SimpliVity OmniStack with Vormetric Transparent Encryption



Similar documents
SimpliVity OmniStack with the HyTrust Platform

Unified Protected ROBO with SimpliVity OmniStack Hyperconverged Infrastructure

Is Hyperconverged Cost-Competitive with the Cloud?

Deep Dive on SimpliVity s OmniStack A Technical Whitepaper

VDI Without Compromise with SimpliVity OmniStack and Citrix XenDesktop

OmniCube. SimpliVity OmniCube and Multi Federation ROBO Reference Architecture. White Paper. Authors: Bob Gropman

OmniCube. SimpliVity OmniCube and Citrix XenDesktop 7. Reference Architecture. Date: November 17, 2014

Simplify IT with Hyperconvergence

Hyper-converged IT drives: - TCO cost savings - data protection - amazing operational excellence

SimpliVity Best of Both Worlds

Arif Goelmhd Goelammohamed Solutions Hyperconverged Infrastructure: The How-To and Why Now?

SimpliVity OmniStack and Microsoft Exchange Reference Architecture

Lab Validation Report

Native Data Protection with SimpliVity. Solution Brief

Whitepaper. NexentaConnect for VMware Virtual SAN. Full Featured File services for Virtual SAN

Maxta Storage Platform Enterprise Storage Re-defined

MaxDeploy Ready. Hyper- Converged Virtualization Solution. With SanDisk Fusion iomemory products

How To Build An All In One, Hyperconverged, All Inone, All-In-One, And Integrated Solution With Cisco Unix (Cisco) Cisco.Com Cisco-Uku (Cio) C

MaxDeploy Hyper- Converged Reference Architecture Solution Brief

The Power of Deduplication-Enabled Per-VM Data Protection SimpliVity s OmniCube Aligns VM and Data Management

VMware Software-Defined Storage Vision

Software-Defined Storage: What it Means for the IT Practitioner WHITE PAPER

REDEFINE SIMPLICITY TOP REASONS: EMC VSPEX BLUE FOR VIRTUALIZED ENVIRONMENTS

VMware VMware Inc. All rights reserved.

SimpliVity Simplifies IT with Hyperconvergence

Reference Architecture for OmniStack TM Integrated Solution with Cisco UCS C240

VDI Without Compromise with SimpliVity OmniStack and VMware Horizon View

VMware and Primary Data: Making the Software-Defined Datacenter a Reality

The SimpliVity Data Virtualization Engine. An Overview of the Data Architecture Powering SimpliVity s OmniCube

DIABLO TECHNOLOGIES MEMORY CHANNEL STORAGE AND VMWARE VIRTUAL SAN : VDI ACCELERATION

VMware VSAN och Virtual Volumer

The next step in Software-Defined Storage with Virtual SAN

VMware Software-Defined Storage and EVO:RAIL

Hedvig Distributed Storage Platform with Cisco UCS

VMware Software-Defined Storage & Virtual SAN 5.5.1

No matter the delivery model private, public, hybrid the cloud has the same core attributes:

Springpath Data Platform with Cisco UCS Servers

A Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief

SimpliVity OmniCube with VMware vrealize Automation

Software-Defined Storage & VMware Virtual SAN 5.5

The Power of Deduplication-Enabled Per-VM Data Protection

Introduction to VMware EVO: RAIL. White Paper

Microsoft Private Cloud Fast Track

Overview of SimpliVity s OmniCube: Cloud Economics with Enterprise Performance, Protection and Functionality

Mit Soft- & Hardware zum Erfolg. Giuseppe Paletta

Making a Smooth Transition to a Hybrid Cloud with Microsoft Cloud OS

Flash Storage Optimizing Virtual Desktop Deployments

Evaluation of Enterprise Data Protection using SEP Software

Technology Insight Series

Hyperscale Use Cases for Scaling Out with Flash. David Olszewski

Remote/Branch Office IT Consolidation with Lenovo S2200 SAN and Microsoft Hyper-V

How the Software-Defined Data Center Is Transforming End User Computing

Nutanix Solutions for Private Cloud. Kees Baggerman Performance and Solution Engineer

New Features in PSP2 for SANsymphony -V10 Software-defined Storage Platform and DataCore Virtual SAN

SQL Server Virtualization

EMC SOLUTIONS TO OPTIMIZE EMR INFRASTRUCTURE FOR CERNER

EMC BACKUP-AS-A-SERVICE

High Performance Server SAN using Micron M500DC SSDs and Sanbolic Software

VMware Virtual SAN Backup Using VMware vsphere Data Protection Advanced SEPTEMBER 2014

Nutanix Solution Note

Kaminario K2 All-Flash Array

MS Exchange Server Acceleration

CMG Canada Conference Toronto April th Anthony G. Mungal Senior Consultant

VMware vsphere Data Protection 6.0

EMC ISILON OneFS OPERATING SYSTEM Powering scale-out storage for the new world of Big Data in the enterprise

locuz.com Professional Services VSPEX BLUE Service Catalog

EMC VPLEX FAMILY. Continuous Availability and data Mobility Within and Across Data Centers

Improving IT Operational Efficiency with a VMware vsphere Private Cloud on Lenovo Servers and Lenovo Storage SAN S3200

Microsoft SMB File Sharing Best Practices Guide

EMC XtremSF: Delivering Next Generation Storage Performance for SQL Server

TECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage

REFERENCE ARCHITECTURE. PernixData FVP Software and Splunk Enterprise

Virtualization of the MS Exchange Server Environment

Product Brochure. Hedvig Distributed Storage Platform Modern Storage for Modern Business. Elastic. Accelerate data to value. Simple.

How to Backup and Restore a VM using Veeam

SteelFusion with AWS Hybrid Cloud Storage

Veeam Backup & Replication Enterprise Plus Powered by Cisco UCS: Reliable Data Protection Designed for Virtualized Environments

Nutanix Tech Note. Data Protection and Disaster Recovery

Copyright 2015 EMC Corporation. All rights reserved.

New Hitachi Virtual Storage Platform Family. Name Date

Backup and Recovery Best Practices With CommVault Simpana Software

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure

TOP FIVE REASONS WHY CUSTOMERS USE EMC AND VMWARE TO VIRTUALIZE ORACLE ENVIRONMENTS

Evolving Datacenter Architectures

Module: Business Continuity

vsphere 6.0 Advantages Over Hyper-V

Redefining Microsoft SQL Server Data Management. PAS Specification

Protect Microsoft Exchange databases, achieve long-term data retention

Big data Devices Apps

VMware vsphere Data Protection 5.8 TECHNICAL OVERVIEW REVISED AUGUST 2014

WHITE PAPER 1

Veeam Cloud Connect. Version 8.0. Administrator Guide

Windows Server 2003 Migration Guide: Nutanix Webscale Converged Infrastructure Eases Migration

Analyzing Big Data with Splunk A Cost Effective Storage Architecture and Solution

Transcription:

SimpliVity OmniStack with Vormetric Transparent Encryption Page 1 of 12

Table of Contents Executive Summary... 3 Audience... 3 Solution Overview... 3 Simplivity Introduction... 3 Why Simplivity For Virtualized Environments?... 5 Vormetric Technology... 6 Vormetric Transparent Encryption... 6 Solution Overview... 7 Customer Benefits... 7 Solution Architecture... 8 Topology... 8 Testing Infrastructure... 8 Technical Details... 9 Testing Methodology... 9 Vdbench Performance Test... 9 Simplivity Operations And Feature Test... 10 Vormetric Operation Test... 10 Test Results... 11 Vdbench... 11 Simplivity Operation Results... 11 Vormetric Operation Test Setup & Execution... 12 Best Practices... 12 Conclusion... 12 Page 2 of 12

Executive Summary This solution guide introduces SimpliVity OmniStack technology and Vormetric Transparent Encryption, as a combined solution that reduces security risks and helps to ensure compliance with regulatory requirements, while still delivering superior application performance. It discusses the interoperability of both technologies through testing conducted by SimpliVity, in collaboration with Vormetric, and provides best practices and recommendations for implementing the solution. Audience This document is intended for IT administrators who want to implement a VM encryption solution running on SimpliVity OmniStack systems within their IT datacenter. Solution Overview SimpliVity Introduction SimpliVity s hyperconverged infrastructure solution transforms the data center by virtualizing data and incorporating all IT infrastructure and services below the hypervisor into standard x86 building blocks. With 3X total cost of ownership (TCO) reduction, SimpliVity OmniStack software-defined hyperconverged infrastructure delivers the best of both worlds: the enterprise-class performance, protection and resiliency that today s organizations require, with the cloud economics businesses demand. Designed to work with any hypervisor or industry-standard x86 server platform, the SimpliVity solution provides a single, shared resource pool across the entire IT stack, eliminating point products and inefficient siloed IT architectures. The solution is distinguished from other converged infrastructure solutions by three unique attributes: accelerated data efficiency, built-in data protection functionality and global unified management capabilities. Accelerated Data Efficiency: OmniStack performs inline data deduplication, compression and optimization on all data at inception across all phases of the data lifecycle, all handled with fine data granularity of just 4KB-8KB. On average, SimpliVity customers achieve 40:1 data efficiency while simultaneously increasing application performance. Built-In Data Protection: OmniStack includes native data protection functionality, enabling business continuity and disaster recovery for critical applications and data, while eliminating the need for special-purpose backup and recovery hardware or software. OmniStack s inherent data efficiencies minimize I/O and WAN traffic, reducing backup and restore times from hours to minutes. Global Unified Management: OmniStack s VM-centric approach to management eliminates manually intensive, errorprone administrative tasks. System administrators are no longer required to manage LUNs and volumes; instead, they can manage all resources and workloads centrally, using familiar interfaces such as VMware vcenter and VMware vrealize Automation. SimpliVity packages OmniStack on popular x86 platforms either on 2U servers marketed as OmniCube, or with partner systems such as Cisco and Lenovo, marketed as OmniStack Integrated with Cisco UCS and OmniStack Solution with Lenovo System x, respectively. Page 3 of 12

An individual OmniStack node includes: A compact hardware platform - a 2U industry-standard virtualized x86 platform containing compute, memory, performance-optimized SSDs and capacity-optimized HDDs protected in hardware RAID configurations, and 10GbE network interfaces A hypervisor such as VMware vsphere/esxi OmniStack virtual controller software running on the hypervisor An OmniStack Accelerator Card a special-purpose PCIe card with an FPGA, flash, and DRAM, protected with super capacitors; the accelerator card offloads CPU-intensive functions such as data compression, deduplication and optimization from the x86 processors. (4) Servers + VMware Storage Switch (2) HA Shared Storage Backup & Dedupe WAN Optimization Cloud Gateway SSD Array One Building Block 3x TCO Savings Global Unified Management Operational Efficiency Storage Caching Data Protection Apps Enterprise Capabilities Cloud Simplicity & Economics Figure 1 Legacy Comparison Page 4 of 12

Why SimpliVity for Virtualized Environments? OmniStack was specifically designed to meet the stringent price-performance, scalability, agility and resiliency demands of today s data-intensive, highly virtualized IT environments. Key benefits and advantages include: Simplicity and superior economics: OmniStack eliminates infrastructure cost and complexity by consolidating a variety of IT functions (compute, storage, network switching, replication, backup, etc.) onto commodity virtualized x86 hardware, with global unified management. The solution contains CAPEX by eliminating IT silos, converging technology stacks, and optimizing storage capacity; and it reduces OPEX by containing power, cooling, rack space and system administration expenses. Linear scalability: The SimpliVity solution features a scale-out architecture that minimizes upfront investments and provides a high degree of flexibility and extensibility. OmniStack nodes are installed in an incremental fashion to accommodate growth, enable new applications or extend system availability. Two or more OmniStack nodes can be federated to create a massively scalable pool of shared resources that is administered as a cohesive system, with a single administrative interface. VM-centric design: OmniStack was designed from the ground up with virtualization in mind. The solution abstracts data from the underlying hardware; virtual machine files are mapped directly to blocks on storage. All data storage, management, and protection functions are inherently optimized for virtualization. And all administrative tasks including managing data protection policies, analyzing performance and troubleshooting problems are all performed at the VM level. From an administrative perspective, a datastore is simply a logical construct, decoupled from the underlying physical infrastructure. Concepts like LUNs, volumes, shares, and disk groups simply don t apply with SimpliVity. Accelerated IT service agility: OmniStack s inherent data efficiencies and VM-centric management capabilities dramatically simplify operations and boost IT service agility. With OmniStack, system administrators can spin up IT services and clone VMs in just seconds with two or three mouse clicks. High resiliency: The SimpliVity solution is designed to be highly resilient, with no single point of failure. The solution supports both RAID (redundant array of independent disks) for disk-level resiliency and RAIN (redundant array of independent nodes) for node-level resiliency. In a high availability RAIN implementation, the complete set of data associated with a VM is simultaneously written to two distinct nodes, protecting data in the event of disk or node failures. Public Cloud Figure 2 An OmniStack Federation Page 5 of 12

Vormetric Technology The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across an entire organization. Built on an extensible architecture, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management. With the platform s comprehensive, unified capabilities, an organization can efficiently scale to address expanding security and compliance requirements, while significantly reducing total cost of ownership. The Vormetric Data Security Platform delivers capabilities for transparent file-level encryption, application-layer encryption, tokenization, dynamic data masking, cloud encryption gateway, integrated key management, privileged user access control and security intelligence. With the solution, organizations can address security policies and compliance mandates across databases, files and big data nodes whether assets are located in cloud, virtualized or traditional environments. Vormetric Transparent Encryption The Transparent Encryption solution involves the Vormetric Data Security Manager and transparent encryption agents. The Data Security Manager represents the central component of the Vormetric Data Security Platform, enabling the management of multiple Vormetric products. The software appliance offers centralized capabilities for storing and managing host encryption keys, data access policies, administrative domains and administrator profiles. Vormetric Transparent Encryption features an agent that runs in the file system to provide high-performance encryption and least-privileged access controls for files, directories and volumes. This enables encryption of both structured databases and unstructured files. Unlike other encryption solutions, protection does not end after the encryption key is applied. Vormetric continues to enforce least-privileged user policies to protect against unauthorized access by users and processes, and it continues to log access. With these capabilities, you can ensure continuous protection and control of your data. The product enforces granular, least-privileged user access policies that protect data from misuse by privileged users and advanced persistent threat (APT) attacks. Granular policies can be applied by user (including for administrators with root privileges), process, file type, time of day, and other parameters. Enforcement options are very granular; they can be used to control not only permission to access clear-text data, but which file-system commands are available to a user. The platform logs all permitted, denied and restricted access attempts from users, applications and processes. These logs are all captured in the Data Security Manager, enabling administrators to get detailed insights and to efficiently track security status. This also enables easy integration with security information and event management (SIEM) systems. Page 6 of 12

The following diagram shows Vormetric Transparent Encryption architecture in a normal production environment. Solution Overview Customer Benefits SimpliVity is simplifying IT by providing a virtual computing infrastructure solution that seamlessly combines all data center infrastructure and services below the hypervisor. Delivered on x86 building blocks to create one shared resource pool for compute, primary storage and backup storage that expands by adding nodes within or across data centers. The combined SimpliVity/Vormetric solution provides enterprise performance, supporting business critical applications while ensuring security across the data life cycle. Benefits of the combined solution include: Scales and grows with your requirements: SimpliVity OmniStack enables you to scale your environment easily by adding nodes to the SimpliVity Federation. With Vormetric transparent encryption, organizations can easily expand protection of files and data as new business requirements arise across physical, virtual, cloud or big data environments. Transparent deployment: No downtime or changes are required to existing infrastructure or applications when deploying Vormetric transparent encryption on SimpliVity OmniStack systems. Supports compliance and contractual mandates: Vormetric software satisfies mandates around data encryption, file encryption, least privileged access, monitoring, and encryption key management. The broadest heterogeneous operating system and application support: Vormetric Transparent Encryption agents support Windows, Linux and Unix platforms running as VMs on SimpliVity OmniStack systems as well as most databases and all unstructured file types. Privileged user access controls: In addition to encryption and key management, the agent can enforce very granular, privileged user access policies, enabling protection of data from misuse by privileged users and APT attacks. Granular policies can be applied by user (including for administrators with root privileges), process, file type, time of day, and other parameters. Enforcement options are also very detailed; they can be used to control not only whether users can access clear-text data, but which file system commands are available. Page 7 of 12

Solution Architecture Topology The following diagram shows the topology of the environment that was tested for this solution guide. Encrypted VM s VM-1... VM-10 VM-11... VM-50 DSM AD/DC/ DNS SQL Server vcenter Server Production VM- _Clone VM-43_Restored Infrastructure 1Gbe Test & Dev 10Gbe Testing Infrastructure Hardware Model OmniStack Version Hypervisor Vdbench Guest Operating System OmniStack CN-2200 OmniStack 3.0.8 vsphere 6.0 5.04.03 Windows Server 2012 R2 HyTrust DataControl Version 5.2.3.1530 Page 8 of 12

Technical Details The test environment included three distinct pods, as shown in the diagram above. Infrastructure: All resources needed to support operations within the test bed, including Data Control components were hosted here. These components are: DC/Active Directory/DNS: Windows components used to manage servers running Windows operating systems, assign IP s etc. DSM: Data security manager software appliance that performs encryption and management SQL Server: Database for the vcenter Server vcenter Server: Management interface for Virtual Machines Production: This pod hosted all the virtual machines that were tested in this solution. The test consisted of running a sustained load on the virtual machines and validation of SimpliVity operations as well as Vormetric features. Test & Dev: This pod was used to validate that VMs remained encrypted when HA functionality of SimpliVity OmniStack systems is used. Testing Methodology Vdbench Performance Test Vdbench is a command line utility tool that is used to measure application and storage performance. A sustained load was run on 50 virtual machines and the baseline performance was measured. After, 20% of the VMs were encrypted and the same sustained load was run and performance was measured. The following profiles were used for Vdbench testing: VM Profile --2vCPU --2GB RAM --100GB Storage (50GB data drive) Load Profile --70:30 Read/Write --8K Random IO --40 IOPS per VM Significance This test was run to measure the impact of encryption on the performance of the virtual machines under sustained load that resembled a production environment closely. Page 9 of 12

SimpliVity Operations and Feature Test The following SimpliVity operations were tested and observed: VM Clone VM Backups VM Restore VM Move Deduplication Compression Significance These tests are intended to validate that SimpliVity OmniStack VM-centric data protection operations normally when encrypted using Vormetric. Vormetric Operation test Vormetric transparent encryption was installed and configured to test both the encryption of data as well as to test the capabilities of access control. Data was first encrypted and then guard points and policies were configured to enable the access control of who could encrypt/decrypt data in the guard point. Significance The capabilities of the Vormetric transparent encryption were put to the test to verify that encryption takes place and that the access control policies worked as intended. Organizations worldwide have several compliance requirements as well as the need to protect their data. Vormetric offers the ability to meet both objectives and in a way that does not affect performance negatively. Page 10 of 12

Test Results Vdbench The following graph shows the IOPS and latency for the Vdbench testing. Latency is shown for the baseline test and the encrypted test. In the graph, looking at the baseline latency of 50 VMs and latency when 20% (10 VMs) are encrypted, applying a constant load of 2000 IOPS on average across both tests, we can infer that encryption adds some overhead to performance. This overhead is expected with all encryption technologies, as the data has to be decrypted when accessed. SimpliVity Operation Results All SimpliVity operations like VM clone, backup, restore and move worked the same on encrypted VMs as they did on non-encrypted VMs. Access to encrypted volumes on cloned and restored VMs without a network path to the DSM was not available. Thus an attacker cannot misuse VM data if a copy or backup is stolen. Data efficiency features like deduplication and compression do not provide additional benefits on encrypted VMs, which is expected as encryption inhibits the ability to perform deduplication and compression in general. We recommend using Vormetric encryption capabilities, and only encrypt files and folders as needed. Page 11 of 12

Vormetric Operation Test Setup & Execution The guard points on file paths were set up and configured to only allow certain Active Directory groups or single users to encrypt/decrypt data. Data inside guard points was encrypted using AES 256 strength encryption. All SimpliVity operations worked the same whether using Vormetric Transparent Encryption or not. Thus, the title of Transparent Encryption, is very fitting. Best Practices SimpliVity recommends customers consider the following guidelines when implementing/running the combined solution: Encrypt the drive/folder within a VM before populating data. Encryption is expected to add some overhead to performance. Although the increase in latency demonstrated in the testing above was minimal, it is recommended to encrypt only the VMs or files/virtual disks that need to be encrypted. Data within a VM that needs to be encrypted can be placed on a separate virtual disk. Vormetric allows encryption granularity at a file level. To protect against failures and for disaster recover purposes, backup the Data Security Manager periodically. Take advantage of the granular access policies that can be applied to encrypted data to provide a higher level of security. Conclusion This paper demonstrates the use of Vormetric s Transparent Encryption technology to protect and secure data within virtual machines running on SimpliVity OmniStack hyperconverged infrastructure. The testing cited in this paper validates the interoperability of a combined SimpliVity OmniStack and Vormetric Transparent Encryption solution that reduces security risk while still delivering superior performance and key operational capabilities. Through the detailed testing across a range of real-world customer scenarios, the document demonstrates that the combined solution provides several core benefits, including: 1. Data encryption within a VM with deep granularity and access policies. 2. Negligible performance overhead for encrypted data. 3. SimpliVity data protection operations across encrypted and unencrypted data. For more information, visit: www.simplivity.com 2015 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Inc. All other trademarks are the property of their respective owners. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, photocopying, recording or otherwise, without prior written consent of Vormetric. 2015, SimpliVity Corporation. All rights reserved. Information described herein is furnished for informational use only, and is subject to change without notice. SimpliVity, the SimpliVity logo, OmniCube, OmniStack, and Data Virtualization Platform are trademarks or registered trademarks of SimpliVity Corporation in the United States and certain other countries. All other trademarks are the property of their respective owners. J0496_Vormetric_WP - 1215 Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information