HYTRUST SOLUTION FOR VBLOCK INFRASTRUCTURE PLATFORMS
|
|
- Irene Bruce
- 8 years ago
- Views:
Transcription
1 HYTRUST SOLUTION FOR VBLOCK INFRASTRUCTURE PLATFORMS February VCE Company, LLC. All Rights Reserved.
2 Contents Introduction... 3 Business Case... 3 Solution... 3 Key Benefits... 4 Scope... 4 Audience... 4 Feedback... 4 Technology Overview... 5 Vblock Infrastructure Platforms... 5 Balancing Convergence and Separation of Duties... 5 Security Ecosystem... 5 HyTrust Appliance... 5 Solution Architecture... 7 Overview... 7 Vblock Series 700 model MX... 7 Physical Architecture... 9 Logical Architecture Design Considerations Configuration Validation Overview Use Cases Use Case #1 Unified Authentication Use Case #2 Unified Authorization Use Case #3 Unified Logging Use Case #4 Redundant Operation Use Case #5 Enterprise Ready Use Case #6 RSA Use Case #7 Negative Testing Conclusion Appendix 1: Microsoft Active Directory Groups VCE Company, LLC. All Rights Reserved. 2
3 Introduction Business Case Industry and government information technology (IT) compliance objectives and requirements exhibit common needs to control data access through authentication and authorization while protecting data integrity and confidentiality. Certain compliance authorities affect specific industries, such as Government (FISMA Certification and Accreditation (C&A) / FedRAMP), Banking (Basel III, OCC), Healthcare (HIPAA), and Utilities (FERC, NERC). Some requirements, such as PCI, SOX, and the EU Privacy Directive, are more horizontal, affecting a broad range of organizations. Driven by compliance concerns and the need for additional control in sensitive environments, organizations need granular administrative AAA (authentication, authorization, and accounting) traditionally lacking in large-scale virtual environments. Despite ongoing evolution and increasing complexity, today s compliance authorities call for strict RBAC (role-based access control) with detailed accountability of administrator actions. This is a challenging problem to solve in large-scale virtual environments. Converged infrastructures offer the compelling benefit of unified management but must also accommodate existing silos of human and technical resources and facilitate the separation of duties required for secure administration. Unfortunately, the converged nature of today s cloud computing solutions does not always accommodate existing IT organizational structures and policies. While converged infrastructures confer significant benefits through the unification of compute, network, storage, and management resources, they do not magically merge the IT departments responsible for managing them. Applications and data stores affected by the rise in compliance requirements are frequently businesscritical resources that require high availability and reliable application performance for example, credit card processing regulated by PCI. A successful IT solution for regulated applications must support an infrastructure with consistent and predictable service availability, reliability, and delivery. Solution VCE, the Virtual Computing Environment Company, has teamed up with HyTrust to provide a tightly coupled solution for applications in regulated environments. The VCE and HyTrust Solution combines Vblock Infrastructure Platforms and the HyTrust Appliance to integrate security, control, performance, and high availability in one package. This solution works on any Vblock Series 300 or Vblock Series 700, using the Vblock high-availability (HA) AMP or mini-amp. Vblock platforms utilize leading compute, storage, network, virtualization, and management components to provide enterprise class IT infrastructure that is pre-engineered, hardened, tested, and validated to provide defined performance, capacity, and availability for today s mission critical applications. Vblock platforms are built from Cisco, EMC, and VMware components, whose marketleading technologies include the virtual security products deployable with Vblock platforms. When combined with the HyTrust Appliance, Vblock platforms support the security technologies needed to meet today s compliance requirements VCE Company, LLC. All Rights Reserved. 3
4 The Advanced Management Pod (AMP) used in Vblock platforms, a key component of this solution, offers the ideal architecture and traffic flows for using the HyTrust Appliance as a gateway for all administrative traffic. This network-based deep integration improves control and usability. The HyTrust Appliance described in this solution is designed to work as a security gateway for Vblock platform administrative network traffic, with support by design for all compute, IP and storage network, and virtualization components. The HyTrust Appliance is a virtual appliance that sits between your IT administrators and the IT infrastructure, permitting or denying interactive administrative requests according to the organization s defined security policies. The HyTrust Appliance bridges the gap between organization-wide and IT function driven administration through the use of centralized user administration and access control for both unified and component management interfaces. The VCE and HyTrust Solution provides a control layer on top of the high-performing Vblock platform, with granular control offering the advantages of unified management combined with direct, protected access by individual parts of the organization according to roles and policies. The combination of operational characteristics, security flexibility, and enhanced usability make the VCE and HyTrust Solution a superior choice for running regulated application workloads. Key Benefits Easy implementation of Separation of Duties and Least Privilege Centralized user administration - Authentication - Authorization Easy support for multi-factor authentication Enhanced audit logs Fine grain control over managed resources and attributes using RBAC Scope This document provides a high-level description of the VCE and HyTrust Solution, including business requirements, technology components, architecture, and use case validation. Audience This document is intended for IT and security administrators, managers, and directors deploying Vblock platforms with regulated application workloads. Feedback To suggest documentation changes and provide feedback on this paper, send to docfeedback@vce.com. Include the name of this paper, the name of the topic to which your comment applies, and your feedback VCE Company, LLC. All Rights Reserved. 4
5 Technology Overview Vblock Infrastructure Platforms Vblock platforms by VCE are enterprise- and service provider class IT infrastructure built upon industry leading technology by Cisco, EMC, Intel, and VMware. Vblock platforms are pre-engineered, hardened, tested, and validated units that streamline IT infrastructure acquisition, deployment, and operations. By standardizing IT building blocks, VCE can dramatically simplify IT operations accelerating IT deployment while reducing costs and improving service levels for all workloads, including the most demanding critical enterprise applications. Customers who previously spent 70% or more of their IT budgets and staff time on maintaining infrastructure can focus on more strategic efforts that add value to the business or mission. Vblock platforms are architected and hardened according to each component s best practices and enterprise-grade business objectives. Strict design control enables Vblock platforms to meet specific performance and availability levels while maintaining a balanced, optimized, and easily managed converged infrastructure. Balancing Convergence and Separation of Duties VCE provides a balanced combination of the efficiencies of convergence and the separation of duties required to integrate with existing IT structures and security requirements. Vblock platforms provide convergence products like UIM to administer a Vblock platform as a unit, and they provide discrete management capabilities for IP and storage networking, compute, virtualization, and storage. For example, the Nexus 1000V allows the networking team to administer virtual networking with a familiar set of tools and interfaces without concentrating power beyond organizational tolerance levels. Security Ecosystem Cisco, EMC (including RSA, The Security Division of EMC), and VMware are three of the largest players in the virtual security and compliance arena. Vblock platforms can be deployed with virtually all of their security products, providing customers a rich bank of security resources to draw upon. Additionally, the VCE partner channel will support using the overwhelming majority of available security technologies with Vblock platforms, regardless of manufacturer. HyTrust Appliance The HyTrust Appliance (HTA) acts as a transparent management gateway for Vblock platforms, providing comprehensive security accountability and visibility. The HyTrust Appliance provides consistent control at the hypervisor layer to securely enable all access methods, including VMware vsphere Client, Web client, and Secure Shell (SSH). Its capabilities include: Secure Unified Account Management With the HyTrust Appliance you can manage all Vblock platform components using Microsoft Active Directory (AD) password authentication or RSA SecurID multi-factor authentication. Separation of Duties and Fine-grained Access Control The HyTrust Appliance allows you to define and enforce highly granular access policies for the Vblock platform virtual infrastructure by defining Groups, Policies, Rules, and Resources. Members of a 2012 VCE Company, LLC. All Rights Reserved. 5
6 particular Group can access resources as defined by centrally administered Rules governing security for Resources in the Vblock platform. For example, a rule can allow members of the HT_NetworkAdmin group to perform AddPortGroup and RemoveVirtualSwitch operations for a Resource like the vcenter server and all objects underlying it, such as the networking subsystem. (See also Appendix 1: Microsoft Active Directory Groups.) Support for Multi-Tenancy IT organizations can define controls for individual virtual machines (VM) within Vblock platforms to ensure separation of tenants in a multi-tenant environment or to support mixed mode environments where regulated and non-regulated applications share common infrastructure. Hypervisor Hardening Access to VMware vsphere hosts allows you to identify configuration errors using prebuilt assessment frameworks such as PCI DSS, CIS Benchmark, VMware Best Practices, or custom, user-defined templates. Without manual effort or scripts, the HyTrust Appliance proactively monitors hosts and simplifies configuration maintenance. Audit-quality Logging Granular, user-specific access logs streamline audits, troubleshooting, and forensic analysis. The HyTrust Appliance gives IT groups the ability to grant self-service audit administration to various internal organizations. Integrated by Design with Vblock Platforms The HyTrust Applianceprotects administrative access to Vblock platform components, including the UCS Manager (UCSM), Nexus 1000V and physical components running NX-OS, including MDS SAN switches. This integration enables unified account management of the converged infrastructure and provides a single point of logging administrative operations, which facilitates compliance VCE Company, LLC. All Rights Reserved. 6
7 Solution Architecture Overview The HyTrust Appliance is a virtual appliance that deploys as a virtual machine on the VMware vsphere infrastructure. It relies on its position in the network to view IT management traffic and intercept management requests normally routed directly to Vblock platform management ports (such as UCSM, VMware vsphere ESXi console ports, and Nexus 5548 management ports). The HyTrust Appliance first authenticates and authorizes all users and the operations they want to perform and then passes on the request to the target. In addition, the HyTrust Appliance allows organizations to create and apply more granular access policies and perform ESX configuration management by applying and monitoring ESX compliance to custom-defined security templates and then remediating deficiencies and discrepancies. The Vblock Advanced Management Pod (AMP) is a self-contained management infrastructure that performs management and monitoring functions for the Vblock platform. The AMP hosts infrastructure management software such as VMware vcenter, UIM, and Vblock infrastructure element managers. Each Vblock platform includes either a mini-amp or high availability (HA) AMP. The mini-amp is based on a single rack mounted server and dual Cisco switches. The HA AMP uses redundant servers and switches, and redundancy for most applications and tools. This solution works on either the HA AMP or mini-amp. The AMP hosts the virtual machines used to support the management tools controlling the Vblock platform and its components. In order to avoid parent-child conflicts, the AMP is discrete from the core Vblock platform resources it supports. The AMP is also connected to the administrative interfaces of the components. Since administrative users either interact with resources in the AMP or connect directly to components through it, and since the AMP has the resources to host virtual HyTrust Appliances, we recommend you position the HyTrust Appliance on the AMP. Vblock Series 700 model MX The Vblock Series 700 model MX used to validate this solution combines Cisco s Unified Computing System (UCS), Nexus, and MDS compute and networking technologies with VMware s vsphere virtualization layer and the EMC VMAX series of unified storage arrays. The 700MX is deployed for massive scaling with ERP, CRM, and virtual desktops in configurations that are extensible to meet the most demanding IT requirements of any enterprises or service providers. It utilizes a SAN storage medium or a NAS (File) storage medium. UCS local boot disks are optional. The 700MX contains the following key hardware and software components: Table 1. Vblock Series 700 model MX hardware and software Resource Components Compute Cisco UCS B-Series Blades Cisco M81KR Virtual Interface Card converged network adapter Cisco UCS fabric interconnects (FI) 6140 Cisco UCS 5108 Blade Server chassis 2012 VCE Company, LLC. All Rights Reserved. 7
8 Resource Components Network Cisco Nexus 5548UP Series IP switches (optional: required for two compute cabinets unless you select a Cisco Nexus 7010 switch) Cisco Nexus 7010 switch (optional: requires two or more compute cabinets) Cisco Nexus 1000V VSM and VEM virtual switch Cisco MDS 9148 Multilayer Fabric Switch Cisco MDS 9506 Multilayer Director (optional) Cisco MDS 9513 Multilayer Director (optional) Storage EMC Symmetrix VMAX EMC Symmetrix Data at Rest Encryption (DARE) (optional) Virtualization VMware vsphere 5: VMware ESXi and vcenter Server Management EMC PowerPath/VE Cisco UCS Manager EMC Ionix Unified Infrastructure Manager (UIM) EMC Secure Remote Support (ESRS) on Windows EMC Symmetrix Management Console (SMC) on Windows EMC Symmetrix Performance Analyzer (SPA) on Windows VMware vsphere Server Enterprise Plus Note: This solution works on any Vblock Series 300 or Vblock Series 700, using the HA AMP or mini-amp VCE Company, LLC. All Rights Reserved. 8
9 Figure 1. Vblock Series 700 model MX and mini-amp. Physical Architecture Vblock platforms include an AMP. The AMP provides a single management point for Vblock platforms and provides the following benefits: Monitors and manages Vblock platform health, performance, and capacity Provides fault isolation for management 2012 VCE Company, LLC. All Rights Reserved. 9
10 Eliminates resource overhead on the Vblock platform Provides a clear demarcation point for remote operations The AMP contains these physical components: One Cisco 3560x Ethernet Switch One Cisco C200 Rack Mounted Server running VMware ESXi 5 (48 GB RAM and 4 TB of storage) You can deploy the following tools in the AMP to manage Vblock platforms: Cisco Unified Computing System Manager (UCSM) Cisco Virtual Supervisor Module (VSM) VMware vcenter 5 Windows 2008R2 Servers deployed for various purposes including Microsoft Domain Controller with Active Directory Services, utility host/management servers HyTrust Appliance Note: This list is not exhaustive and only contains a listing of element managers that are accessed through the HyTrust Appliance. Logical Architecture The AMP switch and ESXi host with VMware vswitch have the following VLANs defined: VLAN 101: The management interfaces for the Cisco Nexus 5548UP, Cisco MDS 9148, vcenter Server, and ESXi console reside here. VLAN 104: The UCSM interface is accessible through this VLAN. VLAN 105: The Nexus 1000V VSM management interface resides here. VLAN 206: This VLAN hosts management tools such as SNMP receptors, syslog servers, and utility hosts. The HyTrust Appliance is deployed in Router mode. In Router mode the appliance sits between the source network of the management traffic and the target systems. This is accomplished by putting virtual interfaces on two different VLANs. In this solution, we used one interface on VLAN 206 and one on VLAN 101. There is also a static route on the ESXi host that sends traffic destined for VLAN 206 to the HyTrust Appliance interface that sits on VLAN 101. This is important to ensure that no one can circumvent the HyTrust Appliance. Additionally, access restrictions exist on the individual element managers and network control points, which limits the source of management traffic to the HyTrust Appliance. This environment is depicted in Figure VCE Company, LLC. All Rights Reserved. 10
11 Figure 2. VCE and HyTrust Solution management environment Design Considerations This solution follows the best practices for both Vblock platforms and the HyTrust Appliance to improve usability and compliance: We required that all administrative traffic from outside the Vblock platform use a utility server in the AMP. We used a 700MX with the AMP using the HyTrust Appliance configured in the routing mode and residing on the AMP. We routed all management network traffic through the HyTrust Appliance VCE Company, LLC. All Rights Reserved. 11
12 We used a mixed environment consisting of UCSM 1.4 U3, Nexus 1000V, Nexus 5000 series, MDS 9000 series, VMware vsphere vcenter 5.0, VMware ESXi 5.0 all protected by the HyTrust Appliance. We configured the HyTrust Appliance in Directory Services mode, using unified authentication to a central Active Directory service. Configuration The following steps provide an overview of the HyTrust Appliance (HTA) installation and configuration: 1. Review ESXi host and other system and environment prerequisites for installing and using HTA. 2. Add additional VLANs not installed during Vblock platform logical build. 3. Convert the HyTrust Appliance to Directory Services mode to ensure integration with a corporate user/account directory, such as Microsoft AD. You do not need to configure individual components to work with AD. 4. Install (import) HTA as a VMware ESX VM. Confirm that the network adapter(s) are properly configured and connected. After editing the necessary settings, turn on the HTA virtual machine. 5. Run Setup and the Install Wizard. 6. Optionally, set up the HTA vcenter Plugin, which allows you to perform HTA operations directly from vsphere Client accessing a vcenter server. You can use the HTA Management Console Web application, as well. 7. Add vcenter Servers, ESX hosts, Nexus 1000V switches, UCSM, and Cisco Nexus 5000 and 7000 series switches to be managed and protected by the HTA. 8. Define Rules and deploy Policy to activate protection for the virtual infrastructure. The following steps provide an overview of the Vblock platform configuration necessary to support the HyTrust Appliance: 1. Add a static route to the ESXi host in the AMP to ensure proper traffic flow. 2. Configure all HyTrust managed devices to log to a centralized log server in the AMP. 3. Add SNMP traps from HyTrust managed devices to a centralized SNMP trap receptor. 4. Restrict access to the IP of the HTA on the systems to be administered through HyTrust. 5. Configure all devices for Network Time Protocol (NTP). 6. Build Microsoft AD groups and users VCE Company, LLC. All Rights Reserved. 12
13 Validation Overview Validation comprised simple tests for seven discrete use cases designed to show that the VCE and HyTrust Solution provides enterprises a high availability security gateway that provides: Easy integration with Vblock platforms Fine-grained control of authentication and authorization Enhanced audit logging Compatibility with RSA SecurID security technologies. To validate these use cases, we performed the following tests: Use Case #1 Unified Authentication Verify the ability to centrally configure authentication using HyTrust and Microsoft Active Directory. Use Case #2 Unified Authorization Verify the ability to manage authorization by both protected system and by role. Use Case #3 Unified Logging Verify the ability to create enhanced audit logs. Use Case #4 Redundant Operation Verify that HyTrust Appliance ensures service availability after a component failure. Use Case #5 Enterprise Ready Verify the ability of the HyTrust Appliance to interoperate with select management and monitoring technologies. Use Case #6 RSA Verify that RSA SecurID tokens can be used to authenticate administrative traffic directed through the HyTrust Appliance. Use Case #7 Negative Testing Verify that the HyTrust appliance in this solution cannot be trivially bypassed by users connecting from outside the management plane. Use Cases Use Case #1 Unified Authentication Procedure Verify the ability to centrally configure authentication using HyTrust and Microsoft Active Directory. 1. We used default HTA policy for full access (Default SuperAdmin rule). 2. We added an AD-provisioned user to an AD group with full access privileges VCE Company, LLC. All Rights Reserved. 13
14 3. We used this account to authenticate to AD and gain access to all the elements of the infrastructure (vsphere, Nexus 1000V, Nexus 5000, MDS, UCSM), even though no local accounts were provisioned in those modules. 4. We verified that authentication and login operations were captured by the HyTrust log. Results The log files and SNMP traps successfully demonstrated the unified authentication of the AMP-based Vblock platform element managers. Additionally, since no logical connection existed between AD and the individual network components, it was not possible for an AD account to have been authenticated in this environment without going through the HyTrust Appliance. Use Case #2 Unified Authorization Verify the ability to manage authorization by both protected system and by role. Procedure 1. We used a default HyTrust Appliance policy for managing networking (Default NetworkAdmin rule) 2. We added an AD provisioned user to an AD group with network management privileges. 3. We verified that the user was able to connect to vsphere and see network systems, but was blocked from creating a virtual machine or modifying the vcenter syslog setting. Unauthorized operations were correctly logged by HyTrust Appliance with WARN level. 4. We created an additional policy that blocked access to MDS switches for all users except SuperAdmins (we applied a RuleSet SuperAdmin Only to the two MDS switches). 5. We verified that the user who was the only member of the group with network privileges was blocked from accessing the MDS, but was still able to access the Nexus 1000V VSM. All the activity, including new policy creation and authorized and blocked access, appeared in the log. Results This use case uses the same AD account we created in use case #1 to perform functions requiring administrative level access. Since only the AD account associated with the HyTrust SuperAdmin role had the proper privileges, the other account could not perform admin level tasks. All attempts to make changes were logged on the syslog server and successfully demonstrated the unified authorization provided by the VCE and HyTrust Solution. Use Case #3 Unified Logging Verify the ability to create enhanced audit logs. Procedure While validating the previous two use cases we confirmed: 2012 VCE Company, LLC. All Rights Reserved. 14
15 1. Authentication is correctly logged for all the different modules. 2. All authorized operations are correctly logged with users correctly attributed and other pertinent details present (source IP, operation and so forth). 3. All blocked operations are correctly logged with users correctly attributed and information about why the operation was not authorized. Results Use cases #1 and #2 both created significant, detailed logs. The log files showed which user attempted changes, which changes were attempted, and what action originated from the HyTrust Appliance (Deny or Allow). The events were time stamped, and we cross-validated the HyTrust Appliance and the syslog server logs. Use Case #4 Redundant Operation Verify that HyTrust Appliance ensures service availability after a component failure. This test was performed at another location since the AMP in the primary test facility was not configured for HA operation. Procedure 1. We set up the HyTrust Appliance in high availability mode with two redundant instances of the virtual appliance residing on two separate ESXi servers, and we configured the failover period to be one minute. 2. We verified that UCS management sessions and vsphere management sessions were correctly authorized. 3. We made the primary instance of the HyTrust Appliance unavailable by disconnecting it from the network. 4. We verified that the failover event was correctly logged in the syslog server. 5. We verified that after two minutes, UCS management sessions and vsphere management sessions were correctly authorized (now by the failover node). Results This use case demonstrated that customers can operate the HyTrust Appliance in high availability mode in Vblock platforms configured with HA-AMP. Use Case #5 Enterprise Ready Verify the ability of the HyTrust Appliance to interoperate with select management and monitoring technologies VCE Company, LLC. All Rights Reserved. 15
16 Procedure 1. We configured HyTrust Appliance to output logs to the external syslog server and used the HyTrust Appliance to configure a protected ESXi to output native logs to the same external syslog server. We verified that both the HyTrust Appliance and ESXi logs correctly appeared in the syslog server and could be identified by the source. 2. We configured a custom template in the HyTrust Appliance and applied it to the protected ESXi, thereby forcing the protected ESXi to use the correct corporate NTP server. 3. We configured the HyTrust Appliance for monitoring using SNMP, triggered the SNMP trap by manually restarting SOAP proxy, and verified that the SNMP trap was captured by the SNMP server. Results This use case confirmed that several essential monitoring protocols function as expected. The HyTrust Appliance can be monitored by SIEM/log management platforms and traditional network management systems. Further, the timestamps for log activity are reliable, coming both from the HyTrust Appliance and directly from the ESXi systems managed through the HyTrust Appliance. In addition, as validated in use cases #1 and #2, the HyTrust Appliance interoperates extensively with Microsoft AD. Use Case #6 RSA Verify that RSA SecurID tokens can be used to authenticate administrative traffic directed through the HyTrust Appliance. Procedure 1. We configured the HyTrust Appliance to require users to log in with RSA SecurID tokens. 2. Once RSA SecurID was successfully enabled, an updated login screen was displayed on the HyTrust Appliance management console. 3. To log in to VMware vcenter Management Console, we had to use the RSA PIN concatenated with the RSA token value. Log in without the RSA token or with an incorrect RSA token was not allowed. Results This use case validated two-factor authentication for Vblock platforms. The logs demonstrated successful and unsuccessful attempts at logins. This combination of the HyTrust Appliance, RSA SecurID and Vblock platforms fulfills a major requirement in meeting today s compliance objectives with two-factor authentication. The VCE and HyTrust Solution offers a single authentication strategy for all Vblock platform components, with central auditing and troubleshooting. Use Case #7 Negative Testing Verify that the HyTrust appliance in this solution cannot be trivially bypassed by users connecting from outside the management plane VCE Company, LLC. All Rights Reserved. 16
17 Procedure We attempted to log in to a protected ESXi with a real root account. Access was properly denied and the denial logged. Results By using the ESXi 5 firewall and only allowing management connections on port 22 from the HyTrust Appliance, we were able to verify that the proxy cannot be bypassed by demonstrating that login attempts from other sources were denied. This effectively prevented outside log-ins to bypass HyTrust Appliance security. In addition, the HyTrust Appliance configures the ESXi host by default to disallow login with a locally defined account, specifically the root login, thus preventing direct console and network access. Instead, users can log in with their own credentials and have their privileges elevated to root or administrative level VCE Company, LLC. All Rights Reserved. 17
18 Conclusion IT organizations are struggling to keep up with rising public and private regulatory requirements, and many converged infrastructure approaches to the problem ignore the complexities of balancing unified management with granular control for different groups in the IT organization. The VCE and HyTrust Solution simultaneously enhances both converged and distributed management, while providing the best in application high availability and performance. This solution creates a common AAA platform with the HyTrust Appliance, giving the security and operations teams better visibility and access, while at the same time simplifying access and role enforcement for the more narrowly focused parts of the organization. This increases consistency in authentication and authorization and allows better control over what other groups can do in their specialty area. The end result is the simplified management and monitoring of administrative users promised by convergence, coupled with direct-yet-protected access to native administration interfaces. The simplified management and enhanced monitoring capabilities, in turn, reduce operational costs and help you address your access and authorization-related compliance objectives. Vblock platforms comprise market leading components from Cisco, EMC, Intel, and VMware bound together with careful testing and tailored tools. The result is a more tightly integrated offering with excellent and predicable application performance in a pre-hardened package. With HyTrust, the premier security solution for virtualized environments, the VCE and HyTrust Solution introduces another market leading component that reduces complexity while reinforcing VCE s commitment to application security in the virtualized IT space. With proven technologies at the core, tight integration to support consistent configurations, advanced security functionality throughout HyTrust and Vblock platforms, and an immense family of security and compliance technologies, the VCE and HyTrust Solution presents the most comprehensive security offering in the converged infrastructure market. Next Steps To learn more about this and other solutions, contact a VCE representative or visit VCE Company, LLC. All Rights Reserved. 18
19 Appendix 1: Microsoft Active Directory Groups AD Group Name HyTrust Role Description of Role and Associated Privileges HT_ApplAdmin HTA Administrator (ApplAdmin) Install HTA and perform HTA configuration tasks: Configure networking Configure high availability Configure logging No privileges to manipulate virtual infrastructure HT_ARCAdmin ARC Administrator (ARCAdmin) Create and modify ARC templates, add ARC targets, assess and remediate ARC. HT_ARCAssessor ARC Assessor (ARCAssessor) Perform ARC assessments and view ARC results. HT_BackupAdmin Backup Administrator (BackupAdmin) Backup and restore virtual machines (guests). HT_BasicLogin Basic Login (BasicLogin) Perform some basic operations like login. HT_CoreApplAdmin HT_DCAdmin HT_ESXMAdmin HT_FedAdmin HT_NetworkAdmin Core Appliance Administrator (CoreApplAdmin) Datacenter Administrator (DCAdmin) ESX Maintenance Administrator (ESXMAdmin) Federation Administrator (FedAdmin) Network Administrator (NetworkAdmin) Install and configure core appliance VMs. Set up VMware vcenter datacenters and perform actions on all objects within virtual data centers. Install patches, change configuration of ESX, reboot ESX hosts. Perform ESX/ESXi host maintenance (use SSH, change configuration, reboot). Perform HTA configuration, assessment, and remediation (ARC). No virtual machine privileges. Perform federation administration and manage global objects. Manage virtual switches, VLANs, and other network configuration settings. HT_PolicyAdmin Policy Administrator (PolicyAdmin) Create and modify policies, labels, and constraints. HT_RoleAdmin Role Administrator (RoleAdmin) Create and modify roles and privileges VCE Company, LLC. All Rights Reserved. 19
20 AD Group Name HyTrust Role Description of Role and Associated Privileges HT_StorageAdmin HT_SuperAdmin HT_VIAdmin Storage Administrator (StorageAdmin) Super-user Administrator (SuperAdmin) Virtual Infrastructure Administrator (VIAdmin) Define VMFS volumes and mapping to LUNs including masking and zoning. Privileges also provided to: Define iscsi access paths. Manage NFS volumes. Manage HSM and data retention. Administer storage (disk replacement). Manage backup. Perform any action (assigned all privileges). Perform operations on virtual infrastructure. Configure DRS and VMware HA. Initiate VMotion. Assign hosts to resource pools. Limited privileges on ESX hosts. HT_UCSLogin Cisco UCS Login (UCSLogin) Access and operations with UCSM. HT_VMPowerUser Virtual Machine Power User (VMPowerUser) Perform actions on virtual machines and resource objects. Role members may view and change most virtual machine configuration settings, take snapshots, and schedule tasks. Privileges include: All privileges for scheduled task privileges group. Selected privileges for global items, datastore, and virtual machine privileges groups. No privileges for folder, datacenter, network, host, resource, alarms, sessions, performance, and permissions privileges groups. HT_VMUser Virtual Machine User (VMUser) This role is equivalent to the role with the same name defined in VirtualCenter 1.x. Role members may interact with virtual machines, but not change, the virtual machine configuration. Privileges include: All privileges for the scheduled tasks privileges group. Selected privileges for the global items and virtual machine privileges groups. No privileges for the folder, datacenter, data store, network, host, resource, alarms, sessions, performance, and permissions privileges groups VCE Company, LLC. All Rights Reserved. 20
21 ABOUT VCE VCE, the Virtual Computing Environment Company formed by Cisco and EMC with investments from VMware and Intel, accelerates the adoption of converged infrastructure and cloud-based computing models that dramatically reduce the cost of IT while improving time to market for our customers. VCE, through the Vblock platform, delivers the industry's first completely integrated IT offering with end-to-end vendor accountability. VCE's prepackaged solutions are available through an extensive partner network, and cover horizontal applications, vertical industry offerings, and application development environments, allowing customers to focus on business innovation instead of integrating, validating and managing IT infrastructure. For more information, go to ABOUT HYTRUST HyTrust, headquartered in Mountain View, CA, is the leader in policy management and access control for virtual infrastructure. HyTrust empowers organizations to virtualize more including servers that may be subject to compliance by delivering enterprise-class controls for access, accountability, and visibility to their existing virtualization infrastructure. The company is backed by top tier investors Granite Ventures, Cisco Systems, Trident Capital, and Epic Ventures; its partners include VMware, Symantec, CA, RSA, and Intel Corporation. For more information, go to THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." VCE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OR MERCHANTABILITY OR MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright 2012 VCE Company, LLC. All rights reserved. Vblock and the VCE logo are registered trademarks or trademarks of VCE Company, LLC. and/or its affiliates in the United States or other countries. All other trademarks used herein are the property of their respective owners VCE Company, LLC. All Rights Reserved.
VBLOCK SOLUTION FOR SECURE ADMINISTRATIVE ACCESS
www.vce.com VBLOCK SOLUTION FOR SECURE ADMINISTRATIVE ACCESS Version 1.0 2012 VCE Company, LLC. All Rights Reserved. Contents Introduction... 4 Business case... 4 Solution overview... 4 About this document...
More informationMANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS
VCE Word Template Table of Contents www.vce.com MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS January 2012 VCE Authors: Changbin Gong: Lead Solution Architect Michael
More informationVBLOCK SOLUTION FOR SAP APPLICATION HIGH AVAILABILITY
Vblock Solution for SAP Application High Availability Table of Contents www.vce.com VBLOCK SOLUTION FOR SAP APPLICATION HIGH AVAILABILITY Version 2.0 February 2013 1 Copyright 2013 VCE Company, LLC. All
More informationVBLOCK SYSTEMS: VMWARE VIRTUAL FIREWALLS IMPLEMENTATION GUIDE
VCE Word Template www.vce.com VBLOCK SYSTEMS: VMWARE VIRTUAL FIREWALLS IMPLEMENTATION GUIDE Version 1.0 December 2012 2012 VCE Company, LLC. All Rights Reserved. 1 Copyright 2012 VCE Company Inc. All Rights
More informationCisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)
Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1) September 17, 2010 Part Number: This document describes how to install software for the Cisco Nexus 1000V Virtual
More informationIntroduction... 4 Purpose... 4 Scope... 4 Audience... 5 Feedback... 5
VCE Word Template Table of Contents www.vce.com CLOUD SERVICE ASSURANCE: CISCO VIRTUAL SECURITY GATEWAY (VSG) AND CISCO VIRTUAL WIDE AREA APPLICATION SERVICES (VWAAS) ON VBLOCK INFRASTRUCTURE PLATFORMS
More informationLEVERAGE VBLOCK SYSTEMS FOR Esri s ArcGIS SYSTEM
Leverage Vblock Systems for Esri's ArcGIS System Table of Contents www.vce.com LEVERAGE VBLOCK SYSTEMS FOR Esri s ArcGIS SYSTEM August 2012 1 Contents Executive summary...3 The challenge...3 The solution...3
More informationVblock Infrastructure Platforms 2010 Vblock Platforms Architecture Overview
www.vce.com Vblock Infrastructure Platforms 2010 Vblock Platforms Version 1.3 November 2011 2011 VE ompany, LL. All Rights Reserved. Revision history Revision history Date Version Author Description of
More informationVBLOCK SOLUTION FOR KNOWLEDGE WORKER ENVIRONMENTS WITH VMWARE VIEW 4.5
Table of Contents www.vce.com VBLOCK SOLUTION FOR KNOWLEDGE WORKER ENVIRONMENTS WITH VMWARE VIEW 4.5 Version 2.0 February 2013 1 Copyright 2013 VCE Company, LLC. All Rights Reserved.
More informationEMC ENCRYPTION AS A SERVICE
White Paper EMC ENCRYPTION AS A SERVICE With CloudLink SecureVSA Data security for multitenant clouds Transparent to applications Tenant control of encryption keys EMC Solutions Abstract This White Paper
More informationBuilding the Virtual Information Infrastructure
Technology Concepts and Business Considerations Abstract A virtual information infrastructure allows organizations to make the most of their data center environment by sharing computing, network, and storage
More informationVBLOCK SOLUTION FOR SAP: SIMPLIFIED PROVISIONING FOR OPERATIONAL EFFICIENCY
VBLOCK SOLUTION FOR SAP: SIMPLIFIED PROVISIONING FOR OPERATIONAL EFFICIENCY August 2011 2011 VCE Company, LLC. All rights reserved. 1 Table of Contents Introduction... 3 Purpose... 3 Audience... 3 Scope...
More informationVCE Vision Intelligent Operations Version 2.5 Technical Overview
Revision history www.vce.com VCE Vision Intelligent Operations Version 2.5 Technical Document revision 2.0 March 2014 2014 VCE Company, 1 LLC. Revision history VCE Vision Intelligent Operations Version
More informationQTS Leverages HyTrust to Build a FedRAMP Compliant Cloud
CASE STUD QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud The technology and expertise provided by HyTrust dramatically simplified the process of preparing for our FedRAMP certification. HyTrust
More informationVMware vsphere 5.0 Boot Camp
VMware vsphere 5.0 Boot Camp This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter. Assuming no prior virtualization experience, this
More informationVBLOCK SOLUTION FOR SAP: SAP APPLICATION AND DATABASE PERFORMANCE IN PHYSICAL AND VIRTUAL ENVIRONMENTS
Vblock Solution for SAP: SAP Application and Database Performance in Physical and Virtual Environments Table of Contents www.vce.com V VBLOCK SOLUTION FOR SAP: SAP APPLICATION AND DATABASE PERFORMANCE
More informationEMC Data Domain Management Center
EMC Data Domain Management Center Version 1.1 Initial Configuration Guide 302-000-071 REV 04 Copyright 2012-2015 EMC Corporation. All rights reserved. Published in USA. Published June, 2015 EMC believes
More informationVblock Systems hybrid-cloud with Cisco Intercloud Fabric
www.vce.com Vblock Systems hybrid-cloud with Cisco Intercloud Fabric Version 1.0 April 2015 THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." VCE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND
More informationHyTrust Appliance Administration Guide
HyTrust Appliance Administration Guide Version 3.0.2 October, 2012 HyTrust Appliance Administration Guide Copyright 2009-2012 HyTrust Inc. All Rights Reserved. HyTrust, Virtualization Under Control and
More informationVBLOCK SOLUTION FOR SAP APPLICATION SERVER ELASTICITY
Vblock Solution for SAP Application Server Elasticity Table of Contents www.vce.com VBLOCK SOLUTION FOR SAP APPLICATION SERVER ELASTICITY Version 2.0 February 2013 1 Copyright 2013 VCE Company, LLC. All
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationVMware vsphere 5.1 Advanced Administration
Course ID VMW200 VMware vsphere 5.1 Advanced Administration Course Description This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter.
More informationImplementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**
Course: Duration: Price: $ 4,295.00 Learning Credits: 43 Certification: Implementing and Troubleshooting the Cisco Cloud Infrastructure Implementing and Troubleshooting the Cisco Cloud Infrastructure**Part
More informationUnderstanding Cisco Cloud Fundamentals CLDFND v1.0; 5 Days; Instructor-led
Understanding Cisco Cloud Fundamentals CLDFND v1.0; 5 Days; Instructor-led Course Description Understanding Cisco Cloud Fundamentals (CLDFND) v1.0 is a five-day instructor-led training course that is designed
More informationVMware vsphere 4.1 with ESXi and vcenter
VMware vsphere 4.1 with ESXi and vcenter This powerful 5-day class is an intense introduction to virtualization using VMware s vsphere 4.1 including VMware ESX 4.1 and vcenter. Assuming no prior virtualization
More informationVMware vsphere: Install, Configure, Manage [V5.0]
VMware vsphere: Install, Configure, Manage [V5.0] Gain hands-on experience using VMware ESXi 5.0 and vcenter Server 5.0. In this hands-on, VMware -authorized course based on ESXi 5.0 and vcenter Server
More informationDCICT: Introducing Cisco Data Center Technologies
DCICT: Introducing Cisco Data Center Technologies Description DCICN and DCICT will introduce the students to the Cisco technologies that are deployed in the Data Center: unified computing, unified fabric,
More informationCA ControlMinder for Virtual Environments May 2012
FREQUENTLY ASKED QUESTIONS May 2012 Top Ten Questions 1. What is?... 2 2. What are the key benefits of?... 2 3. What are the key capabilities of?... 2 4. Does this release include anything from the recently
More informationVBLOCK SOLUTION FOR SAP: HIGH AVAILABILITY FOR THE PRIVATE CLOUD
Vblock Solution for SAP: High Availability for the Private Cloud Table of Contents www.vce.com VBLOCK SOLUTION FOR SAP: HIGH AVAILABILITY FOR THE PRIVATE CLOUD Version 2.0 February 2013 1 Copyright 2013
More informationPreparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.
Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines
More informationVMware vsphere-6.0 Administration Training
VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast
More informationRSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2
RSA Authentication Manager 8.1 Setup and Configuration Guide Revision 2 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
More informationEMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter
EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, VMware vcenter Converter A Detailed Review EMC Information Infrastructure Solutions Abstract This white paper
More informationH Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments
H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service
More informationEMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management
EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Applied Technology Abstract Securing a Microsoft Exchange e-mail environment presents a myriad of challenges and compliance issues
More informationEMC Business Continuity for VMware View Enabled by EMC SRDF/S and VMware vcenter Site Recovery Manager
EMC Business Continuity for VMware View Enabled by EMC SRDF/S and VMware vcenter Site Recovery Manager A Detailed Review Abstract This white paper demonstrates that business continuity can be enhanced
More informationKhóa học dành cho các kỹ sư hệ thống, quản trị hệ thống, kỹ sư vận hành cho các hệ thống ảo hóa ESXi, ESX và vcenter Server
1. Mục tiêu khóa học. Khóa học sẽ tập trung vào việc cài đặt, cấu hình và quản trị VMware vsphere 5.1. Khóa học xây dựng trên nền VMware ESXi 5.1 và VMware vcenter Server 5.1. 2. Đối tượng. Khóa học dành
More informationVBLOCK TM INFRASTRUCTURE PLATFORMS: A TECHNICAL OVERVIEW
VBLOCK TM INFRASTRUCTURE PLATFORMS: A TECHNICAL OVERVIEW Executive Summary Cloud computing provides a flexible, shared pool of preconfigured and integrated computing resources that enables organizations
More informationEMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION
EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION Automated file synchronization Flexible, cloud-based administration Secure, on-premises storage EMC Solutions January 2015 Copyright 2014 EMC Corporation. All
More informationEMC VSPEX END-USER COMPUTING
IMPLEMENTATION GUIDE EMC VSPEX END-USER COMPUTING VMware Horizon 6.0 with View and VMware vsphere for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Data Protection EMC VSPEX Abstract This describes
More informationInstalling Intercloud Fabric Firewall
This chapter contains the following sections: Information About the Intercloud Fabric Firewall, page 1 Prerequisites, page 1 Guidelines and Limitations, page 2 Basic Topology, page 2 Intercloud Fabric
More informationWhite Paper. SAP NetWeaver Landscape Virtualization Management on VCE Vblock System 300 Family
White Paper SAP NetWeaver Landscape Virtualization Management on VCE Vblock System 300 Family Table of Contents 2 Introduction 3 A Best-of-Breed Integrated Operations Architecture 3 SAP NetWeaver Landscape
More informationVBLOCK GRC SOLUTION WITH RSA (GOVERNANCE, RISK, AND COMPLIANCE)
VCE Word Template Table of Contents www.vce.com VBLOCK GRC SOLUTION WITH RSA (GOVERNANCE, RISK, AND COMPLIANCE) August 2011 1 Contents Executive Summary... 3 The Challenge... 3 The Solution... 4 Governance,
More informationCCNA DATA CENTER BOOT CAMP: DCICN + DCICT
CCNA DATA CENTER BOOT CAMP: DCICN + DCICT COURSE OVERVIEW: In this accelerated course you will be introduced to the three primary technologies that are used in the Cisco data center. You will become familiar
More informationA ROAD MAP FOR GEOSPATIAL INFORMATION SYSTEM APPLICATIONS ON VBLOCK INFRASTRUCTURE PLATFORMS
A ROAD MAP FOR GEOSPATIAL INFORMATION SYSTEM APPLICATIONS ON VBLOCK INFRASTRUCTURE PLATFORMS June 2011 WHITE PAPER 2011 VCE Company LLC, All rights reserved. 1 Table of Contents Executive Overview... 3
More informationData Centre of the Future
Data Centre of the Future Vblock Infrastructure Packages: Accelerating Deployment of the Private Cloud Andrew Smallridge DC Technology Solutions Architect asmallri@cisco.com 1 IT is undergoing a transformation
More informationInstalling and Administering VMware vsphere Update Manager
Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationVMware vsphere: Fast Track [V5.0]
VMware vsphere: Fast Track [V5.0] Experience the ultimate in vsphere 5 skills-building and VCP exam-preparation training. In this intensive, extended-hours course, you will focus on installing, configuring,
More informationwww.vce.com SAP Landscape Virtualization Management Version 2.0 on VCE Vblock System 700 series
www.vce.com SAP Landscape Virtualization Management Version 2.0 on VCE Vblock System 700 series Version 1.1 December 2014 THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." VCE MAKES NO REPRESENTATIONS
More informationANZA Formación en Tecnologías Avanzadas
Temario INTRODUCING CISCO DATA CENTER TECHNOLOGIES (DCICT) DCICT is the 2nd of the introductory courses required for students looking to achieve the Cisco Certified Network Associate certification. This
More informationThe Advantages of Cloud Services
Cloud-Based Services: Assure Performance, Availability, and Security What You Will Learn Services available from the cloud offer cost and efficiency benefits to businesses, but until now many customers
More informationPICO Compliance Audit - A Quick Guide to Virtualization
WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization
More informationHow to Achieve Operational Assurance in Your Private Cloud
How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational
More informationImplementation Guide for EMC for VSPEX Private Cloud Environments. CloudLink Solution Architect Team
VSPEX IMPLEMENTATION GUIDE CloudLink SecureVSA Implementation Guide for EMC for VSPEX Private Cloud Environments CloudLink Solution Architect Team Abstract This Implementation Guide describes best practices
More informationLearn the essentials of virtualization security
Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage
More informationVblock Infrastructure Packages: Accelerating Deployment of the Private Cloud. 2009 Cisco EMC VMware. All rights reserved.
Vblock Infrastructure Packages: Accelerating Deployment of the Private Cloud 1 IT is undergoing a transformation Enterprise IT solutions remain costly to analyze and design, procure, customize, integrate,
More informationNET ACCESS VOICE PRIVATE CLOUD
Page 0 2015 SOLUTION BRIEF NET ACCESS VOICE PRIVATE CLOUD A Cloud and Connectivity Solution for Hosted Voice Applications NET ACCESS LLC 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of
More informationVMware for Bosch VMS. en Software Manual
VMware for Bosch VMS en Software Manual VMware for Bosch VMS Table of Contents en 3 Table of contents 1 Introduction 4 1.1 Restrictions 4 2 Overview 5 3 Installing and configuring ESXi server 6 3.1 Installing
More informationTECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage
TECHNICAL PAPER Veeam Backup & Replication with Nimble Storage Document Revision Date Revision Description (author) 11/26/2014 1. 0 Draft release (Bill Roth) 12/23/2014 1.1 Draft update (Bill Roth) 2/20/2015
More informationVCE Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard
March 2013 Solution Guide for Payment Card Industry (PCI) Partner Addendum VCE Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard VCE Vblock Systems The findings and recommendations
More informationSetup for Failover Clustering and Microsoft Cluster Service
Setup for Failover Clustering and Microsoft Cluster Service ESX 4.0 ESXi 4.0 vcenter Server 4.0 This document supports the version of each product listed and supports all subsequent versions until the
More informationEMC ViPR for On-Demand File Storage with EMC Syncplicity and EMC Isilon or EMC VNX
EMC ViPR for On-Demand File Storage with EMC Syncplicity and EMC Isilon or EMC VNX EMC Solutions Abstract This document describes how to deploy EMC ViPR software-defined storage in an existing EMC Isilon
More informationRSA Authentication Manager 8.1 Virtual Appliance Getting Started
RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides
More informationIMPROVING VMWARE DISASTER RECOVERY WITH EMC RECOVERPOINT Applied Technology
White Paper IMPROVING VMWARE DISASTER RECOVERY WITH EMC RECOVERPOINT Applied Technology Abstract EMC RecoverPoint provides full support for data replication and disaster recovery for VMware ESX Server
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationCloudControl Support for PCI DSS 3.0
HyTrust CloudControl Support for PCI DSS 3.0 Summary In PCI DSS 3.0, hypervisors and virtual networking components are always in-scope for audit; Native auditing capabilities from the core virtualization
More informationRSA Security Solutions for Virtualization
RSA Security Solutions for Virtualization Grzegorz Mucha grzegorz.mucha@rsa.com Securing the Journey to the Cloud The RSA Solution for Virtualized Datacenters The RSA Solution for VMware View The RSA Solution
More informationEMC Integrated Infrastructure for VMware
EMC Integrated Infrastructure for VMware Enabled by Celerra Reference Architecture EMC Global Solutions Centers EMC Corporation Corporate Headquarters Hopkinton MA 01748-9103 1.508.435.1000 www.emc.com
More informationGetting Started with ESXi Embedded
ESXi 4.1 Embedded vcenter Server 4.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent
More informationvsphere Upgrade vsphere 6.0 EN-001721-03
vsphere 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationBosch Video Management System High availability with VMware
Bosch Video Management System High availability with VMware en Technical Note Bosch Video Management System Table of contents en 3 Table of contents 1 Introduction 4 1.1 Restrictions 4 2 Overview 5 3
More informationEMC Integrated Infrastructure for VMware
EMC Integrated Infrastructure for VMware Enabled by EMC Celerra NS-120 Reference Architecture EMC Global Solutions Centers EMC Corporation Corporate Headquarters Hopkinton MA 01748-9103 1.508.435.1000
More informationEMC Virtual Infrastructure for Microsoft Applications Data Center Solution
EMC Virtual Infrastructure for Microsoft Applications Data Center Solution Enabled by EMC Symmetrix V-Max and Reference Architecture EMC Global Solutions Copyright and Trademark Information Copyright 2009
More informationManaging Multi-Hypervisor Environments with vcenter Server
Managing Multi-Hypervisor Environments with vcenter Server vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.0 This document supports the version of each product listed and supports all subsequent
More informationVMware Data Recovery. Administrator's Guide EN-000193-00
Administrator's Guide EN-000193-00 You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product
More informationVMware Certified Professional 5 Data Center Virtualization (VCP5-DCV) Exam
Exam : VCP5-DCV Title : VMware Certified Professional 5 Data Center Virtualization (VCP5-DCV) Exam Version : DEMO 1 / 9 1.Click the Exhibit button. An administrator has deployed a new virtual machine on
More informationVMWARE VSPHERE 5.0 WITH ESXI AND VCENTER
VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER CORPORATE COLLEGE SEMINAR SERIES Date: April 15-19 Presented by: Lone Star Corporate College Format: Location: Classroom instruction 8 a.m.-5 p.m. (five-day session)
More informationHow to Backup and Restore a VM using Veeam
How to Backup and Restore a VM using Veeam Table of Contents Introduction... 3 Assumptions... 3 Add ESXi Server... 4 Backup a VM... 6 Restore Full VM... 12 Appendix A: Install Veeam Backup & Replication
More informationEMC ViPR Controller. Service Catalog Reference Guide. Version 2.3 XXX-XXX-XXX 01
EMC ViPR Controller Version 2.3 Service Catalog Reference Guide XXX-XXX-XXX 01 Copyright 2015- EMC Corporation. All rights reserved. Published in USA. Published July, 2015 EMC believes the information
More informationVXRACK SYSTEM 1032. Product Overview DATA SHEET
vce.com DATA SHEET VXRACK SYSTEM 1032 Product Overview VCE adds rackscale hyper-converged offerings to the industry s broadest converged infrastructure system portfolio. The VxRack System 1000 series is
More informationSAN Conceptual and Design Basics
TECHNICAL NOTE VMware Infrastructure 3 SAN Conceptual and Design Basics VMware ESX Server can be used in conjunction with a SAN (storage area network), a specialized high speed network that connects computer
More informationVMware vcenter Log Insight Getting Started Guide
VMware vcenter Log Insight Getting Started Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationCisco Virtual Security Gateway for Nexus 1000V Series Switch
Data Sheet Cisco Virtual Security Gateway for Nexus 1000V Series Switch Product Overview Cisco Virtual Security Gateway (VSG) for Nexus 1000V Series Switch is a virtual appliance that provides trusted
More informationStudy Guide. Professional vsphere 4. VCP VMware Certified. (ExamVCP4IO) Robert Schmidt. IVIC GratAf Hill
VCP VMware Certified Professional vsphere 4 Study Guide (ExamVCP4IO) Robert Schmidt McGraw-Hill is an independent entity from VMware Inc. and is not affiliated with VMware Inc. in any manner.this study/training
More informationBuilding the Private cloud
Building the Private cloud Yiannis Psichas Senior Technology Consultant Psichas_yiannis@emc.com 1 IT Infrastructure Needs to Change 77% keeping the lights on 23% delivering new capabilities Too much complexity.
More informationHigh-Availability Fault Tolerant Computing for Remote and Branch Offices HA/FT solutions for Cisco UCS E-Series servers and VMware vsphere
Table of Contents UCS E-Series Availability and Fault Tolerance... 3 Solid hardware... 3 Consistent management... 3 VMware vsphere HA and FT... 3 Storage High Availability and Fault Tolerance... 4 Quick-start
More informationActive Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide
Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use
More informationEMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS
EMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS A Detailed Review ABSTRACT This white paper highlights integration features implemented in EMC Avamar with EMC Data Domain deduplication storage systems
More informationDRIVING BUSINESS VALUE WITH VBLOCK INFRASTRUCTURE PLATFORMS
DRIVING BUSINESS VALUE WITH VBLOCK INFRASTRUCTURE PLATFORMS Private clouds, built on pervasive virtual infrastructures, are increasingly appealing to organizations looking to deliver IT resources to end
More informationRSA Solutions for VMware and Vblock. Dominique Dessy Senior Technical Consultant
RSA Solutions for VMware and Vblock Dominique Dessy Senior Technical Consultant Agenda What is a Vblock? RSA s Approach to Securing Vblock Typical use cases Vblock A New Way of Delivering IT to Business
More informationNetIQ Aegis Adapter for VMware vcenter Server
Contents NetIQ Aegis Adapter for VMware vcenter Server Configuration Guide May 2011 Overview... 1 Product Requirements... 1 Supported Configurations... 2 Implementation Overview... 2 Ensuring Minimum Rights
More informationTable of Contents. vsphere 4 Suite 24. Chapter Format and Conventions 10. Why You Need Virtualization 15 Types. Why vsphere. Onward, Through the Fog!
Table of Contents Introduction 1 About the VMware VCP Program 1 About the VCP Exam 2 Exam Topics 3 The Ideal VCP Candidate 7 How to Prepare for the Exam 9 How to Use This Book and CD 10 Chapter Format
More informationImplementing Enhanced Secure Multi-tenancy Solutions (IESMT)
Implementing Enhanced Secure Multi-tenancy Solutions (IESMT) Virtualized computing environments have grown over the last several years at a phenomenal rate. As IT budgets shrink many organizations are
More informationCisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
More informationVirtualization Under Control: How to Virtualize More by Virtualizing More Securely
WHITE PAPER - MARCH 2013 Virtualization Under Control: How to Virtualize More by Virtualizing More Securely Virtualization is becoming ubiquitous thanks to financial benefits, management flexibility, and
More informationDeliver Fabric-Based Infrastructure for Virtualization and Cloud Computing
White Paper Deliver Fabric-Based Infrastructure for Virtualization and Cloud Computing What You Will Learn The data center infrastructure is critical to the evolution of IT from a cost center to a business
More informationCan You be HIPAA/HITECH Compliant in the Cloud?
Can You be HIPAA/HITECH Compliant in the Cloud? Background For the first 10 years of its existence, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was a toothless tiger. Although
More informationagility made possible
SOLUTION BRIEF CA Private Cloud Accelerator for Vblock Platforms how quickly can your private cloud support the increasing demand for business services and accelerate time-to-value for your Vblock platforms
More informationVMware vsphere Data Protection Evaluation Guide REVISED APRIL 2015
VMware vsphere Data Protection REVISED APRIL 2015 Table of Contents Introduction.... 3 Features and Benefits of vsphere Data Protection... 3 Requirements.... 4 Evaluation Workflow... 5 Overview.... 5 Evaluation
More informationEMC ENTERPRISE PRIVATE CLOUD
Reference Architecture EMC ENTERPRISE PRIVATE CLOUD Infrastructure as a service Automated provisioning and monitoring Service-driven IT operations EMC Solutions January 2014 Copyright 2014 EMC Corporation.
More information