w w w . t h a l e s e s e c u r i t y . c o m

BRINGING THE FULL POTENTIAL OF HYPERCONVERGENCE TO A WIDE RANGE OF WORKLOADS AND USE CASES WITH HIGH ASSURANCE SECURITY

Aligns infrastructure with application requirements Adapts to range of applications and operating systems Facilitates complete end-to-end digital transformation Protects data in storage clusters with robust encryptionEmploys a FIPS-certified key management root of trust

<Thales eSecurity>

CISCO HYPERFLEX AND THALES eSECURITY; HYPERCONVERGENCE WITH HIGH ASSURANCE SECURITY

THE PROBLEM: ENTERPRISES NEED SYSTEMS THAT CAN QUICKLY ADAPT TO CHANGING OPERATIONAL NEEDS WITHOUT SACRIFICING SECURITYAs enterprises strive to adapt to fast-changing operational and security requirements driven by the market’s digital transformation, they find themselves migrating business applications to more flexible systems. Combining computing, storage, and networking resources into a hyperconverged infrastructure that can be deliver agility and economies of scale has become the solution of choice. However, the combination and sharing of computing and networking resources can often create vulnerabilities that lead to data security concerns.

THE CHALLENGE: ENABLING HYPERCONVERGENCE AND PROTECTING SENSITIVE DATA WITHOUT IMPACTING OPERATIONAL PERFORMANCE Hyperconverged infrastructures can easily adapt to changing operational requirements and quickly scale to meet growing demand. As enterprise applications are migrated to these configurations, keeping sensitive data secured is critically important. Encrypting data storage clusters addresses data security needs. However, as data is encrypted, managing large numbers of keys can introduce unwanted overhead. The use of a dedicated key management platform enables the process of managing keys to be carried out more efficiently, and without slowing down operations.

CPU & Memory

ESXi Hypervisor

Network

Data platform

Data platformcontroller

VAA

I

iovi

sor

Cisco HX-Series Node

Cisco UCS Fabric Interconnects with Cisco UCS Manager

Key Mangement Interoperability Protocol (KMIP)

Cisco Integrated Management Controller Interface

Secure key storage for all self-encrypting drives

SSDHDD

Cisco UCS service profiles maintain associatin of keys with drives and nodes

Vormetric Data Security Manager

Thales enterprise key management integrated with Cisco Hyperflex

Follow us on:

Americas – Thales eSecurity Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA • Tel:+1 888 744 4976 or +1 954 888 6200 • Fax:+1 954 888 6211 • E-mail: sales@thalesesec.comAsia Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: asia.sales@thales-esecurity.comEurope, Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: emea.sales@thales-esecurity.com

<Thales eSecurity>

THE SOLUTION: CISCO HYPERFLEX AND VORMETRIC DATA SECURITY MANAGER BY THALES eSECURITYThe Cisco HyperFlex system delivers hyperconvergence, combining computing, storage, and networking resources into a simplified platform. Engineered on the Cisco Unified Computing System™ (Cisco UCS®), the platform provides the agility, scalability, and pay-as-you-grow economics of the cloud, with the benefits of an on-premises infrastructure. HyperFlex combines software-defined computing and software-defined networking to deliver a pre-integrated cluster that scales resources independently to closely match your application needs.

Applying a consistent policy ensures encryption and key management is deployed uniformly across every node in a cluster, Cisco HyperFlex relies on Vormetric Data Security Manager (DSM) from Thales eSecurity to provide robust FIPS 140-2 Level 3 certified key management. The combined solution establishes a certificate-based chain of trust between the HyperFlex platform and the key management server in order to transfer keys to unlock self-encrypting drives (SED).

WHY USE VORMETRIC DATA SECURITY MANAGER WITH CISCO HYPERFLEX?The Vormetric DSM strengthens and simplifies security by streamlining the management of associated encryption keys. Vormetric DSM uses certificates to authenticate Cisco UCS SEDs for system level security. The SEDs generate new encryption keys, which are then uploaded to the DSM. In the event of a power cycle or host reboot, the Cisco UCS software retrieves the keys from the Vormetric DSM and uses them to unlock the drives.

Security keys can be instantly reprogrammed to meet site-specific security policies. Security mechanisms enable compliance with data-at-rest encryption requirements set forth in HIPAA, PCI DSS and SOX standards among others. The security platform:

Provides a single, centralized management plane for cryptographic keys and applicationsOffers high availability and standards-based enterprise encryption key management using KMIPCentralizes third-party encryption keys and securely stores certificatesEnables vaulting and an inventory of certificatesImplements a two-factor authentication mechanism to further safeguard keys and certificates against theft

The consolidation of enterprise encryption key management delivers consistent policy implementation between systems and reduces training and maintenance costs.

THALES Thales eSecurity is the leader in advanced data security solutions and services delivering trust wherever information is created, shared, or stored. Security solutions ensure that critical data is both protected and trusted in any deployment – on-premises, in the cloud, in data centers, or in big data environments – without sacrificing business agility. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.

CISCOCisco is the worldwide technology leader that has been making the Internet work since 1984. Cisco’s people, products and partners help society securely connect and seize tomorrow’s digital opportunity today.

For more detailed technical specifications, please visit www.thalesesecurity.com or www.cisco.com

CISCO AND THALES FACILITATE ENTERPRISE DIGITAL TRANSFORMATION

© T

hale

s - O

ctob

er 2

017

• P

LB69

23_H

yper

flex_

SS_U

SL_V

4