Vaultize Cloud
Technical Details
Vaultize – Quick View
Enterprise Platform for Secure File Sharing (EFSS)
and Anywhere Access with:
• Mobile Content Manage...
Vaultize, What it is…
Enterprise Platform for Enabling Secure Sharing,
Anywhere Access and Mobile Collaboration
with
End-t...
How Vaultize Differentiates
Why Vaultize? Part I
Large enterprises including those in regulated and security
conscious vert...
How Vaultize Differentiates
Why Vaultize? Part II
Enterprise Platform
•  Architected from the ground up as an enterprise pl...
How Vaultize Differentiates
Why Vaultize? Part III
Efficiency – Optimized for Mobility
•  VPN-free
o  builds a secure channel...
Vaultize Architectural Components
•  This presentation covers Vaultize Public Cloud hosted on
Amazon Web Services
•  Priva...
Architectural Components
Copyright © 2011-14 Vaultize Technologies. All Rights Reserved.
Content
Store
Vaultize
Clients
AP...
Vaultize Load Balancers
•  Ensures high availability & responsiveness of servers
•  Routes traffic to API and WebUI servers ...
Vaultize API Servers (1)
  Vaultize API servers expose a JSON-based REST-ful API
  Stateless servers – load balancing is...
Vaultize API Servers (2)
  Web server is nginx
  Lightweight, high-performance and robust
  Application server is in we...
Vaultize Database Servers
  Vaultize meta-data is stored in MongoDB
  Scalable & high performance “document” database
 ...
Vaultize Content Store
  Data chunks are stored in Amazon S3 in public cloud
  Additional encryption using Vaultize secr...
Vaultize Cloud Web UI
  Web-based UI servers
o  Powerful administration interface
o  Simple end-user UI for accessing and...
Vaultize Client Components
  Vaultize Agent
  Talks to API Servers over HTTPS and Oauth
  Maintains access rights and r...
Vaultize Compatibility
  Works on laptops, desktops and servers
  Supported on Windows (XP SP2 onwards), Mac and Linux
...
Vaultize
Solution Details
Vaultize Solutions
Secure Enterprise File Sharing & Sync (EFSS)
Sharing using secure links
•  Easy sharing with outside pa...
Vaultize Solutions
VPN-free Secure Anywhere Access
(File Server Access)
•  Securely access File Servers and NAS from anywh...
Vaultize Solutions
Mobile Content Management (MCM)
Challenges with Mobile Device Management (MDM)
•  Complex
•  Costly
•  ...
Vaultize Solutions
Data Protection (Endpoint Backup)
  Protection policies to automatically backup files and folders
Group...
Vaultize Solutions
Google Apps
Backup Google Apps Accounts – Emails and Documents
•  Secure Google Apps data (emails/docum...
Vaultize Solutions
Data Loss Prevention (DLP)
Endpoint Encryption
•  Policy-based on files and folders on user devices
•  T...
Vaultize Solutions
Data Privacy Option (DPO)
Compliance of Data Privacy, Data Residency
and Data Protection Regulations
No...
Enterprise-class Administration
Administrative Controls
•  Manage company-wide policies, settings and data
•  User provisi...
Flexible Deployment Options
Cloud-in-a-box Appliance
•  Fully integrated hardware + software – “plug and play”
•  Support ...
How Vaultize Works in a Corporate Network
Agent-based
Agent-less
• File Sharing & Sync
• Group sharing
• Sharing using lin...
sales@vaultize.com
http://www.vaultize.com
THANK YOU!
Questions?
Upcoming SlideShare
Loading in …5
×

Vaultize Cloud Architecture - Enterprise File Sync and Share (EFSS)

1,064 views
885 views

Published on

Enterprises are facing enormous security, data loss and compliance risks with increased mobility of workforce and proliferation of consumer file sharing services together with mobile devices in the enterprise network.

Vaultize is an enterprise-grade platform for secure file sharing, anywhere access, mobile collaboration, endpoint backup and mobility - together with mobile content maanagement (MCM), endpoint encryption, remote wiping and Google Apps backup - that helps enterprises mitigate these risks with complete enterprise control and visibility on the use of unstructured data. It is the only solution that does military-grade (AES 256bit) encryption together with de-duplication at source (patent pending) – making it the most secure and efficient solution in the world. Vaultize comes with highest level of enterprise-grade security, scalability, performance, robustness and reliability.

Vaultize is the first EFSS vendor to fully integrate EMM into a single offering – giving enterprises complete control and visibility over the sensitive corporate data, irrespective of the device used for accessing and sharing – facilitating increased adoption of Bring-Your-Own-Device (BYOD) even in highly regulated and security-conscious verticals. Vaultize now includes Mobile Device Management (MDM) features such as remote wipe, data containerization, storage and network encryption, PIN protection and white-listing of apps for mitigation of security and protection concerns with BYOD. Vaultize goes beyond MDM with features like automatic wiping based on geo-location or IP address or time-out. It further facilitates Mobile Content Management (MCM) through access rights and allows corporate IT to prevent data loss, security and compliance breaches by controlling what users can do with corporate data on their mobile devices using natively built-in document editor.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,064
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
34
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Vaultize Cloud Architecture - Enterprise File Sync and Share (EFSS)

  1. 1. Vaultize Cloud Technical Details
  2. 2. Vaultize – Quick View Enterprise Platform for Secure File Sharing (EFSS) and Anywhere Access with: • Mobile Content Management (MCM) • Data Protection • Data Loss Prevention (DLP) • Mobile Device Management (MDM) feaures ‘Innovation Leadership in Enterprise File Sync and Share (EFSS)’ – 2013 ‘Innovation Leadership in Enterprise Mobility Security’ - 2014
  3. 3. Vaultize, What it is… Enterprise Platform for Enabling Secure Sharing, Anywhere Access and Mobile Collaboration with End-to-End Data Security and Flexible Deployment Options Enables a variety of solutions: File Sharing & Sync, Managed Data Mobility, BYOD, Secure Anywhere Access, Data Loss Protection, … VPN not required Choice of Appliance, On-premise, Private Cloud or Public Cloud – All highly scalable and available
  4. 4. How Vaultize Differentiates Why Vaultize? Part I Large enterprises including those in regulated and security conscious verticals across the globe trust Vaultize Unmatched End-to-end Security •  Encryption and de-duplication together at source (on user devices) for on- transit data, - patent pending technology •  The most secure and efficient solution – VPN-free •  Others either perform encryption at or de-duplication on user device (and not both) – compromising either security or efficiency Privacy and Compliance •  Corporate IT can own and manage keys - Data Privacy Option (DPO) o  Regulatory compliance (data residency or data sovereignty) o  Data in-transit and while stored in the cloud/server is risk-free (Complete privacy) o  No risk of the vendor giving out your data to authorities without your consent (Subpoena)
  5. 5. How Vaultize Differentiates Why Vaultize? Part II Enterprise Platform •  Architected from the ground up as an enterprise platform •  Complete end-to-end regulator-level enhanced security and privacy •  Competitors are built as point products Complete Administrative Control and Visibility •  Devices can be fenced off, features disabled, or contents securely wiped out, if the users go beyond a pre-defined geography or IP range •  MCM controls - copy/paste, printing and emailing
  6. 6. How Vaultize Differentiates Why Vaultize? Part III Efficiency – Optimized for Mobility •  VPN-free o  builds a secure channel using patent-pending at-source encryption technology, SSL and OAuth-based authorization •  Global content-aware de-duplication o  as high as 90% reduction in network bandwidth Flexible Deployment Options •  Cloud-in-a-Box - Appliance •  Private Cloud – Software Only o  Perpetual License o  Annual Subscription •  Public Cloud - SaaS
  7. 7. Vaultize Architectural Components •  This presentation covers Vaultize Public Cloud hosted on Amazon Web Services •  Private cloud deployments follow a similar architecture •  Vaultize Cloud •  Load Balancers •  API (REST) Servers •  Meta-data (Database) Servers •  Content Store (Amazon S3) •  WebUI Servers •  Client Components •  Vaultize Agent (Windows, Mac, Linux) •  Vaultize Apps (iOS, Android) •  Centralized Web-based Administration •  Web GUI
  8. 8. Architectural Components Copyright © 2011-14 Vaultize Technologies. All Rights Reserved. Content Store Vaultize Clients API Load Balancers WebUI Load Balancers API Servers WebUI Servers Meta-data Servers SSL + Oauth HTTPS Encryption De-duplication Compression Versioning
  9. 9. Vaultize Load Balancers •  Ensures high availability & responsiveness of servers •  Routes traffic to API and WebUI servers (separate LBs) •  Weighted least connections algorithm •  Health check of servers •  HTTPS monitoring •  Application-level monitoring
  10. 10. Vaultize API Servers (1)   Vaultize API servers expose a JSON-based REST-ful API   Stateless servers – load balancing is easy   Clients make secure API calls to server   Using HTTPS – 256-bit SSL   Each API call has to be authorized using Oauth   Unauthorized calls rejected, but recorded   Repeated unauthorized calls result in investigation and/or ban   Server platform   Typically virtual machine based   Multiple NICs   Stateless, so storage could be normal disks   Firewalled to allow only API traffic   Customized and hardened CentOS 6.x   Continuously auto-monitored (see next slide)
  11. 11. Vaultize API Servers (2)   Web server is nginx   Lightweight, high-performance and robust   Application server is in web.py framework   Interaction with nginx using WSGI   Some modules are in pure C for performance reasons   Monitoring & Statistics   Internal - using monit, cron scripts etc.   External - using health monitor in Load Balancers and other servers   Third-party - using partner services   Also used for automatic load handling (see below)   Dynamic load handling and provisioning   Additional servers provisioned when load increases   Bad servers restarted   Amazon Cloudwatch in AWS
  12. 12. Vaultize Database Servers   Vaultize meta-data is stored in MongoDB   Scalable & high performance “document” database   Built-in replication and high availability   Auto-sharding for load balancing   Cluster of database servers   Servers added as database grows   Each server in a 3-way replica set   Periodically backed up
  13. 13. Vaultize Content Store   Data chunks are stored in Amazon S3 in public cloud   Additional encryption using Vaultize secret keys before storing   High-performance online storage (increase on-demand)   Redundant (minimum 3-way) storage   At-least 3 different devices across multiple zones   Support for Azure Block Storage, Rackspace CloudFiles and file systems too
  14. 14. Vaultize Cloud Web UI   Web-based UI servers o  Powerful administration interface o  Simple end-user UI for accessing and sharing their data   System & hardware configuration similar to API servers   Pages are standards-compliant   Generated using Mako Templating Engine   HTML,CSS and JavaScript (jQuery)   Tested/debugged using Firebug, Google Page Speed, etc.   Some pages use AJAX   E.g. Files Browser, validations   Data exchanges in JSON (and not XML)
  15. 15. Vaultize Client Components   Vaultize Agent   Talks to API Servers over HTTPS and Oauth   Maintains access rights and restrictions   Keeps device in sync for configuration, policies etc.   Performs encryption, smart de-duplication, versioning and compression   256-bit AES encryption at source (on client device itself) using unique customer keys   Chunking is variable-sized using sliding window technique   Signatures are HMAC (SHA-256) keyed using unique customer tokens   Compression using zlib   Predictive Caching (for instant restore of important data)   Monitors changes to data under sync, collaboration, sharing   Book keeping done using SQLite   Platform Independent   Written in Python and pure C   Windows, Mac and Linux
  16. 16. Vaultize Compatibility   Works on laptops, desktops and servers   Supported on Windows (XP SP2 onwards), Mac and Linux   iOS and Android Apps
  17. 17. Vaultize Solution Details
  18. 18. Vaultize Solutions Secure Enterprise File Sharing & Sync (EFSS) Sharing using secure links •  Easy sharing with outside party •  No FTP sites or email attachments •  Passwords, auto expiry, notifications •  Online document viewer – control download/printing etc. •  Geo, IP and time based access control Outlook Plug-in •  Replace attachments with secure link •  Policy-based – size of attachments, recipients, sender, etc. •  Monitoring, Revoking Group sharing – with individual access rights Sync data anywhere, selectively Automatic versioning
  19. 19. Vaultize Solutions VPN-free Secure Anywhere Access (File Server Access) •  Securely access File Servers and NAS from anywhere •  Access with CIFS semantics •  Pass-through Mode – secure relaying of files •  Access control on server •  Geo, IP, time based •  No VPN required! •  Support for SharePoint and other repositories coming soon
  20. 20. Vaultize Solutions Mobile Content Management (MCM) Challenges with Mobile Device Management (MDM) •  Complex •  Costly •  Heavy handed – controls device (privacy intrusion) Vaultize Secures Corporate Contents through Mobile Content Management (MCM) •  Control copy-paste, print, email, sharing with other apps, etc. •  Built-in document editor – MS office and PDF annotation Mobile Data Containerization •  Corporate data in secure container •  Segregate corporate data from personal data •  Encryption and remote wiping of container •  Auto-wiping based on Geo, IP, time-expiry
  21. 21. Vaultize Solutions Data Protection (Endpoint Backup)   Protection policies to automatically backup files and folders Group-based policies •  Powerful Exclude and Include filters   Efficient backup of endpoints over WAN without VPN •  Smart De-duplication saves up to 90% bandwidth   Continuous or Scheduled backup with pause and resume   Web and Mobile access   Self-restore •  a version, a folder or a point in time copy and move all data from an old device to a new device   Support for open files (including Outlook PST) •  Optimized backup of large size PST
  22. 22. Vaultize Solutions Google Apps Backup Google Apps Accounts – Emails and Documents •  Secure Google Apps data (emails/documents) from malicious destruction, hacking, user/software errors •  Automatic Backup •  Backup once-a-day (default) or as scheduled •  Retention Policy •  Super saving (de-dup across endpoints + Google Apps) Easy Download •  Download/restore a mail, document or a complete account Migration •  Migrate accounts within a domain or across domains
  23. 23. Vaultize Solutions Data Loss Prevention (DLP) Endpoint Encryption •  Policy-based on files and folders on user devices •  Transparent to users •  Selective - more efficient than full disk encryption which is •  Leverages time-proven technology of Windows Encrypting File System (EFS) Tracking •  Geo tracking - IP addresses and geo-locations Wiping •  Secure remote wiping of data in case of device loss or user leaving the organization •  Policy-based automatic wiping if device leaves a pre-defined geography or IP range (Geo fencing) •  Military-grade techniques •  Selective wiping of files and folders based on patterns and types Selective encryption and wiping make it very easy to do BYOD through data containerization
  24. 24. Vaultize Solutions Data Privacy Option (DPO) Compliance of Data Privacy, Data Residency and Data Protection Regulations No Need of Any Special Hardware On-Premise (like Gateway Appliances) Enterprise Customer Retains the Full Control Over Encryption Keys •  Keys are never stored on any infrastructure not under enterprise control •  Data is secured while in motion and at rest in the cloud •  Ability to access data remains solely with the customer Vaultize is the only solution that provides this option •  Other solutions encrypt data at server
  25. 25. Enterprise-class Administration Administrative Controls •  Manage company-wide policies, settings and data •  User provisioning – Active Directory, LDAP or Google Apps based •  Push policies from a centralized place •  Authentication and SSO using AD and LDAP •  Privacy Quick and Easy Deployment Across Organization •  Active Directory GPO based push installation •  AD and LDAP authentication support Reporting and Dashboard Monitoring, Audit Trail and Alerts
  26. 26. Flexible Deployment Options Cloud-in-a-box Appliance •  Fully integrated hardware + software – “plug and play” •  Support for HA and DR •  Licensed by number of users and storage capacity On premise / Private Cloud •  Vaultize software on customer’s hardware or private cloud •  Single or Multi-server •  HA, DR and large scale cloud •  Flexibility to choose storage (DAS, SAN, NAS, Cloud Storage) •  Option of Perpetual license or Annual subscription •  Licensing based on number of users Vaultize as a Hosted Service / Public Cloud •  Fully hosted - No hardware or software to manage •  Highly available, highly scalable and disaster proof •  Subscription based on users and storage capacity
  27. 27. How Vaultize Works in a Corporate Network Agent-based Agent-less • File Sharing & Sync • Group sharing • Sharing using links • Auto Expiry • Passwords • Mobility & Mobile Content Mgmt • Anywhere Access • File Servers & NAS • Access Control • Geo, IP & time • File/folder patterns • BYOD • Data Loss Protection • Backup, Encryption • Remote Wiping • Centralized Admin Console • Reporting • Monitoring • Alerts Mobiles Intranet or Internet Versioning Encryption Dedupe MCM NAS Roaming Devices End-to-End Security (VPN not required) Encryption At Source Decryption At Destination Firewall+VPN
  28. 28. sales@vaultize.com http://www.vaultize.com THANK YOU! Questions?

×