Interoperability of Bloombase StoreSafe and Thales e-security keyauthority for Data At- Rest Encryption

Similar documents
Performance brief for IBM WebSphere Application Server 7.0 with VMware ESX 4.0 on HP ProLiant DL380 G6 server

How To Set Up A Load Balancer With Windows 2010 Outlook 2010 On A Server With A Webmux On A Windows Vista V (Windows V2) On A Network With A Server (Windows) On

Virtualization Case Study

How To Use Directcontrol With Netapp Filers And Directcontrol Together

SmoothWall Virtual Appliance

Heroix Longitude Quick Start Guide V7.1

System Requirements and Platform Support Guide

How to Secure a Groove Manager Web Site

vrealize Business System Requirements Guide

Bloombase StoreSafe Security Best Practice

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

The EVault Portfolio

SnapServer NAS GuardianOS 5.2 Compatibility Guide October 2009

Bloombase Spitfire StoreSafe Storage Security Server. Bloombase Technologies

Patch Assessment Content Update Release Notes for CCS Version: Update

Hyper-V Server 2008 Setup and Configuration Tool Guide

CA Nimsoft Monitor. snmpcollector Release Notes. All versions

NetIQ Sentinel Quick Start Guide

ncipher Modules Integration Guide for Axway Validation Authority Server 4.11 (Responder)

Pipeliner CRM Phaenomena Guide Administration & Setup Pipelinersales Inc.

ABC of Storage Security. M. Granata NetApp System Engineer

Nimsoft Monitor Compatibility Matrix October 17, 2013

Scaling in a Hypervisor Environment

SnapServer NAS GuardianOS 6.5 Compatibility Guide May 2011

StreamServe Persuasion SP5 Supported platforms and software

Hyper-V Server 2008 Getting Started Guide

Symantec NetBackup Enterprise Server and Server x Hardware Compatibility List

EMC Smarts SAM, IP, ESM, MPLS, NPM, OTM, and VoIP Managers Support Matrix

Alliance Key Manager Solution Brief

The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

AT&T Connect Participant Application & VDI Platform Support

Quick Start Guide for VMware and Windows 7

Compatibility and Support Information Nasuni Corporation Natick, MA

2 Installing Privileged User Manager 2.3

Clustering in Parallels Virtuozzo-Based Systems

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

Quick Start Guide for Parallels Virtuozzo

Management Reporter Integration Guide for Microsoft Dynamics GP

Quick Install Guide - Safe AutoLogon For First-time Users - Installing and Running the Software. Published: February 2013 Software version: 5.

Symantec NetBackup 5000 Appliance Series

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

VMware Backup and Deduplication. Written by: Anton Gostev Product Manager Veeam Software

Symantec NetBackup 7.1 What s New and Version Comparison Matrix

OnCommand Performance Manager 1.1

ACER ProShield. Table of Contents

Caché Integration with a Network Appliance Filer

Shipping Products Chart. Contents

Lab Answer Key for Module 6: Configuring and Managing Windows SharePoint Services 3.0. Table of Contents Lab 1: Configuring and Managing WSS 3.

Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments. Dragos Manac

What s New in VMware vsphere 4.1 VMware vcenter. VMware vsphere 4.1

IBM Unica PredictiveInsight Version Publication Date: June 7, Recommended Software Environments and Minimum System Requirements

White Paper. Software version: 5.0

RDP Release Notes And Support

Unified Infrastructure Management Compatibility Matrix April 4, 2016

SAN TECHNICAL - DETAILS/ SPECIFICATIONS

Huawei OceanStor V3 Converged Storage Interoperability Matrix

Windows Small Business Server 2003 Upgrade Best Practices

Centrify-Enabled Samba

System Requirements. SAS Profitability Management Deployment

Getting Started with ESXi Embedded

Veeam Backup Enterprise Manager. Version 7.0

Smart Plug-in for Siebel

HP Insight Remote Support

Supported Platforms. HP Vertica Analytic Database. Software Version: 7.1.x

EMC Smarts SAM, IP, ESM, MPLS, NPM, OTM, and VoIP Managers 9.4 Support Matrix

Active Directory and DirectControl

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

IT Business Management System Requirements Guide

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 Part Number: E April 2016

Overview of Avaya Aura System Platform

DOCUMENTATION FILE BACKUP

HP StorageWorks P4000 G2 SAN Solutions

Dell NetVault Backup. Compatibility Guide

RSA AUTHENTICATION AGENT SUPPORTED PLATFORMS

Shipping Products Chart. Contents

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Tivoli Endpoint Manager for Remote Control Version 8 Release 2. User s Guide

Technical Specification Data

IBM Lotus Protector for Mail Encryption. User's Guide

Introduction to Virtual Datacenter

VIDEO SURVEILLANCE WITH SURVEILLUS VMS AND EMC ISILON STORAGE ARRAYS

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

Server Automation Managed Server Support

Windows Server Update Services 3.0 SP2 Step By Step Guide

Abstract. Microsoft Corporation Published: November 2011

Implementing and Supporting Windows Intune

FastPass Password Manager

Introduction to Hyper-V High- Availability with Failover Clustering

Veritas Cluster Server from Symantec

N-central 8.0 On-Premise Software and N-compass 3.1 Advanced Reporting Software

Microsoft Hyper-V Server 2008 R2 Getting Started Guide

Microsoft Lync Server 2010

Hardware and Software Interoperability Matrix

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook Pipelinersales Inc.

Transcription:

Bloombase Interoperability Program P1 2015 Bloombase, Inc. Interoperability of Bloombase StoreSafe and Thales e-security keyauthority for Data At- Rest Encryption April, 2015 Executive Summary Thales e-security keyauthority KMIP-compliant key management server is validated by Bloombase InteropLab to run with Bloombase StoreSafe data at-rest encryption security solution. This document describes the steps carried out to test interoperability of keyauthority KMIP-compliant key manager with Bloombase StoreSafe software appliance on VMware ESXi. Client host systems on Microsoft Windows Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), Oracle Sun Solaris, IBM AIX and HP-UX are validated against Thales powered Bloombase StoreSafe with EMC VNX unified storage system as backend storage.

Bloombase Interoperability Program P2 2015 Bloombase, Inc. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, people and events depicted herein are fictitious and no association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Bloombase, Inc. Bloombase, Inc. may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Bloombase, Inc, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. This document is the property of Bloombase, Inc. No exploitation or transfer of any information contained herein is permitted in the absence of an agreement with Bloombase, Inc, and neither the document nor any such information may be released without the written consent of Bloombase, Inc. 2015 Bloombase, Inc. Bloombase, Keyparc, Spitfire, StoreSafe are either registered trademarks or trademarks of Bloombase in the United States and/or other countries. Thales nshield and Thales keyauthority are trademarks of Thales, S.A. or its affiliated companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Document No.: BLBS-TN-Bloombase-StoreSafe-Thales-e-Security-keyAuthority-Interoperability-USLET-EN-R3

Bloombase Interoperability Program P3 2015 Bloombase, Inc. Table of Contents

Bloombase Interoperability Program P4 2015 Bloombase, Inc. Table of Contents 3 Purpose and Scope 5 Assumptions 6 Infrastructure 7 Setup 7 Thales e-security keyauthority 9 Bloombase StoreSafe 9 Storage System 9 Client Hosts 9 Configuration Overview 10 Thales e-security keyauthority 10 EMC VNX Storage 14 Bloombase StoreSafe 17 Network Security, Trust and Authentication Configuration 18 keyauthority and Bloombase KeyCastle Integration 19 Encryption Key Provisioning 21 Backend Physical Storage Configuration 21 Secure Storage Configuration 23 Conclusion 26 Disclaimer 28 Acknowledgement 29 Technical Reference 30

Bloombase Interoperability Program P5 2015 Bloombase, Inc. Purpose and Scope This document describes the steps necessary to integrate Thales e-security keyauthority with Bloombase StoreSafe to secure sensitive enterprise business persistent data managed in storage systems. Specifically, we cover the following topics: Install and configure Bloombase StoreSafe Integrate Bloombase StoreSafe with keyauthority Interoperability testing on client host systems including Linux, Windows, IBM AIX, HP-UX and Oracle Sun Solaris

Bloombase Interoperability Program P6 2015 Bloombase, Inc. Assumptions This document describes interoperability testing of keyauthority with Bloombase StoreSafe. Therefore, it is assumed that you are familiar with operation of keyauthority, storage systems and major operating systems including Linux, Microsoft Windows, IBM AIX, HP-UX and Oracle Sun Solaris. It is also assumed that you possess basic UNIX administration skills. The examples provided may require modifications before they are run under your version of operating system. As keyauthority key manager is third party hardware option to Bloombase StoreSafe data at-rest encryption security solution, you are recommended to refer to installation and configuration guides of specific model of keyauthority for your actual use case. We assume you have basic knowledge of storage networking and information cryptography. For specific technical product information of Bloombase StoreSafe, please refer to our website at http://www.bloombase.com or Bloombase SupPortal http://supportal.bloombase.com.

Bloombase Interoperability Program P7 2015 Bloombase, Inc. Infrastructure Setup The validation testing environment is setup as in below figure

POWER POWER SUPPLY SUPPLY PPM PPM PROC PROC UID DIMMS FANS ONLINE SPARE MIRROR 1 2 0 1 INTER LOCK OVER TEMP PCI RISER CAGE 1 2 3 4 5 6 7 8 2 3 HP ProLiant DL380G5 4 5 2 1 0 xseries 365 UID DVD hp integrity rx2620-2 p5 0 1 2 3 FILLER FILLER FILLER FILLER SUN FIRE X2270 Bloombase Interoperability Program P8 2015 Bloombase, Inc. Microsoft Windows Server 2012 on Dell PowerEdge R720 SLES 11 on IBM x3650 M4 IBM AIX 7 on IBM p510 RHEL 6 on HP ProLiant DL380 Gen8 HP-UX 11i on HP Integrity rx2620 Solaris 11 on Oracle Sun Fire x2100 NFS, CIFS, iscsi, FCP, WebDav, HTTP, REST, etc Clear text HP Baseline 2928 switch NFS, CIFS, iscsi, FCP, WebDav, HTTP, REST, etc Write and Encrypt \\192.168.10.181\share01 192.168.10.181:/share01 km://bloombase.com/02/8de8b6ff-aa5d-41c7-8105-955275f096c0 KMIP Read and Unencrypt Bloombase StoreSafe (192.168.10.181) Thales e-security keyauthority (w.x.y.z) NFS, CIFS, iscsi, FCP, WebDav, HTTP, REST, etc \\192.168.10.180\share01 192.168.10.180:/share01 ^$8Yn +=@~ EMC VNX (192.168.10.180)

Bloombase Interoperability Program P9 2015 Bloombase, Inc. Thales e-security keyauthority KMIP Key Manager keyauthority Bloombase StoreSafe Bloombase StoreSafe Bloombase StoreSafe Software Appliance v3.4 on Bloombase OS 5 (security hardened Linux OS kernel version 2.6) Server VMware Virtual Machine (VM) on VMware ESXi 5.5 Processor Memory 4 x Virtual CPU (vcpu) 8 GB Storage System Storage System EMC VNX Virtual Appliance on ESXi 5.5 Client Hosts Model Dell PowerEdge R720 HP ProLiant DL380 Gen8 IBM System x3650 M4 HP Integrity rx2620 IBM System p5 510 Oracle Sun Fire x2100 Operating System Microsoft Windows Server 2012 Red Hat Enterprise Linux 6 SUSE Linux Enterprise 11 HP-UX 11i IBM AIX 7 Oracle Solaris 11

Bloombase Interoperability Program P10 2015 Bloombase, Inc. Configuration Overview Thales e-security keyauthority keyauthority is installed and configured as a network attached appliance with IP address w.x.y.z assigned. For the purpose of this interoperability testing, domain bloombase.com is provisioned and assigned for the Bloombase StoreSafe software appliance instance. X.509 key pair CN=bloombase, O=Thales, OU=Support, L=Milpitas, ST=CA, C=US, E=support@thales.com is created and assigned as the authentication key pair for Bloombase StoreSafe.

Bloombase Interoperability Program P11 2015 Bloombase, Inc. Client authentication key is signed and registered. Signed client authentication certificate in PEM format is exported from keyauthority web management console and imported to Bloombase StoreSafe client key store via web management console.

Bloombase Interoperability Program P12 2015 Bloombase, Inc. An AES-256 key of identifier km://bloombase.com/02/8de8b6ff-aa5d-41c7-8105-955275f096c0 is generated and provisioned for Bloombase StoreSafe s actual data at-rest encryption use.

Bloombase Interoperability Program P13 2015 Bloombase, Inc. KMIP key objects are listed.

Bloombase Interoperability Program P14 2015 Bloombase, Inc. EMC VNX Storage EMC VNX virtual appliance is used in this interoperability test which is able to provide storage services over network storage protocols including NFS, CIFS, iscsi, etc.

Bloombase Interoperability Program P15 2015 Bloombase, Inc. EMC VNX is a unified storage system supporting multiple network storage protocols including NFS, CIFS, HTTP, FCP, FCoE, iscsi, etc.

Bloombase Interoperability Program P16 2015 Bloombase, Inc. CIFS and NFS storage resources are provisioned on EMC VNX to be used in this testing.

Bloombase Interoperability Program P17 2015 Bloombase, Inc. Bloombase StoreSafe Bloombase StoreSafe delivers unified data at-rest encryption security of files, block devices, objects, sequential storages, etc. In this interoperability test, file-based encryption security service is validated against Bloombase StoreSafe with keys managed at keyauthority key manager. Bloombase StoreSafe software appliance is deployed as a virtual appliance (VA) on VMware ESXi.

Bloombase Interoperability Program P18 2015 Bloombase, Inc. Network Security, Trust and Authentication Configuration In this interoperability test effort, Bloombase StoreSafe serves as the client of keyauthority for encryption key access to deliver data at-rest encryption services. keyauthority utilizes TLS for data in-flight security protecting privacy of data transmission over network with client applications. keyauthority s KMIP service is trusted by adding the certificate authority of KMIP server certificate to Bloombase StoreSafe s trust key store.

Bloombase Interoperability Program P19 2015 Bloombase, Inc. keyauthority utilizes certificate-based authentication for client access control. An X.509 compliant key pair is generated and entered into Bloombase StoreSafe s client key store. The client certificate is also configured at keyauthority as a trusted credential which allows access of KMIP services by trusted Bloombase StoreSafe instance from over remote network. keyauthority and Bloombase KeyCastle Integration To enable the built-in Bloombase KeyCastle to utilize keys managed in the network attached keyauthority KMIP-compliant key manager. The KMIP service configuration at Bloombase web management console has to be set up. Bloombase supports keyauthority out of the box due to the fact that both support OASIS Key Management Interoperability Protocol (KMIP).

Bloombase Interoperability Program P20 2015 Bloombase, Inc. keyauthority server setting is properly configured at Bloombase StoreSafe web management console and assigned the name keyauthority01.

Bloombase Interoperability Program P21 2015 Bloombase, Inc. Encryption Key Provisioning Existing keyauthority key km://bloombase.com/02/8de8b6ff-aa5d-41c7-8105-955275f096c0 has to be linked to Bloombase StoreSafe before it can be used for secure storage configuration delivering stored data encryption services. To properly associate an existing key object at keyauthority from built-in Bloombase KeyCastle, select Key Source Type as KMIP Server, KMIP Server as the identifier keyauthority01 and select the encryption key to be used for data encryption, in this case km://bloombase.com/02/8de8b6ff-aa5d-41c7-8105-955275f096c0. Backend Physical Storage Configuration Physical storage namely share01 is configured to be secured by Bloombase StoreSafe using encryption.

Bloombase Interoperability Program P22 2015 Bloombase, Inc.

Bloombase Interoperability Program P23 2015 Bloombase, Inc. Secure Storage Configuration Virtual storage namely share01 of type File is created to virtualize physical storage share01 for application transparent encryption protection over network file protocols including CIFS and NFS.

Bloombase Interoperability Program P24 2015 Bloombase, Inc. Protection type is specified as Privacy and secure contents of the backend EMC VNX storage using AES 256-bit encryption with encryption key km://bloombase.com/02/8de8b6ff-aa5d-41c7-8105-955275f096c0 managed at keyauthority.

Bloombase Interoperability Program P25 2015 Bloombase, Inc. CIFS storage protocol relies mainly on user-password authentication for access control. In this test, the Bloombase StoreSafe secure storage resource share01 is provisioned for user user01 with Microsoft Active Directory integration for user-password authentication and single sign-on.

Bloombase Interoperability Program P26 2015 Bloombase, Inc. Conclusion KMIP key manager Thales e-security keyauthority passed all Bloombase interoplab's interoperability tests with Bloombase StoreSafe Bloombase Product Operating System KMIP Key Manager Bloombase StoreSafe Microsoft Windows Server keyauthority Red Hat Enterprise Linux (RHEL) SUSE Linux Enterprise Server (SLES) Oracle Solaris IBM AIX HP-UX keyauthority keyauthority keyauthority keyauthority keyauthority

Bloombase Interoperability Program P27 2015 Bloombase, Inc.

Bloombase Interoperability Program P28 2015 Bloombase, Inc. Disclaimer The tests described in this paper were conducted in the Bloombase InteropLab. Bloombase has not tested this configuration with all the combinations of hardware and software options available. There may be significant differences in your configuration that will change the procedures necessary to accomplish the objectives outlined in this paper. If you find that any of these procedures do not work in your environment, please contact us immediately.

Bloombase Interoperability Program P29 2015 Bloombase, Inc. Acknowledgement Bloombase InteropLab would like to thank Thales for supporting this interoperability testing.

Bloombase Interoperability Program P30 2015 Bloombase, Inc. Technical Reference 1. Bloombase StoreSafe Technical Specifications, http://www.bloombase.com/content/8936qa88 2. Bloombase StoreSafe Hardware Compatibility Matrix, http://www.bloombase.com/content/e8gzz281 3. Thales e-security keyauthority, https://www.thales-esecurity.com/products-and-services/products-and-services/keymanagement-systems/keyauthority 4. OASIS KMIP, https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information