EMC ENCRYPTION AS A SERVICE
|
|
- Milo Ezra Pierce
- 8 years ago
- Views:
Transcription
1 White Paper EMC ENCRYPTION AS A SERVICE With CloudLink SecureVSA Data security for multitenant clouds Transparent to applications Tenant control of encryption keys EMC Solutions Abstract This White Paper describes EMC EaaS based on an AFORE CloudLink SecureVSA solution. This solution enables Cloud Service Providers to offer EaaS in a multitenant cloud environment and enables their customers to meet regulatory compliance requirements related to data security. April 2014
2 Copyright 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All trademarks used herein are the property of their respective owners. Part Number H
3 Table of contents Executive summary... 5 Business case... 5 Solution overview... 5 Key benefits... 5 Introduction... 7 Purpose... 7 Scope... 7 Audience... 7 Terminology... 8 Technology overview... 9 CloudLink vnode... 9 CloudLink Gateway... 9 CloudLink Center Solution architecture Overview Data-at-rest encryption Secure datastore mode Secure NAS mode System requirements CloudLink vnode requirements CloudLink Gateway requirements Common deployment models Overview Model 1 Full deployment in the cloud Model 1 workflow Model 1 workflow reference Model 2 Key store in the private data center with SecureVSA in the cloud Model 2 workflow Model 2 workflow reference Model 3 Key Store and CloudLink gateway in the private data center with the vnode in the cloud 24 Model 3 workflow Model 3 workflow reference CloudLink management
4 Encryption key management RSA DPM integration Microsoft Active Directory integration Configuring Active Directory as a key store Conclusion References VMware documentation
5 Executive summary This White Paper describes (EaaS) based on an AFORE CloudLink SecureVSA solution. The paper includes business benefits, solution architecture, deployment models, workflows, and encryption key management. This solution enables Cloud Service Providers (CSPs) to offer EaaS in a multitenant cloud environment and enables their customers to meet regulatory compliance requirements related to data security. Business case As organizations realize the benefits of migrating business applications, virtual desktops, storage, back-ups, and disaster recovery solutions into the cloud, security remains a top concern. Organizations tasked with ensuring regulatory compliance (such as HIPAA, PCI, CSA, and NIST) have additional requirements that make the move to the cloud even more challenging. When enterprises adopt cloud services, new data security challenges emerge, including: Enterprise workloads running on an infrastructure managed by cloud service providers Enterprise-sensitive data on shared cloud storage systems Traditional perimeter-based security that is ineffective for preventing data leakage in a cloud environment Data remanence issues and the challenge of data destruction on cloud storage systems shared by multiple live customers Enterprises increasingly expect cloud providers to provide data protection services in addition to the compute infrastructure. Solution overview Service providers can assist enterprises in using EMC EaaS to secure sensitive data in a variety of cloud use cases, including Infrastructure as a Service, Storage as a Service, Disaster Recovery as a Service, and hosted virtual desktops. EaaS is simple to deploy and enables the efficient introduction of new customers, while it is transparent to both the cloud infrastructure and customer workloads. EaaS is the perfect solution to segregate and encrypt customer data in a multitenant cloud while providing control of the encryption keys to the data owner to ensure data is completely unreadable by unauthorized users. Key benefits The business benefits of EMC EaaS for CSPs are as follows: Increases per-subscriber revenues by adding encryption services to the provider s service offerings without having to invest in new infrastructure Expands customer opportunities by hosting workloads subject to regulatory compliance Enables simple deployment and transparency to provider s infrastructure and their customers workloads 5
6 Encrypts only sensitive data at rest and in motion, not the entire storage array Enables enterprises to have full control of encryption keys Mitigates provider s compliance risk by enabling customers to secure sensitive data and maintain key control in the cloud with enterprise-controlled encryption Enables cloud environments that are required to meet regulatory compliance requirements to offer and implement critical data-at-rest encryption 6
7 Introduction This White Paper describes how a cloud service provider can use CloudLink SecureVSA to deliver EaaS as a premium service offering. Purpose Scope This White Paper describes the following key components of this solution: EaaS architecture Data encryption in a multitenant cloud environment. Transparent data encryption with no changes of applications and underlying storage infrastructure Integration with enterprise key management to secure data in a cloud environment Flexible key management options with encryption keys completely controlled by enterprise data owners or managed by the cloud service security administrator as part of a managed cloud service offering This White Paper demonstrates how you can deploy CloudLink SecureVSA in the cloud service provider infrastructure to enable multitenant EaaS. This paper describes three deployment models: All CloudLink SecureVSA components and key management are deployed by the service providers and managed by the service providers. All CloudLink SecureVSA components are deployed and managed by the service providers and the tenants are responsible for the key management. Hybrid deployment model where service providers install the CloudLink SecureVSA component in the cloud and tenants deploy CloudLink SecureVSA on site and manage the encryption key. This paper also includes the general deployment procedures and workflows for this solution. However, for detailed product installation, configuration, and on-going management procedures refer to the CloudLink SecureVSA user documentation listed in References. While this document focuses on installing EaaS on the VMware vcloud Director or vsphere environment, CloudLink SecureVSA also supports encryption on other cloud platforms, such as Microsoft Hyper-V. For information about EaaS outside of VMware cloud environments, contact your EMC Global Service representative or AFORE Solutions at info@aforesolutions.com. Audience This paper is intended for systems engineers, solution architects, product managers, and operation engineers of cloud service providers. You should be knowledgeable about VMware vcloud Director, vsphere, vcenter, EMC storage systems, and networking concepts. You need at least a high-level understanding of CloudLink SecureVSA functionality. 7
8 Terminology This paper includes the following terminology. Table 1. Terminology Term RSA DPM EaaS CloudLink Center CloudLink Gateway CloudLink vnode DAS DRaaS IaaS NAS SAN VDIaaS VPN VSA Definition RSA Data Protection Manager Encryption as a Service Management console for CloudLink that integrates with encryption key stores. CloudLink Center may also be referred to as the CloudLink Gateway when describing the CloudLink node represented. Software virtual appliance that provides encrypted storage and the management interface (see CloudLink Center) Software virtual appliance that provides encrypted storage Direct-attached storage Disaster Recovery as a Service Infrastructure as a Service Network-attached storage Storage Area Network VDI as a Service Virtual Private Network Virtual Storage Appliance 8
9 Technology overview CloudLink SecureVSA is a software-defined storage encryption solution that is designed to secure sensitive data in virtualized and multitenant cloud environments. It is delivered as a virtual storage appliance that can be deployed on a perapplication, per-tenant basis and provides a software encryption layer between virtualized applications and physical storage, as shown in Figure 1. Figure 1. CloudLink SecureVSA To offer EaaS, service providers install CloudLink SecureVSA in the existing VMware vsphere or vcloud Director cloud platform. CloudLink SecureVSA includes three components: CloudLink vnode CloudLink Gateway CloudLink Center CloudLink vnode CloudLink Gateway Service providers deploy this software virtual appliance over a shared storage resource to provide encrypted virtual storage for the tenant s workloads and establish an encrypted tunnel to a CloudLink Gateway for encryption key management. Optionally, this tunnel can also be used as a network extension between customer networks and the network in the tenant s virtual data center in the cloud. Service providers who want to offer self-service CloudLink-based EaaS can offer the CloudLink vnode as a service template in their service catalogs. Service providers deploy this software virtual appliance in the service provider cloud or on-site in the customer private data center. The CloudLink Gateway establishes a secure connection for managing CloudLink vnodes in the cloud. Like CloudLink 9
10 vnode, CloudLink Gateway supports storage encryption. The Gateway generates enterprise-controlled encryption keys, places them in a secure key store, and delivers them through the secure tunnel to the vnodes deployed in the cloud. In addition, the Gateway authenticates vnodes, monitors connectivity, and initiates performance testing. Note: The CloudLink Gateway is not a traditional IT gateway. It is a CloudLink SecureVSA component to which CloudLink vnodes connect. CloudLink Center A web-service application delivered as part of the CloudLink Gateway, CloudLink Center provides a user interface to configure and manage CloudLink SecureVSA. CloudLink Center provides secure storage encryption management, network monitoring and testing, and provides audit trails of actions, alarms, and security events. A representative display from the CloudLink Center is shown in Figure 2. Figure 2. CloudLink Center management interface Note: CloudLink Center is one of two management interfaces. The other is a low-level appliance console that is used to deploy vnodes and the CloudLink Gateway. 10
11 Solution architecture Overview CloudLink SecureVSA is a software-defined storage encryption solution designed to secure sensitive data on a virtualized and multitenant cloud environment. It is delivered as a virtual storage appliance which can be deployed on a per-application, per-tenant basis, and provides a software encryption layer between virtualized applications and physical storage. EaaS uses CloudLink SecureVSA to provide cryptographic protection of sensitive data while enabling the data owner to keep control over security and compliance in a multitenant virtualized cloud environment. Service providers can offer EaaS to customers who need to encrypt their workloads and data in a multitenant cloud environment to meet data security and regulatory compliance requirements. CloudLink EaaS adopts a secure storage overlay approach to encrypt data so that it is transparent to applications and works across various underlying storage systems that service providers use. This premium service enables secure Infrastructure as a Service (IaaS), secure VDI as a service, and secure DRaaS in private, public or hybrid cloud environments. CloudLink SecureVSA provides the following important capabilities: Presents itself as a secure datastore or multiple datastores to the hypervisor and encrypts virtual machine disks transparently without changing applications. Service providers can deploy CloudLink as an encrypted storage overlay over physical storage systems and allocate the encrypted storage resource to respective tenants. Presents itself as a secure software storage appliance to virtual machines directly over Microsoft SMB, NFS, or iscsi. Service providers are able to offer this as part of their service template and tenants can enable this encryption service in a self-service model. Enables the enterprise or tenant to control the encryption key and security policy related to accessing the encrypted storage. Integrates with existing enterprise key management, RSA Data Protection Manager (DPM), to secure data in the cloud environment. Enterprises can benefit from their existing investment and enterprise key management expertise. As an alternative, Microsoft Active Directory server is supported as a CloudLink encryption key store. Supports heterogeneous cloud storage systems providing full protection for the service provider s existing storage system investment. The software encryption layer spans the entire cloud storage infrastructure. Supports all existing data center operations provided by cloud platforms, including virtual machine live migration, storage backup, replication, high availability, and fault tolerance capacity. 11
12 Depending on customer requirements, service providers can offer EaaS in a variety of ways: CloudLink SecureVSA as an encryption service template within a service catalog. Each tenant is able to install SecureVSA in a self-service manner and use it on a pay-as-you-go basis. CloudLink SecureVSA as part of a storage service and encrypted storage as part of a storage resource pool for workload deployment by a particular tenant. Encryption key management options: The service provider assumes full responsibility for encryption key management in a managed cloud service model. The tenant assumes responsibility for key management. A hybrid model, where an enterprise can use CloudLink on site to encrypt the data in its private data center environment, and also to encrypt the data in the service provider environment. Figure 3 represents the solution architecture. Figure 3. EaaS solution architecture Data-at-rest encryption In a multitenant cloud, CloudLink SecureVSA is deployed on a per-tenant basis. In this shared cloud infrastructure environment, storage is connected to the hypervisor either directly or by using standard SAN (FC, FCoE), NAS, or iscsi protocols. Each tenant has its own dedicated CloudLink vnode instance or a dedicated virtual volume on a CloudLink vnode instance on top of this shared infrastructure. Each tenant encrypts the volume and stores the encryption key safely on premises and within its control. By doing this, multiple secure virtual storage volumes are created on top of the shared storage infrastructure. All data in each secure volume are AES-256- encrypted with a unique encryption key controlled by the tenant. Once a secure 12
13 virtual storage volume is created, vnode exposes this volume in either secure datastore mode or secure NAS mode. Secure datastore mode The secure datastore mode for CloudLink SecureVSA provides encrypted storage for use by the hypervisor (VMware vsphere or Microsoft Hyper-V). In this mode, virtual machines associated with the encrypted datastore can be thought of as running in an encrypted container. The entire virtual machine can reside within the encrypted datastore. Alternatively, administrators can choose to associate only the data volumes with the encrypted datastore, using a standard datastore for the operating system and application volume. Administrators can then combine volumes into a single large datastore. Alternatively, each attached volume can be encrypted with unique encryption keys and shared as individual datastores. The benefit of encrypted datastore mode is that it is completely transparent to the virtual machines running with the encrypted datastore, requiring no changes or modifications to virtualized servers and applications (agentless). This mode also offers the benefits of supporting standard VMware features such as Distributed Resource Scheduler (DRS), high availability (HA), fault tolerance (FT), and Storage vmotion. Secure datastore mode is depicted in Figure 4. Figure 4. Secure datastore mode Secure NAS mode The Secure NAS mode of CloudLink SecureVSA provides encrypted storage at the network level for virtual machines using NFS, CIFS/SMB, or iscsi protocols. Similar to encrypted datastore mode, encrypted NAS mode is an agentless data at rest encryption solution, with the encryption completely transparent to the virtual machines and applications attached or mapped to the NAS. Administrators can combine volumes into a single large network share. Alternatively, each attached volume can be encrypted with unique encryption keys and shared individually. Figure 5 represents secure NAS mode. 13
14 Figure 5. Secure NAS mode 14
15 System requirements CloudLink SecureVSA supports any cloud platform based on VMware vsphere 4.1 or later and vcloud Director 5.1. CloudLink vnode requirements CloudLink Gateway requirements Typical system requirements for CloudLink vnode include the following: Two vcpus (recommended) 4 GB vram (recommended) ESX server with CPUs that support Advanced Encryption Standard New Instructions (AES-NI), which is highly recommended for better encryption performance 8 GB storage for deploying vnode Network requirements: One network interface for managing a CloudLink Gateway One IP storage network interface for a vnode to present itself as a virtual storage appliance directly to virtual machines (in secure NAS mode) or to the ESX hypervisor as a datastore An additional network interface for virtual machines to communicate with VPN tunnel, if required Virtual disks from vsphere or from vcloud Director to use as an encrypted storage resource; up to 10 TB can be supported per vnode Typical system requirements for CloudLink Gateway include: One vcpu (recommended) if CloudLink Gateway is used only as a management node (CloudLink Center); two vcpus (recommended) if CloudLink Gateway is used as both a management node and storage encryption node 1 GB vram (recommended) if CloudLink Gateway is used only as a management node (CloudLink Center); 4 GB vram (recommended) if CloudLink Gateway is used as both a management node and storage encryption node 8 GB storage for deploying CloudLink Gateway Network requirements: One network interface for managing CloudLink vnodes An IP storage network interface for CloudLink Gateway to present itself as a virtual storage appliance directly to virtual machines (in Secure NAS mode) or to the ESX hypervisor as a datastore when CloudLink Gateway is used as a storage encryption node An additional network interface for virtual machines to communicate with VPN tunnel if required Virtual disks from vsphere or from vcloud Director for use as an encrypted storage resource up to 10 TB can be supported per CloudLink Gateway CloudLink Center is part of CloudLink Gateway; accessing the CloudLink Center web interface requires a web browser with Adobe Flash plug-in 15
16 Common deployment models Overview CloudLink SecureVSA components can be distributed across the customer s private data center and the service provider s multitenant cloud to meet a variety of EaaS deployment situations. This section describes three common EaaS deployment models, as represented by Tenant 1, Tenant 2, and Tenant 3 in Figure 6. Each customer has a dedicated private data center. The multitenant service provider cloud includes one resource pool for each tenant for CloudLink SecureVSA encrypted storage. Tenant 4 represents a tenant that is hosted in the multitenant cloud but does not use the encryption services of CloudLink SecureVSA. Figure 6. Deployment models The three customers who make use of CloudLink SecureVSA encrypted storage in this example represent the three common deployment models that are described in this White Paper: Model 1 All CloudLink SecureVSA components and the key store are deployed in the Tenant 1 cloud resource pool. The service provider maintains control over the encryption keys and the security policy. From web browsers in the private data center, the customer s users can access the encrypted storage in the service provider s cloud using NAS protocols (CloudLink Secure NAS mode) or indirectly through applications that use the encrypted storage (CloudLink Secure Datastore mode). This model has two submodels: Single CloudLink Gateway in the Tenant 1 resource pool, which supports both CloudLink management and storage encryption Single CloudLink Gateway with one or more CloudLink vnodes. In this model, the storage encryption function is performed by the vnodes, and the CloudLink Gateway manages these vnodes 16
17 Model 2 All CloudLink SecureVSA components are deployed in the Tenant 2 cloud resource pool. The key store is hosted in the private data center, and the customer maintains control over encryption keys and security policy. As in Model 1, the same two submodels exist here: Single CloudLink Gateway Single CloudLink Gateway that manages multiple CloudLink vnodes Model 3 Only CloudLink vnode is deployed in the Tenant 3 resource pool. The CloudLink Gateway and key store are hosted in the private data center, and the customer maintains control over encryption keys and security policy. Model 1 Full deployment in the cloud Many customers prefer the service provider to take responsibility for managing the CloudLink SecureVSA components and the key store. For these customers, service providers can use a deployment model in which the CloudLink Gateway, vnode, and key store are deployed in the appropriate tenant resource pool in the service provider s cloud, as shown in Figure 7. Figure 7. Model 1 deployment 17
18 Model 1 workflow The workflow in Figure 8 represents the tasks for a full CloudLink SecureVSA deployment in the service provider s cloud. In this workflow, the service provider performs all tasks. Workflow Start Deploy Gateway OVF template Add private network interface for Gateway Configure Gateway Deploy vnode OVF template Add SAN network interface and hard disks for vnode, and configure SAN interface properties (optional) Add private network interface for vnode Configure vnode (including VPN) Upload and assign storage license for vnode Merge disks (optional) Configure encryption key store Format secure storage Configure access to secure storage Create secure datastore (optional) End Figure 8. Model 1 workflow 18
19 Model 1 workflow reference Table 2 lists each task shown in Figure 8 for a full CloudLink SecureVSA deployment in the service provider s cloud. Table 2. Model 1 workflow references Task Deploy the CloudLink Gateway OVF template Add the private network interface for the Gateway Configure the Gateway Deploy the vnode OVF template Add SAN and private network interfaces, add hard disks for vnode, and configure SAN interface properties. Configure vnode, including VPN connection Merge disks (optional) Merge disks to present multiple disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume. Configure encryption key store Reference/topic Scalable Encrypted Storage Overlay Deploying the CloudLink Gateway OVF Template Adding Components Deploy a Gateway with No Storage Scalable Encrypted Storage Overlay Configuring the CloudLink Gateway Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Managing Storage Licenses: Uploading Storage Licenses Assigning Storage Licenses Managing Secure Storage Merging Volumes Managing Secure Storage Encryption Key Store Management 19
20 Task Format secure storage Configure access to secure storage (for Secure NAS mode only) Create secure datastore (for Secure Datastore mode only) Reference/topic Managing Secure Storage Formatting Volumes Managing Secure Storage: Configuring NFS/SMB Access to Secure Storage Configuring iscsi Access to Secure Storage Managing Secure Storage Configuring Secure Datastore Model 2 Key store in the private data center with SecureVSA in the cloud Some customers want the service provider to be responsible for managing the CloudLink SecureVSA components but prefer to retain control over encryption keys and security policy. For these customers, service providers can use a deployment model in which the key store is hosted in the customer s private data center, and CloudLink SecureVSA components are hosted in the appropriate tenant resource pool in the service provider s cloud, as shown in Figure 9. Figure 9. Model 2 deployment 20
21 Model 2 workflow The workflow in Figure 100 represents the tasks for a key store in the private data center with all CloudLink SecureVSA components in the service provider s cloud. Resources Workflow Start Deploy Gateway OVF template Add private network interface for Gateway Configure Gateway Deploy vnode OVF template Add SAN network interface and hard disks for vnode, and configure SAN interface properties (optional) Service Provider Add private network interface for vnode Configure vnode to point of VPN setup steps Generate one-time passcode Set up VPN using one-time passcode Provide CloudLink Center credentials and URL, and storage license to customer Upload and assign storage license for vnode Merge disks (optional) Customer Configure encryption key store Format secure storage Configure access to secure storage Service Provider Create secure datastore (optional) End Figure 10. Model 2 workflow 21
22 Model 2 workflow reference Table 3 lists each task shown in the deployment workflow for a key store in the private data center, components in the service provider s cloud. For each task, the table identifies the party responsible for the task and the appropriate topic for more information in the related references. Table 3. Model 2 workflow reference Task Service Provider deploys the Gateway OVF template Service Provider adds the private network interface for the Gateway Service Provider configures the Gateway Service provider deploys the vnode OVF template Service provider adds SAN and private network interfaces, adds hard disks for vnode, and configures SAN interface properties Service provider configures the vnode to the point where the VPN setup steps begin Service provider generates the one-time passcode Reference/topic Scalable Encrypted Storage Overlay Deploying the CloudLink Gateway OVF Template Adding Components Deploy a Gateway with No Storage Scalable Encrypted Storage Overlay Configuring the CloudLink Gateway Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Adding Components Configuring CloudLink for Use as Datastore Storage Process for Configuration Scalable Encrypted Storage Overlay Configuring the vnode Scalable Encrypted Storage Overlay Configuring the vnode Note: The steps to generate the one-time passcode in CloudLink Center on the CloudLink Gateway are provided at the end of the procedure to configure the vnode. 22
23 Task Service provider sets up the VPN connection to connect the vnode to the Gateway using the one-time passcode Service provider provides the CloudLink Center credentials and URL, and storage license to the customer Customer uploads and assigns storage license for vnode Customer merges disks (optional) Merge disks to present multiple disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume. Customer configures encryption key store Customer formats secure storage Customer configures access to secure storage (for Secure NAS mode only) Service provider creates secure datastore (for Secure Datastore mode only) Reference/topic Scalable Encrypted Storage Overlay, Configuring the vnode Note: The steps to set up the VPN connection, including entering the one-time passcode are provided at the end of the procedure to configure the vnode. n/a Managing Storage Licenses: Uploading Storage Licenses Assigning Storage Licenses Managing Secure Storage Merging Volumes Managing Secure Storage Encryption Key Store Management Managing Secure Storage Formatting Volumes Managing Secure Storage: Configuring NFS/SMB Access to Secure Storage Configuring iscsi Access to Secure Storage Managing Secure Storage Configuring Secure Datastore 23
24 Model 3 Key Store and CloudLink gateway in the private data center with the vnode in the cloud Some customers prefer the service provider to be responsible only for providing CloudLink SecureVSA encrypted storage. These customers prefer to maintain control over the CloudLink Gateway and the encryption keys and security policy in a hybrid cloud environment. For these customers, service providers can use a deployment model in which the CloudLink vnode is deployed in the appropriate tenant resource pool in the service provider s cloud, and the CloudLink Gateway and the key store are hosted in the customer s private data center, as shown in Figure 11. Figure 11. Model 3 deployment 24
25 Model 3 workflow The workflow in Figure 12 represents the tasks for the key store and CloudLink Gateway in the private data center, with the CloudLink vnode in the service provider s cloud. The workflow identifies whether the service provider or customer performs each task. Resources Workflow Start Deploy Gateway OVF template Customer Add private network interface for Gateway Configure Gateway Deploy vnode OVF template Service Provider Add SAN network interface and hard disks for vnode, and configure SAN interface properties (optional) Add private network interface for vnode Configure vnode (including VPN) Upload and assign storage license for vnode Merge disks (optional) Customer Configure encryption key store Format secure storage Configure access to secure storage Create secure datastore (optional) Service Provider End Figure 12. Model 3 workflow 25
26 Model 3 workflow reference Table 4 lists each task for a key store and CloudLink Gateway in the private data center, with the CloudLink vnode in the service provider s cloud. For each task, the table identifies the party responsible for the task and the appropriate topics for more information in the related references. Table 4. Model 3 workflow reference Task Customer deploys the CloudLink Gateway OVF template Customer adds the private network interface for the Gateway Customer configures the Gateway Service provider deploys the vnode OVF template Service provider adds SAN and private network interfaces, adds hard disks for vnode, and configures SAN interface properties Customer configures vnode, including VPN connection Customer uploads and assigns storage license for vnode Reference/topic Scalable Encrypted Storage Overlay Deploying the CloudLink Gateway OVF Template Adding Components Deploy a Gateway with No Storage Scalable Encrypted Storage Overlay Configuring the CloudLink Gateway Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Adding Components Configuring CloudLink for Use as Datastore Storage Process for Configuration Scalable Encrypted Storage Overlay Configuring the vnode Managing Storage Licenses: Uploading Storage Licenses Assigning Storage Licenses 26
27 Task Customer merges disks (optional) Merge disks to present multiple disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume. Customer configures encryption key store Customer formats secure storage Customer configures access to secure storage (for Secure NAS mode only) Service provider creates secure datastore (For Secure datastore mode only) Reference/topic Managing Secure Storage Merging Volumes Managing Secure Storage Encryption Key Store Management Managing Secure Storage Formatting Volumes Managing Secure Storage: Configuring NFS/SMB Access to Secure Storage Configuring iscsi Access to Secure Storage Managing Secure Storage Configuring Secure Datastore 27
28 CloudLink management CloudLink Center provides web-based management of encryption services, including: Key management Configuration of key stores and key changing scheduling policies. Encrypted storage management Merging disks, resizing the storage, and locking or unlocking encrypted storage volumes. Secure communication management between CloudLink Gateway and CloudLink vnodes Key delivery, VPN traffic, and authentication status of CloudLink vnodes. Performance monitoring Monitoring of storage and network performance. The performance data for the past 24 hours is reported and can be exported as a spreadsheet file. Security event and log management All security events and logs are displayed on CloudLink Center. They can be sent to an external application using SNMP or consolidated on a central syslog server. CloudLink Center supports role-based administration, which separates security management from infrastructure administration. There are three pre-defined roles in CloudLink: security administrator (secadmin), regular IT administrator (admin), and observer for monitoring. Each role has its own unique privilege set as defined in Table 5. Table 5. In a Model 1 deployment, the service providers assume the roles of secadmin and admin while the tenants assume the role of observer. In Model 2 and Model 3 deployments where the tenants control the data security and encryption keys, the tenants assume the role of secadmin and the service providers assume the admin role. The observer role can be assigned to both tenants and service providers, as required. Role-based administration Operation SEC admin Admin Observer Control of keys for encrypted storage VPN configuration and control Network performance and SLA monitoring View VM security audit status View security events View actions View alarms and events Syslog/SNMP configuration 28
29 Encryption key management Each CloudLink SecureVSA encrypted virtual storage volume has two associated encryption keys: The data encryption key (DEK) is generated by the CloudLink vnode on a pervolume basis to encrypt data at block level using AES-256. The DEK is then encrypted with a key encryption key (KEK) and stored on the disk with the data. Data security administrators have full control of the encryption keys and the KEKs can be updated regularly by the security administrators using CloudLink Center. Special care must be taken to ensure that enterprise-owned data are never stored or transferred in clear text and can be promptly withdrawn by the enterprise at any time. Cloud administrators do not have access to DEKs and KEKs; therefore, neither cloud administrators, nor other tenants or intruders can access enterprise data in the cloud. KEKs are generated and managed by the CloudLink Gateway. They must be changed regularly according to key management policies and kept in a safe place to ensure the safety of encrypted data. CloudLink supports three key stores: RSA Data Protection Manager (DPM) provides a key store that is tamper proof and supports high availability. The RSA DPM client is integrated into CloudLink Gateway. Microsoft Active Directory provides an alternate secure encryption key store. This option allows an enterprise to use its existing Active Directory deployment and securely store cloud encryption keys. KEKs may also be stored within the CloudLink Gateway. This option is suitable for trials and testing but is not recommended for production deployment. Figure 13. Key store configuration CloudLink Center is the entry point for CloudLink SecureVSA key management. Depending on the deployment models discussed above, the key management can be performed by the service provider security administrators or by enterprise data security administrators. Through the CloudLink Center interface, the security 29
30 administrator can monitor and control the availability of encrypted volumes by choosing whether KEKs are made available to the CloudLink SecureVSA cipher. CloudLink Center s lock operation withdraws the KEK for an encrypted volume from the CloudLink SecureVSA, preventing it from decrypting the volume s DEK and rendering the data stored on the volume unavailable. Conversely, the unlock operation provides the KEK for an encrypted volume to CloudLink which then uses it to decrypt the volume s DEK and uses the DEK to decrypt and make the data available. Using CloudLink Center, the security administrator can also perform key change operations, either on demand or on a scheduled policy basis. Figure 14 shows the options for locking and unlocking encrypted storage. Figure 14. Locking and unlocking encrypted storage RSA DPM integration CloudLink SecureVSA provides out-of-box integration with RSA DPM. All storage KEKs created and managed by CloudLink can be stored securely in DPM. DPM provides centralized key vaulting, protection and recoverability of the keys. The keys are generated by CloudLink and provided to DPM for safe storage. They are then retrieved by CloudLink and provided to CloudLink vnodes that must provide access to their encrypted storage volumes (that is, to unlock the volumes). At any time, a security administrator using CloudLink Center can instruct CloudLink to lock one or all of a node s encrypted volumes. CloudLink then issues a lock command to the node and the node destroys its cached version of the storage KEKs. RSA DPM is available in the following form factors: Hardware appliance Virtual appliance Software server deployable in customer software infrastructure. 30
31 Both the hardware and virtual appliances come with a prepackaged software stack that includes a web application server, enterprise-class database, and access management. Client applications authenticate with the server using mutual SSL. A client application using a DPM client for encryption and key management can operate with a local protected cache for keys. Figure 15 shows a typical deployment architecture for key management that contains at least two load-balanced nodes within the primary site for high availability and more nodes in remote sites for scalability or disaster recovery purposes, all clustered together. All nodes in a cluster are active. DPM appliances come with built-in replication to keep all the nodes in sync. RSA DPM virtual and hardware appliances can be deployed in the same way. Client Apps/Systems Distributed load balancing Local load balancing Local load balancing Key Replication Key Replication Key Replication Primary Datacenter Secondary Datacenter Figure 15. Typical RSA DPM deployment architecture To use RSA DPM to store CloudLink KEKs, ensure that an RSA DPM host version 3.1 or later is accessible by the CloudLink Gateway though its private LAN network. The and the CloudLink SecureVSA v2.2 VMware vsphere provide more information on deploying, configuring, and using CloudLink. To prepare RSA DPM for storage of CloudLink KEKs: 1. Log on to the RSA Data Protection Manager console. 2. Create an identity that belongs to a particular RSA DPM identity group, as shown in Figure
32 Figure 16. Creating an RSA DPM identity 3. Create a security class object with infinite duration that belongs to the same RSA DPM identity group, as shown in Figure 17. Figure 17. Creating a security class object To configure CloudLink to use RSA Data Protection Manager as its key store: 1. Open CloudLink Center on the Gateway using the secadmin user account. 2. Under the topology tree, select the gateway. 3. Click Security > Key Store. 4. To configure CloudLink to use RSA Data Protection Manager for KEK storage, under Location, click RSA DPM. 5. Under RSA DPM Configuration, shown in Figure 18, specify the RSA DPM parameters: Host RSA DPM host IP address 32
33 Port TCP port number configured on the RSA DPM host (default port is 443) Security Class Name Name of the security class configured on the RSA DPM host for the RSA DPM client Trust Certificate RSA DPM server certificate Client Certificate RSA DPM client certificate Password Password used during creation of the RSA DPM client certificate 6. Click Apply. Figure 18. RSA DPM Configuration panel in CloudLink Center CloudLink Gateway displays the RSA DPM status as Accessible. It creates a new entry in the CloudLink Center Actions log, as shown in Figure 18, and records a Key store change security event, as shown in Figure 19. Figure 19. Key store change security event recorded by CloudLink Microsoft Active Directory integration As an alternative to using RSA DPM as a key store, you can configure Microsoft Active Directory as a CloudLink key store. It is very important that the Active Directory server is properly backed up to ensure the safety of the encryption key. Losing the encryption key will cause data loss. For high availability and disaster recovery, Active Directory servers acting as CloudLink key stores are deployed on both the product site and the DR site. 33
34 Configuring Active Directory as a key store To use Active Directory to store CloudLink encryption keys, deploy a Windows Server to be accessible by CloudLink Center from its private LAN network. During this procedure, you must provide the host name of the Windows Server, which means you must have already set up the DNS server. To configure the Active Directory for the CloudLink encryption key store on a Windows 2003 or 2008 Server that is configured as a domain controller, the following highlevel steps are required. 1. Set up an organization unit on Windows Server. 2. Create a bind user. 3. Add the bind user to the security group. 4. Record the DN of CloudLink. 5. Apply the domain controller in CloudLink. For detailed configuration instructions, refer to the CloudLink SecureVSA v2.2 VMware vsphere. 34
35 Conclusion EMC EaaS powered by CloudLink SecureVSA enables cloud service providers to address the compliance and data security requirements of their customers. It eases concerns of cloud service customers about their data security in a multitenant environment by providing them with a tool to manage the encryption keys and security policy. It generates additional service revenue associated with a premium encryption service, which requires data encryption in the cloud, and additional workloads moving into the cloud. CloudLink SecureVSA is very easy to deploy, and is transparent to business applications and underlying infrastructure. It is a granular encryption solution that is workload driven and can be deployed on a per-tenant basis. It encrypts only the data for which tenants and applications require encryption. Other workloads in the cloud environment can continue to use regular cloud storage. The three deployment models described in this White Paper demonstrate the ease with which CloudLink SecureVSA can be deployed and configured by service providers and their customers. With flexible key management options, customers always have a choice to entrust cloud service providers to manage the key on their behalf or to use existing enterprise key management to secure their data in the service provider environment. The enterprise key management investment is fully protected. CloudLink EaaS secures the cloud and ultimately helps enterprises to trust the cloud. References VMware documentation For additional information, see the documents listed below. CloudLink SecureVSA v2.2 VMware vcloud Director Supplementary Deployment Guide 35
PROTECTING DATA IN MULTI-TENANT CLOUDS
1 Introduction Today's business environment requires organizations of all types to reduce costs and create flexible business processes to compete effectively in an ever-changing marketplace. The pace of
More informationImplementation Guide for EMC for VSPEX Private Cloud Environments. CloudLink Solution Architect Team
VSPEX IMPLEMENTATION GUIDE CloudLink SecureVSA Implementation Guide for EMC for VSPEX Private Cloud Environments CloudLink Solution Architect Team Abstract This Implementation Guide describes best practices
More informationCloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds
- The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds February 2011 1 Introduction Today's business environment requires organizations
More informationRSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2
RSA Authentication Manager 8.1 Setup and Configuration Guide Revision 2 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
More informationINCORPORATING CLOUDLINK SECUREVSA OFFERINGS IN EMC VSPEX DESIGNS
INCORPORATING CLOUDLINK SECUREVSA OFFERINGS IN EMC VSPEX DESIGNS 2014 CloudLink Technologies Inc. All rights reserved. The Copyright in this document belongs to CloudLink Technologies Inc. and no part
More informationEMC Data Domain Management Center
EMC Data Domain Management Center Version 1.1 Initial Configuration Guide 302-000-071 REV 04 Copyright 2012-2015 EMC Corporation. All rights reserved. Published in USA. Published June, 2015 EMC believes
More informationDeployment and Configuration Guide
vcenter Operations Manager 5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationVMware vsphere 5.1 Advanced Administration
Course ID VMW200 VMware vsphere 5.1 Advanced Administration Course Description This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter.
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationEMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION
EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION Automated file synchronization Flexible, cloud-based administration Secure, on-premises storage EMC Solutions January 2015 Copyright 2014 EMC Corporation. All
More informationAFORE CLOUDLINK ON VBLOCK SYSTEMS
Table of Contents About this document... 3 Audiences... 3 Introduction... 3 Business Case... 3 Solution Overview... 4 Technology Overview... 5 AFORE CloudLink Secure VSA... 5 The CloudLink Architecture...
More informationINTEGRATING CLOUD ORCHESTRATION WITH EMC SYMMETRIX VMAX CLOUD EDITION REST APIs
White Paper INTEGRATING CLOUD ORCHESTRATION WITH EMC SYMMETRIX VMAX CLOUD EDITION REST APIs Provisioning storage using EMC Symmetrix VMAX Cloud Edition Using REST APIs for integration with VMware vcloud
More informationEMC Business Continuity for VMware View Enabled by EMC SRDF/S and VMware vcenter Site Recovery Manager
EMC Business Continuity for VMware View Enabled by EMC SRDF/S and VMware vcenter Site Recovery Manager A Detailed Review Abstract This white paper demonstrates that business continuity can be enhanced
More informationAcronis Backup & Recovery 11 Virtual Edition
Acronis Backup & Recovery 11 Virtual Edition Backing Up Virtual Machines Copyright Acronis, Inc., 2000-2011. All rights reserved. Acronis and Acronis Secure Zone are registered trademarks of Acronis, Inc.
More informationMICROSOFT CLOUD REFERENCE ARCHITECTURE: FOUNDATION
Reference Architecture Guide MICROSOFT CLOUD REFERENCE ARCHITECTURE: FOUNDATION EMC VNX, EMC VMAX, EMC ViPR, and EMC VPLEX Microsoft Windows Hyper-V, Microsoft Windows Azure Pack, and Microsoft System
More informationBuilding the Virtual Information Infrastructure
Technology Concepts and Business Considerations Abstract A virtual information infrastructure allows organizations to make the most of their data center environment by sharing computing, network, and storage
More informationPROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT
White Paper PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT Abstract This white paper examines the deployment considerations for ProSphere, the next generation of Storage Resource Management (SRM) from
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationVeeam Cloud Connect. Version 8.0. Administrator Guide
Veeam Cloud Connect Version 8.0 Administrator Guide April, 2015 2015 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be
More informationVMware Workspace Portal Reference Architecture
VMware Workspace Portal 2.1 TECHNICAL WHITE PAPER Table of Contents Executive Summary.... 3 Overview.... 4 Hardware Components.... 5 VMware vsphere.... 5 VMware Workspace Portal 2.1.... 5 VMware Horizon
More informationVMware vcenter Log Insight Getting Started Guide
VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationVMware vsphere: [V5.5] Admin Training
VMware vsphere: [V5.5] Admin Training (Online Remote Live TRAINING) Summary Length Timings : Formats: Lab, Live Online : 5 Weeks, : Sat, Sun 10.00am PST, Wed 6pm PST Overview: This intensive, extended-hours
More informationWhitepaper. NexentaConnect for VMware Virtual SAN. Full Featured File services for Virtual SAN
Whitepaper NexentaConnect for VMware Virtual SAN Full Featured File services for Virtual SAN Table of Contents Introduction... 1 Next Generation Storage and Compute... 1 VMware Virtual SAN... 2 Highlights
More informationFoundations and Concepts
vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationEMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS
EMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS A Detailed Review ABSTRACT This white paper highlights integration features implemented in EMC Avamar with EMC Data Domain deduplication storage systems
More informationVMware vsphere 5.0 Boot Camp
VMware vsphere 5.0 Boot Camp This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter. Assuming no prior virtualization experience, this
More informationAdvanced Service Design
vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationVMware vcloud Air - Disaster Recovery User's Guide
VMware vcloud Air - Disaster Recovery User's Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationEMC Integrated Infrastructure for VMware
EMC Integrated Infrastructure for VMware Enabled by Celerra Reference Architecture EMC Global Solutions Centers EMC Corporation Corporate Headquarters Hopkinton MA 01748-9103 1.508.435.1000 www.emc.com
More informationEMC Integrated Infrastructure for VMware
EMC Integrated Infrastructure for VMware Enabled by EMC Celerra NS-120 Reference Architecture EMC Global Solutions Centers EMC Corporation Corporate Headquarters Hopkinton MA 01748-9103 1.508.435.1000
More informationSECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX
White Paper SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX Abstract This white paper explains the benefits to the extended enterprise of the on-
More informationvcloud Suite Architecture Overview and Use Cases
vcloud Suite Architecture Overview and Use Cases vcloud Suite 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationVirtualclientTechnology 2011 July
WHAT S NEW IN VSPHERE VirtualclientTechnology 2011 July Agenda vsphere Platform Recap vsphere 5 Overview Infrastructure Services Compute, Storage, Network Applications Services Availability, Security,
More informationVMware VDR and Cloud Storage: A Winning Backup/DR Combination
VMware VDR and Cloud Storage: A Winning Backup/DR Combination 7/29/2010 CloudArray, from TwinStrata, and VMware Data Recovery combine to provide simple, fast and secure backup: On-site and Off-site The
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationWHY SECURE MULTI-TENANCY WITH DATA DOMAIN SYSTEMS?
Why Data Domain Series WHY SECURE MULTI-TENANCY WITH DATA DOMAIN SYSTEMS? Why you should take the time to read this paper Provide data isolation by tenant (Secure logical data isolation for each tenant
More informationTRANSFORMING DATA PROTECTION
TRANSFORMING DATA PROTECTION Moving from Reactive to Proactive Mark Galpin 1 Our Protection Strategy: Best Of Breed Performance LEADER HIGH-END STORAGE VMAX Low Service Level LEADER SCALE-OUT NAS STORAGE
More informationVmware VSphere 6.0 Private Cloud Administration
To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Vmware VSphere 6.0 Private Cloud Administration Class Duration 5 Days Introduction This fast paced,
More informationEMC BACKUP-AS-A-SERVICE
Reference Architecture EMC BACKUP-AS-A-SERVICE EMC AVAMAR, EMC DATA PROTECTION ADVISOR, AND EMC HOMEBASE Deliver backup services for cloud and traditional hosted environments Reduce storage space and increase
More informationVMware vsphere Data Protection 6.0
VMware vsphere Data Protection 6.0 TECHNICAL OVERVIEW REVISED FEBRUARY 2015 Table of Contents Introduction.... 3 Architectural Overview... 4 Deployment and Configuration.... 5 Backup.... 6 Application
More informationInstalling and Using the vnios Trial
Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM
More informationVMware vcenter Log Insight Getting Started Guide
VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationJOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI
JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI Job oriented VMWARE training is offered by Peridot Systems in Chennai. Training in our institute gives you strong foundation on cloud computing by incrementing
More informationRSA Authentication Manager 8.1 Virtual Appliance Getting Started
RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides
More informationvshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0
vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationSILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE
VSPEX IMPLEMENTATION GUIDE SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE Silver Peak Abstract This Implementation Guide describes the deployment of Silver Peak
More informationDeployment Options for Microsoft Hyper-V Server
CA ARCserve Replication and CA ARCserve High Availability r16 CA ARCserve Replication and CA ARCserve High Availability Deployment Options for Microsoft Hyper-V Server TYPICALLY, IT COST REDUCTION INITIATIVES
More informationEMC VSPEX END-USER COMPUTING
IMPLEMENTATION GUIDE EMC VSPEX END-USER COMPUTING VMware Horizon 6.0 with View and VMware vsphere for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Data Protection EMC VSPEX Abstract This describes
More informationDESIGN AND IMPLEMENTATION GUIDE EMC DATA PROTECTION OPTION NS FOR VSPEXX PRIVATE CLOUD EMC VSPEX December 2014
DESIGN AND IMPLEMENTATION GUIDE EMC DATA PROTECTION OPTIONS FOR VSPEX PRIVATE CLOUD EMC VSPEX December 2014 Copyright 2013-2014 EMC Corporation. All rights reserved. Published in USA. Published December,
More informationvsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration
Course Details Level: 1 Course: V6PCRE Duration: 5 Days Language: English Delivery Methods Instructor Led Training Instructor Led Online Training Participants: Virtualization and Cloud Administrators,
More informationOffline Data Transfer to VMWare vcloud Hybrid Service
Offline Data Transfer to VMWare vcloud Hybrid Service vcloud Connector 2.5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationEMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter
EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, VMware vcenter Converter A Detailed Review EMC Information Infrastructure Solutions Abstract This white paper
More informationVMTurbo Operations Manager 4.5 Installing and Updating Operations Manager
VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager VMTurbo, Inc. One Burlington Woods Drive Burlington, MA 01803 USA Phone: (781) 373---3540 www.vmturbo.com Table of Contents Introduction
More informationGetting Started with OpenStack and VMware vsphere TECHNICAL MARKETING DOCUMENTATION V 0.1/DECEMBER 2013
Getting Started with OpenStack and VMware vsphere TECHNICAL MARKETING DOCUMENTATION V 0.1/DECEMBER 2013 Table of Contents Introduction.... 3 1.1 VMware vsphere.... 3 1.2 OpenStack.... 3 1.3 Using OpenStack
More informationNetIQ Aegis Adapter for VMware vcenter Server
Contents NetIQ Aegis Adapter for VMware vcenter Server Configuration Guide May 2011 Overview... 1 Product Requirements... 1 Supported Configurations... 2 Implementation Overview... 2 Ensuring Minimum Rights
More informationEMC ViPR for On-Demand File Storage with EMC Syncplicity and EMC Isilon or EMC VNX
EMC ViPR for On-Demand File Storage with EMC Syncplicity and EMC Isilon or EMC VNX EMC Solutions Abstract This document describes how to deploy EMC ViPR software-defined storage in an existing EMC Isilon
More informationCloudLink Center Administration Guide for SecureVM 3.2
CloudLink Center Administration Guide for SecureVM 3.2 November 2014 THIS DOCUMENT CONTAINS CONFIDENTIAL AND TRADE SECRET INFORMATION OF CLOUDLINK TECHNOLOGIES AND RECEIPT OR POSSESSION DOES NOT CONVEY
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationThinspace deskcloud. Quick Start Guide
Thinspace deskcloud Quick Start Guide Version 1.2 Published: SEP-2014 Updated: 16-SEP-2014 2014 Thinspace Technology Ltd. All rights reserved. The information contained in this document represents the
More informationEMC DATA DOMAIN ENCRYPTION A Detailed Review
White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to
More informationEMC VIPR SRM: VAPP BACKUP AND RESTORE USING EMC NETWORKER
EMC VIPR SRM: VAPP BACKUP AND RESTORE USING EMC NETWORKER ABSTRACT This white paper provides a working example of how to back up and restore an EMC ViPR SRM vapp using EMC NetWorker. October 2015 WHITE
More informationvcenter Server and Host Management
ESXi 5.5 vcenter Server 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationCONFIGURATION GUIDELINES: EMC STORAGE FOR PHYSICAL SECURITY
White Paper CONFIGURATION GUIDELINES: EMC STORAGE FOR PHYSICAL SECURITY DVTel Latitude NVMS performance using EMC Isilon storage arrays Correct sizing for storage in a DVTel Latitude physical security
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationFrequently Asked Questions: EMC UnityVSA
Frequently Asked Questions: EMC UnityVSA 302-002-570 REV 01 Version 4.0 Overview... 3 What is UnityVSA?... 3 What are the specifications for UnityVSA?... 3 How do UnityVSA specifications compare to the
More informationEMC Enterprise Hybrid Cloud 2.5, Federation Software-Defined Data Center Edition
Solution Guide EMC Enterprise Hybrid Cloud 2.5, Federation Software-Defined Data Center Edition Public Cloud Solution Guide EMC Solutions Abstract This Solution Guide describes the hybrid nature of the
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationNET ACCESS VOICE PRIVATE CLOUD
Page 0 2015 SOLUTION BRIEF NET ACCESS VOICE PRIVATE CLOUD A Cloud and Connectivity Solution for Hosted Voice Applications NET ACCESS LLC 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of
More informationAcronis Backup Advanced Version 11.5 Update 6
Acronis Backup Advanced Version 11.5 Update 6 APPLIES TO THE FOLLOWING PRODUCTS Advanced for VMware / Hyper-V / RHEV / Citrix XenServer / Oracle VM BACKING UP VIRTUAL MACHINES Copyright Statement Copyright
More informationIBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE
White Paper IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE Abstract This white paper focuses on recovery of an IBM Tivoli Storage Manager (TSM) server and explores
More informationVMware Identity Manager Connector Installation and Configuration
VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document
More informationVMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION
TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................
More informationAcronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide
Acronis Backup & Recovery 10 Advanced Server Virtual Edition Quick Start Guide Table of contents 1 Main components...3 2 License server...3 3 Supported operating systems...3 3.1 Agents... 3 3.2 License
More informationvcloud Air Disaster Recovery Technical Presentation
vcloud Air Disaster Recovery Technical Presentation Agenda 1 vcloud Air Disaster Recovery Overview 2 What s New 3 Architecture 4 Setup and Configuration 5 Considerations 6 Automation Options 2 vcloud Air
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationEMC Symmetrix Data at Rest Encryption
Detailed Review Abstract This white paper provides a detailed description of EMC Symmetrix Data at Rest Encryption features and operations. March 2011 Copyright 2010, 2011 EMC Corporation. All rights reserved.
More informationDavid.Balka@chi.frb.org 2009 STREAM FRBC
Virtualization ti Dave Balka David.Balka@chi.frb.org Examination Elements Architecture Management Processes Integrity Availability Security 2 Datacenter Consolidation 3 What is Virtualization A framework
More informationMonitoring Hybrid Cloud Applications in VMware vcloud Air
Monitoring Hybrid Cloud Applications in ware vcloud Air ware vcenter Hyperic and ware vcenter Operations Manager Installation and Administration Guide for Hybrid Cloud Monitoring TECHNICAL WHITE PAPER
More informationVMWARE VSPHERE 5.0 WITH ESXI AND VCENTER
VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER CORPORATE COLLEGE SEMINAR SERIES Date: April 15-19 Presented by: Lone Star Corporate College Format: Location: Classroom instruction 8 a.m.-5 p.m. (five-day session)
More informationUnitrends Virtual Backup Installation Guide Version 8.0
Unitrends Virtual Backup Installation Guide Version 8.0 Release June 2014 7 Technology Circle, Suite 100 Columbia, SC 29203 Phone: 803.454.0300 Contents Chapter 1 Getting Started... 1 Version 8 Architecture...
More informationThe VMware Administrator s Guide to Hyper-V in Windows Server 2012. Brien Posey Microsoft MVMP @Veeam
The VMware Administrator s Guide to Hyper-V in Windows Server 2012 Brien Posey Microsoft MVMP @Veeam About today s webinar Thought leadership content from an industry expert This webinar is recorded and
More informationVMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014
VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014 Table of Contents Introduction.... 3 Features and Benefits of vsphere Data Protection... 3 Additional Features and Benefits of
More informationVMware vsphere: Fast Track [V5.0]
VMware vsphere: Fast Track [V5.0] Experience the ultimate in vsphere 5 skills-building and VCP exam-preparation training. In this intensive, extended-hours course, you will focus on installing, configuring,
More informationEMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager
EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager Version 2.3 Installation and Configuration Guide 302-002-080 01 Copyright 2013-2015 EMC Corporation. All rights reserved.
More informationVMware vcloud Architecture Toolkit Public VMware vcloud Service Definition
VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents
More informationVMware Data Recovery. Administrator's Guide EN-000193-00
Administrator's Guide EN-000193-00 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product
More informationPHD Virtual Backup for Hyper-V
PHD Virtual Backup for Hyper-V version 7.0 Installation & Getting Started Guide Document Release Date: December 18, 2013 www.phdvirtual.com PHDVB v7 for Hyper-V Legal Notices PHD Virtual Backup for Hyper-V
More informationVirtual Web Appliance Setup Guide
Virtual Web Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance This guide describes the procedures for installing a Virtual Web Appliance. If you are installing
More informationKhóa học dành cho các kỹ sư hệ thống, quản trị hệ thống, kỹ sư vận hành cho các hệ thống ảo hóa ESXi, ESX và vcenter Server
1. Mục tiêu khóa học. Khóa học sẽ tập trung vào việc cài đặt, cấu hình và quản trị VMware vsphere 5.1. Khóa học xây dựng trên nền VMware ESXi 5.1 và VMware vcenter Server 5.1. 2. Đối tượng. Khóa học dành
More informationuh6 efolder BDR Guide for Veeam Page 1 of 36
efolder BDR for Veeam Hyper-V Continuity Cloud Guide Setup Continuity Cloud Import Backup Copy Job Restore Your VM uh6 efolder BDR Guide for Veeam Page 1 of 36 INTRODUCTION Thank you for choosing the efolder
More informationHow to Backup and Restore a VM using Veeam
How to Backup and Restore a VM using Veeam Table of Contents Introduction... 3 Assumptions... 3 Add ESXi Server... 4 Backup a VM... 6 Restore Full VM... 12 Appendix A: Install Veeam Backup & Replication
More informationEMC PERFORMANCE OPTIMIZATION FOR MICROSOFT FAST SEARCH SERVER 2010 FOR SHAREPOINT
Reference Architecture EMC PERFORMANCE OPTIMIZATION FOR MICROSOFT FAST SEARCH SERVER 2010 FOR SHAREPOINT Optimize scalability and performance of FAST Search Server 2010 for SharePoint Validate virtualization
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationStudy Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill
VCP VMware Certified Professional vsphere 4 Study Guide (ExamVCP4IO) Robert Schmidt McGraw-Hill is an independent entity from VMware Inc. and is not affiliated with VMware Inc. in any manner.this study/training
More informationQNAP in vsphere Environment
QNAP in vsphere Environment HOW TO USE QNAP NAS AS A VMWARE DATASTORE VIA NFS Copyright 2009. QNAP Systems, Inc. All Rights Reserved. V1.8 How to use QNAP NAS as a VMware Datastore via NFS QNAP provides
More informationCitrix XenServer 7 Feature Matrix
Citrix XenServer 7 Matrix Citrix XenServer 7 Matrix A list of Citrix XenServer 7 features by product edition, including entitlements XenApp and XenDesktop license holders. The most comprehensive application
More informationSOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery
SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery www.citrix.com Contents Introduction... 3 Fitting Disaster Recovery to the Cloud... 3 Considerations for Disaster Recovery
More informationVMware vsphere 4.1 with ESXi and vcenter
VMware vsphere 4.1 with ESXi and vcenter This powerful 5-day class is an intense introduction to virtualization using VMware s vsphere 4.1 including VMware ESX 4.1 and vcenter. Assuming no prior virtualization
More informationVMware vsphere Design. 2nd Edition
Brochure More information from http://www.researchandmarkets.com/reports/2330623/ VMware vsphere Design. 2nd Edition Description: Achieve the performance, scalability, and ROI your business needs What
More information