EMC ENCRYPTION AS A SERVICE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "EMC ENCRYPTION AS A SERVICE"

Transcription

1 White Paper EMC ENCRYPTION AS A SERVICE With CloudLink SecureVSA Data security for multitenant clouds Transparent to applications Tenant control of encryption keys EMC Solutions Abstract This White Paper describes EMC EaaS based on an AFORE CloudLink SecureVSA solution. This solution enables Cloud Service Providers to offer EaaS in a multitenant cloud environment and enables their customers to meet regulatory compliance requirements related to data security. April 2014

2 Copyright 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All trademarks used herein are the property of their respective owners. Part Number H

3 Table of contents Executive summary... 5 Business case... 5 Solution overview... 5 Key benefits... 5 Introduction... 7 Purpose... 7 Scope... 7 Audience... 7 Terminology... 8 Technology overview... 9 CloudLink vnode... 9 CloudLink Gateway... 9 CloudLink Center Solution architecture Overview Data-at-rest encryption Secure datastore mode Secure NAS mode System requirements CloudLink vnode requirements CloudLink Gateway requirements Common deployment models Overview Model 1 Full deployment in the cloud Model 1 workflow Model 1 workflow reference Model 2 Key store in the private data center with SecureVSA in the cloud Model 2 workflow Model 2 workflow reference Model 3 Key Store and CloudLink gateway in the private data center with the vnode in the cloud 24 Model 3 workflow Model 3 workflow reference CloudLink management

4 Encryption key management RSA DPM integration Microsoft Active Directory integration Configuring Active Directory as a key store Conclusion References VMware documentation

5 Executive summary This White Paper describes (EaaS) based on an AFORE CloudLink SecureVSA solution. The paper includes business benefits, solution architecture, deployment models, workflows, and encryption key management. This solution enables Cloud Service Providers (CSPs) to offer EaaS in a multitenant cloud environment and enables their customers to meet regulatory compliance requirements related to data security. Business case As organizations realize the benefits of migrating business applications, virtual desktops, storage, back-ups, and disaster recovery solutions into the cloud, security remains a top concern. Organizations tasked with ensuring regulatory compliance (such as HIPAA, PCI, CSA, and NIST) have additional requirements that make the move to the cloud even more challenging. When enterprises adopt cloud services, new data security challenges emerge, including: Enterprise workloads running on an infrastructure managed by cloud service providers Enterprise-sensitive data on shared cloud storage systems Traditional perimeter-based security that is ineffective for preventing data leakage in a cloud environment Data remanence issues and the challenge of data destruction on cloud storage systems shared by multiple live customers Enterprises increasingly expect cloud providers to provide data protection services in addition to the compute infrastructure. Solution overview Service providers can assist enterprises in using EMC EaaS to secure sensitive data in a variety of cloud use cases, including Infrastructure as a Service, Storage as a Service, Disaster Recovery as a Service, and hosted virtual desktops. EaaS is simple to deploy and enables the efficient introduction of new customers, while it is transparent to both the cloud infrastructure and customer workloads. EaaS is the perfect solution to segregate and encrypt customer data in a multitenant cloud while providing control of the encryption keys to the data owner to ensure data is completely unreadable by unauthorized users. Key benefits The business benefits of EMC EaaS for CSPs are as follows: Increases per-subscriber revenues by adding encryption services to the provider s service offerings without having to invest in new infrastructure Expands customer opportunities by hosting workloads subject to regulatory compliance Enables simple deployment and transparency to provider s infrastructure and their customers workloads 5

6 Encrypts only sensitive data at rest and in motion, not the entire storage array Enables enterprises to have full control of encryption keys Mitigates provider s compliance risk by enabling customers to secure sensitive data and maintain key control in the cloud with enterprise-controlled encryption Enables cloud environments that are required to meet regulatory compliance requirements to offer and implement critical data-at-rest encryption 6

7 Introduction This White Paper describes how a cloud service provider can use CloudLink SecureVSA to deliver EaaS as a premium service offering. Purpose Scope This White Paper describes the following key components of this solution: EaaS architecture Data encryption in a multitenant cloud environment. Transparent data encryption with no changes of applications and underlying storage infrastructure Integration with enterprise key management to secure data in a cloud environment Flexible key management options with encryption keys completely controlled by enterprise data owners or managed by the cloud service security administrator as part of a managed cloud service offering This White Paper demonstrates how you can deploy CloudLink SecureVSA in the cloud service provider infrastructure to enable multitenant EaaS. This paper describes three deployment models: All CloudLink SecureVSA components and key management are deployed by the service providers and managed by the service providers. All CloudLink SecureVSA components are deployed and managed by the service providers and the tenants are responsible for the key management. Hybrid deployment model where service providers install the CloudLink SecureVSA component in the cloud and tenants deploy CloudLink SecureVSA on site and manage the encryption key. This paper also includes the general deployment procedures and workflows for this solution. However, for detailed product installation, configuration, and on-going management procedures refer to the CloudLink SecureVSA user documentation listed in References. While this document focuses on installing EaaS on the VMware vcloud Director or vsphere environment, CloudLink SecureVSA also supports encryption on other cloud platforms, such as Microsoft Hyper-V. For information about EaaS outside of VMware cloud environments, contact your EMC Global Service representative or AFORE Solutions at Audience This paper is intended for systems engineers, solution architects, product managers, and operation engineers of cloud service providers. You should be knowledgeable about VMware vcloud Director, vsphere, vcenter, EMC storage systems, and networking concepts. You need at least a high-level understanding of CloudLink SecureVSA functionality. 7

8 Terminology This paper includes the following terminology. Table 1. Terminology Term RSA DPM EaaS CloudLink Center CloudLink Gateway CloudLink vnode DAS DRaaS IaaS NAS SAN VDIaaS VPN VSA Definition RSA Data Protection Manager Encryption as a Service Management console for CloudLink that integrates with encryption key stores. CloudLink Center may also be referred to as the CloudLink Gateway when describing the CloudLink node represented. Software virtual appliance that provides encrypted storage and the management interface (see CloudLink Center) Software virtual appliance that provides encrypted storage Direct-attached storage Disaster Recovery as a Service Infrastructure as a Service Network-attached storage Storage Area Network VDI as a Service Virtual Private Network Virtual Storage Appliance 8

9 Technology overview CloudLink SecureVSA is a software-defined storage encryption solution that is designed to secure sensitive data in virtualized and multitenant cloud environments. It is delivered as a virtual storage appliance that can be deployed on a perapplication, per-tenant basis and provides a software encryption layer between virtualized applications and physical storage, as shown in Figure 1. Figure 1. CloudLink SecureVSA To offer EaaS, service providers install CloudLink SecureVSA in the existing VMware vsphere or vcloud Director cloud platform. CloudLink SecureVSA includes three components: CloudLink vnode CloudLink Gateway CloudLink Center CloudLink vnode CloudLink Gateway Service providers deploy this software virtual appliance over a shared storage resource to provide encrypted virtual storage for the tenant s workloads and establish an encrypted tunnel to a CloudLink Gateway for encryption key management. Optionally, this tunnel can also be used as a network extension between customer networks and the network in the tenant s virtual data center in the cloud. Service providers who want to offer self-service CloudLink-based EaaS can offer the CloudLink vnode as a service template in their service catalogs. Service providers deploy this software virtual appliance in the service provider cloud or on-site in the customer private data center. The CloudLink Gateway establishes a secure connection for managing CloudLink vnodes in the cloud. Like CloudLink 9

10 vnode, CloudLink Gateway supports storage encryption. The Gateway generates enterprise-controlled encryption keys, places them in a secure key store, and delivers them through the secure tunnel to the vnodes deployed in the cloud. In addition, the Gateway authenticates vnodes, monitors connectivity, and initiates performance testing. Note: The CloudLink Gateway is not a traditional IT gateway. It is a CloudLink SecureVSA component to which CloudLink vnodes connect. CloudLink Center A web-service application delivered as part of the CloudLink Gateway, CloudLink Center provides a user interface to configure and manage CloudLink SecureVSA. CloudLink Center provides secure storage encryption management, network monitoring and testing, and provides audit trails of actions, alarms, and security events. A representative display from the CloudLink Center is shown in Figure 2. Figure 2. CloudLink Center management interface Note: CloudLink Center is one of two management interfaces. The other is a low-level appliance console that is used to deploy vnodes and the CloudLink Gateway. 10

11 Solution architecture Overview CloudLink SecureVSA is a software-defined storage encryption solution designed to secure sensitive data on a virtualized and multitenant cloud environment. It is delivered as a virtual storage appliance which can be deployed on a per-application, per-tenant basis, and provides a software encryption layer between virtualized applications and physical storage. EaaS uses CloudLink SecureVSA to provide cryptographic protection of sensitive data while enabling the data owner to keep control over security and compliance in a multitenant virtualized cloud environment. Service providers can offer EaaS to customers who need to encrypt their workloads and data in a multitenant cloud environment to meet data security and regulatory compliance requirements. CloudLink EaaS adopts a secure storage overlay approach to encrypt data so that it is transparent to applications and works across various underlying storage systems that service providers use. This premium service enables secure Infrastructure as a Service (IaaS), secure VDI as a service, and secure DRaaS in private, public or hybrid cloud environments. CloudLink SecureVSA provides the following important capabilities: Presents itself as a secure datastore or multiple datastores to the hypervisor and encrypts virtual machine disks transparently without changing applications. Service providers can deploy CloudLink as an encrypted storage overlay over physical storage systems and allocate the encrypted storage resource to respective tenants. Presents itself as a secure software storage appliance to virtual machines directly over Microsoft SMB, NFS, or iscsi. Service providers are able to offer this as part of their service template and tenants can enable this encryption service in a self-service model. Enables the enterprise or tenant to control the encryption key and security policy related to accessing the encrypted storage. Integrates with existing enterprise key management, RSA Data Protection Manager (DPM), to secure data in the cloud environment. Enterprises can benefit from their existing investment and enterprise key management expertise. As an alternative, Microsoft Active Directory server is supported as a CloudLink encryption key store. Supports heterogeneous cloud storage systems providing full protection for the service provider s existing storage system investment. The software encryption layer spans the entire cloud storage infrastructure. Supports all existing data center operations provided by cloud platforms, including virtual machine live migration, storage backup, replication, high availability, and fault tolerance capacity. 11

12 Depending on customer requirements, service providers can offer EaaS in a variety of ways: CloudLink SecureVSA as an encryption service template within a service catalog. Each tenant is able to install SecureVSA in a self-service manner and use it on a pay-as-you-go basis. CloudLink SecureVSA as part of a storage service and encrypted storage as part of a storage resource pool for workload deployment by a particular tenant. Encryption key management options: The service provider assumes full responsibility for encryption key management in a managed cloud service model. The tenant assumes responsibility for key management. A hybrid model, where an enterprise can use CloudLink on site to encrypt the data in its private data center environment, and also to encrypt the data in the service provider environment. Figure 3 represents the solution architecture. Figure 3. EaaS solution architecture Data-at-rest encryption In a multitenant cloud, CloudLink SecureVSA is deployed on a per-tenant basis. In this shared cloud infrastructure environment, storage is connected to the hypervisor either directly or by using standard SAN (FC, FCoE), NAS, or iscsi protocols. Each tenant has its own dedicated CloudLink vnode instance or a dedicated virtual volume on a CloudLink vnode instance on top of this shared infrastructure. Each tenant encrypts the volume and stores the encryption key safely on premises and within its control. By doing this, multiple secure virtual storage volumes are created on top of the shared storage infrastructure. All data in each secure volume are AES-256- encrypted with a unique encryption key controlled by the tenant. Once a secure 12

13 virtual storage volume is created, vnode exposes this volume in either secure datastore mode or secure NAS mode. Secure datastore mode The secure datastore mode for CloudLink SecureVSA provides encrypted storage for use by the hypervisor (VMware vsphere or Microsoft Hyper-V). In this mode, virtual machines associated with the encrypted datastore can be thought of as running in an encrypted container. The entire virtual machine can reside within the encrypted datastore. Alternatively, administrators can choose to associate only the data volumes with the encrypted datastore, using a standard datastore for the operating system and application volume. Administrators can then combine volumes into a single large datastore. Alternatively, each attached volume can be encrypted with unique encryption keys and shared as individual datastores. The benefit of encrypted datastore mode is that it is completely transparent to the virtual machines running with the encrypted datastore, requiring no changes or modifications to virtualized servers and applications (agentless). This mode also offers the benefits of supporting standard VMware features such as Distributed Resource Scheduler (DRS), high availability (HA), fault tolerance (FT), and Storage vmotion. Secure datastore mode is depicted in Figure 4. Figure 4. Secure datastore mode Secure NAS mode The Secure NAS mode of CloudLink SecureVSA provides encrypted storage at the network level for virtual machines using NFS, CIFS/SMB, or iscsi protocols. Similar to encrypted datastore mode, encrypted NAS mode is an agentless data at rest encryption solution, with the encryption completely transparent to the virtual machines and applications attached or mapped to the NAS. Administrators can combine volumes into a single large network share. Alternatively, each attached volume can be encrypted with unique encryption keys and shared individually. Figure 5 represents secure NAS mode. 13

14 Figure 5. Secure NAS mode 14

15 System requirements CloudLink SecureVSA supports any cloud platform based on VMware vsphere 4.1 or later and vcloud Director 5.1. CloudLink vnode requirements CloudLink Gateway requirements Typical system requirements for CloudLink vnode include the following: Two vcpus (recommended) 4 GB vram (recommended) ESX server with CPUs that support Advanced Encryption Standard New Instructions (AES-NI), which is highly recommended for better encryption performance 8 GB storage for deploying vnode Network requirements: One network interface for managing a CloudLink Gateway One IP storage network interface for a vnode to present itself as a virtual storage appliance directly to virtual machines (in secure NAS mode) or to the ESX hypervisor as a datastore An additional network interface for virtual machines to communicate with VPN tunnel, if required Virtual disks from vsphere or from vcloud Director to use as an encrypted storage resource; up to 10 TB can be supported per vnode Typical system requirements for CloudLink Gateway include: One vcpu (recommended) if CloudLink Gateway is used only as a management node (CloudLink Center); two vcpus (recommended) if CloudLink Gateway is used as both a management node and storage encryption node 1 GB vram (recommended) if CloudLink Gateway is used only as a management node (CloudLink Center); 4 GB vram (recommended) if CloudLink Gateway is used as both a management node and storage encryption node 8 GB storage for deploying CloudLink Gateway Network requirements: One network interface for managing CloudLink vnodes An IP storage network interface for CloudLink Gateway to present itself as a virtual storage appliance directly to virtual machines (in Secure NAS mode) or to the ESX hypervisor as a datastore when CloudLink Gateway is used as a storage encryption node An additional network interface for virtual machines to communicate with VPN tunnel if required Virtual disks from vsphere or from vcloud Director for use as an encrypted storage resource up to 10 TB can be supported per CloudLink Gateway CloudLink Center is part of CloudLink Gateway; accessing the CloudLink Center web interface requires a web browser with Adobe Flash plug-in 15

16 Common deployment models Overview CloudLink SecureVSA components can be distributed across the customer s private data center and the service provider s multitenant cloud to meet a variety of EaaS deployment situations. This section describes three common EaaS deployment models, as represented by Tenant 1, Tenant 2, and Tenant 3 in Figure 6. Each customer has a dedicated private data center. The multitenant service provider cloud includes one resource pool for each tenant for CloudLink SecureVSA encrypted storage. Tenant 4 represents a tenant that is hosted in the multitenant cloud but does not use the encryption services of CloudLink SecureVSA. Figure 6. Deployment models The three customers who make use of CloudLink SecureVSA encrypted storage in this example represent the three common deployment models that are described in this White Paper: Model 1 All CloudLink SecureVSA components and the key store are deployed in the Tenant 1 cloud resource pool. The service provider maintains control over the encryption keys and the security policy. From web browsers in the private data center, the customer s users can access the encrypted storage in the service provider s cloud using NAS protocols (CloudLink Secure NAS mode) or indirectly through applications that use the encrypted storage (CloudLink Secure Datastore mode). This model has two submodels: Single CloudLink Gateway in the Tenant 1 resource pool, which supports both CloudLink management and storage encryption Single CloudLink Gateway with one or more CloudLink vnodes. In this model, the storage encryption function is performed by the vnodes, and the CloudLink Gateway manages these vnodes 16

17 Model 2 All CloudLink SecureVSA components are deployed in the Tenant 2 cloud resource pool. The key store is hosted in the private data center, and the customer maintains control over encryption keys and security policy. As in Model 1, the same two submodels exist here: Single CloudLink Gateway Single CloudLink Gateway that manages multiple CloudLink vnodes Model 3 Only CloudLink vnode is deployed in the Tenant 3 resource pool. The CloudLink Gateway and key store are hosted in the private data center, and the customer maintains control over encryption keys and security policy. Model 1 Full deployment in the cloud Many customers prefer the service provider to take responsibility for managing the CloudLink SecureVSA components and the key store. For these customers, service providers can use a deployment model in which the CloudLink Gateway, vnode, and key store are deployed in the appropriate tenant resource pool in the service provider s cloud, as shown in Figure 7. Figure 7. Model 1 deployment 17

18 Model 1 workflow The workflow in Figure 8 represents the tasks for a full CloudLink SecureVSA deployment in the service provider s cloud. In this workflow, the service provider performs all tasks. Workflow Start Deploy Gateway OVF template Add private network interface for Gateway Configure Gateway Deploy vnode OVF template Add SAN network interface and hard disks for vnode, and configure SAN interface properties (optional) Add private network interface for vnode Configure vnode (including VPN) Upload and assign storage license for vnode Merge disks (optional) Configure encryption key store Format secure storage Configure access to secure storage Create secure datastore (optional) End Figure 8. Model 1 workflow 18

19 Model 1 workflow reference Table 2 lists each task shown in Figure 8 for a full CloudLink SecureVSA deployment in the service provider s cloud. Table 2. Model 1 workflow references Task Deploy the CloudLink Gateway OVF template Add the private network interface for the Gateway Configure the Gateway Deploy the vnode OVF template Add SAN and private network interfaces, add hard disks for vnode, and configure SAN interface properties. Configure vnode, including VPN connection Merge disks (optional) Merge disks to present multiple disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume. Configure encryption key store Reference/topic Scalable Encrypted Storage Overlay Deploying the CloudLink Gateway OVF Template Adding Components Deploy a Gateway with No Storage Scalable Encrypted Storage Overlay Configuring the CloudLink Gateway Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Managing Storage Licenses: Uploading Storage Licenses Assigning Storage Licenses Managing Secure Storage Merging Volumes Managing Secure Storage Encryption Key Store Management 19

20 Task Format secure storage Configure access to secure storage (for Secure NAS mode only) Create secure datastore (for Secure Datastore mode only) Reference/topic Managing Secure Storage Formatting Volumes Managing Secure Storage: Configuring NFS/SMB Access to Secure Storage Configuring iscsi Access to Secure Storage Managing Secure Storage Configuring Secure Datastore Model 2 Key store in the private data center with SecureVSA in the cloud Some customers want the service provider to be responsible for managing the CloudLink SecureVSA components but prefer to retain control over encryption keys and security policy. For these customers, service providers can use a deployment model in which the key store is hosted in the customer s private data center, and CloudLink SecureVSA components are hosted in the appropriate tenant resource pool in the service provider s cloud, as shown in Figure 9. Figure 9. Model 2 deployment 20

21 Model 2 workflow The workflow in Figure 100 represents the tasks for a key store in the private data center with all CloudLink SecureVSA components in the service provider s cloud. Resources Workflow Start Deploy Gateway OVF template Add private network interface for Gateway Configure Gateway Deploy vnode OVF template Add SAN network interface and hard disks for vnode, and configure SAN interface properties (optional) Service Provider Add private network interface for vnode Configure vnode to point of VPN setup steps Generate one-time passcode Set up VPN using one-time passcode Provide CloudLink Center credentials and URL, and storage license to customer Upload and assign storage license for vnode Merge disks (optional) Customer Configure encryption key store Format secure storage Configure access to secure storage Service Provider Create secure datastore (optional) End Figure 10. Model 2 workflow 21

22 Model 2 workflow reference Table 3 lists each task shown in the deployment workflow for a key store in the private data center, components in the service provider s cloud. For each task, the table identifies the party responsible for the task and the appropriate topic for more information in the related references. Table 3. Model 2 workflow reference Task Service Provider deploys the Gateway OVF template Service Provider adds the private network interface for the Gateway Service Provider configures the Gateway Service provider deploys the vnode OVF template Service provider adds SAN and private network interfaces, adds hard disks for vnode, and configures SAN interface properties Service provider configures the vnode to the point where the VPN setup steps begin Service provider generates the one-time passcode Reference/topic Scalable Encrypted Storage Overlay Deploying the CloudLink Gateway OVF Template Adding Components Deploy a Gateway with No Storage Scalable Encrypted Storage Overlay Configuring the CloudLink Gateway Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Adding Components Configuring CloudLink for Use as Datastore Storage Process for Configuration Scalable Encrypted Storage Overlay Configuring the vnode Scalable Encrypted Storage Overlay Configuring the vnode Note: The steps to generate the one-time passcode in CloudLink Center on the CloudLink Gateway are provided at the end of the procedure to configure the vnode. 22

23 Task Service provider sets up the VPN connection to connect the vnode to the Gateway using the one-time passcode Service provider provides the CloudLink Center credentials and URL, and storage license to the customer Customer uploads and assigns storage license for vnode Customer merges disks (optional) Merge disks to present multiple disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume. Customer configures encryption key store Customer formats secure storage Customer configures access to secure storage (for Secure NAS mode only) Service provider creates secure datastore (for Secure Datastore mode only) Reference/topic Scalable Encrypted Storage Overlay, Configuring the vnode Note: The steps to set up the VPN connection, including entering the one-time passcode are provided at the end of the procedure to configure the vnode. n/a Managing Storage Licenses: Uploading Storage Licenses Assigning Storage Licenses Managing Secure Storage Merging Volumes Managing Secure Storage Encryption Key Store Management Managing Secure Storage Formatting Volumes Managing Secure Storage: Configuring NFS/SMB Access to Secure Storage Configuring iscsi Access to Secure Storage Managing Secure Storage Configuring Secure Datastore 23

24 Model 3 Key Store and CloudLink gateway in the private data center with the vnode in the cloud Some customers prefer the service provider to be responsible only for providing CloudLink SecureVSA encrypted storage. These customers prefer to maintain control over the CloudLink Gateway and the encryption keys and security policy in a hybrid cloud environment. For these customers, service providers can use a deployment model in which the CloudLink vnode is deployed in the appropriate tenant resource pool in the service provider s cloud, and the CloudLink Gateway and the key store are hosted in the customer s private data center, as shown in Figure 11. Figure 11. Model 3 deployment 24

25 Model 3 workflow The workflow in Figure 12 represents the tasks for the key store and CloudLink Gateway in the private data center, with the CloudLink vnode in the service provider s cloud. The workflow identifies whether the service provider or customer performs each task. Resources Workflow Start Deploy Gateway OVF template Customer Add private network interface for Gateway Configure Gateway Deploy vnode OVF template Service Provider Add SAN network interface and hard disks for vnode, and configure SAN interface properties (optional) Add private network interface for vnode Configure vnode (including VPN) Upload and assign storage license for vnode Merge disks (optional) Customer Configure encryption key store Format secure storage Configure access to secure storage Create secure datastore (optional) Service Provider End Figure 12. Model 3 workflow 25

26 Model 3 workflow reference Table 4 lists each task for a key store and CloudLink Gateway in the private data center, with the CloudLink vnode in the service provider s cloud. For each task, the table identifies the party responsible for the task and the appropriate topics for more information in the related references. Table 4. Model 3 workflow reference Task Customer deploys the CloudLink Gateway OVF template Customer adds the private network interface for the Gateway Customer configures the Gateway Service provider deploys the vnode OVF template Service provider adds SAN and private network interfaces, adds hard disks for vnode, and configures SAN interface properties Customer configures vnode, including VPN connection Customer uploads and assigns storage license for vnode Reference/topic Scalable Encrypted Storage Overlay Deploying the CloudLink Gateway OVF Template Adding Components Deploy a Gateway with No Storage Scalable Encrypted Storage Overlay Configuring the CloudLink Gateway Scalable Encrypted Storage Overlay Deploying the vnode OVF Template Adding Components Configuring CloudLink for Use as Datastore Storage Process for Configuration Scalable Encrypted Storage Overlay Configuring the vnode Managing Storage Licenses: Uploading Storage Licenses Assigning Storage Licenses 26

27 Task Customer merges disks (optional) Merge disks to present multiple disks as a single encrypted storage volume. Otherwise, each disk is presented as a separate encrypted storage volume. Customer configures encryption key store Customer formats secure storage Customer configures access to secure storage (for Secure NAS mode only) Service provider creates secure datastore (For Secure datastore mode only) Reference/topic Managing Secure Storage Merging Volumes Managing Secure Storage Encryption Key Store Management Managing Secure Storage Formatting Volumes Managing Secure Storage: Configuring NFS/SMB Access to Secure Storage Configuring iscsi Access to Secure Storage Managing Secure Storage Configuring Secure Datastore 27

28 CloudLink management CloudLink Center provides web-based management of encryption services, including: Key management Configuration of key stores and key changing scheduling policies. Encrypted storage management Merging disks, resizing the storage, and locking or unlocking encrypted storage volumes. Secure communication management between CloudLink Gateway and CloudLink vnodes Key delivery, VPN traffic, and authentication status of CloudLink vnodes. Performance monitoring Monitoring of storage and network performance. The performance data for the past 24 hours is reported and can be exported as a spreadsheet file. Security event and log management All security events and logs are displayed on CloudLink Center. They can be sent to an external application using SNMP or consolidated on a central syslog server. CloudLink Center supports role-based administration, which separates security management from infrastructure administration. There are three pre-defined roles in CloudLink: security administrator (secadmin), regular IT administrator (admin), and observer for monitoring. Each role has its own unique privilege set as defined in Table 5. Table 5. In a Model 1 deployment, the service providers assume the roles of secadmin and admin while the tenants assume the role of observer. In Model 2 and Model 3 deployments where the tenants control the data security and encryption keys, the tenants assume the role of secadmin and the service providers assume the admin role. The observer role can be assigned to both tenants and service providers, as required. Role-based administration Operation SEC admin Admin Observer Control of keys for encrypted storage VPN configuration and control Network performance and SLA monitoring View VM security audit status View security events View actions View alarms and events Syslog/SNMP configuration 28

29 Encryption key management Each CloudLink SecureVSA encrypted virtual storage volume has two associated encryption keys: The data encryption key (DEK) is generated by the CloudLink vnode on a pervolume basis to encrypt data at block level using AES-256. The DEK is then encrypted with a key encryption key (KEK) and stored on the disk with the data. Data security administrators have full control of the encryption keys and the KEKs can be updated regularly by the security administrators using CloudLink Center. Special care must be taken to ensure that enterprise-owned data are never stored or transferred in clear text and can be promptly withdrawn by the enterprise at any time. Cloud administrators do not have access to DEKs and KEKs; therefore, neither cloud administrators, nor other tenants or intruders can access enterprise data in the cloud. KEKs are generated and managed by the CloudLink Gateway. They must be changed regularly according to key management policies and kept in a safe place to ensure the safety of encrypted data. CloudLink supports three key stores: RSA Data Protection Manager (DPM) provides a key store that is tamper proof and supports high availability. The RSA DPM client is integrated into CloudLink Gateway. Microsoft Active Directory provides an alternate secure encryption key store. This option allows an enterprise to use its existing Active Directory deployment and securely store cloud encryption keys. KEKs may also be stored within the CloudLink Gateway. This option is suitable for trials and testing but is not recommended for production deployment. Figure 13. Key store configuration CloudLink Center is the entry point for CloudLink SecureVSA key management. Depending on the deployment models discussed above, the key management can be performed by the service provider security administrators or by enterprise data security administrators. Through the CloudLink Center interface, the security 29

30 administrator can monitor and control the availability of encrypted volumes by choosing whether KEKs are made available to the CloudLink SecureVSA cipher. CloudLink Center s lock operation withdraws the KEK for an encrypted volume from the CloudLink SecureVSA, preventing it from decrypting the volume s DEK and rendering the data stored on the volume unavailable. Conversely, the unlock operation provides the KEK for an encrypted volume to CloudLink which then uses it to decrypt the volume s DEK and uses the DEK to decrypt and make the data available. Using CloudLink Center, the security administrator can also perform key change operations, either on demand or on a scheduled policy basis. Figure 14 shows the options for locking and unlocking encrypted storage. Figure 14. Locking and unlocking encrypted storage RSA DPM integration CloudLink SecureVSA provides out-of-box integration with RSA DPM. All storage KEKs created and managed by CloudLink can be stored securely in DPM. DPM provides centralized key vaulting, protection and recoverability of the keys. The keys are generated by CloudLink and provided to DPM for safe storage. They are then retrieved by CloudLink and provided to CloudLink vnodes that must provide access to their encrypted storage volumes (that is, to unlock the volumes). At any time, a security administrator using CloudLink Center can instruct CloudLink to lock one or all of a node s encrypted volumes. CloudLink then issues a lock command to the node and the node destroys its cached version of the storage KEKs. RSA DPM is available in the following form factors: Hardware appliance Virtual appliance Software server deployable in customer software infrastructure. 30

31 Both the hardware and virtual appliances come with a prepackaged software stack that includes a web application server, enterprise-class database, and access management. Client applications authenticate with the server using mutual SSL. A client application using a DPM client for encryption and key management can operate with a local protected cache for keys. Figure 15 shows a typical deployment architecture for key management that contains at least two load-balanced nodes within the primary site for high availability and more nodes in remote sites for scalability or disaster recovery purposes, all clustered together. All nodes in a cluster are active. DPM appliances come with built-in replication to keep all the nodes in sync. RSA DPM virtual and hardware appliances can be deployed in the same way. Client Apps/Systems Distributed load balancing Local load balancing Local load balancing Key Replication Key Replication Key Replication Primary Datacenter Secondary Datacenter Figure 15. Typical RSA DPM deployment architecture To use RSA DPM to store CloudLink KEKs, ensure that an RSA DPM host version 3.1 or later is accessible by the CloudLink Gateway though its private LAN network. The and the CloudLink SecureVSA v2.2 VMware vsphere provide more information on deploying, configuring, and using CloudLink. To prepare RSA DPM for storage of CloudLink KEKs: 1. Log on to the RSA Data Protection Manager console. 2. Create an identity that belongs to a particular RSA DPM identity group, as shown in Figure

32 Figure 16. Creating an RSA DPM identity 3. Create a security class object with infinite duration that belongs to the same RSA DPM identity group, as shown in Figure 17. Figure 17. Creating a security class object To configure CloudLink to use RSA Data Protection Manager as its key store: 1. Open CloudLink Center on the Gateway using the secadmin user account. 2. Under the topology tree, select the gateway. 3. Click Security > Key Store. 4. To configure CloudLink to use RSA Data Protection Manager for KEK storage, under Location, click RSA DPM. 5. Under RSA DPM Configuration, shown in Figure 18, specify the RSA DPM parameters: Host RSA DPM host IP address 32

33 Port TCP port number configured on the RSA DPM host (default port is 443) Security Class Name Name of the security class configured on the RSA DPM host for the RSA DPM client Trust Certificate RSA DPM server certificate Client Certificate RSA DPM client certificate Password Password used during creation of the RSA DPM client certificate 6. Click Apply. Figure 18. RSA DPM Configuration panel in CloudLink Center CloudLink Gateway displays the RSA DPM status as Accessible. It creates a new entry in the CloudLink Center Actions log, as shown in Figure 18, and records a Key store change security event, as shown in Figure 19. Figure 19. Key store change security event recorded by CloudLink Microsoft Active Directory integration As an alternative to using RSA DPM as a key store, you can configure Microsoft Active Directory as a CloudLink key store. It is very important that the Active Directory server is properly backed up to ensure the safety of the encryption key. Losing the encryption key will cause data loss. For high availability and disaster recovery, Active Directory servers acting as CloudLink key stores are deployed on both the product site and the DR site. 33

34 Configuring Active Directory as a key store To use Active Directory to store CloudLink encryption keys, deploy a Windows Server to be accessible by CloudLink Center from its private LAN network. During this procedure, you must provide the host name of the Windows Server, which means you must have already set up the DNS server. To configure the Active Directory for the CloudLink encryption key store on a Windows 2003 or 2008 Server that is configured as a domain controller, the following highlevel steps are required. 1. Set up an organization unit on Windows Server. 2. Create a bind user. 3. Add the bind user to the security group. 4. Record the DN of CloudLink. 5. Apply the domain controller in CloudLink. For detailed configuration instructions, refer to the CloudLink SecureVSA v2.2 VMware vsphere. 34

35 Conclusion EMC EaaS powered by CloudLink SecureVSA enables cloud service providers to address the compliance and data security requirements of their customers. It eases concerns of cloud service customers about their data security in a multitenant environment by providing them with a tool to manage the encryption keys and security policy. It generates additional service revenue associated with a premium encryption service, which requires data encryption in the cloud, and additional workloads moving into the cloud. CloudLink SecureVSA is very easy to deploy, and is transparent to business applications and underlying infrastructure. It is a granular encryption solution that is workload driven and can be deployed on a per-tenant basis. It encrypts only the data for which tenants and applications require encryption. Other workloads in the cloud environment can continue to use regular cloud storage. The three deployment models described in this White Paper demonstrate the ease with which CloudLink SecureVSA can be deployed and configured by service providers and their customers. With flexible key management options, customers always have a choice to entrust cloud service providers to manage the key on their behalf or to use existing enterprise key management to secure their data in the service provider environment. The enterprise key management investment is fully protected. CloudLink EaaS secures the cloud and ultimately helps enterprises to trust the cloud. References VMware documentation For additional information, see the documents listed below. CloudLink SecureVSA v2.2 VMware vcloud Director Supplementary Deployment Guide 35

PROTECTING DATA IN MULTI-TENANT CLOUDS

PROTECTING DATA IN MULTI-TENANT CLOUDS 1 Introduction Today's business environment requires organizations of all types to reduce costs and create flexible business processes to compete effectively in an ever-changing marketplace. The pace of

More information

Implementation Guide for EMC for VSPEX Private Cloud Environments. CloudLink Solution Architect Team

Implementation Guide for EMC for VSPEX Private Cloud Environments. CloudLink Solution Architect Team VSPEX IMPLEMENTATION GUIDE CloudLink SecureVSA Implementation Guide for EMC for VSPEX Private Cloud Environments CloudLink Solution Architect Team Abstract This Implementation Guide describes best practices

More information

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds February 2011 1 Introduction Today's business environment requires organizations

More information

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2 RSA Authentication Manager 8.1 Setup and Configuration Guide Revision 2 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm

More information

EMC Data Domain Management Center

EMC Data Domain Management Center EMC Data Domain Management Center Version 1.1 Initial Configuration Guide 302-000-071 REV 04 Copyright 2012-2015 EMC Corporation. All rights reserved. Published in USA. Published June, 2015 EMC believes

More information

Installing and Configuring vcenter Support Assistant

Installing and Configuring vcenter Support Assistant Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

INTEGRATING CLOUD ORCHESTRATION WITH EMC SYMMETRIX VMAX CLOUD EDITION REST APIs

INTEGRATING CLOUD ORCHESTRATION WITH EMC SYMMETRIX VMAX CLOUD EDITION REST APIs White Paper INTEGRATING CLOUD ORCHESTRATION WITH EMC SYMMETRIX VMAX CLOUD EDITION REST APIs Provisioning storage using EMC Symmetrix VMAX Cloud Edition Using REST APIs for integration with VMware vcloud

More information

INCORPORATING CLOUDLINK SECUREVSA OFFERINGS IN EMC VSPEX DESIGNS

INCORPORATING CLOUDLINK SECUREVSA OFFERINGS IN EMC VSPEX DESIGNS INCORPORATING CLOUDLINK SECUREVSA OFFERINGS IN EMC VSPEX DESIGNS 2014 CloudLink Technologies Inc. All rights reserved. The Copyright in this document belongs to CloudLink Technologies Inc. and no part

More information

Deployment and Configuration Guide

Deployment and Configuration Guide vcenter Operations Manager 5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION Automated file synchronization Flexible, cloud-based administration Secure, on-premises storage EMC Solutions January 2015 Copyright 2014 EMC Corporation. All

More information

AFORE CLOUDLINK ON VBLOCK SYSTEMS

AFORE CLOUDLINK ON VBLOCK SYSTEMS Table of Contents About this document... 3 Audiences... 3 Introduction... 3 Business Case... 3 Solution Overview... 4 Technology Overview... 5 AFORE CloudLink Secure VSA... 5 The CloudLink Architecture...

More information

VMware vsphere 5.1 Advanced Administration

VMware vsphere 5.1 Advanced Administration Course ID VMW200 VMware vsphere 5.1 Advanced Administration Course Description This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter.

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

MICROSOFT CLOUD REFERENCE ARCHITECTURE: FOUNDATION

MICROSOFT CLOUD REFERENCE ARCHITECTURE: FOUNDATION Reference Architecture Guide MICROSOFT CLOUD REFERENCE ARCHITECTURE: FOUNDATION EMC VNX, EMC VMAX, EMC ViPR, and EMC VPLEX Microsoft Windows Hyper-V, Microsoft Windows Azure Pack, and Microsoft System

More information

EMC Business Continuity for VMware View Enabled by EMC SRDF/S and VMware vcenter Site Recovery Manager

EMC Business Continuity for VMware View Enabled by EMC SRDF/S and VMware vcenter Site Recovery Manager EMC Business Continuity for VMware View Enabled by EMC SRDF/S and VMware vcenter Site Recovery Manager A Detailed Review Abstract This white paper demonstrates that business continuity can be enhanced

More information

VMware vcenter Log Insight Getting Started Guide

VMware vcenter Log Insight Getting Started Guide VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Acronis Backup & Recovery 11 Virtual Edition

Acronis Backup & Recovery 11 Virtual Edition Acronis Backup & Recovery 11 Virtual Edition Backing Up Virtual Machines Copyright Acronis, Inc., 2000-2011. All rights reserved. Acronis and Acronis Secure Zone are registered trademarks of Acronis, Inc.

More information

Building the Virtual Information Infrastructure

Building the Virtual Information Infrastructure Technology Concepts and Business Considerations Abstract A virtual information infrastructure allows organizations to make the most of their data center environment by sharing computing, network, and storage

More information

EMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS

EMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS EMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS A Detailed Review ABSTRACT This white paper highlights integration features implemented in EMC Avamar with EMC Data Domain deduplication storage systems

More information

VMware vsphere: [V5.5] Admin Training

VMware vsphere: [V5.5] Admin Training VMware vsphere: [V5.5] Admin Training (Online Remote Live TRAINING) Summary Length Timings : Formats: Lab, Live Online : 5 Weeks, : Sat, Sun 10.00am PST, Wed 6pm PST Overview: This intensive, extended-hours

More information

VMware vcloud Air - Disaster Recovery User's Guide

VMware vcloud Air - Disaster Recovery User's Guide VMware vcloud Air - Disaster Recovery User's Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Whitepaper. NexentaConnect for VMware Virtual SAN. Full Featured File services for Virtual SAN

Whitepaper. NexentaConnect for VMware Virtual SAN. Full Featured File services for Virtual SAN Whitepaper NexentaConnect for VMware Virtual SAN Full Featured File services for Virtual SAN Table of Contents Introduction... 1 Next Generation Storage and Compute... 1 VMware Virtual SAN... 2 Highlights

More information

Veeam Cloud Connect. Version 8.0. Administrator Guide

Veeam Cloud Connect. Version 8.0. Administrator Guide Veeam Cloud Connect Version 8.0 Administrator Guide April, 2015 2015 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be

More information

Advanced Service Design

Advanced Service Design vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

Installing and Using the vnios Trial

Installing and Using the vnios Trial Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM

More information

vsphere Replication for Disaster Recovery to Cloud

vsphere Replication for Disaster Recovery to Cloud vsphere Replication for Disaster Recovery to Cloud vsphere Replication 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Foundations and Concepts

Foundations and Concepts vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT

PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT White Paper PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT Abstract This white paper examines the deployment considerations for ProSphere, the next generation of Storage Resource Management (SRM) from

More information

TRANSFORMING DATA PROTECTION

TRANSFORMING DATA PROTECTION TRANSFORMING DATA PROTECTION Moving from Reactive to Proactive Mark Galpin 1 Our Protection Strategy: Best Of Breed Performance LEADER HIGH-END STORAGE VMAX Low Service Level LEADER SCALE-OUT NAS STORAGE

More information

EMC Integrated Infrastructure for VMware

EMC Integrated Infrastructure for VMware EMC Integrated Infrastructure for VMware Enabled by EMC Celerra NS-120 Reference Architecture EMC Global Solutions Centers EMC Corporation Corporate Headquarters Hopkinton MA 01748-9103 1.508.435.1000

More information

EMC Integrated Infrastructure for VMware

EMC Integrated Infrastructure for VMware EMC Integrated Infrastructure for VMware Enabled by Celerra Reference Architecture EMC Global Solutions Centers EMC Corporation Corporate Headquarters Hopkinton MA 01748-9103 1.508.435.1000 www.emc.com

More information

VMware vsphere Data Protection 6.0

VMware vsphere Data Protection 6.0 VMware vsphere Data Protection 6.0 TECHNICAL OVERVIEW REVISED FEBRUARY 2015 Table of Contents Introduction.... 3 Architectural Overview... 4 Deployment and Configuration.... 5 Backup.... 6 Application

More information

VMware Workspace Portal Reference Architecture

VMware Workspace Portal Reference Architecture VMware Workspace Portal 2.1 TECHNICAL WHITE PAPER Table of Contents Executive Summary.... 3 Overview.... 4 Hardware Components.... 5 VMware vsphere.... 5 VMware Workspace Portal 2.1.... 5 VMware Horizon

More information

VirtualclientTechnology 2011 July

VirtualclientTechnology 2011 July WHAT S NEW IN VSPHERE VirtualclientTechnology 2011 July Agenda vsphere Platform Recap vsphere 5 Overview Infrastructure Services Compute, Storage, Network Applications Services Availability, Security,

More information

VMware VDR and Cloud Storage: A Winning Backup/DR Combination

VMware VDR and Cloud Storage: A Winning Backup/DR Combination VMware VDR and Cloud Storage: A Winning Backup/DR Combination 7/29/2010 CloudArray, from TwinStrata, and VMware Data Recovery combine to provide simple, fast and secure backup: On-site and Off-site The

More information

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager

VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager VMTurbo Operations Manager 4.5 Installing and Updating Operations Manager VMTurbo, Inc. One Burlington Woods Drive Burlington, MA 01803 USA Phone: (781) 373---3540 www.vmturbo.com Table of Contents Introduction

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Vmware VSphere 6.0 Private Cloud Administration

Vmware VSphere 6.0 Private Cloud Administration To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Vmware VSphere 6.0 Private Cloud Administration Class Duration 5 Days Introduction This fast paced,

More information

VMware vsphere 5.0 Boot Camp

VMware vsphere 5.0 Boot Camp VMware vsphere 5.0 Boot Camp This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter. Assuming no prior virtualization experience, this

More information

EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter

EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, VMware vcenter Converter A Detailed Review EMC Information Infrastructure Solutions Abstract This white paper

More information

vcloud Suite Architecture Overview and Use Cases

vcloud Suite Architecture Overview and Use Cases vcloud Suite Architecture Overview and Use Cases vcloud Suite 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX White Paper SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX Abstract This white paper explains the benefits to the extended enterprise of the on-

More information

VMware vcenter Log Insight Getting Started Guide

VMware vcenter Log Insight Getting Started Guide VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

EMC BACKUP-AS-A-SERVICE

EMC BACKUP-AS-A-SERVICE Reference Architecture EMC BACKUP-AS-A-SERVICE EMC AVAMAR, EMC DATA PROTECTION ADVISOR, AND EMC HOMEBASE Deliver backup services for cloud and traditional hosted environments Reduce storage space and increase

More information

EMC VIPR SRM: VAPP BACKUP AND RESTORE USING EMC NETWORKER

EMC VIPR SRM: VAPP BACKUP AND RESTORE USING EMC NETWORKER EMC VIPR SRM: VAPP BACKUP AND RESTORE USING EMC NETWORKER ABSTRACT This white paper provides a working example of how to back up and restore an EMC ViPR SRM vapp using EMC NetWorker. October 2015 WHITE

More information

Thinspace deskcloud. Quick Start Guide

Thinspace deskcloud. Quick Start Guide Thinspace deskcloud Quick Start Guide Version 1.2 Published: SEP-2014 Updated: 16-SEP-2014 2014 Thinspace Technology Ltd. All rights reserved. The information contained in this document represents the

More information

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

vsphere Replication for Disaster Recovery to Cloud

vsphere Replication for Disaster Recovery to Cloud vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

RSA Authentication Manager 8.1 Virtual Appliance Getting Started RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides

More information

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager Version 2.3 Installation and Configuration Guide 302-002-080 01 Copyright 2013-2015 EMC Corporation. All rights reserved.

More information

EMC VSPEX END-USER COMPUTING

EMC VSPEX END-USER COMPUTING IMPLEMENTATION GUIDE EMC VSPEX END-USER COMPUTING VMware Horizon 6.0 with View and VMware vsphere for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Data Protection EMC VSPEX Abstract This describes

More information

DESIGN AND IMPLEMENTATION GUIDE EMC DATA PROTECTION OPTION NS FOR VSPEXX PRIVATE CLOUD EMC VSPEX December 2014

DESIGN AND IMPLEMENTATION GUIDE EMC DATA PROTECTION OPTION NS FOR VSPEXX PRIVATE CLOUD EMC VSPEX December 2014 DESIGN AND IMPLEMENTATION GUIDE EMC DATA PROTECTION OPTIONS FOR VSPEX PRIVATE CLOUD EMC VSPEX December 2014 Copyright 2013-2014 EMC Corporation. All rights reserved. Published in USA. Published December,

More information

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE VSPEX IMPLEMENTATION GUIDE SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE Silver Peak Abstract This Implementation Guide describes the deployment of Silver Peak

More information

vsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration

vsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration Course Details Level: 1 Course: V6PCRE Duration: 5 Days Language: English Delivery Methods Instructor Led Training Instructor Led Online Training Participants: Virtualization and Cloud Administrators,

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Getting Started with OpenStack and VMware vsphere TECHNICAL MARKETING DOCUMENTATION V 0.1/DECEMBER 2013

Getting Started with OpenStack and VMware vsphere TECHNICAL MARKETING DOCUMENTATION V 0.1/DECEMBER 2013 Getting Started with OpenStack and VMware vsphere TECHNICAL MARKETING DOCUMENTATION V 0.1/DECEMBER 2013 Table of Contents Introduction.... 3 1.1 VMware vsphere.... 3 1.2 OpenStack.... 3 1.3 Using OpenStack

More information

Frequently Asked Questions: EMC UnityVSA

Frequently Asked Questions: EMC UnityVSA Frequently Asked Questions: EMC UnityVSA 302-002-570 REV 01 Version 4.0 Overview... 3 What is UnityVSA?... 3 What are the specifications for UnityVSA?... 3 How do UnityVSA specifications compare to the

More information

WHY SECURE MULTI-TENANCY WITH DATA DOMAIN SYSTEMS?

WHY SECURE MULTI-TENANCY WITH DATA DOMAIN SYSTEMS? Why Data Domain Series WHY SECURE MULTI-TENANCY WITH DATA DOMAIN SYSTEMS? Why you should take the time to read this paper Provide data isolation by tenant (Secure logical data isolation for each tenant

More information

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI Job oriented VMWARE training is offered by Peridot Systems in Chennai. Training in our institute gives you strong foundation on cloud computing by incrementing

More information

VMware vcloud Air Networking Guide

VMware vcloud Air Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

CloudLink Center Administration Guide for SecureVM 3.2

CloudLink Center Administration Guide for SecureVM 3.2 CloudLink Center Administration Guide for SecureVM 3.2 November 2014 THIS DOCUMENT CONTAINS CONFIDENTIAL AND TRADE SECRET INFORMATION OF CLOUDLINK TECHNOLOGIES AND RECEIPT OR POSSESSION DOES NOT CONVEY

More information

Virtual Web Appliance Setup Guide

Virtual Web Appliance Setup Guide Virtual Web Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance This guide describes the procedures for installing a Virtual Web Appliance. If you are installing

More information

PHD Virtual Backup for Hyper-V

PHD Virtual Backup for Hyper-V PHD Virtual Backup for Hyper-V version 7.0 Installation & Getting Started Guide Document Release Date: December 18, 2013 www.phdvirtual.com PHDVB v7 for Hyper-V Legal Notices PHD Virtual Backup for Hyper-V

More information

Unitrends Virtual Backup Installation Guide Version 8.0

Unitrends Virtual Backup Installation Guide Version 8.0 Unitrends Virtual Backup Installation Guide Version 8.0 Release June 2014 7 Technology Circle, Suite 100 Columbia, SC 29203 Phone: 803.454.0300 Contents Chapter 1 Getting Started... 1 Version 8 Architecture...

More information

NetIQ Aegis Adapter for VMware vcenter Server

NetIQ Aegis Adapter for VMware vcenter Server Contents NetIQ Aegis Adapter for VMware vcenter Server Configuration Guide May 2011 Overview... 1 Product Requirements... 1 Supported Configurations... 2 Implementation Overview... 2 Ensuring Minimum Rights

More information

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide Acronis Backup & Recovery 10 Advanced Server Virtual Edition Quick Start Guide Table of contents 1 Main components...3 2 License server...3 3 Supported operating systems...3 3.1 Agents... 3 3.2 License

More information

vcloud Air Disaster Recovery Technical Presentation

vcloud Air Disaster Recovery Technical Presentation vcloud Air Disaster Recovery Technical Presentation Agenda 1 vcloud Air Disaster Recovery Overview 2 What s New 3 Architecture 4 Setup and Configuration 5 Considerations 6 Automation Options 2 vcloud Air

More information

Deployment Options for Microsoft Hyper-V Server

Deployment Options for Microsoft Hyper-V Server CA ARCserve Replication and CA ARCserve High Availability r16 CA ARCserve Replication and CA ARCserve High Availability Deployment Options for Microsoft Hyper-V Server TYPICALLY, IT COST REDUCTION INITIATIVES

More information

EMC VPLEX WITNESS DEPLOYMENT WITHIN VMWARE VCLOUD AIR

EMC VPLEX WITNESS DEPLOYMENT WITHIN VMWARE VCLOUD AIR White Paper EMC VPLEX WITNESS DEPLOYMENT WITHIN VMWARE VCLOUD AIR Abstract This white paper provides a summary and an example of deploying VPLEX Witness in a public cloud based virtual data center. In

More information

vcenter Server and Host Management

vcenter Server and Host Management ESXi 5.5 vcenter Server 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014 VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014 Table of Contents Introduction.... 3 Features and Benefits of vsphere Data Protection... 3 Additional Features and Benefits of

More information

Offline Data Transfer to VMWare vcloud Hybrid Service

Offline Data Transfer to VMWare vcloud Hybrid Service Offline Data Transfer to VMWare vcloud Hybrid Service vcloud Connector 2.5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

EMC ViPR for On-Demand File Storage with EMC Syncplicity and EMC Isilon or EMC VNX

EMC ViPR for On-Demand File Storage with EMC Syncplicity and EMC Isilon or EMC VNX EMC ViPR for On-Demand File Storage with EMC Syncplicity and EMC Isilon or EMC VNX EMC Solutions Abstract This document describes how to deploy EMC ViPR software-defined storage in an existing EMC Isilon

More information

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................

More information

VMware vsphere: Fast Track [V5.0]

VMware vsphere: Fast Track [V5.0] VMware vsphere: Fast Track [V5.0] Experience the ultimate in vsphere 5 skills-building and VCP exam-preparation training. In this intensive, extended-hours course, you will focus on installing, configuring,

More information

Khóa học dành cho các kỹ sư hệ thống, quản trị hệ thống, kỹ sư vận hành cho các hệ thống ảo hóa ESXi, ESX và vcenter Server

Khóa học dành cho các kỹ sư hệ thống, quản trị hệ thống, kỹ sư vận hành cho các hệ thống ảo hóa ESXi, ESX và vcenter Server 1. Mục tiêu khóa học. Khóa học sẽ tập trung vào việc cài đặt, cấu hình và quản trị VMware vsphere 5.1. Khóa học xây dựng trên nền VMware ESXi 5.1 và VMware vcenter Server 5.1. 2. Đối tượng. Khóa học dành

More information

vshield Administration Guide

vshield Administration Guide vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

How to Backup and Restore a VM using Veeam

How to Backup and Restore a VM using Veeam How to Backup and Restore a VM using Veeam Table of Contents Introduction... 3 Assumptions... 3 Add ESXi Server... 4 Backup a VM... 6 Restore Full VM... 12 Appendix A: Install Veeam Backup & Replication

More information

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents

More information

Virtual Managment Appliance Setup Guide

Virtual Managment Appliance Setup Guide Virtual Managment Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance As an alternative to the hardware-based version of the Sophos Web Appliance, you can deploy

More information

Foglight. Foglight for Virtualization, Free Edition 6.5.2. Installation and Configuration Guide

Foglight. Foglight for Virtualization, Free Edition 6.5.2. Installation and Configuration Guide Foglight Foglight for Virtualization, Free Edition 6.5.2 Installation and Configuration Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

CONFIGURATION GUIDELINES: EMC STORAGE FOR PHYSICAL SECURITY

CONFIGURATION GUIDELINES: EMC STORAGE FOR PHYSICAL SECURITY White Paper CONFIGURATION GUIDELINES: EMC STORAGE FOR PHYSICAL SECURITY DVTel Latitude NVMS performance using EMC Isilon storage arrays Correct sizing for storage in a DVTel Latitude physical security

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Veeam ONE What s New in v9?

Veeam ONE What s New in v9? Veeam ONE What s New in v9? Veeam ONE is a powerful monitoring, reporting and capacity planning tool for the Veeam backup infrastructure, VMware vsphere and Microsoft Hyper-V. It helps enable Availability

More information

NexentaConnect for VMware Virtual SAN

NexentaConnect for VMware Virtual SAN NexentaConnect for VMware Virtual SAN QuickStart Installation Guide 1.0.2 FP2 Date: October, 2015 Subject: NexentaConnect for VMware Virtual SAN QuickStart Installation Guide Software: NexentaConnect for

More information

Monitoring Hybrid Cloud Applications in VMware vcloud Air

Monitoring Hybrid Cloud Applications in VMware vcloud Air Monitoring Hybrid Cloud Applications in ware vcloud Air ware vcenter Hyperic and ware vcenter Operations Manager Installation and Administration Guide for Hybrid Cloud Monitoring TECHNICAL WHITE PAPER

More information

Installing and Configuring vcenter Support Assistant

Installing and Configuring vcenter Support Assistant Installing and Configuring vcenter Support Assistant vcenter Support Assistant 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

The VMware Administrator s Guide to Hyper-V in Windows Server 2012. Brien Posey Microsoft MVMP @Veeam

The VMware Administrator s Guide to Hyper-V in Windows Server 2012. Brien Posey Microsoft MVMP @Veeam The VMware Administrator s Guide to Hyper-V in Windows Server 2012 Brien Posey Microsoft MVMP @Veeam About today s webinar Thought leadership content from an industry expert This webinar is recorded and

More information

Virtual Appliance Setup Guide

Virtual Appliance Setup Guide The Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda Web Application Firewall hardware appliance. It is designed for easy deployment on

More information

NET ACCESS VOICE PRIVATE CLOUD

NET ACCESS VOICE PRIVATE CLOUD Page 0 2015 SOLUTION BRIEF NET ACCESS VOICE PRIVATE CLOUD A Cloud and Connectivity Solution for Hosted Voice Applications NET ACCESS LLC 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of

More information

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware. VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.com) Copyright 2008 EMC Corporation. All rights reserved. Agenda

More information

EMC Enterprise Hybrid Cloud 2.5, Federation Software-Defined Data Center Edition

EMC Enterprise Hybrid Cloud 2.5, Federation Software-Defined Data Center Edition Solution Guide EMC Enterprise Hybrid Cloud 2.5, Federation Software-Defined Data Center Edition Public Cloud Solution Guide EMC Solutions Abstract This Solution Guide describes the hybrid nature of the

More information

VMware Data Recovery. Administrator's Guide EN-000193-00

VMware Data Recovery. Administrator's Guide EN-000193-00 Administrator's Guide EN-000193-00 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product

More information

vrealize Air Compliance OVA Installation and Deployment Guide

vrealize Air Compliance OVA Installation and Deployment Guide vrealize Air Compliance OVA Installation and Deployment Guide 14 July 2015 vrealize Air Compliance This document supports the version of each product listed and supports all subsequent versions until the

More information

David.Balka@chi.frb.org 2009 STREAM FRBC

David.Balka@chi.frb.org 2009 STREAM FRBC Virtualization ti Dave Balka David.Balka@chi.frb.org Examination Elements Architecture Management Processes Integrity Availability Security 2 Datacenter Consolidation 3 What is Virtualization A framework

More information

Syncplicity On-Premise Storage Connector

Syncplicity On-Premise Storage Connector Syncplicity On-Premise Storage Connector Implementation Guide Abstract This document explains how to install and configure the Syncplicity On-Premise Storage Connector. In addition, it also describes how

More information

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review

Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more Security Review Version 8.1 March 31, 2016 Contacting Leostream Leostream Corporation http://www.leostream.com

More information

IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE

IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE White Paper IBM TSM DISASTER RECOVERY BEST PRACTICES WITH EMC DATA DOMAIN DEDUPLICATION STORAGE Abstract This white paper focuses on recovery of an IBM Tivoli Storage Manager (TSM) server and explores

More information

EMC PERFORMANCE OPTIMIZATION FOR MICROSOFT FAST SEARCH SERVER 2010 FOR SHAREPOINT

EMC PERFORMANCE OPTIMIZATION FOR MICROSOFT FAST SEARCH SERVER 2010 FOR SHAREPOINT Reference Architecture EMC PERFORMANCE OPTIMIZATION FOR MICROSOFT FAST SEARCH SERVER 2010 FOR SHAREPOINT Optimize scalability and performance of FAST Search Server 2010 for SharePoint Validate virtualization

More information

uh6 efolder BDR Guide for Veeam Page 1 of 36

uh6 efolder BDR Guide for Veeam Page 1 of 36 efolder BDR for Veeam Hyper-V Continuity Cloud Guide Setup Continuity Cloud Import Backup Copy Job Restore Your VM uh6 efolder BDR Guide for Veeam Page 1 of 36 INTRODUCTION Thank you for choosing the efolder

More information