan atas sebuah proyek selesai, berikut ini diketahui dan "
|
||
"didokumentasikan:"
|
||
|
||
msgid ""
|
||
"The importance of encrypting data on behalf of tenants is largely related to "
|
||
"the risk assumed by a provider that an attacker could access tenant data. "
|
||
"There may be requirements here in government, as well as requirements per-"
|
||
"policy, in private contract, or even in case law in regard to private "
|
||
"contracts for public cloud providers. It is recommended that a risk "
|
||
"assessment and legal consul advised before choosing tenant encryption "
|
||
"policies."
|
||
msgstr ""
|
||
"Pentingnya mengenkripsi data atas nama penyewa sebagian besar terkait dengan "
|
||
"risiko yang diasumsikan oleh penyedia bahwa penyerang dapat mengakses data "
|
||
"penyewa. Mungkin ada persyaratan di sini di pemerintahan, serta persyaratan "
|
||
"per-kebijakan, kontrak pribadi, atau bahkan dalam kasus hukum berkaitan "
|
||
"dengan kontrak pribadi untuk penyedia awan publik. Dianjurkan agar penilaian "
|
||
"risiko dan konsul hukum disarankan sebelum memilih kebijakan enkripsi "
|
||
"penyewa."
|
||
|
||
msgid ""
|
||
"The information security management system preserves the confidentiality, "
|
||
"integrity, and availability of information by applying a risk management "
|
||
"process and gives confidence to interested parties that risks are adequately "
|
||
"managed."
|
||
msgstr ""
|
||
"Sistem manajemen keamanan informasi menjaga kerahasiaan, integritas, dan "
|
||
"ketersediaan informasi dengan menerapkan proses manajemen risiko dan "
|
||
"memberikan kepercayaan kepada pihak yang berkepentingan bahwa risiko "
|
||
"dikelola secara memadai."
|
||
|
||
msgid ""
|
||
"The information system will receive a security category as defined in "
|
||
"Federal Information Processing Standards Publication 199 (FIPS 199). These "
|
||
"categories reflect the potential impact of system compromise."
|
||
msgstr ""
|
||
"Sistem informasi akan menerima kategori keamanan sebagaimana didefinisikan "
|
||
"dalam Federal Information Processing Standards Publication 199 (FIPS 199). "
|
||
"Kategori ini mencerminkan potensi dampak kompromi sistem."
|
||
|
||
msgid ""
|
||
"The initial program loader (IPL) code will most likely be the PXE firmware, "
|
||
"assuming the node deployment strategy outlined above. Therefore, the secure "
|
||
"boot or boot attestation process can measure all of the early stage boot "
|
||
"code, such as BIOS, firmware, the PXE firmware, and the kernel image. "
|
||
"Ensuring that each node has the correct versions of these pieces installed "
|
||
"provides a solid foundation on which to build the rest of the node software "
|
||
"stack."
|
||
msgstr ""
|
||
"Kode initial program loader (IPL) kemungkinan besar adalah firmware PXE, "
|
||
"dengan asumsi strategi penyebaran node yang diuraikan di atas. Oleh karena "
|
||
"itu, proses pengesahan booting atau booting yang aman dapat mengukur semua "
|
||
"kode boot tahap awal, seperti BIOS, firmware, firmware PXE, dan kernel "
|
||
"image. Memastikan bahwa setiap node memiliki versi yang benar dari potongan-"
|
||
"potongan ini yang terpasang memberikan fondasi yang kokoh untuk membangun "
|
||
"tumpukan perangkat lunak node lainnya."
|
||
|
||
msgid ""
|
||
"The initial work on this book was conducted in an overly air-conditioned "
|
||
"room that served as our group office for the entirety of the documentation "
|
||
"sprint."
|
||
msgstr ""
|
||
"Karya awal buku ini dilakukan di ruangan yang terlalu ber-AC yang berfungsi "
|
||
"sebagai kantor kelompok kami untuk keseluruhan sprint dokumentasi."
|
||
|
||
msgid ""
|
||
"The interfaces listing captures interfaces within the scope of the review. "
|
||
"This includes connections between blocks on the architecture diagram which "
|
||
"cross a trust boundary or do not use an industry standard encryption "
|
||
"protocol such as TLS or SSH. For each interface the following information is "
|
||
"captured:"
|
||
msgstr ""
|
||
"Daftar antarmuka menangkap antarmuka dalam lingkup tinjauan. Ini termasuk "
|
||
"koneksi antara blok pada diagram arsitektur yang melintasi batas kepercayaan "
|
||
"atau tidak menggunakan protokol enkripsi standar industri seperti TLS atau "
|
||
"SSH. Untuk setiap antarmuka informasi berikut diambil:"
|
||
|
||
msgid ""
|
||
"The key manager of your choice can be used with Openstack if Castellan "
|
||
"plugin has been written for that key manager. Once that plugin has been "
|
||
"written, it is relatively trivial to use the plugin either directly or "
|
||
"behind Barbican."
|
||
msgstr ""
|
||
"Key manager pilihan Anda dapat digunakan dengan Openstack jika plugin "
|
||
"Castellan telah ditulis untuk key manager tersebut. Setelah plugin itu "
|
||
"ditulis, relatif sepele untuk menggunakan plugin baik secara langsung maupun "
|
||
"di belakang Barbican."
|
||
|
||
msgid ""
|
||
"The libvirt plug-in for compute may maintain ephemeral storage directly on a "
|
||
"filesystem, or in LVM. Filesystem storage generally will not overwrite data "
|
||
"when it is removed, although there is a guarantee that dirty extents are not "
|
||
"provisioned to users."
|
||
msgstr ""
|
||
"Plugin libvirt untuk menghitung dapat menyimpan penyimpanan sesaat secara "
|
||
"langsung pada filesystem, atau di LVM. Penyimpanan filesystem umumnya tidak "
|
||
"akan menimpa data saat dilepas, meski ada jaminan bahwa luapan limbah (dirty "
|
||
"extent) tidak tersedia bagi pengguna."
|
||
|
||
msgid ""
|
||
"The management of the security critical parameters of the system is "
|
||
"performed by administrative users. A set of commands that require root "
|
||
"privileges (or specific roles when RBAC is used) are used for system "
|
||
"management. Security parameters are stored in specific files that are "
|
||
"protected by the access control mechanisms of the system against "
|
||
"unauthorized access by users that are not administrative users."
|
||
msgstr ""
|
||
"Pengelolaan parameter kritis keamanan sistem dilakukan oleh pengguna "
|
||
"administratif. Satu set perintah yang memerlukan hak istimewa root (atau "
|
||
"peran spesifik saat RBAC digunakan) digunakan untuk pengelolaan sistem. "
|
||
"Parameter keamanan disimpan dalam file tertentu yang dilindungi oleh "
|
||
"mekanisme kontrol akses dari sistem terhadap akses yang tidak sah oleh "
|
||
"pengguna yang bukan pengguna administratif."
|
||
|
||
msgid ""
|
||
"The management security domain is where services interact. Sometimes "
|
||
"referred to as the \"control plane\", the networks in this domain transport "
|
||
"confidential data such as configuration parameters, user names, and "
|
||
"passwords. Command and Control traffic typically resides in this domain, "
|
||
"which necessitates strong integrity requirements. Access to this domain "
|
||
"should be highly restricted and monitored. At the same time, this domain "
|
||
"should still employ all of the security best practices described in this "
|
||
"guide."
|
||
msgstr ""
|
||
"Domain keamanan manajemen adalah tempat layanan berinteraksi. Terkadang "
|
||
"disebut sebagai \"control plane\", jaringan dalam domain ini mengangkut data "
|
||
"rahasia seperti parameter konfigurasi, nama pengguna, dan kata sandi. Lalu "
|
||
"lintas Command and Control biasanya berada di domain ini, yang memerlukan "
|
||
"persyaratan integritas yang kuat. Akses ke domain ini harus sangat dibatasi "
|
||
"dan dipantau. Pada saat yang sama, domain ini harus tetap menerapkan semua "
|
||
"praktik terbaik keamanan yang dijelaskan dalam panduan ini."
|
||
|
||
msgid ""
|
||
"The manila configuration file ``manila.conf`` may be placed anywhere. The "
|
||
"path ``/etc/manila/manila.conf`` is expected by default."
|
||
msgstr ""
|
||
"File konfigurasi manila ``manila.conf`` dapat ditempatkan dimana saja. Path "
|
||
"``/etc/manila/manila.conf`` diharapkan secara default."
|
||
|
||
msgid ""
|
||
"The maturity of a given hypervisor product or project is critical to your "
|
||
"security posture as well. Product maturity has a number of effects once you "
|
||
"have deployed your cloud:"
|
||
msgstr ""
|
||
"Kematangan produk atau proyek hypervisor yang diberikan sangat penting untuk "
|
||
"postur keamanan Anda. Kematangan produk memiliki sejumlah efek setelah Anda "
|
||
"memasang awan Anda:"
|
||
|
||
msgid ""
|
||
"The maturity of a given product or project is critical to your security "
|
||
"posture. Product maturity has a number of effects after you deploy your "
|
||
"cloud:"
|
||
msgstr ""
|
||
"Kematangan produk atau proyek tertentu sangat penting untuk postur keamanan "
|
||
"Anda. Kematangan produk memiliki sejumlah efek setelah Anda menyebarkan awan "
|
||
"Anda:"
|
||
|
||
msgid ""
|
||
"The method for configuring your web server to start and run as a non-root "
|
||
"user varies by web server and operating system."
|
||
msgstr ""
|
||
"Metode untuk mengonfigurasi server web Anda agar dijalankan dan dijalankan "
|
||
"sebagai pengguna non-root berbeda-beda menurut server web dan sistem operasi."
|
||
|
||
msgid ""
|
||
"The more familiar your team is with a given product, its configuration, and "
|
||
"its eccentricities, the fewer configuration mistakes are made. Additionally, "
|
||
"having staff expertise spread across an organization increases availability "
|
||
"of your systems, allows segregation of duties, and mitigates problems in the "
|
||
"event that a team member is unavailable."
|
||
msgstr ""
|
||
"Semakin akrab tim Anda dengan produk tertentu, konfigurasinya, dan "
|
||
"eksentrisitasnya, semakin sedikit kesalahan konfigurasi yang dibuat. Selain "
|
||
"itu, memiliki keahlian staf yang tersebar di seluruh organisasi meningkatkan "
|
||
"ketersediaan sistem Anda, memungkinkan pemisahan tugas, dan mengurangi "
|
||
"masalah jika anggota tim tidak tersedia."
|
||
|
||
msgid ""
|
||
"The most common frameworks for auditing and evaluating a cloud deployment "
|
||
"include the previously mentioned ISO 27001/2 Information Security standard, "
|
||
"ISACA's Control Objectives for Information and Related Technology (COBIT) "
|
||
"framework, Committee of Sponsoring Organizations of the Treadway Commission "
|
||
"(COSO), and Information Technology Infrastructure Library (ITIL). It is very "
|
||
"common for audits to include areas of focus from one or more of these "
|
||
"frameworks. Fortunately there is a lot of overlap between the frameworks, so "
|
||
"an organization that adopts one will be in a good position come audit time."
|
||
msgstr ""
|
||
"Kerangka kerja yang paling umum untuk mengaudit dan mengevaluasi penerapan "
|
||
"cloud termasuk standar Information Security 27001/2 yang telah disebutkan "
|
||
"sebelumnya, kerangka ISACA's Control Objectives for Information and Related "
|
||
"Technology (COBIT), Committee of Sponsoring Organizations of the Treadway "
|
||
"Commission (COSO), dan Information Technology Infrastructure Library (ITIL). "
|
||
"Hal ini sangat umum untuk audit untuk memasukkan area fokus dari satu atau "
|
||
"lebih kerangka kerja ini. Untungnya ada banyak tumpang tindih antara "
|
||
"kerangka kerja, sehingga organisasi yang mengadopsi seseorang akan berada "
|
||
"dalam posisi yang baik datang waktu audit."
|
||
|
||
msgid ""
|
||
"The network authentication protocol which works on the basis of tickets to "
|
||
"allow nodes communicating over a non-secure network to prove their identity "
|
||
"to one another in a secure manner."
|
||
msgstr ""
|
||
"Protokol otentikasi jaringan yang bekerja berdasarkan tiket untuk "
|
||
"memungkinkan node berkomunikasi melalui jaringan yang tidak aman untuk "
|
||
"membuktikan identitas mereka satu sama lain secara aman."
|
||
|
||
msgid ""
|
||
"The neutron-l3-agent, used by many plug-ins to implement L3 forwarding, "
|
||
"supports only IPv4 forwarding."
|
||
msgstr ""
|
||
"Agen neutron-l3-agent, yang digunakan oleh banyak plug-in untuk "
|
||
"mengimplementasikan forwarding L3, hanya mendukung penerusan IPv4."
|
||
|
||
msgid ""
|
||
"The newly created file will be stored under ``/etc/shibboleth/sp-key.pem``"
|
||
msgstr ""
|
||
"File yang baru dibuat akan disimpan di bawah ``/etc/shibboleth/sp-key.pem``"
|
||
|
||
msgid ""
|
||
"The nova command-line utility can return a URL for SPICE console for access "
|
||
"by a SPICE-html client."
|
||
msgstr ""
|
||
"Utilitas command-line nova dapat mengembalikan URL untuk konsol SPICE untuk "
|
||
"akses oleh klien SPICE-html."
|
||
|
||
msgid ""
|
||
"The option ``saml2`` may be different in your deployment, but do not use a "
|
||
"wildcard value. Otherwise every Federated protocol will be handled by "
|
||
"Shibboleth."
|
||
msgstr ""
|
||
"Pilihan `` saml2`` mungkin berbeda dalam penerapan Anda, namun jangan "
|
||
"gunakan nilai wildcard. Jika tidak, setiap protokol Federated akan ditangani "
|
||
"oleh Shibboleth."
|
||
|
||
msgid ""
|
||
"The option exists for implementers to encrypt tenant data wherever it is "
|
||
"stored on disk or transported over a network, such as the OpenStack volume "
|
||
"encryption feature described below. This is above and beyond the general "
|
||
"recommendation that users encrypt their own data before sending it to their "
|
||
"provider."
|
||
msgstr ""
|
||
"Pilihan ada bagi pelaksana untuk mengenkripsi data penyewa dimanapun "
|
||
"disimpan di disk atau diangkut melalui jaringan, seperti fitur enkripsi "
|
||
"volume OpenStack yang dijelaskan di bawah ini. Ini di atas dan di luar "
|
||
"rekomendasi umum bahwa pengguna mengenkripsi data mereka sendiri sebelum "
|
||
"mengirimkannya ke penyedia mereka."
|
||
|
||
msgid ""
|
||
"The parameter ``max_request_body_size`` defines the maximum body size per "
|
||
"request in bytes. If the maximum size is not defined, the attacker could "
|
||
"craft an arbitrary request of large size causing the service to crash and "
|
||
"finally resulting in Denial Of Service attack. Assigning the maximum value "
|
||
"ensures that any malicious oversized request gets blocked ensuring continued "
|
||
"availability of the component."
|
||
msgstr ""
|
||
"Parameter ``max_request_body_size`` mendefinisikan ukuran body maksimum per "
|
||
"permintaan dalam satuan byte. Jika ukuran maksimum tidak ditentukan, "
|
||
"penyerang bisa mengajukan permintaan semaunya (arbitrary) dengan ukuran "
|
||
"besar menyebabkan layanan mogok dan akhirnya mengakibatkan serangan Denial "
|
||
"Of Service. Menetapkan nilai maksimum memastikan bahwa permintaan besar yang "
|
||
"berbahaya diblokir untuk memastikan ketersediaan komponen yang dilanjutkan."
|
||
|
||
msgid ""
|
||
"The permissions of a file can be examined my moving into the directory the "
|
||
"file is contained in and running the :command:`ls -lh` command. This will "
|
||
"show the permissions, owner, and group that have access to the file, as well "
|
||
"as other information such as the last time the file was modified and when it "
|
||
"was created."
|
||
msgstr ""
|
||
"Perizinan sebuah file dapat diperiksa untuk pindah ke direktori file berisi "
|
||
"dan menjalankan perintah :command:`ls -lh`. Ini akan menunjukkan hak akses, "
|
||
"pemilik, dan grup yang memiliki akses ke file, serta informasi lainnya "
|
||
"seperti terakhir kali file tersebut dimodifikasi dan kapan dibuat."
|
||
|
||
msgid ""
|
||
"The policy enforcement middleware enables fine-grained access control to "
|
||
"OpenStack resources. The behaviour of the policy is discussed in depth in :"
|
||
"ref:`policy-section`."
|
||
msgstr ""
|
||
"Middleware penegakan kebijakan memungkinkan kontrol akses fine-grained ke "
|
||
"sumber daya OpenStack. Perilaku kebijakan dibahas secara mendalam di :ref:"
|
||
"`policy-section`."
|
||
|
||
msgid ""
|
||
"The port ``8786`` is the default port for the Shared File Systems service. "
|
||
"It may be changed to any other port, but this change should also be made in "
|
||
"the configuration file to option ``osapi_share_listen_port`` which defaults "
|
||
"to ``8786``."
|
||
msgstr ""
|
||
"Port ``8786`` adalah port default untuk layanan Shared File Systems. Ini "
|
||
"bisa diubah ke port lain, tapi perubahan ini juga harus dilakukan pada file "
|
||
"konfigurasi ke opsi ``osapi_share_listen_port`` yang defaultnya ke ``8786``."
|
||
|
||
msgid ""
|
||
"The prescriptive defense for each form of attack is beyond the scope of this "
|
||
"document. The above diagram can assist you in making an informed decision "
|
||
"about which types of threats, and threat actors, should be protected "
|
||
"against. For commercial public cloud deployments this might include "
|
||
"prevention against serious crime. For those deploying private clouds for "
|
||
"government use, more stringent protective mechanisms should be in place, "
|
||
"including carefully protected facilities and supply chains. In contrast, "
|
||
"those standing up basic development or test environments will likely require "
|
||
"less restrictive controls (middle of the spectrum)."
|
||
msgstr ""
|
||
"Pertahanan preskriptif untuk setiap bentuk serangan berada di luar cakupan "
|
||
"dokumen ini. Diagram di atas dapat membantu Anda dalam membuat keputusan "
|
||
"tentang jenis ancaman, dan aktor ancaman, yang harus dilindungi. Untuk "
|
||
"penyebaran awan publik komersial, ini mungkin mencakup pencegahan terhadap "
|
||
"kejahatan serius. Bagi mereka yang menggunakan awan private untuk penggunaan "
|
||
"pemerintah, mekanisme perlindungan yang lebih ketat harus ada, termasuk "
|
||
"fasilitas dan rantai pasokan yang dilindungi secara hati-hati. Sebaliknya, "
|
||
"mereka yang berdiri di lingkungan pengembangan atau pengujian dasar "
|
||
"kemungkinan akan memerlukan kontrol yang kurang ketat (di tengah spektrum)."
|
||
|
||
msgid ""
|
||
"The privacy and isolation of data has consistently been cited as the primary "
|
||
"barrier to cloud adoption over the past few years. Concerns over who owns "
|
||
"data in the cloud and whether the cloud operator can be ultimately trusted "
|
||
"as a custodian of this data have been significant issues in the past."
|
||
msgstr ""
|
||
"Privasi dan isolasi data secara konsisten telah disebut sebagai penghalang "
|
||
"utama untuk adopsi awan selama beberapa tahun terakhir. Kekhawatiran atas "
|
||
"siapa yang memiliki data di awan dan apakah operator awan pada akhirnya "
|
||
"dapat dipercaya sebagai penjaga data ini telah menjadi isu penting di masa "
|
||
"lalu."
|
||
|
||
msgid ""
|
||
"The process does not end with a single external audit. Most certifications "
|
||
"require continual compliance activities which means repeating the audit "
|
||
"process periodically. We recommend integrating automated compliance "
|
||
"verification tools into a cloud to ensure that it is compliant at all times. "
|
||
"This should be in done in addition to other security monitoring tools. "
|
||
"Remember that the goal is both security and compliance. Failing on either of "
|
||
"these fronts will significantly complicate future audits."
|
||
msgstr ""
|
||
"Prosesnya tidak diakhiri dengan audit eksternal tunggal. Sebagian besar "
|
||
"sertifikasi memerlukan kegiatan kepatuhan terus-menerus yang berarti "
|
||
"mengulangi proses audit secara berkala. Sebaiknya integrasikan alat "
|
||
"verifikasi kepatuhan otomatis ke dalam awan untuk memastikannya sesuai "
|
||
"setiap saat. Ini harus dilakukan selain alat pemantauan keamanan lainnya. "
|
||
"Ingat bahwa tujuannya adalah keamanan dan kepatuhan. Gagal pada salah satu "
|
||
"front ini akan secara signifikan mempersulit audit di masa depan."
|
||
|
||
msgid ""
|
||
"The process of engaging an OpenStack cloud is started through the querying "
|
||
"of an API endpoint. While there are different challenges for public and "
|
||
"private endpoints, these are high value assets that can pose a significant "
|
||
"risk if compromised."
|
||
msgstr ""
|
||
"Proses melibatkan awan OpenStack dimulai melalui kueri API endpoint. "
|
||
"Meskipun ada tantangan yang berbeda untuk endpoint publik dan private, ini "
|
||
"adalah aset bernilai tinggi yang dapat menimbulkan risiko signifikan jika "
|
||
"dikompromikan."
|
||
|
||
msgid "The protocol used"
|
||
msgstr "Protokol yang digunakan"
|
||
|
||
msgid ""
|
||
"The public security domain is an entirely untrusted area of the cloud "
|
||
"infrastructure. It can refer to the Internet as a whole or simply to "
|
||
"networks over which you have no authority. Any data that transits this "
|
||
"domain with confidentiality or integrity requirements should be protected "
|
||
"using compensating controls."
|
||
msgstr ""
|
||
"Domain keamanan publik adalah wilayah yang sepenuhnya tidak dipercaya dari "
|
||
"infrastruktur awan. Ini bisa merujuk ke Internet secara keseluruhan atau "
|
||
"hanya ke jaringan tempat Anda tidak memiliki otoritas. Setiap data yang "
|
||
"transit domain ini dengan persyaratan kerahasiaan atau integritas harus "
|
||
"dilindungi dengan menggunakan kontrol kompensasi."
|
||
|
||
msgid ""
|
||
"The purpose of an architecture page is to document the architecture, purpose "
|
||
"and security controls of a service or project. It should document the best "
|
||
"practice deployment of that project."
|
||
msgstr ""
|
||
"Tujuan dari halaman arsitektur adalah untuk mendokumentasikan kontrol "
|
||
"arsitektur, tujuan dan keamanan suatu layanan atau proyek. Ini harus "
|
||
"mendokumentasikan penyebaran praktik terbaik dari proyek itu."
|
||
|
||
msgid ""
|
||
"The reasons for doing this will change depending on the organizational "
|
||
"requirements of the installation. In general, these fine grained controls "
|
||
"are used in situations where an operator needs to restrict the creation, "
|
||
"deletion, and retrieval of the Data processing service resources. Operators "
|
||
"who need to restrict access within a project should be fully aware that "
|
||
"there will need to be alternative means for users to gain access to the core "
|
||
"functionality of the service (for example, provisioning clusters)."
|
||
msgstr ""
|
||
"Alasan untuk melakukan hal ini akan berubah tergantung pada persyaratan "
|
||
"organisasi instalasi. Secara umum, kontrol berbutir halus (fine grained "
|
||
"control) ini digunakan dalam situasi di mana operator perlu membatasi "
|
||
"pembuatan, penghapusan, dan pengambilan sumber daya layanan pemrosesan Data. "
|
||
"Operator yang perlu membatasi akses dalam sebuah proyek harus sepenuhnya "
|
||
"sadar bahwa perlu ada cara alternatif bagi pengguna untuk mendapatkan akses "
|
||
"ke fungsionalitas inti layanan (misalnya, provisioning cluster)."
|
||
|
||
msgid ""
|
||
"The recommended configuration for the Shared File Systems service real usage "
|
||
"is to create a share with the CIFS share protocol and add to it the "
|
||
"Microsoft Active Directory directory service. In this configuration you will "
|
||
"get the centralized data base and the service that unites Kerberos and LDAP "
|
||
"approaches. This is a real use case that is convenient for production shared "
|
||
"file systems."
|
||
msgstr ""
|
||
"Konfigurasi yang disarankan untuk penggunaan layanan Shared File Systems "
|
||
"sebenarnya adalah membuat share dengan protokol share CIFS dan "
|
||
"menambahkannya ke layanan direktori Microsoft Active Directory. Dalam "
|
||
"konfigurasi ini Anda akan mendapatkan basis data terpusat dan layanan yang "
|
||
"menyatukan pendekatan Kerberos dan LDAP. Ini adalah kasus penggunaan nyata "
|
||
"yang sesuai untuk sistem file shared produksi."
|
||
|
||
msgid ""
|
||
"The recommended way to securely store and manage secrets in OpenStack is to "
|
||
"use Barbican."
|
||
msgstr ""
|
||
"Cara yang disarankan untuk menyimpan dan mengelola rahasia di OpenStack "
|
||
"dengan aman adalah dengan menggunakan Barbican."
|
||
|
||
msgid ""
|
||
"The resources (clusters, jobs, and data sources) of the Data processing "
|
||
"service are shared within the scope of a project. Although a single "
|
||
"controller installation may manage several sets of resources, these "
|
||
"resources will each be scoped to a single project. Given this constraint we "
|
||
"recommend that user membership in projects is monitored closely to maintain "
|
||
"proper segregation of resources."
|
||
msgstr ""
|
||
"Sumber daya (clusters, jobs, dan data source) dari layanan pengolahan Data "
|
||
"dibagi dalam lingkup proyek. Meskipun satu instalasi pengontrol tunggal "
|
||
"dapat mengatur beberapa kumpulan sumber daya, sumber daya ini masing-masing "
|
||
"akan diolah satu proyek tunggal. Dengan kendala ini, kami merekomendasikan "
|
||
"agar keanggotaan pengguna dalam proyek dipantau secara ketat untuk menjaga "
|
||
"pemisahan sumber daya secara benar."
|
||
|
||
msgid ""
|
||
"The rsync protocol is used between storage service nodes to replicate data "
|
||
"for high availability. In addition, the proxy service communicates with the "
|
||
"storage service when relaying data back and forth between the client end-"
|
||
"point and the cloud environment."
|
||
msgstr ""
|
||
"Protokol rsync digunakan antara node layanan penyimpanan untuk mereplikasi "
|
||
"data untuk ketersediaan tinggi. Selain itu, layanan proxy berkomunikasi "
|
||
"dengan layanan penyimpanan saat menyampaikan data bolak-balik antara titik "
|
||
"end-point dan lingkungan awan."
|
||
|
||
msgid ""
|
||
"The search should not return the string written to the encrypted volume."
|
||
msgstr ""
|
||
"Pencarian seharusnya tidak mengembalikan string yang ditulis ke volume "
|
||
"terenkripsi."
|
||
|
||
msgid ""
|
||
"The second option is to use the `OpenStack Virtual Machine Image Guide "
|
||
"<https://docs.openstack.org/image-guide/>`_. In this case, you will want to "
|
||
"follow your organizations OS hardening guidelines or those provided by a "
|
||
"trusted third-party such as the `Linux STIGs <http://iase.disa.mil/stigs/os/"
|
||
"unix-linux/Pages/index.aspx>`_."
|
||
msgstr ""
|
||
"Pilihan kedua adalah menggunakan `OpenStack Virtual Machine Image Guide "
|
||
"<https://docs.openstack.org/image-guide/>`_. Dalam kasus ini, Anda akan "
|
||
"ingin mengikuti panduan pengarahan OS organisasi Anda atau yang disediakan "
|
||
"oleh pihak ketiga yang tepercaya seperti `Linux STIGs <http://iase.disa.mil/"
|
||
"stigs/os/unix-linux/Pages/index.aspx>`_."
|
||
|
||
msgid ""
|
||
"The selection and configuration of a host-based intrusion detection tool is "
|
||
"highly deployment specific. We recommend starting by exploring the following "
|
||
"open source projects which implement a variety of host-based intrusion "
|
||
"detection and file monitoring features."
|
||
msgstr ""
|
||
"Pemilihan dan konfigurasi alat deteksi intrusi berbasis host sangat "
|
||
"spesifik. Sebaiknya mulailah dengan mengeksplorasi proyek open source "
|
||
"berikut yang menerapkan berbagai deteksi intrusi berbasis host dan fitur "
|
||
"pemantauan file."
|
||
|
||
msgid ""
|
||
"The server certificate, key, and certificate authority (CA) files should be "
|
||
"placed in the $PGDATA directory in the following files:"
|
||
msgstr ""
|
||
"File sertifikat server, key, dan certificate authority (CA) harus "
|
||
"ditempatkan di direktori $PGDATA pada file berikut:"
|
||
|
||
msgid ""
|
||
"The service that provides a stable RESTful API. The service authenticates "
|
||
"and routes requests throughout the Shared Filesystem service. There is "
|
||
"python-manilaclient to interact with the API. For more details on the Shared "
|
||
"File Systems API, see the `OpenStack Shared File Systems API <https://"
|
||
"developer.openstack.org/api-ref-share-v2.html>`_."
|
||
msgstr ""
|
||
"Layanan yang menyediakan RESTful API yang stabil. Layanan mengotentikasi dan "
|
||
"mengarahkan permintaan ke seluruh layanan Shared Filesystem. Ada python-"
|
||
"manilaclient untuk berinteraksi dengan API. Untuk detail lebih lanjut "
|
||
"tentang API File Sistem Bersama, lihat `OpenStack Shared File Systems API "
|
||
"<https://developer.openstack.org/api-ref-share-v2.html>`_."
|
||
|
||
msgid ""
|
||
"The share driver creates the share server and manages, or handles, the share "
|
||
"server life cycle."
|
||
msgstr ""
|
||
"Share driver menciptakan share server dan mengelola, atau menangani, siklus "
|
||
"hidup share server"
|
||
|
||
msgid ""
|
||
"The simple crypto plugin is configured by default in ``barbican.conf``. This "
|
||
"plugin uses single symmetric key (KEK - or 'Key Encryption Key') which is "
|
||
"stored in plain text in the ``barbican.conf`` file to encrypt and decrypt "
|
||
"all secrets. This plugin is considered a less secure option and is only "
|
||
"suitable for development and testing as the master key is stored within a "
|
||
"config file in plain text, and is therefore not recommended for use in "
|
||
"production deployments."
|
||
msgstr ""
|
||
"Plugin kripto sederhana dikonfigurasi secara default di ``barbican.conf``. "
|
||
"Plugin ini menggunakan kunci simetris tunggal (KEK - atau 'Key Encryption "
|
||
"Key') yang disimpan dalam teks biasa di file ``barbican.conf`` untuk "
|
||
"mengenkripsi dan mendekripsi semua rahasia. Plugin ini dianggap sebagai "
|
||
"pilihan yang kurang aman dan hanya cocok untuk pengembangan dan pengujian "
|
||
"karena kunci utama disimpan dalam file konfigurasi dalam teks biasa, oleh "
|
||
"karena itu tidak disarankan untuk digunakan dalam penyebaran produksi."
|
||
|
||
msgid ""
|
||
"The system documentation for an OpenStack cloud deployment should follow the "
|
||
"templates and best practices for the Enterprise Information Technology "
|
||
"System in your organization. Organizations often have compliance "
|
||
"requirements which may require an overall System Security Plan to inventory "
|
||
"and document the architecture of a given system. There are common challenges "
|
||
"across the industry related to documenting the dynamic cloud infrastructure "
|
||
"and keeping the information up-to-date."
|
||
msgstr ""
|
||
"Dokumentasi sistem untuk pengerahan awan OpenStack harus mengikuti template "
|
||
"dan praktik terbaik untuk Enterprise Information Technology System di "
|
||
"organisasi Anda. Organisasi sering memiliki persyaratan kepatuhan yang "
|
||
"mungkin memerlukan System Security Plan secara keseluruhan untuk "
|
||
"menginventarisasi dan mendokumentasikan arsitektur sistem yang diberikan. "
|
||
"Ada tantangan umum di industri terkait dengan mendokumentasikan "
|
||
"infrastruktur awan dinamis dan menjaga agar informasi tetap up-to-date."
|
||
|
||
msgid ""
|
||
"The system provides the capability to audit a large number of events, "
|
||
"including individual system calls and events generated by trusted processes. "
|
||
"Audit data is collected in regular files in ASCII format. The system "
|
||
"provides a program for the purpose of searching the audit records. The "
|
||
"system administrator can define a rule base to restrict auditing to the "
|
||
"events they are interested in. This includes the ability to restrict "
|
||
"auditing to specific events, specific users, specific objects or a "
|
||
"combination of all of this. Audit records can be transferred to a remote "
|
||
"audit daemon."
|
||
msgstr ""
|
||
"Sistem ini menyediakan kemampuan untuk mengaudit sejumlah besar event, "
|
||
"termasuk panggilan sistem individual dan kejadian yang dihasilkan oleh "
|
||
"proses terpercaya (trusted processes). Data audit dikumpulkan dalam file "
|
||
"biasa dalam format ASCII. Sistem ini menyediakan sebuah program untuk tujuan "
|
||
"mencari catatan audit. Administrator sistem dapat menentukan basis aturan "
|
||
"untuk membatasi pengauditan terhadap kejadian yang mereka minati. Ini "
|
||
"mencakup kemampuan untuk membatasi audit terhadap kejadian tertentu, "
|
||
"pengguna tertentu, objek tertentu atau kombinasi dari semua ini. Catatan "
|
||
"audit dapat dipindahkan ke daemon audit jarak jauh."
|
||
|
||
msgid ""
|
||
"The system supports encrypted block devices to provide storage "
|
||
"confidentiality via ``dm_crypt``."
|
||
msgstr ""
|
||
"Sistem ini mendukung perangkat blok terenkripsi untuk menyediakan "
|
||
"kerahasiaan penyimpanan via ``dm_crypt``."
|
||
|
||
msgid ""
|
||
"The system supports the definition of trusted channels using SSH. Password "
|
||
"based authentication is supported. Only a restricted number of cipher suites "
|
||
"are supported for those protocols in the evaluated configuration."
|
||
msgstr ""
|
||
"Sistem ini mendukung definisi kanal terpercaya dengan menggunakan SSH. "
|
||
"Otentikasi berbasis kata kunci didukung. Hanya sejumlah kecil cipher suites "
|
||
"yang didukung untuk protokol tersebut dalam konfigurasi yang dievaluasi."
|
||
|
||
msgid ""
|
||
"The team converged in Annapolis, MD due to the close proximity of some key "
|
||
"members of the group. This was a remarkable collaboration between public "
|
||
"sector intelligence community members, silicon valley startups and some "
|
||
"large, well-known technology companies. The book sprint ran during the last "
|
||
"week in June 2013 and the first edition was created in five days."
|
||
msgstr ""
|
||
"Tim berkumpul di Annapolis, MD karena kedekatan beberapa anggota kunci "
|
||
"kelompok tersebut. Ini adalah kolaborasi yang luar biasa antara anggota "
|
||
"komunitas intelijen sektor publik, startup lembah silikon dan beberapa "
|
||
"perusahaan teknologi besar dan terkenal. Book sprint berjalan cepat selama "
|
||
"minggu terakhir di bulan Juni 2013 dan edisi pertama dibuat dalam lima hari."
|
||
|
||
msgid "The team included:"
|
||
msgstr "Tim termasuk:"
|
||
|
||
msgid ""
|
||
"The token is often passed within the structure of a larger context of an "
|
||
"Identity service response. These responses also provide a catalog of the "
|
||
"various OpenStack services. Each service is listed with its name, access "
|
||
"endpoints for internal, admin, and public access."
|
||
msgstr ""
|
||
"Token sering dilewatkan dalam struktur konteks respon layanan Identity yang "
|
||
"lebih besar. Tanggapan ini juga menyediakan katalog berbagai layanan "
|
||
"OpenStack. Setiap layanan terdaftar dengan namanya, akses endpoint untuk "
|
||
"akses internal, admin, dan publik."
|
||
|
||
msgid ""
|
||
"The trust level of this network is heavily dependent on deployment decisions "
|
||
"and as such we do not assign this any default level of trust."
|
||
msgstr ""
|
||
"Tingkat kepercayaan dari jaringan ini sangat bergantung pada keputusan "
|
||
"penerapan dan karena itu kami tidak menetapkan tingkat kepercayaan default "
|
||
"ini."
|
||
|
||
msgid ""
|
||
"The two broadly defined types of nodes that generally make up an OpenStack "
|
||
"installation are:"
|
||
msgstr ""
|
||
"Dua jenis node yang didefinisikan secara umum yang umumnya merupakan "
|
||
"instalasi OpenStack adalah:"
|
||
|
||
msgid ""
|
||
"The volume encryption and ephemeral disk encryption features rely on a key "
|
||
"management service (for example, barbican) for the creation and secure "
|
||
"storage of keys. The key manager is pluggable to facilitate deployments that "
|
||
"need a third-party Hardware Security Module (HSM) or the use of the Key "
|
||
"Management Interchange Protocol (KMIP), which is supported by an open-source "
|
||
"project called PyKMIP."
|
||
msgstr ""
|
||
"Enkripsi volume dan fitur enkripsi disk sesaat menggunakan layanan manajemen "
|
||
"kunci (misalnya barbecue) untuk pembuatan dan penyimpanan kunci yang aman. "
|
||
"Manajer kunci pluggable untuk memfasilitasi pengerahan yang memerlukan "
|
||
"Hardware Security Module (HSM) pihak ketiga atau penggunaan Key Management "
|
||
"Interchange Protocol (KMIP), yang didukung oleh proyek open-source yang "
|
||
"disebut PyKMIP."
|
||
|
||
msgid ""
|
||
"The volume encryption feature provides encryption of data-at-rest using "
|
||
"Castellan. When a user creates an encrypted volume type, and creates a "
|
||
"volume using that type, the Block Storage (cinder) service requests the key "
|
||
"manager to create a key to be associated with that volume. When the volume "
|
||
"is attached to an instance, nova retrieves the key."
|
||
msgstr ""
|
||
"Fitur enkripsi volume memberikan enkripsi data saat beristirahat menggunakan "
|
||
"Castellan. Saat pengguna membuat jenis volume terenkripsi, dan membuat "
|
||
"volume menggunakan jenis itu, layanan Block Storage (cinder) meminta manajer "
|
||
"kunci untuk membuat kunci yang terkait dengan volume tersebut. Bila volume "
|
||
"terpasang pada sebuah instance, nova mengambil kuncinya."
|
||
|
||
msgid ""
|
||
"The web server that hosts the dashboard should be configured for TLS to "
|
||
"ensure data is encrypted."
|
||
msgstr ""
|
||
"Server web yang menghosting dasbor harus dikonfigurasi untuk TLS untuk "
|
||
"memastikan data dienkripsi."
|
||
|
||
msgid ""
|
||
"There are a few important security considerations for network and host-based "
|
||
"intrusion detection systems."
|
||
msgstr ""
|
||
"Ada beberapa pertimbangan keamanan penting untuk sistem deteksi intrusi "
|
||
"berbasis jaringan dan host."
|
||
|
||
msgid ""
|
||
"There are a large number of share drivers created by different vendors which "
|
||
"support different hardware storage solutions, for example, NetApp Clustered "
|
||
"Data ONTAP (cDOT) Driver, Huawei NAS Driver or GlusterFS Driver. Each share "
|
||
"driver is a Python class that can be set for a back end and run in the back "
|
||
"end to manage share operations, some of which can be vendor-specific. The "
|
||
"back end is an instance of the manila-share service."
|
||
msgstr ""
|
||
"Ada sejumlah besar driver share yang dibuat oleh vendor yang berbeda yang "
|
||
"mendukung solusi penyimpanan perangkat keras yang berbeda, misalnya NetApp "
|
||
"Clustered Data ONTAP (cDOT) Driver, Driver NAS Huawei atau Driver GlusterFS. "
|
||
"Setiap driver share adalah kelas Python yang bisa diatur untuk back end dan "
|
||
"berjalan di back end untuk mengelola operasi share, beberapa di antaranya "
|
||
"bisa menjadi vendor-specific. Back end adalah instance dari layanan manila-"
|
||
"share."
|
||
|
||
msgid ""
|
||
"There are a number of standard activities that will greatly assist with the "
|
||
"compliance process. This chapter outlines some of the most common compliance "
|
||
"activities. These are not specific to OpenStack, however references are "
|
||
"provided to relevant sections in this book as useful context."
|
||
msgstr ""
|
||
"Ada sejumlah kegiatan standar yang akan sangat membantu proses kepatuhan. "
|
||
"Bab ini menguraikan beberapa aktivitas kepatuhan yang paling umum. Ini tidak "
|
||
"spesifik untuk OpenStack, namun referensi diberikan ke bagian yang relevan "
|
||
"dalam buku ini sebagai konteks yang berguna."
|
||
|
||
msgid ""
|
||
"There are a variety of technologies that enable verification of these early "
|
||
"boot stages. These typically require hardware support such as the :term:"
|
||
"`trusted platform module (TPM)`, Intel Trusted Execution Technology (TXT), "
|
||
"dynamic root of trust measurement (DRTM), and Unified Extensible Firmware "
|
||
"Interface (UEFI) secure boot. In this book, we will refer to all of these "
|
||
"collectively as *secure boot technologies*. We recommend using secure boot, "
|
||
"while acknowledging that many of the pieces necessary to deploy this require "
|
||
"advanced technical skills in order to customize the tools for each "
|
||
"environment. Utilizing secure boot will require deeper integration and "
|
||
"customization than many of the other recommendations in this guide. TPM "
|
||
"technology, while common in most business class laptops and desktops for "
|
||
"several years, and is now becoming available in servers together with "
|
||
"supporting BIOS. Proper planning is essential to a successful secure boot "
|
||
"deployment."
|
||
msgstr ""
|
||
"Ada berbagai teknologi yang memungkinkan verifikasi tahap boot awal ini. Ini "
|
||
"biasanya memerlukan dukungan perangkat keras sepert :term:`trusted platform "
|
||
"module (TPM)`, Intel Trusted Execution Technology (TXT), dynamic root of "
|
||
"trust measurement (DRTM), dan booting aman Unified Extensible Firmware "
|
||
"Interface (UEFI). Dalam buku ini, kita akan mengacu pada semua ini secara "
|
||
"kolektif sebagai teknologi secure boot. Sebaiknya gunakan boot aman, sambil "
|
||
"mengakui bahwa banyak dari potongan yang diperlukan untuk menerapkan ini "
|
||
"memerlukan ketrampilan teknis lanjutan untuk menyesuaikan alat untuk setiap "
|
||
"lingkungan. Memanfaatkan boot yang aman akan memerlukan integrasi dan "
|
||
"penyesuaian yang lebih dalam daripada banyak rekomendasi lainnya dalam "
|
||
"panduan ini. Teknologi TPM, meski umum ada di kebanyakan laptop kelas bisnis "
|
||
"dan desktop selama beberapa tahun, dan kini mulai tersedia di server "
|
||
"bersamaan dengan BIOS pendukung. Perencanaan yang tepat sangat penting untuk "
|
||
"penerapan booting aman yang berhasil."
|
||
|
||
msgid ""
|
||
"There are four main services that interact with OpenStack Networking. In a "
|
||
"typical OpenStack deployment these services map to the following security "
|
||
"domains:"
|
||
msgstr ""
|
||
"Ada empat layanan utama yang berinteraksi dengan OpenStack Networking. Dalam "
|
||
"pengerahan OpenStack tipikal, layanan ini dipetakan ke domain keamanan "
|
||
"berikut:"
|
||
|
||
msgid ""
|
||
"There are management, policy, and technical challenges around creating and "
|
||
"signing certificates. This is an area where cloud architects or operators "
|
||
"may wish to seek the advice of industry leaders and vendors in addition to "
|
||
"the guidance recommended here."
|
||
msgstr ""
|
||
"Ada tantangan manajemen, kebijakan, dan teknis seputar pembuatan dan "
|
||
"penandatanganan sertifikat. Ini adalah area dimana arsitek awan atau "
|
||
"operator mungkin ingin mencari saran dari pemimpin industri dan vendor "
|
||
"disamping panduan yang direkomendasikan di sini."
|
||
|
||
msgid ""
|
||
"There are many configuration management solutions; at the time of this "
|
||
"writing there are two in the marketplace that are robust in their support of "
|
||
"OpenStack environments: :term:`Chef` and :term:`Puppet`. A non-exhaustive "
|
||
"listing of tools in this space is provided below:"
|
||
msgstr ""
|
||
"Ada banyak solusi manajemen konfigurasi; Pada saat penulisan ini ada dua di "
|
||
"pasar yang kuat dalam mendukung lingkungan OpenStack: :term:`Chef` dan :term:"
|
||
"`Puppet`. Daftar alat yang tidak lengkap (non-exhaustive) di ruang ini "
|
||
"disediakan di bawah ini:"
|
||
|
||
msgid ""
|
||
"There are no general provisions for granular control of database operations "
|
||
"in OpenStack. Access and privileges are granted simply based on whether a "
|
||
"node has access to the database or not. In this scenario, nodes with access "
|
||
"to the database may have full privileges to DROP, INSERT, or UPDATE "
|
||
"functions."
|
||
msgstr ""
|
||
"Tidak ada ketentuan umum untuk pengendalian operasi database di OpenStack. "
|
||
"Akses dan hak istimewa diberikan hanya berdasarkan apakah node memiliki "
|
||
"akses ke database atau tidak. Dalam skenario ini, node dengan akses ke "
|
||
"database mungkin memiliki hak penuh untuk fungsi DROP, INSERT, atau UPDATE."
|
||
|
||
msgid ""
|
||
"There are several configuration options and deployment strategies that can "
|
||
"improve security in the Data processing service. The service controller is "
|
||
"configured through a main configuration file and one or more policy files. "
|
||
"Installations that are using the data-locality features will also have two "
|
||
"additional files to specify the physical location of Compute and Object "
|
||
"Storage nodes."
|
||
msgstr ""
|
||
"Ada beberapa pilihan konfigurasi dan strategi pengerahan yang dapat "
|
||
"meningkatkan keamanan dalam layanan pengolahan data. Pengontrol layanan "
|
||
"dikonfigurasi melalui file konfigurasi utama dan satu atau beberapa file "
|
||
"kebijakan. Instalasi yang menggunakan fitur data-locality juga akan memiliki "
|
||
"dua file tambahan untuk menentukan lokasi fisik dari node Compute dan Object "
|
||
"Storage."
|
||
|
||
msgid ""
|
||
"There are several methods to mitigate some of the risk associated with live "
|
||
"migrations, the following list details some of these:"
|
||
msgstr ""
|
||
"Ada beberapa metode untuk mengurangi beberapa risiko yang terkait dengan "
|
||
"migrasi langsung, beberapa rincian berikut ini:"
|
||
|
||
msgid ""
|
||
"There are several ways to wipe a block storage device. The traditional way "
|
||
"is to set the ``lvm_type`` to ``thin``, and then use the ``volume_clear`` "
|
||
"parameter if using the LVM backend. Alternatively, if the volume encryption "
|
||
"feature is used, then volume wiping is not necessary if the volume "
|
||
"encryption key is deleted. See the OpenStack Configuration Reference doc in "
|
||
"the `Volume Encryption <https://docs.openstack.org/cinder/latest/"
|
||
"configuration/block-storage/volume-encryption.html>`__ section for set up "
|
||
"details and also the `Castellan usage <https://docs.openstack.org/castellan/"
|
||
"latest/user/index.html>`__ document for key deletion."
|
||
msgstr ""
|
||
"Ada beberapa cara untuk menghapus perangkat penyimpan blok. Cara tradisional "
|
||
"adalah dengan mengatur ``lvm_type`` ke ``thin``, lalu gunakan parameter "
|
||
"``volume_clear`` jika menggunakan backend LVM. Sebagai alternatif, jika "
|
||
"fitur enkripsi volume digunakan, maka volume wiping tidak diperlukan jika "
|
||
"kunci enkripsi volume dihapus. Lihat dokumentasi OpenStack Configuration "
|
||
"Reference di bagian `Volume Encryption <https://docs.openstack.org/cinder/"
|
||
"latest/configuration/block-storage/volume-encryption.html>` __ untuk "
|
||
"mengatur rincian dan juga '`Castellan usage <https://docs.openstack.org/"
|
||
"castellan/latest/user/index.html>`__ dokumen untuk penghapusan kunci."
|
||
|
||
msgid ""
|
||
"There are situations where there is a security requirement to assure the "
|
||
"confidentiality or integrity of network traffic in an OpenStack deployment. "
|
||
"This is generally achieved using cryptographic measures, such as the "
|
||
"Transport Layer Security (TLS) protocol."
|
||
msgstr ""
|
||
"Ada situasi di mana ada persyaratan keamanan untuk memastikan kerahasiaan "
|
||
"atau integritas lalu lintas jaringan dalam penerapan OpenStack. Hal ini "
|
||
"umumnya dicapai dengan menggunakan ukuran kriptografi, seperti protokol "
|
||
"Transport Layer Security (TLS)."
|
||
|
||
msgid ""
|
||
"There are some key sections to the architecture page, which are explained in "
|
||
"more detail below:"
|
||
msgstr ""
|
||
"Ada beberapa bagian kunci pada halaman arsitektur, yang dijelaskan lebih "
|
||
"rinci di bawah ini:"
|
||
|
||
msgid ""
|
||
"There are two routes that an OpenStack project may take to complete a "
|
||
"security review:"
|
||
msgstr ""
|
||
"Ada dua rute yang dibutuhkan proyek OpenStack untuk menyelesaikan tinjauan "
|
||
"keamanan:"
|
||
|
||
msgid "There are two types of SOC 1 reports:"
|
||
msgstr "Ada dua jenis laporan SOC 1:"
|
||
|
||
msgid "There are two types of SOC 2 reports:"
|
||
msgstr "Ada dua jenis laporan SOC 2:"
|
||
|
||
msgid ""
|
||
"There are two types of plugins: crypto plugins and secret store plugins."
|
||
msgstr "Ada dua jenis plugin: plugin kripto dan plugin penyimpanan rahasia."
|
||
|
||
msgid ""
|
||
"There is an OpenStack Security Note pertaining to the `Use of LXC in Compute "
|
||
"<https://bugs.launchpad.net/ossn/+bug/1098582>`_."
|
||
msgstr ""
|
||
"Ada OpenStack Security Note yang berkaitan dengan `Use of LXC in Compute "
|
||
"<https://bugs.launchpad.net/ossn/+bug/1098582>`_."
|
||
|
||
msgid ""
|
||
"There is an `OpenStack Security Note (OSSN) regarding keystone.conf "
|
||
"permissions <https://bugs.launchpad.net/ossn/+bug/1168252>`__."
|
||
msgstr ""
|
||
"Ada `OpenStack Security Note (OSSN) regarding keystone.conf permissions "
|
||
"<https://bugs.launchpad.net/ossn/+bug/1168252>`__."
|
||
|
||
msgid ""
|
||
"There is an `OpenStack Security Note (OSSN) regarding potential DoS attacks "
|
||
"<https://bugs.launchpad.net/ossn/+bug/1155566>`__."
|
||
msgstr ""
|
||
"Ada `OpenStack Security Note (OSSN) regarding potential DoS attacks <https://"
|
||
"bugs.launchpad.net/ossn/+bug/1155566>`__."
|
||
|
||
msgid ""
|
||
"There is currently an effort underway to store these secrets in a Castellan "
|
||
"back-end and then have oslo.config use Castellan to retrieve these secrets."
|
||
msgstr ""
|
||
"Saat ini ada usaha untuk menyimpan rahasia ini di Castellan back-end dan "
|
||
"kemudian menggunakan oslo.config menggunakan Castellan untuk mengambil "
|
||
"kembali rahasia ini."
|
||
|
||
msgid ""
|
||
"There is no current solution to obfuscate these passwords. It is recommended "
|
||
"that these files be appropriately secured by file permissions."
|
||
msgstr ""
|
||
"Tidak ada solusi saat ini untuk mengaburkan password ini. Disarankan agar "
|
||
"file-file ini sesuai dengan hak akses file."
|
||
|
||
msgid ""
|
||
"Therefore, we recommend that clear ownership of virtual machines be "
|
||
"assigned, and that those owners be responsible for the hardening, "
|
||
"deployment, and continued functionality of the virtual machines. We also "
|
||
"recommend that updates be deployed on a regular schedule. These patches "
|
||
"should be tested in an environment as closely resembling production as "
|
||
"possible to ensure both stability and resolution of the issue behind the "
|
||
"patch."
|
||
msgstr ""
|
||
"Oleh karena itu, kami merekomendasikan agar kepemilikan mesin virtual yang "
|
||
"jelas diberikan, dan bahwa pemiliknya bertanggung jawab atas pengerasan, "
|
||
"penerapan, dan fungsionalitas lanjutan dari mesin virtual. Kami juga "
|
||
"merekomendasikan bahwa pembaruan akan diterapkan pada jadwal reguler. Patch "
|
||
"ini harus diuji di lingkungan yang menyerupai produksi semaksimal mungkin "
|
||
"untuk memastikan stabilitas dan penyelesaian masalah di balik patch."
|
||
|
||
msgid ""
|
||
"These control mappings will help identify common control criteria across "
|
||
"certifications, and provide visibility to both auditors and auditees on "
|
||
"problem areas within control sets for particular compliance certifications "
|
||
"and attestations."
|
||
msgstr ""
|
||
"Pemetaan kontrol ini akan membantu mengidentifikasi kriteria kontrol bersama "
|
||
"di seluruh sertifikasi, dan memberikan visibilitas kepada auditor dan "
|
||
"auditee di area masalah di dalam kumpulan kontrol untuk sertifikasi "
|
||
"kepatuhan dan pengesahan tertentu."
|
||
|
||
msgid ""
|
||
"These filters will create an instance based on the utilizations of the "
|
||
"hypervisor host sets and can trigger on free or used properties such as RAM, "
|
||
"IO, or CPU utilization."
|
||
msgstr ""
|
||
"Filter ini akan membuat sebuah instance berdasarkan utilisasi dari set host "
|
||
"hypervisor dan dapat memicu pada properti bebas atau bekas seperti utilisasi "
|
||
"RAM, IO, atau CPU."
|
||
|
||
msgid "These include:"
|
||
msgstr "Ini termasuk:"
|
||
|
||
msgid ""
|
||
"These logs should be reviewed at a regular cadence such as a live view by a "
|
||
"network operations center (NOC), or if the environment is not large enough "
|
||
"to necessitate a NOC, then logs should undergo a regular log review process."
|
||
msgstr ""
|
||
"Log ini harus ditinjau ulang pada irama reguler seperti live view oleh "
|
||
"network operations center (NOC), atau jika lingkungannya tidak cukup besar "
|
||
"untuk memerlukan NOC, maka log harus menjalani proses peninjauan log reguler."
|
||
|
||
msgid ""
|
||
"These policies can be modified or updated by the cloud administrator to "
|
||
"control the access to the various resources. Ensure that any changes to the "
|
||
"access control policies do not unintentionally weaken the security of any "
|
||
"resource. Also note that changes to the ``policy.json`` file become "
|
||
"effective immediately and do not require the service to be restarted."
|
||
msgstr ""
|
||
"Kebijakan ini dapat dimodifikasi atau diperbarui oleh administrator awan "
|
||
"untuk mengontrol akses ke berbagai sumber. Pastikan bahwa setiap perubahan "
|
||
"pada kebijakan kontrol akses tidak secara tidak sengaja melemahkan keamanan "
|
||
"sumber daya apapun. Perhatikan juga bahwa perubahan pada file `policy.json` "
|
||
"menjadi efektif dan tidak memerlukan layanan untuk di-restart."
|
||
|
||
msgid ""
|
||
"These security controls are best applied via automated methods. Automation "
|
||
"ensures that the controls are applied the same way each time for each system "
|
||
"and they also provide a quick method for auditing an existing system. There "
|
||
"are multiple options for automation:"
|
||
msgstr ""
|
||
"Kontrol keamanan ini paling baik diterapkan melalui metode otomatis. Otomasi "
|
||
"memastikan bahwa kontrol diterapkan dengan cara yang sama setiap saat untuk "
|
||
"setiap sistem dan mereka juga menyediakan metode cepat untuk mengaudit "
|
||
"sistem yang ada. Ada beberapa pilihan untuk otomasi:"
|
||
|
||
msgid ""
|
||
"These should be put in place to monitor and report on changes to system, "
|
||
"hypervisor, and application configuration files such as ``/etc/pam.d/system-"
|
||
"auth`` and ``/etc/keystone/keystone.conf``, as well as kernel modules (such "
|
||
"as virtio). Best practice is to use the :command:`lsmod` command to show "
|
||
"what is regularly being loaded on a system to help determine what should or "
|
||
"should not be included in FIM checks."
|
||
msgstr ""
|
||
"Ini harus diletakkan di tempat untuk memantau dan melaporkan perubahan pada "
|
||
"sistem, hypervisor, dan file konfigurasi aplikasi seperti ``/etc/pam.d/"
|
||
"system-auth`` dan ``/etc/keystone/keystone.conf``, serta modul kernel "
|
||
"(seperti virtio). Praktik terbaik adalah dengan menggunakan perintah :"
|
||
"command:`lsmod` untuk menunjukkan apa yang secara teratur dimasukkan ke "
|
||
"sistem untuk membantu menentukan apa yang seharusnya atau tidak boleh "
|
||
"disertakan dalam pemeriksaan FIM."
|
||
|
||
msgid ""
|
||
"These technologies comprise the core of the frameworks that are deployed "
|
||
"with the Data processing service. In addition to these technologies, the "
|
||
"service also includes bundled frameworks provided by third party vendors. "
|
||
"These bundled frameworks are built using the same core pieces described "
|
||
"above plus configurations and applications that the vendors include. For "
|
||
"more information on the third party framework bundles please see the "
|
||
"following links:"
|
||
msgstr ""
|
||
"Teknologi ini terdiri dari inti kerangka kerja yang digunakan dengan layanan "
|
||
"pengolahan Data. Selain teknologi ini, layanan ini juga mencakup kerangka "
|
||
"kerja yang disediakan oleh vendor pihak ketiga. Kerangka bundel ini dibuat "
|
||
"dengan menggunakan potongan inti yang sama seperti yang dijelaskan di atas "
|
||
"ditambah konfigurasi dan aplikasi yang disertakan vendor. Untuk informasi "
|
||
"lebih lanjut tentang kumpulan kerangka pihak ketiga, silakan lihat link "
|
||
"berikut ini:"
|
||
|
||
msgid ""
|
||
"This :term:`Nginx` example requires TLS v1.1 or v1.2 for maximum security. "
|
||
"The ``ssl_ciphers`` line can be tweaked based on your needs, however this is "
|
||
"a reasonable starting place. The default configuration file is ``/etc/nginx/"
|
||
"nginx.conf``."
|
||
msgstr ""
|
||
"Contoh :term:`Nginx` ini memerlukan TLS v1.1 atau v1.2 untuk keamanan "
|
||
"maksimal. Baris ``ssl_ciphers`` dapat di-tweak berdasarkan kebutuhan Anda, "
|
||
"namun ini adalah tempat awal yang masuk akal. File konfigurasi defaultnya "
|
||
"adalah ``/etc/nginx/nginx.conf``."
|
||
|
||
msgid ""
|
||
"This Book was produced in a 5 day book sprint. A book sprint is an intensely "
|
||
"collaborative, facilitated process which brings together a group to produce "
|
||
"a book in 3-5 days. It is a strongly facilitated process with a specific "
|
||
"methodology founded and developed by Adam Hyde. For more information visit "
|
||
"the book sprint web page at `BookSprints <http://www.booksprints.net>`__."
|
||
msgstr ""
|
||
"Buku ini diproduksi dalam sprint buku 5 hari. Sprint buku adalah proses yang "
|
||
"sangat kolaboratif dan difasilitasi yang menyatukan kelompok untuk "
|
||
"menghasilkan buku dalam 3-5 hari. Ini adalah proses yang sangat difasilitasi "
|
||
"dengan metodologi khusus yang didirikan dan dikembangkan oleh Adam Hyde. "
|
||
"Untuk informasi lebih lanjut, kunjungi halaman web sprint buku di "
|
||
"`BookSprints <http://www.booksprints.net>`__."
|
||
|
||
msgid ""
|
||
"This Pound example enables ``AES-NI`` acceleration, which helps to improve "
|
||
"performance on systems with processors that support this feature. The "
|
||
"default configuration file is ``/etc/pound/pound.cfg`` on Ubuntu, ``/etc/"
|
||
"pound.cfg`` on RHEL, CentOS, openSUSE, and SUSE Linux Enterprise."
|
||
msgstr ""
|
||
"Contoh Pound ini memungkinkan akselerasi ``AES-NI``, yang membantu "
|
||
"meningkatkan kinerja pada sistem dengan prosesor yang mendukung fitur ini. "
|
||
"File konfigurasi defaultnya adalah ``/etc/pound/pound.cfg`` di Ubuntu, ``/"
|
||
"etc/pound.cfg`` di RHEL, CentOS, openSUSE, dan SUSE Linux Enterprise."
|
||
|
||
msgid ""
|
||
"This abstraction offers the advantage of restricting services to executing "
|
||
"methods with parameters, similar to stored procedures, preventing a large "
|
||
"number of systems from directly accessing or modifying database data. This "
|
||
"is accomplished without having these procedures stored or executed within "
|
||
"the context or scope of the database itself, a frequent criticism of typical "
|
||
"stored procedures."
|
||
msgstr ""
|
||
"Abstraksi ini menawarkan keuntungan untuk membatasi layanan terhadap metode "
|
||
"eksekusi dengan parameter, mirip dengan prosedur tersimpan, mencegah "
|
||
"sejumlah besar sistem untuk mengakses atau memodifikasi data database secara "
|
||
"langsung. Hal ini dilakukan tanpa prosedur yang tersimpan atau dijalankan "
|
||
"dalam konteks atau ruang lingkup database itu sendiri, sering mengkritik "
|
||
"prosedur tersimpan yang umum."
|
||
|
||
msgid ""
|
||
"This book provides best practices and conceptual information about securing "
|
||
"an OpenStack cloud."
|
||
msgstr ""
|
||
"Buku ini memberikan praktik terbaik dan informasi konseptual tentang "
|
||
"mengamankan awan OpenStack."
|
||
|
||
msgid ""
|
||
"This chapter covers issues related to network communications to and from the "
|
||
"database server. This includes IP address bindings and encrypting network "
|
||
"traffic with TLS."
|
||
msgstr ""
|
||
"Bab ini membahas isu-isu yang berkaitan dengan komunikasi jaringan ke dan "
|
||
"dari server database. Ini termasuk binding alamat IP dan mengenkripsi lalu "
|
||
"lintas jaringan dengan TLS."
|
||
|
||
msgid "This chapter has several objectives:"
|
||
msgstr "Bab ini memiliki beberapa tujuan:"
|
||
|
||
msgid ""
|
||
"This chapter recommends security enhancements for both public and private-"
|
||
"facing API endpoints."
|
||
msgstr ""
|
||
"Bab ini merekomendasikan penyempurnaan keamanan untuk API endpoint publik "
|
||
"dan private-facing API ."
|
||
|
||
msgid ""
|
||
"This chapter will review several features around configuring TLS to secure "
|
||
"both internal and external resources, and will call out specific categories "
|
||
"of systems that should be given specific attention."
|
||
msgstr ""
|
||
"Bab ini akan meninjau beberapa fitur seputar konfigurasi TLS untuk "
|
||
"mengamankan sumber daya internal dan eksternal, dan akan memanggil kategori "
|
||
"spesifik sistem yang harus diberi perhatian khusus."
|
||
|
||
msgid ""
|
||
"This configuration can only be enabled while defining the node group "
|
||
"templates that will make up the data processing clusters. It is provided as "
|
||
"a run time option to be enabled during the cluster provisioning process."
|
||
msgstr ""
|
||
"Konfigurasi ini hanya dapat diaktifkan saat menentukan template grup simpul "
|
||
"yang akan membentuk cluster pengolahan data. Ini disediakan sebagai opsi run "
|
||
"time untuk diaktifkan selama proses pembuatan klaster."
|
||
|
||
msgid ""
|
||
"This delegates instance creation based on the image used, such as the "
|
||
"operating system of the VM or type of image used."
|
||
msgstr ""
|
||
"Hal ini mendelegasikan pembuatan instance berdasarkan image yang digunakan, "
|
||
"seperti sistem operasi VM atau jenis image yang digunakan."
|
||
|
||
msgid ""
|
||
"This does introduce new challenges around protecting that identity. However, "
|
||
"this is a worthwhile tradeoff given the greater control, and fewer "
|
||
"credential databases that come with a centralized common identity store."
|
||
msgstr ""
|
||
"Ini mengenalkan tantangan baru seputar melindungi identitas itu. Namun, ini "
|
||
"adalah tradeoff yang berharga mengingat kontrol yang lebih besar, dan lebih "
|
||
"sedikit database kredensial yang hadir dengan identity store umum terpusat."
|
||
|
||
msgid "This domain should always be considered *untrusted*."
|
||
msgstr "Domain ini harus selalu dianggap *untrusted *."
|
||
|
||
msgid ""
|
||
"This ensures that placement of both code and data regions will be "
|
||
"randomized. Enabled by the kernel (all modern Linux kernels support ASLR), "
|
||
"when the executable is built with PIE."
|
||
msgstr ""
|
||
"Ini memastikan penempatan kedua kode dan data daerah akan diacak. Diaktifkan "
|
||
"oleh kernel (semua kernel Linux modern mendukung ASLR), saat eksekusi "
|
||
"dilakukan dengan PIE."
|
||
|
||
msgid "This example shows the barbican architecture diagram:"
|
||
msgstr "Contoh ini menunjukkan diagram arsitektur barbican:"
|
||
|
||
msgid "This example shows the sVirt category identifier:"
|
||
msgstr "Contoh ini menunjukkan pengenal kategori sVirt:"
|
||
|
||
msgid ""
|
||
"This field sets the cipher and mode used to encrypt ephemeral storage. AES-"
|
||
"XTS is recommended by NIST_ specifically for disk storage, and the name is "
|
||
"shorthand for AES encryption using the XTS encryption mode. Available "
|
||
"ciphers depend on kernel support. At the command line, type 'cryptsetup "
|
||
"benchmark' to determine the available options (and see benchmark results), "
|
||
"or go to */proc/crypto*"
|
||
msgstr ""
|
||
"Bidang ini mengatur cipher dan mode yang digunakan untuk mengenkripsi "
|
||
"penyimpanan singkat. AES-XTS direkomendasikan oleh NIST_ khusus untuk "
|
||
"penyimpanan disk, dan namanya adalah singkatan untuk enkripsi AES "
|
||
"menggunakan mode enkripsi XTS. Tersedia ciphers yang bergantung pada "
|
||
"dukungan kernel. Pada baris perintah, ketik 'benchmark cryptsetup' untuk "
|
||
"menentukan pilihan yang tersedia (dan lihat hasil benchmark), atau masuk ke "
|
||
"*/proc/crypto*"
|
||
|
||
msgid ""
|
||
"This filter will create an instance based on external details such as in a "
|
||
"specific IP range, across availability zones, or on the same host as another "
|
||
"instance."
|
||
msgstr ""
|
||
"Filter ini akan membuat sebuah instance berdasarkan rincian eksternal "
|
||
"seperti pada kisaran IP tertentu, di seluruh zona ketersediaan, atau pada "
|
||
"host yang sama seperti instance lainnya."
|
||
|
||
msgid ""
|
||
"This filter will delegate instance creation based on user or administrator "
|
||
"provided criteria such as trusts or metadata parsing."
|
||
msgstr ""
|
||
"Filter ini akan mendelegasikan pembuatan instance berdasarkan kriteria yang "
|
||
"diberikan pengguna atau administrator seperti penguraian atau parsing "
|
||
"metadata."
|
||
|
||
msgid ""
|
||
"This guide augments the `OpenStack Operations Guide <https://docs.openstack."
|
||
"org/ops/>`__ and can be referenced to harden existing OpenStack deployments "
|
||
"or to evaluate the security controls of OpenStack cloud providers."
|
||
msgstr ""
|
||
"Panduan ini menambah `OpenStack Operations Guide <https://docs.openstack.org/"
|
||
"ops/>`__ dan dapat dirujuk untuk mengeras pemasangan OpenStack yang ada atau "
|
||
"untuk mengevaluasi kontrol keamanan penyedia awan OpenStack."
|
||
|
||
msgid ""
|
||
"This guide focuses on a standard architecture that includes a *cloud "
|
||
"controller* host, a *network* host, and a set of *compute* hypervisors for "
|
||
"running VMs."
|
||
msgstr ""
|
||
"Panduan ini berfokus pada arsitektur standar yang mencakup host *cloud "
|
||
"controller* , host *network*, dan satu set *compute* hypervisor untuk "
|
||
"menjalankan VM."
|
||
|
||
msgid "This guide is intended as advice only."
|
||
msgstr "Panduan ini dimaksudkan sebagai saran saja."
|
||
|
||
msgid ""
|
||
"This guide provides security insight into :term:`OpenStack` deployments. The "
|
||
"intended audience is cloud architects, deployers, and administrators. In "
|
||
"addition, cloud users will find the guide both educational and helpful in "
|
||
"provider selection, while auditors will find it useful as a reference "
|
||
"document to support their compliance certification efforts. This guide is "
|
||
"also recommended for anyone interested in cloud security."
|
||
msgstr ""
|
||
"Panduan ini memberikan wawasan keamanan dalam :term: `OpenStack` "
|
||
"deployments. Penonton yang dimaksud adalah arsitek awan, penginstal, dan "
|
||
"administrator. Selain itu, pengguna awan akan menemukan panduan ini baik "
|
||
"untuk pendidikan maupun dalam pemilihan penyedia layanan, sementara auditor "
|
||
"akan merasa berguna sebagai dokumen referensi untuk mendukung upaya "
|
||
"sertifikasi kepatuhan mereka. Panduan ini juga direkomendasikan bagi siapa "
|
||
"saja yang berminat pada keamanan awan."
|
||
|
||
msgid ""
|
||
"This guide was last updated as of the Pike release, documenting the "
|
||
"OpenStack Pike, Ocata, and Newton releases. It may not apply to EOL releases "
|
||
"Mitaka, Kilo and Liberty."
|
||
msgstr ""
|
||
"Panduan ini terakhir diperbarui pada rilis Pike, mendokumentasikan rilis "
|
||
"OpenStack Pike, Ocata, dan Newton. Ini mungkin tidak berlaku untuk rilis EOL "
|
||
"Mitaka, Kilo dan Liberty."
|
||
|
||
msgid ""
|
||
"This instance follows a standard SAML2 authentication procedure, that is, "
|
||
"the user will be redirected to the Identity Provider’s authentication "
|
||
"webpage and be prompted for credentials. After successfully authenticating "
|
||
"the user will be redirected to the Service Provider’s endpoint. If using a "
|
||
"web browser, a token will be returned in XML format. As an alternative to "
|
||
"using a web browser, you can use Enhanced Client or Proxy (ECP), which is "
|
||
"available in the ``keystoneclient`` in the Identity service API."
|
||
msgstr ""
|
||
"Instance ini mengikuti prosedur otentikasi SAML2 standar, yaitu pengguna "
|
||
"akan diarahkan ke halaman web otentikasi Identity Provider dan diminta "
|
||
"meminta kredensial. Setelah berhasil mengautentikasi pengguna akan dialihkan "
|
||
"ke endpoint Service Provider. Jika menggunakan browser web, token akan "
|
||
"dikembalikan dalam format XML. Sebagai alternatif untuk menggunakan browser "
|
||
"web, Anda dapat menggunakan Enhanced Client atau Proxy (ECP), yang tersedia "
|
||
"di ``keystoneclient`` di API layanan Identity."
|
||
|
||
msgid "This is recorded in the following format:"
|
||
msgstr "Ini dicatat dalam format berikut:"
|
||
|
||
msgid ""
|
||
"This is the formal audit process. Auditors will test security controls in "
|
||
"scope for a specific certification, and demand evidentiary requirements to "
|
||
"prove that these controls were also in place for the audit window (for "
|
||
"example SOC 2 audits generally evaluate security controls over a 6-12 months "
|
||
"period). Any control failures are logged, and will be documented in the "
|
||
"external auditors final report. Dependent on the type of OpenStack "
|
||
"deployment, these reports may be viewed by customers, so it is important to "
|
||
"avoid control failures. This is why audit preparation is so important."
|
||
msgstr ""
|
||
"Ini adalah proses audit formal. Auditor akan menguji sekuriti keamanan dalam "
|
||
"lingkup sertifikasi tertentu, dan menuntut persyaratan pembuktian untuk "
|
||
"membuktikan bahwa kontrol ini juga diterapkan untuk audit windowt (misalnya "
|
||
"audit SOC 2 pada umumnya mengevaluasi kontrol keamanan selama periode 6-12 "
|
||
"bulan). Setiap kegagalan kontrol dicatat, dan akan didokumentasikan dalam "
|
||
"laporan akhir auditor eksternal. Bergantung pada jenis penyebaran OpenStack, "
|
||
"laporan ini dapat dilihat oleh pelanggan, jadi penting untuk menghindari "
|
||
"kegagalan pengendalian. Inilah sebabnya mengapa persiapan audit sangat "
|
||
"penting."
|
||
|
||
msgid ""
|
||
"This is very similar to the :ref:`secure-communication-proxy-in-front` but "
|
||
"the SSL/TLS proxy is on the same physical system as the API endpoint. The "
|
||
"API endpoint would be configured to only listen on the local network "
|
||
"interface. All remote communication with the API endpoint would go through "
|
||
"the SSL/TLS proxy. With this deployment model, we address a number of the "
|
||
"bullet points in :ref:`secure-communication-proxy-in-front` A proven SSL "
|
||
"implementation that performs well would be used. The same SSL proxy software "
|
||
"would be used for all services, so SSL configuration for the API endpoints "
|
||
"would be consistent. The OpenStack service processes would not have direct "
|
||
"access to the private keys used for SSL/TLS, as you would run the SSL "
|
||
"proxies as a different user and restrict access using permissions (and "
|
||
"additionally mandatory access controls using something like SELinux). We "
|
||
"would ideally have the API endpoints listen on a Unix socket such that we "
|
||
"could restrict access to it using permissions and mandatory access controls "
|
||
"as well. Unfortunately, this does not seem to work currently in Eventlet "
|
||
"from our testing. It is a good future development goal."
|
||
msgstr ""
|
||
"Ini sangat mirip dengan :ref: `secure-communication-proxy-in-front` tapi "
|
||
"proxy SSL/TLS berada pada sistem fisik yang sama dengan endpoint API. "
|
||
"Endpoint API akan dikonfigurasi untuk hanya mendengarkan pada antarmuka "
|
||
"jaringan lokal. Semua komunikasi jarak jauh dengan endpoint API akan melalui "
|
||
"proxy SSL/TLS. Dengan model penyebaran ini, kami menangani sejumlah butir "
|
||
"di :ref: `secure-communication-proxy-in-front` Implementasi SSL yang telah "
|
||
"teruji yang berkinerja baik akan digunakan. Perangkat lunak proxy SSL yang "
|
||
"sama akan digunakan untuk semua layanan, jadi konfigurasi SSL untuk endpoint "
|
||
"API akan konsisten. Proses layanan OpenStack tidak akan memiliki akses "
|
||
"langsung ke kunci privat yang digunakan untuk SSL/TLS, karena Anda akan "
|
||
"menjalankan proxy SSL sebagai pengguna yang berbeda dan membatasi akses "
|
||
"menggunakan izin (dan juga kontrol akses wajib menggunakan sesuatu seperti "
|
||
"SELinux). Kami idealnya memiliki endpoint API mendengarkan di soket Unix "
|
||
"sehingga kami dapat membatasi akses ke sana menggunakan izin dan kontrol "
|
||
"akses wajib juga. Sayangnya, sepertinya ini tidak bekerja saat ini di "
|
||
"Eventlet dari pengujian kami. Ini adalah tujuan pembangunan masa depan yang "
|
||
"baik."
|
||
|
||
msgid ""
|
||
"This necessitates that the proxy nodes have dual interfaces (physical or "
|
||
"virtual):"
|
||
msgstr ""
|
||
"Ini mengharuskan bahwa node proxy memiliki dua antarmuka (fisik atau "
|
||
"virtual):"
|
||
|
||
msgid "This option was introduced in Kilo release."
|
||
msgstr "Pilihan ini diperkenalkan dalam rilis Kilo."
|
||
|
||
msgid ""
|
||
"This path is Ubuntu-specific. For other distributions, replace with "
|
||
"appropriate path."
|
||
msgstr ""
|
||
"Path ini adalah Ubuntu-specific. Untuk distro lain, ganti dengan jalur yang "
|
||
"sesuai."
|
||
|
||
msgid "This process is broken apart into three primary categories:"
|
||
msgstr "Proses ini dipecah menjadi tiga kategori utama:"
|
||
|
||
msgid ""
|
||
"This recommendation provides insulation from brute force, social "
|
||
"engineering, and both spear and mass phishing attacks that may compromise "
|
||
"administrator passwords."
|
||
msgstr ""
|
||
"Rekomendasi ini memberikan isolasi dari kekerasan (brute force), rekayasa "
|
||
"sosial, dan serangan tusukan (spear) dan massa phishing yang dapat "
|
||
"membahayakan passwords administrator."
|
||
|
||
msgid ""
|
||
"This refers to 'Hacktivist' type organizations who are not typically "
|
||
"commercially funded but can pose a serious threat to service providers and "
|
||
"cloud operators."
|
||
msgstr ""
|
||
"Ini mengacu pada jenis organisasi 'Hacktivist' yang biasanya tidak didanai "
|
||
"secara komersial namun dapat menimbulkan ancaman serius bagi penyedia "
|
||
"layanan dan operator awan."
|
||
|
||
msgid ""
|
||
"This restricts only root to be able to modify configuration files while "
|
||
"allowing the services to read them through their group membership in the "
|
||
"``swift`` group."
|
||
msgstr ""
|
||
"Ini membatasi hanya root untuk dapat memodifikasi file konfigurasi sambil "
|
||
"membiarkan layanan membacanya melalui keanggotaan grup mereka di grup "
|
||
"``swift`` ."
|
||
|
||
msgid ""
|
||
"This section discusses OpenStack Networking configuration best practices as "
|
||
"they apply to project network security within your OpenStack deployment."
|
||
msgstr ""
|
||
"Bagian ini membahas praktik terbaik konfigurasi OpenStack Networking saat "
|
||
"mereka menerapkan keamanan jaringan proyek di dalam penyebaran OpenStack "
|
||
"Anda."
|
||
|
||
msgid ""
|
||
"This section discusses security hardening approaches for the three most "
|
||
"common message queuing solutions used in OpenStack: RabbitMQ, Qpid, and "
|
||
"ZeroMQ."
|
||
msgstr ""
|
||
"Bagian ini membahas pendekatan pengerasan keamanan untuk tiga solusi antrian "
|
||
"pesan paling umum yang digunakan di OpenStack: RabbitMQ, Qpid, dan ZeroMQ."
|
||
|
||
msgid ""
|
||
"This section is a high-level overview of what processes and best practices "
|
||
"should be considered when implementing OpenStack Networking."
|
||
msgstr ""
|
||
"Bagian ini adalah gambaran umum tingkat tinggi tentang proses dan praktik "
|
||
"terbaik yang harus dipertimbangkan saat mengimplementasikan OpenStack "
|
||
"Networking."
|
||
|
||
msgid ""
|
||
"This section titles the architecture page, gives the status of the review "
|
||
"(draft, ready for review, reviewed) and captures the release and version of "
|
||
"the project (where relevant). It also records the PTL for the project, the "
|
||
"project's architect who is responsible for producing the architecture page, "
|
||
"diagrams and working through the review (this may or may not be the PTL), "
|
||
"and the security reviewer(s)."
|
||
msgstr ""
|
||
"Bagian ini berisi judul halaman arsitektur, memberikan status tinjauan "
|
||
"(draft, siap untuk diperiksa, ditinjau) dan menangkap rilis dan versi proyek "
|
||
"(jika relevan). Ini juga mencatat proyek PTL untuk proyek ini, arsitek "
|
||
"proyek yang bertanggung jawab untuk memproduksi halaman arsitektur, diagram "
|
||
"dan mengerjakan tinjauan (ini mungkin atau mungkin bukan PTL), dan reviewer "
|
||
"keamanan."
|
||
|
||
msgid ""
|
||
"This section will contain a brief description of the project to introduce "
|
||
"third parties to the service. This should be a paragraph or two and can be "
|
||
"cut/paste from wiki or other documentation. Include links to relevant "
|
||
"presentations and further documentation if available."
|
||
msgstr ""
|
||
"Bagian ini akan berisi deskripsi singkat tentang proyek untuk memperkenalkan "
|
||
"pihak ketiga ke layanan ini. Ini harus satu paragraf atau dua dan bisa cut/"
|
||
"paste dari wiki atau dokumentasi lainnya. Sertakan tautan ke presentasi yang "
|
||
"relevan dan dokumentasi lebih lanjut jika tersedia."
|
||
|
||
msgid ""
|
||
"This service is responsible for managing data operations which may take a "
|
||
"long time to complete and block other services if not handled separately."
|
||
msgstr ""
|
||
"Layanan ini bertanggung jawab untuk mengelola operasi data yang memerlukan "
|
||
"waktu lama untuk menyelesaikan dan memblokir layanan lain jika tidak "
|
||
"ditangani secara terpisah."
|
||
|
||
msgid ""
|
||
"This service runs on the network node to service the Networking API and its "
|
||
"extensions. It also enforces the network model and IP addressing of each "
|
||
"port. The neutron-server requires indirect access to a persistent database. "
|
||
"This is accomplished through plugins, which communicate with the database "
|
||
"using AMQP (Advanced Message Queuing Protocol)."
|
||
msgstr ""
|
||
"Layanan ini berjalan pada node jaringan untuk melayani Networking API dan "
|
||
"ekstensi-nya. Ini juga memberlakukan model jaringan dan pengalamatan IP "
|
||
"masing-masing port. Server neutron membutuhkan akses tidak langsung ke "
|
||
"database yang persisten. Hal ini dilakukan melalui plugin, yang "
|
||
"berkomunikasi dengan database menggunakan AMQP (Advanced Message Queuing "
|
||
"Protocol)."
|
||
|
||
msgid ""
|
||
"This table illustrates a generic approach to measuring the impact of a "
|
||
"vulnerability based on where it occurs in your deployment and the effect. "
|
||
"For example, a single level privilege escalation on a Compute API node "
|
||
"potentially allows a standard user of the API to escalate to have the same "
|
||
"privileges as the root user on the node."
|
||
msgstr ""
|
||
"Tabel ini menggambarkan pendekatan generik untuk mengukur dampak kerentanan "
|
||
"berdasarkan pada mana hal itu terjadi dalam penerapan dan pengaruhnya. "
|
||
"Sebagai contoh, eskalasi hak istimewa tingkat tunggal pada node Compute API "
|
||
"berpotensi memungkinkan pengguna standar API meningkat untuk memiliki hak "
|
||
"istimewa yang sama seperti pengguna root di node."
|
||
|
||
msgid ""
|
||
"This value should be initially set with a cryptographically secure random "
|
||
"number generator and consistent across all nodes. Ensure that it is "
|
||
"protected with proper ACLs and that you have a backup copy to avoid data "
|
||
"loss."
|
||
msgstr ""
|
||
"Nilai ini pada awalnya harus ditetapkan dengan generator bilangan acak yang "
|
||
"aman secara kriptografi dan konsisten di semua simpul. Pastikan itu "
|
||
"dilindungi dengan ACL yang benar dan Anda memiliki salinan cadangan untuk "
|
||
"menghindari kehilangan data."
|
||
|
||
msgid ""
|
||
"Those deploying MySQL or PostgreSQL are advised to refer to existing "
|
||
"security guidance. Some references are listed below:"
|
||
msgstr ""
|
||
"Mereka yang menggunakan MySQL atau PostgreSQL disarankan untuk merujuk pada "
|
||
"panduan keamanan yang ada. Beberapa referensi tercantum di bawah ini:"
|
||
|
||
msgid ""
|
||
"Those drivers that support the CIFS shared file system protocol in most "
|
||
"cases can be configured to use Active Directory and manage access through "
|
||
"the user authentication."
|
||
msgstr ""
|
||
"Driver yang mendukung protokol sistem berkas bersama CIFS dalam banyak kasus "
|
||
"dapat dikonfigurasi untuk menggunakan Active Directory dan mengelola akses "
|
||
"melalui otentikasi pengguna."
|
||
|
||
msgid "Threat actors"
|
||
msgstr "Aktor ancaman"
|
||
|
||
msgid "Threat analysis"
|
||
msgstr "Analisis ancaman"
|
||
|
||
msgid "Threat classification, actors and attack vectors"
|
||
msgstr "Klasifikasi ancaman, aktor dan vektor serangan"
|
||
|
||
msgid ""
|
||
"Throughout the book, we refer to several types of OpenStack cloud users: :"
|
||
"term:`administrator`, :term:`operator`, and :term:`user`. We use these terms "
|
||
"to identify the level of security access each role has, although, in "
|
||
"reality, we understand that varying roles are often held by the same "
|
||
"individual."
|
||
msgstr ""
|
||
"Sepanjang buku ini, kami mengacu pada beberapa jenis pengguna awan "
|
||
"OpenStack: :term:`administrator`, :term:`operator`, dan :term:`user`.Kami "
|
||
"menggunakan istilah ini untuk mengidentifikasi tingkat akses keamanan yang "
|
||
"dimiliki masing-masing peran, walaupun, pada kenyataannya, kami memahami "
|
||
"bahwa berbagai peran seringkali dipegang oleh individu yang sama."
|
||
|
||
msgid ""
|
||
"Thus now users in demo tenant can see the private share type and use it in "
|
||
"the share creation:"
|
||
msgstr ""
|
||
"Jadi sekarang pengguna di penyewa demo dapat melihat jenis share pribadi dan "
|
||
"menggunakannya dalam pembuatan share:"
|
||
|
||
msgid ""
|
||
"Thus, as an administrator, you can configure a back end to use specific "
|
||
"authentication service via network and it will store users. The "
|
||
"authentication service can operate with clients without the Shared File "
|
||
"System and the Identity service."
|
||
msgstr ""
|
||
"Dengan demikian, sebagai administrator, Anda dapat mengkonfigurasi back end "
|
||
"untuk menggunakan layanan otentikasi tertentu melalui jaringan dan akan "
|
||
"menyimpan pengguna. Layanan otentikasi dapat beroperasi dengan klien tanpa "
|
||
"Shared File System dan layanan Identity."
|
||
|
||
msgid ""
|
||
"Thus, it is required to create the necessary Identity service groups that "
|
||
"correspond to the Identity Provider’s groups; additionally, these groups "
|
||
"should be assigned roles on one or more projects or domains. For example, "
|
||
"groups here refers to the Identity service groups that should be created so "
|
||
"that when mapping from the SAML attribute ``Employees``, you can map it to a "
|
||
"Identity service group ``devs``."
|
||
msgstr ""
|
||
"Dengan demikian, diperlukan untuk menciptakan kelompok layanan Identity yang "
|
||
"diperlukan yang sesuai dengan kelompok Identity Provider; Selain itu, "
|
||
"kelompok ini harus diberi peran dalam satu atau lebih proyek atau domain. "
|
||
"Misalnya, kelompok di sini mengacu pada kelompok layanan Identity yang harus "
|
||
"dibuat sehingga ketika pemetaan dari atribut SAML ``Employees``, Anda dapat "
|
||
"memetakannya ke grup ``devs`` layanan Identity ."
|
||
|
||
msgid "Timeliness and availability of updates"
|
||
msgstr "Ketepatan waktu dan ketersediaan update"
|
||
|
||
msgid "Title, version information, contact details"
|
||
msgstr "Judul, informasi versi, rincian kontak"
|
||
|
||
msgid ""
|
||
"To address the often mentioned concern of tenant data privacy and limiting "
|
||
"cloud provider liability, there is greater interest within the OpenStack "
|
||
"community to make data encryption more ubiquitous. It is relatively easy for "
|
||
"an end-user to encrypt their data prior to saving it to the cloud, and this "
|
||
"is a viable path for tenant objects such as media files, database archives "
|
||
"among others. In some instances, client-side encryption is utilized to "
|
||
"encrypt data held by the virtualization technologies which requires client "
|
||
"interaction, such as presenting keys, to decrypt data for future use. To "
|
||
"seamlessly secure the data and have it accessible without burdening the "
|
||
"client with having to manage their keys and interactively provide them calls "
|
||
"for a key management service within OpenStack. Providing encryption and key "
|
||
"management services as part of OpenStack eases data-at-rest security "
|
||
"adoption and addresses customer concerns about privacy or misuse of data, "
|
||
"while also limiting cloud provider liability. This can help reduce a "
|
||
"provider's liability when handling tenant data during an incident "
|
||
"investigation in multi-tenant public clouds."
|
||
msgstr ""
|
||
"Untuk mengatasi kekhawatiran privasi data penyewa yang sering disebutkan dan "
|
||
"membatasi tanggung jawab penyedia cloud, ada ketertarikan yang lebih besar "
|
||
"dalam komunitas OpenStack untuk membuat enkripsi data lebih banyak terjadi "
|
||
"di mana-mana. Adalah relatif mudah bagi end-user untuk mengenkripsi data "
|
||
"mereka sebelum menyimpannya ke awan, dan ini adalah jalur yang layak untuk "
|
||
"objek penyewa seperti file media, arsip database, dan lain-lain. Dalam "
|
||
"beberapa instance, enkripsi sisi klien digunakan untuk mengenkripsi data "
|
||
"yang dimiliki oleh teknologi virtualisasi yang memerlukan interaksi klien, "
|
||
"seperti menghadirkan kunci, untuk mendekripsi data untuk penggunaan masa "
|
||
"depan. Untuk mengamankan data secara mulus dan memilikinya dapat diakses "
|
||
"tanpa membebani klien karena harus mengelola kunci mereka dan secara "
|
||
"interaktif memberi mereka panggilan untuk layanan manajemen kunci di dalam "
|
||
"OpenStack. Menyediakan layanan pengelolaan enkripsi dan kunci sebagai bagian "
|
||
"dari OpenStack memudahkan adopsi keamanan data dan atasi penggunaan dan "
|
||
"menanggapi kekhawatiran pelanggan tentang privasi atau penyalahgunaan data, "
|
||
"sekaligus juga membatasi tanggung jawab penyedia cloud. Ini dapat membantu "
|
||
"mengurangi tanggung jawab penyedia saat menangani data penyewa selama "
|
||
"penyelidikan insiden di awan publik multi-penyewa."
|
||
|
||
msgid ""
|
||
"To aid OpenStack architects in the protection of personal data, we recommend "
|
||
"OpenStack architects review the NIST publication 800-122, titled \"*Guide to "
|
||
"Protecting the Confidentiality of Personally Identifiable Information (PII)*."
|
||
"\" This guide steps through the process of protecting:"
|
||
msgstr ""
|
||
"Untuk membantu arsitek OpenStack dalam melindungi data pribadi, kami "
|
||
"merekomendasikan arsitek OpenStack meninjau publikasi NIST 800-122, yang "
|
||
"berjudul \"*Guide to Protecting the Confidentiality of Personally "
|
||
"Identifiable Information (PII)*.\" Panduan ini melangkah melalui proses "
|
||
"perlindungan:"
|
||
|
||
msgid ""
|
||
"To deny access for a specified project, use :command:`manila type-access-"
|
||
"remove <share_type> <project_id>` command."
|
||
msgstr ""
|
||
"Untuk menolak akses untuk proyek tertentu, gunakan perintah :command:`manila "
|
||
"type-access-remove <share_type> <project_id>` ."
|
||
|
||
msgid ""
|
||
"To disable the nova-conductor, place the following into your ``nova.conf`` "
|
||
"file (on your compute hosts):"
|
||
msgstr ""
|
||
"Untuk menonaktifkan nova-conductor, tempatkan hal berikut ke file ``nova."
|
||
"conf`` Anda (pada host komputasi Anda):"
|
||
|
||
msgid ""
|
||
"To ease the administrative burden of managing SELinux, many enterprise Linux "
|
||
"platforms utilize SELinux Booleans to quickly change the security posture of "
|
||
"sVirt."
|
||
msgstr ""
|
||
"Untuk memudahkan beban administrasi pengelolaan SELinux, banyak platform "
|
||
"perusahaan Linux memanfaatkan SELinux Boolean untuk segera mengubah postur "
|
||
"keamanan dari sVirt."
|
||
|
||
msgid "To enable Federation, perform the following steps:"
|
||
msgstr "Untuk mengaktifkan Federasi, lakukan langkah-langkah berikut:"
|
||
|
||
msgid "To enable memcached, execute the following:"
|
||
msgstr "Untuk mengaktifkan memcached, jalankan perintah berikut:"
|
||
|
||
msgid ""
|
||
"To enforce policies, you can configure services, host-based firewalls (such "
|
||
"as iptables), local policy (SELinux or AppArmor), and optionally global "
|
||
"network policy."
|
||
msgstr ""
|
||
"Untuk menerapkan kebijakan, Anda dapat mengonfigurasi layanan, firewall "
|
||
"berbasis host (seperti iptables), kebijakan lokal (SELinux atau AppArmor), "
|
||
"dan kebijakan jaringan global pilihan."
|
||
|
||
msgid ""
|
||
"To isolate sensitive data communication between the OpenStack Networking "
|
||
"services and other OpenStack core services, configure these communication "
|
||
"channels to only allow communication over an isolated management network."
|
||
msgstr ""
|
||
"Untuk mengisolasi komunikasi data sensitif antara layanan OpenStack "
|
||
"Networking dan layanan inti OpenStack lainnya, konfigurasikan saluran "
|
||
"komunikasi ini hanya untuk mengizinkan komunikasi melalui jaringan manajemen "
|
||
"yang terisolasi."
|
||
|
||
msgid ""
|
||
"To isolate sensitive database communications between the services and the "
|
||
"database, we strongly recommend that the database server(s) be configured to "
|
||
"only allow communications to and from the database over an isolated "
|
||
"management network. This is achieved by restricting the interface or IP "
|
||
"address on which the database server binds a network socket for incoming "
|
||
"client connections."
|
||
msgstr ""
|
||
"Untuk mengisolasi komunikasi basis data sensitif antara layanan dan "
|
||
"database, kami sangat menyarankan agar server database dikonfigurasi agar "
|
||
"hanya mengizinkan komunikasi ke dan dari database melalui jaringan manajemen "
|
||
"yang terisolasi. Hal ini dicapai dengan membatasi antarmuka atau alamat IP "
|
||
"yang digunakan server database untuk mengikat soket jaringan untuk koneksi "
|
||
"klien yang masuk."
|
||
|
||
msgid ""
|
||
"To provide a community driven facility for knowledge capture and "
|
||
"dissemination"
|
||
msgstr ""
|
||
"Menyediakan fasilitas berbasis komunitas untuk menangkap dan menyebarkan "
|
||
"pengetahuan"
|
||
|
||
msgid ""
|
||
"To provide access to Docker Swarm or Kubernetes using the native clients "
|
||
"(``docker`` or ``kubectl`` respectively) magnum uses TLS certificates. To "
|
||
"store the certificates, it is recommended to use Barbican , or the Magnum "
|
||
"Database (``x590keypair``)."
|
||
msgstr ""
|
||
"Untuk menyediakan akses ke Docker Swarm atau Kubernetes menggunakan klien "
|
||
"asli (``docker`` atau ``kubectl`` masing-masing) magnum menggunakan "
|
||
"sertifikat TLS. Untuk menyimpan sertifikat, disarankan untuk menggunakan "
|
||
"Barbican, atau Database Magnum (``x590keypair``)."
|
||
|
||
msgid ""
|
||
"To reduce security risks from orphan instances on a user, tenant, or domain "
|
||
"deletion in the Identity service there is discussion to generate "
|
||
"notifications in the system and have OpenStack components respond to these "
|
||
"events as appropriate such as terminating instances, disconnecting attached "
|
||
"volumes, reclaiming CPU and storage resources and so on."
|
||
msgstr ""
|
||
"Untuk mengurangi risiko keamanan dari instance tanpa induk (orphan) pada "
|
||
"pengguna, penyewa, atau penghapusan domain di layanan Identity, ada diskusi "
|
||
"untuk menghasilkan pemberitahuan di sistem dan apakah komponen OpenStack "
|
||
"merespons kejadian ini jika sesuai, misalnya menghentikan instance, "
|
||
"melepaskan volume terikat, reklamasi CPU dan sumber daya penyimpanan dan "
|
||
"sebagainya."
|
||
|
||
msgid "To register an internal URL for an endpoint:"
|
||
msgstr "Untuk mendaftarkan URL internal untuk endpoint:"
|
||
|
||
msgid ""
|
||
"To restrict the interface or IP address on which the OpenStack Networking "
|
||
"API service binds a network socket for incoming client connections, specify "
|
||
"the bind\\_host and bind\\_port in the neutron.conf file as shown:"
|
||
msgstr ""
|
||
"Untuk membatasi antarmuka atau alamat IP di mana layanan OpenStack "
|
||
"Networking API mengikat soket jaringan untuk koneksi klien yang masuk, "
|
||
"tentukan bind\\_host dan bind\\_port di file neutron.conf seperti yang "
|
||
"ditunjukkan:"
|
||
|
||
msgid ""
|
||
"To secure OpenStack Networking, you must understand how the workflow process "
|
||
"for tenant instance creation needs to be mapped to security domains."
|
||
msgstr ""
|
||
"Untuk mengamankan OpenStack Networking, Anda harus memahami bagaimana proses "
|
||
"alur kerja untuk pembuatan instance penyewa perlu dipetakan ke domain "
|
||
"keamanan."
|
||
|
||
msgid ""
|
||
"To start Federated authentication a user must access the dedicated URL with "
|
||
"Identity Provider’s and Protocol’s identifiers stored within a protected "
|
||
"URL. The URL has a format of: ``/v3/OS-FEDERATION/identity_providers/"
|
||
"{identity_provider}/protocols/{protocol}/auth``."
|
||
msgstr ""
|
||
"Untuk memulai otentikasi Federated, pengguna harus mengakses URL khusus "
|
||
"dengan Identity Provider dan pengenal Protokol yang tersimpan dalam URL yang "
|
||
"dilindungi.URL memiliki format: ``/v3/OS-FEDERATION/identity_providers/"
|
||
"{identity_provider}/protocols/{protocol}/auth``."
|
||
|
||
msgid ""
|
||
"To the cloud administrator, the API provides an overall view of the size and "
|
||
"state of the cloud deployment and allows the creation of users, tenants/"
|
||
"projects, assigning users to tenants/projects, and specifying resource "
|
||
"quotas on a per tenant/project basis."
|
||
msgstr ""
|
||
"Untuk administrator awan, API menyediakan keseluruhan tampilan ukuran dan "
|
||
"keadaan penyebaran awan dan memungkinkan pembuatan pengguna, penyewa / "
|
||
"proyek, menugaskan pengguna ke penyewa / proyek, dan menentukan kuota sumber "
|
||
"daya berdasarkan per penyewa / proyek."
|
||
|
||
msgid "To use ephemeral disk encryption, set **option**: 'enabled = true'"
|
||
msgstr ""
|
||
"Untuk menggunakan enkripsi disk fana, setel **option**: 'enabled = true'"
|
||
|
||
msgid ""
|
||
"To utilize Federation, create the following in the Identity service: "
|
||
"Identity Provider, Mapping, Protocol."
|
||
msgstr ""
|
||
"Untuk memanfaatkan Federation, buatlah hal berikut dalam layanan Identity: "
|
||
"Identity Provider, Mapping, Protocol."
|
||
|
||
msgid ""
|
||
"To verify further, perform these steps after completing the volume "
|
||
"encryption setup and creating the volume-type for LUKS as described in the "
|
||
"documentation referenced above."
|
||
msgstr ""
|
||
"Untuk memverifikasi lebih lanjut, lakukan langkah-langkah ini setelah "
|
||
"menyelesaikan penyiapan enkripsi volume dan buat tipe volume untuk LUKS "
|
||
"seperti yang dijelaskan dalam dokumentasi yang disebutkan di atas."
|
||
|
||
msgid ""
|
||
"To verify that access rules (ACL) were configured correctly for a share, you "
|
||
"can list its permissions."
|
||
msgstr ""
|
||
"Untuk memverifikasi bahwa aturan akses (ACL) telah dikonfigurasi dengan "
|
||
"benar untuk sebuah share, Anda dapat mendaftarkan perizinannya."
|
||
|
||
msgid "Tokens"
|
||
msgstr "Tokens"
|
||
|
||
msgid ""
|
||
"Too much time is spent administering identities in various service providers."
|
||
msgstr ""
|
||
"Terlalu banyak waktu yang dihabiskan untuk mengelola identitas di berbagai "
|
||
"provider layanan."
|
||
|
||
msgid "Track, document and verify media sanitization and disposal actions."
|
||
msgstr ""
|
||
"Melacak, mendokumentasikan dan memverifikasi tindakan sanitasi dan "
|
||
"pembuangan media."
|
||
|
||
msgid ""
|
||
"Traditionally, memory de-duplication systems are vulnerable to side channel "
|
||
"attacks. Both KSM and TPS have demonstrated to be vulnerable to some form of "
|
||
"attack. In academic studies, attackers were able to identify software "
|
||
"packages and versions running on neighboring virtual machines as well as "
|
||
"software downloads and other sensitive information through analyzing memory "
|
||
"access times on the attacker VM."
|
||
msgstr ""
|
||
"Secara tradisional, sistem de-duplication memori rentan terhadap serangan "
|
||
"saluran samping. KSM dan TPS telah menunjukkan rentan terhadap beberapa "
|
||
"bentuk serangan. Dalam studi akademis, penyerang dapat mengidentifikasi "
|
||
"paket dan versi perangkat lunak yang berjalan pada mesin virtual tetangga "
|
||
"serta unduhan perangkat lunak dan informasi sensitif lainnya melalui "
|
||
"analisis waktu akses memori pada VM penyerang."
|
||
|
||
msgid "Traffic inspection needs for load balancing."
|
||
msgstr "Inspeksi lalu lintas membutuhkan load balancing."
|
||
|
||
msgid "Transfer memory"
|
||
msgstr "Transfer memori"
|
||
|
||
msgid "Transfer state"
|
||
msgstr "Transfer status"
|
||
|
||
msgid ""
|
||
"Transport Layer Security (TLS) provides authentication between services and "
|
||
"persons using X.509 certificates. Although the default mode for TLS is "
|
||
"server-side only authentication, certificates may also be used for client "
|
||
"authentication."
|
||
msgstr ""
|
||
"Transport Layer Security (TLS) menyediakan otentikasi antara layanan dan "
|
||
"orang-orang yang menggunakan sertifikat X.509. Meskipun mode default untuk "
|
||
"TLS hanya otentikasi sisi server, sertifikat juga dapat digunakan untuk "
|
||
"otentikasi klien."
|
||
|
||
msgid "Triage"
|
||
msgstr "Triage"
|
||
|
||
msgid ""
|
||
"Trust Services are a set of professional attestation and advisory services "
|
||
"based on a core set of principles and criteria that address the risks and "
|
||
"opportunities of IT-enabled systems and privacy programs. Commonly known as "
|
||
"the SOC audits, the principles define what the requirement is and it is the "
|
||
"organizations responsibility to define the control that meets the "
|
||
"requirement."
|
||
msgstr ""
|
||
"Trust Services adalah satu set pengesahan profesional dan layanan konsultasi "
|
||
"berdasarkan seperangkat prinsip dan kriteria inti yang membahas risiko dan "
|
||
"peluang sistem dan program perlindungan TI. Biasanya dikenal sebagai audit "
|
||
"SOC, prinsip-prinsip tersebut menentukan apa persyaratannya dan tanggung "
|
||
"jawab organisasi untuk menentukan kontrol yang memenuhi persyaratan."
|
||
|
||
msgid "Trusted images"
|
||
msgstr "Images tepercaya"
|
||
|
||
msgid ""
|
||
"Trusted processes for managing the life cycle of disk images are required, "
|
||
"as are all the previously mentioned issues with respect to data security."
|
||
msgstr ""
|
||
"Proses tepercaya untuk mengelola siklus hidup image disk diperlukan, seperti "
|
||
"juga semua masalah yang disebutkan sebelumnya sehubungan dengan keamanan "
|
||
"data."
|
||
|
||
msgid "Twofish"
|
||
msgstr "Twofish"
|
||
|
||
msgid "Type"
|
||
msgstr "Tipe"
|
||
|
||
msgid ""
|
||
"Type 1 - report on the fairness of the presentation of management's "
|
||
"description of the service organization's system and the suitability of the "
|
||
"design of the controls to achieve the related control objectives included in "
|
||
"the description as of a specified date."
|
||
msgstr ""
|
||
"Tipe 1 - melaporkan kewajaran penyajian deskripsi manajemen tentang sistem "
|
||
"organisasi layanan dan kesesuaian rancangan kontrol untuk mencapai tujuan "
|
||
"pengendalian terkait yang termasuk dalam deskripsi pada tanggal yang "
|
||
"ditentukan."
|
||
|
||
msgid ""
|
||
"Type 2 - report on the fairness of the presentation of management's "
|
||
"description of the service organization's system and the suitability of the "
|
||
"design and operating effectiveness of the controls to achieve the related "
|
||
"control objectives included in the description throughout a specified period"
|
||
msgstr ""
|
||
"Tipe 2 - melaporkan kewajaran penyajian deskripsi manajemen tentang sistem "
|
||
"organisasi layanan dan kesesuaian desain dan efektivitas operasi kontrol "
|
||
"untuk mencapai tujuan pengendalian terkait yang termasuk dalam deskripsi "
|
||
"selama periode tertentu."
|
||
|
||
msgid ""
|
||
"Type 2 - report on the fairness of the presentation of management's "
|
||
"description of the service organization's system and the suitability of the "
|
||
"design and operating effectiveness of the controls to achieve the related "
|
||
"control objectives included in the description throughout a specified period."
|
||
msgstr ""
|
||
"Tipe 2 - melaporkan keadilan penyajian deskripsi manajemen tentang sistem "
|
||
"organisasi layanan dan kesesuaian desain dan efektivitas operasi kontrol "
|
||
"untuk mencapai tujuan pengendalian terkait yang termasuk dalam deskripsi "
|
||
"sepanjang periode yang ditentukan."
|
||
|
||
msgid ""
|
||
"Typically a metal box with spinning disks, ethernet ports, and some kind of "
|
||
"software that allows network clients to read and write files on the disks. "
|
||
"There are also software-only storage controllers that run on arbitrary "
|
||
"hardware, clustered controllers which may run allow a multiple physical "
|
||
"devices to appear as a single storage controller, or purely virtual storage "
|
||
"controllers."
|
||
msgstr ""
|
||
"Biasanya kotak logam dengan disk berputar, port ethernet, dan beberapa jenis "
|
||
"perangkat lunak yang memungkinkan klien jaringan membaca dan menulis file di "
|
||
"disk. Ada juga controller penyimpanan software-only yang berjalan di "
|
||
"perangkat keras sembarangan, controller kluster yang berjalan menigizinkan "
|
||
"beberapa perangkat fisik muncul sebagai controller penyimpanan tunggal, atau "
|
||
"controller penyimpanan virtual yang murni"
|
||
|
||
msgid ""
|
||
"Typically this is achieved through Copy-On-Write (COW) mechanisms. These "
|
||
"mechanisms have been shown to be vulnerable to side-channel attacks where "
|
||
"one VM can infer something about the state of another and might not be "
|
||
"appropriate for multi-tenant environments where not all tenants are trusted "
|
||
"or share the same levels of trust."
|
||
msgstr ""
|
||
"Biasanya hal ini dicapai melalui mekanisme Copy-On-Write (COW). Mekanisme "
|
||
"ini terbukti rentan terhadap serangan saluran samping di mana satu VM dapat "
|
||
"menyimpulkan sesuatu tentang keadaan lain dan mungkin tidak sesuai untuk "
|
||
"lingkungan multi-tenant dimana tidak semua penyewa dipercaya atau memiliki "
|
||
"tingkat kepercayaan yang sama."
|
||
|
||
msgid ""
|
||
"Typically used for compute instance-to-instance traffic, the guest security "
|
||
"domain handles compute data generated by instances on the cloud but not "
|
||
"services that support the operation of the cloud, such as API calls."
|
||
msgstr ""
|
||
"Biasanya digunakan untuk menghitung lalu lintas instance-to-instance, domain "
|
||
"keamanan tamu menangani data yang dihasilkan oleh kejadian di awan namun "
|
||
"bukan layanan yang mendukung pengoperasian awan, seperti panggilan API."
|
||
|
||
msgid ""
|
||
"Typically, when an SSH daemon is installed, host keys will be generated. It "
|
||
"is necessary that the hosts have sufficient entropy during host key "
|
||
"generation. Insufficient entropy during host key generation can result in "
|
||
"the possibility to eavesdrop on SSH sessions."
|
||
msgstr ""
|
||
"Biasanya, ketika daemon SSH terinstal, host key akan dihasilkan. Hal ini "
|
||
"diperlukan agar host memiliki entropi yang cukup selama generasi host key. "
|
||
"Entropi yang tidak mencukupi selama generasi host key dapat mengakibatkan "
|
||
"kemungkinan untuk menguping (eavesdrop) sesi SSH."
|
||
|
||
msgid ""
|
||
"US Export restrictions on cryptography systems have been lifted and no "
|
||
"longer need to be supported."
|
||
msgstr ""
|
||
"Pembatasan US Export pada sistem kriptografi telah dicabut dan tidak perlu "
|
||
"lagi didukung."
|
||
|
||
msgid "UUID tokens"
|
||
msgstr "UUID token"
|
||
|
||
msgid ""
|
||
"UUID tokens are persistent tokens. UUID tokens are 32 bytes in length and "
|
||
"must be persisted in the back-end. They are stored in the Identity service "
|
||
"back-end along with the metadata for authentication. Clients must pass their "
|
||
"UUID token to the Identity service in order to validate it. According to the "
|
||
"release notes for Pike(see `release notes <https://docs.openstack.org/"
|
||
"releasenotes/keystone/pike.html#deprecation-notes>`_), UUID token provider "
|
||
"is being deprecated in favor of Fernet tokens."
|
||
msgstr ""
|
||
"Token UUID adalah token yang terus-menerus (persistent). Token UUID "
|
||
"panjangnya 32 byte dan harus bertahan (persisted) di back-end. Mereka "
|
||
"disimpan dalam layanan Identity back-end bersama dengan metadata untuk "
|
||
"otentikasi. Klien harus menyerahkan token UUID mereka ke layanan Identity "
|
||
"untuk memvalidasinya. Menurut catatan rilis untuk Pike (lihat `release notes "
|
||
"<https://docs.openstack.org/releasenotes/keystone/pike.html#deprecation-"
|
||
"notes>`_), penyedia token UUID tidak dipakai lagi untuk menyetujui token "
|
||
"Fernet. ."
|
||
|
||
msgid "Understanding the audit process"
|
||
msgstr "Memahami proses audit"
|
||
|
||
msgid ""
|
||
"Unencrypted volume data makes volume-hosting platforms especially high-value "
|
||
"targets for attackers, as it allows the attacker to read the data for many "
|
||
"different VMs. In addition, the physical storage medium could be stolen, "
|
||
"remounted, and accessed from a different machine. Encrypting volume data "
|
||
"mitigates these risks and provides defense-in-depth to volume-hosting "
|
||
"platforms. Block Storage (cinder) is able to encrypt volume data before it "
|
||
"is written to disk, and we recommend that the volume encryption feature is "
|
||
"enabled. See the `Volume Encryption <https://docs.openstack.org/cinder/"
|
||
"latest/configuration/block-storage/volume-encryption.html>`__ section of the "
|
||
"Openstack Cinder Service Configuration documentation for instructions."
|
||
msgstr ""
|
||
"Data volume yang tidak terenkripsi membuat platform volume-hosting terutama "
|
||
"target high-value bagi penyerang, karena memungkinkan penyerang untuk "
|
||
"membaca data untuk berbagai VM berbeda. Selain itu, media penyimpanan fisik "
|
||
"bisa dicuri, di remount, dan diakses dari mesin yang berbeda. Encrypting "
|
||
"volume data mengurangi risiko ini dan memberikan defense-in-depth ke "
|
||
"platform volume-hosting. Block Storage (cinder) mampu mengenkripsi data "
|
||
"volume sebelum ditulis ke disk, dan kami merekomendasikan agar fitur "
|
||
"enkripsi volume diaktifkan. Lihat bagian `Volume Encryption <https://docs."
|
||
"openstack.org/cinder/latest/configuration/block-storage/volume-encryption."
|
||
"html>` __ dari dokumentasi Openstack Cinder Service Configuration untuk "
|
||
"mendapatkan petunjuk."
|
||
|
||
msgid ""
|
||
"Unfortunately, this solution complicates the task of more fine-grained "
|
||
"access control and the ability to audit data access. Because the nova-"
|
||
"conductor service receives requests over RPC, it highlights the importance "
|
||
"of improving the security of messaging. Any node with access to the message "
|
||
"queue may execute these methods provided by the nova-conductor and "
|
||
"effectively modifying the database."
|
||
msgstr ""
|
||
"Sayangnya, solusi ini mempersulit tugas kontrol akses yang lebih halus dan "
|
||
"kemampuan untuk mengaudit akses data. Karena layanan nova-conductor menerima "
|
||
"permintaan di atas RPC, ini menyoroti pentingnya meningkatkan keamanan "
|
||
"pesan. Setiap node dengan akses ke antrian pesan (message queue) dapat "
|
||
"menjalankan metode yang disediakan oleh konduktor nova dan memodifikasi "
|
||
"database secara efektif."
|
||
|
||
msgid ""
|
||
"Unless it is not explicitly changed in the ``policy.json``, either an "
|
||
"administrator or the tenant that owns a share are able to manage :ref:"
|
||
"`access to the shares <shared_fs_share_acl>`. Access management is done by "
|
||
"creating access rules with authentication through IP address, user, group, "
|
||
"or TLS certificates. Available authentication methods depend on which share "
|
||
"driver and security service you configure and use."
|
||
msgstr ""
|
||
"Unless it is not explicitly changed in the ``policy.json``, either an "
|
||
"administrator or the tenant that owns a share are able to manage :ref:"
|
||
"`access to the shares <shared_fs_share_acl>`. Manajemen akses dilakukan "
|
||
"dengan membuat aturan akses dengan otentikasi melalui sertifikat IP address, "
|
||
"user, group, atau TLS. Metode otentikasi yang tersedia bergantung pada "
|
||
"pengandar berbagi dan layanan keamanan yang Anda konfigurasikan dan gunakan."
|
||
|
||
msgid ""
|
||
"Unlike *no share servers* mode, in *share servers* mode users have a share "
|
||
"network and a share server that is created for each share network. Thus all "
|
||
"users have separate CPU, amount of CPU time, network, capacity and "
|
||
"throughput."
|
||
msgstr ""
|
||
"Tidak seperti mode *no share servers* , di mode *share server * pengguna "
|
||
"memiliki jaringan berbagi dan server berbagi yang dibuat untuk setiap "
|
||
"jaringan berbagi. Dengan demikian semua pengguna memiliki CPU terpisah, "
|
||
"jumlah waktu CPU, jaringan, kapasitas dan throughput."
|
||
|
||
msgid ""
|
||
"Unlike UUID, PKI and PKIZ tokens, fernet tokens do not require persistence. "
|
||
"The keystone token database no longer suffers bloat as a side effect of "
|
||
"authentication. Pruning expired tokens from the token database is no longer "
|
||
"required when using fernet tokens. Since fernet tokens are non-persistent, "
|
||
"they do not have to be replicated. As long as each keystone node shares the "
|
||
"same repository, fernet tokens can be created and validated instantly across "
|
||
"nodes."
|
||
msgstr ""
|
||
"Tidak seperti UUID, token PKI dan PKIZ, token fernet tidak memerlukan "
|
||
"persistence (ketekunan). Database token keystone tidak lagi mengalami bloat "
|
||
"(gembung) sebagai efek samping autentikasi. Bukti pemangkasan yang "
|
||
"kadaluarsa dari basis data token tidak diperlukan lagi saat menggunakan "
|
||
"token fernet. Karena token fernet tidak terus-menerus, mereka tidak perlu "
|
||
"direplikasi. Selama masing-masing node kunci berbagi repositori yang sama, "
|
||
"token fernet dapat dibuat dan divalidasi seketika di seluruh node."
|
||
|
||
msgid ""
|
||
"Unlike many similar systems, the OpenStack dashboard allows the entire "
|
||
"Unicode character set in most fields. This means developers have less "
|
||
"latitude to make escaping mistakes that open attack vectors for cross-site "
|
||
"scripting (XSS)."
|
||
msgstr ""
|
||
"Tidak seperti banyak sistem serupa, dasbor OpenStack memungkinkan seluruh "
|
||
"karakter Unicode diatur di sebagian besar bidang. Ini berarti pengembang "
|
||
"memiliki garis lintang (latitude) yang lebih sedikit untuk membuat kesalahan "
|
||
"melarikan diri (escaping mistake) yang membuka vektor serangan untuk cross-"
|
||
"site scripting (XSS)."
|
||
|
||
msgid "Unscoped token"
|
||
msgstr "Unscoped token"
|
||
|
||
msgid "Updates and patches"
|
||
msgstr "Pembaruan dan tambalan (patch)"
|
||
|
||
msgid "Upload your Service Provider’s metadata file to your Identity Provider."
|
||
msgstr "Upload file metadata Service Provider Anda ke Identity Provider. Anda."
|
||
|
||
msgid "Use Cases"
|
||
msgstr "Gunakan Kasus"
|
||
|
||
msgid ""
|
||
"Use a dedicated and hardened backup servers. The logs for the backup server "
|
||
"must be monitored daily and accessible by only few individuals."
|
||
msgstr ""
|
||
"Gunakan server backup dedicated dan hardened. Log untuk server backup harus "
|
||
"dipantau setiap hari dan hanya dapat diakses oleh beberapa individu."
|
||
|
||
msgid ""
|
||
"Use a private (V)LAN network segment for your storage nodes in the data "
|
||
"domain."
|
||
msgstr ""
|
||
"Gunakan segmen jaringan (V)LAN pribadi untuk node penyimpanan Anda di domain "
|
||
"data."
|
||
|
||
msgid ""
|
||
"Use a read-only file system where possible. Ensure that writeable file "
|
||
"systems do not permit execution. This can be handled with the ``noexec``, "
|
||
"``nosuid``, and ``nodev`` mount options in ``/etc/fstab``."
|
||
msgstr ""
|
||
"Gunakan sistem file read-only jika memungkinkan. Pastikan sistem berkas yang "
|
||
"dapat ditulis tidak mengizinkan eksekusi. Ini bisa ditangani dengan opsi "
|
||
"mount ``noexec``, ``nosuid``, dan ``nodev`` di ``/etc/fstab``."
|
||
|
||
msgid ""
|
||
"Use both mandatory access controls (MACs) and discretionary access controls "
|
||
"(DACs) to restrict the configuration for processes to only those processes. "
|
||
"This restriction prevents these processes from being isolated from other "
|
||
"processes that run on the same machine(s)."
|
||
msgstr ""
|
||
"Gunakan kontrol akses wajib (mandatory access control / MACs) dan "
|
||
"discretionary access controls (DAC) untuk membatasi konfigurasi proses hanya "
|
||
"pada proses tersebut. Pembatasan ini mencegah proses ini terisolasi dari "
|
||
"proses lain yang berjalan pada mesin yang sama."
|
||
|
||
msgid "Use data encryption options for storage and transmission of backups."
|
||
msgstr "Gunakan opsi enkripsi data untuk penyimpanan dan pengiriman backup."
|
||
|
||
msgid ""
|
||
"Use of the OpenStack volume encryption feature is highly encouraged. This is "
|
||
"discussed below in the Data Encryption section under Volume Encryption. When "
|
||
"this feature is used, destruction of data is accomplished by securely "
|
||
"deleting the encryption key. The end user can select this feature while "
|
||
"creating a volume, but note that an admin must perform a one-time set up of "
|
||
"the volume encryption feature first. Instructions for this setup are in the "
|
||
"block storage section of the `Configuration Reference <https://docs."
|
||
"openstack.org/ocata/config-reference/block-storage/volume-encryption."
|
||
"html>`__ , under volume encryption."
|
||
msgstr ""
|
||
"Penggunaan fitur enkripsi volume OpenStack sangat dianjurkan. Ini dibahas di "
|
||
"bawah ini di bagian Data Encryption di bawah Volume Encryption. Bila fitur "
|
||
"ini digunakan, penghancuran data dilakukan dengan melepaskan kunci enkripsi "
|
||
"secara aman. End user dapat memilih fitur ini saat membuat volume, namun "
|
||
"perhatikan bahwa seorang admin harus melakukan pengaturan enkripsi volume "
|
||
"satu kali terlebih dahulu. Petunjuk untuk penyiapan ini ada di bagian "
|
||
"penyimpanan blok pada `Configuration Reference <https://docs.openstack.org/"
|
||
"ocata/config-reference/block-storage/volume-encryption.html>`__ , di bawah "
|
||
"enkripsi volume."
|
||
|
||
msgid ""
|
||
"Use strong passwords and safeguard them, or use client-side TLS "
|
||
"authentication."
|
||
msgstr ""
|
||
"Gunakan kata sandi yang kuat dan jaga mereka, atau gunakan otentikasi TLS "
|
||
"sisi klien."
|
||
|
||
msgid "Used by"
|
||
msgstr "Used by"
|
||
|
||
msgid ""
|
||
"Used for VM data communication within the cloud deployment. The IP "
|
||
"addressing requirements of this network depend on the OpenStack Networking "
|
||
"plug-in in use and the network configuration choices of the virtual networks "
|
||
"made by the tenant. This network is considered the Guest Security Domain."
|
||
msgstr ""
|
||
"Digunakan untuk komunikasi data VM dalam penyebaran awan. Persyaratan "
|
||
"pengalamatan IP dari jaringan ini bergantung pada plug-in OpenStack "
|
||
"Networking yang digunakan dan pilihan konfigurasi jaringan dari jaringan "
|
||
"virtual yang dibuat oleh penyewa. Jaringan ini dianggap sebagai Guest "
|
||
"Security Domain."
|
||
|
||
msgid ""
|
||
"Used for internal communication between OpenStack Components. The IP "
|
||
"addresses on this network should be reachable only within the data center "
|
||
"and is considered the Management Security Domain."
|
||
msgstr ""
|
||
"Digunakan untuk komunikasi internal antara OpenStack Components. Alamat IP "
|
||
"pada jaringan ini harus dapat dicapai hanya di dalam data center dan "
|
||
"dianggap sebagai Management Security Domain."
|
||
|
||
msgid ""
|
||
"Used to provide VMs with Internet access in some deployment scenarios. The "
|
||
"IP addresses on this network should be reachable by anyone on the Internet. "
|
||
"This network is considered to be in the Public Security Domain."
|
||
msgstr ""
|
||
"Digunakan untuk menyediakan VM dengan akses Internet dalam beberapa skenario "
|
||
"penyebaran. Alamat IP pada jaringan ini harus dapat dijangkau oleh siapapun "
|
||
"di Internet. Jaringan ini dianggap berada dalam Public Security Domain."
|
||
|
||
msgid "User access to resources"
|
||
msgstr "Akses pengguna ke sumber daya"
|
||
|
||
msgid "User's \"Real Name\""
|
||
msgstr "\"Real Name\" pengguna"
|
||
|
||
msgid ""
|
||
"User, process, or system that is the subject of a certificate. The end "
|
||
"entity sends its certificate request to a Registration Authority (RA) for "
|
||
"approval. If approved, the RA forwards the request to a Certification "
|
||
"Authority (CA). The Certification Authority verifies the request and if the "
|
||
"information is correct, a certificate is generated and signed. This signed "
|
||
"certificate is then send to a Certificate Repository."
|
||
msgstr ""
|
||
"Pengguna, proses, atau sistem yang menjadi subjek sertifikat. Entitas akhir "
|
||
"mengirimkan permintaan sertifikasinya ke Registration Authority (RA) untuk "
|
||
"mendapatkan persetujuan. Jika disetujui, RA meneruskan permintaan ke "
|
||
"Certification Authority (CA). Certification Authority memverifikasi "
|
||
"permintaan dan jika informasinya benar, sertifikat dibuat dan "
|
||
"ditandatangani. Sertifikat yang ditandatangani ini kemudian dikirim ke "
|
||
"Certificate Repository."
|
||
|
||
msgid ""
|
||
"Users must be assigned to groups and roles that you refer to in your "
|
||
"policies. This is done automatically by the service when user management "
|
||
"commands are used."
|
||
msgstr ""
|
||
"Pengguna harus ditugaskan ke grup dan peran yang Anda lihat dalam kebijakan "
|
||
"Anda. Hal ini dilakukan secara otomatis oleh layanan saat perintah manajemen "
|
||
"pengguna digunakan."
|
||
|
||
msgid ""
|
||
"Users or organizations that possess PHI must support HIPAA requirements and "
|
||
"are HIPAA covered entities. If an entity intends to use a service, or in "
|
||
"this case, an OpenStack cloud that might use, store or have access to that "
|
||
"PHI, then a Business Associate Agreement (BAA) must be signed. The BAA is a "
|
||
"contract between the HIPAA covered entity and the OpenStack service provider "
|
||
"that requires the provider to handle that PHI in accordance with HIPAA "
|
||
"requirements. If the service provider does not handle the PHI, such as with "
|
||
"security controls and hardening, then they are subject to HIPAA fines and "
|
||
"penalties."
|
||
msgstr ""
|
||
"Pengguna atau organisasi yang memiliki PHI harus mendukung persyaratan HIPAA "
|
||
"dan entitas tertutup HIPAA. Jika suatu entitas bermaksud untuk menggunakan "
|
||
"suatu layanan, atau dalam hal ini, sebuah awan OpenStack yang mungkin "
|
||
"menggunakan, menyimpan atau memiliki akses ke PHI tersebut, maka Business "
|
||
"Associate Agreement (BAA) harus ditandatangani. BAA adalah kontrak antara "
|
||
"entitas tertutup HIPAA dan penyedia layanan OpenStack yang mengharuskan "
|
||
"penyedia untuk menangani PHI tersebut sesuai dengan persyaratan HIPAA. Jika "
|
||
"penyedia layanan tidak menangani PHI, seperti dengan kontrol keamanan dan "
|
||
"pengerasan (hardening), maka mereka tunduk pada denda HIPAA dan denda."
|
||
|
||
msgid ""
|
||
"Users spend too much time logging in or going through 'Forget Password' "
|
||
"workflows. Federated identity allows for single sign on, which is easier and "
|
||
"faster for users and requires fewer password resets. The IdPs manage user "
|
||
"identities and passwords so OpenStack does not have to."
|
||
msgstr ""
|
||
"Pengguna menghabiskan terlalu banyak waktu untuk masuk atau melewati alur "
|
||
"kerja 'Forget Password'. Federated identity memungkinkan masuk tunggal, yang "
|
||
"lebih mudah dan lebih cepat bagi pengguna dan memerlukan lebih sedikit "
|
||
"penyetelan ulang kata sandi. Idps mengelola identitas pengguna dan kata "
|
||
"sandi sehingga OpenStack tidak perlu melakukannya."
|
||
|
||
msgid ""
|
||
"Using SQL, the Shared File Systems service is similar to other OpenStack "
|
||
"services and can be used with any OpenStack deployment. For more details on "
|
||
"the API, see the `OpenStack Shared File Systems API <https://developer."
|
||
"openstack.org/api-ref-share-v2.html>`_ description. For more details on the "
|
||
"CLI usage and configuration, see `Shared File Systems Cloud Administrative "
|
||
"Guide <https://docs.openstack.org/admin-guide/shared_file_systems.html>`_."
|
||
msgstr ""
|
||
"Menggunakan SQL, layanan Shared File Systems mirip dengan layanan OpenStack "
|
||
"lainnya dan dapat digunakan dengan penerapan OpenStack. Untuk detail lebih "
|
||
"lanjut tentang API, lihat deskripsi 'OpenStack Shared File Systems API "
|
||
"<https://developer.openstack.org/api-ref-share-v2.html> `_. Untuk detail "
|
||
"lebih lanjut tentang penggunaan dan konfigurasi CLI, lihat `Shared File "
|
||
"Systems Cloud Administrative Guide <https://docs.openstack.org/admin-guide/"
|
||
"shared_file_systems.html>`_."
|
||
|
||
msgid "Using compiler hardening."
|
||
msgstr "Menggunakan kompilator pengerasan."
|
||
|
||
msgid "Using mandatory access controls such as sVirt, SELinux, or AppArmor."
|
||
msgstr "Menggunakan kontrol akses wajib seperti sVirt, SELinux, atau AppArmor."
|
||
|
||
msgid ""
|
||
"Using the API, users can create, update, view and delete a security service. "
|
||
"Security Services are designed basing on the following assumptions:"
|
||
msgstr ""
|
||
"Dengan menggunakan API, pengguna dapat membuat, memperbarui, melihat dan "
|
||
"menghapus layanan keamanan. Security Service dirancang berdasarkan asumsi "
|
||
"berikut:"
|
||
|
||
msgid ""
|
||
"Using the Shared File Systems service, you can grant or deny access to a "
|
||
"share by specifying one of these supported share access levels:"
|
||
msgstr ""
|
||
"Dengan menggunakan layanan Shared File System, Anda dapat memberikan atau "
|
||
"menolak akses ke share dengan menentukan salah satu tingkat akses share yang "
|
||
"didukung ini:"
|
||
|
||
msgid ""
|
||
"VLAN configuration complexity depends on your OpenStack design requirements. "
|
||
"In order to allow OpenStack Networking to efficiently use VLANs, you must "
|
||
"allocate a VLAN range (one for each tenant) and turn each compute node "
|
||
"physical switch port into a VLAN trunk port."
|
||
msgstr ""
|
||
"Kompleksitas konfigurasi VLAN bergantung pada persyaratan desain OpenStack "
|
||
"Anda. Untuk memungkinkan OpenStack Networking menggunakan VLAN secara "
|
||
"efisien, Anda harus mengalokasikan rentang VLAN (satu untuk setiap penyewa) "
|
||
"dan mengubah masing-masing compute node physical switch port menjadi VLAN "
|
||
"trunk port."
|
||
|
||
msgid "VLANs"
|
||
msgstr "VLAN"
|
||
|
||
msgid ""
|
||
"VLANs are realized as packets on a specific physical network containing IEEE "
|
||
"802.1Q headers with a specific VLAN ID (VID) field value. VLAN networks "
|
||
"sharing the same physical network are isolated from each other at L2, and "
|
||
"can even have overlapping IP address spaces. Each distinct physical network "
|
||
"supporting VLAN networks is treated as a separate VLAN trunk, with a "
|
||
"distinct space of VID values. Valid VID values are 1 through 4094."
|
||
msgstr ""
|
||
"VLAN direalisasikan sebagai paket pada jaringan fisik tertentu yang berisi "
|
||
"header IEEE 802.1Q dengan nilai field VLAN ID (VID) tertentu. Jaringan VLAN "
|
||
"yang berbagi jaringan fisik yang sama diisolasi satu sama lain di L2, dan "
|
||
"bahkan bisa memiliki ruang alamat IP yang tumpang tindih. Setiap jaringan "
|
||
"fisik yang berbeda yang mendukung jaringan VLAN diperlakukan sebagai VLAN "
|
||
"trunk yang terpisah, dengan ruang nilai VID yang berbeda. Nilai VID yang "
|
||
"valid adalah 1 sampai 4094."
|
||
|
||
msgid "VMWare:"
|
||
msgstr "VMWare:"
|
||
|
||
msgid "VT-c"
|
||
msgstr "VT-c"
|
||
|
||
msgid "VT-d / AMD-Vi"
|
||
msgstr "VT-d / AMD-Vi"
|
||
|
||
msgid "Various"
|
||
msgstr "Various"
|
||
|
||
msgid ""
|
||
"Various components of the OpenStack Networking services use either the "
|
||
"messaging queue or database connections to communicate with other components "
|
||
"in OpenStack Networking."
|
||
msgstr ""
|
||
"Berbagai komponen layanan OpenStack Networking menggunakan antrian pesan "
|
||
"atau koneksi database untuk berkomunikasi dengan komponen lain di OpenStack "
|
||
"Networking."
|
||
|
||
msgid ""
|
||
"Verification of image signatures assures that an image is not replaced or "
|
||
"changed since the time of original upload. The image signature verification "
|
||
"feature uses Castellan as its key manager for storing cryptographic "
|
||
"signatures. An image signature and certificate UUID is uploaded along with "
|
||
"the image to the Image (glance) service. Glance verifies the signature after "
|
||
"retrieving the certificate from the key manager. When the image is booted, "
|
||
"the Compute service (nova) verifys the signature after it retrieves the "
|
||
"certificate from the key manager."
|
||
msgstr ""
|
||
"Verifikasi image signature memastikan bahwa image tidak diganti atau diganti "
|
||
"sejak saat upload asli. Fitur verifikasi image signature menggunakan "
|
||
"Castellan sebagai manajer kunci untuk menyimpan cryptographic signature. "
|
||
"Image signature dan certificate UUID diunggah bersamaan dengan image ke "
|
||
"layanan Image (glance). Glance memverifikasi signature setelah mengambil "
|
||
"sertifikat dari manajer kunci. Saat image di-boot, layanan Compute (nova) "
|
||
"memverifikasi signature setelah mengambil sertifikat dari manajer kunci."
|
||
|
||
msgid "Verified boot"
|
||
msgstr "Boot terverifikasi"
|
||
|
||
msgid ""
|
||
"Vibha Fauver, GWEB, CISSP, PMP, has over fifteen years of experience in "
|
||
"Information Technology. Her areas of specialization include software "
|
||
"engineering, project management and information security. She has a B.S. in "
|
||
"Computer & Information Science and a M.S. in Engineering Management with "
|
||
"specialization and a certificate in Systems Engineering."
|
||
msgstr ""
|
||
"Vibha Fauver, GWEB, CISSP, PMP, memiliki pengalaman lebih dari lima belas "
|
||
"tahun di bidang Teknologi Informasi. Bidang spesialisasi termasuk rekayasa "
|
||
"perangkat lunak, manajemen proyek dan keamanan informasi. Dia memiliki B.S. "
|
||
"di Ilmu Komputer & Informasi dan M.S. di bidang Teknik Manajemen dengan "
|
||
"spesialisasi dan sertifikat di bidang Systems Engineering."
|
||
|
||
msgid "Virtual Machine (multi-tenant) threats"
|
||
msgstr "Ancaman Virtual Machine (multi-tenant)"
|
||
|
||
msgid "Virtual Network Computer (VNC)"
|
||
msgstr "Virtual Network Computer (VNC)"
|
||
|
||
msgid "Virtual hardware (QEMU)"
|
||
msgstr "Virtual hardware (QEMU)"
|
||
|
||
msgid "Virtual machine images in the Image service"
|
||
msgstr "Image mesin virtual dalam layanan Image"
|
||
|
||
msgid "Volume Wiping"
|
||
msgstr "Volume Wiping"
|
||
|
||
msgid "Volume data contained within iSCSI packets is encrypted"
|
||
msgstr "Data volume yang terkandung dalam paket iSCSI dienkripsi"
|
||
|
||
msgid "Volume encryption"
|
||
msgstr "Enkripsi volume"
|
||
|
||
msgid ""
|
||
"Volume encryption is supported by back-end key storage for enhanced security "
|
||
"(for example, a Hardware Security Module (HSM) or a KMIP server can be used "
|
||
"as a barbican back-end secret store)"
|
||
msgstr ""
|
||
"Enkripsi volume didukung oleh penyimpanan kunci back-end untuk keamanan yang "
|
||
"ditingkatkan (misalnya, Hardware Security Module (HSM) atau server KMIP "
|
||
"dapat digunakan sebagai penyimpanan rahasia back-end barbican)"
|
||
|
||
msgid "Vulnerability awareness"
|
||
msgstr "Kesadaran akan kerentanan"
|
||
|
||
msgid "Vulnerability management"
|
||
msgstr "Manajemen Kerentanan"
|
||
|
||
msgid ""
|
||
"We advise that you read this at your own discretion when planning on "
|
||
"implementing security measures for your OpenStack cloud."
|
||
msgstr ""
|
||
"Kami menyarankan agar Anda membaca ini berdasarkan pertimbangan Anda sendiri "
|
||
"saat merencanakan penerapan langkah keamanan untuk awan OpenStack Anda."
|
||
|
||
msgid "We also recommend the following additional steps for production nodes:"
|
||
msgstr ""
|
||
"Kami juga merekomendasikan langkah-langkah tambahan berikut untuk node "
|
||
"produksi:"
|
||
|
||
msgid ""
|
||
"We briefly introduce the kinds of clouds (private, public, and hybrid) "
|
||
"before presenting an overview of the OpenStack components and their related "
|
||
"security concerns in the remainder of the chapter."
|
||
msgstr ""
|
||
"Kami secara singkat memperkenalkan jenis awan (private, public, and hybrid) "
|
||
"sebelum menyajikan ikhtisar komponen OpenStack dan masalah keamanan terkait "
|
||
"mereka di sisa bab ini."
|
||
|
||
msgid ""
|
||
"We consider entropy to refer to the quality and source of random data that "
|
||
"is available to an instance. Cryptographic technologies typically rely "
|
||
"heavily on randomness, requiring a high quality pool of entropy to draw "
|
||
"from. It is typically hard for a virtual machine to get enough entropy to "
|
||
"support these operations, which is referred to as entropy starvation. "
|
||
"Entropy starvation can manifest in instances as something seemingly "
|
||
"unrelated. For example, slow boot time may be caused by the instance waiting "
|
||
"for ssh key generation. Entropy starvation may also motivate users to employ "
|
||
"poor quality entropy sources from within the instance, making applications "
|
||
"running in the cloud less secure overall."
|
||
msgstr ""
|
||
"Kami mempertimbangkan entropi untuk mengacu pada kualitas dan sumber data "
|
||
"acak yang tersedia untuk sebuah instance. Teknologi kriptografi biasanya "
|
||
"sangat bergantung pada keacakan, membutuhkan kolam entropi berkualitas "
|
||
"tinggi untuk menariknya. Biasanya sulit bagi mesin virtual untuk mendapatkan "
|
||
"entropi yang cukup untuk mendukung operasi ini, yang disebut sebagai entropy "
|
||
"starvation. Kelainan entropi dapat bermanifestasi dalam instance sebagai "
|
||
"sesuatu yang tampaknya tidak terkait. Misalnya, waktu boot yang lambat "
|
||
"mungkin disebabkan oleh instance menunggu generasi kunci ssh. Entropy "
|
||
"starvation juga dapat memotivasi pengguna untuk menggunakan sumber entropi "
|
||
"berkualitas buruk dari dalam instance, membuat aplikasi berjalan di awan "
|
||
"kurang aman secara keseluruhan."
|
||
|
||
msgid ""
|
||
"We define integrity life cycle as a deliberate process that provides "
|
||
"assurance that we are always running the expected software with the expected "
|
||
"configurations throughout the cloud. This process begins with :term:`secure "
|
||
"bootstrapping <secure boot>` and is maintained through configuration "
|
||
"management and security monitoring. This chapter provides recommendations on "
|
||
"how to approach the integrity life-cycle process."
|
||
msgstr ""
|
||
"Kami mendefinisikan siklus hidup integritas sebagai proses yang disengaja "
|
||
"yang memberikan kepastian bahwa kami selalu menjalankan perangkat lunak yang "
|
||
"diharapkan dengan konfigurasi yang diharapkan di seluruh awan. Proses ini "
|
||
"dimulai dengan :term:`secure bootstrapping <secure boot>` dan dikelola "
|
||
"melalui manajemen konfigurasi dan pemantauan keamanan. Bab ini memberikan "
|
||
"rekomendasi bagaimana mendekati proses siklus hidup integritas."
|
||
|
||
msgid ""
|
||
"We do not recommend using front-end caching tools with the dashboard. The "
|
||
"dashboard is rendering dynamic content resulting directly from OpenStack API "
|
||
"requests and front-end caching layers such as varnish can prevent the "
|
||
"correct content from being displayed. In Django, static media is directly "
|
||
"served from Apache or :term:`Nginx` and already benefits from web host "
|
||
"caching."
|
||
msgstr ""
|
||
"Kami tidak merekomendasikan penggunaan alat caching front-end dengan dasbor. "
|
||
"Dasbor menampilkan konten dinamis yang dihasilkan langsung dari permintaan "
|
||
"API OpenStack dan lapisan caching front-end seperti lapisan pernis dapat "
|
||
"mencegah konten yang benar ditampilkan. Di Django, media statis langsung "
|
||
"dilayani dari Apache atau :term:`Nginx` dan sudah mendapat manfaat dari "
|
||
"caching host web."
|
||
|
||
msgid ""
|
||
"We highly recommend enabling transport-level cryptography for your message "
|
||
"queue. Using TLS for the messaging client connections provides protection of "
|
||
"the communications from tampering and eavesdropping in-transit to the "
|
||
"messaging server. Below is guidance on how TLS is typically configured for "
|
||
"the two popular messaging servers Qpid and RabbitMQ. When configuring the "
|
||
"trusted certificate authority (CA) bundle that your messaging server uses to "
|
||
"verify client connections, it is recommended that this be limited to only "
|
||
"the CA used for your nodes, preferably an internally managed CA. The bundle "
|
||
"of trusted CAs will determine which client certificates will be authorized "
|
||
"and pass the client-server verification step of the setting up the TLS "
|
||
"connection. Note, when installing the certificate and key files, ensure that "
|
||
"the file permissions are restricted, for example using ``chmod 0600``, and "
|
||
"the ownership is restricted to the messaging server daemon user to prevent "
|
||
"unauthorized access by other processes and users on the messaging server."
|
||
msgstr ""
|
||
"Kami sangat menyarankan mengaktifkan kriptografi tingkat transportasi untuk "
|
||
"antrean pesan Anda. Menggunakan TLS untuk koneksi klien pesan memberi "
|
||
"perlindungan terhadap komunikasi dari gangguan dan penyadapan transit ke "
|
||
"server pesan. Berikut adalah panduan tentang bagaimana TLS biasanya "
|
||
"dikonfigurasi untuk dua server pesan populer Qpid dan RabbitMQ. Saat "
|
||
"mengkonfigurasi bundle certificate authority (CA) terpercaya dimana server "
|
||
"pesan Anda memverifikasi koneksi klien, kami sarankan agar ini hanya "
|
||
"terbatas pada CA yang digunakan untuk nodus Anda, sebaiknya CA dikelola "
|
||
"secara internal. Paket CA yang tepercaya akan menentukan sertifikat klien "
|
||
"mana yang akan diberi otorisasi dan melewati langkah verifikasi klien-server "
|
||
"untuk menyiapkan koneksi TLS. Catatan, saat menginstal sertifikat dan file "
|
||
"kunci, pastikan hak akses file dibatasi, misalnya menggunakan ``chmod "
|
||
"0600``, dan kepemilikan dibatasi pada pengguna daemon server pesan untuk "
|
||
"mencegah akses yang tidak sah oleh proses dan pengguna lain di server pesan"
|
||
|
||
msgid ""
|
||
"We recommend configuring X.509 client certificates on all the OpenStack "
|
||
"service nodes for client connections to the messaging queue and where "
|
||
"possible (currently only Qpid) perform authentication with X.509 client "
|
||
"certificates. When using user names and passwords, accounts should be "
|
||
"created per-service and node for finer grained auditability of access to the "
|
||
"queue."
|
||
msgstr ""
|
||
"Sebaiknya konfigurasikan sertifikat klien X.509 pada semua node layanan "
|
||
"OpenStack untuk koneksi klien ke antrian pesan dan jika mungkin (saat ini "
|
||
"hanya Qpid) melakukan otentikasi dengan sertifikat klien X.509. Bila "
|
||
"menggunakan nama pengguna dan kata sandi, akun harus dibuat per-service dan "
|
||
"node untuk mendapatkan aksesibilitas yang lebih halus terhadap antrian."
|
||
|
||
msgid ""
|
||
"We recommend documenting all the data flows and bridging points between "
|
||
"these services and the data processing controller. See :doc:`../"
|
||
"documentation`."
|
||
msgstr ""
|
||
"Kami merekomendasikan untuk mendokumentasikan semua data flow dan bridging "
|
||
"point antara layanan ini dan data processing controller. Lihat :doc:`../"
|
||
"documentation`."
|
||
|
||
msgid ""
|
||
"We recommend keeping up to date on security issues and advisories as they "
|
||
"are published. The `OpenStack Security Portal <https://security.openstack."
|
||
"org/>`_ is the central portal where advisories, notices, meetings, and "
|
||
"processes can be coordinated. Additionally, the `OpenStack Vulnerability "
|
||
"Management Team (VMT) portal <https://security.openstack.org/#vulnerability-"
|
||
"management>`_ coordinates remediation within OpenStack, as well as the "
|
||
"process of investigating reported bugs which are responsibly disclosed "
|
||
"(privately) to the VMT, by marking the bug as 'This bug is a security "
|
||
"vulnerability'. Further detail is outlined in the `VMT process page <https://"
|
||
"security.openstack.org/vmt-process.html#process>`_ and results in an "
|
||
"OpenStack Security Advisory (OSSA). This OSSA outlines the issue and the "
|
||
"fix, as well as linking to both the original bug, and the location where the "
|
||
"where the patch is hosted."
|
||
msgstr ""
|
||
"Sebaiknya tetap up to date mengenai masalah keamanan dan nasihat saat "
|
||
"diterbitkan. The `OpenStack Security Portal <https://security.openstack.org/"
|
||
"> `_ adalah portal utama dimana saran, pemberitahuan, rapat, dan proses "
|
||
"dapat dikoordinasikan. Selain itu, portal `OpenStack Vulnerability "
|
||
"Management Team (VMT) <https://security.openstack.org/#vulnerability-"
|
||
"management>` _ mengkoordinasikan remediasi di dalam OpenStack, serta proses "
|
||
"menyelidiki bug yang dilaporkan yang bertanggung jawab diungkapkan (secara "
|
||
"pribadi ) ke VMT, dengan menandai bug sebagai 'This bug is a security "
|
||
"vulnerability'. Detail lebih lanjut diuraikan di halaman proses `VMT "
|
||
"<https://security.openstack.org/vmt-process.html#process>` _ dan hasilnya di "
|
||
"OpenStack Security Advisory (OSSA). OSSA ini menguraikan masalah dan "
|
||
"perbaikannya, serta menghubungkan ke bug asli, dan lokasi tempat penyimpanan "
|
||
"patch."
|
||
|
||
msgid ""
|
||
"We recommend keeping up to date on security issues and advisories as they "
|
||
"are published. The `OpenStack Security Portal <https://security.openstack."
|
||
"org>`_ is the central portal where advisories, notices, meetings, and "
|
||
"processes can be coordinated. Additionally, the `OpenStack Vulnerability "
|
||
"Management Team (VMT) portal <https://security.openstack.org/#openstack-"
|
||
"vulnerability-management-team>`_ coordinates remediation within the "
|
||
"OpenStack project, as well as the process of investigating reported bugs "
|
||
"which are responsibly disclosed (privately) to the VMT, by marking the bug "
|
||
"as 'This bug is a security vulnerability'. Further detail is outlined in the "
|
||
"`VMT process page <https://security.openstack.org/vmt-process."
|
||
"html#process>`_ and results in an OpenStack Security Advisory (OSSA). This "
|
||
"OSSA outlines the issue and the fix, as well as linking to both the original "
|
||
"bug, and the location where the where the patch is hosted."
|
||
msgstr ""
|
||
"Kami menyarankan agar Anda selalu mengetahui masalah keamanan dan saran saat "
|
||
"dipublikasikan. The `OpenStack Security Portal <https://security.openstack."
|
||
"org>`_ adalah portal pusat tempat nasihat, pemberitahuan, rapat, dan proses "
|
||
"dapat dikoordinasikan. Selain itu, portal `OpenStack Vulnerability "
|
||
"Management Team (VMT) <https://security.openstack.org/#openstack-"
|
||
"vulnerability-management-team>` _ mengoordinasikan remediasi dalam proyek "
|
||
"OpenStack, serta proses penyelidikan bug yang dilaporkan yang secara terbuka "
|
||
"diungkapkan (secara pribadi) ke VMT, dengan menandai bug sebagai 'This bug "
|
||
"is a security vulnerability'. Rincian lebih lanjut diuraikan dalam `VMT "
|
||
"process page <https://security.openstack.org/vmt-process.html#process>` _ "
|
||
"dan menghasilkan OpenStack Security Advisory (OSSA). OSSA ini menguraikan "
|
||
"masalah dan perbaikannya, serta menautkan ke bug asli, dan lokasi tempat "
|
||
"tambalan (patch) di-host."
|
||
|
||
msgid ""
|
||
"We recommend minimizing the QEMU code base by removing unused components "
|
||
"from the system. QEMU provides support for many different virtual hardware "
|
||
"devices, however only a small number of devices are needed for a given "
|
||
"instance. The most common hardware devices are the virtio devices. Some "
|
||
"legacy instances will need access to specific hardware, which can be "
|
||
"specified using glance metadata:"
|
||
msgstr ""
|
||
"Kami merekomendasikan untuk meminimalkan basis kode QEMU dengan melepaskan "
|
||
"komponen yang tidak terpakai dari sistem. QEMU menyediakan dukungan untuk "
|
||
"berbagai perangkat perangkat keras virtual yang berbeda, namun hanya "
|
||
"sejumlah kecil perangkat yang dibutuhkan untuk instance tertentu. Perangkat "
|
||
"perangkat keras yang paling umum adalah perangkat virtio. Beberapa instance "
|
||
"lawas memerlukan akses ke perangkat keras tertentu, yang dapat ditentukan "
|
||
"dengan menggunakan metadata sekilas:"
|
||
|
||
msgid ""
|
||
"We recommend testing your QEMU executable file after it is compiled to "
|
||
"ensure that the compiler hardening worked properly."
|
||
msgstr ""
|
||
"Kami merekomendasikan untuk menguji file eksekusi QEMU Anda setelah "
|
||
"dikompilasi untuk memastikan bahwa pengerasan kompilator bekerja dengan "
|
||
"benar."
|
||
|
||
msgid ""
|
||
"We recommend that admin users authenticate using Identity service and an "
|
||
"external authentication service that supports 2-factor authentication, such "
|
||
"as a certificate. This reduces the risk from passwords that may be "
|
||
"compromised. This recommendation is in compliance with NIST 800-53 IA-2(1) "
|
||
"guidance in the use of multi-factor authentication for network access to "
|
||
"privileged accounts."
|
||
msgstr ""
|
||
"Sebaiknya pengguna admin mengautentikasi menggunakan layanan Identitas dan "
|
||
"layanan autentikasi eksternal yang mendukung autentikasi 2 faktor, seperti "
|
||
"sertifikat. Hal ini mengurangi risiko dari password yang mungkin "
|
||
"dikompromikan. Rekomendasi ini sesuai dengan panduan NIST 800-53 IA-2 (1) "
|
||
"dalam penggunaan autentikasi multi-faktor untuk akses jaringan ke akun "
|
||
"istimewa."
|
||
|
||
msgid ""
|
||
"We recommend that all production deployments use HTTP strict transport "
|
||
"security (HSTS). This header prevents browsers from making insecure "
|
||
"connections after they have made a single secure one. If you have deployed "
|
||
"your HTTP services on a public or an untrusted domain, HSTS is especially "
|
||
"important. To enable HSTS, configure your web server to send a header like "
|
||
"this with all requests:"
|
||
msgstr ""
|
||
"Sebaiknya semua penerapan produksi menggunakan keamanan transportasi ketat "
|
||
"HTTP (HSTS). Header ini mencegah browser membuat koneksi yang tidak aman "
|
||
"setelah mereka membuat suatu single secure. Jika Anda telah menyebarkan "
|
||
"layanan HTTP Anda di domain publik atau yang tidak tepercaya, HSTS sangat "
|
||
"penting. Untuk mengaktifkan HSTS, konfigurasikan server web Anda untuk "
|
||
"mengirim header seperti ini dengan semua permintaan:"
|
||
|
||
msgid ""
|
||
"We recommend that implementers `disable HORIZON_IMAGES_ALLOW_UPLOAD <https://"
|
||
"docs.openstack.org/horizon/latest/user/manage-images.html#upload-an-image>`_ "
|
||
"unless they have implemented a plan to prevent resource exhaustion and "
|
||
"denial of service."
|
||
msgstr ""
|
||
"Kami merekomendasikan pelaksana `disable HORIZON_IMAGES_ALLOW_UPLOAD "
|
||
"<https://docs.openstack.org/horizon/latest/user/manage-images.html#upload-an-"
|
||
"image>`_ kecuali mereka telah menerapkan rencana untuk mencegah kelelahan "
|
||
"dan penolakan layanan."
|
||
|
||
msgid ""
|
||
"We recommend that only TLS 1.2 is used. Other versions such as TLS 1.0 and "
|
||
"1.1 are vulnerable to multiple attacks. TLS 1.0 should be disabled in your "
|
||
"environment. TLS 1.1 may be used for broad client compatibility, however "
|
||
"exercise caution when enabling this protocol. Only enable TLS version 1.1 if "
|
||
"there is a mandatory compatibility requirement and you are aware of the "
|
||
"risks involved. All versions of SSL, the predecessor to TLS, must not be "
|
||
"used due to multiple public vulnerabilities."
|
||
msgstr ""
|
||
"Sebaiknya hanya TLS 1.2 yang digunakan. Versi lain seperti TLS 1.0 dan 1.1 "
|
||
"rentan terhadap banyak serangan. TLS 1.0 harus dinonaktifkan di lingkungan "
|
||
"Anda. TLS 1.1 dapat digunakan untuk kompatibilitas klien yang luas, namun "
|
||
"berhati-hatilah saat mengaktifkan protokol ini. Hanya aktifkan TLS versi 1.1 "
|
||
"jika ada persyaratan kompatibilitas wajib dan Anda sadar akan risiko yang "
|
||
"terlibat. Semua versi SSL, pendahulu TLS, tidak boleh digunakan karena "
|
||
"banyak kerentanan publik."
|
||
|
||
msgid ""
|
||
"We recommend that the ``DEBUG`` setting is set to ``False`` in production "
|
||
"environments. If ``DEBUG`` is set to True, Django will display stack traces "
|
||
"and sensitive web server state information when exceptions are thrown."
|
||
msgstr ""
|
||
"Kami merekomendasikan agar pengaturan ``DEBUG``` disetel ke ``False`` di "
|
||
"lingkungan produksi. Jika ``DEBUG`` disetel ke True, Django akan menampilkan "
|
||
"jejak stack dan informasi server web sensitif saat pengecualian dilepas."
|
||
|
||
msgid ""
|
||
"We recommend that you configure the Object Storage service to run under a "
|
||
"non-root (UID 0) service account. One recommendation is the user name "
|
||
"``swift`` with the primary group ``swift``. Object Storage services include, "
|
||
"for example, ``proxy-server``, ``container-server``, ``account-server``. "
|
||
"Detailed steps for setup and configuration can be found in the `Add Object "
|
||
"Storage chapter <https://docs.openstack.org/project-install-guide/object-"
|
||
"storage/ocata/>`_ of the Installation Guide in the `OpenStack Documentation "
|
||
"index <https://docs.openstack.org>`_."
|
||
msgstr ""
|
||
"Sebaiknya konfigurasikan layanan Object Storage untuk berjalan di bawah akun "
|
||
"layanan non-root (UID 0). Satu rekomendasi adalah nama pengguna ``swift`` "
|
||
"dengan grup utama ``swift``. Layanan Object Storage meliputi, misalnya, "
|
||
"``proxy-server``, ``container-server``, ``account-server``. Langkah-langkah "
|
||
"rinci untuk setup dan konfigurasi dapat ditemukan di `Add Object Storage "
|
||
"chapter <https://docs.openstack.org/project-install-guide/object-storage/"
|
||
"ocata/>`_ dari Installation Guide di `OpenStack Documentation index <https://"
|
||
"docs.openstack.org>`_."
|
||
|
||
msgid ""
|
||
"We recommend that you use client authentication with TLS for the "
|
||
"authentication of services to the Identity service."
|
||
msgstr ""
|
||
"Sebaiknya gunakan otentikasi klien dengan TLS untuk otentikasi layanan ke "
|
||
"layanan Identitas."
|
||
|
||
msgid ""
|
||
"We recommend the use of memcached instead of local-memory cache because it "
|
||
"is fast, retains data for a longer duration, is multi-process safe and has "
|
||
"the ability to share cache over multiple servers, but still treats it as a "
|
||
"single cache."
|
||
msgstr ""
|
||
"Sebaiknya gunakan Memcached bukan cache memori lokal karena cepat, "
|
||
"mempertahankan data untuk durasi yang lebih lama, aman dalam proses multi-"
|
||
"proses dan memiliki kemampuan untuk berbagi cache melalui beberapa server, "
|
||
"namun tetap memperlakukannya sebagai cache tunggal."
|
||
|
||
msgid ""
|
||
"We recommend using SSL/TLS on both public networks and management networks "
|
||
"in :doc:`tls-proxies-and-http-services`. However, if actually deploying SSL/"
|
||
"TLS everywhere is too difficult, we recommend evaluating your OpenStack SSL/"
|
||
"TLS needs and following one of the architectures discussed here."
|
||
msgstr ""
|
||
"Sebaiknya gunakan SSL/TLS di jaringan publik ataupun jaringan manajemen di :"
|
||
"doc:`tls-proxies-and-http-services`. Namun, jika benar-benar menerapkan SSL/"
|
||
"TLS di mana saja terlalu sulit, sebaiknya Anda mengevaluasi kebutuhan "
|
||
"OpenStack SSL/TLS dan mengikuti salah satu arsitektur yang dibahas di sini."
|
||
|
||
msgid ""
|
||
"We recommend using a separate, isolated network within the management "
|
||
"security domain for provisioning. This network will handle all PXE traffic, "
|
||
"along with the subsequent boot stage downloads depicted above. Note that the "
|
||
"node boot process begins with two insecure operations: DHCP and TFTP. Then "
|
||
"the boot process uses TLS to download the remaining information required to "
|
||
"deploy the node. This may be an operating system installer, a basic install "
|
||
"managed by `Chef <https://www.chef.io/chef/>`__ or `Puppet <https://"
|
||
"puppetlabs.com/>`__, or even a complete file system image that is written "
|
||
"directly to disk."
|
||
msgstr ""
|
||
"Sebaiknya gunakan jaringan terpisah yang terisolasi dalam domain keamanan "
|
||
"manajemen untuk penyediaan. Jaringan ini akan menangani semua lalu lintas "
|
||
"PXE, bersamaan dengan unduhan tahap boot berikutnya yang digambarkan di "
|
||
"atas. Perhatikan bahwa proses boot node dimulai dengan dua operasi tidak "
|
||
"aman: DHCP dan TFTP. Kemudian proses booting menggunakan TLS untuk "
|
||
"mendownload sisa informasi yang dibutuhkan untuk menyebarkan node. Ini "
|
||
"mungkin sebuah installer sistem operasi, sebuah instalasi dasar yang "
|
||
"dikelola oleh `Chef <https://www.chef.io/chef/>`__ atau `Puppet <https://"
|
||
"puppetlabs.com/>`__, atau bahkan image sistem file lengkap yang ditulis "
|
||
"langsung ke disk."
|
||
|
||
msgid ""
|
||
"We recommend you disable filters that parse things that are provided by "
|
||
"users or are able to be manipulated such as metadata."
|
||
msgstr ""
|
||
"Sebaiknya Anda menonaktifkan filter yang mengurai hal-hal yang disediakan "
|
||
"oleh pengguna atau dapat dimanipulasi seperti metadata."
|
||
|
||
msgid ""
|
||
"We selected these security domains because they can be mapped independently "
|
||
"or combined to represent the majority of the possible areas of trust within "
|
||
"a given OpenStack deployment. For example, some deployment topologies may "
|
||
"consist of a combination of guest and data domains onto one physical network "
|
||
"while other topologies have these domains separated. In each case, the cloud "
|
||
"operator should be aware of the appropriate security concerns. Security "
|
||
"domains should be mapped out against your specific OpenStack deployment "
|
||
"topology. The domains and their trust requirements depend upon whether the "
|
||
"cloud instance is public, private, or hybrid."
|
||
msgstr ""
|
||
"Kami memilih domain keamanan ini karena dapat dipetakan secara independen "
|
||
"atau digabungkan untuk mewakili sebagian besar wilayah kepercayaan yang "
|
||
"mungkin ada dalam penerapan OpenStack yang diberikan. Misalnya, beberapa "
|
||
"topologi penerapan mungkin terdiri dari kombinasi domain tamu dan data ke "
|
||
"satu jaringan fisik sementara topologi lain memisahkan domain ini. Dalam "
|
||
"setiap kasus, operator awan harus menyadari masalah keamanan yang sesuai. "
|
||
"Domain keamanan harus dipetakan berdasarkan topologi penyebaran OpenStack "
|
||
"spesifik Anda. Domain dan persyaratan kepercayaan mereka bergantung pada "
|
||
"apakah instance awan bersifat publik, pribadi, atau hibrida."
|
||
|
||
msgid ""
|
||
"We strongly recommend deploying dashboard to a *second-level domain*, such "
|
||
"as ``https://example.com``, rather than deploying dashboard on a *shared "
|
||
"subdomain* of any level, for example ``https://openstack.example.org`` or "
|
||
"``https://horizon.openstack.example.org``. We also advise against deploying "
|
||
"to bare internal domains like ``https://horizon/``. These recommendations "
|
||
"are based on the limitations of browser same-origin-policy."
|
||
msgstr ""
|
||
"Kami sangat menyarankan untuk menerapkan dasbor ke *second-level domain*, "
|
||
"seperti ``https://example.com``, daripada menerapkan dasbor di *shared "
|
||
"subdomain* dari tingkat mana pun, misalnya ``https://openstack.example.org`` "
|
||
"atau ``https://horizon.openstack.example.org``. Kami juga menyarankan untuk "
|
||
"tidak menerapkan domain internal yang kosong seperti ``https://horizon/``. "
|
||
"Rekomendasi ini didasarkan pada keterbatasan browser same-origin-policy."
|
||
|
||
msgid "We strongly recommend:"
|
||
msgstr "Kami sangat menyarankan:"
|
||
|
||
msgid ""
|
||
"We suggest that cloud administrators use this table as a model to help "
|
||
"define which actions to take for the various security levels. For example, a "
|
||
"critical-level security update might require the cloud to be upgraded "
|
||
"quickly whereas a low-level update might take longer to be completed."
|
||
msgstr ""
|
||
"Kami menyarankan agar administrator awan menggunakan tabel ini sebagai model "
|
||
"untuk membantu menentukan tindakan mana yang harus dilakukan untuk berbagai "
|
||
"tingkat keamanan. Misalnya, pembaruan keamanan tingkat kritis mungkin "
|
||
"memerlukan awan untuk ditingkatkan dengan cepat sedangkan pembaruan tingkat "
|
||
"rendah mungkin memerlukan waktu lebih lama untuk diselesaikan."
|
||
|
||
msgid ""
|
||
"What about high availability or load balanced deployments that need to "
|
||
"inspect traffic? The previous deployment model (:ref:`secure-communication-"
|
||
"proxy-on-same-physical-hosts-as-api-endpoints`) would not allow for deep "
|
||
"packet inspection since the traffic is encrypted. If the traffic only needs "
|
||
"to be inspected for basic routing purposes, it might not be necessary for "
|
||
"the load balancer to have access to the unencrypted traffic. HAProxy has the "
|
||
"ability to extract the SSL/TLS session ID during the handshake, which can "
|
||
"then be used to achieve session affinity ( `session ID configuration details "
|
||
"here <http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-"
|
||
"session-id/>`_ ). HAProxy can also use the TLS Server Name Indication (SNI) "
|
||
"extension to determine where traffic should be routed to ( `SNI "
|
||
"configuration details here <http://blog.exceliance.fr/2012/04/13/enhanced-"
|
||
"ssl-load-balancing-with-server-name-indication-sni-tls-extension/>`_ ). "
|
||
"These features likely cover some of the most common load balancer needs. "
|
||
"HAProxy would be able to just pass the HTTPS traffic straight through to the "
|
||
"API endpoint systems in this case:"
|
||
msgstr ""
|
||
"Bagaimana dengan ketersediaan tinggi atau penerapan seimbang yang perlu "
|
||
"untuk memeriksa lalu lintas? Model penyebaran sebelumnya (:ref: `secure-"
|
||
"communication-proxy-on-same-physical-hosts-as-api-endpoints`) tidak akan "
|
||
"mengizinkan pemeriksaan paket dalam karena lalu lintas dienkripsi. Jika lalu "
|
||
"lintas hanya perlu diperiksa untuk keperluan perutean dasar, mungkin tidak "
|
||
"perlu penyeimbang beban untuk mendapatkan akses ke lalu lintas yang tidak "
|
||
"dienkripsi. HAProxy memiliki kemampuan untuk mengekstrakSSL/TLS session ID "
|
||
"selama handshake, yang kemudian dapat digunakan untuk mencapai afinitas "
|
||
"(`session ID configuration details here <http://blog.exceliance."
|
||
"fr/2011/07/04/maintain -affinity-based-on-ssl-session-id /> `_). HAProxy "
|
||
"juga dapat menggunakan ekstensi TLS Server Name Indication (SNI) untuk "
|
||
"menentukan lalu lintas yang harus diarahkan ke ( `SNI configuration details "
|
||
"here <http://blog.exceliance.fr/2012/04/13/enhanced-ssl-load- menyeimbangkan-"
|
||
"dengan-server-name-indication-sni-tls-extension /> `_). Fitur ini "
|
||
"kemungkinan mencakup beberapa penyeimbang beban yang paling umum. HAProxy "
|
||
"hanya bisa melewati lalu lintas HTTPS langsung ke sistem endpoint API dalam "
|
||
"kasus ini:"
|
||
|
||
msgid "What assets are at risk"
|
||
msgstr "Aset apa yang berisiko"
|
||
|
||
msgid "What if I don't want to use Barbican?"
|
||
msgstr "Bagaimana jika saya tidak ingin menggunakan Barbican?"
|
||
|
||
msgid ""
|
||
"What if you want cryptographic separation of your external and internal "
|
||
"environments? A public cloud provider would likely want their public facing "
|
||
"services (or proxies) to use certificates that are issued by a CA that "
|
||
"chains up to a trusted Root CA that is distributed in popular web browser "
|
||
"software for SSL/TLS. For the internal services, one might want to instead "
|
||
"use their own PKI to issue certificates for SSL/TLS. This cryptographic "
|
||
"separation can be accomplished by terminating SSL at the network boundary, "
|
||
"then re-encrypting using the internally issued certificates. The traffic "
|
||
"will be unencrypted for a brief period on the public facing SSL/TLS proxy, "
|
||
"but it will never be transmitted over the network in the clear. The same re-"
|
||
"encryption approach that is used to achieve cryptographic separation can "
|
||
"also be used if deep packet inspection is really needed on a load balancer. "
|
||
"Here is what this deployment model would look like:"
|
||
msgstr ""
|
||
"Bagaimana jika Anda ingin pemisahan kriptografi lingkungan eksternal dan "
|
||
"internal Anda? Penyedia awan publik mungkin menginginkan agar publik mereka "
|
||
"menghadapi layanan (atau proxy) untuk menggunakan sertifikat yang "
|
||
"dikeluarkan oleh CA yang mengarah ke Root CA tepercaya yang didistribusikan "
|
||
"di perangkat lunak browser web populer untuk SSL/TLS. Untuk layanan "
|
||
"internal, orang mungkin ingin menggunakan PKI mereka sendiri untuk "
|
||
"menerbitkan sertifikat SSL/TLS. Pemisahan kriptografi ini dapat dilakukan "
|
||
"dengan menghentikan SSL pada batas jaringan, kemudian mengenkripsi ulang "
|
||
"menggunakan sertifikat yang dikeluarkan secara internal. Lalu lintas tidak "
|
||
"akan dienkripsi untuk periode singkat di hadapan publik yang menghadap proxy "
|
||
"SSL/TLS, namun tidak akan pernah ditransmisikan melalui jaringan secara "
|
||
"jelas. Pendekatan enkripsi ulang yang sama yang digunakan untuk mencapai "
|
||
"pemisahan kriptografi juga dapat digunakan jika inspeksi paket dalam benar-"
|
||
"benar dibutuhkan pada penyeimbang beban. Inilah model penggelaran ini yang "
|
||
"akan terlihat:"
|
||
|
||
msgid "What is measured"
|
||
msgstr "What is measured"
|
||
|
||
msgid "What is the recommended way to securely store secrets in OpenStack?"
|
||
msgstr ""
|
||
"Apa cara yang disarankan untuk menyimpan rahasia di OpenStack secara aman?"
|
||
|
||
msgid ""
|
||
"When a share is just created there are no default access rules associated "
|
||
"with it and permission to mount it. This could be seen in mounting config "
|
||
"for export protocol in use. For example, there is an NFS command "
|
||
"``exportfs`` or ``/etc/exports`` file on the storage which controls each "
|
||
"remote share and defines hosts that can access it. It is empty if nobody can "
|
||
"mount a share. For a remote CIFS server there is ``net conf list`` command "
|
||
"which shows the configuration. ``hosts deny`` parameter should be set by the "
|
||
"share driver to ``0.0.0.0/0`` which means that any host is denied to mount "
|
||
"the share."
|
||
msgstr ""
|
||
"Saat share dibuat, tidak ada aturan akses default yang terkait dengannya dan "
|
||
"izin untuk mounting. Ini bisa dilihat pada konfigurasi mounting untuk "
|
||
"protokol ekspor yang digunakan. Misalnya, ada file perintah NFS ``exportfs`` "
|
||
"atau ``/etc/exports`` pada penyimpanan yang mengontrol setiap remote share "
|
||
"dan mendefinisikan host yang dapat mengaksesnya. Ini kosong jika tidak ada "
|
||
"yang bisa me-mount share. Untuk server CIFS remote terdapat perintah ``net "
|
||
"conf list`` yang menunjukkan konfigurasi. Parameter ``hosts deny`` harus "
|
||
"ditetapkan oleh share driver ke ``0.0.0.0/0`` yang berarti bahwa setiap host "
|
||
"ditolak untuk me-mount share."
|
||
|
||
msgid ""
|
||
"When addressing compliance, you can increase efficiency and reduce work "
|
||
"effort by identifying common areas and criteria that apply across multiple "
|
||
"certifications. Much of the audit principles and guidelines discussed in "
|
||
"this book will assist in identifying these controls, additionally a number "
|
||
"of external entities provide comprehensive lists. The following are some "
|
||
"examples:"
|
||
msgstr ""
|
||
"Saat menangani kepatuhan, Anda dapat meningkatkan efisiensi dan mengurangi "
|
||
"upaya kerja dengan mengidentifikasi area umum dan kriteria yang berlaku di "
|
||
"beberapa sertifikasi. Sebagian besar prinsip dan pedoman audit yang dibahas "
|
||
"dalam buku ini akan membantu mengidentifikasi kontrol ini, dan tambahan "
|
||
"sejumlah entitas eksternal menyediakan daftar komprehensif. Berikut adalah "
|
||
"beberapa contohnya:"
|
||
|
||
msgid ""
|
||
"When auditing an OpenStack cloud it is important to appreciate the multi-"
|
||
"tenant environment inherent in the OpenStack architecture. Some critical "
|
||
"areas for concern include data disposal, hypervisor security, node "
|
||
"hardening, and authentication mechanisms."
|
||
msgstr ""
|
||
"Saat mengaudit awan OpenStack, penting untuk menghargai lingkungan multi-"
|
||
"tenant yang melekat dalam arsitektur OpenStack. Beberapa area penting yang "
|
||
"perlu diperhatikan meliputi pembuangan data, keamanan hypervisor, pengerasan "
|
||
"simpul (node hardening), dan mekanisme otentikasi."
|
||
|
||
msgid ""
|
||
"When building an OpenStack cloud it is strongly recommended to approach your "
|
||
"design and implementation with a configuration management tool or framework "
|
||
"in mind. Configuration management allows you to avoid the many pitfalls "
|
||
"inherent in building, managing, and maintaining an infrastructure as complex "
|
||
"as OpenStack. By producing the manifests, cookbooks, or templates required "
|
||
"for a configuration management utility, you are able to satisfy a number of "
|
||
"documentation and regulatory reporting requirements. Further, configuration "
|
||
"management can also function as part of your business continuity plan (BCP) "
|
||
"and data recovery (DR) plans wherein you can rebuild a node or service back "
|
||
"to a known state in a DR event or given a compromise."
|
||
msgstr ""
|
||
"Saat membangun awan OpenStack, sangat disarankan untuk mendekati desain dan "
|
||
"implementasi Anda dengan alat manajemen konfigurasi atau kerangka kerja. "
|
||
"Manajemen konfigurasi memungkinkan Anda menghindari banyak jebakan yang "
|
||
"melekat dalam membangun, mengelola, dan memelihara infrastruktur sekompleks "
|
||
"OpenStack. Dengan memproduksi manifes, buku masak, atau templat yang "
|
||
"diperlukan untuk utilitas pengelolaan konfigurasi, Anda dapat memenuhi "
|
||
"sejumlah persyaratan pelaporan dokumentasi dan peraturan. Selanjutnya, "
|
||
"manajemen konfigurasi juga dapat berfungsi sebagai bagian dari business "
|
||
"continuity plan (BCP) dan perencanaan data recovery (DR) Anda di mana Anda "
|
||
"dapat membangun kembali node atau layanan mundur (service back) ke keadaan "
|
||
"yang sudah diketahui dalam kejadian DR atau bahaya yang ada."
|
||
|
||
msgid ""
|
||
"When creating custom topologies for network access it can be necessary to "
|
||
"allow non-root users the ability to run the proxy commands. For these "
|
||
"situations the oslo rootwrap package is used to provide a facility for non-"
|
||
"root users to run privileged commands. This configuration requires the user "
|
||
"associated with the data processing controller application to be in the "
|
||
"sudoers list and for the option to be enabled in the configuration file. "
|
||
"Optionally, an alternative rootwrap command can be provided."
|
||
msgstr ""
|
||
"Saat membuat topologi kustom untuk akses jaringan, diperlukan kemampuan "
|
||
"pengguna non-root untuk menjalankan perintah proxy. Untuk situasi ini, paket "
|
||
"rootwrap oslo digunakan untuk menyediakan fasilitas bagi pengguna non-root "
|
||
"untuk menjalankan privileged commands. Konfigurasi ini memerlukan pengguna "
|
||
"yang terkait dengan aplikasi pengontrol pengolah data agar berada dalam "
|
||
"daftar sudoers dan untuk opsi yang akan diaktifkan pada file konfigurasi. "
|
||
"Secara opsional, sebuah perintah rootwrap alternatif dapat diberikan."
|
||
|
||
msgid ""
|
||
"When enabling the operating system, OpenStack Volume Encryption performance "
|
||
"can be enhanced by using the hardware acceleration features currently "
|
||
"available in both Intel and AMD processors. Both the OpenStack Volume "
|
||
"Encryption feature and the OpenStack Ephemeral Disk Encryption feature use "
|
||
"``dm-crypt`` to secure volume data. ``dm-crypt`` is a transparent disk "
|
||
"encryption capability in Linux kernel versions 2.6 and later. When the "
|
||
"Volume Encryption is enabled, encrypted data is sent over iSCSI to Block "
|
||
"Storage, securing data in transit and data at rest simultaneously. When "
|
||
"using hardware acceleration, the performance impact of both of the "
|
||
"encryption features is minimized."
|
||
msgstr ""
|
||
"Saat mengaktifkan sistem operasi, kinerja OpenStack Volume Encryption dapat "
|
||
"ditingkatkan dengan menggunakan fitur akselerasi perangkat keras yang saat "
|
||
"ini tersedia di prosesor Intel dan AMD. Baik fitur OpenStack Volume "
|
||
"Encryption dan fitur OpenStack Ephemeral Disk Encryption menggunakan ``dm-"
|
||
"crypt`` untuk mengamankan data volume. ``dm-crypt`` adalah kemampuan "
|
||
"enkripsi disk transparan di kernel Linux versi 2.6 dan yang lebih baru. "
|
||
"Ketika Volume Encryption diaktifkan, data terenkripsi dikirim melalui iSCSI "
|
||
"ke Block Storage, mengamankan data dalam transit dan data saat istirahat "
|
||
"bersamaan. Saat menggunakan akselerasi perangkat keras, dampak kinerja kedua "
|
||
"fitur enkripsi diminimalkan."
|
||
|
||
msgid ""
|
||
"When evaluating base hypervisor technologies, consider if the hypervisor has "
|
||
"been certified against FIPS 140-2. Not only is conformance against FIPS "
|
||
"140-2 mandated per U.S. Government policy, formal certification indicates "
|
||
"that a given implementation of a cryptographic algorithm has been reviewed "
|
||
"for conformance against module specification, cryptographic module ports and "
|
||
"interfaces; roles, services, and authentication; finite state model; "
|
||
"physical security; operational environment; cryptographic key management; "
|
||
"electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-"
|
||
"tests; design assurance; and mitigation of other attacks."
|
||
msgstr ""
|
||
"Saat mengevaluasi teknologi hypervisor dasar, pertimbangkan apakah "
|
||
"hypervisor telah disertifikasi dengan FIPS 140-2. Tidak hanya kesesuaian "
|
||
"dengan FIPS 140-2 yang dimandatkan per kebijakan Pemerintah A.S., "
|
||
"sertifikasi formal menunjukkan bahwa penerapan algoritma kriptografi "
|
||
"tertentu telah ditinjau untuk kesesuaian terhadap spesifikasi modul, port "
|
||
"modul kriptografi dan antarmuka; peran, layanan, dan otentikasi; finite "
|
||
"state model; keamanan fisik; lingkungan operasional; cryptographic key "
|
||
"management; electromagnetic interference/electromagnetic compatibility "
|
||
"(EMI / EMC); self-tests; jaminan desain; dan mitigasi serangan lainnya."
|
||
|
||
msgid ""
|
||
"When implementing OpenStack, one of the core decisions is which hypervisor "
|
||
"to utilize. We recommend being informed of advisories pertaining to the "
|
||
"hypervisor(s) you have chosen. Several common hypervisor security lists are "
|
||
"below:"
|
||
msgstr ""
|
||
"Saat mengimplementasikan OpenStack, salah satu keputusan utamanya adalah "
|
||
"hypervisor mana yang akan digunakan. Kami merekomendasikan untuk diberitahu "
|
||
"tentang nasihat yang berkaitan dengan hypervisor yang telah Anda pilih. "
|
||
"Beberapa daftar keamanan hypervisor yang umum ada di bawah ini:"
|
||
|
||
msgid ""
|
||
"When installing the certificate and key files, ensure that the file "
|
||
"permissions are restricted, for example ``chmod 0600``, and the ownership is "
|
||
"restricted to the database daemon user to prevent unauthorized access by "
|
||
"other processes and users on the database server."
|
||
msgstr ""
|
||
"Saat menginstal sertifikat dan file kunci, pastikan hak akses file dibatasi, "
|
||
"misalnya ``chmod 0600``, dan kepemilikannya dibatasi pada pengguna daemon "
|
||
"database untuk mencegah akses yang tidak sah oleh proses dan pengguna lain "
|
||
"di server database."
|
||
|
||
msgid ""
|
||
"When provisioning clusters each instance will be given an IP address in the "
|
||
"networks provided by the user. The first network is often referred to as the "
|
||
"data processing management network and instances can use the fixed IP "
|
||
"address assigned by the Networking service for this network. The controller "
|
||
"can also be configured to use floating IP addresses for the instances in "
|
||
"addition to their fixed address. When communicating with the instances the "
|
||
"controller will prefer the floating address if enabled."
|
||
msgstr ""
|
||
"Saat menentukan cluster masing-masing instance akan diberi alamat IP di "
|
||
"jaringan yang disediakan oleh pengguna. Jaringan pertama sering disebut "
|
||
"sebagai jaringan manajemen pengolahan data dan instance dapat menggunakan "
|
||
"alamat IP tetap yang ditetapkan oleh layanan Networking untuk jaringan ini. "
|
||
"Kontroler juga dapat dikonfigurasi untuk menggunakan alamat IP mengambang "
|
||
"untuk instance di samping alamat tetap mereka. Saat berkomunikasi dengan "
|
||
"instance, controller akan lebih memilih alamat mengambang jika diaktifkan."
|
||
|
||
msgid ""
|
||
"When running a virtual machine, virtual hardware is a software layer that "
|
||
"provides the hardware interface for the virtual machine. Instances use this "
|
||
"functionality to provide network, storage, video, and other devices that may "
|
||
"be needed. With this in mind, most instances in your environment will "
|
||
"exclusively use virtual hardware, with a minority that will require direct "
|
||
"hardware access. The major open source hypervisors use :term:`QEMU <Quick "
|
||
"EMUlator (QEMU)>` for this functionality. While QEMU fills an important need "
|
||
"for virtualization platforms, it has proven to be a very challenging "
|
||
"software project to write and maintain. Much of the functionality in QEMU is "
|
||
"implemented with low-level code that is difficult for most developers to "
|
||
"comprehend. The hardware virtualized by QEMU includes many legacy devices "
|
||
"that have their own set of quirks. Putting all of this together, QEMU has "
|
||
"been the source of many security problems, including hypervisor breakout "
|
||
"attacks."
|
||
msgstr ""
|
||
"Saat menjalankan mesin virtual, perangkat keras virtual adalah lapisan "
|
||
"perangkat lunak yang menyediakan antarmuka perangkat keras untuk mesin "
|
||
"virtual. Instance menggunakan fungsi ini untuk menyediakan jaringan, "
|
||
"penyimpanan, video, dan perangkat lain yang mungkin diperlukan. Dengan "
|
||
"pemikiran ini, sebagian besar Instance di lingkungan Anda secara eksklusif "
|
||
"akan menggunakan perangkat keras virtual, dengan minoritas yang memerlukan "
|
||
"akses perangkat keras langsung. Penggunaan hypervisor utama open source :"
|
||
"term: `QEMU <Quick EMUlator (QEMU)>` untuk fungsi ini. Sementara QEMU "
|
||
"memenuhi kebutuhan penting akan platform virtualisasi, namun terbukti "
|
||
"menjadi proyek perangkat lunak yang sangat menantang untuk ditulis dan "
|
||
"dipelihara. Sebagian besar fungsi di QEMU diimplementasikan dengan kode "
|
||
"tingkat rendah yang sulit dipahami oleh sebagian besar pengembang. Perangkat "
|
||
"keras yang di virtualisasi oleh QEMU mencakup banyak perangkat lawas yang "
|
||
"memiliki kebiasaan mereka sendiri. Menempatkan semua ini bersama-sama, QEMU "
|
||
"telah menjadi sumber banyak masalah keamanan, termasuk serangan pembobolan "
|
||
"hypervisor."
|
||
|
||
msgid ""
|
||
"When scoping OpenStack deployments for compliance purposes, prioritize "
|
||
"controls around sensitive services, such as command and control functions "
|
||
"and the base virtualization technology. Compromises of these facilities may "
|
||
"impact an OpenStack environment in its entirety."
|
||
msgstr ""
|
||
"Saat menentukan lingkup penerapan OpenStack untuk tujuan kepatuhan, "
|
||
"memprioritaskan kontrol di sekitar layanan sensitif, seperti fungsi perintah "
|
||
"dan kontrol dan teknologi virtualisasi dasar. Kompromi fasilitas ini dapat "
|
||
"mempengaruhi lingkungan OpenStack secara keseluruhan."
|
||
|
||
msgid ""
|
||
"When using :term:`Nginx`, we recommend `gunicorn <http://docs.gunicorn.org/"
|
||
"en/latest/deploy.html>`_ as the WSGI host with an appropriate number of "
|
||
"synchronous workers. When using Apache, we recommend ``mod_wsgi`` to host "
|
||
"the dashboard."
|
||
msgstr ""
|
||
"Ketika menggunakan :term:`Nginx`, we recommend `gunicorn <http://docs."
|
||
"gunicorn.org/en/latest/deploy.html>`_ sebagai WSGI host dengan jumlah "
|
||
"pekerja sinkron yang sesuai. Bila menggunakan Apache, sebaiknya ``mod_wsgi`` "
|
||
"untuk meng-host dasbor."
|
||
|
||
msgid ""
|
||
"When using LVM backed ephemeral storage, which is block-based, it is "
|
||
"necessary that the OpenStack Compute software securely erases blocks to "
|
||
"prevent information disclosure. There have in the past been information "
|
||
"disclosure vulnerabilities related to improperly erased ephemeral block "
|
||
"storage devices."
|
||
msgstr ""
|
||
"Bila menggunakan penyimpanan sementara yang didukung LVM, yang berbasis "
|
||
"blok, perlu perangkat lunak OpenStack Compute menghapus blokir dengan aman "
|
||
"untuk mencegah pengungkapan informasi. Sebelumnya ada kerentanan "
|
||
"pengungkapan informasi terkait dengan perangkat penyimpan blok sementara "
|
||
"yang terhapus secara tidak benar."
|
||
|
||
msgid ""
|
||
"When using ZeroMQ messaging, each host must run at least one ZeroMQ message "
|
||
"receiver to receive messages from the network and forward messages to local "
|
||
"processes through IPC. It is possible and advisable to run an independent "
|
||
"message receiver per project within an IPC namespace, along with other "
|
||
"services within the same project."
|
||
msgstr ""
|
||
"Saat menggunakan pesan ZeroMQ, setiap host harus menjalankan setidaknya satu "
|
||
"penerima pesan ZeroMQ untuk menerima pesan dari jaringan dan meneruskan "
|
||
"pesan ke proses lokal melalui IPC. Adalah mungkin dan disarankan untuk "
|
||
"menjalankan penerima pesan independen per proyek dalam ruang nama IPC, "
|
||
"bersama dengan layanan lainnya dalam proyek yang sama."
|
||
|
||
msgid ""
|
||
"When using ZeroMQ messaging, each project should run a separate ZeroMQ "
|
||
"receiver process on a port dedicated to services belonging to that project. "
|
||
"This is equivalent to the AMQP concept of control exchanges."
|
||
msgstr ""
|
||
"Saat menggunakan pesan ZeroMQ, setiap proyek harus menjalankan proses "
|
||
"penerima ZeroMQ terpisah di port yang didedikasikan untuk layanan yang "
|
||
"termasuk dalam proyek itu. Ini setara dengan konsep AMQP tentang pertukaran "
|
||
"kontrol."
|
||
|
||
msgid ""
|
||
"When using flat networking, you cannot assume that projects which share the "
|
||
"same layer 2 network (or broadcast domain) are fully isolated from each "
|
||
"other. These projects may be vulnerable to ARP spoofing, risking the "
|
||
"possibility of man-in-the-middle attacks."
|
||
msgstr ""
|
||
"Saat menggunakan jaringan flat (datar), Anda tidak dapat mengasumsikan bahwa "
|
||
"proyek yang berbagi layer 2 network yang sama (atau broadcast domain) "
|
||
"sepenuhnya terisolasi satu sama lain. Proyek ini mungkin rentan terhadap "
|
||
"spoofing ARP, mempertaruhkan kemungkinan serangan man-in-the-middle."
|
||
|
||
msgid ""
|
||
"When using the Networking service, we recommend that you enable security "
|
||
"groups in this service and disable it in the Compute service."
|
||
msgstr ""
|
||
"Saat menggunakan layanan Networking, sebaiknya Anda mengaktifkan grup "
|
||
"keamanan di layanan ini dan menonaktifkannya di layanan Compute."
|
||
|
||
msgid ""
|
||
"When using the Object Storage service in conjunction with data processing it "
|
||
"is necessary to add credentials for the store access. With proxy domains the "
|
||
"Data processing service can instead use a delegated trust from the Identity "
|
||
"service to allow store access via a temporary user created in the domain. "
|
||
"For this delegation mechanism to work the Data processing service must be "
|
||
"configured to use proxy domains and the operator must configure an identity "
|
||
"domain for the proxy users."
|
||
msgstr ""
|
||
"Saat menggunakan layanan Object Storage bersamaan dengan pemrosesan data, "
|
||
"perlu menambahkan kredensial untuk akses store. Dengan domain proxy, layanan "
|
||
"pemrosesan Data dapat menggunakan kepercayaan yang didelegasikan dari "
|
||
"layanan Identitas untuk memungkinkan akses store melalui pengguna sementara "
|
||
"yang dibuat di domain. Untuk mekanisme pendelegasian ini bekerja layanan, "
|
||
"pengolah data harus dikonfigurasi menggunakan domain proxy dan operator "
|
||
"harus mengkonfigurasi domain identitas untuk pengguna proxy."
|
||
|
||
msgid ""
|
||
"When using the OpenStack Compute API to modify security groups, the updated "
|
||
"security group applies to all virtual interface ports on an instance. This "
|
||
"is due to the OpenStack Compute security group APIs being instance-based "
|
||
"rather than port-based, as found in OpenStack Networking."
|
||
msgstr ""
|
||
"Saat menggunakan OpenStack Compute API untuk memodifikasi grup keamanan, "
|
||
"grup keamanan yang diperbarui berlaku untuk semua port antarmuka virtual "
|
||
"pada sebuah instance. Hal ini disebabkan API grup keamanan OpenStack Compute "
|
||
"yang berbasis instance daripada berbasis port, seperti yang ditemukan di "
|
||
"OpenStack Networking."
|
||
|
||
msgid ""
|
||
"When you are using TLS 1.2 and control both the clients and the server, the "
|
||
"cipher suite should be limited to ``ECDHE-ECDSA-AES256-GCM-SHA384``. In "
|
||
"circumstances where you do not control both endpoints and are using TLS 1.1 "
|
||
"or 1.2 the more general ``HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!"
|
||
"CAMELLIA`` is a reasonable cipher selection."
|
||
msgstr ""
|
||
"Bila Anda menggunakan TLS 1.2 dan mengendalikan klien dan server, suite "
|
||
"cipher harus dibatasi pada ``ECDHE-ECDSA-AES256-GCM-SHA384``. Dalam keadaan "
|
||
"di mana Anda tidak mengendalikan kedua endpoint dan menggunakan TLS 1.1 atau "
|
||
"1.2, ``HIGH:!aNULL:!eNULL:!DES:!3DES:!SSLv3:!TLSv1:!CAMELLIA`` yang lebih "
|
||
"umm adalah pilihan cipher yang masuk akal. ."
|
||
|
||
msgid ""
|
||
"When you evaluate a hypervisor platform, consider the supportability of the "
|
||
"hardware on which the hypervisor will run. Additionally, consider the "
|
||
"additional features available in the hardware and how those features are "
|
||
"supported by the hypervisor you chose as part of the OpenStack deployment. "
|
||
"To that end, hypervisors each have their own hardware compatibility lists "
|
||
"(HCLs). When selecting compatible hardware it is important to know in "
|
||
"advance which hardware-based virtualization technologies are important from "
|
||
"a security perspective."
|
||
msgstr ""
|
||
"Saat Anda mengevaluasi platform hypervisor, pertimbangkan dukungan perangkat "
|
||
"keras yang digunakan hypervisor. Selain itu, pertimbangkan fitur tambahan "
|
||
"yang tersedia di perangkat keras dan bagaimana fitur tersebut didukung oleh "
|
||
"hypervisor yang Anda pilih sebagai bagian dari pengerahan OpenStack. Untuk "
|
||
"itu, hypervisors masing-masing memiliki hardware compatibility lists (HCLs) "
|
||
"mereka sendiri. Saat memilih perangkat keras yang kompatibel, penting untuk "
|
||
"mengetahui terlebih dahulu teknologi virtualisasi hardware-based menjadi "
|
||
"penting dari perspektif keamanan."
|
||
|
||
msgid ""
|
||
"When you use a user name and password to authenticate, Identity does not "
|
||
"enforce policies on password strength, expiration, or failed authentication "
|
||
"attempts as recommended by NIST Special Publication 800-118 (draft). "
|
||
"Organizations that desire to enforce stronger password policies should "
|
||
"consider using Identity extensions or external authentication services."
|
||
msgstr ""
|
||
"Bila Anda menggunakan nama pengguna dan kata sandi untuk diautentikasi, "
|
||
"Identitas tidak memberlakukan kebijakan tentang kekuatan kata sandi, "
|
||
"kedaluwarsa, atau upaya otentikasi yang gagal seperti yang direkomendasikan "
|
||
"oleh NIST Special Publication 800-118 (draf). Organisasi yang ingin "
|
||
"menerapkan kebijakan kata sandi yang lebih kuat harus mempertimbangkan untuk "
|
||
"menggunakan ekstensi Identitas atau layanan otentikasi eksternal."
|
||
|
||
msgid ""
|
||
"Whenever a policy or configuration management is changed, it is good "
|
||
"practice to log the activity, and backup a copy of the new set. Often, such "
|
||
"policies and configurations are stored in a version controlled repository "
|
||
"such as Git."
|
||
msgstr ""
|
||
"Kapan pun kebijakan atau manajemen konfigurasi diubah, ada baiknya melakukan "
|
||
"log aktivitas, dan membuat cadangan salinan dari kumpulan yang baru. "
|
||
"Seringkali, kebijakan dan konfigurasi seperti itu disimpan dalam repositori "
|
||
"yang dikendalikan oleh versi seperti Git."
|
||
|
||
msgid ""
|
||
"Whenever an API call to the Shared File Systems service is made, the policy "
|
||
"engine uses the appropriate policy definitions to determine if the call can "
|
||
"be accepted."
|
||
msgstr ""
|
||
"Setiap kali API memanggil layanan Shared File Systems, mesin kebijakan "
|
||
"menggunakan definisi kebijakan yang tepat untuk menentukan apakah panggilan "
|
||
"tersebut dapat diterima."
|
||
|
||
msgid ""
|
||
"Where a rule may specify access to only admin users and users belonging to "
|
||
"the tenant, the mapping may be trivial. In other scenarios the cloud "
|
||
"administrator may need to approve the mapping routines per tenant."
|
||
msgstr ""
|
||
"Bila suatu aturan menentukan akses hanya kepada pengguna admin dan pengguna "
|
||
"milik tenant, pemetaan mungkin sepele. Dalam skenario lain, administrator "
|
||
"awan mungkin perlu menyetujui rutinitas pemetaan per tenant."
|
||
|
||
msgid "Where data is persisted"
|
||
msgstr "Dimana data terus berlanjut"
|
||
|
||
msgid ""
|
||
"Where the end entity certificates and certificate revocation lists are "
|
||
"stored and looked up - sometimes referred to as the *certificate bundle*."
|
||
msgstr ""
|
||
"Dimana sertifikat entitas akhir dan daftar pencabutan sertifikat disimpan "
|
||
"dan diperbaiki (looked up) - kadang-kadang disebut sebagai *certificate "
|
||
"bundle*."
|
||
|
||
msgid ""
|
||
"Whether OpenStack is deployed within private data centers or as a public "
|
||
"cloud service, the underlying virtualization technology provides enterprise-"
|
||
"level capabilities in the realms of scalability, resource efficiency, and "
|
||
"uptime. While such high-level benefits are generally available across many "
|
||
"OpenStack-supported hypervisor technologies, there are significant "
|
||
"differences in the security architecture and features for each hypervisor, "
|
||
"particularly when considering the security threat vectors which are unique "
|
||
"to elastic OpenStack environments. As applications consolidate into single :"
|
||
"term:`Infrastructure-as-a-Service (IaaS)` platforms, instance isolation at "
|
||
"the hypervisor level becomes paramount. The requirement for secure isolation "
|
||
"holds true across commercial, government, and military communities."
|
||
msgstr ""
|
||
"Apakah OpenStack ditempatkan di dalam pusat data pribadi atau sebagai "
|
||
"layanan awan publik, teknologi virtualisasi yang mendasarinya memberikan "
|
||
"kemampuan tingkat perusahaan di ranah skalabilitas, efisiensi sumber daya, "
|
||
"dan waktu operasional. Meskipun manfaat tingkat tinggi seperti itu umumnya "
|
||
"tersedia di banyak teknologi hypervisor yang didukung OpenStack, ada "
|
||
"perbedaan signifikan dalam arsitektur keamanan dan fitur untuk setiap "
|
||
"hypervisor, terutama saat mempertimbangkan vektor ancaman keamanan yang unik "
|
||
"untuk lingkungan OpenStack elastis. Sebagai aplikasi mengkonsolidasikan "
|
||
"menjadi single platform :term: `Infrastructure-as-a-Service (IaaS)`, isolasi "
|
||
"instance pada tingkat hypervisor menjadi yang terpenting. Persyaratan untuk "
|
||
"isolasi yang aman berlaku di komunitas komersial, pemerintah, dan militer."
|
||
|
||
msgid ""
|
||
"While OpenStack has a bare metal project, a discussion of the particular "
|
||
"security implications of running bare metal is beyond the scope of this book."
|
||
msgstr ""
|
||
"Sementara OpenStack memiliki proyek bare metal, sebuah diskusi tentang "
|
||
"implikasi keamanan tertentu dari menjalankan bare metal berada di luar "
|
||
"cakupan buku ini."
|
||
|
||
msgid ""
|
||
"While creating a security service, you can select one of these "
|
||
"authentication services:"
|
||
msgstr ""
|
||
"Saat membuat layanan keamanan, Anda dapat memilih salah satu dari layanan "
|
||
"otentikasi ini:"
|
||
|
||
msgid ""
|
||
"While in operation, the kernel software and data are protected by the "
|
||
"hardware memory protection mechanisms. The memory and process management "
|
||
"components of the kernel ensure a user process cannot access kernel storage "
|
||
"or storage belonging to other processes. Non-kernel TSF software and data "
|
||
"are protected by DAC and process isolation mechanisms. In the evaluated "
|
||
"configuration, the reserved user ID root owns the directories and files that "
|
||
"define the TSF configuration. In general, files and directories containing "
|
||
"internal TSF data, such as configuration files and batch job queues, are "
|
||
"also protected from reading by DAC permissions. The system and the hardware "
|
||
"and firmware components are required to be physically protected from "
|
||
"unauthorized access. The system kernel mediates all access to the hardware "
|
||
"mechanisms themselves, other than program visible CPU instruction functions. "
|
||
"In addition, mechanisms for protection against stack overflow attacks are "
|
||
"provided."
|
||
msgstr ""
|
||
"Saat beroperasi, perangkat lunak dan data kernel dilindungi oleh mekanisme "
|
||
"proteksi memori perangkat keras. Komponen manajemen memori dan proses dari "
|
||
"kernel memastikan proses pengguna tidak dapat mengakses penyimpanan atau "
|
||
"penyimpanan kernel yang termasuk dalam proses lainnya. Perangkat lunak dan "
|
||
"data non-kernel TSF dilindungi oleh DAC dan mekanisme isolasi proses. Dalam "
|
||
"konfigurasi yang dievaluasi, reserved user ID root memiliki direktori dan "
|
||
"file yang menentukan konfigurasi TSF. Secara umum, file dan direktori yang "
|
||
"berisi data TSF internal, seperti file konfigurasi dan batch job queues, "
|
||
"juga dilindungi dari pembacaan oleh izin DAC. Sistem dan komponen perangkat "
|
||
"keras dan firmware diharuskan dilindungi secara fisik dari akses yang tidak "
|
||
"sah. Kernel sistem memediasi semua akses ke mekanisme perangkat keras itu "
|
||
"sendiri, selain fungsi instruksi CPU yang terlihat. Selain itu, mekanisme "
|
||
"perlindungan terhadap serangan stack overflow disediakan."
|
||
|
||
msgid ""
|
||
"While many hypervisor vendors, such as Red Hat, Microsoft, and VMware have "
|
||
"achieved Common Criteria Certification their underlying certified feature "
|
||
"set differs, we recommend evaluating vendor claims to ensure they minimally "
|
||
"satisfy the following requirements:"
|
||
msgstr ""
|
||
"Sementara banyak vendor hypervisor, seperti Red Hat, Microsoft, dan VMware "
|
||
"telah mencapai Common Criteria Certification, rangkaian penilaian "
|
||
"tersertifikasi yang mendasarinya berbeda, kami merekomendasikan untuk "
|
||
"mengevaluasi klaim vendor untuk memastikan mereka memenuhi persyaratan "
|
||
"sebagai berikut:"
|
||
|
||
msgid ""
|
||
"While utilizing TLS during the PXE boot process is somewhat more "
|
||
"challenging, common PXE firmware projects, such as iPXE, provide this "
|
||
"support. Typically this involves building the PXE firmware with knowledge of "
|
||
"the allowed TLS certificate chain(s) so that it can properly validate the "
|
||
"server certificate. This raises the bar for an attacker by limiting the "
|
||
"number of insecure, plain text network operations."
|
||
msgstr ""
|
||
"Saat menggunakan TLS selama proses boot PXE agak lebih menantang, proyek "
|
||
"firmware PXE yang umum, seperti iPXE, memberikan dukungan ini. Biasanya ini "
|
||
"melibatkan pembuatan firmware PXE dengan pengetahuan tentang rantai "
|
||
"sertifikat TLS yang diizinkan sehingga dapat memvalidasi sertifikat server "
|
||
"dengan benar. Ini memunculkan halangan untuk penyerang dengan membatasi "
|
||
"jumlah operasi jaringan teks biasa yang tidak aman."
|
||
|
||
msgid ""
|
||
"Whilst this chapter is currently sparse on specific guidance, it is expected "
|
||
"that standard hardening practices will be followed. This section will be "
|
||
"expanded with relevant information."
|
||
msgstr ""
|
||
"Sementara bab ini saat ini jarang dilakukan pada panduan spesifik, "
|
||
"diharapkan praktik pengerasan standar akan diikuti. Bagian ini akan "
|
||
"diperluas dengan informasi yang relevan."
|
||
|
||
msgid "Why and how we wrote this book"
|
||
msgstr "Mengapa dan bagaimana kita menulis buku ini"
|
||
|
||
msgid "Why should I use Barbican?"
|
||
msgstr "Mengapa saya harus menggunakan Barbican?"
|
||
|
||
msgid "Why use Federated Identity?"
|
||
msgstr "Mengapa menggunakanFederated Identity?"
|
||
|
||
msgid ""
|
||
"With :ref:`check_image_01`, and permissions set to 640, root has read/write "
|
||
"access and glance has read access to these configuration files. The access "
|
||
"rights can also be validated using the following command. This command will "
|
||
"only be available on your system if it supports ACLs."
|
||
msgstr ""
|
||
"Dengan :ref:`check_image_01`, dan hak akses diatur ke 640, root telah "
|
||
"membaca/menulis akses dan glance telah membaca akses ke file konfigurasi "
|
||
"ini. Hak akses juga bisa divalidasi dengan menggunakan perintah berikut. "
|
||
"Perintah ini hanya akan tersedia di sistem Anda jika mendukung ACL."
|
||
|
||
msgid ""
|
||
"With :ref:`check_key_mgr_01` and permissions set to 640, root has read/write "
|
||
"access and barbican has read access to these configuration files. The access "
|
||
"rights can also be validated using the following command. This command will "
|
||
"only be available on your system if it supports ACLs."
|
||
msgstr ""
|
||
"Dengan :ref:`check_key_mgr_01` dan hak akses diatur ke 640, root telah "
|
||
"membaca / menulis akses dan barbican telah membaca akses ke file konfigurasi "
|
||
"ini. Hak akses juga dapat divalidasi dengan menggunakan perintah berikut. "
|
||
"Perintah ini hanya akan tersedia di sistem Anda jika mendukung ACL."
|
||
|
||
msgid ""
|
||
"With ZeroMQ messaging, IPC sockets are used on individual machines. Because "
|
||
"these sockets are vulnerable to attack, ensure that the cloud operator has "
|
||
"secured them."
|
||
msgstr ""
|
||
"Dengan pesan ZeroMQ, soket IPC digunakan pada mesin individual. Karena soket "
|
||
"ini rentan diserang, pastikan operator awan telah mengamankan mereka."
|
||
|
||
msgid ""
|
||
"With a Key Manager service deployed on the stack, sahara must be configured "
|
||
"to enable the external storage of secrets. Sahara uses the Castellan library "
|
||
"to interface with the OpenStack Key Manager service. This library provides "
|
||
"configurable access to a key manager."
|
||
msgstr ""
|
||
"Dengan layanan Key Manager yang ditempatkan di stack, sahara harus "
|
||
"dikonfigurasi untuk memungkinkan penyimpanan rahasia eksternal. Sahara "
|
||
"menggunakan perpustakaan Castellan untuk berinteraksi dengan layanan "
|
||
"OpenStack Key Manager. Perpustakaan ini menyediakan akses yang dapat "
|
||
"dikonfigurasi ke manajer kunci."
|
||
|
||
msgid ""
|
||
"With careful modeling, you can use network ACLs and IDS technologies to "
|
||
"enforce explicit point to point communication between network services. As a "
|
||
"critical cross domain service, this type of explicit enforcement works well "
|
||
"for OpenStack's message queue service."
|
||
msgstr ""
|
||
"Dengan pemodelan yang cermat, Anda dapat menggunakan teknologi ACL dan IDS "
|
||
"jaringan untuk menerapkan komunikasi point to talk secara eksplisit antara "
|
||
"layanan jaringan. Sebagai layanan lintas domain yang kritis, jenis penegakan "
|
||
"eksplisit ini bekerja dengan baik untuk layanan antrian pesan OpenStack."
|
||
|
||
msgid ""
|
||
"With drivers that support NFS protocol authentication via IP address is the "
|
||
"only supported option."
|
||
msgstr ""
|
||
"Dengan driver yang mendukung otentikasi protokol NFS melalui alamat IP "
|
||
"adalah satu-satunya opsi yang didukung."
|
||
|
||
msgid ""
|
||
"With the Key management service, when an ephemeral disk is no longer needed, "
|
||
"simply deleting the key may take the place of overwriting the ephemeral disk "
|
||
"storage area"
|
||
msgstr ""
|
||
"Dengan layanan manajemen Key, ketika disk fana tidak lagi dibutuhkan, cukup "
|
||
"hapus kunci yang mungkin menggantikan penimpaan area penyimpanan disk "
|
||
"sementara"
|
||
|
||
msgid ""
|
||
"With unique kernel-level architecture and National Security Agency (NSA) "
|
||
"developed security mechanisms, KVM provides foundational isolation "
|
||
"technologies for multi-tenancy. With developmental origins dating back to "
|
||
"2002, the Secure Virtualization (sVirt) technology is the application of "
|
||
"SELinux against modern day virtualization. SELinux, which was designed to "
|
||
"apply separation control based upon labels, has been extended to provide "
|
||
"isolation between virtual machine processes, devices, data files and system "
|
||
"processes acting upon their behalf."
|
||
msgstr ""
|
||
"Dengan arsitektur kernel-level yang unik dan National Security Agency (NSA) "
|
||
"mengembangkan mekanisme keamanan, KVM menyediakan teknologi isolasi fondasi "
|
||
"untuk multi-tenancy. Dengan asal mula perkembangan sejak tahun 2002, "
|
||
"teknologi Secure Virtualization (sVirt) adalah aplikasi SELinux melawan "
|
||
"virtualisasi modern. SELinux, yang dirancang untuk menerapkan kontrol "
|
||
"pemisahan berdasarkan label, telah diperluas untuk memberikan isolasi antara "
|
||
"proses mesin virtual, perangkat, file data dan proses sistem yang bertindak "
|
||
"atas nama mereka."
|
||
|
||
msgid ""
|
||
"Within OpenStack some data may be deleted, but not securely erased in the "
|
||
"context of the NIST standards outlined above. This is generally applicable "
|
||
"to most or all of the above-defined metadata and information stored in the "
|
||
"database. This may be remediated with database and/or system configuration "
|
||
"for auto vacuuming and periodic free-space wiping."
|
||
msgstr ""
|
||
"Dalam OpenStack beberapa data dapat dihapus, namun tidak dicabut dengan aman "
|
||
"dalam konteks standar NIST yang diuraikan di atas. Hal ini umumnya berlaku "
|
||
"untuk sebagian besar atau semua metadata dan informasi yang didefinisikan di "
|
||
"atas yang tersimpan dalam database. Hal ini dapat diperbaiki dengan "
|
||
"konfigurasi sistem dan/atau database untuk vacuuming secara otomatis dan "
|
||
"wiping (pembersihan) ruang bebas secara periodik."
|
||
|
||
msgid ""
|
||
"Within OpenStack, it is recommended that all endpoints, especially public, "
|
||
"are provided with an extra layer of protection, by means of either a rate-"
|
||
"limiting proxy or web application firewall."
|
||
msgstr ""
|
||
"Dalam OpenStack, disarankan agar semua endpoint, terutama publik, dilengkapi "
|
||
"dengan lapisan perlindungan ekstra, dengan menggunakan proxy rate-limiting "
|
||
"atau firewall aplikasi web."
|
||
|
||
msgid ""
|
||
"Within OpenStack, there are two solutions recommended for secrets managment, "
|
||
"those being `Barbican <https://docs.openstack.org/barbican/latest/>`_ and "
|
||
"`Castellan <https://docs.openstack.org/castellan/latest/>`_. This chapter "
|
||
"will outline different scenarios to help an operator make a choice on which "
|
||
"key manager to use."
|
||
msgstr ""
|
||
"Dalam OpenStack, ada dua solusi yang direkomendasikan untuk manajemen "
|
||
"rahasia, keberadaannya `Barbican <https://docs.openstack.org/barbican/latest/"
|
||
">`_ dan `Castellan <https://docs.openstack.org/castellan/latest/>`_. Bab ini "
|
||
"akan menjelaskan berbagai skenario untuk membantu operator menentukan "
|
||
"pilihan manajer kunci mana yang akan digunakan."
|
||
|
||
msgid ""
|
||
"Within a cloud environment there is a mixture of hardware, operating "
|
||
"systems, virtual machine managers, OpenStack services, cloud-user activity "
|
||
"(such as creating instances and attaching storage), networking, and end-"
|
||
"users using the applications running on the various instances."
|
||
msgstr ""
|
||
"Dalam lingkungan awan terdapat campuran perangkat keras, sistem operasi, "
|
||
"manajer mesin virtual, layanan OpenStack, aktivitas pengguna awan (seperti "
|
||
"membuat instance dan penyimpanan terhubung), jaringan, dan pengguna akhir "
|
||
"yang menggunakan aplikasi yang berjalan pada berbagai instance."
|
||
|
||
msgid ""
|
||
"Within the OpenStack framework, you can choose among many hypervisor "
|
||
"platforms and corresponding OpenStack plug-ins to optimize your cloud "
|
||
"environment. In the context of this guide, hypervisor selection "
|
||
"considerations are highlighted as they pertain to feature sets that are "
|
||
"critical to security. However, these considerations are not meant to be an "
|
||
"exhaustive investigation into the pros and cons of particular hypervisors. "
|
||
"NIST provides additional guidance in Special Publication 800-125, \"*Guide "
|
||
"to Security for Full Virtualization Technologies*\"."
|
||
msgstr ""
|
||
"Dalam kerangka OpenStack, Anda dapat memilih di antara banyak platform "
|
||
"hypervisor dan plug-in OpenStack yang sesuai untuk mengoptimalkan lingkungan "
|
||
"awan Anda. Dalam konteks panduan ini, pertimbangan seleksi hypervisor "
|
||
"disorot karena berkaitan dengan rangkaian fitur yang sangat penting untuk "
|
||
"keamanan. Namun, pertimbangan ini tidak dimaksudkan sebagai penyelidikan "
|
||
"menyeluruh terhadap pro dan kontra dari hypervisors tertentu. NIST "
|
||
"memberikan panduan tambahan dalam Publikasi Khusus 800-125, \"*Guide to "
|
||
"Security for Full Virtualization Technologies*\"."
|
||
|
||
msgid ""
|
||
"Within the ``keystone.conf`` assign values to the ``[saml]`` related fields, "
|
||
"for example:"
|
||
msgstr ""
|
||
"Di dalam ``keystone.conf`` tetapkan nilai ke field terkait ``[saml] ``, "
|
||
"misalnya:"
|
||
|
||
msgid "X"
|
||
msgstr "X"
|
||
|
||
msgid "XEN transparent page sharing"
|
||
msgstr "XEN transparent page sharing"
|
||
|
||
msgid "XSM"
|
||
msgstr "XSM"
|
||
|
||
msgid "Xen"
|
||
msgstr "Xen"
|
||
|
||
msgid ""
|
||
"Xen Project, Xen Security Modules: XSM-FLASK. 2014. `http://wiki.xen.org/"
|
||
"wiki/Xen_Security_Modules_:_XSM-FLASK <http://wiki.xen.org/wiki/"
|
||
"Xen_Security_Modules_:_XSM-FLASK>`_"
|
||
msgstr ""
|
||
"Xen Project, Xen Security Modules: XSM-FLASK. 2014. `http://wiki.xen.org/"
|
||
"wiki/Xen_Security_Modules_:_XSM-FLASK <http://wiki.xen.org/wiki/"
|
||
"Xen_Security_Modules_:_XSM-FLASK>`_"
|
||
|
||
msgid ""
|
||
"Xen explicitly assigns dedicated memory regions to instances and scrubs data "
|
||
"upon the destruction of instances (or domains in Xen parlance). KVM depends "
|
||
"more greatly on Linux page management; A complex set of rules related to KVM "
|
||
"paging is defined in the `KVM documentation <http://www.linux-kvm.org/page/"
|
||
"Memory>`__."
|
||
msgstr ""
|
||
"Xen secara eksplisit menetapkan area memori khusus ke instance dan data "
|
||
"scrub saat penghancuran instance (atau domain dalam bahasa Xen). KVM sangat "
|
||
"bergantung pada pengelolaan halaman Linux; Kumpulan aturan kompleks yang "
|
||
"terkait dengan paging KVM didefinisikan dalam `KVM documentation <http://www."
|
||
"linux-kvm.org/page/Memory>`__."
|
||
|
||
msgid "Xen:"
|
||
msgstr "Xen:"
|
||
|
||
msgid ""
|
||
"XenServer 5.6 includes a memory overcommitment feature named Transparent "
|
||
"Page Sharing (TPS). TPS scans memory in 4 KB chunks for any duplicates. When "
|
||
"found, the Xen Virtual Machine Monitor (VMM) discards one of the duplicates "
|
||
"and records the reference of the second one."
|
||
msgstr ""
|
||
"XenServer 5.6 menyertakan fitur overcommitment memori yang bernama "
|
||
"Transparent Page Sharing (TPS). TPS memindai memori dalam potongan 4 KB "
|
||
"untuk setiap duplikat. Ketika ditemukan, Xen Virtual Machine Monitor (VMM) "
|
||
"membuang salah satu duplikat dan mencatat referensi yang kedua."
|
||
|
||
msgid ""
|
||
"You also can choose and add the :ref:`security service "
|
||
"<shared_fs_security_services>` that is supported by the share driver to "
|
||
"create access rules with authentication methods for clients that are "
|
||
"appropriate for your share. Supported security services are LDAP, Kerberos "
|
||
"and Microsoft Active Directory."
|
||
msgstr ""
|
||
"Anda juga bisa memilih dan menambahkan :ref:`security service "
|
||
"<shared_fs_security_services>` yang didukung oleh share driver untuk membuat "
|
||
"aturan akses dengan metode otentikasi untuk klien yang sesuai untuk share "
|
||
"anda. Layanan keamanan yang didukung adalah LDAP, Kerberos dan Microsoft "
|
||
"Active Directory."
|
||
|
||
msgid ""
|
||
"You also can configure :ref:`security services "
|
||
"<shared_fs_security_services>` in both *share servers* and *no share "
|
||
"servers* back-end modes. But with *no share servers* back-end mode, an "
|
||
"administrator should set desired authentication services manually on the "
|
||
"host. And in *share servers* mode the Shared File Systems service can be "
|
||
"configured automatically with any existing security services supported by "
|
||
"the share driver."
|
||
msgstr ""
|
||
"Anda juga dapat mengkonfigurasi :ref:`security services "
|
||
"<shared_fs_security_services>` di *share server * maupun *no share server * "
|
||
"mode back-end. Tapi dengan *no share servers* mode back-end, administrator "
|
||
"harus mengatur layanan otentikasi yang diinginkan secara manual pada host. "
|
||
"Dan di mode *share servers*, layanan Shared File Systems dapat dikonfigurasi "
|
||
"secara otomatis dengan layanan keamanan yang ada yang didukung oleh driver "
|
||
"share."
|
||
|
||
msgid ""
|
||
"You can force some services to use specific API endpoints. Therefore, it is "
|
||
"recommended that each OpenStack service communicating to the API of another "
|
||
"service must be explicitly configured to access the proper internal API "
|
||
"endpoint."
|
||
msgstr ""
|
||
"Anda dapat memaksa beberapa layanan untuk menggunakan endpoint API yang "
|
||
"spesifik. Oleh karena itu, disarankan agar setiap layanan OpenStack "
|
||
"berkomunikasi dengan API dari layanan lain harus dikonfigurasi secara "
|
||
"eksplisit untuk mengakses endpoint API internal yang benar."
|
||
|
||
msgid "You must also specify one of these supported authentication methods:"
|
||
msgstr ""
|
||
"Anda juga harus menentukan salah satu dari metode otentikasi yang didukung "
|
||
"ini:"
|
||
|
||
msgid ""
|
||
"You should configure your web service as a non-root (no UID 0) user such as "
|
||
"``swift`` mentioned before. The use of a port greater than 1024 is required "
|
||
"to make this easy and avoid running any part of the web container as root. "
|
||
"Normally, clients using the HTTP REST API and performing authentication "
|
||
"automatically retrieve the full REST API URL they require from the "
|
||
"authentication response. OpenStack's REST API allows for a client to "
|
||
"authenticate to one URL and then be told to use a completely different URL "
|
||
"for the actual service. For example, a Client authenticates to https://"
|
||
"identity.cloud.example.org:55443/v1/auth and gets a response with their "
|
||
"authentication key and Storage URL (the URL of the proxy nodes or load "
|
||
"balancer) of https://swift.cloud.example.org:44443/v1/AUTH_8980."
|
||
msgstr ""
|
||
"Anda harus mengkonfigurasi layanan web Anda sebagai pengguna non-root (no "
|
||
"UID 0) seperti ``swift`` yang disebutkan sebelumnya. Penggunaan port yang "
|
||
"lebih besar dari 1024 diperlukan untuk mempermudah dan menghindari "
|
||
"menjalankan bagian penampung web sebagai root. Biasanya, klien yang "
|
||
"menggunakan HTTP REST API dan melakukan autentikasi secara otomatis "
|
||
"mengambil full REST API URL yang mereka butuhkan dari respons autentikasi. "
|
||
"REST API OpenStack memungkinkan klien mengautentikasi ke satu URL dan "
|
||
"kemudian diberi tahu untuk menggunakan URL yang sama sekali berbeda untuk "
|
||
"layanan sebenarnya. Misalnya, Klien mengotentikasi https://identity.cloud."
|
||
"example.org:55443/v1/auth dan mendapat tanggapan dengan kunci autentikasi "
|
||
"dan Storage URL (URL dari nodus proxy atau penyeimbang beban) https: / /"
|
||
"swift.click.example.org:44443/v1/AUTH_8980."
|
||
|
||
msgid ""
|
||
"You should isolate API endpoint processes from each other and other "
|
||
"processes on a machine. The configuration for those processes should be "
|
||
"restricted to those processes not only by Discretionary Access Controls, but "
|
||
"through Mandatory Access Controls. The goal of these enhanced access "
|
||
"controls is to aid in the containment and escalation of API endpoint "
|
||
"security breaches. With mandatory access controls, such breaches severely "
|
||
"limit access to resources and provide earlier alerting on such events."
|
||
msgstr ""
|
||
"Anda harus mengisolasi proses endpoint API satu sama lain dan proses lainnya "
|
||
"pada mesin. Konfigurasi untuk proses tersebut harus dibatasi pada proses-"
|
||
"proses tersebut tidak hanya oleh Discretionary Access Controls, namun "
|
||
"melalui Mandatory Access Control. Tujuan dari kontrol akses yang "
|
||
"disempurnakan ini adalah untuk membantu penahanan dan eskalasi pelanggaran "
|
||
"keamanan endpoint API. Dengan kontrol akses wajib, pelanggaran tersebut "
|
||
"sangat membatasi akses terhadap sumber daya dan memberikan peringatan "
|
||
"sebelumnya mengenai kejadian tersebut."
|
||
|
||
msgid ""
|
||
"You should isolate API endpoint processes, especially those that reside "
|
||
"within the public security domain should be isolated as much as possible. "
|
||
"Where deployments allow, API endpoints should be deployed on separate hosts "
|
||
"for increased isolation."
|
||
msgstr ""
|
||
"Anda harus mengisolasi proses endpoint API, terutama yang berada di dalam "
|
||
"domain keamanan publik harus diisolasi sebanyak mungkin. Bila pengerahan "
|
||
"memungkinkan, endpoint API harus dipasang di host terpisah untuk peningkatan "
|
||
"isolasi."
|
||
|
||
msgid ""
|
||
"You should test any update before you deploy it in a production environment. "
|
||
"Typically this requires having a separate test cloud setup that first "
|
||
"receives the update. This cloud should be as close to the production cloud "
|
||
"as possible, in terms of software and hardware. Updates should be tested "
|
||
"thoroughly in terms of performance impact, stability, application impact, "
|
||
"and more. Especially important is to verify that the problem theoretically "
|
||
"addressed by the update, such as a specific vulnerability, is actually fixed."
|
||
msgstr ""
|
||
"Anda harus menguji pembaruan sebelum menerapkannya di lingkungan produksi. "
|
||
"Biasanya ini memerlukan setup awan uji terpisah yang pertama kali menerima "
|
||
"pembaruan. Awan ini harus sedekat mungkin dengan awan produksi, dalam hal "
|
||
"perangkat lunak dan perangkat keras. Pembaruan harus diuji secara menyeluruh "
|
||
"dalam hal dampak kinerja, stabilitas, dampak aplikasi, dan lainnya. Terutama "
|
||
"yang penting adalah untuk memverifikasi bahwa masalah yang secara teoritis "
|
||
"ditangani oleh pembaruan, seperti kerentanan spesifik, dan masalah ini "
|
||
"diperbaiki secara nata."
|
||
|
||
msgid ""
|
||
"Your selection of supporting software, such as messaging and load balancing, "
|
||
"can have serious security impacts on your cloud. It is important that you "
|
||
"make the proper choices for your organization. This section provides some "
|
||
"general guidelines for selecting supporting software."
|
||
msgstr ""
|
||
"Pilihan perangkat lunak pendukung Anda, seperti olah pesan dan penyeimbangan "
|
||
"beban, dapat menimbulkan dampak keamanan serius pada awan Anda. Adalah "
|
||
"penting bahwa Anda membuat pilihan yang tepat untuk organisasi Anda. Bagian "
|
||
"ini memberikan beberapa panduan umum untuk memilih perangkat lunak pendukung."
|
||
|
||
msgid "ZeroMQ or 0MQ"
|
||
msgstr "ZeroMQ atau 0MQ"
|
||
|
||
msgid "`AIDE <http://aide.sourceforge.net/>`__"
|
||
msgstr "`AIDE <http://aide.sourceforge.net/>`__"
|
||
|
||
msgid ""
|
||
"`Apache Qpid Authentication <http://qpid.apache.org/releases/qpid-0.32/cpp-"
|
||
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
|
||
"Messaging_User_Guide-Security-User_Authentication>`__"
|
||
msgstr ""
|
||
"`Apache Qpid Authentication <http://qpid.apache.org/releases/qpid-0.32/cpp-"
|
||
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
|
||
"Messaging_User_Guide-Security-User_Authentication>`__"
|
||
|
||
msgid ""
|
||
"`Apache Qpid Authorization <http://qpid.apache.org/releases/qpid-0.32/cpp-"
|
||
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
|
||
"Messaging_User_Guide-Security-Authorization>`__"
|
||
msgstr ""
|
||
"`Apache Qpid Authorization <http://qpid.apache.org/releases/qpid-0.32/cpp-"
|
||
"broker/book/chap-Messaging_User_Guide-Security.html#sect-"
|
||
"Messaging_User_Guide-Security-Authorization>`__"
|
||
|
||
msgid ""
|
||
"`Apache Qpid SSL <http://qpid.apache.org/releases/qpid-0.32/cpp-broker/book/"
|
||
"chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Security-"
|
||
"Encryption_using_SSL>`__"
|
||
msgstr ""
|
||
"`Apache Qpid SSL <http://qpid.apache.org/releases/qpid-0.32/cpp-broker/book/"
|
||
"chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Security-"
|
||
"Encryption_using_SSL>`__"
|
||
|
||
msgid "`Apache httpd <http://www.apache.org/>`_"
|
||
msgstr "`Apache httpd <http://www.apache.org/>`_"
|
||
|
||
msgid ""
|
||
"`Barbican <https://docs.openstack.org/barbican/latest/>`_ is an OpenStack "
|
||
"service that provides a back-end for Castellan. Barbican expects and "
|
||
"authenticates a keystone authentication token to identify the user and "
|
||
"project accessing or storing a secret. It then applies policy to determine "
|
||
"if access is permitted. It also provides a number of additional useful "
|
||
"features to improve secret management including quotas, per-secret ACLs, "
|
||
"tracking of secret consumers and grouping of secrets in secret containers. "
|
||
"Octavia, for example, integrates directly with Barbican (instead of "
|
||
"Castellan) to take advantage of some of these features."
|
||
msgstr ""
|
||
"`Barbican <https://docs.openstack.org/barbican/latest/>`_ adalah layanan "
|
||
"OpenStack yang menyediakan back-end untuk Castellan. Barbican mengharapkan "
|
||
"dan mengotentikasi token otentikasi keystone untuk mengidentifikasi pengguna "
|
||
"dan proyek yang mengakses atau menyimpan sebuah rahasia. Kemudian menerapkan "
|
||
"kebijakan untuk menentukan apakah akses diizinkan. Ini juga menyediakan "
|
||
"sejumlah fitur bermanfaat tambahan untuk memperbaiki manajemen rahasia "
|
||
"termasuk kuota, ACL per rahasia, pelacakan konsumen rahasia dan "
|
||
"pengelompokan rahasia dalam wadah rahasia. Octavia, misalnya, terintegrasi "
|
||
"langsung dengan Barbican (bukan Castellan) untuk memanfaatkan beberapa fitur "
|
||
"ini."
|
||
|
||
msgid ""
|
||
"`Castellan <https://docs.openstack.org/castellan/latest/>`_ is a library "
|
||
"that provides a simple common interface to store, generate and retrieve "
|
||
"secrets. It is used by most Openstack services for secret management. As a "
|
||
"library, Castellan does not provide a secret store in and of itself. Rather, "
|
||
"a back-end implementation is required to be deployed."
|
||
msgstr ""
|
||
"`Castellan <https://docs.openstack.org/castellan/latest/>`_ adalah sebuah "
|
||
"perpustakaan yang menyediakan antarmuka umum sederhana untuk menyimpan, "
|
||
"menghasilkan dan mengambil rahasia. Ini digunakan oleh sebagian besar "
|
||
"layanan Openstack untuk manajemen rahasia. Sebagai perpustakaan, Castellan "
|
||
"tidak menyediakan penyimpanan rahasia itu sendiri. Sebaliknya, implementasi "
|
||
"back-end harus dilakukan."
|
||
|
||
msgid ""
|
||
"`Center for Internet Security (CIS) Benchmarks <https://www.cisecurity.org/"
|
||
"cis-benchmarks/>`_"
|
||
msgstr ""
|
||
"`Center for Internet Security (CIS) Benchmarks <https://www.cisecurity.org/"
|
||
"cis-benchmarks/>`_"
|
||
|
||
msgid ""
|
||
"`Cloud Security Alliance (CSA) Common Control Matrix (CCM) <https://"
|
||
"cloudsecurityalliance.org/media/news/csa-releases-new-ccm-caiq-v3-0-1/>`_"
|
||
msgstr ""
|
||
"`Cloud Security Alliance (CSA) Common Control Matrix (CCM) <https://"
|
||
"cloudsecurityalliance.org/media/news/csa-releases-new-ccm-caiq-v3-0-1/>`_"
|
||
|
||
msgid ""
|
||
"`Cloudera CDH <https://www.cloudera.com/content/cloudera/en/documentation."
|
||
"html#CDH>`_"
|
||
msgstr ""
|
||
"`Cloudera CDH <https://www.cloudera.com/content/cloudera/en/documentation."
|
||
"html#CDH>`_"
|
||
|
||
msgid ""
|
||
"`Common Criteria <https://www.commoncriteriaportal.org/>`_ is an "
|
||
"internationally standardized software evaluation process, used by "
|
||
"governments and commercial companies to validate that software technologies "
|
||
"perform as advertised."
|
||
msgstr ""
|
||
"`Common Criteria <https://www.commoncriteriaportal.org/>`_ adalah proses "
|
||
"evaluasi perangkat lunak yang distandarkan secara internasional, yang "
|
||
"digunakan oleh pemerintah dan perusahaan komersial untuk memvalidasi "
|
||
"teknologi perangkat lunak yang dilakukan seperti yang diiklankan."
|
||
|
||
msgid ""
|
||
"`HDFS <https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/"
|
||
"HdfsUserGuide.html>`_"
|
||
msgstr ""
|
||
"`HDFS <https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/"
|
||
"HdfsUserGuide.html>`_"
|
||
|
||
msgid "`Hadoop <https://hadoop.apache.org>`_"
|
||
msgstr "`Hadoop <https://hadoop.apache.org>`_"
|
||
|
||
msgid ""
|
||
"`Hadoop secure mode docs <https://hadoop.apache.org/docs/current/hadoop-"
|
||
"project-dist/hadoop-common/SecureMode.html>`_"
|
||
msgstr ""
|
||
"`Hadoop secure mode docs <https://hadoop.apache.org/docs/current/hadoop-"
|
||
"project-dist/hadoop-common/SecureMode.html>`_"
|
||
|
||
msgid "`Hardening Walkthrough <https://wiki.debian.org/HardeningWalkthrough>`_"
|
||
msgstr ""
|
||
"`Hardening Walkthrough <https://wiki.debian.org/HardeningWalkthrough>`_"
|
||
|
||
msgid "`Hive <https://hive.apache.org>`_"
|
||
msgstr "`Hive <https://hive.apache.org>`_"
|
||
|
||
msgid "`Hortonworks Data Platform <http://docs.hortonworks.com>`_"
|
||
msgstr "`Hortonworks Data Platform <http://docs.hortonworks.com>`_"
|
||
|
||
msgid ""
|
||
"`How to assign devices with VT-d in KVM <http://www.linux-kvm.org/page/"
|
||
"How_to_assign_devices_with_VT-d_in_KVM>`_"
|
||
msgstr ""
|
||
"`How to assign devices with VT-d in KVM <http://www.linux-kvm.org/page/"
|
||
"How_to_assign_devices_with_VT-d_in_KVM>`_"
|
||
|
||
msgid ""
|
||
"`How to create an RPM package <http://fedoraproject.org/wiki/"
|
||
"How_to_create_an_RPM_package>`_"
|
||
msgstr ""
|
||
"`How to create an RPM package <http://fedoraproject.org/wiki/"
|
||
"How_to_create_an_RPM_package>`_"
|
||
|
||
msgid "`ISO 27001/2:2013 <http://www.27000.org/iso-27001.htm>`_"
|
||
msgstr "`ISO 27001/2:2013 <http://www.27000.org/iso-27001.htm>`_"
|
||
|
||
msgid ""
|
||
"`MapR <https://www.mapr.com/products/mapr-distribution-including-apache-"
|
||
"hadoop>`_"
|
||
msgstr ""
|
||
"`MapR <https://www.mapr.com/products/mapr-distribution-including-apache-"
|
||
"hadoop>`_"
|
||
|
||
msgid ""
|
||
"`MySQL Pluggable Authentication <http://dev.mysql.com/doc/refman/5.5/en/"
|
||
"pluggable-authentication.html>`__"
|
||
msgstr ""
|
||
"`MySQL Pluggable Authentication <http://dev.mysql.com/doc/refman/5.5/en/"
|
||
"pluggable-authentication.html>`__"
|
||
|
||
msgid ""
|
||
"`National Security Agency, Suite B Cryptography <http://www.nsa.gov/ia/"
|
||
"programs/suiteb_cryptography/index.shtml>`_"
|
||
msgstr ""
|
||
"`National Security Agency, Suite B Cryptography <http://www.nsa.gov/ia/"
|
||
"programs/suiteb_cryptography/index.shtml>`_"
|
||
|
||
msgid "`Nginx <http://nginx.org/>`_"
|
||
msgstr "`Nginx <http://nginx.org/>`_"
|
||
|
||
msgid "`OSSEC <http://www.ossec.net/>`__"
|
||
msgstr "`OSSEC <http://www.ossec.net/>`__"
|
||
|
||
msgid ""
|
||
"`OWASP Guide to Cryptography <https://www.owasp.org/index.php/"
|
||
"Guide_to_Cryptography>`_"
|
||
msgstr ""
|
||
"`OWASP Guide to Cryptography <https://www.owasp.org/index.php/"
|
||
"Guide_to_Cryptography>`_"
|
||
|
||
msgid ""
|
||
"`OWASP MySQL Hardening <https://www.owasp.org/index.php/"
|
||
"OWASP_Backend_Security_Project_MySQL_Hardening>`__"
|
||
msgstr ""
|
||
"`OWASP MySQL Hardening <https://www.owasp.org/index.php/"
|
||
"OWASP_Backend_Security_Project_MySQL_Hardening>`__"
|
||
|
||
msgid ""
|
||
"`OWASP PostgreSQL Hardening <https://www.owasp.org/index.php/"
|
||
"OWASP_Backend_Security_Project_PostgreSQL_Hardening>`__"
|
||
msgstr ""
|
||
"`OWASP PostgreSQL Hardening <https://www.owasp.org/index.php/"
|
||
"OWASP_Backend_Security_Project_PostgreSQL_Hardening>`__"
|
||
|
||
msgid ""
|
||
"`OWASP Transport Layer Protection Cheat Sheet <https://www.owasp.org/index."
|
||
"php/Transport_Layer_Protection_Cheat_Sheet>`_"
|
||
msgstr ""
|
||
"`OWASP Transport Layer Protection Cheat Sheet <https://www.owasp.org/index."
|
||
"php/Transport_Layer_Protection_Cheat_Sheet>`_"
|
||
|
||
msgid "`Oozie <https://oozie.apache.org>`_"
|
||
msgstr "`Oozie <https://oozie.apache.org>`_"
|
||
|
||
msgid "`OpenSCAP <https://www.open-scap.org/>`_"
|
||
msgstr "`OpenSCAP <https://www.open-scap.org/>`_"
|
||
|
||
msgid ""
|
||
"`OpenSSL and FIPS 140-2 <http://www.openssl.org/docs/fips/fipsnotes.html>`_"
|
||
msgstr ""
|
||
"`OpenSSL and FIPS 140-2 <http://www.openssl.org/docs/fips/fipsnotes.html>`_"
|
||
|
||
msgid "`Pig <https://pig.apache.org>`_"
|
||
msgstr "`Pig <https://pig.apache.org>`_"
|
||
|
||
msgid "`Pound <http://www.apsis.ch/pound>`_"
|
||
msgstr "`Pound <http://www.apsis.ch/pound>`_"
|
||
|
||
msgid "`PyKMIP library <https://github.com/OpenKMIP/PyKMIP>`__"
|
||
msgstr "`PyKMIP library <https://github.com/OpenKMIP/PyKMIP>`__"
|
||
|
||
msgid "`RFC 4253 <http://www.ietf.org/rfc/rfc4253.txt>`_"
|
||
msgstr "`RFC 4253 <http://www.ietf.org/rfc/rfc4253.txt>`_"
|
||
|
||
msgid ""
|
||
"`RabbitMQ Access Control <http://www.rabbitmq.com/access-control.html>`__"
|
||
msgstr ""
|
||
"`RabbitMQ Access Control <http://www.rabbitmq.com/access-control.html>`__"
|
||
|
||
msgid ""
|
||
"`RabbitMQ Authentication <http://www.rabbitmq.com/authentication.html>`__"
|
||
msgstr ""
|
||
"`RabbitMQ Authentication <http://www.rabbitmq.com/authentication.html>`__"
|
||
|
||
msgid "`RabbitMQ Configuration <http://www.rabbitmq.com/configure.html>`__"
|
||
msgstr "`RabbitMQ Configuration <http://www.rabbitmq.com/configure.html>`__"
|
||
|
||
msgid "`RabbitMQ Plugins <http://www.rabbitmq.com/plugins.html>`__"
|
||
msgstr "`RabbitMQ Plugins <http://www.rabbitmq.com/plugins.html>`__"
|
||
|
||
msgid ""
|
||
"`RabbitMQ SASL External Auth <http://hg.rabbitmq.com/rabbitmq-auth-mechanism-"
|
||
"ssl/file/rabbitmq_v3_1_3/README>`__"
|
||
msgstr ""
|
||
"`RabbitMQ SASL External Auth <http://hg.rabbitmq.com/rabbitmq-auth-mechanism-"
|
||
"ssl/file/rabbitmq_v3_1_3/README>`__"
|
||
|
||
msgid "`RabbitMQ SSL <http://www.rabbitmq.com/ssl.html>`__"
|
||
msgstr "`RabbitMQ SSL <http://www.rabbitmq.com/ssl.html>`__"
|
||
|
||
msgid "`Samhain <http://la-samhna.de/samhain/>`__"
|
||
msgstr "`Samhain <http://la-samhna.de/samhain/>`__"
|
||
|
||
msgid ""
|
||
"`Security Technical Implementation Guide (STIG) <http://iase.disa.mil/stigs/"
|
||
"Pages/index.aspx>`_"
|
||
msgstr ""
|
||
"`Security Technical Implementation Guide (STIG) <http://iase.disa.mil/stigs/"
|
||
"Pages/index.aspx>`_"
|
||
|
||
msgid ""
|
||
"`Security in MySQL <http://downloads.mysql.com/docs/mysql-security-"
|
||
"excerpt-5.1-en.pdf>`__"
|
||
msgstr ""
|
||
"`Security in MySQL <http://downloads.mysql.com/docs/mysql-security-"
|
||
"excerpt-5.1-en.pdf>`__"
|
||
|
||
msgid ""
|
||
"`SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate "
|
||
"trust model enhancements <http://www.ieee-security.org/TC/SP2013/"
|
||
"papers/4977a511.pdf>`_"
|
||
msgstr ""
|
||
"`SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate "
|
||
"trust model enhancements <http://www.ieee-security.org/TC/SP2013/"
|
||
"papers/4977a511.pdf>`_"
|
||
|
||
msgid "`Spark <https://spark.apache.org>`_"
|
||
msgstr "`Spark <https://spark.apache.org>`_"
|
||
|
||
msgid "`Spark Security <https://spark.apache.org/docs/latest/security.html>`_"
|
||
msgstr "`Spark Security <https://spark.apache.org/docs/latest/security.html>`_"
|
||
|
||
msgid "`Storm <https://storm.apache.org>`_"
|
||
msgstr "`Storm <https://storm.apache.org>`_"
|
||
|
||
msgid "`Stud <https://github.com/bumptech/stud>`_"
|
||
msgstr "`Stud <https://github.com/bumptech/stud>`_"
|
||
|
||
msgid ""
|
||
"`The Most Dangerous Code in the World: Validating SSL Certificates in Non-"
|
||
"Browser Software <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf>`_"
|
||
msgstr ""
|
||
"`The Most Dangerous Code in the World: Validating SSL Certificates in Non-"
|
||
"Browser Software <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf>`_"
|
||
|
||
msgid ""
|
||
"`Total security in a PostgreSQL database <https://www.ibm.com/developerworks/"
|
||
"opensource/library/os-postgresecurity>`__"
|
||
msgstr ""
|
||
"`Total security in a PostgreSQL database <https://www.ibm.com/developerworks/"
|
||
"opensource/library/os-postgresecurity>`__"
|
||
|
||
msgid "`Tripwire <http://sourceforge.net/projects/tripwire/>`__"
|
||
msgstr "`Tripwire <http://sourceforge.net/projects/tripwire/>`__"
|
||
|
||
msgid ""
|
||
"`Trusted Security Principles <http://www.aicpa.org/interestareas/"
|
||
"informationtechnology/resources/soc/trustservices/pages/trust%20services"
|
||
"%20principles—an%20overview.aspx>`_"
|
||
msgstr ""
|
||
"`Trusted Security Principles <http://www.aicpa.org/interestareas/"
|
||
"informationtechnology/resources/soc/trustservices/pages/trust%20services"
|
||
"%20principles—an%20overview.aspx>`_"
|
||
|
||
msgid ""
|
||
"`U.S. NIST FIPS PUB 180-3 <http://csrc.nist.gov/publications/fips/fips180-3/"
|
||
"fips180-3_final.pdf>`_"
|
||
msgstr ""
|
||
"`U.S. NIST FIPS PUB 180-3 <http://csrc.nist.gov/publications/fips/fips180-3/"
|
||
"fips180-3_final.pdf>`_"
|
||
|
||
msgid ""
|
||
"`U.S. NIST FIPS PUB 186-3 <http://csrc.nist.gov/publications/fips/fips186-3/"
|
||
"fips_186-3.pdf>`_"
|
||
msgstr ""
|
||
"`U.S. NIST FIPS PUB 186-3 <http://csrc.nist.gov/publications/fips/fips186-3/"
|
||
"fips_186-3.pdf>`_"
|
||
|
||
msgid "`Xen VTd Howto <http://wiki.xen.org/wiki/VTd_HowTo>`_"
|
||
msgstr "`Xen VTd Howto <http://wiki.xen.org/wiki/VTd_HowTo>`_"
|
||
|
||
msgid "`Zookeeper <https://zookeeper.apache.org>`_"
|
||
msgstr "`Zookeeper <https://zookeeper.apache.org>`_"
|
||
|
||
msgid "``!EXP``"
|
||
msgstr "``!EXP``"
|
||
|
||
msgid "``!LOW:!MEDIUM``"
|
||
msgstr "``!LOW:!MEDIUM``"
|
||
|
||
msgid "``!MD5``"
|
||
msgstr "``!MD5``"
|
||
|
||
msgid "``!RC4``"
|
||
msgstr "``!RC4``"
|
||
|
||
msgid "``!aNULL:!eNULL``"
|
||
msgstr "``!aNULL:!eNULL``"
|
||
|
||
msgid "``$PGDATA/root.crl`` - Certificate revocation list"
|
||
msgstr "``$PGDATA/root.crl`` - Daftar pencabutan sertifikat"
|
||
|
||
msgid "``$PGDATA/root.crt`` - Trusted certificate authorities"
|
||
msgstr "``$PGDATA/root.crt`` - Otoritas sertifikat dipercaya"
|
||
|
||
msgid "``$PGDATA/server.crt`` - Server certificate"
|
||
msgstr "``$PGDATA/server.crt`` - Sertifikat server"
|
||
|
||
msgid "``$PGDATA/server.key`` - Private key corresponding to ``server.crt``"
|
||
msgstr "``$PGDATA/server.key`` - Private key yang sesuai ``server.crt``"
|
||
|
||
msgid ""
|
||
"``DISALLOW_IFRAME_EMBED`` can be used to prevent the OpenStack Dashboard "
|
||
"from being embedded within an iframe."
|
||
msgstr ""
|
||
"``DISALLOW_IFRAME_EMBED`` dapat digunakan untuk mencegah Dasbor OpenStack "
|
||
"tidak disisipkan dalam iframe."
|
||
|
||
msgid "``GRE``"
|
||
msgstr "``GRE``"
|
||
|
||
msgid "``HIGH``"
|
||
msgstr "``HIGH``"
|
||
|
||
msgid "``Protocols``"
|
||
msgstr "``Protocols``"
|
||
|
||
msgid "``Storage controller``"
|
||
msgstr "``Storage controller``"
|
||
|
||
msgid "``VLAN``"
|
||
msgstr "``VLAN``"
|
||
|
||
msgid "``VXLAN``"
|
||
msgstr "``VXLAN``"
|
||
|
||
msgid ""
|
||
"``demo`` user in ``demo`` tenant can list the types and the private share "
|
||
"type named ``my_type`` is not visible for him."
|
||
msgstr ""
|
||
"Pengguna ``demo`` di penyewaan ``demo`` dapat mendaftar jenis dan jenis "
|
||
"share privat bernama ``my_type`` tidak terlihat untuknya."
|
||
|
||
msgid ""
|
||
"``firewall_driver`` must be set to ``nova.virt.firewall.NoopFirewallDriver`` "
|
||
"so that nova-compute does not perform iptables-based filtering itself."
|
||
msgstr ""
|
||
"``firewall_driver`` harus disetel ke ``nova.virt.firewall."
|
||
"NoopFirewallDriver`` sehingga nova-compute tidak melakukan penyaringan "
|
||
"berbasis iptables itu sendiri."
|
||
|
||
msgid "``flat``"
|
||
msgstr "``flat``"
|
||
|
||
msgid "``kEECDH:kEDH``"
|
||
msgstr "``kEECDH:kEDH``"
|
||
|
||
msgid "``kRSA``"
|
||
msgstr "``kRSA``"
|
||
|
||
msgid "``manila-api``"
|
||
msgstr "``manila-api``"
|
||
|
||
msgid "``manila-data``"
|
||
msgstr "``manila-data``"
|
||
|
||
msgid "``manila-scheduler``"
|
||
msgstr "``manila-scheduler``"
|
||
|
||
msgid "``manila-share``"
|
||
msgstr "``manila-share``"
|
||
|
||
msgid "``max-burst-kbps``: burst buffer"
|
||
msgstr "``max-burst-kbps``: burst buffer"
|
||
|
||
msgid "``max-kbps``: bandwidth"
|
||
msgstr "``max-kbps``: bandwidth"
|
||
|
||
msgid "``python-manilaclient``"
|
||
msgstr "``python-manilaclient``"
|
||
|
||
msgid ""
|
||
"``security_group_api`` must be set to ``neutron`` so that all security group "
|
||
"requests are proxied to the OpenStack Networking service."
|
||
msgstr ""
|
||
"``security_group_api`` harus disetel ke ``neutron`` sehingga semua "
|
||
"permintaan grup keamanan diproksikan ke layanan OpenStack Networking."
|
||
|
||
msgid ""
|
||
"`ansible-hardening <https://docs.openstack.org/ansible-hardening/latest/>`_"
|
||
msgstr ""
|
||
"`ansible-hardening <https://docs.openstack.org/ansible-hardening/latest/>`_"
|
||
|
||
msgid ""
|
||
"`http://blogs.vmware.com/security/ <http://blogs.vmware.com/security/>`_"
|
||
msgstr ""
|
||
"`http://blogs.vmware.com/security/ <http://blogs.vmware.com/security/>`_"
|
||
|
||
msgid "`http://seclists.org/oss-sec <http://seclists.org/oss-sec>`_"
|
||
msgstr "`http://seclists.org/oss-sec <http://seclists.org/oss-sec>`_"
|
||
|
||
msgid ""
|
||
"`http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf <http://www.cl.cam.ac.uk/"
|
||
"~rja14/Papers/serpent.pdf>`_"
|
||
msgstr ""
|
||
"`http://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf <http://www.cl.cam.ac.uk/"
|
||
"~rja14/Papers/serpent.pdf>`_"
|
||
|
||
msgid "`http://xenbits.xen.org/xsa/ <http://xenbits.xen.org/xsa/>`_"
|
||
msgstr "`http://xenbits.xen.org/xsa/ <http://xenbits.xen.org/xsa/>`_"
|
||
|
||
msgid ""
|
||
"`https://www.schneier.com/paper-twofish-paper.html <https://www.schneier.com/"
|
||
"paper-twofish-paper.html>`_"
|
||
msgstr ""
|
||
"`https://www.schneier.com/paper-twofish-paper.html <https://www.schneier.com/"
|
||
"paper-twofish-paper.html>`_"
|
||
|
||
msgid "apache2"
|
||
msgstr "apache2"
|
||
|
||
msgid "beam.smp"
|
||
msgstr "beam.smp"
|
||
|
||
msgid ""
|
||
"blog.malchuk.ru, OpenStack VNC Security. 2013. `Secure Connections to VNC "
|
||
"ports <http://blog.malchuk.ru/2013/05/21/47>`_"
|
||
msgstr ""
|
||
"blog.malchuk.ru, OpenStack VNC Security. 2013. `Secure Connections to VNC "
|
||
"ports <http://blog.malchuk.ru/2013/05/21/47>`_"
|
||
|
||
msgid ""
|
||
"blog.sflow.com, sflow: `Host sFlow distributed agent <http://blog.sflow."
|
||
"com/2012/01/host-sflow-distributed-agent.html>`_. 2012."
|
||
msgstr ""
|
||
"blog.sflow.com, sflow: `Host sFlow distributed agent <http://blog.sflow."
|
||
"com/2012/01/host-sflow-distributed-agent.html>`_. 2012."
|
||
|
||
msgid ""
|
||
"blog.sflow.com, sflow: `LAN and WAN <http://blog.sflow.com/2009/09/lan-and-"
|
||
"wan.html>`_. 2009."
|
||
msgstr ""
|
||
"blog.sflow.com, sflow: `LAN and WAN <http://blog.sflow.com/2009/09/lan-and-"
|
||
"wan.html>`_. 2009."
|
||
|
||
msgid ""
|
||
"blog.sflow.com, sflow: `Rapidly detecting large flows sFlow vs <http://blog."
|
||
"sflow.com/2013/01/rapidly-detecting-large-flows-sflow-vs.html>`_. NetFlow/"
|
||
"IPFIX. 2013."
|
||
msgstr ""
|
||
"blog.sflow.com, sflow: `Rapidly detecting large flows sFlow vs <http://blog."
|
||
"sflow.com/2013/01/rapidly-detecting-large-flows-sflow-vs.html>`_. NetFlow/"
|
||
"IPFIX. 2013."
|
||
|
||
msgid ""
|
||
"bugzilla.redhat.com, Bug 913607 - RFE: Support Tunnelling SPICE over "
|
||
"websockets. 2013. `RedHat bug 913607 <https://bugzilla.redhat.com/show_bug."
|
||
"cgi?id=913607>`_."
|
||
msgstr ""
|
||
"bugzilla.redhat.com, Bug 913607 - RFE: Support Tunnelling SPICE over "
|
||
"websockets. 2013. `RedHat bug 913607 <https://bugzilla.redhat.com/show_bug."
|
||
"cgi?id=913607>`_."
|
||
|
||
msgid "cgroups"
|
||
msgstr "cgroups"
|
||
|
||
msgid "dns"
|
||
msgstr "dns"
|
||
|
||
msgid "dnsmasq"
|
||
msgstr "dnsmasq"
|
||
|
||
msgid "driver_handles_share_servers = False"
|
||
msgstr "driver_handles_share_servers = False"
|
||
|
||
msgid "driver_handles_share_servers = True"
|
||
msgstr "driver_handles_share_servers = True"
|
||
|
||
msgid "http"
|
||
msgstr "http"
|
||
|
||
msgid "iSCSI"
|
||
msgstr "iSCSI"
|
||
|
||
msgid "iSCSI initiator service"
|
||
msgstr "iSCSI initiator service"
|
||
|
||
msgid ""
|
||
"keystone listener process (Python): Python process that consumes keystone "
|
||
"events published by the keystone service."
|
||
msgstr ""
|
||
"keystone listener process (Python): Proses Python yang mengkonsumsi keystone "
|
||
"event yang diterbitkan oleh layanan keystone."
|
||
|
||
msgid "mysql"
|
||
msgstr "mysql"
|
||
|
||
msgid "mysqld"
|
||
msgstr "mysqld"
|
||
|
||
msgid "n/a"
|
||
msgstr "n/a"
|
||
|
||
msgid "network provider services (SDN server/services)"
|
||
msgstr "layanan penyedia jaringan (SDN server/services)"
|
||
|
||
msgid "neutron server (*neutron-server* and *neutron-\\*-plugin*)"
|
||
msgstr "neutron server (*neutron-server* and *neutron-\\*-plugin*)"
|
||
|
||
msgid "no share servers"
|
||
msgstr "no share servers"
|
||
|
||
msgid ""
|
||
"oasis-open.org, OASIS Key Management Interoperability Protocol (KMIP). 2014. "
|
||
"`KMIP <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip>`__"
|
||
msgstr ""
|
||
"oasis-open.org, OASIS Key Management Interoperability Protocol (KMIP). 2014. "
|
||
"`KMIP <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip>`__"
|
||
|
||
msgid "or"
|
||
msgstr "atau"
|
||
|
||
msgid "pending"
|
||
msgstr "tertunda"
|
||
|
||
msgid "plugin agent (*neutron-\\*-agent*)"
|
||
msgstr "plugin agent (*neutron-\\*-agent*)"
|
||
|
||
msgid "sVirt"
|
||
msgstr "sVirt"
|
||
|
||
msgid "sVirt SELinux Boolean"
|
||
msgstr "sVirt SELinux Boolean"
|
||
|
||
msgid ""
|
||
"sVirt isolation is provided regardless of the guest operating system running "
|
||
"inside the virtual machine. Linux or Windows VMs can be used. Additionally, "
|
||
"many Linux distributions provide SELinux within the operating system, "
|
||
"allowing the virtual machine to protect internal virtual resources from "
|
||
"threats."
|
||
msgstr ""
|
||
"Isolasi sVirt disediakan terlepas dari sistem operasi guest yang berjalan di "
|
||
"dalam mesin virtual. Linux atau Windows VMs dapat digunakan. Selain itu, "
|
||
"banyak distribusi Linux menyediakan SELinux dalam sistem operasi, "
|
||
"memungkinkan mesin virtual melindungi sumber daya virtual internal dari "
|
||
"ancaman."
|
||
|
||
msgid "sVirt: SELinux and virtualization"
|
||
msgstr "sVirt: SELinux and virtualization"
|
||
|
||
msgid "share servers"
|
||
msgstr "share servers"
|
||
|
||
msgid "ssh"
|
||
msgstr "ssh"
|
||
|
||
msgid "sshd"
|
||
msgstr "sshd"
|
||
|
||
msgid "tgtd"
|
||
msgstr "tgtd"
|
||
|
||
msgid "virt_use_common"
|
||
msgstr "virt_use_common"
|
||
|
||
msgid "virt_use_fusefs"
|
||
msgstr "virt_use_fusefs"
|
||
|
||
msgid "virt_use_nfs"
|
||
msgstr "virt_use_nfs"
|
||
|
||
msgid "virt_use_samba"
|
||
msgstr "virt_use_samba"
|
||
|
||
msgid "virt_use_sanlock"
|
||
msgstr "virt_use_sanlock"
|
||
|
||
msgid "virt_use_sysfs"
|
||
msgstr "virt_use_sysfs"
|
||
|
||
msgid "virt_use_usb"
|
||
msgstr "virt_use_usb"
|
||
|
||
msgid "virt_use_xserver"
|
||
msgstr "virt_use_xserver"
|