Managed Rack Solution

Similar documents
How Zero IT Can Be. A New Way to Desktop Virtualization. Gernot Fels Product Marketing. 0 Copyright 2011 FUJITSU

Encrypting with BitLocker for disk volumes under Windows 7

Navigating Endpoint Encryption Technologies

How to Guide FUJITSU COMPUTER PRODUCTS OF AMERICA, INC E. Arques Ave., Sunnyvale, CA, Telephone: Facsimile:

10 Top Tips for Data Protection in the New Workplace

Palm and Finger Vein Scanners

ACER ProShield. Table of Contents

Windows BitLocker Drive Encryption Step-by-Step Guide

Wireless Network Security

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

DriveLock and Windows 8

NetWrix USB Blocker. Version 3.6 Administrator Guide

USING USB FLASH DISK WITH TCMS V2

What the student will need:

Chapter 4. Backup / Restore

True Authentication & Compliant Archiving

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

Vess A2000 Series. NVR Storage Appliance. Windows Recovery Instructions. Version PROMISE Technology, Inc. All Rights Reserved.

EasyLock. User Manual. Intuitive Encryption Application for portable Storage Devices

Security Architecture Whitepaper

FileMaker Server 8. Administrator s Guide

NetWrix USB Blocker Version 3.6 Quick Start Guide

Virtual Client Solution: Desktop Virtualization

VNC Server 4.4. Enterprise Edition for Mac OS X. User Guide

DriveLock and Windows 7

EndPoint Device Secures Cloud Storage

Management of Hardware Passwords in Think PCs.

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Feature Check. elux Operating Systems. Feature Check

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

Fujitsu PRIMEFLEX reference architectures

Cloud Services for Backup Exec. Planning and Deployment Guide

VPN Overview. The path for wireless VPN users

Tera Term Telnet. Introduction

CMS Operational Policy for Infrastructure Router Security

Blue Jeans Network Security Features

Secure and control how your business shares files using Hightail

Security Best Practice

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Did you know your security solution can help with PCI compliance too?

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

QUANTIFY INSTALLATION GUIDE

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

SafeGuard Enterprise User help. Product version: 6.1

Classroom Management, part of Intel Education User Manual

Goverlan Remote Control

AMD RAID Installation Guide

Manufacturer Disclosure Statement for Medical Device Security MDS 2 DEVICE DESCRIPTION MANAGEMENT OF PRIVATE DATA

Apple Server Diagnostics User Guide. For Version 3X106

Fingerprint Identity User Manual for the Griaule Biometric Framework Rev 1.00

IT Security in Process Automation - Top Ten

PalmSecureID for the EDUCATION MARKETPLACE

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

DigitalPersona Pro Enterprise

Hardware/Software Deployment Strategies. Introduction to Information System Components. Chapter 1 Part 4 of 4 CA M S Mehta, FCA

User Guide - English. FUJITSU Software ServerView Suite. Local Service Panels. Local Service Concept (LSC)

Strong Authentication for Secure VPN Access

NetWrix Server Configuration Monitor

MyUSBOnly User Guide Menu

imagepress CR Server A7000 Powered by Creo Color Server Technology For the Canon imagepress C7000VP/C6000VP/ C6000

State of South Carolina Policy Guidance and Training

Remote Desktop Services

Xserve Apple Xserve Diagnostics User Guide. For Version 3X104

Data Security and Governance with Enterprise Enabler

That Point of Sale is a PoS

Avaya TM G700 Media Gateway Security. White Paper

HACKERS vs. THE I.T. TEAM

Avaya G700 Media Gateway Security - Issue 1.0

you can count on! Develop s security standards

The Best RDP One-to-many Computing Solution. Start

HP Print Security. EPIC Technology Day Wednesday, November 19 th, 2014.

RSA SecurID Two-factor Authentication

EGOSECURE DATA PROTECTION

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Partnership to Advance Clean Energy-Deployment (PACE-D) Technical Assistance Program. Centralised Monitoring Centre.

[INSTALLING THE M2SYS BIOMETRIC SCANNING SYSTEM]

ScoMIS Encryption Service

Password Reset PRO INSTALLATION GUIDE

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

WorkSite 9 System Engineer

USER GUIDE WWPass Security for Windows Logon

User's Manual. Intego Remote Management Console User's Manual Page 1

For your eyes only - Encryption and DLP Erkko Skantz

LogMeIn HIPAA Considerations

IT Networking and Security

Cloud Tools Reference Guide. Version: GA

FTP Server Application Guide. Rev:

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

The Protection Mission a constant endeavor

Best Practice Document Hints and Tips

Beyond Remote Control Features that Take Remote Control Capabilities to the Next Level of Network Management

Backup Exec Private Cloud Services. Planning and Deployment Guide

Firewalls & Intrusion Detection

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

GoToMyPC. Remote Access Technologies: A Comparison of GoToMyPC and Microsoft Windows XP Remote Desktop

Software Licensing in Virtual Environments. Managing the Terms of Software Use in Virtualized Systems

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Using TS-ACCESS for Remote Desktop Access

Transcription:

Managed Rack Solution 0

A digitized world needs high IT Security Our networked world Enabling Services Big Data User centric Mobility Cloud Underlying Infrastructures Where is the security? 1

End-to-end Attack Points Analysis: Endpoint Transfer - Data Center Webcam and microphone (internal/external) can be activated and controlled (room surveillance possible) Screen contents can be read External HDDs, USBs can install viruses and backdoors unnoticed Remote access Transfer and control of the systems by remote access Access to critical data Administrators can access sensible data unnoticed Communication (Internet/LAN/WAN) Backdoors in active / passive network components Data is intercepted Outgoing data can be intercepted, read and manipulated Main memory saves unencrypted data BIOS, OS, driver, application can contain backdoors Mouse and keyboard input can be read Internal data media (HDD, SSD, DVD) are readable despite encryption Intranet Internet Extranet Cloud Physical access to systems through insufficiently secured access processes Hacker attacks hacker attacks are facilitated by monitoring that is not end-toend; logs can be falsified 2

End-to-end Attack Points Analysis: Endpoint Transfer - Data Center Why is protection against physical access so important? If an attacker is able to access the hardware (HDD, RAM, etc.) directly then it is hardly possible to protect the system appropriately. FUJITSU SURIENT MRS protects the components in the rack against unauthorized access by: Controlling access rights Monitoring the doors Logging all actions Physical access to systems through insufficiently secured access processes 3

Overview New rack solution with physically secured access to servers and components Authorization concept Only authorized persons have physical access to servers and components inside the racks (cages) Auditability All accesses and actions will be recorded in an auditable fashion User guidance User guidance with easy and intuitive menus Investment protection This Managed Rack Solution can be easily integrated in existing data center infrastructures 4

Authentication concept Only authorized persons have physical access to servers and components inside the racks (cages) Biometric Authentication User will be uniquely authenticated with biometric methods (FUJITSU PalmSecure ID Match) Granular Authentication concept Access rights can be assigned to single rack/cage doors (front/back) Logging Unauthorized access attempts will be identified with sensors and logged Central User Management Integrated central user management allows access rights can be altered at any time. This way users can be deleted very quickly 5

Solution components Easy to use rack solution consisting of: Standard 19 racks (1, 2 or 3 cages) with electromechanical locks, sensors and a Rack Management System (RMS) for monitoring of the rack Biometric authentication via PalmSecure ID Match for access control and lock activation Integrated monitoring and logging of all actions Rack Control Server to control and monitor several racks Installation and setup service Training 6

Functionality and process 1 All users / administrators have to register through an enrolment with PalmSecure ID Match. The user data and the templates of the palm vein patterns are stored on the SmartCard. This is done with a web application on a client computer at any location. 2 On the rack control servers the access rights to racks/cages are configured for authorised users / administrators. 3 The users / administrators can select with the application in PalmSecure ID Match which rack/cage they want to lock or unlock. After successful authentication and rights validation the suitable action will be performed. 4 All actions will be recorded and forwarded to a monitoring system 7

Process lock/unlock of a rack *1 1 2 PalmSecure ID Match 3 4 Rack Control Server Check Access Rights OK Check Authenticity Not OK OK *2 *1 During enrolment PalmSecure ID Match automatically enters the enrolment dialog. Thereafter it can be changed back to (1). *2 It is possible administer several racks simultaneously, by entering several cage Ids lock unlock 8

Advantages and benefits Managed Rack Solution: Biometric authentication Impossible to duplicate the keys or ID cards No security risk by loosing keys or ID cards After an employee leaves the company, access can be blocked by erasing the access rights (no need to collect keys, ID cards) Possible to lock and unlock racks remotely from any location (Configurable) All actions will be stored in a monitoring system The solution can easily be extended or adjusted to current requirements 9

Use Cases Internal data center with higher security requirements for single areas Infrastructure for areas with higher security requirements can be secured with specially secured racks By using racks of up to 3 cages (13 U) small units can be secured as well Hoster (Examples: Universities, Housing Provider) Single Institutions or departments (e.g. University) or single customers (Housing Provider) can be provided with secured environments in very small rooms which only specified persons are able to enter. Hoster or internal IT with data centers spread over a campus Central management and monitoring of all racks in several distributed data centers Branches (N locations with fewer racks) Higher security through Colocation Racks with special security characteristics Local and central control Local enrolment possible from a central administration system 10

Concept and architecture Enrolment and Monitoring PalmSecure ID Match Enrolment Customer LAN A Managed Rack Solution consists of 1-n blocks In each block a Rack Control Server controls and monitors the connected racks/cages (1 16) Rack Control Server Block 1 PalmSecure ID Match Block 1 Rack/Cage 1 Rack Mgmt. System Rack Control Server Block n PalmSecure ID Match Block n Rack/Cage 1 Rack Mgmt. System It is possible to configure which PalmSecureID Match controls the access to which block The enrolment of SmartCards can be done on an admin client with a web interface anywhere Block 1 Rack/Cage 2 Rack Mgmt. System Block n Rack/Cage 2 Rack Mgmt. System Optionally a dedicated PalmSecure ID Match can be used for enrolment The Rack Control Server provides an interface for the integration of a monitoring system Rack/Cage n Rack Mgmt. System Rack/Cage n Rack Mgmt. System 11

Caging in the data center without fences Racks are physically secured by fences Racks are secured by Managed Rack Solution Benefits : Saves space and money Reduces security risks 12

Solution structure Base package With extensions The base package contains all components that are necessary for a block of a Managed Rack Solution: The base package is optionally expandable: 1 Rack FUJITSU M2 or Emerson-Knürr DCM Colocation with 1, 2 or 3 cages Electromechanical locks (MLR1000) RMSII compact Door contact sensors Optional: Penetration sensors 1 Rack Control Server PRIMERGY RX1330 1 PalmSecure ID Match FUJITSU Managed Rack Solution Software Installation, Configuration and Handover service complete the base package Installation and configuration of the infrastructure Initial startup in the customer s environment Handover and briefing of the customer The solution will be delivered completely installed and preconfigured Additional racks of different types PalmSecure ID Match systems for local or central control / enrolment Additional base packages for additional blocks Services Additional service packages for extension, consulting and training round off the solution 13

Xxx Managed Sealed Xxx Rack Solution SRS EFT Early Field Trial only SRS 1.0 Initial version Sealed Rack Solution (SRS) Protection against physical access with strengthened hardware cages Protection against electronic attacks with closed ports and end2end encryption MRS EFT Early Field Trial only Q3 Q4 MRS 1.0 Initial version MRS 1.1 Monitoring with Nagios / Incinga Q1 Q2 Q3 Q4 Q1 Q2 2015 2016 2017 Managed Rack Solution (MRS) Only authorized persons have physical access to servers and components inside the racks and cages respectively Accesses and actions will be recorded in an auditable fashion User guidance occurs with easy and intuitive menus Not decided Roadmap product New vs last month 14

Summary In a nutshell + Use of standard 19 racks with electromechanical locks and sensors + Only authorized persons have physical access to servers and components inside the racks and cages + User have to authenticate themselves with biometric methods. Therefore access rights can not be transferred to others + All accesses and access attempts will be logged in an auditable fashion + Setup, installation and training done on customer site within one day + Money saving due to much higher flexibility and less space compared to data center with fences! Effective physical protection of the racks from unauthorized access Logging of every access with biometric authentication Investment protection and money saving 15

Information & Contact Contact Thomas Schkoda (Produkt Manager) thomas.schkoda@ts.fujitsu.com 16

17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information