VBLOCK SOLUTION FOR TRUSTED MULTI-TENANCY: TECHNICAL OVERVIEW

(1)

VBLOCK

™

SOLUTION FOR

TRUSTED MULTI-TENANCY:

TECHNICAL OVERVIEW

(2)

Executive Summary

VCE, the Virtual Computing Environment Company formed by Cisco and EMC with investments from VMware and Intel, represents an unprecedented level of collaboration in development, services and partner enablement by four established market and technology leaders. VCE accelerates the adoption of converged infrastructure and cloud-based computing models that dramatically reduce the cost of IT while improving time to market for our customers. VCE, through the VblockTM _{Infrastructure Platforms, delivers the industry's first completely integrated IT offering that} combines best-of-breed virtualization, networking, computing, storage, security, and management technologies with end-to-end vendor accountability. VCE's prepackaged solutions cover horizontal applications, vertical industry offerings, and application development environments, allowing customers to focus on business innovation instead of integrating, validating and managing IT infrastructure.

VCE provides the fastest, most efficient and effective path to pervasive virtualization and cloud computing, available to customers through a large and growing network of value added resellers, system integrators and service provider partners. To date, more than 100 leading partners in 29 countries are actively selling Vblock platforms to a growing, diverse global customer base. VCE continues to innovate with the goal of providing market-leading simplicity, flexibility and efficiency. For more information, go to www.vce.com. This document outlines the six foundational elements of the Trusted Multi-Tenancy (TMT) model and details its features, products and underlying design principles.

Goal of This Document

This document provides a technical overview of the TMT solution, which enables an organization to successfully create and deploy a secure and dynamic data center infrastructure. The TMT solution comprises six foundational elements that are standard Vblock platform components, together with additional products offered by RSA®_{, Cisco,} EMC, and VMware. These six elements address the unique requirements of the Infrastructure as a Service (IaaS) provision model, which is the focus of this paper. In this document, the terms “Tenant” and “Consumer” refer to the consumers of the services provided by a service provider.

Audience

The target audience for this document is highly technical, and it includes technical consultants, professional services personnel, IT managers, infrastructure architects, partner engineers, sales engineers, and consumers who wish to deploy a TMT environment consisting of leading technologies from RSA, Cisco, EMC, and VMware.

(7)

Introduction

The concept of tenancy is found in virtually every definition of cloud computing. In its simplest form, multi-tenancy is an architectural model that optimizes resource sharing while providing sufficient levels of isolation to the tenants and Quality of Service (QoS) throughout the shared environment.

While most in the industry understand the basics of providing a secure multi-tenancy environment using VMware products, increases in compliance and security requirements are driving providers and tenants to require more than just isolation as a prerequisite for doing business. The TMT model used with the Vblock platform directly addresses this need, integrating high quality security, encryption, and compliance reporting elements into the stack.

Large and small companies are taking advantage of the economic and environmental benefits of cloud computing. However, to take full advantage of cloud computing’s many benefits, service providers must be able to support multiple tenants within the same physical infrastructure without tenant awareness of any co-resident. The separation between tenants must be comprehensive, complete, and provide mechanisms for management, reporting, and alerting.

TMT recognizes and incorporates the need for dynamic resource allocation and secure component isolation throughout the Vblock platform and goes beyond traditional secure multi-tenant designs in the following ways:  The Vblock platform is a preconfigured and integrated product, which, combined with the six foundational

elements, produces the TMT solution.

 TMT has a greater scope of security, which includes control and compliance through the integration of RSA products such as RSA enVision®_{, RSA SecurID}®_{, and RSA Data Protection Manager.}

 TMT includes EMC Ionix Unified Infrastructure Manager (UIM), which provides complete orchestration and provisioning.

 TMT provides simplified management by distinguishing between the needs of the tenants and the service provider.

Finally, service providers faced with increasingly constrained operational expense budgets are demanding greater operational efficiency from their infrastructure. The TMT model used with the Vblock platform directly addresses this issue with the only pre-integrated single pane of glass management platform in the industry – the Ionix Unified Infrastructure Manager (UIM) – and the only single-call support model that supports all of the included components.

Service Models

In cloud computing, the meaning of a multi-tenant architecture has broadened because of new service delivery models that take advantage of virtualization and remote access. The Cloud Security Alliance defines the following three basic service delivery models:

 Software as a Service (SaaS) – This model allows the tenant to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client device such as a web browser. The tenant does not manage or control the underlying cloud infrastructure – including network, servers, operating systems, storage, and application capabilities – with the possible exception of limited user-specific application configuration settings.

 Platform as a Service (PaaS) – This model allows the tenant to deploy tenant-created or acquired

applications onto the cloud infrastructure using programming languages and tools supported by the provider. The tenant does not manage or control the underlying cloud infrastructure – including network, servers,

(8)

operating systems, and storage – but has control over the deployed applications and possibly application hosting environment configurations.

 Infrastructure as a Service (IaaS) – This model allows the tenant to provision processing, storage, networks, and other fundamental computing resources whereby the tenant is able to deploy and run arbitrary software, which can include operating systems and applications. The tenant does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (for example, host firewalls).

Although multi-tenancy requirements are similar for all types of services, this paper addresses the unique requirements of the IaaS delivery model.

The Trusted Multi-Tenancy Elements

Isolation and service assurance are the primary concerns of the Trusted Multi-Tenancy model (Figure 1). The “trusted” portion of the model relates to the visibility and control offered to the tenants to verify the environment. To support these fundamental requirements, the TMT model on the Vblock platform is built on six foundational elements:  Secure Separation

 Service Assurance  Security and Compliance  Availability and Data Protection  Tenant Management and Control

 Service Provider Management and Control

(9)

Secure Separation

The first element is Secure Separation. Secure separation refers to the effective segmentation and isolation of tenants and their assets within the multi-tenant environment. Without secure separation, Trusted Multi-Tenancy cannot occur.

Tenant Concerns

Adequate secure separation ensures that the resources of existing tenants remain untouched and the integrity of the applications, workloads, and data remain uncompromised when the service provider provisions new tenants. Each tenant may have access to different amounts of network, compute, and storage resources in the converged stack. The tenant sees only those resources allocated to them.

Provider Challenges

From the standpoint of the service provider, secure separation requires the systematic deployment of various security control mechanisms throughout the infrastructure to ensure the confidentiality, integrity, and availability of tenant data, services, and applications. The logical segmentation and isolation of tenant assets and information are essential for providing confidentiality in a multi-tenant environment. In fact, ensuring the privacy and security of each tenant becomes a key design requirement in the decision to adopt cloud services. Table 1 describes secure separation methods.

Table 1. Secure separation methods

Infrastructure Layer Mechanisms

Network layer Various methods, including zoning and virtual local area networks (VLANs), can enforce network separation. Internet Protocol Security (IPsec) also provides application independent network encryption at the IP layer for additional security.

Compute layer Within the computing infrastructure of the Vblock platform, multi-tenancy concerns at multiple levels must be addressed beginning with the Intel® central processing unit (CPU), through the Cisco Unified Computing System™ (UCS) server infrastructure, and within the VMware vSphere™ Hypervisor.

Storage layer Features of EMC’s multi-tenancy offerings can be combined with standard security methods such as storage area network (SAN) zoning, and Ethernet VLANs to segregate, control, and manage storage resources among the infrastructure’s tenants. EMC’s multi-tenancy offerings include the following: data at rest encryption; secure transmission of data; and bandwidth, cache, CPU, and disk drive isolation.

Application layer A specially written, multi-tenant application or multiple, separate instances of the same application can provide multi-tenancy at this level.

Service Assurance

Service Assurance plays a vital role in providing tenants with consistent, enforceable, and reliable service levels. Unlike physical resources, virtual resources are highly scalable and easy to allocate and reallocate on demand. In a multi-tenant virtualized environment, the service provider prioritizes virtual resources to accommodate the growth and changing business needs of tenants. Service level agreements (SLAs) define the level of service agreed to by tenants and the service provider. Service assurance plays an important role in ensuring tenants receive the agreed upon level of service.

(10)

Various methods are available to deliver consistent SLAs across the network, compute, and storage components of the Vblock platform, including QoS in the Cisco Unified Computing System™_{and Cisco Nexus}®_{platforms, EMC Symmetrix}® Quality of Service tools, EMC Unisphere®_{Quality of Service Manager (UQM), and VMware Distributed Resource} Scheduler (DRS). Without the correct mix of service assurance features and capabilities, maintaining uptime, throughput, quality of service, and availability SLAs can be difficult.

Tenant Concerns

 Infrastructure support for evolving, growing and unpredictable workloads  SLA compliance measuring and reporting

 Deliver consistent, stable, predictable service  Support and track tenant SLAs

 Build a predictable cost model while delivering higher value services Security and Compliance

The third element – Security and Compliance – ensures the confidentiality, integrity, and availability of each tenant’s environment at every layer of the TMT stack using technologies like identity management and access control, encryption and key management, firewalls, malware protection, and intrusion prevention. This is a primary concern for both service provider and tenant.

The TMT solution must ensure that all activities performed in the provisioning, configuration, and management of the multi-tenant environment, as well as day-to-day activities and events for individual tenants, are verified and

continuously monitored. It is also important that all operational events are recorded and that these records are available as evidence during audits.

As regulatory compliance expands, the private cloud environment will become increasingly subject to security and compliance standards, such as PCI DSS, HIPAA and SOX (GLBA). With the proper tools, achieving and demonstrating compliance is not only possible, but it can often become easier than a non-virtual environment.

Tenant Concerns

 Answer internal Audit and Governance Boards

 Receive and rely on audit records from the service provider regarding security posture, as well as actions and events occurring in their space

 Meet archive and report requirements defined in standards such as PCI DSS and HIPAA

 Address the tenant’s concerns about the confidentiality, integrity, and availability of their data and resources Availability and Data Protection

(11)

configurations, and architecture can minimize or eliminate points of failure that adversely affect availability to the tenant.

Data protection is a key ingredient in a resilient architecture. Cloud computing imposes a resource tradeoff between high performance, and the requirements of increasingly robust security and data classification are an essential tool for balancing that equation. Enterprises need to know what data is important and where it is located as prerequisites to making performance cost-benefit decisions, as well as ensuring focus on the most critical areas for data loss prevention procedures.

Tenant Concerns

 Assurance that data and resources will be available when needed and protected at all times

 Confidence that data and resources are protected against intrusion and attack without regard to the status of other tenants in the environment

 Ensure that resources needed by tenants are available for use

 Provide a secured environment by means of threat detection and mitigation, including the monitoring and response to intrusions and attacks against the TMT environment and its tenants

 Provide tenant isolation and secure separation to ensure that other tenants in the TMT environment will stay up and available for use, even if one tenant is the target of a Denial-of-Service attack

Tenant Management and Control

The fifth element is Tenant Management and Control. In every cloud services model there are elements of control that the service provider will delegate to the tenant. Reasons for delegation of control include convenience, new revenue opportunities, security, compliance, or tenant requirement. In all cases, the goal of the TMT model is to allow for and simplify the management, visibility and reporting of this delegation.

Tenants should have control over relevant portions of their service. Specifically, tenants should be able to provision allocated resources, manage the state of all virtualized objects, view change management status for all parts of their infrastructure, add and remove administrative contacts, and request more services as needed. In addition, tenants taking advantage of data protection or data backup services should be able to manage this capability on their own, including setting schedules and backup types, initiating jobs, and running reports.

This tenant-in-control model allows tenants to dynamically change the environment to suit their workloads as resource requirements change.

Tenant Concerns

 Accountability for all data inside the multi-tenant environment at all times  Proof of compliance with corporate policies, and relevant laws

 Isolation of their services, or some subset of their services, on demand – with a service provider guarantee thereof

(12)

 Providing different tenants different levels of control; thus, the ability to delegate tenant control at a granular level

 Reporting on and auditing changes made by the provider and the tenant Service Provider Management and Control

The sixth element in the TMT model on the Vblock platform is Service Provider Management and Control. One goal of Trusted Multi-Tenancy is to simplify management of resources at every level of the infrastructure and to provide the functionality to provision, monitor, troubleshoot, and charge back the resources used by tenants. Management of multi-tenant environments comes with challenges, from reporting and alerting to capacity management and tenant control delegation. The Vblock platform helps address these challenges by providing scalable, integrated management solutions inherent to the infrastructure and a rich, fully developed API stack for adding additional service provider value.

Providers of infrastructure services in a multi-tenant environment require comprehensive control and complete visibility of the shared infrastructure in order to provide the availability, data protection, security, and service levels expected by tenants. The ability to control, manage, and monitor resources at all levels of the infrastructure requires a dynamic, efficient, and flexible design that allows the service provider to access, provision, and then release computing resources from a shared pool – quickly, easily, and with minimal effort.

(13)

Overview of the TMT Model

The TMT model (Figure 2) on the Vblock platform uses a layered approach with security controls, isolation

mechanisms, and monitoring controls embedded in the network, compute, and storage layers of the service stack. This layered approach provides secure access to the cloud, guarantees resources to tenants, and provides abstraction to the physical elements. Virtualization at different layers allows the infrastructure to provide logical isolation without dedicating physical resources to each tenant.

(14)

Technology Overview

The following sections describe the key components of the Vblock platform and the other security, storage, compute, and network software and applications that work in conjunction with the Vblock platform to create a Trusted Multi-Tenant environment.

About the Vblock platform

With the Vblock platform, VCE delivers the industry’s first completely integrated IT offering that combines high quality networking, computing, storage, virtualization, security, and management technologies with end-to-end vendor accountability. The Vblock platform provides pre-engineered, production ready, fully tested virtualized infrastructure components, including excellent private cloud offerings from RSA, Cisco, EMC, and VMware. The Vblock platform is available in different sizes and configurations to meet dynamic and extensible workload needs. Enabled by the leading players in IT product delivery, each with industry leading, enterprise level credibility, the Vblock platform provides consumers several benefits through its integrated hardware and software stacks including:

 Fewer unplanned outages and reduced planned downtimes for maintenance activities

 Reduced complexity due to preconfigured and centralized IT resources and resulting standardized IT services  Predictable performance and operational characteristics

 Tested and validated solutions

 Unified support and end-to-end vendor accountability

 Graceful scaling of the Vblock platform environment by adding capacity to the Vblock platform or adding more Vblock platforms

 Virtualized efficiency with predictable scaling for a given footprint

Management and Orchestration

Table 2 lists the standard management and orchestration components on each of the Vblock platforms.

Table 2. Management and orchestration components

Component TMT on Vblock 300 TMT on Vblock 700 Vblock platform

Advanced Management Pod (AMP)

 

EMC Ionix™ Unified Infrastructure Manager (UIM)

 

Vblock Advanced Management Pod (AMP)

The Advanced Management Pod (AMP) is an optional component in the Vblock platform but is recommended as a best practice, inasmuch as it provides the capability to manage the Vblock platform. The AMP will normally consume 6U of rack space. The AMP consists of:

(15)

 Cisco 4948 Switch

Cisco UCS C200 M1 Servers provide (N+1) redundancy to support mission critical applications for Vblock platform management. The logical servers in the AMP provide separate and independent services to both the AMP environment and the production TMT environment. The servers are preconfigured with the following necessary tools to manage the Vblock platform:

 Cisco UCS Manager

 Cisco Nexus 1000V Supervisor  EMC Ionix UIM

 EMC Symmetrix Management Console or Unisphere  EMC PowerPath/VE Server

 VMware vCenter Server and VMware Update Manager

 Active Directory, DNS, and Database services dedicated to support all management applications – this function may be standalone or be integrated into an existing customer environment.

The Cisco 2921 Integrated Services Router and the Cisco 4948 Switch enable monitoring and managing Vblock platform health, performance, and capacity.

With these tools, the AMP provides the following benefits:  Fault isolation for management

 Eliminates resource overhead on the Vblock platform  A clear demarcation point for remote operations EMC Ionix™_{Unified Infrastructure Manager (UIM)}

EMC Ionix UIM provides simplified management for the Vblock platform in a TMT environment by combining provisioning as well as configuration, change, and compliance management.

Key Features

 Manage the Vblock platform as a single entity  Integrate with enterprise management platforms

 Consolidate views into all the Vblock platform components, including network, compute, and storage  Achieve system wide compliance through policy based management

 Easily deploy hardware and software, VMware vSphere and infrastructure provisioning, and disaster recovery infrastructure

With UIM, management of the individual components in the Vblock platform can be combined into a single entity to reduce operational costs and ease the transition from physical to virtual to private cloud infrastructure. Centralizing

(16)

provisioning, change, and compliance management across the Vblock platform reduces operating costs, ensures consistency, improves operational efficiency, and speeds deployment of new services. With EMC Ionix UIM taking care of the Vblock platform, the management transition from a physical to virtual to private cloud infrastructure is easier. Compared to building and integrating pieces individually, the advantages provided by UIM’s integrated management solution UIM become obvious. Although some tools integrate basic health and performance data from the network, compute, and storage domains, the operationally critical areas of configuration, change, and compliance management remain separate or do not exist. This type of disjointed, distributed management can result in:

 Higher ongoing operational costs and reduced ongoing operational efficiency  Slower service deployments

 Inconsistent management across the Vblock platform

 Inability to automatically ensure configurations for accuracy and compliance  Inability to simultaneously and easily restore multiple elements to a compliant state  Less overall flexibility in supporting the IT needs of the business

Security Technologies

Table 3 lists the standard and optional security components and features of the Vblock platform. The table maps each component and feature to the TMT elements that it addresses.

Table 3. Security and Compliance components

Component Secure Separation Service Assurance Security and Compliance Availability Tenant Mgmt & Control Service Provider Mgmt & Control RSA Solution for Cloud

Security and Compliance    

RSA enVision   

RSA SecurID 

RSA SecurID

Authentication Manager  

RSA Data Loss

Prevention 

RSA DLP Network  

RSA Data Protection

Manager 

Cisco Virtual Security

Gateway  

VMware vShield   

VMware vShield Zones 

(17)

Component Secure Separation Service Assurance Security and Compliance Availability Tenant Mgmt & Control Service Provider Mgmt & Control Cisco Adaptive Security

Appliance (ASA)  

Cisco Intrusion

Prevention System  

Cisco Secure Access

Control Server 

RSA Solution for Cloud Security and Compliance

Built on the RSA®_{Archer eGRC Suite, the RSA Solution for Cloud Security and Compliance enables end user} organizations and service providers to orchestrate and visualize the security of their VMware virtualization

infrastructure and physical infrastructure from a single console (Figure 3). The solution offers a solid foundation that enables organizations to address security of VMware environments systematically so they can confidently continue their migration to virtualization and cloud computing models.

Figure 3. System overview

Secure Separation

The RSA Archer eGRC Platform is a multi-tenant software platform, supporting the configuration of separate instances in provider-hosted environments. These individual instances support data segmentation, as well as discrete user experiences and branding. Individual instances store data in physically separate databases while using a common hardware environment and a single deployment of RSA Archer application code. Users identify their instance as part

(18)

of a manual login process, although instance identification can be automated through DNS or single sign-on configuration.

Security and Compliance

Rationalizing the complexity of compliance requirements across both physical and virtual environments – especially in today’s evolving regulatory landscape – is a challenge for security and compliance teams. The RSA Archer eGRC Suite for enterprise governance, risk, and compliance answers this challenge with a comprehensive library of policies, control standards, procedures, and assessments mapped to current global regulations and industry guidelines. More than 130 control procedures in the library, written specifically against the VMware vSphere 4.0 Security Hardening Guide, are mapped to security policies and authoritative sources such as PCI, COBIT, NIST, HIPAA and NERC. In addition, the library includes thousands of other control procedures for operating systems, databases, network devices, and other infrastructure assets, which are mapped to the same laws, regulations, and industry standards – thereby forming the basis of a complete technology controls approach.

Using automated workflow within the RSA Archer eGRC Platform, a project manager can distribute security policies and control procedures to appropriate administrators for both physical and virtual infrastructure (Figure 4). For example, VMware vSphere configuration steps are sent to the VMware administrator, storage configuration steps are sent to the storage administrator, security configuration steps are sent to the security administrator, and so forth.

Figure 4. Distribution and tracking control procedures

RSA’s solution includes new software that substantially automates the assessment of whether VMware security controls have been implemented correctly. The results of these automated configuration checks are fed directly into the RSA Archer eGRC Platform, which also captures the results of configuration checks for physical assets through prebuilt integration with commercially available scan technologies.

(19)

As a result, the Platform serves as a point of consolidation for continuous controls monitoring across the physical and virtual infrastructure. While a significant number of the VMware control procedures are tested automatically, the remainder must be tested manually because their status cannot be directly inferred from the environment. For these control procedures, project managers can issue manual assessments from the RSA Archer eGRC Platform, using a preloaded bank of questions mapped to control procedures and regulatory requirements. Project managers can create new questionnaires within minutes and issue them to appropriate users based on asset ownership.

Issue Remediation

Configuring the physical and virtual infrastructure according to best practice security guidelines and regulatory requirements is critical. However, the security and compliance process does not stop there. Organizations also require the ability to monitor incorrect configurations, policy violations, and control failures across their infrastructure and to respond swiftly with appropriate remediation steps.

RSA’s solution also enables security operations teams to manage policy violations and control failures. The RSA Archer eGRC Platform integrates with RSA enVision log management to collect and correlate security and compliance events from a variety of sources, including the RSA Data Loss Prevention suite, VMware vShield, and VMware Cloud Director, among others.

RSA SecurBook for Cloud Security and Compliance

The RSA SecurBook for Cloud Security and Compliance is a simple solution guide that provides detailed instructions for deploying and administering RSA’s solution in a virtualized environment. Designed to help organizations reduce implementation time and total cost of ownership, the RSA SecurBook offers guidance in the following areas:  Solution architecture for managing VMware security and compliance

 Solution deployment and configuration guides  Operational guidance for effectively using the solution  Troubleshooting guidance

Tenant and Service Provider Management and Control

The multi-tenant reporting capabilities of the RSA Archer eGRC Platform give each tenant a comprehensive, real-time view of the enterprise governance, risk, and compliance (eGRC) program. Tenants can take advantage of prebuilt reports to monitor activities and trends and generate ad hoc reports to access the information needed to make decisions, address issues, and complete tasks. The cloud provider can build customizable dashboards tailored by tenant or audience, so users get exactly the information they need depending on their roles and responsibilities. RSA enVision

The RSA enVision 3-in-1 platform offers an effective security and information event management (SIEM) and log management solution, capable of collecting and analyzing large amounts of data in real time – from any event source and in computing environments of any size. RSA enVision is easily scalable, eliminating the need for filtering and deploying agents.

(20)

 Simplify compliance – Complete accounting of network activity, comprehensive reporting with built-in and customized reporting capabilities, and retention and maintenance of complete log records help ease the burden of compliance. Preconfigured reporting content for all major regulations and frameworks (for example, PCI DSS, HIPAA, FISMA, and ISO) is included.

 Enhance security – Real-time notification of high risk events, a streamlined incident handling process, and reporting on the most vulnerable assets directly enhance security operations. This is SIEM in action – not just log collection, but actionable intelligence.

 Optimize IT and network operations – Determine network availability and status, identify network issues and faulty equipment, and gain visibility into specific behavioral aspects of users in order to optimize the performance of your network.

RSA enVision includes preconfigured integration with all of the the Vblock platform infrastructure components, including the Cisco UCS and Nexus components; EMC storage; and VMware vSphere, vCenter, vShield, and vCloud™ Director. In addition, RSA enVision has preconfigured integration and support for more than 235 more (and counting) of the most common IT components, including network gear, security systems, operating systems, databases, and applications.

Tenant and Service Provider Management and Control

The baselining, trending, and reporting capabilities of RSA enVision give tenants and cloud administrators a long-term graphical overview of performance and security events, improving their overall management and control of cloud resources. The RSA enVision platform collects the event logs generated by IP devices within the cloud infrastructure, permanently archives copies of the data, processes the logs in real time, and generates alerts when it observes suspicious patterns of behavior. Administrators can interrogate the full volume of stored data through intuitive dashboards, and advanced analytical software that turns complex and unstructured raw data into structured information.

RSA SecurID

RSA SecurID two-factor authentication is based on something you know (a password or PIN) and something you possess (an authenticator) – providing a more reliable level of user authentication than reusable passwords. RSA SecurID automatically changes user passwords every 60 seconds.

The RSA SecurID solution is regarded as a more secure alternative to authentication systems based on reusable passwords. In addition, the RSA SecurID solution is easier to use than challenge-and-response systems that require multiple steps to generate a valid access code. The RSA SecurID two-factor authentication solution is a fundamental piece in support of security and compliance.

RSA Authentication Manager

RSA Authentication Manager is the management component of the RSA SecurID solution used to verify authentication requests and centrally administer authentication policies for enterprise networks. RSA Authentication Manager is interoperable with many network, remote access, VPN, Internet, wireless, and application solutions.

Secure Separation

RSA Authentication Manager supports logical partitioning whereby a provider can define and enforce separate authentication policies by assigning each tenant a Security Domain.

(21)

RSA Data Loss Prevention

The RSA Data Loss Prevention (DLP) suite provides a policy-based approach to securing data in data centers, networks and end points, enabling organizations to discover and classify their sensitive data, educate end users, ensure data is handled appropriately, and report on risk reduction and progress towards policy objectives. The RSA DLP Suite reduces the total cost of ownership with high scalability, automated data protection services, and the most extensive data policy and classification library available in the industry. The RSA DLP suite improves security by protecting the tenant’s confidential data, such as intellectual property, product roadmaps, and company financials; and it facilitates compliance by securing customer records and other sensitive data as required by regulations and standards. RSA Data Loss Prevention Network

RSA Data Loss Prevention (DLP) Network identifies and enforces policies for sensitive data transmitted through corporate e-mail (SMTP), webmail, instant messaging, FTP, web based tools (HTTP or HTTPS), and generic TCP/IP protocols.

Key Features

 Depth of policy and classification library increases ROI by eliminating the need to fine tune policies and helping organizations realize the value of their DLP deployment more quickly.

 Comprehensive support for numerous protocols dramatically reduces risk exposure.  Retention of end user actions logs helps administrators simplify the compliance process.

 Numerous automatic and manual remediation options allow organizations to customize policy responses based on varying levels of risk.

 RSA DLP Network provides deep visibility into network policy violations by sender, recipient and content type.

Secure Separation

RSA DLP Network virtual appliances can be deployed for each tenant. Each virtual DLP appliance enforces the policies defined for that specific tenant.

RSA Data Protection Manager

RSA Data Protection Manager is an enterprise encryption key management system designed to manage encryption keys at the application, database, and storage layers. RSA Data Protection Manager lowers the total cost of ownership associated with encryption by giving administrators fine grained control over the vaulting and management of keys from a single, central console. The RSA SafeProxy™_{architecture employs a unique combination of tokenization,} advanced encryption, and public-key technologies to protect sensitive data with a layered approach to security. RSA Data Protection Manager’s combination of application encryption and tokenization increases security and facilitates compliance.

Cisco Virtual Security Gateway

Cisco Virtual Security Gateway (VSG) for Nexus 1000V Series switches is a virtual firewall appliance that provides trusted access to virtualized data centers. VSG facilitates multi-tenancy by allowing tenants with varied security profiles to share a common compute infrastructure.

(22)

In a multi-tenant environment, deployment of VSG can occur at several levels of the virtualized infrastructure (Figure 5).

Deployment options include:

 Using VSG as a tenant edge firewall

 Placing VSG in each virtual center within a tenant  Deploying VSG within each virtual application Secure Separation

VSG provides secure segmentation of the virtual machines in the virtualized data center using granular, zone based control and monitoring with context-aware security policies (based on virtual machine identities, custom attributes, and 5-tuple network parameters).

Key benefits include the following

 Controls are applied across organizational zones, lines of business, and multi-tenant environments.  Security policies are organized into security profiles (templates).

 Context-based access logs are generated with activity details at the network and virtual machine levels.  Non-disruptive administration through administrative segregation across security and server teams. Security and Compliance

With VMs organized into distinct trust zones, configurable security policies control and monitor traffic between zones. In this way, the VSG can effectively control traffic between trust zones, as well as between trust zones and external zones.

(23)

Figure 5. Cisco Virtual Security Gateway (VSG)

VMware vShield

The VMware vShield family of security solutions (Table 4) provides virtualization-aware protection for virtual data centers and cloud environments. VMware vShield products strengthen application and data security, enable TMT, improve visibility and control, and accelerate IT compliance efforts across the organization. Figure 6 illustrates the interaction between vShield components.

Table 4. VMware vShield family

Solution Description

vShield Zones  Basic access control list (ACL) capability built into vSphere.

 Support applications belonging to different trust levels on the same virtual data center.

vShield App  Enhanced version provides firewalling capability between virtual machines by placing a firewall filter on every virtual network adapter.

 Allows for the easy application of firewall policies based upon logical Security Groups, which are associated with resource pools, folders, containers, and other vSphere groupings from the vCenter inventory.

vShield Edge  Virtualizes data center perimeters and offers firewall, VPN, web load balancer, NAT, and DHCP services.

 Isolates the virtual machines in a port group from the external network.  Connects isolated, tenant stub networks to the shared (uplink) networks and

(24)

Solution Description

vShield Endpoint  Enables offloading of antivirus and other anti-malware processing to dedicated security-hardened virtual machines delivered by VMware partners.

Figure 6. VMware vShield family

Secure Separation

Two components of the VMware vShield suite that enable service providers to protect and isolate VMs belonging to different tenants are vShield App and vShield Edge. Table 5 describes these components.

Table 5. VMware vShield isolation mechanisms

Component Description

vShield App  Implements an IP-based, stateful firewall and application layer gateway for a broad range of protocols including Oracle, FTP, and Sun Remote Procedure Call (RPC), Linux RPC, and Microsoft RPC.

 Places firewall filter on every virtual network adapter to provide firewalling capability between VMs.

 Operates transparently and does not require network changes or modifications of IP addresses.

 Firewall rules defined using various object types, including data center, cluster, resource pools, vApp, port group, and VLAN.

vShield Edge  Secures the edge of a virtual data center with firewall, VPN, and NAT services (Figure 7).

(25)

Component Description

 Creates logical security perimeters around virtual data centers (vDCs) to support multi-tenancy environments.

 Other common deployments for vShield Edge include DMZs and extranets.  Compatible with port groups on the vNetwork Standard Switch (vSwitch), vNetwork

Distributed Switch (vDS), and the Nexus 1000v.

Figure 7. VMware vShield Edge

Service Provider Management and Control

VMware vShield Manager is the management interface for all vShield products. Integrated with VMware vCenter and deployed in its own virtual machine, vShield Manager leverages vSphere resources. The user interface offers configuration and data viewing options for all vShield products. Tight integration with vCenter allows display of all underlying vSphere resource pools within vShield Manager.

Service providers can use the VMware vShield Manager unified dashboard overview to manage and deploy policies for the entire vCenter environment, leveraging their existing virtual infrastructure containers as organizational zones across physical hosts, virtual switches, and networks. The inventory panel offers multiple view options, each displaying different perspectives of the underlying vSphere resource pool and vCenter inventory.

VMware vShield Zones

VMware vShield Zones is a firewall deployed as a hypervisor-level Loadable Kernel Module (LKM) security virtual appliance that provides visibility and enforcement of network activity within a VMware vSphere deployment to comply with corporate security policies and industry regulations such as PCI or Sarbanes-Oxley.

(26)

VMware vShield App

VMware vShield App is a more feature-rich version of vShield Zones, which is highly recommended for multi-tenant environments. It adds the following capabilities: Service providers can use vShield Manager to deploy distributed vShield App LKMs on each vSphere host, providing visibility and control of virtual network traffic across virtual server environments. The distributed vShield App LKMs are administered by vShield Manager, which integrates seamlessly with the service provider’s vCenter deployment to present policies and events in the context of the existing virtual machines, networks, host, and clusters used to service their customer deployments.

Key Features

 Central management of logical zone boundaries and segmentation

 Extensive visibility through flow monitoring to help define and refine firewall rules, detect botnets, and secure business processes

 Simplified policy management through Security Groups, which allow administrators to define business-relevant groupings of any virtual machines by their virtual NICs

Secure Separation

The hypervisor-level firewall in VMware vShield ensures that proper segmentation and trust zones are enforced for all application deployments.

VMware vShield App integrates into VMware vCenter and leverages virtual inventory information – such as vNICs, port groups, clusters, and VLANs – to simplify firewall rule management and trust zone provisioning. Leveraging various VMware logical containers reduces the number of rules required to secure a multi-tenant environment and therefore reduces the operational burden that accompanies the isolation and segmentation of tenants. This method of creating security policies closely links with VMware virtual machine objects, and therefore follows the VMs during vMotion™_{. Using vShield App within Distributed Resource Scheduler (DRS) clusters ensures secure compute load} balancing operations without performance compromise, as the security policy follows the virtual machine. Cisco Adaptive Security Appliance

The Cisco Adaptive Security Appliance (ASA) is a purpose-built security appliance that combines firewall, Virtual Private Network (VPN), and optional content security and intrusion prevention to distribute network security across the data center. A single Cisco ASA appliance can be partitioned into multiple virtual firewalls, known also as security contexts. Each security context acts as a separate firewall with its own security policy, interfaces, and configuration, although some features are not available for virtual firewalls – such as IPSEC and SSL VPN, Dynamic Routing Protocols, Multicast and Threat Detection.

Secure Separation

In a multi-tenant environment, the service provider may assign one or more security contexts to each tenant to provide separation at the network level.

The ASA provides threat defense and highly secure communications services to stop attacks before they affect business continuity.

(27)

Cisco Intrusion Prevention System

Cisco Intrusion Prevention System (IPS) appliances provide proven protection against well known and emerging threats to help secure confidential data and meet ever increasing compliance mandates. Cisco IPS accurately identifies, classifies, and stops malicious traffic, including worms, spyware, adware, network viruses, and application abuse before they affect business continuity. Cisco Anomaly Detection stops Day-Zero attacks before signature updates are available.

Cisco IPS collaborates with other key network components for end-to-end network-wide protection. Cisco IPS may participate in Cisco Global Correlation, where the visibility and controls of the IPS are enhanced with threat information shared by the Cisco SensorBase network. Available as a dedicated appliance, Cisco IPS is also integrated into Cisco firewall, switch, and router platforms for maximum protection and deployment flexibility.

Key Features

 Proven protection against well known and zero-day attacks

 Protects against more than just virus outbreaks, such as attacks targeted against a company’s information  Helps prevent against severe loss due to disruptions, theft, or defacement caused by compromised servers  Stops worm and virus outbreaks at the network level, before they reach the desktop

 Identifies, classifies, and stops malicious traffic, including worms, spyware, adware, viruses, and application abuse.

 Delivers high performance, intelligent threat detection and protection over a range of deployment options. Secure Separation

IPS virtual sensors allow the logical partition of a physical sensor appliance or module into multiple virtual sensors. Each virtual sensor maintains its own configuration indicating the data streams to be inspected and the policies to be enforced. By separating tenant traffic into multiple virtual sensors, the cloud provider can define and enforce separate sets of policies tailored to address the unique requirements of each tenant.

Cisco IPS sensors protect the data center by detecting, classifying, and blocking network-based threats by means of attack signatures associated with worms, viruses, and various application abuse scenarios. This process occurs on a per connection basis, allowing legitimate traffic to flow unobstructed.

Cisco Secure Access Control Server

Cisco Secure Access Control Server (ACS) is a highly scalable, high performance, access policy system that centralizes authentication, user access, and administrator access policy and reduces the administrative and management burden. The Cisco ACS supports authentication, authorization, and accounting (AAA) protocols such as TACACS+ and RADIUS as well as directory databases such as LDAP and Active Directory.

Key features

 A comprehensive, identity-based access policy system for Cisco intelligent information networks  Central management of access policies for both network access and device administration

(28)

 Support for a wide range of access scenarios including wireless LAN, 802.1x wired, and remote access Security and Compliance

ACS enforces the access control policy for network or service devices within the secure multi-tenant data center.

Storage Technologies

Table 6 lists the standard and optional storage components and features of the Vblock platform. The table maps each component or feature to the TMT elements it addresses.

Table 6. Storage components and features

Component Secure Separation Service Assurance Security and Compliance Availability Tenant Mgmt & Control Service Provider Mgmt & Control EMC Symmetrix® V-MAX™    EMC Symmetrix Management Console (SMC)  Symmetrix Priority Controls  EMC Symmetrix Performance Analyzer  EMC Fully Automated Storage Tiering (FAST)   EMC Symmetrix Optimizer  EMC PowerPath/VE  EMC Unified Storage     EMC Unisphere Management Suite  EMC Unisphere Quality of Service Manager (UQM)  EMC VPLEX 

EMC Ionix Storage Configuration Advisor (SCA)

 EMC Ionix

ControlCenter  

EMC Virtual Storage Integrator (VSI) Plugin

(29)

Component Secure Separation Service Assurance Security and Compliance Availability Tenant Mgmt & Control Service Provider Mgmt & Control EMC NetWorker 

EMC Data Domain 

EMC Avamar 

EMC Replication

Manager 

EMC RecoverPoint 

EMC RecoverPoint Storage Adapter for SRM  EMC Data Protection Advisor (DPA) 

EMC Symmetrix®_V-MAX™

EMC Symmetrix V-MAX with Enginuity provides high-end storage for the virtual data center. V-MAX has high availability, with 100 percent fault tolerance for all physical components. Enginuity, the operating environment for Symmetrix V-MAX, manages data integrity through continuous checking of all data and hardware – from host, to memory, to disk drive, and back again. This includes trend analysis and early detection as well as automatic failover and escalation when a problem does occur.

Secure Separation

Symmetrix V-MAX arrays provide multiple methods of separating storage resources, which include:

 Mapping and masking by means of Auto-provisioning Groups gives the storage administrator the ability to logically group hosts into host groups, each of which has access only to data for volumes assigned to that host group. In this case, two tenants may have access to the same array, but their view of storage assets is

completely independent.

 Storage formatting methods (I-VTOC) ensure that when space is reused to provision a new volume, host B cannot read any lingering data from host A.

 Symmetrix Access Control (SymACL) offers Host Authorization. Each host’s unique WWID is used to assign certain management rights. Two hosts with management responsibilities will see and manage entirely different resources.

 User Authorization assigns different privilege levels to each user on a host, so that hosts exist for both management and read/write access, depending on the user. The different roles assigned are users (no management privileges), auditors, monitors (read-only), storage administrators, and security administrators.  User Authorization Enhancements for VMware allow vCenter administrators to log onto the Symmetric

Management Console (SMC) from wherever they are. Based on their user ID, administrators can access a subset of storage resources that other tenant administrators cannot access. Similar to SymACL, individual resources can be assigned to different tenants, as opposed to normal user authentication, which only decides

(30)

which level of administration privilege each user has. User Authorization Enhancements were established to better support EMC Symmetrix VSI plugin for vCenter.

Service Assurance

Cache partitioning is dedicated memory allocation for predictable performance for a storage tier. Dynamic cache partitioning segregates memory resources on a V-MAX array into many partitions, for different applications. Partitions can expand and contract according to policies in order to maximize performance while isolating workloads among applications.

Availability and Data Protection

V-MAX also provides the following availability features:

 Incremental scaling of both capacity and back-end performance.  Online upgrades.

 Completely redundant critical components, including V-MAX directors, virtual matrix data paths, power supplies, standby power supplies, and all back-end Fibre Channel components.

 The Enginuity operating system manages all operations, from monitoring and optimizing the internal data flow, ensuring fastest responses to users request for information, and replicating and protecting data.  Cache integrity checks, including error checking and correction (ECC), protect service providers from any

errors in cache/memory. Global memory mirroring protects the system from memory component failures.  Power-vault drives destage memory to disks during unexpected power failure.

Symmetrix systems provide a range of RAID protection options in order to meet different performance, availability, and cost requirements. RAID protection options are configured at the physical drive level. Symmetrix systems support varying levels of protection, including RAID 1, RAID 10, RAID 5 (3+1 and 7+1), and RAID 6 (6 + 2 and 14 + 2). RAID 6 protection allows for failure of two drives per RAID group, which makes it ideal for large SATA drives. Different levels of RAID protection can be easily configured with different datasets within a Symmetrix V-MAX system.

EMC Symmetrix Management Console Service Provider Management and Control

The EMC Symmetrix Management Console (SMC) is an intuitive, web-based interface that service providers can use to discover, monitor, configure, and control Symmetrix arrays. SMC enables initial system discovery and configuration, including device creation and configuration, along with basic device masking and support for managing local and remote replication activities.

Service providers can use SMC to accelerate routine processes, reduce manual errors, and gain new flexibility when managing their Symmetrix storage systems. SMC has the ability to provision priority controls.

SMC also includes password-based authentication and access controls that restrict user actions according to their assigned roles.

(31)

Symmetrix Priority Controls

EMC Symmetrix Priority Controls help service providers manage multiple application workloads by setting priority levels for device groups, giving higher priority applications to faster response times than lower priority applications during times of disk contention, on a per LUN basis. Priority controls provide predictable performance across multiple storage tiers in the same system.

EMC Symmetrix Performance Analyzer Service Provider Management and Control

EMC Symmetrix Performance Analyzer is an automated monitoring, diagnostics, and trending tool launched through the Symmetrix Management Console to assist with real-time troubleshooting and diagnostics, as well as long term planning decisions, such as system upgrades and consolidation. Customizable dashboards (Figure 8) provide intuitive analysis of key performance indicators (KPIs) at the application level in order to assess performance and utilization trends for both logical and physical resources.

Figure 8. EMC Symmetrix Performance Analyzer dashboard

EMC Fully Automated Storage Tiering (FAST)

EMC Fully Automated Storage Tiering (FAST) represents the next generation of storage tiering (Figure 9). FAST automates the movement and placement of data across storage resources as needed. FAST enables continuous optimization of your applications by eliminating tradeoffs between capacity and performance, while lowering cost and delivering higher service levels at the same time.

(32)

Service Assurance

FAST lowers overall storage costs and simplifies management while allowing different applications to meet different service level requirements on distinct pools of storage within the same Symmetrix V-MAX. FAST technology automates the dynamic allocation and relocation of data across tiers for a given FAST policy, based on changing application performance requirements. FAST helps to maximize the benefits of preconfigured tiered storage by optimizing cost and performance requirements to put the right data, on the right tier, at the right time.

FAST LUN Migrator monitors workloads and moves heavily used data to higher performing Enterprise Flash drives and the less frequently accessed data to higher capacity drives (SATA). FAST does this dynamically and non-disruptively without affecting business continuity and availability.

FAST VP monitors thin VP LUN utilization and moves the busiest thin extents to appropriate pools located on various drive technologies. It also moves underutilized thin extents to pools located on high capacity drives. Because the unit of analysis and movement is measured in thin extents, this sub–LUN optimization is extremely powerful, precise, and efficient.

Figure 9. EMC Fully Automated Storage Tiering (FAST)

EMC Symmetrix Optimizer Service Assurance

EMC Symmetrix Optimizer improves array performance by continuously monitoring access patterns and migrating devices (Symmetrix logical volumes) to achieve balance across the drives within a physical disk group, and thereby

(33)

reduce the risk of hot spots. Based on user-defined parameters, this automated process is transparent to end users, hosts, and applications in the environment.

EMC PowerPath®_/VE

EMC PowerPath®_{/VE delivers PowerPath multipathing features (Figure 10) to optimize VMware vSphere} environments by removing the administrative overhead associated with load balancing and failover. Availability

PowerPath/VE enables automation of optimal server, storage, and path utilization in a dynamic virtual environment, eliminating the need to load balance hundreds or thousands of virtual machines and I/O intensive applications manually. PowerPath/VE provides extreme performance by intelligently scheduling application I/O across all available paths while also providing automated path failure detection, failover, and failback.

Key Features

 Standardized path management unifies management across heterogeneous physical and virtual environments.

 Optimized utilization leverages all channels to provide optimal, predictable, and consistent information access.

 Dynamic load balancing constantly adjusts I/O path usage and respond to changes in I/O loads from virtual machines.

 Automatic I/O path failure detection keeps the virtual environment and applications running in the event of failure.

(34)

Figure 10. EMC PowerPath/VE multipathing

EMC Unified Storage

The EMC Unified Storage system is a highly available architecture capable of five nines availability. The Unified Storage arrays from EMC achieve five nines availability by eliminating single points of failure throughout the physical storage stack with technologies such as dual ported drives, hot spares, redundant back-end loops, redundant front-end and back-end ports, dual storage processors, redundant fans and power supplies, and battery backup for the cache. Secure Separation

EMC Unified Storage systems provide various methods for ensuring the secure isolation of tenant data and resources in the converged Vblock infrastructure (Table 7).

Table 7. Storage secure separation methods

Method Description

RAID Groups  RAID groups (RG) are 2–16 drive logical containers with the same RAID level. Drives within a RG can be logically partitioned into logical unit numbers (LUNs) so that multiple discrete datasets can reside on the same RG.

 RGs allow separation of tenant workloads to dedicated disks when very high performance and low latency are the primary concerns. LUNs built on a RG dedicated to a tenant have their own discrete resources, which are not shared with other RGs or disks, and which allow predictable performance and resource control for the tenant.

(35)

Method Description

Pools  Pools are logical containers of between two and many drives that share the same RAID level and allow for advanced array features, such as thin provisioning, compression, and Fully Automated Storage Tiering (FAST).

 A pool can have up to the maximum number of drives available in an array, which allows workloads to be spread over hundreds of disks. Pools can have mixed drive types so that a pool could be composed of a mix of EFD, FC and SATA. These pools can dynamically move data between the different tiers, based on performance needs, by utilizing FAST. Thin provisioning allows efficient use of space in the pool by only allocating used blocks consumed by the host.

 Pools allow for extremely flexible consumption of storage while maintaining separation of data and resources between pools. Pools can be associated with tenants to provide a single resource capable of providing high performance, efficient capacity utilization and simplified storage management.

VSAN  A virtual storage area network (VSAN) is a collection of ports from hosts, switches and storage arrays that forms a virtual SAN fabric. VSANs create self-contained fabrics capable of using distinct security policies, zones, memberships and name services. This segments SAN traffic in order to ensure communication only between devices authorized to communicate. VSANs allow shared SAN resources to be segmented among tenants securely.

Virtual Data Mover  Virtual Data Mover (VDM) is a software feature of the EMC Celerra X-Blade that enables the grouping of file systems and CIFS servers into virtual containers. Each VDM contains all the data necessary to support one or more CIFS servers and their file systems. A VDM can be loaded and unloaded, moved from Data Mover to Data Mover, or replicated to a remote Data Mover as an autonomous unit. The servers, their file systems, and configuration data are available in one virtual container. VDMs allow tenants to share Data Mover resources while maintaining data and namespace separation.

Service Assurance

EMC Unisphere Quality of Service Manager (QoS Manager) enables dynamic allocation of Unified Storage resources to meet service level requirements for critical applications. QoS Manager also provides performance data charts, which allows performance analysis and trending.

The EMC unified storage systems can be securely managed in cloud environments with role-based access controls (RBAC) and lightweight directory authentication protocol (LDAP) integration. User accounts can be mapped to specific roles within Unisphere to give fine-grained control of storage system features based on group membership.

The Unified storage arrays promote high availability through logical constructs such as RAID, proactive hot sparing, rebuild avoidance, cache mirroring, and error bit correction. Clouds built on EMC Unified storage will benefit from having the most highly available storage in the midrange, providing reliable access to tenant data.

EMC Unisphere®_{Management Suite}

EMC Unisphere provides a simple, integrated experience for managing EMC Unified storage through both a storage and VMware lens. It is designed to provide simplicity, flexibility, and automation – key requirements for using private clouds.

(36)

Key Features

 Web-based management interface to discover, monitor, and configure EMC Unified storage  Self-service support ecosystem to gain quick access to real-time online support tools

 Task-based navigation and controls to provide an intuitive, context based approach to configure storage, create replicas, and monitor the environment

 Automatic event notification to proactively manage critical status changes  Customizable dashboard views and reporting

Unisphere includes a unique self-service support ecosystem that is accessible with one-click, task-based navigation and controls for intuitive, context-based management. It provides customizable dashboard views and reporting capabilities that present users with valuable storage management information.

EMC Unisphere Quality of Service Manager Service Assurance

EMC Unisphere™_{Quality of Service Manager (QoS Manager) enables dynamic allocation of storage resources to meet} service level requirements for critical applications (0). Prioritizing applications and setting specific performance targets with QoS Manager determines desired application service levels. QoS Manager monitors storage system performance on an application-by-application basis, providing a logical view of application performance on the storage system.

QoS Manager provides performance data charts that allow performance analysis and trending. In addition to displaying real-time data, performance data can be archived for offline trending and data analysis. Two standalone client tools retrieve performance archives from the storage system, as well as export data to other file formats.

(37)

Figure 11. EMC Unisphere QoS Manager

EMC VPLEX™

EMC VPLEX is the next-generation solution for information mobility and access within, across, and between data centers. In combination with VMware vMotion, VPLEX enables effective distribution of applications and their data across multiple hosts over synchronous distances (Figure 12). With virtual storage and virtual machines working together over distance, the infrastructure can provide load balancing, real-time remote data access, and improved application protection.

EMC VPLEX allows users to concurrently access a single copy of the data at different geographical locations, enabling a transparent migration of running virtual machines between data centers. This capability allows for transparent load sharing between multiple sites while providing the flexibility of migrating workloads between sites in anticipation of planned events. Furthermore, in case of an unplanned event that causes service disruption of one of the data centers, the surviving site can restart the failed services with minimal effort while minimizing recovery time objective (RTO).

VBLOCK SOLUTION FOR TRUSTED MULTI-TENANCY: TECHNICAL OVERVIEW

VBLOCK

™

SOLUTION FOR

TRUSTED MULTI-TENANCY:

TECHNICAL OVERVIEW

Table of Contents

Executive Summary

Introduction

Overview of the TMT Model

Technology Overview