Home > APEX > Cyber & Data Protection > White Papers > Dell APEX Cyber Recovery Services – Security Guide > Separation and isolation
The Service has a designated rack containing both the vault and the management stack deployed in the customer’s data center. The vault has separation and isolation capabilities that are achieved with dedicated hardware and software. The vault is secured from the customer's production infrastructure through a logical air gap, and from the Dell CMSP backend management system through designated hardware and software security controls.
Network security controls include the use of secure connectivity between the onsite management stack to the vault, using VRFs, VLANs, and encrypted communication. These controls enforce and maintain separation and isolation of the vault to prevent customer telemetry and data from becoming visible to unauthorized users.
The APEX Cyber Recovery vault and the PowerProtect DD in the customer data center are isolated on separate networks. An operational logical air gap separates the networks between the source PowerProtect DD at the customer data center and the PowerProtect DD in the vault. This communication is closed until the Cyber Recovery Manager instance inside the vault turns on the communication port for a replication request. After the replication is completed, the physical communication port on the PowerProtect DD in the vault is turned off again.