White Paper. Quantum StorageCare Guardian

Similar documents
Sales Tool. Summary DXi Sales Messages November NOVEMBER ST00431-v06

WhatsUpGold. v14.2. Getting Started with WhatsUp Gold MSP Edition

Improving the Customer Support Experience with NetApp Remote Support Agent

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Quantum Scalar 50 Tape Drive Installation Instructions

Leading Autoloader Customer Purchase Requirements

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

White Paper. BD Assurity Linc Software Security. Overview

Flow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.

Unisys Internet Remote Support

Configuring Security Features of Session Recording

Dell One Identity Cloud Access Manager How to Configure for High Availability

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

HP IMC Firewall Manager

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

HP A-IMC Firewall Manager

Quantum DXi6500 Family of Network-Attached Disk Backup Appliances with Deduplication

WebEx Security Overview Security Documentation

Remote Access Platform. Architecture and Security Overview

WebEx Remote Access White Paper. The CBORD Group, Inc.

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

Resonate Central Dispatch

SANGFOR SSL VPN. Quick Start Guide

How to Secure a Groove Manager Web Site

SyAM Software* Server Monitor Local/Central* on a Microsoft* Windows* Operating System

Any system currently running the Schneider Electric MBX Driver Suite or any activated Cyberlogic software suite.

BlackShield ID Agent for Remote Web Workplace

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

Cloud Storage Backup for Storage as a Service with AT&T

FlexMaster First Global Wi-Fi Managed Service

HP Service Manager Architecture and Security HP Software-as-a-Service

SysAidTM Product Description

Nasuni Management Console Guide

Print Audit Facilities Manager Technical Overview

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Quantum StorNext. Product Brief: Distributed LAN Client

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

LAB FORWARD. WITH PROService REMOTE SERVICE APPLICATION. Frequently Asked Questions

Getting Started with IP Address Manager. This guide provides information about installing, configuring, and beginning to use IP Address Manager v1.0.

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

QuickSpecs. Overview. Compaq Remote Insight Lights-Out Edition

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Landscape Design and Integration. SAP Mobile Platform 3.0 SP02

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

Kaseya IT Automation Framework

Technical Brief for Windows Home Server Remote Access

EventSentry Overview. Part I About This Guide 1. Part II Overview 2. Part III Installation & Deployment 4. Part IV Monitoring Architecture 13

Solutions for Encrypting Data on Tape: Considerations and Best Practices

NETASQ SSO Agent Installation and deployment

Learn More MaaS360 Cloud Extender Checklist (MDM for Blackberry)

Accessing Remote Devices via the LAN-Cell 2

Data Backup and Restore (DBR) Overview Detailed Description Pricing... 5 SLAs... 5 Service Matrix Service Description

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Live Guide System Architecture and Security TECHNICAL ARTICLE

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

visionapp Remote Desktop 2010 (vrd 2010)

Quantum Q-Cloud Backup-as-a-Service Reference Architecture

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Owner of the content within this article is Written by Marc Grote

Active Directory Reporter Quick start Guide

EMC CLARiiON Secure Remote Support Solutions Technical Notes P/N REV A03 October 5, 2010

Security and the Mitel Teleworker Solution

Remote Logging Agent Configuration Guide

Virtual Contact Center

RevShield Software Suite Network Security Review

Security Overview Introduction Application Firewall Compatibility

Novell Access Manager SSL Virtual Private Network

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

Avaya G700 Media Gateway Security - Issue 1.0

MaaS360 Mobile Enterprise Gateway

Powerful Remote Support

Remote Management Reference

Proof of Concept Guide

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Syncplicity On-Premise Storage Connector

MaaS360 Mobile Enterprise Gateway

Microsoft Lync Server 2010

Installation and Administration Guide

Securely Deliver Remote Monitoring and Service to Critical Systems. A White Paper from the Experts in Business-Critical Continuity TM

EMC ViPR Controller. Version 2.4. User Interface Virtual Data Center Configuration Guide REV 01 DRAFT

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

PHD Virtual Backup for Hyper-V

DIGIPASS Authentication for Check Point Security Gateways

Evolving Network Security with the Alcatel-Lucent Access Guardian

Enabling Remote Management of SQL Server Integration Services

Remote Management Reference

Goverlan Remote Control

Energy Management Web-based embedded solution for monitoring of distributed conventional energy applications Type Em 2 -Server

Nimsoft Unified Monitoring Architecture. An Overview

introducing The BlackBerry Collaboration Service

Logging and Alerting for the Cloud

Fireware How To Logging and Notification

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

EMC Data Protection Search

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Transcription:

Quantum StorageCare Guardian April 2013

Notice This White Paper contains proprietary information protected by copyright. Information in this White Paper is subject to change without notice and does not represent a commitment on the part of Quantum. Quantum assumes no liability for any inaccuracies that may be contained in this White Paper. Quantum makes no commitment to update or keep current the information in this White Paper, and reserves the right to make changes to or discontinue this White Paper and/or products without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser s personal use, without the express written permission of Quantum. Copyright 2013 Quantum Corporation. All rights reserved. CrossLink, DLTtape, DXi, Prism Storage Architecture, Quantum, the Quantum logo, Scalar, SideCar, StorageCare, StackLink, Super DLTtape, SuperLoader and ValueLoader are trademarks of Quantum Corporation registered in the U.S.A. and other countries. Products mentioned herein are for identification purposes only and may be registered trademarks or trademarks of their respective companies. All other brand names or trademarks are the property of their respective owners. Quantum Corporation April 2013 Page ii

Contents Introduction... 1 StorageCare Guardian Overview... 1 Technology Overview... 2 StorageCare Guardian Agent... 2 Key Security Features... 2 Network Security... 2 Data Security... 3 Information Collected... 3 Access Control... 3 Best in Class Security... 4 Quantum Enterprise Server Security... 4 Quantum Corporation April 2013 Page iii

Introduction This document describes the functions and operation of Quantum s StorageCare Guardian with the intention of explaining how StorageCare Guardian will operate within a datacenter. This document also addresses key questions such as a communication through firewalls, security, and other technical needs to achieve remote support. StorageCare Guardian Overview StorageCare Guardian is agent software linking Quantum products back to Quantum support enabling remote service and administration. StorageCare Guardian employs web-architected interfaces for remote device administration, desktop sharing, diagnostics and data visualization, giving Quantum support personnel web-based information access from anywhere in the world. The StorageCare Guardian agent software monitors devices locally and manages Internet communications with the Quantum Enterprise server allowing communications and control. Quantum Corporation April 2013 Page 1

Technology Overview The StorageCare Guardian system is comprised of two major components: the StorageCare Guardian agent software running on either a Windows, Solaris, or Linux server at the customer site, and the Quantum Enterprise server applications that provide access to the information provided by the agents. The StorageCare Guardian agent software at the customer site communicates with the Quantum devices at the customer site on a regular basis, checking the status of key data elements that provide a picture of the health of the devices. Additionally, the agent periodically communicates with the Quantum Enterprise server environment to update device status. The Enterprise server can also run a suite of applications allowing for: Viewing real-time device status Viewing system configuration Gathering diagnostic data (event logs, error logs) Connecting directly to the web management and/or telnet management interface of the device upon customer approval StorageCare Guardian Agent Key Security Features StorageCare Guardian was designed to be completely secure, providing best-in-class support capability with no changes required to your existing network or security infrastructure. The following sections provide more detail on the following topics relating to information security: Network Security Data Security Access Control Best-in-Class Security Quantum Enterprise Server Security Network Security StorageCare Guardian leverages your existing network and security infrastructure. No changes are required in order for the StorageCare Guardian agent software to work. As long as the server designated to act as the Guardian agent can communicate with the Quantum devices and open an outbound connection to the Internet, StorageCare Guardian will provide the security necessary to protect your information assets. The StorageCare Guardian agent server does not require a visible TCP/IP address. This is because Quantum will never initiate a connection to the StorageCare Guardian agent server at your site. The StorageCare Guardian agent initiates all communications with the Quantum back-end servers. The Guardian agent communicates with a single Quantum Enterprise server and two-way communication will only occur after the connection has been initiated. Communications on the local area LAN use TCP port 80 or 443, depending on the settings of the Quantum device. Port 80 will be used by default, and if the device has SSL enabled, port 443 will be used. ALL communications between the agent and the Quantum Enterprise server are sent via secure HTTPS (port 443) and use 128-bit SSL encryption. In addition, trusted digital certificates (obtained through VeriSign) Quantum Corporation April 2013 Page 2

protect both ends of the connection from unauthorized access. Messages sent from the agent to the Enterprise server are XML via HTTPS, while responses from the Quantum Enterprise server are SOAP (Simple Object Access Protocol) via HTTPS. The StorageCare Guardian agent sends only changes to the Quantum Enterprise server. This minimizes the actual traffic between the customer site and Quantum. Once every 5 minutes, StorageCare Guardian connects to the Quantum device(s) via the web management interface and collects a snapshot of information. The new snapshot is compared to the previous and any changes are sent as updates to the Quantum Enterprise server. On a separate schedule, once each minute, the agent also sends a small message to Quantum as a form of heartbeat to show the agent is active. These messages enable Quantum support personnel to queue a request to the agent software for up-to-date information, for instance an error log or event log. The next time the agent checks in, the request is delivered, and depending on the Policy Manager settings for the agent, will either be granted or denied at the agent level. Policy Manager will be discussed in detail in the Access Control section of this document. Data Security One of the most common concerns customers raise regarding StorageCare Guardian is the security of the data stored on the Quantum device. StorageCare Guardian does not impact the backup process, data, or other IT processes in any way. A key design element of StorageCare Guardian is that only the web management interface of the Quantum device is used to collect the device data. There is no in-band (i.e. SCSI, Fibre Channel or iscsi) communication from the StorageCare Guardian agent software to the Quantum device. This method has several key benefits in terms of data security assuring customers StorageCare Guardian will never conflict with backup software in any way and not provide access to the data stored on the Quantum device. The StorageCare Guardian agent prohibits any actions that would enable customer data to be read or overwritten. By default, only programmatic (pre-scripted, software-controlled) access is possible to the device; no human access is available to Quantum support personnel without direct customer intervention protecting storage assets (i.e. Quantum cannot reboot or take devices off-line without your approval). Information needed by Quantum support personnel to determine device health is available within the Quantum side StorageCare back-end applications. These applications show a representation of the device, and allow support personnel to view status and configuration, review log files, etc. without the need to actually connect live to the device. Should the need arise for Quantum support personnel to gain real-time access to the device, the customer can, at their discretion, enable access by support personnel to the web and/or telnet management interfaces of the Quantum device. Access can be turned off as easily as it was enabled. Information Collected The StorageCare Guardian agent collects a predefined set of data elements for each device. Only information relating to the status and configuration of the device is transferred from the agent to Quantum. For instance, although the agent software must know the TCP/IP address for each of the Quantum device(s) in order to communicate with them, these addresses are not transferred to Quantum. Static information such as the configuration of the device, firmware revisions, log files etc. are collected weekly or on-demand. Access Control One of the key elements to guarding the security of your data is the Policy Manager function of StorageCare Guardian agent. While the Enterprise Server applications determine what is possible, the Policy Manager on your agent determines what will be allowed. By default, the Policy Manager is packaged as an integral part of the StorageCare Guardian agent, and is accessed via the Agent Configuration Utility. This utility Quantum Corporation April 2013 Page 3

runs during the StorageCare Guardian software installation, when you add your Quantum devices into the agent configuration. Policy Manager is one of the pages of the utility and accessed by clicking on the Policy Manager heading on the left side of the utility interface. Policy Manager focuses on ease of use and fits the needs of most Quantum customers. Policy Manager sets access permissions for a single agent. In the case of multiple agents at a customer site, for instance if the company has multiple sites around the world, an agent is typically installed at each site. By default, each agent has its own Policy Manager settings, and changes made to that agent s Policy Manager affect all devices monitored by that agent. Policy Manager by default allows the access option Diagnostic Data Collection only. This is the programmatic (software controlled) collection of data from the Quantum device, but does not allow any access that could impact the operation of the device. Default settings allow a Quantum support personnel to log into the Guardian Console and view the device dashboard for the Quantum devices configured in that StorageCare Guardian agent instance showing the current status of the device, all Guardian generated alarms for the device, snapshots of the device configuration, access to event logs, error logs, and drive logs (product-dependent). None of these actions requires logging into the web or telnet management interface of the device; this is done purely through device dashboard in the StorageCare Guardian software. With customer permission Quantum support personnel may be granted access to the web or telnet management interface of the device. This is quickly enabled or disabled in the Agent Configuration Utility in Policy Manager. Changes take place immediately upon pressing Deploy Changes to Agent. In addition to access control policies, there are number of other customer customizable policies with the exception of diagnostic data collection. Best in Class Security StorageCare Guardian utilizes an enterprise class technology originally developed in the medical devices field, helping the manufacturers of DNA sequencers, hospital prescription dispensing stations and many other medical devices to remotely communicate with and support their products in hospitals and university research labs. This same powerful, flexible technology is the basis of Quantum s StorageCare Guardian Solution. Since the technology used here has a strong heritage in the medical device industry, it has provided for best-in-class security features. For example, audit entries of all actions taken by users of the system with each entry showing the date, time, user, and device are recorded. The underlying secure transport technology used by StorageCare Guardian has been tested and validated repeatedly by industryleading security firms such as @Stake (now part of Symantec Corporation) and VeriSign. Quantum is also VeriSign Security Certified. StorageCare Guardian has undergone an extensive application security assessment by VeriSign Corporation based on open industry standards. VeriSign Security Certification gives Quantum customers added assurance that information security best practices are being utilized when diagnostic data is transferred between installed systems and Quantum s Enterprise server. The certification document is available to Quantum customers on request. Quantum Enterprise Server Security The same emphasis on security used in developing the StorageCare Guardian agent is also evident in the design of the back-end application infrastructure that resides at Quantum. While the StorageCare Guardian console allows Quantum to provide better levels of service to our customers than ever before, it is important that these applications and the data they access is kept secure from unauthorized access. One critical element of the security of StorageCare Guardian s Enterprise systems is the design of the network. StorageCare Guardian is a three-tier application, with one tier residing on the StorageCare Guardian agent at the customer site, a second tier on a web server on a protected DMZ, and a third tier (application and database servers) behind a second firewall. The use of two levels of firewall protection ensures that no unauthorized access to Quantum s StorageCare Guardian servers is possible. Quantum Corporation April 2013 Page 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information