Bloombase Data At-Rest Security for Virtual Data Centers

Bloombase Technologies

Overview

Bloombase Data At-Rest Security

Traditional data center

storage encryption

Transparent encryption

and unencryption

Storage proxy

On-the-fly wire-speed

storage communications

payload cryptography

Virtual Data Center Encryption

Virtual data center

needs encryption as

much as for physical

Server and encryption

server as virtual

machines

Storage communications

hypervised

Bloombase Virtual Appliance

Bloombase Spitfire

StoreSafe can be

deployed as virtual

appliance on virtual data

center

Storage communications

hypervised

Virtual Appliance Hypervisor Support

VMware ESX/ESXi

Oracle VirtualBox

Citrix XenServer

Red Hat KVM

IBM PowerVM

Technology In Depth

Product Overview

Server and storage transparent

Automated encryption

Turnkey and immediate

regulatory compliance

Scale-up and scale-out

Cost-effective

High availability ready for

mission critical applications

Transparent Automated Encryption and Unencryption

Fully automated data

encryption and

unencryption for

authorized clients

On-premise: SAN, NAS,

DAS, Tape, VTL

Cloud: RESTful

Multiple Storage Protocol Support

Block storage based, file

based, object based

FCP, FCoE, iSCSI

NFS, CIFS

HTTP, WEBDAV

RESTful cloud

Client and User Authentication

User-based

authentication: LDAP,

MSAD, Kerberos,

CHAP

Host-based

authentication:

network address,

LUN mask

Industry Proven Security

Industry standard cipher

algorithm support

Regional and special

cipher support

IEEE 1619 compliant

OASIS KMIP support

NIST FIPS 140-2 validated

Key Management

Stored separately from

encrypted information

Key vault protected by

AES-256 strong

encryption

Supports 3rd party

PKCS#11 HSMs and

KMIP-compliant key

managers

Management

Web-based and CLI

management consoles

Role-based administration

Separation of duties (SoD)

Syslog and Audit trail

SNMP

Recovery quorum

Operator smart tokens

Use Cases

Tenant File Encryption

Virtual data center

tenants access

Bloombase encrypted

network file resources

over Ethernet

Tenant File Encryption

Bloombase Spitfire

StoreSafe provides file

encryption to tenants

as virtual appliance

Tenant Volume Encryption

Virtual data center

tenants access

Bloombase encrypted

iSCSI block-based

volumes over Ethernet

Tenant Volume Encryption

Bloombase Spitfire

StoreSafe provides block

based encryption to

tenants as virtual

appliance

Datastore File Encryption

Hypervisor direct attaches

Bloombase secured file servers

AS-IF virtual plain file resources

VMDKs on NFS storage remain

as normal files but encrypted

Datastore Volume Encryption

Hypervisor direct attaches

Bloombase secured volumes

AS-IF virtual plain volumes

Encryption on block-storage

level, objects stored in VMFS

are encrypted as a result

Questions? Comments?