WWW.BOOK.DISLIB.INFO
FREE ELECTRONIC LIBRARY - Books, dissertations, abstract
 
<< HOME
CONTACTS



Pages:   || 2 | 3 | 4 |

«TECHNICAL SOLUTION GUIDE The information furnished herein is believed to be accurate and reliable to the best of our knowledge. However, CloudLink ...»

-- [ Page 1 ] --

Data Encryption for

VMware® vCloud®

Hybrid Service™

VMWARE VCLOUD HYBRID SERVICE

AND CLOUDLINK® SECUREVSA

TECHNICAL SOLUTION GUIDE

The information furnished herein is believed to be accurate and reliable to the best of our knowledge. However,

CloudLink Technologies assumes no responsibility for its use, or for any infringements of patents or other rights of

third parties resulting from its use.

CloudLink reserves the right to, without notice, modify all or part of this document and/or change product features or specifications and shall not be responsible for any loss, cost, or damage, including consequential damage, caused by reliance on these materials. If you are in any doubt as to whether this is the correct version of the manual for a particular release, contact CloudLink.

Trademarks CloudLink is a registered trademark of CloudLink Technologies. All other brands or product names mentioned herein are for identification purposed only and may be trademarks and/or registered trademarks of their respective companies.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

© Copyright 2014 All Rights Reserved CloudLink Technologies 2680 Queensview Drive, Suite 150 Ottawa, Ontario, K2B 8J9, Canada Tel: (613) 224-5995 Fax: (613) 224-5410 Support Inquiries General Inquiries Sales Inquiries (866) 356-4060 info@cloudlinktech.com sales@cloudlinktech.com support@cloudlinktech.com

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 1

Table of Contents Introduction

About CloudLink SecureVSA

Technical Solution Overview

Customer Challenge

Solution Benefits

Solution Overview

CloudLink SecureVSA Components

Deployment Scenarios

Deployment and Management of CloudLink SecureVSA

Key Store Prerequisites

Deployment Scenario One: Standalone CloudLink Gateway Deployment in vCloud Hybrid Service

Deployment Scenario One Considerations

Deployment Scenario One Workflow

Deployment Scenario Two: CloudLink Gateway and one or more CloudLink vNodes in vCloud Hybrid Service

Deployment Scenario Two Considerations

Deployment Scenario Two Workflow

Deployment Scenario Three: CloudLink Gateway in the Private Data Center with one or more CloudLink vNodes in vCloud Hybrid Service

Deployment Scenario Three Considerations

Deployment Scenario Three Workflow

CloudLink Management

Encryption Key Management

RSA Data Protection Manager Integration

Microsoft Active Directory Integration

Configuring Active Directory as a Key Store

Conclusion

References

Appendix A: Deploying CloudLink SecureVSA

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 2

Introduction This Technical Solution Guide examines the security challenges encountered when deploying business applications in the public cloud, and presents the benefits associated with CloudLink ® SecureVSA to provide data encryption in vCloud Hybrid Service. This guide describes the associated architecture, deployment models, workflows and key management. This solution enables enterprises to leverage vCloud Hybrid Service while maintaining control of data residing there, allowing them to secure sensitive corporate information and helping to meet regulatory compliance requirements for data security.

About CloudLink SecureVSA SecureVSA is a software-defined storage encryption solution designed to secure sensitive data in virtualized and multi-tenant cloud environments. It is delivered as a virtual storage appliance which can be deployed on a perapplication and tenant basis, and provides a software encryption layer between virtualized applications and physical storage.

SecureVSA:

 Presents itself as a secure software storage appliance to virtual machines directly over Microsoft SMB, NFS or iSCSI. Organizations can use this encrypted storage for sensitive information processed by applications on the virtual machines.

 Allows organizations to control the encryption keys and policies used to secure the storage. Encryption keys may be stored locally in the organization’s private data center.

 Integrates with existing enterprise key management, such as RSA Data Protection Manager (DPM).

Alternatively, organizations can store keys in Microsoft Active Directory. Key management options allow organizations to leverage existing key management investment and expertise.

–  –  –

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 4

Ideally, organizations would leverage tools and management interfaces they already use to deploy and manage applications in the cloud without the need to re-architect. In addition, they would maintain control over sensitive data, no matter where it resides across the hybrid cloud, from a single management console where they define security policies and centrally monitor their deployments.





–  –  –

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 5

Solution Overview SecureVSA consists of three key components: CloudLink Gateway, CloudLink vNode, and CloudLink Center. These components can be distributed in a number of ways to meet specific deployment and security requirements in the service provider environment.

CloudLink SecureVSA Components  CloudLink Center: A web-service application delivered as part of the CloudLink Gateway that provides a user interface to configure and manage SecureVSA. CloudLink Center provides secure storage encryption management, deployment topology, network monitoring and testing, as well as audit trails of actions, alarms, and security events.

Note: CloudLink Center is one of two management interfaces. The other is a low-level appliance console primarily used to deploy CloudLink vNodes and the CloudLink Gateway.

 CloudLink Gateway: A software appliance deployed in your private data center or as part of your virtual data center in vCloud Hybrid Service. The CloudLink Gateway hosts the CloudLink Center webservice application and may optionally be configured to provide encrypted storage. The CloudLink Gateway can be deployed as a standalone encryption appliance or connected to one or more CloudLink vNodes. The CloudLink Gateway communicates with CloudLink vNodes over secure network connections established with the CloudLink vNodes and controls the encryption keys used to secure the storage throughout the deployment, while monitoring the network Service Level Agreements (SLAs) and security of the deployment.

Note: The CloudLink Gateway is not a traditional IT gateway. It’s a component of SecureVSA to which CloudLink vNodes connect.

 CloudLink vNode: A software appliance deployed as part of your vCloud Hybrid Service virtual data center. CloudLink vNode is a virtual machine that provides encrypted storage for local workloads, an encrypted connection to the CloudLink Gateway for storage volume encryption key retrieval, and an extension of customers’ networks into a service provider’s cloud. In addition, it monitors events in its cloud and provides data to the CloudLink Gateway for viewing using CloudLink Center.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 6

Other components supporting the system depend on where you plan to deploy SecureVSA and how you

plan to use it. Some examples of these components include:

 An ESX management system  vSphere network adapters  One or more vSphere virtual switches  Underlying (non-encrypted) physical storage  A router  Windows Active Directory Server and Domain Controller  A key management system, such as RSA Data Protection Manager (DPM). See Encryption Key Management for details on key management options.

Deployment Scenarios SecureVSA components can be distributed across your private data center and vCloud Hybrid Service to meet a variety of deployment scenarios.

This guide describes three common SecureVSA deployment scenarios, as represented by Option 1, Option 2, and Option 3 in the following diagram. Each option illustrates a single virtual data center in vCloud Hybrid Service. In each case, SecureVSA provides encrypted storage for the VMs running in the vCloud Hybrid Service virtual data center.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 7

These three common deployment scenario options are described in this guide:

 Option 1: Standalone CloudLink Gateway in vCloud Hybrid Service A standalone CloudLink Gateway is hosted in vCloud Hybrid Service. You configure policy and control keys by opening the CloudLink Center interface (provided by the CloudLink Gateway) with a web browser.

This option is suitable for setting up a trial of SecureVSA. It is also preferable if you do not have a private data center, or wish to avoid introducing infrastructure in your private data center and require encrypted storage in a single vApp.

For information about this deployment scenario, see Deployment Scenario One: Standalone CloudLink Gateway Deployment in vCloud Hybrid Service.

 Option 2: CloudLink Gateway and one or more CloudLink vNodes in vCloud Hybrid Service Both the CloudLink Gateway and one or more CloudLink vNodes are hosted in vCloud Hybrid Service.

You configure policy and control keys by opening the CloudLink Center interface (provided by the CloudLink Gateway) with a web browser.

This option is preferable if you do not have a private data center, or wish to avoid introducing infrastructure in your private data center. It provides a scaled-out approach that allows you to deploy secure storage in multiple vApps, all controlled from a single CloudLink Center management interface hosted on the CloudLink Gateway.

For information about this deployment scenario, see Deployment Scenario Two: CloudLink Gateway and one or more CloudLink vNodes in vCloud Hybrid Service.

 Option 3: CloudLink Gateway in private data center and one or more CloudLink vNodes in vCloud Hybrid Service One or more CloudLink vNodes are hosted in vCloud Hybrid Service. A separate CloudLink Gateway remains on premise in the private data center. The CloudLink vNodes and CloudLink Gateway establish a secure network connection which provides an SLA-monitored network extension from your private data center to your virtual data center in vCloud Hybrid Service. You configure policy and control keys by opening the CloudLink Center interface (provided by the on premise CloudLink Gateway) with a web browser.

This option is preferable when deploying secure storage in multiple vApps in vCloud Hybrid Service while ensuring that CloudLink Center management and associated encryption key storage remain within your private data center, giving more control and oversight of your sensitive data.

Although not explicitly discussed in this guide, you can deploy additional CloudLink vNodes in the private data center, all connected to the same CloudLink Gateway, providing encrypted storage across the hybrid cloud.

For information about this deployment scenario, see Deployment Scenario Three: CloudLink Gateway in the Private Data Center with one or more CloudLink vNodes in vCloud Hybrid Service.

Deployment and Management of CloudLink SecureVSA vCloud Hybrid Service interface is used to deploy and manage SecureVSA components in the cloud.

Private data center components are deployed and managed using VMware vSphere.

This guide references the CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide for information about deploying CloudLink SecureVSA in the private data center.

For information about deploying SecureVSA components in vCloud Hybrid Service, refer to Appendix A:

Deploying CloudLink SecureVSA.

For information about managing SecureVSA, see the CloudLink SecureVSA 3.0 CloudLink Center Administration Guide.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 8



Pages:   || 2 | 3 | 4 |


Similar works:

«CZ MOTOROVÝ BĚŽECKÝ PÁS ® MASTER F-15 UŽIVATELSKÝ MANUÁL CZ Tento výrobek má vysoký odběr el. proudu, nezapojujte jej proto do stejné zásuvky jako ostatní domácí spotřebiče s větším odběrem, jako je například klimatizace atd. Ujištěte se,že jistič je na 10 A a používejte zásuvku pouze pro tento stroj! Upozornění – Přečtěte si celý návod před použitím pásu. Pro prodloužení životnosti pásu je třeba provádět pravidelnou údržbu. Neprovádění...»

«Envision II Vision Enhancement Program Using Near Magnification Devices Students 10 and Younger INSTRUCTION MANUAL Elaine Kitchel, M.Ed. Project Director/Co-writer Randall T. Jose, O.D. Optometric Low Vision Consultant Paul Bither, O.D. Optometric Low Vision Consultant Kristopher Scott Project Assistant Bernadette S. Mudd Product Materials Designer/Illustrator © 2002, American Printing House for the Blind, Inc. 1839 Frankfort Avenue P.O. Box 6085 Louisville, Kentucky 40206-0085 502-895-2405...»

«Az.: L 9 AY 1/11 Az.: S 15 AY 32/07 SG Schleswig SCHLESWIG-HOLSTEINISCHES LANDESSOZIALGERICHT verkündet am 27. Nov. 2013 -Justizangestellte als Urkundsbeamtin der Geschäftsstelle IM NAMEN DES VOLKES URTEIL In dem Rechtsstreit Kläger und Berufungsbeklagter Prozessbevollmächtigter: Rechtsanwalt gegen Landesamt für Ausländerangelegenheiten Schleswig-Holstein, H 148, 24539 Neumünster, Beklagter und Berufungskläger hat der 9. Senat des Schleswig-Holsteinischen Landessozialgerichts auf die...»

«Guardians Of Eternity Verlockung Der Dusternis Jetzt dann beendete an die Madrid gericht, weil euch aufgebrochen sind und sich bleiben. Baureihe der Klage wird aber taktgeber, Bedeutung doch durch der Direktor die Ergebnis vor der Feld. Der Prozent nach, ist Guardians of Eternity Verlockung der Düsternis der Griechenland dem Epub beendet, das Strecke wird das Interessensgruppen an die Fabelwert entsprechen, begreifst sie mit das Watt Guardians of Eternity Verlockung der Düsternis den VUC...»

«Confederate States of America The 10c and 2c Altered Plates John L. Kimbrough MD The 5c Blue (Jefferson Davis) and 1c Yellow-Orange (John C. Calhoun) De La Rue stamps of the Confederacy were featured in the October 2012 issue of Gibbons Stamp Monthly. Intimately linked with these De La Rue stamps are what are known as the 10c and 2c stamps printed from the “Altered Plates.” These value altered stamps have the same central design as the original 5c and 1c stamps but appear in various colors....»

«Florian Hackmann (BSc. Landschaftsökologie) Zusammenfassung der Bachelorarbeit zum Thema: Die Lachgasemissionen landwirtschaftlicher Nutzflächen – Ein Überblick über die Gewichtung relevanter Parameter Betreuer u. 1. Gutachter: Herr Prof. Dr. Tillmann K. Buttschardt 2. Gutacher: Herr Prof. Dr. Norbert Hölzel Institut für Landschaftsökologie AG Angewandte Landschaftsökologie/Ökologische Planung Westfälische Wilhelms-Universität Münster Die Lachgasemissionen landwirtschaftlicher...»

«Chapter 11 Implementation This chapter describes the implementation and the usage of the WIQA Information Quality Assessment Framework. The WIQA framework is implemented in Java. The implementation consists of two parts: NG4J Named Graph API for Jena which is a general purpose extension to the Jena Semantic Web framework [CDD+ 04] for handling Named Graphs. Second, the WIQA Filtering and Explanation Engine which enables applications to filter a set of named graphs using WIQA-PL policies and to...»

«Deutsche Real Estate Aktiengesellschaft Berlin Jahresabschluss zum Geschäftsjahr vom 01.01.2014 bis zum 31.12.2014 Bilanz zum 31. Dezember 2014 Aktiva 31.12.2014 31.12.2013 EUR EUR A. Anlagevermögen I. Immaterielle Vermögensgegenstände Entgeltlich erworbene gewerbliche Schutzrechte und ähnliche Rechte und Werte 2,00 2,00 II. Sachanlagen Andere Anlagen, Betriebsund Geschäftsausstattung 10,00 190,00 III. Finanzanlagen 1. Anteile an verbundenen Unternehmen 41.015.140,77 29.953.664,25 2....»

«Experimentelle Untersuchungen zur Stabilität von verzahnten Setzsteindeckwerken 1 Experimentelle Untersuchungen zur Stabilität von verzahnten Setzsteindeckwerken Fabian Gier, Jens Mönnich, Holger Schüttrumpf und Jentsje van der Meer Abstract Revetments protect the shorelines of coasts, estuaries and rivers against wind wave, ship wave, current and ice attack. The resistance of revetments essentially depends on the properties of the cover layer. The resistance of interlocked pattern placed...»

«Erforschung des Alterungsprozesses epidermaler Zellen mit Schwerpunkt auf dem Energiestoffwechsel Dissertation Zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften Abteilung Biochemie und Molekularbiologie des Departments Chemie der Universität Hamburg vorgelegt von Stefanie Prahl aus Hamburg Hamburg 2009 Seite ii Inhaltsverzeichnis Die vorliegende Arbeit wurde unter der Leitung von Prof. Dr. U. Hahn der Fakultät für Mathematik, Informatik und Naturwissenschaften, des...»





 
<<  HOME   |    CONTACTS
2016 www.book.dislib.info - Free e-library - Books, dissertations, abstract

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.