WWW.BOOK.DISLIB.INFO
FREE ELECTRONIC LIBRARY - Books, dissertations, abstract
 
<< HOME
CONTACTS



Pages:     | 1 | 2 || 4 |

«TECHNICAL SOLUTION GUIDE The information furnished herein is believed to be accurate and reliable to the best of our knowledge. However, CloudLink ...»

-- [ Page 3 ] --

Data security administrators have full control of the encryption keys and the KEKs can be updated regularly by the security administrators via CloudLink Center. Special care is taken to ensure that the enterprise-owned data are never stored in clear text, and can be promptly withdrawn by the enterprise at any time. Cloud administrators do not have access to DEKs and KEKs; therefore, cloud administrators, other tenants, or intruders cannot access the enterprise data in the cloud.

KEKs are generated and managed by the CloudLink Gateway. They must be changed regularly according to key management policy, and kept in a safe place in order to ensure the safety of encrypted

data. CloudLink supports three different key stores:

 RSA Data Protection Manager (DPM) provides a key store that is tamper proof and supports high availability. The RSA DPM client has been integrated into the CloudLink Gateway.

 Microsoft Active Directory provides an alternate encryption key store. This option allows an enterprise to leverage its existing Active Directory deployment and store cloud encryption keys.

 KEKs may also be stored within the CloudLink Gateway. This option is suitable for trials and testing, but is not recommended for production deployment.

CloudLink Center is the entry point for SecureVSA key management. In each of the deployment scenarios discussed previously, key management is completely under the control of the enterprise data security administrators. Keys can be kept in key stores deployed in the private data center or in the vCloud Hybrid Server. Through CloudLink Center, the security administrator can monitor and control the availability of encrypted volumes by choosing whether KEKs are made available to the SecureVSA cipher.

CloudLink Center’s lock operation withdraws the KEK for an encrypted volume from the SecureVSA, preventing it from decrypting the volume’s DEK and rendering the data stored on the volume unavailable.

Conversely, the unlock operation provides the KEK for an encrypted volume to CloudLink SecureVSA,

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 21

which uses it to decrypt the volume’s DEK and then uses the DEK to decrypt and make the data available.

Using CloudLink Center, the security administrator can also perform key change operations, either on demand or on a scheduled policy basis.

RSA Data Protection Manager Integration SecureVSA provides out-of-box integration with RSA Data Protection Manager (DPM). All storage key encryption keys (KEKs) created and managed by CloudLink SecureVSA can be stored securely in RSA DPM. RSA DPM provides centralized key vaulting, protection and recoverability of the keys. The keys are generated by CloudLink SecureVSA and provided to RSA DPM for safe storage. They are then retrieved by CloudLink Gateway and provided to CloudLink vNodes that must provide access to their encrypted storage volumes (that is, to unlock the volumes). At any time, a security administrator using CloudLink Center can instruct CloudLink SecureVSA to lock one or all of a node’s encrypted volumes. CloudLink then issues a lock command to the node and the node destroys its cached version of the storage KEKs.

RSA DPM is available in the following form:

 Hardware appliance  Virtual appliance  Software server deployable in customer software infrastructure.

Both the hardware and virtual appliances come with a pre-packaged software stack that includes a web application server, enterprise class database, and access management. Client applications authenticate with the server using mutual SSL. A client application using an RSA DPM client for encryption and key management can operate with a local protected cache for keys.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 22

A typical deployment architecture for key management is comprised of at least two load-balanced RSA DPM nodes within the primary site for high availability, and more nodes in remote sites for scalability or disaster recovery purposes, all clustered together. All nodes in a cluster are active. RSA DPM appliances come with built-in replication to keep all the nodes in sync. RSA DPM virtual and hardware appliances can be deployed in the same way.

To use RSA DPM to store CloudLink KEKs, ensure that the CloudLink Gateway can access an RSA DPM host (version 3.1 or later) through the CloudLink SecureVSA private LAN network. The CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide and CloudLink SecureVSA 3.0 CloudLink Center Administration Guide provide more information on deploying, configuring, and using CloudLink SecureVSA.

To prepare RSA DPM for storage of CloudLink KEKs:

1. Log on to the RSA Data Protection Manager console.

2. Create an identity that belongs to a particular RSA DPM identity group:

–  –  –

To configure CloudLink to use RSA DPM as its key store:

1. Open CloudLink Center using the secadmin user account.

2. Under the topology tree, select the CloudLink Gateway.

3. Click Security Key Store tab.

4. To configure CloudLink Center to use RSA DPM for KEK storage, under Location, click RSA DPM.





5. Under RSA DPM Configuration (see figure below), specify the RSA DPM parameters  Host - RSA DPM host IP address.

 Port - TCP port number configured on the RSA DPM host. (The default port is 443.)  Security Class Name - Name of the security class configured on the RSA DPM host for the RSA DPM client.

 Trust Certificate - RSA DPM server certificate.

 Client Certificate - RSA DPM client certificate.

 Password - Password used during creation of the RSA DPM client certificate.

6. Click Apply.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 24

CloudLink Center displays the RSA DPM status as Accessible. It creates a new entry in the CloudLink Center Actions log, as shown above, and records a Key store change security event, as shown below.

Microsoft Active Directory Integration As an alternative to RSA DPM, you can configure Microsoft Active Directory as a CloudLink key store. It is very important that the Active Directory server is properly backed up to ensure the safety of the encryption keys. Losing encryption keys will result in data loss. For high availability and disaster recovery, Active Directory servers acting as CloudLink key stores are deployed on both the production and disaster recovery sites.

Configuring Active Directory as a Key Store To use Active Directory to store CloudLink encryption keys, deploy a Windows Server that is accessible by CloudLink Center from its private LAN network.

During this procedure, you must provide the host name of the Windows Server, which requires that you have already set up a DNS server.

To configure Active Directory for the CloudLink encryption key store on Windows 2003 or 2008 Server that is configured as a domain controller, the following high-level steps are required.

1. Set up an organization unit on Windows Server.

2. Create a bind user.

3. Add the bind user to the security group.

4. Record the DN of CloudLink.

5. Apply the domain controller in CloudLink.

For detailed configuration instructions, refer to the CloudLink SecureVSA 3.0 CloudLink Center 6.

Administration Guide.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 25

Conclusion SecureVSA is a powerful platform that’s designed to meet a variety of deployment and security requirements for organizations who wish to realize the benefits of running their virtual applications in vCloud Hybrid Service.

SecureVSA provides the:

 Opportunity to seamlessly extend into vCloud Hybrid Service while addressing concerns about encryption key control, security policy management, regulatory compliance, and data destruction obligations.

 Ease of using familiar VMware tools to manage your hybrid cloud.

 Flexibility to fully manage and control your encryption keys, leveraging what you already have.

 Transparency of an agentless encryption approach, requiring no installation or maintenance of client software in your application VMs.

 Oversight associated with monitoring and controlling the security of you application data across the hybrid cloud from a single CloudLink Center management console.

The three deployment scenarios described in this guide demonstrate the ease with which SecureVSA can be deployed and configured. SecureVSA components can be distributed completely in vCloud Hybrid Service. Just as easily, SecureVSA can be deployed across your organization’s hybrid cloud, consisting of your private data center and vCloud Hybrid Service.

CloudLink Technologies provides SecureVSA to customers world-wide. For more information about how

SecureVSA can benefit your cloud environment, contact us:

Phone +1 (613) 224-5994 Email sales@cloudlinktech.com Click cloudlinktech.com

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 26

References

For more information, see the following documents:

 CloudLink SecureVSA 3.0 VMware vSphere Deployment Guide  CloudLink SecureVSA 3.0 CloudLink Center Administration Guide

These documents are available from CloudLink by contacting Support at:

support@cloudlinktech.com

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 27

Appendix A: Deploying CloudLink SecureVSA

Deploying SecureVSA manually in vCloud Hybrid Service involves the following tasks:

1. Download the appropriate CloudLink SecureVSA template.

2. Add the CloudLink SecureVSA template to the vCloud Hybrid Service organization catalog.

3. Deploy the CloudLink SecureVSA appliance in vCloud Hybrid Service.

4. Add a network interface.

5. Add storage volumes.

6. Power on the CloudLink SecureVSA vApp.

7. Configure the CloudLink SecureVSA appliance using the console.

To download the CloudLink SecureVSA template:

1. Decide whether you will deploy a CloudLink Gateway or CloudLink vNode in vCloud Hybrid Service.

2. Download the appropriate template from CloudLink. To register for a SecureVSA trial, visit:

http://www.cloudlinktech.com/vchs-trial.

To add a CloudLink SecureVSA template to the vCloud Hybrid Service

organization catalog:

1. Log into vCloud Hybrid Service using your account credentials:

https://vchs.vmware.com/login

2. From the Dashboard tab, click the virtual data center in which you wish to deploy CloudLink SecureVSA.

3. In the Virtual Data Center Details page, click Manage Catalogs in vCloud Director.

4. On the Catalogs tab, do one of the following:

 If the organization catalog where you want to add a CloudLink SecureVSA template exists, select the catalog.

 If the organization catalog does not exist, create a new organization catalog and open it.

5. Select Upload.

6. Browse to the CloudLink SecureVSA template you downloaded.

7. Provide a name and description for the template.

8. Click OK to complete the import.

When the import is complete, the CloudLink SecureVSA template appears in your organization catalog.

To deploy a CloudLink SecureVSA appliance in vCloud Hybrid Service:

1. On the My Cloud tab, select the vApp into which you wish to deploy the CloudLink SecureVSA appliance.

From the Virtual Machines tab, Select Add VM… 2.

Tip: Find the green “plus” sign in the menu bar.

3. In Look in list, select My organization Catalogs.

4. Select the CloudLink SecureVSA template and click Add to add it to the list of virtual machines.

–  –  –

6. On the Configure Resources screen, select a Storage Policy and click Next.

VMW ARE VCLOUD HYBRID SERVICE AND CLOUDLINK SECUREVSA | 29



Pages:     | 1 | 2 || 4 |


Similar works:

«“.DIE LEEREN ZEILEN VOLLZUSCHREIBEN”: MEMORY OBJECTS AND THE CONSTRUCTION OF A TEXTURED IDENTITY IN THE WORKS OF BARBARA HONIGMANN by EMILY FRANCES CASKEY (Under the Direction of Brigitte Rossbacher) ABSTRACT Barbara Honigmann, an East German born Jewish author and painter living in exile in France, uses memory objects throughout her autobiographical and autofictional texts to aid in the construction of a textured identity. Rather than applying the notion of “living between worlds” as...»

«Wetterderivate Als Instrument Der Risikosteuerung In Energieversorgungsunternehmen Des Feuerwehroffensichtlichen fans Waffen die Strategie angehoben und Frage urteilte ganz von die HWBot. Mehr. dass eine download, das beim Bewegen aus wie bei den weitere Grund haben, nicht vorhandenen Euro findet, soll die Angeklagte im DTM-Champion, wo Notarztwagen und Inseln massiv der vereinten Bauherr Anlass, nicht im Kultur entfallen wird. Peter haben so verantwortlich heute, ohne nur die Jahren Hartmut in...»

«Syntactic force of consistency conditions for German matrix predicates The paper presents particular semantic properties of German proposition embedding verbs – the so-called consistency conditions. They determine: i) the clause type of the embedded clause: declarative, whetheror wh-interrogative [cf. wissen ‘know’/sagen ’tell’/bedenken dass ‘think about’ that/whether/wh vs fragen ‘ask’ *that/ whether/wh vs zweifeln ‘doubt’ that/whether/*wh vs bedauern ‘regret’ that/...»

«©Naturhistorisches Museum Wien, download unter www.biologiezentrum.at A 135-142 Ann. Naturhist. Mus. Wien 94 Wien, Juni 1992 ANTHROPOLOGIE UND PRÄHISTORIE Wachstum und Reifung nordgriechischer Schulkinder*) ATHENA PENTZOS-DAPONTE 1 ) Von (Mit 2 Tabellen) Manuskript eingelangt am 12. August 1991 Zusammenfassung Im Jahre 1982 wurde eine Querschnittserhebung an 531 Mädchen aus Thessaloniki durchgeführt, Schülerinnen der Grund-, Hauptund Oberschulen. Gegenstand der Befunderhebung sind die...»

«Translation 1 (E. Martin, Anglistik) – Winter 2007/08 6e: Text 6 plus some English stuff page contents 2 German text 3 Model translation with highlighted points 4 Selected language notes from the class: translating the past perfect 5 onwards Matching English articles (highlighted) Translation 1 (E. Martin, Anglistik) – Winter 2007/08 Translation 1 (E. Martin, Anglistik) – Winter 2007/08 Text 6 Translate the following newspaper text into English Tip 1: Read the article posted in the web...»

«Bsw 30078/06 Europäischer Gerichtshof für Menschenrechte, Große Kammer, Beschwerdesache Konstantin Markin gg. Russland, Urteil vom 22.3.2012, Bsw. 30078/06. Art. 8 EMRK, Art. 14 EMRK, Art. 34 EMRK Kein gesetzlicher Anspruch von Soldaten auf Karenz.Zurückweisung der Einreden der Regierung (16:1 Stimmen). Verletzung von Art. 14 EMRK iVm. Art. 8 EMRK (16:1 Stimmen). Keine Verletzung der Verpflichtungen aus Art. 34 EMRK (14:3 Stimmen). Entschädigung nach Art. 41 EMRK: € 3.000,für...»

«Case 1:11-cv-00067-SHR Document 122 Filed 07/20/12 Page 1 of 28 IN THE UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF PENNSYLVANIA AMERICAN FARM BUREAU ) FEDERATION, et al., ) ) Plaintiffs, ) ) v. ) Case No. 11-cv-00067 ) UNITED STATES ENVIRONMENTAL ) (Judge Rambo) PROTECTION AGENCY, et al., ) ) Defendants. ) _ ) MEMORANDUM OF INTERVENORS CHESAPEAKE BAY FOUNDATION, CITIZENS FOR PENNSYLVANIA’S FUTURE, DEFENDERS OF WILDLIFE, JEFFERSON COUNTY PUBLIC SERVICE DISTRICT, MIDSHORE...»

«I. Gramnegative anaerobe Stäbchen II. Gram positive sporenbildende Stäbchen Dr. Bános Zsuzsa 17 November 2009 I. Gramnegative anaerobe Stäbchen Dr. Bános Zsuzsa 17 November 2009 GRAMNEGATIVE STÄBCHEN FAKULTATIV ANAEROB ANAEROB AEROB Haemophilus Bacteroides Bordetella Pasteurella Prevotella Brucella Porphyromonas Francisella Fusobacterium Familie: Enterobacteriaceae Pseudomonas Vibrionaceae Acinetobacter Legionella Cardiobacterium MIKROAEROPHIL Eikenella Campylobacter Kingella Helicobacter...»

«©Abteilung Naturschutz, Oberösterreichische Landesregierung, Austria, download unter www.biologiezentrum.at VOM ACKER N DEN BACH BODENEINTRAG UND NÄHRSTOFFAUSWASCHUNG IN FLIESSGEWÄSSERN LAND OBERÖSTERREICH ©Abteilung Naturschutz, Oberösterreichische Landesregierung, Austria, download unter www.biologiezentrum.at Vom Acker in den Bach Vom Acker in den Bach Bodeneintrag und Nährstoffauswaschung in Fließgewässer Begleittext zum Video/DVD Dipl.-Ing. Renate Leitinger, Abt. Umweltund...»

«See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/36450842 Numerische Simulation des Betonverhaltens unter Stoßwellen mit Hilfe des Elementfreien Galerkin-Verfahrens Thesis · February 2007 Source: OAI CITATIONS READS 1 author: Martin Larcher European Commission 94 PUBLICATIONS 252 CITATIONS SEE PROFILE Available from: Martin Larcher Retrieved on: 17 May 2016 Numerische Simulation des Betonverhaltens unter Stoßwellen mit Hilfe des...»





 
<<  HOME   |    CONTACTS
2016 www.book.dislib.info - Free e-library - Books, dissertations, abstract

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.