ABC of Storage Security. M. Granata NetApp System Engineer

Similar documents
Enabling Multi-Tenancy with NetApp MultiStore

Implementing Enhanced Secure Multi-tenancy Solutions (IESMT)

Potecting your business assets in The Cloud, with. Secure Multitency Environment from CloudHPT.

MultiStore Secure Multi-Tenancy for Shared Storage Infrastructure. Sales Representative Name

NetApp Storage. Krzysztof Celmer NetApp Poland. Virtualized Dynamic Infrastructure. Applications. Virtualized Storage. Servers

10th TF-Storage Meeting

VMware vsphere on NetApp. Course: 5 Day Hands-On Lab & Lecture Course. Duration: Price: $ 4, Description:

How To Encrypt Data On Netapp On A Server On A Microsoft Flash On A Flash Ona2 On A Mini Hard Drive On A Network On A Hard Drive (Flash) On A Computer Or Hard Drive With A Harddrive (Flash On

Delivering Unprecedented Innovation to Create Flexible Virtual Environments

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

FlexPod for VMware The Journey to Virtualization and the Cloud

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Unified Storage for the Private Cloud Dennis Chapman NetApp

Storage Protocol Comparison White Paper TECHNICAL MARKETING DOCUMENTATION

The Dynamic Data Center

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Product Overview. UNIFIED COMPUTING Managed Hosting - Storage Data Sheet

Journey to the Private Cloud. Key Enabling Technologies

Extend the Benefits of VMware vsphere with NetApp Storage

Cloud Optimize Your IT

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

EMC VSPEX END-USER COMPUTING

Storage Multi-Tenancy for Cloud Computing. Paul Feresten, NetApp; SNIA Cloud Storage Initiative Member

Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation

THE FIRST LOCAL ENTERPRISE CLOUD STORAGE FEATURES. Enterprise iscsi (Block) & NFS/ CIFS (File) Storage-as-a-Service

Entry level solutions: - FAS 22x0 series - Ontap Edge. Christophe Danjou Technical Partner Manager

Emulex OneConnect 10GbE NICs The Right Solution for NAS Deployments

Who Will Be The Cloud Service Broker?

Fibre Channel and iscsi Configuration Guide

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security

FAMILY BROCHURE Sensitive data is everywhere. So are we.

Introduction to NetApp Infinite Volume

Datasheet The New NetApp FAS3200 Series Enables Flash, Clustering to Improve IT Agility and Performance

SimpliVity OmniStack with Vormetric Transparent Encryption

Datasheet NetApp FAS8000 Series

ADVANCED NETWORK CONFIGURATION GUIDE

FlexArray Virtualization

CASE STUDY SAGA - FcoE

Managing Massive Data Growth to Keep Pace with Regulatory Change

Introducing NetApp FAS2500 series. Marek Stopka Senior System Engineer ALEF Distribution CZ s.r.o.

Secure Cloud Architecture

Configuration Maximums VMware Infrastructure 3

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency

Cisco ASA 1000V Cloud Firewall

QoS & Traffic Management

SOLUTION WHITE PAPER. BMC Manages the Full Service Stack on Secure Multi-tenant Architecture

CON Software-Defined Networking in a Hybrid, Open Data Center

EMC Backup and Recovery for Microsoft Exchange 2007 SP2

Interoperability of Bloombase StoreSafe and Thales e-security keyauthority for Data At- Rest Encryption

<Insert Picture Here> Infrastructure as a Service (IaaS) Cloud Computing for Enterprises

Building the Virtual Information Infrastructure

Private Cloud Migration

Cloud Computing the Path to Increased Efficiencies and Cost Savings for Government Agencies

How To Evaluate Netapp Ethernet Storage System For A Test Drive

Lecture 02a Cloud Computing I

Virtual Computing Environment Coalition

vsphere 6.0 Advantages Over Hyper-V

Taking Software. FlexPod. Defined Storage to the Next Level with. José Martins NetApp Portugal

PROTECTING DATA IN MULTI-TENANT CLOUDS

Xangati Storage Solution Brief. Optimizing Virtual Infrastructure Storage Systems with Xangati

Configuration Maximums

Why Cisco for Cloud? IT Service Delivery, Orchestration and Automation

EMC DATA DOMAIN OPERATING SYSTEM

EMC ENCRYPTION AS A SERVICE

EMC DATA DOMAIN OPERATING SYSTEM

Performance Testing at Scale

RE Cloud from Richardson Eyres

Cisco Data Center Optimization Services

Uncompromised business agility with Oracle, NetApp and VMware

RFP-MM Enterprise Storage Addendum 1

June Blade.org 2009 ALL RIGHTS RESERVED

VMware vsphere 5.1 Advanced Administration

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

Empowering Private Cloud with Next Generation Infrastructure. Martin Ip, Head of Advanced Solutions and Services Macroview Telecom

Pricing - overview of available configurations

Securing Virtual Applications and Servers

Alliance Key Manager Solution Brief

THE CLOUD STORAGE ARGUMENT

Datasheet NetApp FAS6200 Series

MaxDeploy Ready. Hyper- Converged Virtualization Solution. With SanDisk Fusion iomemory products

Emulex OneConnect 10GbE NICs The Right Solution for NAS Deployments

Using NetApp Unified Connect to Create a Converged Data Center

Sanbolic s SAN Storage Enhancing Software Portfolio

Server and Storage Virtualization with IP Storage. David Dale, NetApp

Oracle Solutions on Top of VMware vsphere 4. Saša Hederić VMware Adriatic

Storage Infrastructure for Cloud Computing NetApp Is the Technology Partner of Choice

Enterprise-Wide Storage Security with. Decru DataFort Appliances

Microsoft SQL Server 2012 on Cisco UCS with iscsi-based Storage Access in VMware ESX Virtualization Environment: Performance Study

EMC Unified Storage for Microsoft SQL Server 2008

VMware vcloud Networking and Security

Boas Betzler. Planet. Globally Distributed IaaS Platform Examples AWS and SoftLayer. November 9, IBM Corporation

Hedvig Distributed Storage Platform with Cisco UCS

Benefits of Fibre Channel (FC) SANs

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

VIRTUALIZATION. While not a new concept virtualization has hit the main stream over the last few

Building Storage Service in a Private Cloud

SECURITY SUMMIT 06/06/2013 Roma STORAGE FORENSICS. Litiano Piccin (NCDA-NCIE/SAN)

Transcription:

ABC of Storage Security M. Granata NetApp System Engineer

Encryption Challenges Meet Regulatory Requirements No Performance Impact Ease of Installation Government and industry regulations mandate protection of data at rest; for example, FIPS 197, California SB 1386, PCI, HIPAA, Basel II and so on Encrypt data at wire speeds No impact to existing applications Have requirement for no additional CPU overhead Plug seamlessly into current IT environment Realize zero downtime or disruption to workflow Make no modifications to hosts, servers, applications, or forklift upgrades to storage Scalability As data grows, scale cost-effectively

NetApp Storage Security Value Proposition NetApp Storage Security will help you to: Meet regulatory requirements Secure data at rest Enforce separation for multi-tenancy applications Enable data privacy

Pillars of Storage Security and Privacy NAS SafeNet FDE NetApp NetApp Multi-Tenancy Key Management SafeNet

SafeNet StorageSecure Next Generation NAS Encryption Transparent network-based file and block encryption: Windows, UNIX, Linux, and Solaris Targeted at IP-SAN and NAS Industry standard protocols 1-GbE and 10-GbE interfaces Encryption keys managed through KeySecure Low latency, wire-speed encryption and decryption engine High reliability

SafeNet KeySecure k460 Universal Enterprise Key Management: NetApp Fort (all models) NetApp Lifetime Key Management appliance NetApp Storage Encryption Brocade Encryption Switch SafeNet StorageSecure Compliance with OASIS Key Management Interoperability Protocol (KMIP) ensures broad compatibility with future encryption products across all participating vendors.

NSE: Full Disk Encryption (FDE) Always-on Protection Simple set and forget, no configuration Protects your data when returning spares, repurposing, upgrading, or moving Optimized Performance Minimal performance impact (<1%) Works with NetApp storage efficiency and AV scanning Standards Based Security AES 128or 256 bit encryption (drive specific) FIPS 140-2 level 2 validated drives Trusted Computing Group (TCG) Standards-based KMIP server for key management 600 GB SAS ot 3 TB SATA 7 7

How Does NSE Work? The Authentication Key is backed up to the external KMIP Server and retrieved only during ONTAP startup Authentication Key wraps the Disk Key in order to lock the drive Disk Key resides on the drive and is used to encrypt/decrypt data 8

The Security Challenge ERP Apps HR Apps CRM Apps Secure environments traditionally require dedicated resources Inefficient and inflexible Costly to deploy and manage Low utilization rates Difficult to change ERP HR CRM How to gain efficiencies of virtualization while maintaining security? 9

What is a Tenant? An organizational unit within a shared infrastructure used to group objects or entities with common requirements and administrative isolation Examples include but are not limited to: Customers Applications Business Units Customers Applications A B App1 App2 Shared Infrastructure Business Units Departments Departments Finance Sales Dept A Dept B 10

Adding Security to Virtualized Infrastructure No Compromise: Share, Control, and Improve Efficiency Apps Servers Network Storage ERP HR CRM Secure Multi-tenancy End-to-end isolation Share more infrastructure across all your customers and applications Share more = save more Maintain the same control physical silos provided Increase infrastructure efficiency Reduce risks in deploying shared infrastructures 11

NetApp MultiStore Secure IP Space Discrete, private secure network partition Customer A Customer B Customer C Logical partitions within the NetApp array Secure VLAN Interface Securely maps VLANs directly to IP spaces Virtual Storage Controller Virtual Storage Controller Virtual Storage Controller Network VLAN Used to logically partition networks Separates broadcast domains NetApp provides the industry s only complete tool set for providing path isolation from the disk through the network. This level of security is mandatory for multi-tenant environments. 12

Multi-Tenancy Quality of service (QoS) Control operations or raw throughput used by tenants Control bully workloads Limit I/O to Vservers, flexible volumes, files, or LUNs LIF LIF 13

Example of Partnership Architecture - SMT vsphere, vcenter vshield Zones 2.0, Nexus 5000, 1000V, UCS, VLAN, 10GbE MultiStore, NFS, FC/oE, SnapMirror HR BU APP Solution Overview NetApp, Cisco, and VMware jointly developed end-to-end virtualized and secure Infrastructure as a Service (IaaS) End-to-end Secure Multi-Tenancy Defense in depth throughout the infrastructure Customer Benefits Proven highly scalable infrastructure supporting all applications through one unified architecture Drive significantly higher economies of scale, increased utilization, and better SLAs 14

NetApp Storage Security Summary SafeNet StorageSecure (Ethernet based) NetApp Storage Encryption (NSE) Secure Multi- Tenancy Encryption Device Protocols Supported External Appliance Based on Hard Drive OS Embedded CIFS, NFS, iscsi Protocol Independent FC/FCoE, CIFS, NFS, iscsi Encryption granularity Share/volume/iSCSI LUN Entire disk/ha pair (system level) N/A Key Management SafeNet KeySecure KMIP compatible (SafeNet KeySecure) N/A Performance 1/10Gb Ethernet 10k or 15k High Perf Drive Or 7.2k Capacity Drive Non influential Certifications FIPS 140-2 level 3 FIPS 140-2 level 2 Joint Validated design Primary Enhanced ACLs Cryptographic separation Disk theft /misplaced Non-returnable disk Shared Infrastructure Cloud Use Cases Heterogeneous storage Cloud Preserves storage efficiency Consistent QoS 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information