WWW.BOOK.DISLIB.INFO
FREE ELECTRONIC LIBRARY - Books, dissertations, abstract
 
<< HOME
CONTACTS



Pages:     | 1 || 3 | 4 |

«TECHNICAL SOLUTION GUIDE The information furnished herein is believed to be accurate and reliable to the best of our knowledge. However, CloudLink ...»

-- [ Page 2 ] --
Key Store Prerequisites SecureVSA supports both RSA Data Protection Manager (DPM) and Microsoft Active Directory as key stores. These must be configured and running before any SecureVSA deployment begins, and may be deployed either in the private data center or in vCloud Hybrid Service. Before configuring SecureVSA components, the key store must be available to receive encryption keys.

Key store configuration is described later in this guide.

 For a description of how SecureVSA manages encryption keys, see Encryption Key Management.

 To configure RSA DPM as the SecureVSA key store, see RSA Data Protection Manager Integration.

 To configure Microsoft Active Directory as the SecureVSA key store, see Microsoft Active Directory Integration.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 9

Deployment Scenario One: Standalone CloudLink Gateway Deployment in vCloud Hybrid Service This deployment scenario offers data encryption for applications deployed in vCloud Hybrid Service with no need for private data center infrastructure. A standalone CloudLink Gateway is deployed within a single vApp in vCloud Hybrid Service and can be managed via web access to the CloudLink Center interface provided by the CloudLink Gateway.

This section describes the  Considerations for deploying CloudLink Gateway in vCloud Hybrid Service (see Deployment Scenario One Considerations).

 Workflow for deploying and configuring the CloudLink Gateway including topics in related guides that provide more information or procedures for each task (see Deployment Scenario One Workflow).

Deployment Scenario One Considerations Ensure that you have created a vApp in vCloud Hybrid Service to contain your application VMs and the CloudLink Gateway. The vApp should have an Organization VDC Network as well as a vApp Network which allows VMs within the vApp to communicate with each other and the CloudLink Gateway.

The following diagram illustrates a standalone CloudLink Gateway deployment providing encrypted storage for a single vApp.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 10

Deployment Scenario One Workflow This workflow assumes that the considerations for deployment have been reviewed. See Deployment Scenario One Considerations.

The following table lists the tasks for a CloudLink Gateway deployment in vCloud Hybrid Service. For

each task, a reference to the appropriate topic in the following is provided:

 Appendix A: Deploying CloudLink SecureVSA  CloudLink SecureVSA 3.0 CloudLink Center Administration Guide

DEPLOYMENT SCENARIO ONE WORKFLOW TASKS AND REFERENCES

–  –  –

Download the CloudLink Gateway To download the CloudLink SecureVSA template template Upload the CloudLink Gateway To add a CloudLink SecureVSA template to vCloud Hybrid OVF template to your vCloud Service organization catalog Hybrid Service catalog

–  –  –

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 12

Deployment Scenario Two: CloudLink Gateway and one or more CloudLink vNodes in vCloud Hybrid Service This deployment scenario offers data encryption for applications deployed in multiple vApps within vCloud Hybrid Service with no need for private data center infrastructure. All SecureVSA components are deployed within vCloud Hybrid Service and everything can be managed by via web access to the CloudLink Center interface provided by the CloudLink Gateway.

This section describes the  Considerations for deploying SecureVSA components in vCloud Hybrid Service (see Deployment Scenario Two Considerations).

 Workflow for deploying and configuring the SecureVSA components including topics in related guides that provide more information or procedures for each task (see Deployment Scenario Two Workflow).

Deployment Scenario Two Considerations You will deploy a separate CloudLink vNode for each vApp requiring encrypted storage. Note that you can deploy additional CloudLink vNodes later. Each \ SecureVSA appliance must reside in a separate vApp.

Ensure that you have created a vApp in vCloud Hybrid Service to contain the CloudLink Gateway and one or more vApps to contain each CloudLink vNode and associated application. Each vApp must have an Organization VDC Network as well as a vApp Network which allows VMs within the vApp to communicate with each other.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 13

Deployment Scenario Two Workflow This workflow assumes that the considerations for deployment have been reviewed. See Deployment Scenario Two Considerations.

The following table lists the tasks for a full SecureVSA deployment in vCloud Hybrid Service. For each

task, a reference to the appropriate topic in the following is provided:

 Appendix A: Deploying CloudLink SecureVSA  CloudLink SecureVSA 3.0 CloudLink Center Administration Guide

DEPLOYMENT SCENARIO TWO WORKFLOW TASKS AND REFERENCES

–  –  –

Download the CloudLink Gateway To download the CloudLink SecureVSA template template Upload the CloudLink Gateway To add a CloudLink SecureVSA template to vCloud Hybrid OVF template to your vCloud Service organization catalog Hybrid Service catalog

–  –  –





Download the CloudLink vNode To download the CloudLink SecureVSA template template Upload the CloudLink vNode OVF To add a CloudLink SecureVSA template to vCloud Hybrid template to your vCloud Hybrid Service organization catalog Service catalog

–  –  –

Administration Guide Merge disks (optional) Merge disks to present multiple Managing Secure Storage, Merging Volumes disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume.

–  –  –

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 15

Deployment Scenario Three: CloudLink Gateway in the Private Data Center with one or more CloudLink vNodes in vCloud Hybrid Service This deployment scenario offers data encryption for applications deployed in multiple vApps within vCloud Hybrid Service while keeping security management and key storage under your control in your own private data center. The CloudLink Gateway is deployed within your private data center and one or more CloudLink vNodes are deployed within vCloud Hybrid Service.

The CloudLink Gateway establishes a secure network connection with each of the CloudLink vNodes.

The secure connection provides your choice of Layer 2 or Layer 3 network extension from your data center into your vCloud Hybrid Service vApps, facilitating secure and easy network routing across the hybrid cloud.

Both encrypted storage and secure network connections can be monitored and managed using web access to the CloudLink Center interface provided by the CloudLink Gateway.

This section describes the  Considerations for deploying SecureVSA components across the hybrid cloud (see Deployment Scenario Three Considerations).

 Workflow for deploying and configuring the SecureVSA components including topics in related guides that provide more information or procedures for each workflow task (see Deployment Scenario Three Workflow).

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 16

Deployment Scenario Three Considerations You will deploy a separate CloudLink vNode for each vApp requiring encrypted storage. Note that you can deploy additional CloudLink vNodes later. Each CloudLink vNode must reside in a separate vApp.

Ensure that you have created one or more vApps to contain each CloudLink vNode and associated application. Each vApp must have an Organization VDC Network as well as a vApp Network which allows VMs within the vApp to communicate with each other.

Also, ensure that you have established network routing between your private data center and your virtual data center in vCloud Hybrid Service.

Deployment Scenario Three Workflow This workflow represents the tasks for a SecureVSA deployment across the hybrid cloud. The workflow consists of steps for deploying the CloudLink Gateway in VMware vSphere within the private data center and one or more CloudLink vNodes in vCloud Hybrid Service. In general, CloudLink Gateway deployment is described in the CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide whereas CloudLink vNode deployment is described in Appendix A: Deploying CloudLink SecureVSA.

This workflow assumes that the  Considerations for deployment have been reviewed. See Deployment Scenario Three Considerations as well as the Deployment Considerations section in the CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide.

 System requirements for the CloudLink Gateway have been met. See System Requirements in the CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 17

 Prerequisites for the CloudLink Gateway have been met. See Prerequisites for Scalable Encrypted Storage Overlay in the CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide.

We recommend that you complete the deployment worksheet provided in the CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide.

The following table lists the tasks for a deployment with CloudLink Gateway in the private data center and one or more CloudLink vNodes in vCloud Hybrid Service. For each task, a reference to the appropriate

topic in the following is provided:

 CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide  Appendix A: Deploying CloudLink SecureVSA  CloudLink SecureVSA 3.0 CloudLink Center Administration Guide

DEPLOYMENT SCENARIO THREE WORKFLOW TASKS AND REFERENCES

–  –  –

Download the CloudLink vNode To download the CloudLink SecureVSA template template Upload the CloudLink vNode OVF To add a CloudLink SecureVSA template to vCloud Hybrid template to your vCloud Hybrid Service organization catalog Service catalog

–  –  –

Administration Guide Merge disks (optional) Merge disks to present multiple Managing Secure Storage, Merging Volumes disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume.

–  –  –

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 19

CloudLink SecureVSA Management

CloudLink Center provides web-based management of encryption services, including:

 Key management – configuration of key stores and key changing scheduling policies.

 Encrypted storage management – merging disks, resizing the storage, and locking or unlocking encrypted storage volumes.

 Secure communication management between the CloudLink Gateway and CloudLink vNodes – key delivery, VPN traffic and authentication status of CloudLink vNodes.

 Performance monitoring – monitoring of storage and network performance. The performance data for the past 24 hours are reported and can be exported as a spreadsheet file.

 Security event and log management – all security events and logs are displayed on CloudLink Center.

They can be sent to external application using SNMP or consolidated on a central syslog server.

CloudLink Center supports role based administration, which separates security management from infrastructure administration. There are three pre-defined roles in CloudLink Center: security administrator (secadmin), regular IT administrator (admin), and observer for monitoring. Each role has its own unique privilege set as defined in the following table.

–  –  –

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 20

Encryption Key Management

Each SecureVSA encrypted virtual storage volume has two associated encryption keys:

 The data encryption key (DEK) is generated by the CloudLink vNode on per volume basis to encrypt data at block level using AES-256.

 A Key Encryption Key (KEK) is used to encrypt the DEK and the encrypted DEK is stored on the disk with the data.



Pages:     | 1 || 3 | 4 |


Similar works:

«14474 MONITEUR BELGE — 11.03.2013 — BELGISCH STAATSBLAD COUR CONSTITUTIONNELLE [2013/201092] Extrait de l’arrêt n° 7/2013 du 14 février 2013 Numéros du rôle : 5316, 5329, 5331 et 5332 En cause : les recours en annulation totale ou partielle de la loi du 13 août 2011 « modifiant le Code d’instruction criminelle et la loi du 20 juillet 1990 relative à la détention préventive afin de conférer des droits, dont celui de consulter un avocat et d’être assistée par lui, à...»

«A Forrester Consulting Thought Leadership Paper Commissioned By SugarSync Personal Cloud Services Emerge To Orchestrate Our Mobile Computing Lives File Access, Sync and Share Services Grew From 9% Of Online Adults In 2010 To 15% In 2012 To Become The Fastest Growing Personal Cloud Service July 2012 Forrester Consulting Personal Cloud Services Emerge To Orchestrate Our Mobile Computing Lives Table Of Contents Executive Summary People Now Use Many PCs, Devices, And Services For Work And Home...»

«IMPACTS OF RADIANCE ASSIMILATION IN THE JMA OPERATIONAL MESO-SCALE ANALYSES AND FORECASTS Masahiro Kazumori Japan Meteorological Agency, 1-3-4 Otemachi Chiyoda-ku, Tokyo, Japan Abstract This paper describes the operational implementation of radiance assimilation in JMA operational meso-scale analysis system. RTTOV was introduced into the JMA non-hydrostatic model variational data assimilation (JNoVA) system as a satellite radiance observation operator. Clear sky radiances are assimilated in the...»

«Protokoll der Generalversammlung der BGS vom 31. August 2000 Université de Neuchâtel, 17.00 19.45 Uhr Anwesend: 39 Mitglieder und 3 Gäste Vorsitz: Dr. F. Borer (Präsident) Protokoll: Prof. Dr. P. Fitze (Sekretär) Eröffnung der Versammlung und Begrüssung durch F. Borer. Schriftlich haben sich entschuldigt: R. Bono, A. Pazeller, M. Geilinger, M. Braun. Speziell begrüsst werden die Ehrenmitglieder E. Frei, E. Alther und L.-F. Bonnard sowie als Gast der Präsident der Österreichischen...»

«Früherkennung von bewaffneten Konflikten? Ein Vergleich standardisierter Konfliktanalyseverfahren OeNB Jubiläumsfonds-Projekt Stefan Khittel und Jan Pospisil Arbeitspapier 62 / April 2010 Früherkennung von bewaffneten Konflikten AP 62 Stefan Khittel/Jan Pospisil Früherkennung von bewaffneten Konflikten AP 62 Stefan Khittel/Jan Pospisil Inhaltsverzeichnis Abkürzungen und Akronyme 4 Einleitung: Die ambivalente Thematik von Konfliktfrühwarnung und standardisierter Konfliktanalyse 6...»

«          ruthie piwko Produkte Übersicht  Ruthie Piwko  Telefon 079 637 66 39  ruthie.piwko@gmail.com    PFLEGE‐Linie zur Behandlung regenerationsbedürftiger Haut         REVITA Reinigungs-Emulsion Eine milde Emulsion die sanft und gründlich Make ‐ up und Umweltpartikel von der Haut entfernt. Zur täglichen  Reinigung morgens und abends empfohlen.  Art. Nr. 31106 und 31206   REVITA Lotion Amino Hydratante mit Aminosäuren-Komplex...»

«TABLE OF CONTENTS SUBJECT PAGE Table of Contents PCAHA President’s Message Executive Contacts Referee Assigners Association Referee-in-Chiefs Game Report Procedure Game Incident Report form EXCERPTS PCAHA RULES AND REGULATIONS: Section B Competition Section E Playing Rules Section F Game Reports (Score Sheets) Section G Game Times and Schedules Section H Penalties Section I Referees and Linesmen Section J Female Hockey Section K Complaints, Protests, Appeals Section L Exhibition Games and...»

«19 1983 Reichle, B. & Dalbert, C. Kontrolle: Konzepte und ausgewählte Bezüge zu existentieller Schuld. P.I.V. Bericht Nr. 12 INHALT Seite 1. Einführung 1 2. Kontrollkonzepte 3 2.1 Dimensionen des Locus of Control-Konzepts 6 2.1.1 Regelhaftigkeit 7 2.1.2 Lokalisierung und Kontrollinstanz 9 2.2 Kontrollbewußtsein als individuelle Paradigmen sensu HOFF 12 2.2.1 Konzeptuelle Überschneidungen mit anderen Ansätzen 13 2.2.2 Formen des Kontrollbewusstseins 15 2.3 Generalisierungsgrad von...»

«Creditreform Rating Summary Informationstableau Emittentin: KSW Immobilien GmbH & Co. KG Emissionsrating: Emission: 6,5 % besicherte Teilschuldverschreibungen BBBWKN: A12UAA ISIN: DE000A12UAA8 Erstellt am: 08.09.2014 Creditreform ID: 3150454048 Gültig bis: 07.09.2015 Emittentin: KSW Immobilien GmbH & Co. KG Karl-Heine-Str. 2 D-04229 Leipzig Branche: Immobilien Hinweis: Diese Creditreform Rating Summary basiert auf dem Bericht über das Rating der Emission /Teilschuldverschreibungen mit der...»

«BMWI Markterschließungsprogramm 2012 Geschäftsanbahnung für deutsche Unternehmen im Bildungssektor Ein Marktüberblick VAE Herausgeber: Deutsch-Emiratische Industrieund Handelskammer (AHK) German-Emirati Joint Council for Industry and Commerce (AHK) Abu Dhabi Abu Dhabi Mall, The Towers at Trade Center, East Tower, 1st fl., Office No.104 P.O. Box 54702, Abu Dhabi UAE Phone: +971-2-6455200 Fax: +971-2-6457100 E-Mail: info@ahkabudhabi.ae Website: www.ahkuae.com Kontaktperson: Dr. Dalia Abu...»





 
<<  HOME   |    CONTACTS
2016 www.book.dislib.info - Free e-library - Books, dissertations, abstract

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.