Cloud Security,Kryptovanie v Cloude Workshop, Cloud Expo 2013 www.rackscale.sk

Erik Kirschner Founder & Co-Owner Rackscale, s.r.o. ���CCDA, CCNP, CCSP, VCP4, VCP5

erik.kirschner@rackscale.sk���erik.kirschner@gmail.com ���0908 707 197

Blog: www.erikkirschner.sk ���Twitter: @erikkirschner

Rackscale, s.r.o. * 5/2011

Tomášikova 64 (Lakeside Park) ���831 04 Bratislava

www.rackscale.sk ���Twitter: @rackscale

Agenda

Kryptovanie v Cloude: Public, Private Možnosti/spôsoby kryptovania v Cloude

Ako kryptovať v Rackscale Public Cloud

Kryptovanie v Cloude

Private Cloud: Protect-V od SafeNet��� HighCloud Security

Public Cloud: HighCloud Security

Regulatory compliance HIPAA, PCI and FIPS 140-2 level 3 certified KeySecure appliance

Možnosti/spôsoby kryptovania

Private Cloud: Pre-Boot VM��� Storage (LUN, vmdk,…)

Public Cloud: VM HDD ( !!! ale nie s OS !!! )

Ako kryptovať v Rackscale Public Cloud

Key and Policy Server: https://crypto.rackscale.sk

generovanie a správa kľúčov���registrácia VM, ktoré budú mať kryptované disky���správa kryptovaných HDD vo VMs���

Kryptované HDD vo VM, ktoré su !!!kdekoľvek!!!, napr. u Vás vo firme, v Rackscale Cloud, alebo iných Cloud Providers.

Podporované OS

Microsoft: Windows Server 2008 R2��� Windows 7

Linux: CentOS 5.8 64-bit��� CentOS 6.2 64-bit��� CentOS 6.3 64-bit��� Ubuntu 10.04 server and desktop (64-bit) ��� Ubuntu 12.04 server (64-bit) ��� Ubuntu 12.10 server (64-bit) ��� Red Hat Enterprise Linux 6

Ako to funguje?

VM Sets

Rackscale

Registrácia VM # hcl register -h my_ubuntu -d "This is my 10.04 VM" 192.168.140.130 ad85837b-9862-11e1-afd5-000c29de5d41_120507163538.bin

Enter Import Password: Enter certificate passphrase

Enter passphrase (min 16 characters): onetimepassword16chrsmin

Registered as my_ubuntu with KPS 192.168.140.130

Please login to the KPS to complete the authentication of this node

HCL status, linux # hcl status Summary -------------------------------------------------------------------------------- KPS: 192.168.140.151:443 KPS list: 192.168.140.151:443,192.168.140.152:443 Status: Connected Registered Devices -------------------------------------------------------------------------------- Disk Name Clear Cipher Status -------------------------------------------------------------------------------- Available Devices -------------------------------------------------------------------------------- Disk Name Device Node Size (in MB) -------------------------------------------------------------------------------- sde /dev/sde 2048 sdd /dev/sdd 2048 sdc /dev/sdc 2048 sdb2 /dev/sdb2 1027 sdb1 /dev/sdb1 1019 Other Devices -------------------------------------------------------------------------------- Disk Name Device Node Status -------------------------------------------------------------------------------- sda5 /dev/sda5 Mounted (swap) sda1 /dev/sda1 Mounted (/)

HCL status, windows

C:\Windows>hcl status Summary ----------------------------------------------------------------------------- KPS: 192.168.140.151:443 KPS list: 192.168.140.151:443,192.168.140.152:443 Status: Connected

Device details ----------------------------------------------------------------------------- Encrypted Clear Cipher Status -----------------------------------------------------------------------------

Available Devices ----------------------------------------------------------------------------- Disk name Drive Status ----------------------------------------------------------------------------- \Device\Harddisk1\Partition0 Available \Device\Harddisk2\Partition0 Available

# hcl status Summary -------------------------------------------------------------------------------- KPS: 192.168.140.151:443 KPS list: 192.168.140.151:443,192.168.140.152:443 Status: Connected Registered Devices -------------------------------------------------------------------------------- Disk Name Clear Cipher Status -------------------------------------------------------------------------------- sdb2 /dev/mapper/clear_sdb2 AES-256 Attached '--> auto_attach=ENABLED, attach_handler=DEFAULT, detach_handler=DEFAULT sdb1 /dev/mapper/clear_sdb1 AES-256 Attached '--> auto_attach=ENABLED, attach_handler=DEFAULT, detach_handler=DEFAULT Available Devices -------------------------------------------------------------------------------- Disk Name Device Node Size (in MB) -------------------------------------------------------------------------------- sde /dev/sde 2048 sdd /dev/sdd 2048 sdc /dev/sdc 2048 Other Devices -------------------------------------------------------------------------------- Disk Name Device Node Status -------------------------------------------------------------------------------- sda5 /dev/sda5 Mounted (swap) sda1 /dev/sda1 Mounted (/)

HCL status, linux

KPS, disks

Otázky?