VMware 'SDDC'Product' Applicability'Guide'for' HIPAA/HITECH,'v1.0 '

Size: px
Start display at page:

Download "VMware 'SDDC'Product' Applicability'Guide'for' HIPAA/HITECH,'v1.0 '"

Transcription

1 VMware SDDCProduct ApplicabilityGuidefor HIPAA/HITECH,v1.0 November2013 TECHNICALGUIDE This is the first document in the Compliance Reference Architecture for HIPAA. You can find more information on the Framework and download the additional documents from the VMware HIPAA Compliance Resources on VMware Solution Exchange.

2 VMwareProductAvailability GuideforHIPAAandHITECH TableofContents Introduction...2 ScopeandApproach...3 VMwareSolutionScope...3 HIPAAandHITECHActScope...4 Approach...4 OverviewofHIPAA/HITECHSecurityRequirements...6 HIPAAProtectedHealthInformationandIdentifiers...9 HIPAA/HITECHComplianceGuidance...10 DefinitionofCloudComputing...12 WheretoStart ConsiderationsforCoveredEntities...14 Management/BusinessConsiderations...15 ITConsiderations...15 VMwareHIPAAComplianceStack...15 HIPAASecurityRuleSolutionApplicabilityMatrix...16 HIPAASecurityRuleSolutionApplicabilityDetails...20 vsphere...20 vclouddirector...22 vcloudnetworkingandsecuritysuite...24 vcentersiterecoverymanager...26 vcenteroperationsmanagementsuite...28 Acknowledgments...30 AboutAccuvant...30 TECHNICALGUIDE/1

3 VMwareProductAvailability GuideforHIPAAandHITECH Introduction Informationsecuritydesignandarchitecturalrequirements,drivenbyregulatorycompliance,arecommon butcriticalaspectsthatorganizationsshouldconsiderwhenmigratingfromtraditionalit environmentstocloudcomputingenvironments.helpingorganizationswiththearduoustasksof meetingandmaintaininghipaaandthehitechactregulatorycompliance,vmwareanditspartners providesuitesofindustry[leading,virtualizationsolutionswhichaddresstheconfidentiality,integrity andavailabilityrequirementsofhipaa/hitech.thisvmwaresolutionguidewillassistin answeringquestionssuchas HowCanOurOrganizationComplywithHIPAARequirements withinacloudcomputingenvironment byprovidinghelpfulinformationtovmwarearchitects, thehipaa/hitechcommunity,businessstakeholdersandthirdparties. VMwarevCloudSuiteisVMware scompletesoftware?defineddatacenter(sddc)solution, enablingcustomerstobuildandmanagetheirowncloudinfrastructure.thevcloudsuiteis offeredintothreeeditionsanddividedintoeightdiscretesoftwarecomponents: vsphere Virtualizedinfrastructurewithpolicy[basedautomation vclouddirector Virtualizeddatacenterswithmulti[tenancyandpubliccloudextensibility vcloudconnector Integratedviewinganddynamictransferofworkloadsbetweenprivateandpublic clouds vcloudnetworkingandsecurity Softwaredefinednetworking,securityandecosystemintegration vcentersiterecoverymanager Automateddisasterrecoveryplanning,testingandexecution vcenteroperationsmanagementsuite Integrated,proactiveperformancecapacity,and configurationmanagementfordynamiccloudenvironments.thevcenteroperations ManagementSuiteisbrokenintosevenfeaturesthatareoffereddependingonvCloudSuite editiontype.thesesevenfeaturesare: ApplicationMonitoring StorageAdaptersforEMC VMConfigurationCompliance HostConfigurationCompliance PerformanceandCapacityOptimization ApplicationAwareness Chargeback vfabricapplicationdirector Multi[tierapplicationservicecatalogpublishingand provisioning vcloudautomationcenter Self[serviceandpolicy[enabledcloudserviceprovisioning TECHNICALGUIDE/2

4 VMwareProductAvailability GuideforHIPAAandHITECH Figure1.VMwareCloudSuitecomponents ScopeandApproach DuetothebroadcontextoftheHIPAAandHITECHactsitisprudenttoproperlydefineand detailthescopeofthisdocumentandtheapproachthathasbeentakenindefiningsuch scope.thescopeisdividedbetweenthevmwarecomponentsthatareincluded,reviewedand consideredhighlyrelevantaspartofthisguideandthegoverningsectionsofthehipaaand HITECHActsthatpertaintoelectronicdata,informationtechnologyandthusnetworkand electronicinformationsecurity.whilethisguideprovidesspecifictechnicalopinionsregarding theapplicabilityofvmwaresolutionstohipaa sregulationstheguideisneither comprehensiveinitscoverageoftheentirehipaaregulationnorprescriptive.itdoesnot defineasingleimplementationstrategythatassurescompliance. VMwareSolutionScope UsingtheEnterpriseeditionofvCloudSuiteasthebasisfortheVMwaresolution,the componentsapplicabletothisguideanddetailedwithinthisguide( VMwareScope )include: vsphere vclouddirector vcloudnetworkingandsecurity(vcns) vcentersiterecoverymanager(srm) vcenteroperationsmanagementsuite(oms) VMConfigurationCompliance HostConfigurationCompliance TECHNICALGUIDE/3

5 VMwareProductAvailability GuideforHIPAAandHITECH ThosespecificVMwarecomponentsthatarenotwithinthescopeofthisdocumenthavebeen omittedeitherbecauseoftheirnon[applicability(i.e.applicationmonitoring,applicationawareness, PerformanceandOptimizationandChargebackcomponentsofvCenterOMS,vFabricApplication DirectorandvCloudAutomationCenter)orinterdependencyuponseparatetechnologynotin scope(i.e.storageadaptersforemc). HIPAAandHITECHActScope TheportionsoftheHIPAAandHITECHactsthatareconsideredtechnicalinnatureandthereforewithin scope( HIPAAScope )ofthisguideconsistofspecificcontrolswithinhipaa ssecurityrule, 45CFRPart160andSubpartsAandCofPart164.TheHITECHactandotherportionsof HIPAA,suchasthePrivacyRule,aswellasseveralsectionsofHIPAA ssecurityrulearenot addressablethroughtheuseofvirtualizationandcloudtechnology,includingvmware s solutionsandthereforearenotcoveredwithinthisdocument. VMwarerecognizesthelargerimpactthatthefullscopeofHIPAAandHITECHhasuponan organization.thissolutionsguideisintendedtohelpanorganizationunderstandtherolethat VMware ssolutionscanplaywithintheirlargercomplianceefforts.andduetotheflexiblenatureof HIPAAandsignificantimpactthatnon[compliancecanhaveuponanorganization,itisstrongly recommendedthatorganizationsestablishtheirhipaaandhitechcomplianceeffortsupona comprehensiveriskassessmentstrategy. Approach The HIPAASecurityRuleSolutionApplicabilityMatrix (foundlaterinthisdocument)mapsthe specificrequirementsofthehipaasecurityruletovmware sproductsolutionsuites,theirtechnology areasandinsomecasespartnersolutions.byunderstandinghowthetechnologysolutionsand technologyareasapplytothecompliancerequirementscustomersareabletosupporttheirbroader electronicgovernance,riskandcompliance(egrc)initiatives. Figure2.VMware+PartnerProductSolutionsforaTrustedCloud TECHNICALGUIDE/4

6 VMwareProductAvailability GuideforHIPAAandHITECH Whiletherearemanyvariationsofcloudenvironments,includingpublic,privateandhybrid clouds,andtherearemanypartnersolutionsthatenhanceanorganization sabilitytoaddress confidentiality,integrityandavailability,thevmwarevcloudsuitecanhelporganizations addressupto23%(asseeninfigure3below)ofthecompliancerequirementsofthehipaa SecurityRule. Figure3.HIPAASecurityRuleControlsCoverage TECHNICALGUIDE/5

7 VMwareProductAvailability GuideforHIPAAandHITECH OverviewofHIPAA/HITECHSecurityRequirements TheHealthInsurancePortabilityandAccountabilityActof1996(HIPAAePub.L.104[191,110Stat.1936) wasenactedbytheunitedstatescongressandsignedbypresidentbillclintononaugust21, 1996.TitleII:PreventingHealthCareFraudandAbuseFAdministrativeSimplificationFMedical LiabilityReformdefinespolicies,proceduresandguidelinesformaintainingtheprivacyandsecurity ofindividuallyidentifiablehealthinformationaswellasoutliningnumerousoffensesrelatingtohealth careandsetscivilandcriminalpenaltiesforviolations. AsrequiredbyCongressinHIPAAandHITECHcoverthefollowingtypesoforganizations: Healthplans Healthcareclearinghouses Healthcareproviderswhoconductcertainfinancialandadministrativetransactionselectronically. TheseelectronictransactionsarethoseforwhichstandardshavebeenadoptedbytheSecretary underhipaa, suchaselectronicbillingandfundtransfers. FailuretomeetHIPAAcompliancerequirementsandstandardscouldgiverisetobothcivilandcriminal penalties.section13410ofthehitechactamendssection1176ofthesocialsecurityact(42 U.S.C1320d[5)inordertoupdateenforcementofHIPAA.ThepenaltiesundertheSocial SecurityAct,andamendedintheHITECHactaredividedintocategoriesofclaimsand categoriesofpenaltiesthatareapplicabletoindividualsandorganizations. Civilmonetarypenaltiesaredividedasfollows: IncasesofunknowingviolationsofHIPAA,eachviolationwouldresultin$100[$50,000foreach suchviolation,nottoexceed$1,500,000fortheallsuchviolationswithinthesamecalendaryear. Incasesofwrongfuldisclosureofindividuallyidentifiablepatientinformation,apersonshallbefined $1,000[$50,000foreachsuchviolationandnotmorethan$1,500,000forallsuchviolationswithin thesamecalendaryear. Incaseswheretheoffenseiscommittedunderfalsepretensesandcorrectedinthesamecalendar year,apersonshallbefined$10,000[$50,000foreachsuchviolationandnotmorethan$1,500,000 forallsuchviolationswithinthesamecalendaryear. Incaseswheretheoffenseiscommittedunderfalsepretensesandnotcorrectedinthesame calendaryear,apersonshallbefined$50,000foreachsuchviolationandnotmorethan$1,500,000 forallsuchviolationswithinthesamecalendaryear. Criminalpenaltiescanbeimposedagainstindividualsandaredividedasfollows: Upto$50,000andpotentialimprisonmentofnotmorethan1yearincasesofwrongfuldisclosureof PHI. Upto$100,000andpotentialimprisonmentofnotmorethan5yearsincasescommittedunderfalse pretenses. Upto$250,000andimprisonmentofnotmorethan10yearsincasescommittedwithintenttosell, transferorusephiforcommercialadvantage,personalgainormaliciousharm. TheHIPAASecurityRule,asdefinedwithin45CFRPart160andSubpartsAandCofPart 164,has22requirementsthatpertaintothesafeguardingofpatientdataandareoutlined below.ofthose22,therequirementsthatwebelievearerelevanttovmware sproduct solutionsarehighlightedinyellow: TECHNICALGUIDE/6

8 VMwareProductAvailability GuideforHIPAAandHITECH HIPAA Administrative Safeguards HIPAAStandard Reference ApplicabilitytoTechnicalScope SecurityManagementProcess (a)(1)(i) Notapplicable AssignedSecurityResponsibility (a)(2) Notapplicable WorkforceSecurity (a)(3)(i) Notapplicable InformationAccessManagement (a)(4)(i) Notapplicable SecurityAwarenessandTraining (a)(5)(i) Notapplicable SecurityIncidentProcedures (a)(6)(i) Notapplicable ContingencyPlans (a)(7)(i) Notapplicable Evaluation (a)(8) Notapplicable BusinessAssociateContracts andotherarrangements (b)(1) Notapplicable HIPAA PHYSICAL Safeguards HIPAAStandard Reference ApplicabilitytoTechnicalScope FacilityAccessControls (a)(1) Notapplicable WorkstationUse (b) Notapplicable WorkstationSecurity (c) Notapplicable TECHNICALGUIDE/7

9 VMwareProductAvailability GuideforHIPAAandHITECH HIPAA PHYSICAL Safeguards DeviceandMediaControls (d)(1) Notapplicable HIPAA TECHNICAL Safeguards HIPAAStandard Reference ApplicabilitytoTechnicalScope AccessControl (a)(1) Applicable AuditControls (b) Applicable Integrity (c)(1) Applicable PersonorEntityAuthentication (d) Applicable TransmissionSecurity (e)(1) Applicable HIPAA organizational requirements HIPAAStandard Reference ApplicabilitytoTechnicalScope BusinessAssociateContractsor OtherArrangements (a)(1)(i) NotApplicable RequirementsforGroupHealth Plans (b)(1) NotApplicable TECHNICALGUIDE/8

10 VMwareProductAvailability GuideforHIPAAandHITECH HIPAA Policies and Procedures and Documentation Requirements HIPAAStandard Reference ApplicabilitytoTechnicalScope PoliciesandProcedures (a) NotApplicable Documentation (b)(1)(i) NotApplicable Table1:HIPAASecurityStandards HIPAAProtectedHealthInformationandIdentifiers Protectedhealthinformation(PHI)hasbeendefinedbytheUSDepartmentofHealthandHuman Services( HHS )asanyinformationinthemedicalrecordordesignatedrecordsetthatcanbe usedtoidentifyanindividualandthatwascreated,used,ordisclosedinthecourseof providingahealthcareservicesuchasdiagnosisortreatment.hipaaregulationsallowresearchers toaccessandusephiwhennecessarytoconductresearch.however,hipaaonlyaffectsresearch thatuses,creates,ordisclosesphithatwillbeenteredinto themedicalrecordorwillbeusedforhealthcareservices,suchastreatment,paymentor operations. AsdefinedbytheHeathResourcesandServicesAdministration: UndertheHIPAAPrivacyRule,protectedhealthinformation(PHI)referstoindividually identifiablehealthinformation.individuallyidentifiablehealthinformationisthatwhichcanbe linkedtoaparticularperson.specifically,thisinformationcanrelateto: Theindividual spast,presentorfuturephysicalormentalhealthorcondition, Theprovisionofhealthcaretotheindividual,or, Thepast,present,orfuturepaymentfortheprovisionofhealthcaretotheindividual. Commonidentifiersofhealthinformationincludenames,socialsecuritynumbers,addresses, andbirthdates. TheHIPAASecurityRuleappliestoindividualidentifiablehealthinformationinelectronicform orelectronicprotectedhealthinformation(ephi).itisintendedtoprotecttheconfidentiality, integrity,andavailabilityofephiwhenitisstored,maintained,ortransmitted. 1 The18PHIidentifiersthathavebeendefinedwithinHIPAAbytheHHSasin[scopeinclude: Namese AllgeographicalsubdivisionssmallerthanaState 2 e Allelementsofdates(exceptyear)fordatesdirectlyrelatedtoanindividual 3 e Phonenumberse Faxnumberse Electronicmailaddressese 1 2 With exceptions 3 With exceptions TECHNICALGUIDE/9

11 VMwareProductAvailability GuideforHIPAAandHITECH SocialSecuritynumberse Medicalrecordnumberse Healthplanbeneficiarynumberse Accountnumberse Certificate/licensenumberse Vehicleidentifiersandserialnumbers,Includinglicenseplatenumberse Deviceidentifiersandserialnumberse WebUniversalResourceLocators(URLs)e InternetProtocol(IP)addressnumberse Biometricidentifiers,includingfingerandvoiceprintse Fullfacephotographicimagesandanycomparableimageseand 18. Anyotheruniqueidentifyingnumber,characteristic,orcode(notethisdoesnotmeanthe uniquecodeassignedbytheinvestigatortocodethedata) HIPAA/HITECHComplianceGuidance Whileformalguidelineshavenotyetbeenreleasedrecommendingexplicitsecurityguidelines forhipaacompliancewithinapubliccloudenvironment,in2007theu.s.departmentof HealthandHumanServices( HHS )releasedan EducationalPaperSeries thatcovereda numberofsecurityprinciplesinanefforttoprovidehipaacoveredentities insightintothesecurity Rule 4.Thepaperscoveredavarietyoftopics: Security101forCoveredEntities AdministrativeSafeguards PhysicalSafeguards TechnicalSafeguards Organizational,PoliciesandProceduresandDocumentationRequirements BasicsofRiskAnalysisandRiskManagement SecurityStandards:ImplementationfortheSmallProvider AllofthepapersprovidedbytheHHSarerecommendedindevelopinganunderstandingof HIPAA sintent.ofthesevenpapers,thesecurity101forcoveredentities,technical SafeguardsandBasicsofRiskAnalysisandRiskManagementholdthemostrelevancetothe VMwarescopedefinedinanearliersection. 4http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html TECHNICALGUIDE/10

12 VMwareProductAvailability GuideforHIPAAandHITECH Figure4.HIPAASecuritySeries#1,#4and#6 InadditiontotheEducationalPaperSeries,HHSreleasedin2010aguidancepaperrelative tohitechtitled GuidanceonRiskAnalysisRequirementsundertheHIPAASecurityRule. ThispaperisintendedtoassistorganizationsinunderstandingwhatHHSconsidersthe mosteffective andappropriateadministrative,physicalandtechnicalsafeguards 5 relativetoe[phi.inthis documentthehhsveryspecificallyacknowledgeslimitedprescriptivespecificitywithinthe SecurityRuleandpointsatoneverycleardirective basetheidentificationand implementationofthevarioussafeguardsuponriskanalysis. WeunderstandthattheSecurityRuledoesnotprescribeaspecificriskanalysismethodology, recognizingthatmethodswillvarydependentonthesize,complexity,andcapabilitiesofthe organization.instead,theruleidentifiesriskanalysisasthefoundationalelementintheprocessof achievingcompliance,anditestablishesseveralobjectivesthatanymethodologyadoptedmust achieve 6. Theguideprovidesadditionalclarificationbetweentheterms addressable and required enotingthat addressablespecificationsarenotoptionalandrequireorganizationstodeterminewhether eachaddressablespecificationisreasonableandappropriate.organizations mustdocument 7,as partofthatdeterminationprocess,whyaparticularspecificationwasdeterminedtobeunreasonable orinappropriate. 5FromGuidanceonRiskAnalysisRequirementsUnderHIPAASecurityRulepg.1,postedJuly14,2010 6FromGuidanceonRiskAnalysisRequirementsUnderHIPAASecurityRulepg.2postedJuly14,2010 7FromGuidanceonRiskAnalysisRequirementsUnderHIPAASecurityRulepg.2postedJuly14,2010 TECHNICALGUIDE/11

13 VMwareProductAvailability GuideforHIPAAandHITECH Figure5.GuidanceonRiskAnalysisRequirementsUndertheHIPAASecurityRule DefinitionofCloudComputing Cloudcomputingcanbedefinedasamodelforleveragingpoolsofsharedresourceson[demand,suchas networks,storage,servers,applicationsandservices.thesesharedresources,knownasa cloud,provideamultitudeofcapabilities,someofwhichincludescalability,elasticityofit resources,smallerenvironmentalfootprintsuchaspowerorphysicalspace,andfinallymore accurateeconomiesofscale. Cloudcomputingisnothingnew,andhasoriginsdatingbacktotheearly1950 sand1960 s,when mainframesweremodifiedtoprovidebetterefficiencyandscalability.theterm cloud itself becamecommonplacewheninthe1990 sthegraphicofacloudwasusedtoidentifythe Internetoranyothersharednetwork.Ithasreallybeeninthelastdecadethatamature definitionof CloudComputing hasbeenestablished.severalkeyeventsoccurredthat helpedtoestablishcurrentdaycloudcomputing: 1.In1999VMwareintroducedtheVMwareVirtualPlatformthatprovidedthefirstaffordableand reliablevirtualizationplatform,enablingbroadadoptionofvirtualizationwithinthedatacenterand ultimatelysupportingprivatecloudcomputing. 2.In2006AmazonreleasedAmazonWebServices(AWS)expandingcloudcomputingfroma privateendeavortoautilityprovidedtoexternalcustomers. VMwaredefinescloudorutilitycomputingasthefollowing: Cloudcomputingisanapproachtocomputingthatleveragestheefficientpoolingofon? demand,self?managedvirtualinfrastructure,consumedasaservice.sometimesknownasutility computing,cloudsprovideasetoftypicallyvirtualizedcomputerswhichcanprovideuserswiththe abilitytostartandstopserversorusecomputecyclesonlywhenneeded,oftenpayingonly uponusage. Thereareseveralkeycharacteristicstocloudcomputingthatarerecognizedthroughoutthe industry.thefirstkeycharacteristicofthecloudisitsservicemodels.thesecondkey characteristicofthecloudisitsdeploymentmodels.fourdistinctdeploymentmodelsexist(which donotnecessarilyalignwiththeservicemodels):theprivatecloud,thepubliccloud,thehybridcloud (combiningbothpublicandprivate),andfinallythecommunitycloud. TheCloud sservicemodelsaredividedintofourseparateservicemodels: InfrastructureasaService(IaaS) AsthenamesuggeststheIaaSmodelisspecifictothe infrastructurethatsupportscloudcomputing.iaassolutionprovidersofferphysicalorvirtual TECHNICALGUIDE/12

14 VMwareProductAvailability GuideforHIPAAandHITECH computers,disk,networkroutingandswitchinginfrastructureandothernetworkandsecurity infrastructure. PlatformasaService(PaaS) BuildinguponanIaaSsolution,thePaaSmodelprovidesthe computingplatformnecessarytorunandsupporttheapplicationsandservices.apaassolution providertypicallyprovidestheoperatingsystems,serviceapplicationstack suchaswebservers anddatabaseservers,andothernecessaryenvironmentsupport suchasprogramminglanguages, frameworksandservices. SoftwareasaService(SaaS) Certainlythemostvisibleoftheservicemodels,theSaaSmodel providesaccesstofullyoperationalapplications.theseapplicationsarefullymanagedattheplatform andinfrastructurelevelandareoftenaresupportedthroughseparateiaasandpaasproviders. NetworkasaService(NaaS) Thisfinalmodelbringscommonnetwork,transportorVPN connectivitytothemarket. TheCloud sdeploymentmodelshappentoalsobedividedintofourdistinctmodelstoday.the deploymentmodelstonotnecessarilyalignwiththeservicemodelsdefinedabove. PrivateCloud Thecloudinfrastructureisoperatedsolelyforanorganizationandmaybemanaged bytheorganizationorathirdparty.thecloudinfrastructuremaybeon[premiseoroff[premise. PublicCloud Thecloudinfrastructureismadeavailabletothegeneralpublicortoalargeindustry groupandisownedbyanorganizationthatsellscloudservices. Figure6.CloudComputingOverview HybridCloud Thecloudinfrastructureisacompositionoftwoormoreclouds(privateandpublic) thatremainuniqueentities,butareboundtogetherbystandardizedtechnology.thisenablesdataand applicationportabilityeforexample,cloudburstingforloadbalancingbetweenclouds.withahybrid cloud,anorganizationgetsthebestofbothworlds,gainingtheabilitytoburstintothepubliccloud whenneededwhilemaintainingcriticalassetson[premise. TECHNICALGUIDE/13

15 VMwareProductAvailability GuideforHIPAAandHITECH CommunityCloud Thecloudinfrastructureissharedbyseveralorganizationsandsupportsaspecific communitythathassharedconcerns(forexample,mission,securityrequirements,policy,and complianceconsiderations).itmaybemanagedbytheorganizationsorathirdparty,andmayexist on[premiseoroff[premise. TolearnmoreaboutVMware sapproachtocloudcomputing,pleasereviewthefollowing: VMwareCloudComputingOverview[http://www.vmware.com/solutions/cloud[ computing/index.html#tab3 VMware svcloudarchitecturetoolkit[http://www.vmware.com/cloud[computing/cloud[ architecture/vcat[toolkit.html Organizationsconsideringthepotentialcomplianceimpactcloudcomputinghasuponcritical applicationsthatmaybehighlyregulatedshouldconsiderthefollowingquestions: Towhatextentdothoseapplicationsleveragecloudarchitecture? Whatservicemodelsanddeploymentmodelsarebeingusedtotransmitandstoreprotectedhealth informationandwhoarethecloudprovidersinvolved? Arethecloudplatformsusedtrustedplatformsandwhatcomplianceassurancesareprovidedbythe cloudprovidersinvolved? Whichindustry[recognizedcertificationshasthecloudprovider,environmentandservicebeen auditedandcertifiedascompliantfor? Afinalcriticalpointthatmustbeconsideredisthat,becauseHIPAAdoesnotprescribehowto meet regulatorycompliance(i.ewhichtechnologytouse,howtoimplementsaidtechnology,etc),itis imperativethatanorganization sbusinessanditstakeholdersarealignedwithtechnology requirementsdrivenfromthestakeholder. VMwareisthegloballeaderinvirtualization,thekeytechnologythatenablescloudcomputing.VMware s vcloudsuiteisaturnkey,integratedvirtualizationsolutionforbuildingandmanaginga completecloudinfrastructure,allowingcustomerstorealizethemanybenefitsofcloud computing. PriortoundertakinganyHIPAAcomplianceproject,VMwarerecommendsthatcustomersdeterminea healthcheck statusofsystemscompliance.customerscanimplementvmware s HIPAACompliance Checker bydownloadingtheapplicationfromthefollowinglocation: https://my.vmware.com/web/vmware/evalcenter?p=compliance[ chk&lp=default&cid= mjsmaaw WheretoStart ConsiderationsforCoveredEntities Whenitcomestothequestionofwheretostart,HIPAAandtheguidancearoundHIPAAis quitespecific.organizationsthatareworkingonachievinghipaaandhitechcomplianceshouldstart withariskassessment.asnotedbythedepartmentofhealthandhumanservicesandrelative tohipaa ssecurityrule: theruleidentifiesriskanalysisasthefoundationalelementintheprocessofachieving compliance,anditestablishesseveralobjectivesthatanymethodologyadoptedmust achieve 8 8FromGuidanceonRiskAnalysisRequirementsUnderHIPAASecurityRulepg.2postedJuly14,2010 TECHNICALGUIDE/14

16 VMwareProductAvailability GuideforHIPAAandHITECH Whatisveryimportanttonoteisthatutilizingavirtualorcloudenvironmenthasnogreater impactrelativetohipaacompliancethantraditionalinformationtechnologyoranydifferencesthanare typicallyconsideredbetweenvirtualization,cloudandtraditionaltechnology.organizationscan utilizeastrongriskmanagementapproachtowardtheirhipaacomplianceeffortsandtake advantageofthemanyadvantagesprovidedbyvirtualorcloudenvironmentsbecausetherisk assessmenteffortshouldinformtheorganizationoftheproperapplicationofsecuritywithin thevirtualorcloudenvironment. IndependentofHIPAAorHITECH,themovetocloudandvirtualenvironmentsarefilledwithtechnical considerationsandbusinessdecision,someofwhichdifferfromtraditionalinformation technology.organizationsshouldreviewthebenefitsandrisksoftheircurrentenvironment andcomparethemtothedifferentclouddeploymentmodelsandservicemodels. Thefollowingquestionsmaybeimportantwhenconsideringthepotentialbusinessimpact, benefits,andrisksofavirtualand/orcloudenvironment. Management/BusinessConsiderations 1.CantheCloudbeastrategicdifferentiatorforthebusinessorisitacommodityservice? 2.WhatisthestrategicvaluethattheCloudcoulddelivertotheorganization? 3.WhataretheareaswheretheCloudcanprovideadditionalvaluetothecompany? 4.WhatisthebusinessvaluethattheCloudcoulddelivertooperations? 5.Havetherebeenanypreviousattemptstovirtualizeoroutsourcecriticaloperations? 6.WhatCloudmodels,includingPublic,HybridandPrivate,arebeingconsidered? 7.WhatarethecriticalITservicesthatareorcouldbeoutsourced? ITConsiderations 1.Aretheorganizationalbusiness,IT,andGRCgroupsalignedwiththevirtualizationorcloud strategy? 2.HastheproposedvirtualizationimplementationbeencommunicatedtoGRCandapproval received? 3.HowhasGRCaffectedITOperationsanddoesitmandateanyconsiderationswhenconsidering virtualizationorcloudenvironments? 4.HastheflowofePHIbeenidentifiedanddocumented? 5.Haveallsystems(servers,SANs,SEIMs)whichstoreePHIandareconsidered in[scope for HIPAAcompliancebeenidentified?Whichvirtualizationorclouddeploymentmodelandservice modelwill beimplemented? 6.HowcanvirtualizationorcloudtechnologybenefitexistingITinitiatives?Arethereeffortsto consolidateitfunctionsthatcanbeaddressedwithcloud? 7.WhatIToperationalchangesshouldbemade,fromasegregationofdutiesperspective,to accountfortheconversionofphysicaltovirtualizedresourceswithintheorganization? 8.Wherecanvirtualizationand/orCloudimproveexistingSLAorOLAs(Internal,External)? VMwareHIPAAComplianceStack VMwareprovidesanextensivesuiteofproductsdesignedtosupportanorganization s InformationSecurityandCompliancerequirements.Whileeveryenvironmentwillhaveunique needs,thefollowinghipaa/hitechcompliancestackprovidesacomprehensivemixof TECHNICALGUIDE/15

17 VMwareProductAvailability GuideforHIPAAandHITECH VMwaresolutionsthatcanhelporganizationsmeetthecomplianceandgovernance requirementsofhipaa/hitech. VCloud Suite Product Product Components or Features vsphere ESXi,vMotion,StoragevMotion,HighAvailability,Data ProtectionandReplication,andHostProfiles vclouddirector ElasticVirtualDatacenters,ServiceCatalogandMulti[Tenancy vcloudnetworkingandsecurity Suite Edge,AppFirewall,VXLAN,andDataSecurity vcentersiterecoverymanager RecoveryPlans,AutomatedDRFailoverandFailback,vSphere Replication vcenteroperationsmanagement Suite VMConfigurationCompliance,andHostConfigurationCompliance Table2:Captiontocome. HIPAA/HITECHrequirementsandhavebeenaddressedindetailinthefollowingsections.To determinetheproductsandfeaturesavailablewithvmwaresuitespleasereferto VMware.com. HIPAASecurityRuleSolutionApplicabilityMatrix VMwarehascreatedaHIPAASecurityRuleRequirementsMatrixtoassistorganizationswithan understandingofvmwaresolutions,vmwarepartnersolutions(wheretheyoverlap),andthe remainingcustomerresponsibilitiesthatshouldbeaddressedseparatelybythecustomer throughuseofothertoolsorprocesses.whileeverycloudisunique,vmwarebelievesthatthe technicalrequirementsfoundwithinthesecurityrulecanbeaddressedthroughthevmwaresuites and/orvmwarepartnersolutions. TheremaininggapsinaddressingHIPAA/HITECHrequirementsmaybefilledbythecustomerthrough processes,proceduresandothertools(i.e.approvingcustomers policies,keepinganupdated networkdiagram,approvingchanges,etc.). TECHNICALGUIDE/16

18 VMwareProductAvailability GuideforHIPAAandHITECH Figure7.VMwareSolutions Figure8.DiagrammaticRepresentationofVMwareandVMwarePartnerProductsforHIPAA TECHNICALGUIDE/17

19 VMwareProductAvailability GuideforHIPAAandHITECH PIE CHART HIPAA STANDARD REF. REQUIREMENT ADDRESSED IN VMWARE S SUITES REQUIREMENT ADDRESSED OR ENHANCED BY PARTNERS REQUIREMENT NOT ADDRESSED BY VMWARE OR PARTNERS Security Management Process (a)(1)(i) No No Yes AssignedSecurity Responsibility (a)(2) No No Yes WorkforceSecurity (a)(3)(i) No No Yes InformationAccess Management (a)(4)(i) No No Yes Security Awarenessand Training (a)(5)(i) No No Yes SecurityIncident Procedures (a)(6)(i) No No Yes ContingencyPlan (a)(7)(i) No No Yes Evaluation (a)(8) No No Yes BusinessAssociate Contracts andother Arrangements (b)(1) No No Yes FacilityAccess Controls (a)(1) No No Yes WorkstationUse (b) No No Yes TECHNICALGUIDE/18

20 VMwareProductAvailability GuideforHIPAAandHITECH PIE CHART HIPAA STANDARD REF. REQUIREMENT ADDRESSED IN VMWARE S SUITES REQUIREMENT ADDRESSED OR ENHANCED BY PARTNERS REQUIREMENT NOT ADDRESSED BY VMWARE OR PARTNERS WorkstationSecurity (c) No No Yes DeviceandMedia Controls (d)(1) No No Yes AccessControl (a)(1) Yes Yes No AuditControls (b) Yes Yes No Integrity (c)(1) Yes Yes No PersonorEntity Authentication (d) Yes Yes No TransmissionSecurity (e)(1) Yes Yes No BusinessAssociate Contracts orother Arrangements (a)(1)(i) No No Yes Requirementsfor GroupHealthPlans (b)(1) No No Yes Policiesand Procedures (a) No No Yes Documentation (b)(1)(i) No No Yes Table3:HIPAASecurityRuleRequirements TECHNICALGUIDE/19

21 VMwareProductAvailability GuideforHIPAAandHITECH HIPAASecurityRuleSolutionApplicabilityDetails vsphere ForthepurposesofthisVMwareSolutionGuideforHIPAA/HITECH,vSphere scomponents andfeatures,asdescribedbelow,cansupportautomaticcomplianceanddeploymentscenariosto accommodatehipaa/hitechrequirements. ESXi isabare[metalhypervisorinstalledonphysicalservers.esxiallowsforpartitioningthe physicalresourcesintomultiplevirtualmachinesandallowsformanagementofmultipleesxihosts throughasinglemanagementplatform(vcenterserver). vmotion allowsliverunningvirtualmachinestomovebetweenonephysicalservertoanotherwithout disruption.theabilitytodynamicallyandautomaticallymoveliverunningvirtualmachinescanease scalingandallowworkloadstobeperformedwithinvirtualsegments. StoragevMotion providestheabilitytomigratelivevirtualmachinedisksacrossanystorage arrayssupportedbyvsphere. HighAvailability allowsforapplicationsrunninginvirtualmachinestoruninhighavailabilitymode, protectingtheapplicationfromhardwareandoperatingsystemsfailuresbymonitoringthestateofthe virtualmachineandphysicalhostandautomaticallyrestartsthevirtualmachineonotherphysical servers. DataProtectionandReplication Dataprotectionprovidesagent[lessimage[levelbackupand recoverypoweredbyemcavamar.backupsaredoneviafastandefficientbackuptodiskandalso providefastrecovery.thereplicationforvsphereallowsforpoweredonreplicationofvirtual machinesfromonevspherehosttoanotherwithoutneedingstoragebasedreplication. HostProfiles allowsfortheconsistencyandautomationofdeployingphysicalesx/esxihosts rapidly.hostprofilesallowforautomaticdeploymentofconfigurationstohostsandprovideautomatic compliancewiththeconfigurations.simplifyingoperationalmanagementalsoreducesthepossibility formis[configuration. ThefollowingproductmatrixexplainswhichHIPAAcontrolsareapplicabletovSphereandits components. Technical Safeguards ( ) HIPAAStandardDescription Compliance Attainability Comments AccessControls[ (a)(1) Implementtechnicalpoliciesand proceduresforelectronic informationsystemsthatmaintain electronicprotectedhealth informationtoallowaccessonlyto thosepersonsorsoftware programsthathavebeengranted accessrights. Attainable ESXiandvCentercanbeconfigured toprovideaccesscontrolforindividual usersandalsoprotectaccessto systemsandfeatureswithinvsphere byimplementingrolebasedaccess. See:ConfiguringActiveDirectory See:ConfiguringAuthentication& TECHNICALGUIDE/20

VMware!SDDC!Product! Applicability!Guide!for! FedRAMP,!v!1.0! February,!2014! v1.0!

VMware!SDDC!Product! Applicability!Guide!for! FedRAMP,!v!1.0! February,!2014! v1.0! VMWAREPRODUCTAVAILABILITY GUIDEFORFEDRAMP VMwareSDDCProduct ApplicabilityGuidefor FedRAMP,v1.0 February,2014 v1.0 TECHNICALGUIDE This is the first document in the Compliance Reference Architecture for

More information

VMware!SDDC!Product! Applicability!Guide!for!CJIS! v5.2!

VMware!SDDC!Product! Applicability!Guide!for!CJIS! v5.2! VMwareSDDCProduct ApplicabilityGuideforCJIS v5.2 August2014 v1.0 Product Guide This is the first document in the Compliance Reference Architecture for CJIS. You can find more information on the Framework

More information

VMware!EUC!Product!Applicability!Guide! for!payment!card!industry!data!security! Standard!(PCI!DSS)!version!3.0!

VMware!EUC!Product!Applicability!Guide! for!payment!card!industry!data!security! Standard!(PCI!DSS)!version!3.0! VMware EUCProductApplicabilityGuide forpaymentcardindustrydatasecurity Standard(PCIDSS)version3.0 July2015 v1.0 TECHNICALWHITEPAPER ThisisthefirstdocumentintheComplianceReferenceArchitectureforPCI.You

More information

VMware!Product!Applicability!Guide!for!! Payment!Card!Industry!Data!Security!Standard!

VMware!Product!Applicability!Guide!for!! Payment!Card!Industry!Data!Security!Standard! VMwareProductApplicabilityGuidefor PaymentCardIndustryDataSecurityStandard (PCIDSS)version3.0 February2014 V3.0 DESIGNDOCUMENT This is the first document in the Compliance Reference Architecture For PCI.

More information

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA/HITECH Compliance Using VMware vcloud Air Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the

More information

Virtualizing Apache Hadoop. June, 2012

Virtualizing Apache Hadoop. June, 2012 June, 2012 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 3 VIRTUALIZING APACHE HADOOP... 4 INTRODUCTION TO VSPHERE TM... 4 USE CASES AND ADVANTAGES OF VIRTUALIZING HADOOP... 4 MYTHS ABOUT RUNNING

More information

VMware for SMB environments(min. 505 1 st year)

VMware for SMB environments(min. 505 1 st year) VMware offers dozens of products, but at its core is vsphere, its virtualization platform, and vcenter Server, its management family. Understanding VMware's vsphere, vcenter and vcloud licensing is critical

More information

VMware Overview Journey to Cloud Computing Adam Oaten Technical Partner Manager

VMware Overview Journey to Cloud Computing Adam Oaten Technical Partner Manager VMware Overview Journey to Cloud Computing Adam Oaten Technical Partner Manager 2009 VMware Inc. All rights reserved Agenda Evolution of IT Customer Journey Components of vsphere & New Features in 4.1

More information

Host OS Compatibility Guide

Host OS Compatibility Guide Host OS Compatibility Guide Last Updated: December 16, 2014 For more information go to vmware.com. Host Operating System Compatibility Microsoft Windows 7 Supported s Windows 7 vsphere Client (Windows)4.1

More information

Design Implement Troubleshoot. VMware Virtualisation Strategies Private/Public/Hybrid Cloud Computing. www.redwoodsolutions.

Design Implement Troubleshoot. VMware Virtualisation Strategies Private/Public/Hybrid Cloud Computing. www.redwoodsolutions. Design Implement Troubleshoot VMware Virtualisation Strategies Private/Public/Hybrid Cloud Computing www.redwoodsolutions.net @NakedCloudGuy vsphere 4.1 to 5.1 Upgrade Some tippity top tips... Reasons

More information

VMware s)approach)to)compliance))

VMware s)approach)to)compliance)) VMware sapproachtocompliance UpdatedJuly2015 V2.1 VMware sapproachtocompliance TableofContents 1. INTRODUCTION...3 2. SECURITY,COMPLIANCE,ANDGUIDELINES...5 3. AVIEWOFVMWARE SCOMPLIANCESOLUTIONS...7 4.

More information

Helping Customers Move Workloads into the Cloud. A Guide for Providers of vcloud Powered Services

Helping Customers Move Workloads into the Cloud. A Guide for Providers of vcloud Powered Services Helping Customers Move Workloads into the Cloud A Guide for Providers of vcloud Powered Services Technical WHITE PAPER Table of Contents Introduction.... 3 About VMware vcloud Connector.... 3 Use Cases....

More information

Site Recovery Manager Installation and Configuration

Site Recovery Manager Installation and Configuration Site Recovery Manager Installation and Configuration vcenter Site Recovery Manager 5.5 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Business Process Desktop

Business Process Desktop Maximum Scalability, Security, and Availability for VMware View with F5 Networks HOW-TO GUIDE Solution Overview The VMware View solution is a powerful architecture intended to serve the needs of non-mobile

More information

Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security

Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview We are well aware

More information

Electronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security

Electronic Communication In Your Practice. How To Use Email & Mobile Devices While Maintaining Compliance & Security Electronic Communication In Your Practice How To Use Email & Mobile Devices While Maintaining Compliance & Security Agenda 1 HIPAA and Electronic Communication 2 3 4 Using Email In Your Practice Mobile

More information

TECH TIPS. Integer eleif end conse quat molestie morbi ac eros sagittis. ebook

TECH TIPS. Integer eleif end conse quat molestie morbi ac eros sagittis. ebook //ebook 2012 Integer eleifend consequat molestie morbi ac eros sagittis diam ferm entum congue sed laoreet tincidunt libero TECH vitae tincidunt, nulla vestib ulum justo at leo pulvinar nec vene natis

More information

VMware vsphere Data Protection

VMware vsphere Data Protection FREQUENTLY ASKED QUESTIONS VMware vsphere Data Protection vsphere Data Protection Advanced Overview Q. What is VMware vsphere Data Protection Advanced? A. VMware vsphere Data Protection Advanced is a backup

More information

Accelerate with Ampleflex Cloud! Highly adoptable and dependable platform for deploying services and applications into the Cloud. www.ampleflex.

Accelerate with Ampleflex Cloud! Highly adoptable and dependable platform for deploying services and applications into the Cloud. www.ampleflex. Accelerate with Ampleflex Cloud! Highly adoptable and dependable platform for deploying services and applications into the Cloud. www.ampleflex.com The Challenge Enterprises are updating applications to

More information

vsphere Replication for Disaster Recovery to Cloud

vsphere Replication for Disaster Recovery to Cloud vsphere Replication for Disaster Recovery to Cloud vsphere Replication 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Sichere Virtualisierung mit VMware

Sichere Virtualisierung mit VMware Sichere Virtualisierung mit VMware Stefan Bohnengel, VMware Harald Speckbrock, RSA Neuss, 12.11.2009 Building The Private Cloud private cloud Flexibility Control Choice your applications your information

More information

vcloud Suite Architecture Overview and Use Cases

vcloud Suite Architecture Overview and Use Cases vcloud Suite Architecture Overview and Use Cases vcloud Suite 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

VMware vcloud Networking and Security Overview

VMware vcloud Networking and Security Overview VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility

More information

vsphere Replication for Disaster Recovery to Cloud

vsphere Replication for Disaster Recovery to Cloud vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

VMware vcloud Service Definition for a Private Cloud

VMware vcloud Service Definition for a Private Cloud Service Definition for a Private Cloud Version 1.6 TECHNICAL WHITE PAPER Service Definition for a Private Cloud 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international

More information

VMware vcloud Air Security TECHNICAL WHITE PAPER

VMware vcloud Air Security TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects

More information

VMware Trademark Guide

VMware Trademark Guide VMware Trademark Guide This Trademark document is intended to provide guidance regarding the VMware brand names that tend to draw the greatest interest. The first occurrence of a brand name in a document

More information

CLOUD SECURITY: Secure Your Infrastructure

CLOUD SECURITY: Secure Your Infrastructure CLOUD SECURITY: Secure Your Infrastructure 1 Challenges to security Security challenges are growing more complex. ATTACKERS HAVE EVOLVED TECHNOLOGY ARCHITECTURE HAS CHANGED NIST, HIPAA, PCI-DSS, SOX INCREASED

More information

IBM Virtual Server Services. A smarter way to support and grow your business

IBM Virtual Server Services. A smarter way to support and grow your business IBM Virtual Server Services A smarter way to support and grow your business 2 IBM Virtual Server Services Take control of IT complexity, cost and security Are you managing a complex server infrastructure?

More information

Public Cloud Service Definition

Public Cloud Service Definition Public Version 1.5 TECHNICAL WHITE PAPER Table Of Contents Introduction... 3 Enterprise Hybrid Cloud... 3 Public Cloud.... 4 VMware vcloud Datacenter Services.... 4 Target Markets and Use Cases.... 4 Challenges

More information

EMC IT-AS-A-SERVICE SOLUTIONS FOR HEALTHCARE PROVIDERS

EMC IT-AS-A-SERVICE SOLUTIONS FOR HEALTHCARE PROVIDERS EMC IT-AS-A-SERVICE SOLUTIONS FOR HEALTHCARE PROVIDERS ESSENTIALS In tandem with your IT team, EMC can help your organization create an ITaaS Service Catalog to: Evolve to a scalable, flexible, dynamic

More information

Third Platform Apps & EMC: Redefining IT & Helping Our Customers Lead The Way. Name

Third Platform Apps & EMC: Redefining IT & Helping Our Customers Lead The Way. Name 1 Third Platform Apps & EMC: Redefining IT & Helping Our Customers Lead The Way Name 2 3 Home, Driving & Work 3 rd Platform A Definition Four Interdependent Trends: Social Interaction, Mobility, Cloud,

More information

Jaan Feldmann Sergei Sokolov

Jaan Feldmann Sergei Sokolov Jaan Feldmann Sergei Sokolov System Resource Host VM Cluster Windows Server 2008 R2 Hyper-V Windows Server 2012 Hyper-V Improvement Factor Logical Processors 64 320 5 Physical Memory 1TB 4TB 4 Virtual

More information

VMware for your hosting services

VMware for your hosting services VMware for your hosting services Anindya Kishore Das 2009 VMware Inc. All rights reserved Everybody talks Cloud! You will eat your cloud and you will like it! Everybody talks Cloud - But what is it? VMware

More information

VBLOCK SYSTEMS: VMWARE VIRTUAL FIREWALLS IMPLEMENTATION GUIDE

VBLOCK SYSTEMS: VMWARE VIRTUAL FIREWALLS IMPLEMENTATION GUIDE VCE Word Template www.vce.com VBLOCK SYSTEMS: VMWARE VIRTUAL FIREWALLS IMPLEMENTATION GUIDE Version 1.0 December 2012 2012 VCE Company, LLC. All Rights Reserved. 1 Copyright 2012 VCE Company Inc. All Rights

More information

Service Definition for Private Cloud TECHNICAL WHITE PAPER

Service Definition for Private Cloud TECHNICAL WHITE PAPER Service Definition for Private Cloud TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Phase I.... 3 Phase II.... 3 Workload Categories.... 4 Transient... 4 Highly Elastic.... 4 Infrastructure....

More information

Plan For Today, Grow Into Your Future.

Plan For Today, Grow Into Your Future. One Partner, Endless Capabilities. Since 2001, UL has helped organizations grow from Colo to Cloud San Francisco Los Angeles Las Vegas Toronto Virginia Vancouver Plan For Today, Grow Into Your Future.

More information

Grant Aitken. Area Vice-President VMware Canada (B) 905 470-0235 (M) 416 566-2693 gaitken@vmware.com

Grant Aitken. Area Vice-President VMware Canada (B) 905 470-0235 (M) 416 566-2693 gaitken@vmware.com Grant Aitken Area Vice-President VMware Canada (B) 905 470-0235 (M) 416 566-2693 gaitken@vmware.com 1122 International Blvd Burlington ON L7L 6Z8 Canada 1 The Problem 5% Infrastructure Investment Where

More information

Site Recovery Manager Installation and Configuration

Site Recovery Manager Installation and Configuration Site Recovery Manager Installation and Configuration vcenter Site Recovery Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

efolder White Paper: HIPAA Compliance

efolder White Paper: HIPAA Compliance efolder White Paper: HIPAA Compliance October 2014 Copyright 2014, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within

More information

Expert Reference Series of White Papers. Visions of My Datacenter Virtualized

Expert Reference Series of White Papers. Visions of My Datacenter Virtualized Expert Reference Series of White Papers Visions of My Datacenter Virtualized 1-800-COURSES www.globalknowledge.com Visions of My Datacenter Virtualized John A. Davis, VMware Certified Instructor (VCI),

More information

VMware vcloud Air Networking Guide

VMware vcloud Air Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

An Introduction to Private Cloud

An Introduction to Private Cloud An Introduction to Private Cloud As the word cloud computing becomes more ubiquitous these days, several questions can be raised ranging from basic question like the definitions of a cloud and cloud computing

More information

Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012

Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012 Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012 2 Who? Viktor van den Berg Consultant @ PQR Former Dutch VMUG Leader Blogger at www.viktorious.nl Twitter @viktoriousss

More information

VMware vcloud Networking and Security

VMware vcloud Networking and Security VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility

More information

AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM FOR VMWARE VCLOUD AIR

AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM FOR VMWARE VCLOUD AIR DEPLOYMENT GUIDE AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM FOR VMWARE VCLOUD AIR Introduction VMware vcloud Air is a public cloud platform built on the proven foundation of vsphere and managed by

More information

2013 ovh.com. All rights reserved

2013 ovh.com. All rights reserved Abstract During this session, the user will learn how to optimize security, rights, network layers to build Private, Hybrid & Public Cloud range of services based on a same infrastructure using VMware

More information

VMware Solution Guide for. Payment Card Industry (PCI) September 2012. v1.3

VMware Solution Guide for. Payment Card Industry (PCI) September 2012. v1.3 VMware Solution Guide for Payment Card Industry (PCI) September 2012 v1.3 VALIDATION DO CU MENT Table of Contents INTRODUCTION... 3 OVERVIEW OF PCI AS IT APPLIES TO CLOUD/VIRTUAL ENVIRONMENTS... 5 GUIDANCE

More information

What s New in VMware Site Recovery Manager 6.1

What s New in VMware Site Recovery Manager 6.1 What s New in VMware Site Recovery Manager 6.1 Technical Overview AUGUST 2015 Table of Contents Introduction... 2 Storage profile based protection... 2 Stretched Storage and Orchestrated vmotion... 5 Enhanced

More information

SECURITY IN THE HYBRID CLOUD:

SECURITY IN THE HYBRID CLOUD: SECURITY IN THE HYBRID CLOUD: Putting Rumors to Rest FROM VIRTUALIZATION TO GROWTH OF THE PUBLIC CLOUD IDC predicts that public cloud computing services will grow to a $72.9 billion market in 2015, up

More information

idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute

idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute integrating Data for Analysis, Anonymization, and SHaring idash Infrastructure to Host Sensitive Data: HIPAA Cloud Storage and Compute Claudiu Farcas, Antonios Koures Outline Infrastructure Overview Typical

More information

Drobo How-To Guide. Use Drobo as Tiered Storage for Cloud Computing with VMware vcloud Director

Drobo How-To Guide. Use Drobo as Tiered Storage for Cloud Computing with VMware vcloud Director Companies of all sizes are looking for their IT department to deliver virtualization solutions as a service. VMware vcloud enables IT administrators to leverage existing VMware technologies to build public

More information

Pregled VMware Cloud portfolia

Pregled VMware Cloud portfolia 6.10.2011 Pregled VMware Cloud portfolia Saša Hederić, VMware 6.10.2011. VMware in the Leaders Quadrant for x86 Server Virtualization Gartner, Inc. Magic Quadrant for x86 Server Virtualization Infrastructure,

More information

Disaster Recovery As A Service Storage by CloudGrid and Zerto Virtual Replication Disaster Recovery and Business Continuity Platform

Disaster Recovery As A Service Storage by CloudGrid and Zerto Virtual Replication Disaster Recovery and Business Continuity Platform Disaster Recovery As A Service Storage by CloudGrid and Zerto Virtual Replication Disaster Recovery and Business Continuity Platform Cloud Grid Virtual Replication Cloud Grid provides an enterprise-class

More information

1. VMware is part technology and part sales and marketing genius. As a result of their marketing efforts many people in IT (especially the newer

1. VMware is part technology and part sales and marketing genius. As a result of their marketing efforts many people in IT (especially the newer 1 2 3 1. VMware is part technology and part sales and marketing genius. As a result of their marketing efforts many people in IT (especially the newer generations) believe that VMware invented virtualization.

More information

The Virtualization Practice

The Virtualization Practice The Virtualization Practice White Paper: Trend Micro Deep Security Reference Architecture for the Secure Hybrid Cloud Edward L. Haletky Analyst Virtualization and Cloud Security The Virtualization Practice

More information

Use Cases for Argonaut Project. Version 1.1

Use Cases for Argonaut Project. Version 1.1 Page 1 Use Cases for Argonaut Project Version 1.1 July 31, 2015 Page 2 Revision History Date Version Number Summary of Changes 7/31/15 V 1.1 Modifications to use case 5, responsive to needs for clarification

More information

PERSONAL HEALTH RECORDS AND

PERSONAL HEALTH RECORDS AND PERSONAL HEALTH RECORDS AND THE HIPAA PRIVACY RULE INTRODUCTION A personal health record (PHR) is an emerging health information technology that individuals can use to engage in their own health care to

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security Networking and Security are complex, dynamic areas, and VMware recognizes

More information

VMware vsphere: [V5.5] Admin Training

VMware vsphere: [V5.5] Admin Training VMware vsphere: [V5.5] Admin Training (Online Remote Live TRAINING) Summary Length Timings : Formats: Lab, Live Online : 5 Weeks, : Sat, Sun 10.00am PST, Wed 6pm PST Overview: This intensive, extended-hours

More information

How to Configure an Initial Installation of the VMware ESXi Hypervisor

How to Configure an Initial Installation of the VMware ESXi Hypervisor How to Configure an Initial Installation of the VMware ESXi Hypervisor I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide

More information

Your journey to the. Software Defined Data Centre. Aaron Steppat Senior Product Marketing Manager. VMware Australia & New Zealand

Your journey to the. Software Defined Data Centre. Aaron Steppat Senior Product Marketing Manager. VMware Australia & New Zealand Your journey to the Software Defined Data Centre Aaron Steppat Senior Product Marketing Manager Software Defined Data Centre VMware Australia & New Zealand Walking into a data centre is like walking into

More information

VMware Cloud Computing in de praktijk. 2009 VMware Inc. All rights reserved

VMware Cloud Computing in de praktijk. 2009 VMware Inc. All rights reserved VMware Cloud Computing in de praktijk Willem van Engeland Specialist SE Cloud 2009 VMware Inc. All rights reserved 2 3 4 6 A New Approach to Cloud The Software Defined Datacenter 7 Confidential Not for

More information

QNAP in vsphere Environment

QNAP in vsphere Environment QNAP in vsphere Environment HOW TO USE QNAP NAS AS A VMWARE DATASTORE VIA NFS Copyright 2009. QNAP Systems, Inc. All Rights Reserved. V1.8 How to use QNAP NAS as a VMware Datastore via NFS QNAP provides

More information

vcloud Suite Licensing

vcloud Suite Licensing vcloud Suite 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this

More information

Comparing Box and Egnyte. White Paper

Comparing Box and Egnyte. White Paper White Paper Revised July, 2013 Introduction File storage in the cloud has broad appeal for individuals as well as large businesses. At a macro level, there are two types of file storage/sharing solutions:

More information

Security in the Software Defined Data Center

Security in the Software Defined Data Center Security in the Software Defined Data Center Francesco Vigo Senior Systems Engineer, VMware fvigo@vmware.com Ugo Piazzalunga Technical Manager, SafeNet ugo.piazzalunga@safenet-inc.com Agenda Software Defined

More information

VMware vcloud for Healthcare and HIPAA/HITECH. White paper

VMware vcloud for Healthcare and HIPAA/HITECH. White paper ware vcloud for Healthcare White paper Table of Contents Executive Summary............................................................ 3 Examining Virtualization, Cloud and Healthcare IT................................

More information

What s New with VMware vcloud Director 5.1

What s New with VMware vcloud Director 5.1 What s New with VMware vcloud Director 5.1 Feature Overview TECHNICAL WHITE PAPER JULY 2012 Table of Contents What s New with VMware vcloud Director 5.1.... 3 Software-Defined IaaS.... 3 Hardware and OS

More information

VMware vcloud Service Definition for a Public Cloud. Version 1.6

VMware vcloud Service Definition for a Public Cloud. Version 1.6 Service Definition for a Public Cloud Version 1.6 Technical WHITE PAPER 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.

More information

5 OPPORTUNITIES TO DELIVER BUSINESS VALUE WITH THE CLOUD

5 OPPORTUNITIES TO DELIVER BUSINESS VALUE WITH THE CLOUD 5 OPPORTUNITIES TO DELIVER BUSINESS VALUE WITH THE CLOUD Thinking about moving your workloads and applications to the cloud? You re not alone. According to an IDG survey, global IT budgets dedicated to

More information

Cisco ASA 1000V Cloud Firewall

Cisco ASA 1000V Cloud Firewall Data Sheet Cisco ASA 1000V Cloud Firewall Product Overview The Cisco ASA 1000V Cloud Firewall extends the proven Adaptive Security Appliance security platform to consistently secure the tenant edge in

More information

vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product?

vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product? CHEAT SHEET INTERNAL USE ONLY VMware vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product? VMware has combined its security and advanced networking

More information

Secure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC

Secure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC Learning Objectives After this session, the learner should

More information

vcloud Suite 5.1- Build your Private Cloud

vcloud Suite 5.1- Build your Private Cloud vcloud Suite 5.1- Build your Private Cloud Darius Spaicys & Libor Nedas VMware Baltics 2011 VMware Inc. All rights reserved VMware is the Customer Proven Market Leader (EMEA) Company Overview $3.77 billion

More information

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents

More information

Can You be HIPAA/HITECH Compliant in the Cloud?

Can You be HIPAA/HITECH Compliant in the Cloud? Can You be HIPAA/HITECH Compliant in the Cloud? Background For the first 10 years of its existence, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was a toothless tiger. Although

More information

Citrix XenDesktop & XenApp

Citrix XenDesktop & XenApp VMware Management Pack for Citrix XenDesktop & XenApp How Blue Medora Complements vrealize VMware provides best-ofbreed management for Virtualization / Cloud vsphere via vrealize Operations How Blue Medora

More information

vcloud Air Simone Brunozzi, VP and Chief Technologist, vcloud Air @simon 2014 VMware Inc. All rights reserved.

vcloud Air Simone Brunozzi, VP and Chief Technologist, vcloud Air @simon 2014 VMware Inc. All rights reserved. vcloud Air Simone Brunozzi, VP and Chief Technologist, vcloud Air @simon 2014 VMware Inc. All rights reserved. Cloud Computing! Exciting! But wait 2009 2014 98% 94% 2% 6% VMs in Public Cloud VMs On-Premises

More information

VMware Horizon. VMware Horizon 6. Q. What is VMware Horizon? Central image management is supported for

VMware Horizon. VMware Horizon 6. Q. What is VMware Horizon? Central image management is supported for FREQUENTLY ASKED QUESTIONS VMware Horizon Q. What is VMware Horizon? A. VMware Horizon is a family of desktop and application virtualization solutions designed to deliver Windows and online services from

More information

Note: This App is under development and available for testing on request. Note: This App is under development and available for testing on request. Note: This App is under development and available for

More information

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI Job oriented VMWARE training is offered by Peridot Systems in Chennai. Training in our institute gives you strong foundation on cloud computing by incrementing

More information

Instant VM Recovery: Restore an entire machine from backup In a matter. U-AIR (Universal Application-Item Recovery): Recover individual objects

Instant VM Recovery: Restore an entire machine from backup In a matter. U-AIR (Universal Application-Item Recovery): Recover individual objects Backup & Replication Virtualization offers a unique value proposition, with the opportunity to reduce costs while also in-creasing service levels. Nowhere is this value proposition more apparent than with

More information

VMware vcenter Site Recovery Manager 5 Technical

VMware vcenter Site Recovery Manager 5 Technical VMware vcenter Site Recovery Manager 5 Technical Raj Jethnani, VCP 4/5, VCAP4-DCA / DCD Systems Engineer VMware, Inc. rjethnani@vmware.com @rajtech 2009 VMware Inc. All rights reserved Agenda Simplifying

More information

Dell Cloud Services. Services

Dell Cloud Services. Services Dell Cloud Services Services The Cloud is Key Foundation of ITaaS Traditional Virtualized Private Cloud Distribution Today Public Cloud Distribution in 3 5 Years A mix of architectures can be employed

More information

Cloud Infrastructure Licensing, Packaging and Pricing

Cloud Infrastructure Licensing, Packaging and Pricing Cloud Infrastructure Licensing, Packaging and Pricing ware, August 2011 2009 ware Inc. All rights reserved On July 12 2011 ware is Introducing a Major Upgrade of the Entire Cloud Infrastructure Stack vcloud

More information

EMC HYBRID CLOUD SOLUTION FOR HEALTHCARE

EMC HYBRID CLOUD SOLUTION FOR HEALTHCARE EMC HYBRID CLOUD SOLUTION FOR HEALTHCARE Next-Generation Health IT at the Point-of-Care ESSENTIALS Delivering ITaaS via a trusted, well-run EMC Hybrid Cloud drives business alignment, efficiency, and end-user

More information

Branch Office Desktop

Branch Office Desktop Branch Office Desktop VMware Solution Lab Validation HOW-TO GUIDE Solution Overview Regional and branch offices need access to corporate assets but often lack local administrative resources to maintain

More information

A Guide to Disaster Recovery in the Cloud. Simple, Affordable Protection for Your Applications and Data

A Guide to Disaster Recovery in the Cloud. Simple, Affordable Protection for Your Applications and Data A Guide to Disaster Recovery in the Cloud Simple, Affordable Protection for Your Applications and Data Table of Contents Introduction Cloud-Based Disaster Recovery................................... 3

More information

VMware vsphere Replication Security Guide

VMware vsphere Replication Security Guide VMware Security Guide 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

More information

VMware System, Application and Data Availability With CA ARCserve High Availability

VMware System, Application and Data Availability With CA ARCserve High Availability Solution Brief: CA ARCserve R16.5 Complexity ate my budget VMware System, Application and Data Availability With CA ARCserve High Availability Adding value to your VMware environment Overview Today, performing

More information

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Potecting your business assets in The Cloud, with. Secure Multitency Environment from CloudHPT.

Potecting your business assets in The Cloud, with. Secure Multitency Environment from CloudHPT. Potecting your business assets in The Cloud, with Secure Multitency Environment from CloudHPT. Whitepaper 1 Introduction Goal of This Document To provide a guide to the security features of CloudHPT. CloudHPT

More information

VMware vfabric Suite Advanced Product Eligibility

VMware vfabric Suite Advanced Product Eligibility Page 1 of 8 VMware vfabric Suite Advanced Product Eligibility Overview (/promotions/2012-vfabric-suite.html) Terms and Conditions (/promotions/2012-vfabric-suite-terms.html) FAQ (/promotions/2012-vfabric-suite-faqs.html)

More information

ADVANCE YOUR MISSION WITH THE CLOUD DO MORE WITH LESS CLOUD SOLUTIONS CDW NONPROFIT

ADVANCE YOUR MISSION WITH THE CLOUD DO MORE WITH LESS CLOUD SOLUTIONS CDW NONPROFIT ADVANCE YOUR MISSION WITH THE CLOUD DO MORE WITH LESS CLOUD SOLUTIONS CDW NONPROFIT 2 CLOUD SOLUTION Cloud/hosted software spending by nonprofits and associations increased by 43% while technology hardware

More information

! PRIVATE!PAGES! DRUPAL!7!WEB!CONTENT!MANAGEMENT!

! PRIVATE!PAGES! DRUPAL!7!WEB!CONTENT!MANAGEMENT! UNIVERSITY*OF*CALGARY InformationTechnologies PRIVATEPAGES DRUPAL7WEBCONTENTMANAGEMENT September2015 TableofContents FirstSteps...1 AddingaPrivatePage...2 AccessControl...4 PrivatePages Drupal7WebContentManagement

More information

A Guide to Hybrid Cloud for Government Agencies An inside-out approach for extending your data center to the cloud

A Guide to Hybrid Cloud for Government Agencies An inside-out approach for extending your data center to the cloud A Guide to for Government Agencies An inside-out approach for extending your data center to the cloud Inside INTRODUCTION CHAPTER 1 CHAPTER 2 CHAPTER 3 CONCLUSION Transform the Government IT Environment

More information

JOHNSON COUNTY COMMUNITY COLLEGE 12345 College Blvd., Overland Park, KS 66210 Ph. 913-469-3812 Fax 913-469-4429

JOHNSON COUNTY COMMUNITY COLLEGE 12345 College Blvd., Overland Park, KS 66210 Ph. 913-469-3812 Fax 913-469-4429 JOHNSON COUNTY COMMUNITY COLLEGE 12345 College Blvd., Overland Park, KS 66210 Ph. 913-469-3812 Fax 913-469-4429 ADDENDUM #1 September 21, 2015 REQUEST FOR PROPOSALS #16-033 FOR CLOUD BASED BACKUP & RECOVERY

More information