Rackscale, Cryptovanie v Cloude, Workshop 2013
-
Upload
erik-kirschner -
Category
Documents
-
view
306 -
download
0
description
Transcript of Rackscale, Cryptovanie v Cloude, Workshop 2013
![Page 1: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/1.jpg)
Cloud Security,Kryptovanie v Cloude Workshop, Cloud Expo 2013 www.rackscale.sk
![Page 2: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/2.jpg)
Erik Kirschner Founder & Co-Owner Rackscale, s.r.o. ���CCDA, CCNP, CCSP, VCP4, VCP5
[email protected]���[email protected] ���0908 707 197
Blog: www.erikkirschner.sk ���Twitter: @erikkirschner
![Page 3: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/3.jpg)
Rackscale, s.r.o. * 5/2011
Tomášikova 64 (Lakeside Park) ���831 04 Bratislava
www.rackscale.sk ���Twitter: @rackscale
![Page 4: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/4.jpg)
Agenda
Kryptovanie v Cloude: Public, Private Možnosti/spôsoby kryptovania v Cloude
Ako kryptovať v Rackscale Public Cloud
![Page 5: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/5.jpg)
Kryptovanie v Cloude
Private Cloud: Protect-V od SafeNet��� HighCloud Security
Public Cloud: HighCloud Security
Regulatory compliance HIPAA, PCI and FIPS 140-2 level 3 certified KeySecure appliance
![Page 6: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/6.jpg)
Možnosti/spôsoby kryptovania
Private Cloud: Pre-Boot VM��� Storage (LUN, vmdk,…)
Public Cloud: VM HDD ( !!! ale nie s OS !!! )
![Page 7: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/7.jpg)
Ako kryptovať v Rackscale Public Cloud
Key and Policy Server: https://crypto.rackscale.sk
generovanie a správa kľúčov���registrácia VM, ktoré budú mať kryptované disky���správa kryptovaných HDD vo VMs���
Kryptované HDD vo VM, ktoré su !!!kdekoľvek!!!, napr. u Vás vo firme, v Rackscale Cloud, alebo iných Cloud Providers.
![Page 8: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/8.jpg)
Podporované OS
Microsoft: Windows Server 2008 R2��� Windows 7
Linux: CentOS 5.8 64-bit��� CentOS 6.2 64-bit��� CentOS 6.3 64-bit��� Ubuntu 10.04 server and desktop (64-bit) ��� Ubuntu 12.04 server (64-bit) ��� Ubuntu 12.10 server (64-bit) ��� Red Hat Enterprise Linux 6
![Page 9: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/9.jpg)
Ako to funguje?
![Page 10: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/10.jpg)
VM Sets
Rackscale
![Page 11: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/11.jpg)
Registrácia VM # hcl register -h my_ubuntu -d "This is my 10.04 VM" 192.168.140.130 ad85837b-9862-11e1-afd5-000c29de5d41_120507163538.bin
Enter Import Password: Enter certificate passphrase
Enter passphrase (min 16 characters): onetimepassword16chrsmin
Registered as my_ubuntu with KPS 192.168.140.130
Please login to the KPS to complete the authentication of this node
![Page 12: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/12.jpg)
HCL status, linux # hcl status Summary -------------------------------------------------------------------------------- KPS: 192.168.140.151:443 KPS list: 192.168.140.151:443,192.168.140.152:443 Status: Connected Registered Devices -------------------------------------------------------------------------------- Disk Name Clear Cipher Status -------------------------------------------------------------------------------- Available Devices -------------------------------------------------------------------------------- Disk Name Device Node Size (in MB) -------------------------------------------------------------------------------- sde /dev/sde 2048 sdd /dev/sdd 2048 sdc /dev/sdc 2048 sdb2 /dev/sdb2 1027 sdb1 /dev/sdb1 1019 Other Devices -------------------------------------------------------------------------------- Disk Name Device Node Status -------------------------------------------------------------------------------- sda5 /dev/sda5 Mounted (swap) sda1 /dev/sda1 Mounted (/)
![Page 13: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/13.jpg)
HCL status, windows
C:\Windows>hcl status Summary ----------------------------------------------------------------------------- KPS: 192.168.140.151:443 KPS list: 192.168.140.151:443,192.168.140.152:443 Status: Connected
Device details ----------------------------------------------------------------------------- Encrypted Clear Cipher Status -----------------------------------------------------------------------------
Available Devices ----------------------------------------------------------------------------- Disk name Drive Status ----------------------------------------------------------------------------- \Device\Harddisk1\Partition0 Available \Device\Harddisk2\Partition0 Available
![Page 14: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/14.jpg)
# hcl status Summary -------------------------------------------------------------------------------- KPS: 192.168.140.151:443 KPS list: 192.168.140.151:443,192.168.140.152:443 Status: Connected Registered Devices -------------------------------------------------------------------------------- Disk Name Clear Cipher Status -------------------------------------------------------------------------------- sdb2 /dev/mapper/clear_sdb2 AES-256 Attached '--> auto_attach=ENABLED, attach_handler=DEFAULT, detach_handler=DEFAULT sdb1 /dev/mapper/clear_sdb1 AES-256 Attached '--> auto_attach=ENABLED, attach_handler=DEFAULT, detach_handler=DEFAULT Available Devices -------------------------------------------------------------------------------- Disk Name Device Node Size (in MB) -------------------------------------------------------------------------------- sde /dev/sde 2048 sdd /dev/sdd 2048 sdc /dev/sdc 2048 Other Devices -------------------------------------------------------------------------------- Disk Name Device Node Status -------------------------------------------------------------------------------- sda5 /dev/sda5 Mounted (swap) sda1 /dev/sda1 Mounted (/)
HCL status, linux
![Page 15: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/15.jpg)
KPS, disks
![Page 16: Rackscale, Cryptovanie v Cloude, Workshop 2013](https://reader034.fdocuments.in/reader034/viewer/2022051816/546c1da6af79595d298b4ee7/html5/thumbnails/16.jpg)
Otázky?