Embed Size (px)
Citation preview
w w w . t h a l e s e s e c u r i t y . c o m
UNLOCK THE POWER OF HYPERCONVERGENCE WITH NIST CERTIFIED PROTECTION AND AGENCY WIDE DATA SECURITY
Securely aligns infrastructure with application requirementsProvides highly scalable compute and workload managementProtects data in storage clusters with robust encryption Employs a FIPS-certified and common criteria key managementMultitenancy for scaling and security enclave independence without adding additional hardware and complexity
<Thales eSecurity>
CISCO HYPERFLEX AND THALES eSECURITYHYPERCONVERGENCE WITH HIGH ASSURANCE SECURITY FOR FEDERAL GOVERNMENT
THE PROBLEM: FEDERAL AGENCIES NEED SYSTEMS THAT CAN QUICKLY ADAPT TO CHANGING OPERATIONAL NEEDS WITHOUT COMPROMISING NATIONAL SECURITYAs agencies strive to adapt to fast-changing operational and security requirements driven by the market’s digital transformation, they find themselves migrating business applications to more flexible systems. Combining computing, storage, and networking resources into a hyperconverged infrastructure that can deliver agility and economies of scale has become the solution of choice. However, the combination and sharing of computing and networking resources can often create vulnerabilities that lead to data security concerns.
THE CHALLENGE: ENABLING HYPERCONVERGENCE AND PROTECTING SENSITIVE DATA WITHOUT IMPACTING OPERATIONAL PERFORMANCEHyperconverged infrastructures can easily adapt to changing operational requirements and quickly scale to meet growing demand. As enterprise applications are migrated to these configurations, keeping sensitive data secured is critically important. Managing data protection at the hardware and software layer is mandated. Achieving data protection requirements/mandates, guidelines, and security management has never been so easy. Encryption keys are automatically managed, rotated, and reported on with only limited resources and effort. Security and high performance infrastructure are provided without negatively impacting performance nor complexity.
CPU & Memory
ESXi Hypervisor
Network
Data platform
Data platformcontroller
VAA
I
iovi
sor
Cisco HX-Series Node
Cisco UCS Fabric Interconnects with Cisco UCS Manager
Key Mangement Interoperability Protocol (KMIP)
Cisco Integrated Management Controller Interface
Secure key storage for all self-encrypting drives
SSDHDD
Cisco UCS service profiles maintain associatin of keys with drives and nodes
Vormetric Data Security Manager
Thales enterprise key management integrated with Cisco Hyperflex
Follow us on:
Americas – Thales eSecurity Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
<Thales eSecurity>
© T
hale
s - M
arch
201
8 •
PLB
7343
_Hyp
erfle
x fe
dgov
_SS_
USL
_V3
CISCO AND THALES FACILITATE ORGANIZATIONAL DIGITAL TRANSFORMATION
THE SOLUTION: CISCO HYPERFLEX AND VORMETRIC DATA SECURITY MANAGER BY THALES eSECURITYThe Cisco HyperFlex system delivers hyperconvergence, combining computing, storage, and networking resources into a simplified platform. Engineered on the Cisco Unified Computing System™ (Cisco UCS®), the platform provides the agility, scalability, and pay-as-you-grow economics of the cloud, with the benefits of an on-premises infrastructure. HyperFlex combines software-defined computing and software-defined networking to deliver a pre-integrated cluster that scales resources independently to closely match your application needs.
Applying a consistent policy ensures encryption and key management are deployed uniformly across every node in a cluster, Cisco HyperFlex relies on Vormetric Data Security Manager (DSM) from Thales eSecurity to provide robust FIPS 140-2 Level 3 and common criteria certified key management. The combined solution establishes a certificate-based chain of trust between the HyperFlex platform and the key management server in order to transfer keys to unlock self-encrypting drives (SED).
WHY USE VORMETRIC DATA SECURITY MANAGER WITH CISCO HYPERFLEX?The Vormetric DSM strengthens and simplifies security by streamlining the management of associated encryption keys. Vormetric DSM uses certificates to authenticate Cisco UCS SEDs for system level security. The SEDs generate new encryption keys, which are then uploaded to the DSM. In the event of a power cycle or host reboot, the Cisco UCS software retrieves the keys from the Vormetric DSM and uses them to unlock the drives.
Security keys can be instantly reprogrammed to meet site-specific security policies. Security mechanisms enable compliance with data-at-rest encryption requirements set forth in HIPAA, PCI DSS and SOX standards among others. The security platform:
Provides a single, centralized management plan for cryptographic keys and applicationsOffers high availability and standards-based enterprise encryption key management using KMIPCentralizes third-party encryption keys and securely stores certificatesEnables vaulting and an inventory of certificatesImplements a two-factor authentication mechanism to further safeguard keys and certificates against theft
The consolidation of enterprise encryption key management delivers consistent policy implementation between systems and reduces training and maintenance costs.
THALESThales eSecurity is the Federal Government leader in advanced data security solutions and services delivering trust wherever information is created, shared, or stored. Security solutions ensure that critical data is both protected and trusted in any deployment – on-premises, in the cloud, in data centers, or in big data environments – without sacrificing business agility. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.
CISCOCisco is the worldwide technology leader that has been making the Internet work since 1984. Cisco’s people, products and partners help society securely connect and seize tomorrow’s digital opportunity today.
FEDERAL GUIDELINES AND MANDATES NIST 800-53 security controls�FIPS�140-2�L3�and�Common�Criteria�certified HIPAA, PCI, FISMA Continuous Diagnostics and Mitigation (CDM) and FedRamp Multitenancy for delegation of duty and enclave independence
