• Share
  • Email
  • Embed
  • Like
  • Private Content
Webinar - Keeping your Data Safe in Couchbase Using Gazzang
 

Webinar - Keeping your Data Safe in Couchbase Using Gazzang

on

  • 694 views

Data in Couchbase server may contain either sensitive, protected information or key intellectual property. Sensitive data comes in many forms - names, addresses, medical records, school transcripts, ...

Data in Couchbase server may contain either sensitive, protected information or key intellectual property. Sensitive data comes in many forms - names, addresses, medical records, school transcripts, buying habits, credit card numbers, corporate intellectual property. Typically, this information is distributed throughout the cluster calling for the underlying data files to be protected. Gazzang for Couchbase offers a powerful, policy-driven solution that enables you to encrypt your data stored in Couchbase Server.

In this webinar you'll see:

An overview of Couchbase Server
The main use cases for data encryption and key management
An overview of Gazzang zNcrypt and Gazzang zTrustee
How to ensure your security solution integrates seamlessly with Couchbase without impacting performance
What do you need to get started
A demo of how Gazzang works in Couchbase

Statistics

Views

Total Views
694
Views on SlideShare
595
Embed Views
99

Actions

Likes
3
Downloads
18
Comments
0

1 Embed 99

http://www.couchbase.com 99

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • 1.  A set request comes in from the application .2.  Couchbase Server responses back that they key is written3. Couchbase Server then Replicates the data out to memory in the other nodes4. At the same time it is put the data into a write que to be persisted to disk
  • 1.  A set request comes in from the application .2.  Couchbase Server responses back that they key is written3. Couchbase Server then Replicates the data out to memory in the other nodes4. At the same time it is put the data into a write que to be persisted to disk
  • 1.  A set request comes in from the application .2.  Couchbase Server responses back that they key is written3. Couchbase Server then Replicates the data out to memory in the other nodes4. At the same time it is put the data into a write que to be persisted to disk
  • 1.  A set request comes in from the application .2.  Couchbase Server responses back that they key is written3. Couchbase Server then Replicates the data out to memory in the other nodes4. At the same time it is put the data into a write que to be persisted to disk
  • Bulletize the text. Make sure the builds work.
  • Bulletize the text. Make sure build work properly.
  • Bulletize the text. Make sure build work properly.
  • Bulletize the text. Make sure the builds work.

Webinar - Keeping your Data Safe in Couchbase Using Gazzang Webinar - Keeping your Data Safe in Couchbase Using Gazzang Presentation Transcript

  • Introduction to Couchbase
  • Couchbase Server NoSQL Document Database
  • Couchbase Open Source Project • Leading NoSQL database project focused on distributed database technology and surrounding ecosystem • Supports both key-value and document-oriented use cases • All components are available under the Apache 2.0 Public License • Obtained as packaged software in both enterprise and community editions. Couchbase Open Source Project
  • Couchbase Server Easy Scalability Grow cluster without application changes, without downtime with a single click Always On 24x365 No downtime for software upgrades, hardware maintenance, etc. Consistent High Performance Consistent sub-millisecond read and write response times with consistent high throughput JSON JSON JSO JSON JSON N Flexible Data Model JSON document model with no fixed schema.
  • Couchbase Server Architecture
  • Couchbase Server Architecture 11211 11210 Query API Memcapable 1.0 Memcapable 2.0 New Persistence Layer vBucket state and replication manager Node health monitor Rebalance orchestrator storage interface Global singleton supervisor Data Manager Configuration manager Couchbase EP Engine Process monitor Memcached Heartbeat Moxi REST management API/Web UI Query Engine 8092 Cluster Manager http on each node one per cluster Erlang/OTP HTTP Erlang port mapper Distributed Erlang 8091 4369 21100 - 21199
  • Couchbase Server Architecture Query Engine Query API 11210 / 11211 8091 Admin Console Data access ports http Object-managed Cache Erlang /OTP 8092 REST management API/Web UI Replication, Rebalance, Shard State Manager Multi-threaded Persistence Engine Data Manager Cluster Manager
  • Couchbase Operations
  • Single node - Couchbase Write Operation Doc 1 App Server Couchbase Server Node 3 2 Managed Cache Replication Queue Disk Doc 1 Disk Queue To other node 3
  • Single node - Couchbase Update Operation Doc 1’ App Server Couchbase Server Node 3 2 Managed Cache Replication Queue 1 Doc 1’ Disk Queue To other node 3 Disk Doc 1
  • GET Doc 1 Single node - Couchbase Read Operation App Server Couchbase Server Node 3 2 Managed Cache Replication Queue Doc 1 Disk Queue To other node 3 Disk Doc 1
  • Single node – Couchbase Cache Miss GET Doc 1 2 App Server 3 2 Managed Cache Replication Queue Doc 5 4 4 Doc Doc Doc 1 Doc Doc 3 2 Disk Queue To other node Disk Doc 1 Doc 6 Doc 5 Doc 4 Doc 3 3 Doc 2 Couchbase Server Node
  • Basic Operation APP SERVER 1 APP SERVER 2 COUCHBASE Client Library COUCHBASE Client Library CLUSTER MAP CLUSTER MAP READ/WRITE/UPDATE SERVER 1 SERVER 2 SERVER 3 ACTIVE ACTIVE ACTIVE Doc 5 Doc Doc 4 Doc Doc 1 Doc Doc 2 Doc Doc 7 Doc Doc 2 Doc Doc 9 Doc Doc 8 Doc Doc 6 Doc REPLICA REPLICA REPLICA • Docs distributed evenly across servers • Each server stores both active and replica docs Only one server active at a time • Client library provides app with simple interface to database • Cluster map provides map to which server doc is on Doc 4 Doc Doc 6 Doc Doc 7 Doc Doc 1 Doc Doc 3 Doc Doc 9 Doc • App reads, writes, updates docs Doc 8 Doc Doc 2 Doc Doc 5 Doc • Multiple app servers can access same document at same time COUCHBASE SERVER CLUSTER User Configured Replica Count = 1 App never needs to know
  • Add Nodes to Cluster APP SERVER 1 APP SERVER 2 COUCHBASE Client Library COUCHBASE Client Library CLUSTER MAP CLUSTER MAP READ/WRITE/UPDATE READ/WRITE/UPDATE SERVER 1 SERVER 2 SERVER 3 SERVER 4 SERVER 5 ACTIVE ACTIVE ACTIVE ACTIVE ACTIVE Doc 5 Doc Doc 4 Doc Doc 1 Doc Doc 7 Doc Doc 2 Doc Doc 9 Doc Doc 8 Doc Doc 6 • Docs automatically rebalanced across cluster Doc Doc 2 • Two servers added One-click operation Doc Even distribution of docs Minimum doc movement • Cluster map updated REPLICA REPLICA REPLICA Doc 4 Doc Doc 6 Doc Doc 7 Doc Doc 1 Doc Doc 3 Doc Doc 9 Doc Doc 8 Doc Doc 2 Doc Doc 5 Doc COUCHBASE SERVER CLUSTER User Configured Replica Count = 1 REPLICA REPLICA • App database calls now distributed over larger number of servers
  • Fail Over Node APP SERVER 1 APP SERVER 2 COUCHBASE Client Library COUCHBASE Client Library CLUSTER MAP CLUSTER MAP SERVER 1 SERVER 2 SERVER 3 SERVER 4 SERVER 5 ACTIVE ACTIVE ACTIVE ACTIVE ACTIVE Doc 5 Doc Doc 4 Doc Doc 1 Doc Doc 9 Doc Doc 2 Doc Doc 7 Doc Doc 2 Doc Doc 8 Doc Doc 1 Doc 6 Doc Doc Doc 3 REPLICA REPLICA REPLICA REPLICA Doc 4 Doc Doc 6 Doc Doc 7 Doc Doc 5 Doc 1 Doc Doc 3 Doc Doc 9 Doc Doc 2 COUCHBASE SERVER CLUSTER User Configured Replica Count = 1 Doc REPLICA Doc 8 Doc Doc • App servers accessing docs • Requests to Server 3 fail • Cluster detects server failed Promotes replicas of docs to active Updates cluster map • Requests for docs now go to appropriate server • Typically rebalance would follow
  • Indexing and Querying APP SERVER 1 APP SERVER 2 COUCHBASE Client Library COUCHBASE Client Library CLUSTER MAP CLUSTER MAP Query SERVER 1 SERVER 2 ACTIVE ACTIVE SERVER 3 ACTIVE • Indexing work is distributed amongst nodes Doc 5 Doc Doc 5 Doc Doc 5 Doc • Large data set possible Doc 2 Doc Doc 2 Doc Doc 2 Doc • Parallelize the effort Doc 9 Doc Doc 9 Doc Doc 9 Doc REPLICA REPLICA REPLICA Doc 4 Doc Doc 4 Doc Doc 4 Doc Doc 1 Doc Doc 1 Doc Doc 1 Doc Doc 8 Doc Doc 8 Doc Doc 8 Doc COUCHBASE SERVER CLUSTER User Configured Replica Count = 1 • Each node has index for data stored on it • Queries combine the results from required nodes
  • Cross Data Center Replication (XDCR) Active – Active Replication Couchbase Server – San Francisco SERVER 1 SERVER 2 SERVER 3 Couchbase Server – New York SERVER 1 Per replication Tunable Parameters SERVER 2 Hot Standby SERVER 3
  • Couchbase Server Security Couchbase Buckets – Semi-synonymous with “database” Accessing Buckets – • Using SASL Authentication • Authentication happens over CRAM-MD5 encryption
  • Gazzang for Couchbase Server Couchbase Connectors Page - http://www.couchbase.com/couchbaseserver/connectors/gazzang Gazzang for Couchbase Datasheet http://www.couchbase.com/sites/default/files/uploads/all/datasheets/GazzangCouchbase_Datasheet.pdf
  • About Gazzang • Headquartered in Austin, Texas • Focus on high-performance data-at-rest encryption and key management • Specialize in securing cloud and big data environments • Key vertical industries: financial services, healthcare, retail, government, ed ucation, technology • Featured as a Couchbase Server Connector
  • • What we hear from our customers “I need to protect sensitive data in my cloud” - • Ensure sensitive data and encryption keys are never stored in plain text nor exposed publicly Maintain compliance (HIPAA, PCI, SOX, FERPA, etc…) and meet customer expectations for data security “Help me secure my Big Data infrastructure” - • Harden Big Data infrastructures that have relatively weak security and little cryptographic protection Maintain Big Data performance and availability “I need to maintain control of my keys” - • Manage the rapid growth of key, certificate, token proliferation caused by Big Data/cloud/Industrial Internet Bring sensitive digital artifacts under a consistent set of controls and policies “My cloud provider should not have access to my data” - Deploy multi-factor authentication in the cloud - Establish and enforce robust access controls for sensitive objects 11/14 Gazzang - All rights reserved 2012 23
  • Gazzang Encryption Gazzang zNcrypt™ sits between the file system and any database, application or service running on Linux to encrypt data before it’s written to the disk. • • • • • AES-256 encryption Process-based ACLs Maximum performance Enterprise scalability Packaged support for Couchbase Server and other big data platforms • Keys protected by Gazzang zTrustee™ Gazzang - All rights reserved 2013 Confidential – Internal Use Only 24
  • Gazzang Key Management Gazzang zTrustee™ is a “virtual safe-deposit box” for managing zNcrypt keys or any other digital artifact that must be secure and policy controlled • • API Library • Java • Python • C library Software-based solution separates keys from encrypted data Centralized management of SSL certificates, SSH keys, tokens, passwords and more • Unique “trustee” and machinebased policies deliver multifactor authentication • Integration with HSMs from Thales, RSA and SafeNet •• •• •• • • • •• • Multiple deployment options include on-prem or hosted SaaS offering Gazzang - All rights reserved 2013 Confidential – Internal Use Only Time to live Trustee votes Number oflive Time to retrievals URL Retrieval limits Trustee approval Single-use URL Client Client Much more permissions Trustees must approve release of objects in accordance with the deposit policy 25
  • Key Differentiators • Simple, powerful solutions supporting a broad range of use cases • Fast, easy deployments - Install and configure using standard DevOps tools e.g. Chef, Puppet No application or storage configuration changes required • Low performance impact • Virtual safe deposit box for any critical digital asset • Built for Big Data, architected for cloud deployments, protects any Linux application Gazzang - All rights reserved 2013 Confidential – Internal Use Only
  • Questions? anil@couchbase.com @anilkumar1129 robert.linden@gazzang.com Download Couchbase Server 2.2 http://www.couchbase.com/download Visit www.gazzang.com/solutions/securing-big-data for more information