SimpliVity OmniStack with the HyTrust Platform

Similar documents
Introducing HPE SimpliVity 380

HPE Synergy HPE SimpliVity 380

Technology Overview: SimpliVity Hyperconverged Infrastructure for VMware vsphere. Page 1 of 32 July 2016

Data Protection for Cisco HyperFlex with Veeam Availability Suite. Solution Overview Cisco Public

HPE SimpliVity. The new powerhouse in hyperconvergence. Boštjan Dolinar HPE. Maribor Lancom

Your World is Hybrid:

HPE SimpliVity 380. Simplyfying Hybrid IT with HPE Wolfgang Privas Storage Category Manager

Deep Dive on SimpliVity s OmniStack A Technical Whitepaper

VMworld 2018 Content: Not for publication or distribution

VMware Virtual SAN Technology

The Road to a Secure, Compliant Cloud

With Hyperconverged Infrastructure

SimpliVity Best of Both Worlds

Modern hyperconverged infrastructure. Karel Rudišar Systems Engineer, Vmware Inc.

Veeam Availability Solution for Cisco UCS: Designed for Virtualized Environments. Solution Overview Cisco Public

Nutanix Tech Note. Virtualizing Microsoft Applications on Web-Scale Infrastructure

Vision of the Software Defined Data Center (SDDC)

VMware vsphere Clusters in Security Zones

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA.

MODERNISE WITH ALL-FLASH. Intel Inside. Powerful Data Centre Outside.

vsan Security Zone Deployment First Published On: Last Updated On:

vsan Mixed Workloads First Published On: Last Updated On:

HyperFlex. Simplifying your Data Center. Steffen Hellwig Data Center Systems Engineer June 2016

Verron Martina vspecialist. Copyright 2012 EMC Corporation. All rights reserved.

Converged Platforms and Solutions. Business Update and Portfolio Overview

Dell EMC Hyper-Converged Infrastructure

Hyper-Convergence De-mystified. Francis O Haire Group Technology Director

Consider Hyperconverged Infrastructure

Nutanix White Paper. Hyper-Converged Infrastructure for Enterprise Applications. Version 1.0 March Enterprise Applications on Nutanix

Solution Brief: Commvault HyperScale Software

Eliminate the Complexity of Multiple Infrastructure Silos

MODERNIZE INFRASTRUCTURE

3/26/2018. Hyperconvergence. CreekPointe, Inc. Introductions Hyperconvergance Defined Advantages Use Cases Q&A Close. Mike Clarke, CreekPointe Inc.

Cisco HyperConverged Infrastructure

Microsoft Applications on Nutanix

VMware vsan 6.6. Licensing Guide. Revised May 2017

Copyright 2012 EMC Corporation. All rights reserved.

Veeam with Cohesity Data Platform

Ten things hyperconvergence can do for you

DATACENTER AS A SERVICE. We unburden you at the level you desire

VMWARE VSAN LICENSING GUIDE - MARCH 2018 VMWARE VSAN 6.6. Licensing Guide

Consider a Move to Hyperconvergence

IBM Spectrum Protect Plus

HCI: Hyper-Converged Infrastructure

Discover the all-flash storage company for the on-demand world

Virtualization of the MS Exchange Server Environment

Why Converged Infrastructure?

UNITRENDS & NUTANIX ARCHITECTURE & IMPLEMENTATION GUIDE

Hedvig as backup target for Veeam

Integrated and Hyper-converged Data Protection

vsan Remote Office Deployment January 09, 2018

FAQ. Frequently Asked Questions About Oracle Virtualization

Your World is Hybrid: Build enterprise class secure, scalable Hybrid IT solutions with Vware using HPE SimpliVity and Proiant platforms Tim Antonowicz

HPE SimpliVity Hyperconverged Infrastructure

Pivot3 Acuity with Microsoft SQL Server Reference Architecture

Copyright 2012 EMC Corporation. All rights reserved.

Native vsphere Storage for Remote and Branch Offices

EMC DATA DOMAIN OPERATING SYSTEM

Copyright 2012 EMC Corporation. All rights reserved.

EMC Integrated Infrastructure for VMware. Business Continuity

7 Things ISVs Must Know About Virtualization

Cisco HyperFlex Hyperconverged Infrastructure Solution for SAP HANA

EMC VSPEX SERVER VIRTUALIZATION SOLUTION

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

VxRack FLEX Technical Deep Dive: Building Hyper-converged Solutions at Rackscale. Kiewiet Kritzinger DELL EMC CPSD Snr varchitect

Comstor Edge Conference Cisco Hyper FlexFlex

Converged and Hyper-Converged: Factory-Integrated Data Protection for Simplicity and Lifecycle Assurance

EMC XTREMCACHE ACCELERATES ORACLE

VxRail: Level Up with New Capabilities and Powers

FLASHARRAY//M Smart Storage for Cloud IT

Using Cohesity with Amazon Web Services (AWS)

Features. HDX WAN optimization. QoS

Hyperconverged Infrastructure: Cost-effectively Simplifying IT to Improve Business Agility at Scale

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

Protecting Mission-Critical Application Environments The Top 5 Challenges and Solutions for Backup and Recovery

The Data-Protection Playbook for All-flash Storage KEY CONSIDERATIONS FOR FLASH-OPTIMIZED DATA PROTECTION

EMC XTREMCACHE ACCELERATES VIRTUALIZED ORACLE

High performance and functionality

TITLE. the IT Landscape

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA.

Cloud Confidence: Simple Seamless Secure. Dell EMC Data Protection for VMware Cloud on AWS

vsan Management Cluster First Published On: Last Updated On:

VxRack System SDDC Enabling External Services

StarWind Virtual SAN Free

Integrated and Hyper-converged Data Protection

VMware vsan Ready Nodes

2 to 4 Intel Xeon Processor E v3 Family CPUs. Up to 12 SFF Disk Drives for Appliance Model. Up to 6 TB of Main Memory (with GB LRDIMMs)

Reasons to Deploy Oracle on EMC Symmetrix VMAX

Dell EMC Hyper-Converged Infrastructure

VMware vsphere 6.5: Install, Configure, Manage (5 Days)

DELL EMC TEST DRIVE. Build Confidence and Close More Deals EXPLORE TEST DRIVES BY PRODUCT

Hyper-Converged Infrastructure: Providing New Opportunities for Improved Availability

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Nimble Storage Adaptive Flash

VMWARE EBOOK. Easily Deployed Software-Defined Storage: A Customer Love Story

Functional Testing of SQL Server on Kaminario K2 Storage

Veritas Backup Exec. Powerful, flexible and reliable data protection designed for cloud-ready organizations. Key Features and Benefits OVERVIEW

The next step in Software-Defined Storage with Virtual SAN

Best of VMworld Juni Wolfgang Richter Regional Sales Manager, Central Europe

FLASHARRAY//M Business and IT Transformation in 3U

Transcription:

SimpliVity OmniStack with the HyTrust Platform Page 1 of 12

Table of Contents Executive Summary... 3 Purpose... 3 Audience... 3 Solution Overview... 3 Simplivity Introduction... 3 Why Simplivity For Virtualization?... 5 Hytrust Overview... 6 Hytrust Datacontrol (Htdc)... 6 Solution Overview... 7 Customer Benefits... 7 Solution Architecture... 8 Topology... 8 Testing Infrastructure... 9 Technical Details... 9 Testing Methodology... 10 Vdbench Test... 10 Significance... 10 Simplivity Operations And Feature Test... 10 Significance... 10 Hytrust Operations... 11 Significance... 11 Test Results... 11 Vdbench... 11 Simplivity Operations... 12 Hytrust Operations... 12 Best Practices... 12 Conclusion... 12 Page 2 of 12

Executive Summary This paper documents securing application data through encryption on SimpliVity OmniStack using the HyTrust Platform. Purpose The purpose of this document is to familiarize the reader with SimpliVity OmniStack technology and to introduce HyTrust This document provides technical details of testing executed by SimpliVity to validate the interoperability of OmniStack systems and the HyTrust Platform in terms of functionality and performance. Recommendations and guidelines to optimize performance are also provided. Audience The intended audience for this document is IT professionals who are looking to protect data through encryption on SimpliVity s OmniStack systems. Solution Overview SimpliVity Introduction SimpliVity s hyperconverged infrastructure solution transforms the data center by virtualizing data and incorporating all IT infrastructure and services below the hypervisor into commodity x86 building blocks. With 3X total cost of ownership (TCO) reduction, SimpliVity OmniStack software-defined hyperconverged infrastructure delivers the best of both worlds: the enterprise-class performance, protection and resiliency that today s organizations require, with the cloud economics businesses demand. Designed to work with any hypervisor or industry-standard x86 server platform, the SimpliVity solution provides a single, shared resource pool across the entire IT stack, eliminating point products and inefficient siloed IT architectures. The solution is distinguished from other converged infrastructure solutions by three unique attributes: accelerated data efficiency, built-in data protection functionality and global unified management capabilities. Accelerated Data Efficiency: OmniStack performs inline data deduplication, compression and optimization on all data at inception across all phases of the data lifecycle, all handled with fine data granularity of just 4KB-8KB. On average, SimpliVity customers achieve 40:1 data efficiency while simultaneously increasing application performance. Built-In Data Protection: OmniStack includes native data protection functionality, enabling business continuity and disaster recovery for critical applications and data, while eliminating the need for special-purpose backup and recovery hardware or software. OmniStack s inherent data efficiencies minimize I/O and WAN traffic, reducing backup and restore times from hours to minutes. Global Unified Management: OmniStack s VM-centric approach to management eliminates manually intensive, errorprone administrative tasks. System administrators are no longer required to manage LUNs and volumes; instead, they can manage all resources and workloads centrally, using familiar interfaces such as VMware vcenter and VMware vrealize Automation. SimpliVity packages OmniStack on popular x86 platforms either on 2U servers marketed as OmniCube, or with partner systems from Cisco or Lenovo, marketed as OmniStack Integrated with Cisco UCS and OmniStack Solution with Lenovo System x, respectively. Page 3 of 12

An individual OmniStack node includes: A compact hardware platform - a 2U industry-standard virtualized x86 platform containing compute, memory, performance-optimized SSDs and capacity-optimized HDDs protected in hardware RAID configurations, and 10GbE network interfaces A hypervisor such as VMware vsphere/esxi OmniStack virtual controller software running on the hypervisor An OmniStack Accelerator Card a special-purpose PCIe card with an FPGA, flash, and DRAM, protected with super capacitors; the accelerator card offloads CPU-intensive functions such as data compression, deduplication and optimization from the x86 processors. (4) Servers + VMware Storage Switch (2) HA Shared Storage Backup & Dedupe WAN Optimization Cloud Gateway SSD Array One Building Block 3x TCO Savings Global Unified Management Operational Efficiency Storage Caching Data Protection Apps Enterprise Capabilities Cloud Simplicity & Economics Figure 1 Legacy Comparison Page 4 of 12

Why SimpliVity for Virtualization? OmniStack was specifically designed to meet the stringent price-performance, scalability, agility and resiliency demands of today s data-intensive, highly virtualized IT environments. Key benefits and advantages include: Simplicity and superior Economics: OmniStack eliminates infrastructure cost and complexity by consolidating a variety of IT functions (compute, storage, network switching, replication, backup, etc.) onto commodity virtualized x86 hardware, with global unified management. The solution contains CAPEX by eliminating IT silos, converging technology stacks, and optimizing storage capacity; and it reduces OPEX by containing power, cooling, rack space and system administration expenses. Linear scalability: The SimpliVity solution features a scale-out architecture that minimizes upfront investments and provides a high degree of flexibility and extensibility. OmniStack nodes are installed in an incremental fashion to accommodate growth, enable new applications or extend system availability. Two or more OmniStack nodes can be federated to create a massively scalable pool of shared resources that is administered as a cohesive system, with a single administrative interface. VM-centric design: OmniStack was designed from the ground up with virtualization in mind. The solution abstracts data from the underlying hardware; virtual machine files are mapped directly to blocks on storage. All data storage, management, and protection functions are inherently optimized for virtualization. And all administrative tasks including managing data protection policies, analyzing performance and troubleshooting problems are all performed at the VM level. From an administrative perspective, a datastore is simply a logical construct, decoupled from the underlying physical infrastructure. Concepts like LUNs, volumes, shares, and disk groups simply don t apply with SimpliVity. Accelerated IT service agility: OmniStack s inherent data efficiencies and VM-centric management capabilities dramatically simplify operations and boost IT service agility. With OmniStack, system administrators can spin up IT services and clone VMs in just seconds with two or three mouse clicks. High resiliency: The SimpliVity solution is designed to be highly resilient, with no single point of failure. The solution supports both RAID (redundant array of independent disks) for disk-level resiliency and RAIN (redundant array of independent nodes) for node-level resiliency. In a high availability RAIN implementation, the complete set of data associated with a VM is simultaneously written to two distinct nodes, protecting data in the event of disk or node failures. Public Cloud Figure 2 An OmniStack Federation Page 5 of 12

HyTrust Overview HyTrust provides a security and compliance platform for virtualized data centers. Its platform provides the essential foundation for cloud control, visibility, data security, management and compliance. The HyTrust Platform eliminates or mitigates the risk of catastrophic failure from insider threats, external data breaches, or even hardware failure especially in light of the concentration of risk that occurs within virtualization and cloud environments. Organizations can now confidently take full advantage of the cloud, and even broaden deployment to mission-critical applications. A key element of the HyTrust Platform, called HyTrust DataControl ensures organizations avoid becoming the next cyber data breach headline by securing virtual infrastructure throughout the virtual system and data lifecycle. The solution ensures deep security and automates both security and compliance; ensures scalability to be as elastic as the virtual environment it is protecting; and finally, HyTrust DataControl simple operation reduces administrative burden and errors. HyTrust DataControl (HTDC) HyTrust KeyControl Nodes and clusters supporting an active-active cluster, the HyTrust KeyControl (a component of the HyTrust DataControl solution) cluster stores keys, policies and configuration data related to the cluster, or any number of virtual machines where the HyTrust DataControl policy agent is installed. Administration of the system is through a webbrowser-based GUI or through a set of REST-based APIs. Communication between the browser and the HyTrust KeyControl cluster takes place over HTTPS. Since this is a full active-active cluster, the browser can point to any HyTrust KeyControl node in the cluster. Any changes made are immediately reflected on all cluster nodes. VM KeyControl PA VM VM PA PA Private Cloud / Data Center Public Cloud Figure 3. Page 6 of 12

Solution Overview The combined solution helps IT administrators protect data on SimpliVity OmniStack systems by using HyTrust Data Control security and encryption capabilities. Feature and performance tests were verified out to ensure that SimpliVity OmniStack systems and HyTrust DataControl operate optimally with each other retaining the benefits of individual products and providing a robust technology solution. Customer Benefits SimpliVity is simplifying IT by providing a virtual computing infrastructure solution that seamlessly combines all data center infrastructure and services below the hypervisor on x86 building blocks to deliver one shared resource pool for compute, primary storage, and backup storage that expands by adding nodes within or across data centers. This solution provides enterprise performance, supporting business critical applications while ensuring security across the data life cycle. Data security is of extreme concern today. Data is always moving (backups, private to public clouds) and needs to be protected. HyTrust DataControl provides data and VM encryption and centralized management that simplifies data protection. This solution addresses a wide range of use cases, including the following: Simplified, secure operations: SimpliVity provides the ability to efficiently and quickly move VMs across datacenters within the SimpliVity federation. With HyTrust DataControl you can rekey a VM with a new key for the new datacenter and instruct the system to shred the old key for the old datacenter. All data associated with the old key, including clones and backups are rendered useless. This is applicable for VMs even if they are moving between different service providers. Rekeying is the process of using a new encryption key. HyTrust DataControl can do a rekey without shutting down VMs for Windows systems. This zero downtime approach allows for more frequent rekeying, which increases security and compliance with various regulations and security best practices. This capability is unique and one key reason Simplivity has chosen HyTrust. Industry-specific compliance: Some industries have specific standards for protecting data. For example, credit card users want their information to be secure and not compromised. Hence the Payment Card Industry (PCI) mandates encryption of data. Other regulations like HIPAA and HITECH require protection of healthcare information. The HyTrust Platform provides an array of compliance monitoring and enforcement tools to simplify this process across a range of regulated industries, including Federal government customers. Page 7 of 12

Protected backups: SimpliVity eliminates the need for discrete backup hardware/software to deliver operational and disaster recovery. Backup policies dictate backup frequency, destination and retention all managed at the VM level and from vcenter. Using HyTrust DataControl encryption with SimpliVity backups secures the backed up data as well. Without access to encryption keys, data protected using HyTrust DataControl and it s NIST-approved strong-encryption cannot be decrypted. Secure ROBO: SimpliVity eliminates the complexity of ROBO with hyperconvergence and through its fast and efficient backup technology. Remote offices, by nature are not very secure as they should be due to lack of resources and experienced IT staff. With the centralized key management capabilities of HyTrust DataControl, your IT staff can be confident that data at remote sites is protected and no one in the remote offices can control access to encryption keys. Service provider applications: Service providers can benefit from encryption by assuring customers that their data is protected. This provides them with competitive advantage and differentiation as well as satisfies data residency and privacy requirements. More advanced capability in the HyTrust Platform includes HyTrust BoundaryControl which ensures data does not leave a specific logical or physical regional boundary (e.g. European Union). Solution Architecture This section provides a high-level architecture diagram of the SimpliVity OmniStack System and HyTrust on SimpliVity OmniStack. Topology The following diagram shows the topology of the test environment that was used in the lab. Encrypted VM s VM-1... VM-15 VM-16... VM-50 Key Control1 Key Control2 AD/DC/ DNS SQL Server vcenter Server Production VM-1_Clone VM-26_Restored Infrastructure 1Gbe Test & Dev 10Gbe Page 8 of 12

Testing Infrastructure Hardware Model OmniStack Version Hypervisor Vdbench Guest Operating System OmniStack CN-2200 OmniStack 3.0.8 vsphere 6.0 5.04.03 Windows Server 2012 R2 HyTrust DataControl Version 3.0.7566 Technical Details The test environment included three distinct pods, as shown in the diagram above. Infrastructure: All resources needed to support operations within the testbed, including DataControl components, were hosted here. These components are: DC/Active Directory/DNS: Windows components used to manage servers running Windows operating systems, assign IP s etc. KeyControl1: Primary KeyControl node of the DataControl Software KeyControl2: HA KeyControl node of the DataControl Software SQL Server: Database for the vcenter Server vcenter Server: Management server for Virtual Machines Production: This pod hosted all the virtual machines that were tested in this solution. The test consisted of running a sustained load on the virtual machines and validation of SimpliVity operations as well as HyTrust DataControl features. Test & Dev.: This pod was used to validate that VMs remained encrypted when HA functionality of SimpliVity OmniStack systems is used. Page 9 of 12

Testing Methodology This section describes the tests that were run to validate the solution and their significance. Vdbench Test Vdbench is a command line utility tool that is used to measure application and storage performance. A sustained load was run on 50 virtual machines and the baseline performance was measured. After, 20% of the VMs were encrypted and the same sustained load was run and performance was measured. The following profiles were used for Vdbench testing. VM Profile --2vCPU --2GB RAM --100GB Storage (50GB data drive) Load Profile --70:30 Read/Write --8K Random IO --40 IOPS per VM Significance This test was run to measure the impact of encryption on the performance of the virtual machines under sustained load that resembled a production environment closely. SimpliVity Operations and Feature Test The following SimpliVity operations were tested. VM Clone VM Backups VM Restore VM Move Deduplication Compression Significance These tests are intended to validate that SimpliVity OmniStack VM-centric data protection operates normally when encrypted using HyTrust DataControl. Page 10 of 12

HyTrust Operations HyTrust DataControl software allows administrators to dynamically rekey the encrypted data without any downtime and on major operating systems (see technical brief for specifics) with continued access to the VM. We tested this feature by running a load against the VM while the rekey operation was occurring. Significance These tests were run to validate that HyTrust DataControl features operate normally and as expected on SimpliVity OmniStack systems, as some organizations periodically change encryption keys for tighter security measures against breaches. Test Results Vdbench The following graph shows the results from Vdbench testing. In the graph, looking at the baseline latency of 50 VMs and latency when 20% (10 VMs) are encrypted, applying a constant load of 2000 IOPS on average across both tests, we can infer that encryption adds some overhead to performance. This overhead is expected with all encryption technologies, as the data has to be decrypted when accessed. Page 11 of 12

SimpliVity Operations All SimpliVity operations including VM clone, backup, restore and move worked the same on encrypted VMs as they did on non-encrypted VMs. Access to the encrypted drive on the cloned VM and the VM restored from a backup was denied until the protected VM was re-authenticated or registered again by cloning the certificate. Data efficiency features like deduplication and compression do not provide additional benefits on encrypted VMs, which is expected as encryption inhibits the ability to perform deduplication and compression in general. HyTrust Operations Vdbench load was run on a VM while it was being rekeyed. The test ran successfully while the rekey was in progress. Best Practices SimpliVity recommends customers consider the following guidelines when implementing/running the combined solution: 1. Install the policy agent on the virtual machine and encrypt the volume before populating data on the drive. 2. Encryption may add overhead to performance. Therefore, it is recommended to encrypt only the VMs that need to be encrypted. Data within a VM that needs to be encrypted can be placed on a separate virtual disk. 3. In a virtual environment, ensure that there is more than one KeyControl node and place each node on a separate Omni- Stack system for high availability. 4. Protect the HyTrust KeyControl cluster with regular backups backups can be taken from within the cluster in which the keystore is backed up to a remote host. The VM can be protected and recovered up using SimpliVity backup and restore operations as well. 5. Deploy HyTrust KeyControl Clusters on separate OmniCubes that the VMs that are being encrypted. Conclusion The above validation testing has successfully demonstrated that SimpliVity OmniStack interoperates with HyTrust Platform as a proven technology solution. HyTrust DataControl, along with SimpliVity OmniStack, delivers the essential levels of data protection needed to ensure regulatory compliance and safeguard against risk, all with a minimal impact on performance. For more information, visit: www.simplivity.com 2015, SimpliVity Corporation. All rights reserved. Information described herein is furnished for informational use only, and is subject to change without notice. SimpliVity, the SimpliVity logo, OmniCube, OmniStack, and Data Virtualization Platform are trademarks or registered trademarks of SimpliVity Corporation in the United States and certain other countries. All other trademarks are the property of their respective owners. J0495_HyTrust_WP - 1215 Page 12 of 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback