Bloombase Secure Computing for KVM Virtual Data Center


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Bloombase Secure Computing for KVM Virtual Data Center

  1. 1. Solution BriefBloombase Secure Computing forKVM Virtual Data Center Enterprise data breaches have seen on the sharp increase in terms of spread and Bloombase at-rest data security software scale, despite the numerous IT security measures and best practices implemented. platform provides turnkey, agentless, non- Various studies pointed out data exposure is caused by a range of threats: hardware disruptive, application-transparent en- theft, backup tape loss, viral attacks, malwares or insider threats. The paradigm shift cryption of storage data for enterprise of core data to virtual data center and cloud could open up new kinds of attacks which virtual datacenters powered by KVM. The may lead to catastrophic business secret leakage. solution can help to: Traditional Information Technology security measures regard outsiders as the origina-  Secure your KVM virtual machines (VM) tors of cyber-attacks. Technologies such as firewalls, Intrusion Detection Systems and disks (VMDK) (IDS), Intrusion Prevention Systems (IPS), content filters, anti-virus, anti-malware, anti -spyware, SSL-VPN, Unified Threat Management (UTM), all sit at the frontline defend-  Provide multi-tenancy encryption protec- ing the perimeter of core IT infrastructure. tion of KVM-based virtual desktop infra- structure (VDI) The fact that insider threats, targeted attacks and unknown attacks are on the rise,  Protect your business critical and time sensitive data residing on core enterprise storage in plain-text leaves computing sys- sensitive data in virtually all kinds of tems with huge vulnerabilities. Data encryption is technically recognized as the last enterprise scale storage systems from line of defense as mandated by numerous industry best practices to combat data SAN, NAS, tape library, VTL, virtual stor- exposure. Nevertheless, enterprises choosing application-specific encryption usually age, cloud and beyond have to put forth unbalanced effort on implementation and as a result push the mis- sion-critical applications towards degraded performance and increased risks.  Mitigate outbound threats and data leakage caused by insiders and man- Bloombase at-rest data encryption solution enables transformative data privacy and aged services providers (MSP) operational efficiency over and above what was previously achievable only with dras- tic application changes requiring tremendous second development at hosts and ap-  Quickly and securely retrieve your secret plications that are costly and risky. cipher-data for various trusted and au- thorized applications as-if they are in With Bloombase transparent storage encryption, even the most complex and through- plain-text put demanding data services will benefit from the privacy and integrity assurance  Immediately meet various stringent data confidentiality and secrecy regulatory compliance requirements Clear-text data from KVM tenants/VMs is encrypted as it moves ^$4Yn +=@~ through Bloombase to KVM datastore /storage system  Maximize your return on investment (ROI) with easy-to-implement, scalable Write nd security-hardened KVM platform for ta ncr yp Datastore / Storage E multi-tenancy, mixed operating system, and heterogeneous vendor private cloud applications Clear text  Easily manage security rules and encryp- tion policies of your business critical t data yp ncr Bloombase an dU ne ad Re Tenants / VMs KVM X86 Hardware
  2. 2. capabilities for data availability, security and scalability. and manageability. Bloombase brings a rich selection of security features that meet multiple and heterogeneous security require-Bloombase empowers KVM organizational customers to securely ments from a range of industry verticals and geographies. Itencrypt virtual machines and virtual storage systems that is scales easily with the resources allocated on KVM it runs on,hardly achievable by traditional hardware encryption products, ensuring emerging encryption requirements are fulfilled dynami-accelerating transition from physical to virtual data center infra- cally and efficiently. Bloombase clustering option is fault-structure without having the tradeoff between virtualization and tolerant and highly available to ready large enterprise scale cus-security. tomers for mission critical secure data services.Bloombase agentless encryption security solution can flexibly be Bloombase enables you meet various stringent data privacy reg-deployed as a physical appliance or a virtual appliance on KVM ulatory compliance with a low-cost, turnkey approach that deliv-as a separate tenant. It works as a storage proxy providing trans- ers critical information protection at the last line of defense inparent encryption and un-encryption of KVM data stores secur- your KVM virtual data center virtual disk drives in form of VMDK files. What is KVMRather than as closed and proprietary hardware appliances,Bloombase assumes an entirely software-based approach in KVM (Kernel-based Virtual Machine) is the leading open sourceproviding real-time encryption of enterprise storage systems complete virtualization solution on X86 hardware and it sup-which is platform portable, scalable and extensible. ports all major operating systems including Linux and Windows. KVM enables organizations to be agile by providing robust flexi-Riding on KVM the industry proven rock-solid, small foot-print, bility and scalability that fit their specific business I/O and efficient process technologies, Bloombase data KVM converts the Linux kernel into a bare metal hypervisor and itencryption virtual appliance sets a record-breaking and new leverages the advanced features of Intel VT-X and AMD-V X86level in virtual data center information encryption security. hardware, thus delivering unsurpassed performance levels. In addition, KVM incorporates Linux security features includingAuthorized hosts and trusted applications leverage virtual stor- SELinux (Security-Enhanced Linux) developed by the US Securityage resources provided by Bloombase for encryption and un- Agency to add access controls, multi-level and multi-categoryencryption of at-rest data stored at backend storage services. security as well as policy enforcement. As a result, organizationsWhen host applications, tenants or KVM hypervisor write plain- are protected from compromised virtual machines which aretext data to backend storage via Bloombase, the encryption en- isolated and cannot be accessed by any other processes.gine extracts plain payloads and converts them as cipher-text inreal-time before they get persisted at the actual storage media.Reversing the process, as storage hosts read from actual storage What is Open Virtualization Alliance (OVA)through Bloombase, the unencryption engine is triggered toretrieve cipher-text from storage and converts them to virtual The mission of the Open Virtualization Alliance (OVA) is to fosterplain-text on-the-fly before getting recomposed as plain pay- the adoption of KVM as an open virtualization alternative, accel-loads and presented to hosts and applications. Storage data in erate the emergence of an ecosystem of third-party solutionsthe KVM-powered virtual data center stays naturally encrypted around KVM, increase overall awareness and understanding ofand permanently locked, therefore, it is private and safe. KVM, encourage interoperability, promote best practices and highlight examples of customer successes. Founding membersOS-dependent data encryption tools require drastic and poten- of the Open Virtualization Alliance include HP, IBM, Intel, andtially risky platform changes which is difficult to manage and Red Hat. For more information about the Open Virtualizationmaintain over time. Encryption at storage is impossible without Alliance and its members, visit http://the expense of costly hardware replacement. Bloombase pro- easy to deploy, effortless and cost-effective at-rest dataencryption software that works to secure data moving within Bloombase joined as a member of Open Virtualization AllianceKVM virtual data center infrastructure in a fully open, scalable since 2011.and naturally virtualized architecture. Learn MoreBloombase transparent data security solution supports the openand industry standard KVM technology that will persist over To learn more about Bloombase transparent data security solu-time. Not only does it protect virtual machines, but Bloombase is tions, contact your Bloombase sales representative, or visitdesigned to secure virtual desktop infrastructure, virtual stor- http://www.bloombase.comage, physical storage and host, thereby providing cost efficiencyBloombase - Transparent Data Security email web http://www.bloombase.comCopyright 2012 Bloombase, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Bloombase, Spitfire, Keyparc, StoreSafe, and other Bloombaseproducts and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Bloombase in United States and/or other jurisdictions. All other product and service namesmentioned are the trademarks of their respective companies. The information contained herein is subject to change without notice. The only warranties for Bloombase products and services are set forth in theexpress warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Bloombase shall not be liable for technical or editorialerrors or omissions contained herein. Item No. BLBS-SB-Bloombase-Secure-Computing-KVM-Virtual-Data-Center-USLET-EN-R8