End to End Secured and Shielded Dell APEX Cloud Platform for Microsoft Azure
Thu, 15 Feb 2024 12:34:55 -0000
|Read Time: 0 minutes
On September 26, 2023, we introduced to the market the new Dell APEX Cloud Platform for Microsoft Azure. It is the first offer for Premier Solutions for Microsoft Azure Stack HCI, a new category in the Azure Stack HCI catalog reserved for key partners with the greatest levels of engagement with Microsoft and deepest integrations into familiar Microsoft management tools.
Dell APEX Cloud Platform for Microsoft Azure is a fully integrated infrastructure platform designed to optimize Microsoft Azure hybrid cloud deployments by optimizing operations, accelerating time-to-value across on-prem, edge, and Azure cloud deployments. It greatly simplifies initial deployments and on-going operations across the complete technology stack.
Security built in at every phase in the lifecycle
Security for Dell APEX Cloud Platform for Microsoft Azure is not an afterthought, but rather an integral part of the overall platform design process that leverages our Cyber Resilient Architecture and inherits Dell’s hardened server and software design to protect, detect, and recover from cyberattacks.
Full stack lifecycle management is key to maintaining a strong security posture throughout the life of your APEX Cloud Platforms, continuously and consistently applying Dell and Microsoft updates without risks to the platform and running workloads.
Dell APEX Cloud Platform for Microsoft Azure also leverages intrinsic infrastructure security management through Dell Infrastructure Lock and Secured-core server functionalities.
- Infrastructure Lock protects against unintentional or malicious changes to critical configuration settings in the BIOS or iDRAC. It also prevents any updates to BIOS, iDRAC, firmware, or drivers while enabled.
- Secured-core functionality helps proactively defend against and disrupt many of the paths attackers might use to exploit a system by establishing a hardware root-of-trust, protecting firmware, and introducing virtualization-based security.
You can learn more on these platform features in this video.
Azure Stack HCI, Microsoft Defender for Cloud, and Azure Policy security features
Dell APEX Cloud Platform for Microsoft Azure takes full advantage of the security features that come with Azure Stack HCI:
- Encryption and data protection
- Data-at-rest encryption enabled with BitLocker by default
- Self-Encrypting Drives (SED) require authentication independent of the OS
- Always-on antivirus protection
- Microsoft Defender Antivirus enabled by default on cluster nodes for real-time detection
- Automatic definition updates
- Recommended security baseline
- Over 200 security settings enabled out-of-the-box
- Disables legacy protocols and ciphers
- Closely meets CIS benchmark and DISA STIG requirements
- Reduced attack surface
- Windows Defender Application Control (WDAC) enabled by default
- WDAC enforces an explicit list of applications and code allowed to run
Microsoft Defender for Cloud and Azure Policy assess, secure, and defend Dell APEX Cloud Platform for Microsoft Azure at-scale:
- Continuously assess -- understand your current security posture, identify and track vulnerabilities.
- Secure -- harden connected resources and services by following customized and prioritized recommendations.
- Defend -- detect and resolve threats to those resources and services. With prioritized security alerts, focus on what matters most and present to the right audience.
With this approach, the entire platform stack is covered – Azure Stack HCI, VMs, AKS hybrid workload cluster, and virtualized and cloud-native applications.
You can learn more on these platform features in this video.
Security Configuration Guide
If you want to go deeper and learn about all the different elements that come into play to properly guarantee the end to end secured and shielded protection for the platform, you can read our Dell APEX Cloud Platform for Microsoft Azure Security Configuration Guide, where we provide the configuration details for:
- Product and subsystem security: authentication, authorization, network security
- Cryptography: cryptographic modules
- Certificate management
- Event monitoring, auditing, and logging
- Integrity: security updates
Conclusion
Dell APEX Cloud Platform for Microsoft Azure enhances Azure operations for edge and on-premises deployments by providing consistent management with centralized Azure tools while mitigating security and compliance risks with an intrinsic approach to security that extends Azure governance across all deployment environments.
Thanks for reading and… stay tuned for more updates in Info Hub!
Author: Ignacio Borrero, Senior Principal Engineer, HCI and Multicloud Technical Marketing
@virtualpeli