AFORE CLOUDLINK ON VBLOCK SYSTEMS
|
|
- Ira Barrett
- 8 years ago
- Views:
Transcription
1 Table of Contents About this document... 3 Audiences... 3 Introduction... 3 Business Case... 3 Solution Overview... 4 Technology Overview... 5 AFORE CloudLink Secure VSA... 5 The CloudLink Architecture... 6 VCE Vblock Systems... 7 RSA Data Protection Manager... 9 Solution Architecture Overview... 9 System Configuration... 9 Encryption Data Flow Hardware and Software Integration with RSA Data Protection Manager Design Considerations Performance Sizing High Availability Key Management Storage Network Solution Validation Test Cases and Objectives AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document 1
2 Test Case 1 - CloudLink Installation on Vblock Systems Test Case 2 - Data Encryption: Simulated Application Profile Tests Test Case 3 - Data Encryption: Functional Evaluation of Select CloudLink Encryption Features Test Case 4 RSA Data Protection Manager Integration Conclusion For More Information
3 About this document This document describes the AFORE CloudLink Secure Virtual Storage Appliance (VSA) solution certified on VCE Vblock Systems and discusses business requirements, technology components, architecture, and use cases tested during the Vblock Ready certification of CloudLink Secure VSA. For more information about this paper or about this solution, please contact AFORE Solutions at Audiences This document is intended for IT and security administrators, managers, and directors deploying AFORE CloudLink Secure VSA solutions on Vblock Systems. Introduction Business Case Traditional data centers have experienced a paradigm shift in recent years. Silos of disparate physical computing systems are being consolidated and migrated to cloud-based and virtualized infrastructure, bringing the benefits of flexible on-demand deployment, optimal capacity utilization, and substantial cost savings to enterprises and service providers alike. With this transformation has come new challenges in IT security, particularly related to managing the confidentiality, integrity, and privacy of sensitive data. In a shared, cloud-based environment, data security cannot be an afterthought. Data encryption is an essential mechanism for ensuring data confidentiality, isolation, and protection. In many cases, virtualized environments host multiple tenants in a single converged infrastructure like the VCE Vblock System. Tenants typically include one or more of the following: - Departmental data stores that need to be isolated, with one or multiple data stores requiring encryption with separate keys (e.g., human resources, manufacturing, research and development and other sensitive file storage such as company executive file folders, etc.) - Multiple applications hosted on the same physical server and disk array, such as a single Vblock System. To ensure data protection, one or more of the application data stores (e.g., those for SAP, Oracle, Exchange, etc.) might require separate encryption keys. - Different customers hosted on the same physical server and disk array, such as a service provider environment using a converged infrastructure. Some or all of this customer data might require separate, pertenant encryption keys. Industries such as financial services, healthcare, manufacturing, and government often have stringent regulatory security requirements that mandate data isolation and encryption. Service providers in particular see data encryption as a key security feature that allows them to appeal more broadly to customers. Traditional solutions include self-encrypting disks, storage controller-based encryption, and the encryption of SAN switches or in-line encryption appliances. Each of these has one big drawback a lack of multitenant capability. A single key is used to encrypt all data that passes through the cipher. Customers therefore have to dedicate the entire physical resource (disk, array or entire SAN) to a single tenant. The lack of flexibility and associated cost of this 3
4 approach goes against the trend towards virtualization and cloud computing and the goal of achieving a softwaredefined data center. One of the traditional objections to software-based encryption has been that it degrades performance. This misperception has been countered by the fact that the Advanced Encryption Standard (AES) has now become the algorithm of choice for hardware acceleration for cryptographic operations in a majority of enterprise-class servers. As a result, the overhead of software encryption is less significant with the help of the built-in hardware acceleration. This has created an opportunity for software-based encryption appliances such as AFORE s CloudLink Secure VSA to challenge traditional encryption approaches with superior performance. As a software appliance, the resources consumed by encrypting software can be scaled up and down as the demand for encryption workloads change. When AFORE CloudLink Secure VSA runs on a Vblock System, resource consumption can be tuned to keep up with busy file server, web server or database server applications and minimized when performance requirements are modest. Compared to a hardware appliance, the AFORE CloudLink Secure VSA not only reduces costs, power consumption and footprint, it also complements the converged infrastructure s key benefits of flexibility, agility and simplicity. Key tenets of effective data security management include ease of deployment and administration. Many existing software encryption solutions require agents to be deployed on each virtual machine (VM) containing sensitive data. This approach places an unnecessary burden on IT administrators who must deploy and maintain the agents and ensure compatibility with the applications and operating systems running on their VMs. Furthermore, the complexity in configuring numerous agents makes it challenging to develop and maintain an effective security policy. In addition, when tenants and data owners require oversight and control of their own data separate from IT infrastructure administrators, deployment and ongoing operational management become even more complex and daunting. CloudLink s multi-tenant, agent-less approach to data encryption eliminates these challenges. Encrypting software appliances must be easy to deploy and maintain while empowering tenant administrators to have the control they desire. This is especially true for virtualized environments. The software architectural design must encompass these concepts from the start to leverage these key benefits of converged infrastructure: simplicity of deployment and management. Solution Overview AFORE has partnered with industry-leading converged infrastructure provider VCE to provide a Vblock Ready certified encryption solution to meet today s challenges. The AFORE CloudLink Secure VSA provides the ability to encrypt data at rest and in motion from CloudLink Gateway to vnode in virtualized and multitenant environments. In addition, CloudLink enables flexible security administration control, performance monitoring, and integrated key management with RSA Data Protection Management (DPM). CloudLink is certified for Vblock Systems 100, 200, 300 and 700, spanning the needs of small and medium-sized businesses to large enterprises and service providers. The Vblock Ready certification provides customers with peace of mind, letting them know that the solution components are compatible and perform as designed. Key features and differentiators of the CloudLink encryption solution include: - Native support for virtualized cloud environments - CloudLink understands the virtual environment topology and resource elements in multitenant environments. It automates deployment of encryption in VMware vcloud Director environments and is integrated with vcenter for efficient management and advanced security monitoring. It provides end-to-end encryption of VM storage and WAN traffic in virtualized environments. VMs can be migrated between enterprise data centers or between an enterprise data center and a service provider cloud while ensuring that data remain persistently protected. 4
5 - Secure Virtual Private Network (VPN) - CloudLink establishes a secure VPN tunnel between a data center inside the enterprise and a customer virtual data center inside the cloud. All communications between the enterprise and the cloud is encrypted using AES-256 encryption technology. - Secure Ethernet Overlay - CloudLink s Layer 2 Ethernet extension functionality allows enterprises to easily migrate their workloads between enterprise data centers and cloud data centers without changing existing applications and VMs network configuration. CloudLink s secure Ethernet overlay is WAN agnostic, working over Internet, IP VPN, and Carrier Ethernet WANs. - Encryption of Data at Rest - CloudLink provides enterprises with the option to encrypt data at rest using AES- 256 encryption technology. In a dynamic and multitenant cloud environment, CloudLink guards against threats posed by persistent data artifacts, such as snapshots and suspension images and storage layer side attacks. Encryption of data at rest enables enterprises to meet storage data deletion compliance requirements when workloads are moved out of the cloud while malicious or misbehaving co-tenants are remediated. - Pre-Integration with RSA Data Protection Manager (DPM) Key Management Solution As a Secured by RSA Certified Partner, AFORE has certified interoperability between CloudLink and RSA DPM. The integration of these technologies is intended to enable enterprises and cloud service providers to securely encrypt data at rest in cloud infrastructures while leveraging robust, enterprise-wide key management. - Manageability and Control Given the perceived complexity of implementing and managing encryption on a day-to-day basis, CloudLink has been designed with simplicity, flexibility, and manageability in mind from the start. o o o CloudLink Center is a web-based interface that provides comprehensive management tools, including a topology map, performance monitoring, dashboards, and threshold alarms. It can also be configured as a VMware vcenter plug-in. CloudLink is agentless and storage and network agnostic. This makes CloudLink extremely simple to deploy in large enterprise data centers and service provider environments. In a virtualized cloud environment, there are potentially hundreds of VMs being provisioned, deployed, and decommissioned at any given time. Therefore, encryption solution simplicity is essential. CloudLink possesses the unique ability to offer tenants (different enterprises, separate departmental IT administrators, or application administrators) independent control of data security by maintaining their own separate encryption key stores. This provides an extremely flexible way to implement multitenancy. For companies that utilize service provider offerings, this means that the implementation of encryption is not dependent upon an external service provider s policy, permission, or pricing structure. For enterprises, this feature adds flexibility, helping IT to consolidate departmental assets to a more centralized cloud infrastructure, regardless of current organizational structure. Technology Overview AFORE CloudLink Secure VSA Installed as a virtual appliance, AFORE CloudLink Secure VSA provides encryption to secure virtual resource pools in VMs, networks, and data stores in multitenant environments. This multitenant environment could include different enterprises hosted in the same converged infrastructure, departmental data stores, or application data stores within the same enterprise. These different data stores might require separate data encryption control and policies. CloudLink seamlessly integrates with virtualized cloud infrastructures, leveraging cloud platform APIs for automatic virtual storage appliance deployment and monitoring of virtual data centers. For ease of implementation, the CloudLink solution can be set up as a service template, making it easy to order and self-provision. CloudLink s management interface, CloudLink Center, offers role-based access control, facilitating access by cloud IT administrators 5
6 while allowing tenants to maintain complete and sole control of encryption keys. Furthermore, CloudLink is preintegrated with RSA DPM for the lifecycle management of encryption keys, enabling robust, enterprise-scale operational management in which hundreds or thousands of encryption keys can be provisioned, deployed or expired and decommissioned with ease. The CloudLink Architecture Figure 1 depicts the CloudLink architecture within an enterprise, with departmental data requiring separate encryption data stores. This architecture is equally applicable to a cloud service provider environment or a hybrid environment. Figure 1: CloudLink Solution: High-level Architecture CloudLink vnode is a software virtual appliance deployed in the cloud where data stores need to be encrypted. The vnode acts as the communications endpoint between VMs in the virtual data center (VDC) and the enterprise network. The vnode encrypts data, collects logs and events, and sends monitoring data to CloudLink Center via the CloudLink Gateway. CloudLink Gateway is a software virtual appliance deployed inside the enterprise data center. The CloudLink Gateway communicates with CloudLink vnodes to create a secure Ethernet overlay to the enterprise specific VDCs. The CloudLink Gateway authenticates vnodes, monitors connectivity, initiates performance testing, and pushes the enterprise controlled encryption keys via the secure tunnel to the vnodes deployed in the cloud. CloudLink Center is a management application that can be accessed as a web-based application or as a VMware vcenter plug-in, Figure 2. It manages the CloudLink Gateway and vnode, administers trust policies, configures encrypted storage volumes, monitors end-to-end network performance, reports events, logs and alarms, and presents the enterprise network topology by visually depicting VMs connected to CloudLink. 6
7 Figure 2: CloudLink Center Accessed via vcenter Plug-in In the context of VCE Vblock Systems, a CloudLink Gateway with CloudLink Center can be paired with one or multiple vnodes to represent a tenant implementation within the same Vblock System. Multiple sets can then be deployed in a multitenant implementation within a single Vblock System, representing separate enterprise, departmental user, or application data stores. Further extending the architecture, multiple Gateways may share a common RSA DPM or can each point to a separate instance, providing the utmost flexibility in key management. VCE Vblock Systems Vblock Systems, Figure 3, are pre-integrated technology components that include Cisco Unified Computing System (Cisco UCS ) blade servers and networking, EMC storage arrays, and VMware vsphere and management tools, all supported by and with warranty services from VCE. The current Vblock Systems include Vblock Systems 100, 200, 300 and 700. Each Vblock System has a base configuration, which is a minimum set of compute and storage components as well as fixed network resources. Within the base configuration, certain hardware features can be customized. Together, the components offer balanced CPU, I/O bandwidth, and storage capacity relative to the compute and storage arrays in the system. By combining best-of-breed software and hardware solutions in one converged infrastructure, Vblock Systems deliver a cloud-computing experience that is optimized, secure, and faster and easier to deploy and maintain than competitive converged infrastructure solutions. 7
8 Figure 3: A VCE Vblock System Based on the following IDC research, VCE s Vblock System has definite advantages in providing tangible customer results: Figure 4: IDC research on Vblock customer benefits By partnering with AFORE Solutions and certifying its CloudLink encryption appliance on Vblock Systems, VCE offers enhanced security encryption technology that helps customers meet today s compliance challenges in virtualized environments. 8
9 RSA Data Protection Manager RSA DPM offers industry-leading application encryption, tokenization, and enterprise-wide key management. DPM enables centralized key management and transparent and automated policy enforcement for encrypting data at-rest across the information lifecycle. Keys used to protect the virtual disks can be vaulted in the customer s enterprise within DPM for an extra layer of protection. Enterprise key management with RSA DPM features: Interoperability The Key Management Interoperability Protocol (KMIP)-enabled DPM server enables a single key management infrastructure and integrates with applications and devices at every layer. Simple operations A simple user interface allows policies and keys to be managed from a central location, simplifying operations and contributing to lower operational expenditures (OpEx). Key control High availability, security, automated replication, and disaster recovery of the key vault can be provided so that keys are always available. Separation of duties can be ensured to control who has access to keys. Easier compliance Audits are simplified by logging the encryption functions necessary to meet compliance. Solution Architecture Overview This section describes the solution architecture tested and verified during the Vblock Ready certification. System Configuration The test environment assumed a single enterprise deployment environment with encryption needs for separate data stores. Figure 5 shows the CloudLink deployment architecture. 9
10 Figure 5: CloudLink Certification Test Environment Configuration A single CloudLink Gateway in the enterprise environment managed the overall encryption infrastructure. The CloudLink Gateway was deployed on a VM situated on Blade Server ESXi 01. CloudLink Center, the operational management interface, ran on the Gateway. Below the Gateway are the encryption workhorses, the vnodes, each of which was deployed within a separate VDC and was responsible for encrypting its assigned data stores. In terms of the multitenant data center most common in VCE customer environments, each of these VDCs potentially represents a departmental computing environment or a separate application installation environment that needed encryption protection. Each of the VDCs hosted multiple VMs. These vnodes were installed on Blade Servers ESXi 02 and ESXi 03. Installing the Gateway and vnodes on separate blades mimicked typical enterprise environments. The Gateway, performing key control and system monitoring and management, is located within the enterprise data center. The vnodes, which provide encrypted storage, might be located in a separate location along with the application workloads or in the cloud service provider s data center. Tests were performed using the IOmeter test tool suite consisting of an IOmeter instance, providing a management interface for test configuration, and two Dynamo workers. The IOmeter interface was run on ESXi 01, and the Dynamo workers were run on ESXi 02 and ESXi 03, respectively. Connected to ESXi 02 and ESXi 03 was the ESX data store shared by the two simulated tenants. Each tenant had its own encrypted disk shown in Figure 5 in red (Dynamo1 Disk2 and Dynamo2 Disk2 respectively for tenant 1 and tenant 10
11 2) and a cleartext disk shown in green (Dynamo1 Disk3 and Dynamo2 Disk3). Encrypted disks were placed into the protected data stores, allocated inside of the big shared data store. These protected data stores were assigned to their respective vnodes and are shown in orange (vnode1 Data store and vnode2 Data store). Each Dynamo VM that represents tenant workloads has two virtual disks: one for encrypted data and one for cleartext data. One of the objectives of the tests was to compare the native performance of user workloads on a Vblock System with the performance of the same workloads using CloudLink for storage encryption. Data in cleartext (green) virtual disks was accessed bypassing the CloudLink, and data in encrypted disks (red) was accessed through CloudLink. This configuration allowed for a direct performance comparison of the vnodes encrypted storage with native VMAX storage. Encryption Data Flow Once provisioned and started, vnodes established their encrypted connections to the Gateway and requested the encryption keys for unlocking their secure data stores. The Gateway verified the vnodes credentials and Global Unique IDs (GUIDs) of the data store to make sure that legitimate instances of vnodes and data stores were being used. It then issued the Key Encryption Keys (KEKs) which are used to unlock the Data Encryption Keys (DEKs) stored encrypted in the metadata of the data store. Once the vnode ciphers had the keys, the virtual disks stored on their data stores became available to user VMs for performing IO operations. These user VMs are the Dynamo machines (Dynamo1 and Dynamo2) under the control of IOmeter. The Dynamo VMs were instructed to execute a test script against CloudLink. It consists of IO profile characteristics for three typical customer applications: file server, web server, and database server. That mix of IO transactions was executed in two series of tests. In the first, testing was performed using the encrypted virtual disks located in the vnode data stores. In the second, testing was performed using the cleartext virtual disks located in the VMAX storage array, bypassing the vnodes. This allowed for a comparison of CloudLink performance and native performance, measuring the effect of IO traffic being encrypted and decrypted by vnodes on the way to and from the VMAX array. Hardware and Software AFORE: CloudLink Secure Virtual Storage Appliance (VSA) version 2.0 VCE: Vblock System 700MX, RCM version There are four Cisco UCS B200 M2 Blade Servers, each with 96GB memory, and two sockets of 6-core 3.46GHz AES-enabled CPUs, VMAX storage array with 40 disk spindles, and two Cisco MDS 9148 SAN switches. VMware vsphere version 5. Figure 6 contains details of the Vblock System 700MX used for this certification test. 11
12 Figure 6: Vblock System 700MX Component Details Integration with RSA Data Protection Manager Each CloudLink vnode encrypts the storage allocated to it using a DEK which it generates during the installation and initialization process. The CloudLink Gateway generates a KEK for each vnode that is used to encrypt the DEK. In order to unlock a vnode storage and make it accessible to user VMs, the Gateway retrieves the corresponding KEK and provides it to the vnode upon the vnode s request. The vnode then decrypts the DEK and uses it to provide access to the encrypted data. To lock the storage, the Gateway removes the KEK from the vnode, preventing the vnode from being able to access the DEK and providing access to the storage. By incorporating the RSA DPM Java client, each CloudLink Gateway instance can entrust its storage KEKs to RSA DPM. CloudLink uses the key archival resources of RSA DPM to store them securely. The KEKs correspond to the AES-256 with CBC encryption algorithm and are archived in a security class created specifically for this purpose. All communication between the CloudLink Gateway and RSA DPM occurs via a certificate-based mutuallyauthenticated secure session. 12
13 Design Considerations Performance Sizing On a converged infrastructure such as a Vblock System, workloads from multiple tenants may coexist on the same physical infrastructure. It is therefore essential to take the aggregate characteristics of multiple workloads (e.g., percentage of reads versus writes, data transfer size, sequential versus random data access) into consideration when sizing a system. In the case of CloudLink Secure VSA, the vnode encryption process tends to be I/O-bound compared to native, un-encrypted workloads. The overhead for a single CloudLink vnode encryption, as demonstrated in our profile tests, is about 5%. In other words, a single vnode can achieve about 95% of the performance of equivalent unencrypted workloads. For two tenants using two CloudLink vnode instances, this rises to about 98%. Our estimates show that three tenant vnodes would be able to fully utilize the available Vblock System storage bandwidth in the same configuration used in our certification tests. A lighter workload than what is defined in our test profiles will therefore be able to accommodate a larger number of encrypted tenants. As always in the case of sizing, it is recommended that customers perform a proof-of-concept test using realistic workload inputs in order to understand the sizing characteristics of their specific use cases. High Availability Part of CloudLink s efficiency lies in the fact that it is designed from the ground up as a solution for virtualized environments. It relies on the high availability (HA) features of the underlying virtualization platform to maintain the resiliency and fault tolerance necessary for maintaining the consistency of the data. It is recommended that users with mission-critical workloads utilize the HA features of the vsphere platform to the fullest extent possible. Key Management Special care must be taken when dealing with encryption keys. If the key is lost, the data encrypted with this key will become unrecoverable. On the other hand, if the backed-up key falls into the wrong hands, sensitive data may be at risk. For that reason, we strongly recommend using a purpose-built key management solution such as RSA DPM for key storage. Customers may prefer to use other key store options supported by CloudLink, such as Microsoft Active Directory. Use extreme caution to avoid the loss or unintended disclosure of encryption keys. Storage CloudLink vnode can be configured as either a SAN-based data store or network-based storage server and target. As a SAN-based data store, the workloads placed in the vnode s data store require no changes. The encryption of the workload s disks is completely transparent to their guest OSs. The administrator simply maps the appropriate VMDK files into the encrypted data store in order to encrypt the associated virtual disks, Figure 7. 13
14 Figure 7: CloudLink Secure Data Store Mode CloudLink vnode can also be configured as either a Common Internet File System (CIFS) and Network File System (NFS) server or as an Internet Small Computer System Interface (iscsi) target. This is useful in environments where an encrypted network file share is required and/or where a SAN-based data store configuration is undesirable or impossible, such as with vcloud Director. In order to take advantage of CloudLink under this scenario, user VMs need to have either CIFS/NFS clients or an iscsi initiator. All of these are readily available in most popular OSs. 14
15 Figure 8: CloudLink Secure Network Storage Mode Network While many encryption and VPN solutions on the market require the vswitch to be put in promiscuous mode in order to connect the encryption virtual appliance with the VMs requiring its services, with CloudLink this is not a requirement. In order to increase network security and prevent hostile eavesdropping on vswitch traffic, when connecting a vnode to a vswitch, ensure that the vswitch is configured with non-promiscuous mode. There is a variant of CloudLink deployment where no tunnel is configured. This is useful when the owner or administrator of the Vblock System is also the owner of the data in need of encryption. In such a case, there is no distinction between the provider and the consumer of the service and, to simplify deployment, only the Gateway is deployed and it serves as both the management center for CloudLink and the storage encryptor. When two virtualized data infrastructures are at different physical locations, as in the case of an enterprise data center and a service provider data center, the two parties can be connected using the encrypted tunnel. CloudLink allows two options for configuring the connection between the Gateway and vnode: Layer 2 and Layer 3 modes. In Layer 2 mode, as shown in Figure 9, the tunnel creates a seamless network extension between the two networks. When configured in this mode, no user network configuration change is necessary. This mode is useful when users have control over a private IP subnet configuration in the provider data center, typically within the same enterprise infrastructure. vcloud Director allows users the choice of an IP subnet in their virtual data center configuration on the provider side as well. 15
16 Figure 9: CloudLink Layer 2 Networking Layer 3 mode is useful when users do not have control over an IP subnet configuration in the provider data center, as when a enterprise establishes a connection to a cloud service provider that automatically allocates IP subnets to users. Figure 10: CloudLink Layer 3 Networking 16
17 Solution Validation The test environment was as described in the Solution Architecture Overview section, with testing performed using: Vblock System element manager clients Common web browsers IOmeter and Dynamo clients Test Cases and Objectives The following test cases were designed to validate and demonstrate the features of CloudLink and validate its interoperability with Vblock Systems. Performance statistics were collected to understand the characteristics of encryption behavior of CloudLink under various conditions. Test cases 1 and 2 were performed in a lab environment as described in the Solution Architecture Overview section. Test cases 3 and 4 validated the CloudLink features as well as its ease of integration with RSA DPM. These two tests were performed in a separate lab where the RSA DPM platform was readily available. Table 1. Test Cases Demonstrating the Features of CloudLink on Vblock Systems Test Case # Test Case Name Objectives 1 CloudLink installation on Vblock Systems To walk through installation steps and validate the successful installation of CloudLink on Vblock Systems 2 Data encryption: Simulated application profile tests 3 Data encryption: Selected functional evaluation of the encryption features To observe the effect of encryption on simulated application loads generated by the IOmeters test tool To validate selected features of the CloudLink encryption software 4 Interoperability test with RSA DPM To demonstrate the interoperability and manageability between CloudLink and RSA DPM in an enterprise environment Test Case 1 - CloudLink Installation on Vblock Systems Procedure 1. Make sure that the installation environment adheres to the minimum requirements listed in the Installation Requirements section of the CloudLink Secure VSA for VMware vsphere Deployment Guide (November 2012 Version 1.1) 2. Install and configure the CloudLink Gateway Appliance 3. Deploy and configure CloudLink vnode in vsphere a. Configure all interfaces b. Allocate virtual storage to the vnode 17
18 c. Provision the vnode in vcenter as an NFS data store Results The initial setup took less than one hour for the initial setup of one Gateway and one vnode, with the first time user (tester) following the installation manual. As a result of the successful installation, the link between the Gateway and vnodes was depicted as a green line on the CloudLink Center topology map. The storage was unlocked and available. Test Case 2 - Data Encryption: Simulated Application Profile Tests Procedure Using the IOmeter application profiles, data traffic was generated simulating the characteristics of the following three types of applications: Database File server Web server Figure 14 includes a list of the profile test patterns generated by the IOmeter test tool. % of Access Specification Transfer Size Request % Reads % Random File Server Access Pattern (as defined by Intel) 10% 0.5 KB 80% 100% 5% 1 KB 80% 100% 5% 2 KB 80% 100% 60% 4 KB 80% 100% 2% 8 KB 80% 100% 4% 16 KB 80% 100% 4% 32 KB 80% 100% 10% 64 KB 80% 100% Database Access Pattern (as defined by Intel/StorageReview.com) 100% 8 KB 67% 100% Web Server Access Pattern (as defined by Tom's Hardware.com) 22%.5 KB 100% 100% 15% 1 KB 100% 100% 8% 2 KB 100% 100% 23% 4 KB 100% 100% 15% 8 KB 100% 100% 2% 16 KB 100% 100% 6% 32 KB 100% 100% 7% 64 KB 100% 100% 1% 128 KB 100% 100% 1% 512 KB 100% 100% Figure 14: IOmeter Generated Test Profiles 18
19 The simulated traffic was tested against one and two vnode instances. Each vnode represented a separate encryption data store. First, the native performance of Vblock Systems was measured by directing the storage traffic directly to the Vblock System s physical storage, bypassing CloudLink. The associated measured performance is referred to as Native results. Then the same traffic was passed through vnode, which performs encryption and decryption of the storage data. These results are referred to as CloudLink results. Native and CloudLink tests were performed with one workload and two workloads, respectively, called 1x and 2x results. For comparison, the ratio of CloudLink results to native results for both sets of tests was then calculated. Results As illustrated in Figure 15, the encrypted throughput was 95% or better than that of unencrypted native throughput in terms of I/O per second (IOPS) database profile file server profile web server profile Figure 35: CloudLink relative storage performance results 1xCloudLink/1xNative 2xCloudLink/2xNative Test Case 3 - Data Encryption: Functional Evaluation of Select CloudLink Encryption Features The encryption of storage and the effect of operations on the encryption keys and their effect on the storage availability were tested. This test, and the following ones, was conducted in a separate environment from the first two tests due to availability of the DPM software in a different Vblock System. Procedure 1. Perform a Lock operation on storage that effectively removes and destroys the encryption key and verify that the storage is inaccessible. 2. Perform Unlock operation to test availability of the key and the match of the key to the cipher and encrypted storage. 3. Perform Change Key operation to test the key rotation procedure. Results After locking the storage, CloudLink Center displayed the storage as locked and logged the corresponding event. User VMs lost access to the encrypted storage. 19
20 Figure11: Locked CloudLink Storage Unlocking the storage was also successfully accomplished. Figure12: Unlocked CloudLink Storage A change key operation was also accomplished successfully. The key name was changed and the operation was properly logged. 20
21 Figure13: Successful Key Rotation Test Case 4 RSA Data Protection Manager Integration The ease of integration with RSA DPM with CloudLink for enterprise key management was tested. Procedure To configure RSA DPM as the CloudLink key store location: 1. Open the CloudLink Center on the Gateway using the secadmin user account. Note: Refer to the CloudLink 2.0 SecureVSA User Guide for details on accessing the CloudLink Center console. 2. On the left side of the window, at the top of the VMs list in the Topology Tree, select the Gateway. 3. Click Security tab and then the Key Store tab. 4. To configure the CloudLink to use RSA DPM for encryption key storage, click the RSA DPM link in the Location panel. 5. In the RSA DPM Configuration panel specify the RSA DPM parameters Host The RSA DPM host IP address. Port The TCP port number configured on the RSA DPM host (default 443). Security Class Name Trust Certificate The name of the security class configured on the RSA DPM host for the RSA DPM client. The RSA DPM server certificate. 21
22 Client Certificate Password The RSA DPM client certificate. The password used during the RSA DPM client certificate creation. Important: Ensure that RSA DPM server and client certificates are created and saved on the RSA DPM host. Figure 16: RSA DPM Configuration Panel in CloudLink Center 6. Click Apply to save the parameters. Results The CloudLink Gateway was configured properly and connected successfully to RSA DPM. CloudLink confirmed the event by logging an entry in the CloudLink Center action log. 22
23 Figure 17: Action Log Confirming Successful Configuration of RSA DPM as key store In the RSA DPM management console, AFORE CloudLink was listed as one of its managed clients, Figure
24 Figure 18: CloudLink Listed as Managed Client in RSA DPM Management Console 24
25 AFORE key information was available in RSA DPM, Figure 19. Figure 19: CloudLink Key Information Displayed in RSA DPM Management Console Conclusion Data encryption provides a high degree of data security, confidentiality, and privacy protection and is mandated for many industries. There are a myriad of industry-specific security standards which require encryption by IT management. These include standards for federal governments such as Federal Information Security Management Act (FISMA) Certification and Accreditation (C&A) and FedRAMP, Basel III, Federal Financial Institutions Examination Council (FFIEC) and Office of the Comptroller for the Currency (OCC) for banking, Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) for healthcare, and Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) for select critical infrastructure. Some requirements, such as Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX), and the European Union Privacy Directive, affect a broad range of organizations. Furthermore, the shift from the traditional silo-based enterprise data center to the cloud-based converged infrastructure environment necessitates new requirements for data encryption software. Encryption software needs to be able to natively support virtualized environments. It needs to understand virtualization abstractions and to navigate the virtualized components. More importantly, it also needs to support multitenant deployments where multiple user data stores or application entities are hosted within a single converged infrastructure. Data isolation and encryption are of paramount importance. AFORE CloudLink Secure VSA, combined with RSA DPM and VCE Vblock Systems provides a well-integrated and pretested solution to ensure that these requirements are met with ease. The solution offers enterprises and service providers the following advantages: 25
26 Native support of virtualized cloud environments. Data at-rest encryption throughout data centers and cloud environments Agentless implementation supporting all guest operating systems and applications, eliminating deployment, upgrade and administration challenges associated with security software installed in VMs Network extension into cloud environments via a secure VPN vcenter plug-in providing seamless a flow of management Interoperation with RSA DPM, simplifying enterprise-scale key management The CloudLink Secure VSA solution on Vblock Systems reduces complexity and alleviates concerns when implementing data encryption in a virtualized converged infrastructure so that enterprises and service providers can focus on their core business, making managing Vblock Systems cloud infrastructure easier and simpler, with a lower cost of ownership. For More Information For more information about CloudLink, go to For more information on Vblock Systems, go to For more information on EMC RSA Data Protection Manager, go to For more information on Intel AES instructions, go to 26
PROTECTING DATA IN MULTI-TENANT CLOUDS
1 Introduction Today's business environment requires organizations of all types to reduce costs and create flexible business processes to compete effectively in an ever-changing marketplace. The pace of
More informationEMC ENCRYPTION AS A SERVICE
White Paper EMC ENCRYPTION AS A SERVICE With CloudLink SecureVSA Data security for multitenant clouds Transparent to applications Tenant control of encryption keys EMC Solutions Abstract This White Paper
More informationCloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds
- The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds February 2011 1 Introduction Today's business environment requires organizations
More informationImplementation Guide for EMC for VSPEX Private Cloud Environments. CloudLink Solution Architect Team
VSPEX IMPLEMENTATION GUIDE CloudLink SecureVSA Implementation Guide for EMC for VSPEX Private Cloud Environments CloudLink Solution Architect Team Abstract This Implementation Guide describes best practices
More informationwww.vce.com SAP Landscape Virtualization Management Version 2.0 on VCE Vblock System 700 series
www.vce.com SAP Landscape Virtualization Management Version 2.0 on VCE Vblock System 700 series Version 1.1 December 2014 THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." VCE MAKES NO REPRESENTATIONS
More informationWhite Paper. SAP NetWeaver Landscape Virtualization Management on VCE Vblock System 300 Family
White Paper SAP NetWeaver Landscape Virtualization Management on VCE Vblock System 300 Family Table of Contents 2 Introduction 3 A Best-of-Breed Integrated Operations Architecture 3 SAP NetWeaver Landscape
More informationA Comprehensive Cloud Management Platform with Vblock Systems and Cisco Intelligent Automation for Cloud
WHITE PAPER A Comprehensive Cloud Management Platform with Vblock Systems and Cisco Intelligent Automation for Cloud Abstract Data center consolidation and virtualization have set the stage for cloud computing.
More informationMANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS
VCE Word Template Table of Contents www.vce.com MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS January 2012 VCE Authors: Changbin Gong: Lead Solution Architect Michael
More informationVBLOCK SOLUTION FOR SAP APPLICATION HIGH AVAILABILITY
Vblock Solution for SAP Application High Availability Table of Contents www.vce.com VBLOCK SOLUTION FOR SAP APPLICATION HIGH AVAILABILITY Version 2.0 February 2013 1 Copyright 2013 VCE Company, LLC. All
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationA ROAD MAP FOR GEOSPATIAL INFORMATION SYSTEM APPLICATIONS ON VBLOCK INFRASTRUCTURE PLATFORMS
A ROAD MAP FOR GEOSPATIAL INFORMATION SYSTEM APPLICATIONS ON VBLOCK INFRASTRUCTURE PLATFORMS June 2011 WHITE PAPER 2011 VCE Company LLC, All rights reserved. 1 Table of Contents Executive Overview... 3
More informationVMware vsphere Data Protection 6.0
VMware vsphere Data Protection 6.0 TECHNICAL OVERVIEW REVISED FEBRUARY 2015 Table of Contents Introduction.... 3 Architectural Overview... 4 Deployment and Configuration.... 5 Backup.... 6 Application
More informationEMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION
EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION Automated file synchronization Flexible, cloud-based administration Secure, on-premises storage EMC Solutions January 2015 Copyright 2014 EMC Corporation. All
More informationPrivate Cloud Migration
W H I T E P A P E R Infrastructure Performance Analytics Private Cloud Migration Infrastructure Performance Validation Use Case October 2012 Table of Contents Introduction 3 Model of the Private Cloud
More informationREDEFINE SIMPLICITY TOP REASONS: EMC VSPEX BLUE FOR VIRTUALIZED ENVIRONMENTS
REDEFINE SIMPLICITY AGILE. SCALABLE. TRUSTED. TOP REASONS: EMC VSPEX BLUE FOR VIRTUALIZED ENVIRONMENTS Redefine Simplicity: Agile, Scalable and Trusted. Mid-market and Enterprise customers as well as Managed
More informationDRIVING BUSINESS VALUE WITH VBLOCK INFRASTRUCTURE PLATFORMS
DRIVING BUSINESS VALUE WITH VBLOCK INFRASTRUCTURE PLATFORMS Private clouds, built on pervasive virtual infrastructures, are increasingly appealing to organizations looking to deliver IT resources to end
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationEMC DATA DOMAIN ENCRYPTION A Detailed Review
White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to
More informationVMware Virtual SAN Backup Using VMware vsphere Data Protection Advanced SEPTEMBER 2014
VMware SAN Backup Using VMware vsphere Data Protection Advanced SEPTEMBER 2014 VMware SAN Backup Using VMware vsphere Table of Contents Introduction.... 3 vsphere Architectural Overview... 4 SAN Backup
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationWhite. Paper. Innovate, Integrate, and Accelerate Virtualization. with Vblock Infrastructure Packages. May, 2010
White Paper Innovate, Integrate, and Accelerate Virtualization with Vblock Infrastructure Packages By Mark Bowker May, 2010 This ESG White Paper was commissioned by EMC and is distributed under license
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationWhy is the V3 appliance so effective as a physical desktop replacement?
V3 Appliance FAQ Why is the V3 appliance so effective as a physical desktop replacement? The V3 appliance leverages local solid-state storage in the appliance. This design allows V3 to dramatically reduce
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationSimpliVity OmniStack with Vormetric Transparent Encryption
SimpliVity OmniStack with Vormetric Transparent Encryption Page 1 of 12 Table of Contents Executive Summary... 3 Audience... 3 Solution Overview... 3 Simplivity Introduction... 3 Why Simplivity For Virtualized
More informationEMC BACKUP-AS-A-SERVICE
Reference Architecture EMC BACKUP-AS-A-SERVICE EMC AVAMAR, EMC DATA PROTECTION ADVISOR, AND EMC HOMEBASE Deliver backup services for cloud and traditional hosted environments Reduce storage space and increase
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationRemote PC Guide Series - Volume 1
Introduction and Planning for Remote PC Implementation with NETLAB+ Document Version: 2016-02-01 What is a remote PC and how does it work with NETLAB+? This educational guide will introduce the concepts
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationVMware Virtual Infrastucture From the Virtualized to the Automated Data Center
VMware Virtual Infrastucture From the Virtualized to the Automated Data Center Senior System Engineer VMware Inc. ngalante@vmware.com Agenda Vision VMware Enables Datacenter Automation VMware Solutions
More informationVMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014
VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014 Table of Contents Introduction.... 3 Features and Benefits of vsphere Data Protection... 3 Additional Features and Benefits of
More informationVMware vsphere 5.1 Advanced Administration
Course ID VMW200 VMware vsphere 5.1 Advanced Administration Course Description This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter.
More informationVMware@SoftLayer Cookbook Disaster Recovery (DR)
VMware@SoftLayer Cookbook Disaster Recovery (DR) IBM Global Technology Services: Khoa Huynh (khoa@us.ibm.com) Daniel De Araujo (ddearaujo@us.ibm.com) Bob Kellenberger (kellenbe@us.ibm.com) VMware: Merlin
More informationvcloud Air Disaster Recovery Technical Presentation
vcloud Air Disaster Recovery Technical Presentation Agenda 1 vcloud Air Disaster Recovery Overview 2 What s New 3 Architecture 4 Setup and Configuration 5 Considerations 6 Automation Options 2 vcloud Air
More informationSimplified Private Cloud Management
BUSINESS PARTNER ClouTor Simplified Private Cloud Management ClouTor ON VSPEX by LOCUZ INTRODUCTION ClouTor on VSPEX for Enterprises provides an integrated software solution for extending your existing
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationINCORPORATING CLOUDLINK SECUREVSA OFFERINGS IN EMC VSPEX DESIGNS
INCORPORATING CLOUDLINK SECUREVSA OFFERINGS IN EMC VSPEX DESIGNS 2014 CloudLink Technologies Inc. All rights reserved. The Copyright in this document belongs to CloudLink Technologies Inc. and no part
More informationThe Advantages of Cloud Services
Cloud-Based Services: Assure Performance, Availability, and Security What You Will Learn Services available from the cloud offer cost and efficiency benefits to businesses, but until now many customers
More informationINTEGRATING CLOUD ORCHESTRATION WITH EMC SYMMETRIX VMAX CLOUD EDITION REST APIs
White Paper INTEGRATING CLOUD ORCHESTRATION WITH EMC SYMMETRIX VMAX CLOUD EDITION REST APIs Provisioning storage using EMC Symmetrix VMAX Cloud Edition Using REST APIs for integration with VMware vcloud
More informationSecurity. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;
Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization
More informationBuilding the Private cloud
Building the Private cloud Yiannis Psichas Senior Technology Consultant Psichas_yiannis@emc.com 1 IT Infrastructure Needs to Change 77% keeping the lights on 23% delivering new capabilities Too much complexity.
More informationLEVERAGE VBLOCK SYSTEMS FOR Esri s ArcGIS SYSTEM
Leverage Vblock Systems for Esri's ArcGIS System Table of Contents www.vce.com LEVERAGE VBLOCK SYSTEMS FOR Esri s ArcGIS SYSTEM August 2012 1 Contents Executive summary...3 The challenge...3 The solution...3
More informationTesting Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES
Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...
More informationEMC Data Domain Boost for Oracle Recovery Manager (RMAN)
White Paper EMC Data Domain Boost for Oracle Recovery Manager (RMAN) Abstract EMC delivers Database Administrators (DBAs) complete control of Oracle backup, recovery, and offsite disaster recovery with
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationBenefits of Consolidating and Virtualizing Microsoft Exchange and SharePoint in a Private Cloud Environment
. The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Benefits of Consolidating and Virtualizing
More informationA Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief
A Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief With the massive growth of unstructured data in today s enterprise environments, storage IT administrators are constantly
More informationVMware vcloud Air - Disaster Recovery User's Guide
VMware vcloud Air - Disaster Recovery User's Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationVMware vsphere: [V5.5] Admin Training
VMware vsphere: [V5.5] Admin Training (Online Remote Live TRAINING) Summary Length Timings : Formats: Lab, Live Online : 5 Weeks, : Sat, Sun 10.00am PST, Wed 6pm PST Overview: This intensive, extended-hours
More informationAvailability for the modern datacentre Veeam Availability Suite v8 & Sneakpreview v9
Veeam Summer School Availability for the modern datacentre Veeam Availability Suite v8 & Sneakpreview v9 Jan van Leuken System Engineer Benelux, Veeam Software jan.vanleuken@veeam.com +31 (0)615 83 50
More informationEMC DATA DOMAIN OPERATING SYSTEM
ESSENTIALS HIGH-SPEED, SCALABLE DEDUPLICATION Up to 58.7 TB/hr performance Reduces protection storage requirements by 10 to 30x CPU-centric scalability DATA INVULNERABILITY ARCHITECTURE Inline write/read
More informationBuilding the Virtual Information Infrastructure
Technology Concepts and Business Considerations Abstract A virtual information infrastructure allows organizations to make the most of their data center environment by sharing computing, network, and storage
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationVirtual Data Centre. User Guide
Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10
More informationEMC Backup and Recovery for Microsoft Exchange 2007 SP2
EMC Backup and Recovery for Microsoft Exchange 2007 SP2 Enabled by EMC Celerra and Microsoft Windows 2008 Copyright 2010 EMC Corporation. All rights reserved. Published February, 2010 EMC believes the
More informationPROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT
White Paper PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT Abstract This white paper examines the deployment considerations for ProSphere, the next generation of Storage Resource Management (SRM) from
More informationHow to Backup and Restore a VM using Veeam
How to Backup and Restore a VM using Veeam Table of Contents Introduction... 3 Assumptions... 3 Add ESXi Server... 4 Backup a VM... 6 Restore Full VM... 12 Appendix A: Install Veeam Backup & Replication
More informationPerformance characterization report for Microsoft Hyper-V R2 on HP StorageWorks P4500 SAN storage
Performance characterization report for Microsoft Hyper-V R2 on HP StorageWorks P4500 SAN storage Technical white paper Table of contents Executive summary... 2 Introduction... 2 Test methodology... 3
More informationEMC ISILON OneFS OPERATING SYSTEM Powering scale-out storage for the new world of Big Data in the enterprise
EMC ISILON OneFS OPERATING SYSTEM Powering scale-out storage for the new world of Big Data in the enterprise ESSENTIALS Easy-to-use, single volume, single file system architecture Highly scalable with
More informationEMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter
EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, VMware vcenter Converter A Detailed Review EMC Information Infrastructure Solutions Abstract This white paper
More informationVMware vsphere 5.0 Boot Camp
VMware vsphere 5.0 Boot Camp This powerful 5-day 10hr/day class is an intensive introduction to VMware vsphere 5.0 including VMware ESX 5.0 and vcenter. Assuming no prior virtualization experience, this
More informationRSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2
RSA Authentication Manager 8.1 Setup and Configuration Guide Revision 2 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
More informationRSA Authentication Manager 8.1 Virtual Appliance Getting Started
RSA Authentication Manager 8.1 Virtual Appliance Getting Started Thank you for purchasing RSA Authentication Manager 8.1, the world s leading two-factor authentication solution. This document provides
More informationVMware vsphere Data Protection 6.1
VMware vsphere Data Protection 6.1 Technical Overview Revised August 10, 2015 Contents Introduction... 3 Architecture... 3 Deployment and Configuration... 5 Backup... 6 Application Backup... 6 Backup Data
More informationTECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage
TECHNICAL PAPER Veeam Backup & Replication with Nimble Storage Document Revision Date Revision Description (author) 11/26/2014 1. 0 Draft release (Bill Roth) 12/23/2014 1.1 Draft update (Bill Roth) 2/20/2015
More informationCA Cloud Overview Benefits of the Hyper-V Cloud
Benefits of the Hyper-V Cloud For more information, please contact: Email: sales@canadianwebhosting.com Ph: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com) is an independent company, hereinafter
More informationHow to Achieve Operational Assurance in Your Private Cloud
How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational
More informationVirtualclientTechnology 2011 July
WHAT S NEW IN VSPHERE VirtualclientTechnology 2011 July Agenda vsphere Platform Recap vsphere 5 Overview Infrastructure Services Compute, Storage, Network Applications Services Availability, Security,
More informationCisco ASA 1000V Cloud Firewall
Data Sheet Cisco ASA 1000V Cloud Firewall Product Overview The Cisco ASA 1000V Cloud Firewall extends the proven Adaptive Security Appliance security platform to consistently secure the tenant edge in
More informationEMC Security for Microsoft Exchange Solution: Data Loss Prevention and Secure Access Management
EMC Security for Microsoft Exchange Solution: Data Loss Prevention and Applied Technology Abstract Securing a Microsoft Exchange e-mail environment presents a myriad of challenges and compliance issues
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More informationCA Automation Suite for Data Centers
PRODUCT SHEET CA Automation Suite for Data Centers agility made possible Technology has outpaced the ability to manage it manually in every large enterprise and many smaller ones. Failure to build and
More informationOmniCube. SimpliVity OmniCube and Multi Federation ROBO Reference Architecture. White Paper. Authors: Bob Gropman
OmniCube SimpliVity OmniCube and Multi Federation ROBO Reference Architecture White Paper Authors: Bob Gropman Date: April 13, 2015 SimpliVity and OmniCube are trademarks of SimpliVity Corporation. All
More informationVMware vsphere Design. 2nd Edition
Brochure More information from http://www.researchandmarkets.com/reports/2330623/ VMware vsphere Design. 2nd Edition Description: Achieve the performance, scalability, and ROI your business needs What
More informationVeeam Cloud Connect. Version 8.0. Administrator Guide
Veeam Cloud Connect Version 8.0 Administrator Guide April, 2015 2015 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be
More informationConsolidate and Virtualize Your Windows Environment with NetApp and VMware
White Paper Consolidate and Virtualize Your Windows Environment with NetApp and VMware Sachin Chheda, NetApp and Gaetan Castelein, VMware October 2009 WP-7086-1009 TABLE OF CONTENTS 1 EXECUTIVE SUMMARY...
More informationVMware vsphere 4.1 with ESXi and vcenter
VMware vsphere 4.1 with ESXi and vcenter This powerful 5-day class is an intense introduction to virtualization using VMware s vsphere 4.1 including VMware ESX 4.1 and vcenter. Assuming no prior virtualization
More informationvcloud Suite Architecture Overview and Use Cases
vcloud Suite Architecture Overview and Use Cases vcloud Suite 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationEMC DATA DOMAIN OPERATING SYSTEM
EMC DATA DOMAIN OPERATING SYSTEM Powering EMC Protection Storage ESSENTIALS High-Speed, Scalable Deduplication Up to 58.7 TB/hr performance Reduces requirements for backup storage by 10 to 30x and archive
More informationABC of Storage Security. M. Granata NetApp System Engineer
ABC of Storage Security M. Granata NetApp System Engineer Encryption Challenges Meet Regulatory Requirements No Performance Impact Ease of Installation Government and industry regulations mandate protection
More informationDESIGN AND IMPLEMENTATION GUIDE EMC DATA PROTECTION OPTION NS FOR VSPEXX PRIVATE CLOUD EMC VSPEX December 2014
DESIGN AND IMPLEMENTATION GUIDE EMC DATA PROTECTION OPTIONS FOR VSPEX PRIVATE CLOUD EMC VSPEX December 2014 Copyright 2013-2014 EMC Corporation. All rights reserved. Published in USA. Published December,
More informationATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V
ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V WHITE PAPER 4 Ways to Weave Security and Storage Into 1
More informationMicrosoft SMB File Sharing Best Practices Guide
Technical White Paper Microsoft SMB File Sharing Best Practices Guide Tintri VMstore, Microsoft SMB 3.0 Protocol, and VMware 6.x Author: Neil Glick Version 1.0 06/15/2016 @tintri www.tintri.com Contents
More informationVmware VSphere 6.0 Private Cloud Administration
To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Vmware VSphere 6.0 Private Cloud Administration Class Duration 5 Days Introduction This fast paced,
More informationvsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration
Course Details Level: 1 Course: V6PCRE Duration: 5 Days Language: English Delivery Methods Instructor Led Training Instructor Led Online Training Participants: Virtualization and Cloud Administrators,
More informationLessons learned in running virtualized SAP HANA & SAP NetWeaver in a long distance Hybrid Cloud
Lessons learned in running virtualized SAP HANA & SAP NetWeaver in a long distance Hybrid Cloud Rajesh Gupta Deloitte Consulting LLP SESSION CODE: BT506 Introduction Rajesh Gupta - rajgupta@deloitte.com
More informationCloud Optimize Your IT
Cloud Optimize Your IT Windows Server 2012 The information contained in this presentation relates to a pre-release product which may be substantially modified before it is commercially released. This pre-release
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationNET ACCESS VOICE PRIVATE CLOUD
Page 0 2015 SOLUTION BRIEF NET ACCESS VOICE PRIVATE CLOUD A Cloud and Connectivity Solution for Hosted Voice Applications NET ACCESS LLC 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of
More informationMaxta Storage Platform Enterprise Storage Re-defined
Maxta Storage Platform Enterprise Storage Re-defined WHITE PAPER Software-Defined Data Center The Software-Defined Data Center (SDDC) is a unified data center platform that delivers converged computing,
More informationVBLOCK SOLUTION FOR SAP: SIMPLIFIED PROVISIONING FOR OPERATIONAL EFFICIENCY
VBLOCK SOLUTION FOR SAP: SIMPLIFIED PROVISIONING FOR OPERATIONAL EFFICIENCY August 2011 2011 VCE Company, LLC. All rights reserved. 1 Table of Contents Introduction... 3 Purpose... 3 Audience... 3 Scope...
More informationCisco Virtual Wide Area Application Services: Technical Overview
Cisco Virtual Wide Area Application Services: Technical Overview What You Will Learn Organizations are offering private and virtual private cloud-based application delivery over the WAN to their end users
More informationSolution Overview VMWARE PROTECTION WITH EMC NETWORKER 8.2. White Paper
White Paper VMWARE PROTECTION WITH EMC NETWORKER 8.2 Solution Overview Abstract This white paper describes the integration of EMC NetWorker with VMware vcenter. It also includes details on the NetWorker
More informationVBLOCK GRC SOLUTION WITH RSA (GOVERNANCE, RISK, AND COMPLIANCE)
VCE Word Template Table of Contents www.vce.com VBLOCK GRC SOLUTION WITH RSA (GOVERNANCE, RISK, AND COMPLIANCE) August 2011 1 Contents Executive Summary... 3 The Challenge... 3 The Solution... 4 Governance,
More informationServer and Storage Sizing Guide for Windows 7 TECHNICAL NOTES
Server and Storage Sizing Guide for Windows 7 TECHNICAL NOTES Table of Contents About this Document.... 3 Introduction... 4 Baseline Existing Desktop Environment... 4 Estimate VDI Hardware Needed.... 5
More informationVBLOCK SOLUTION FOR SAP: SAP APPLICATION AND DATABASE PERFORMANCE IN PHYSICAL AND VIRTUAL ENVIRONMENTS
Vblock Solution for SAP: SAP Application and Database Performance in Physical and Virtual Environments Table of Contents www.vce.com V VBLOCK SOLUTION FOR SAP: SAP APPLICATION AND DATABASE PERFORMANCE
More informationAvailability for your modern datacenter
Availability for your modern datacenter - Agentless backup and replication for VMware and Hyper-V - Scalable, powerful, easy-to-use, affordable Veeam Availability protection for the Always-On Business
More information