Building a Secure Private Cloud with VMware vSAN Hyper Converged Architecture
A financial firm recently shared with us that it was fending off 10,000 unauthorized hacking attempts per day. A hospital shared their need to comply with the latest privacy regulations, and a transportation firm explained how decommissioned hard disk drives needed to be physically destroyed to ensure that unencrypted data would not be inadvertently released. Security has not previously been associated with hyper-convergence, however, with cybersecurity becoming an increasing priority for IT professionals, 39% of ESG research respondents believe security will drive the most IT spending at their organizations in 2017, pushing IT professionals to look further into opportunities within the hyper-converged infrastructure space. VMware vSAN has released a new software defined encryption feature that makes HCI viable for these and other secure environments.
According to Lockheed Martin’s Cyber Kill Chain (a framework for identifying and preventing cyber-attacks) many attacks begin by compromising an endpoint and then move laterally across an organization’s infrastructure to servers in order to gain access to corporate data assets. This represents a grave risk to those assets stored on HCI systems, creating the need to encrypt the data at the core of the system for maximum security – encryption at rest.
There are a multitude of advantages to encrypting the data at source:
- Adding security for distributed organizations – This is extremely helpful for distributed IT organizations that depend on third parties for IT staff augmentation.
- Simplified Media Disposal – There is no need to physically destroy sensitive media
- Data format agnostic – One does not have to waste time formatting data as all types can be encrypted
The easiest way to achieve encryption at rest in existing HCI solutions is to implement a Self-Encrypting Drive (SED). However, there are various limitations.
- High Cost – Organizations will pay a premium for SEDs and may even go through thousands a year, costs will quickly stack up.
- Implementation issues: SED’s may pose implementation, management & troubleshooting challenges if not Opal compliant (Opal is a storage device policy management standard).
- Risky - If a problem is identified, a simple patch may not fix the problem, the entire drive may need to be replaced. Furthermore, the way SEDs are designed make it very hard for IT to even examine a drive for encryption flaws.
- Labor Intensive Management: SED management could require a hands-on approach.
What is the solution according to the Enterprise Strategy Group?
VMware vSAN’s hyper converged solution does not involve SED limitations, it is a software defined infrastructure approach that seamlessly combines compute, storage, network and data services in a single solution running on industry-standard x86 system(s). ESG notes that VMware’s solution is operationally efficient, less complex than traditional types of systems, and requires less management and fewer systems.
According to research completed by ESG analysts, the benefits of deploying a converged or hyper-converged technology solution(s) are:
- 22% of organizations reported lower TCO as a primary benefit of deploying a converged or hyper converged solution
- 26% of respondents noted faster time to deploy
- 24% reported improved service and support, and improved scalability
- 23% cited simplified management as benefits
Why VMware vSAN is the solution
VMware vSAN offers native encryption that is both VM and hardware-agnostic (no SEDs needed) and can be deployed on existing or new storage devices. Security is built into the core of the system, the hypervisor level, not within he VM or hardware, maximizing protection. Management is also simplified as it is running a single server or “host”. vSAN also offers native software, offering hardware independence, lower costs and further streamlining the management.
ESG analysts noted that vSAN is the clear solution, “Organizations looking for a means to grow a more secure, faster performing, and easy to manage data center should explore the possibilities with VMware vSAN”.
VMware vSAN has the most number of customers of any hyper-converged product and is pulling ahead of the market because it is first with new features. Native encryption is a major element to consider as you look for how you could bring HCI’s cost and management benefits to your environment.
Read the full whitepaper here
Ready to get started on this journey towards a secure data center?
Listen to Donald Poorman, solutions architect manager, Govplace and Jase McCarty, staff technical marketing architect, VMware on Federal News Radio as they discuss security in the federal government sector.
- Meeting Government’s Data Security Mission: Segment 1, Efficiency
- Meeting Government’s Data Security Mission: Segment 2, Security
- Meeting Government’s Data Security Mission: Segment 3, Virtual Desktop Infrastructure
Learn more about how vSAN customers are adopting VMware’s hyper-converged infrastructure software in these case studies.
Download the eBook, Modern Infrastructure: Enabling the Future of Business, to learn more about how to lay the foundation for a software-defined data center.
Try our Hands-on Labs to test drive full capabilities of vSAN.