CloudLink 7.1: Simplifying datacenter security
Fri, 23 Apr 2021 12:10:59 -0000
|Read Time: 0 minutes
Are you feeling safe about the security of your data center’s infrastructure? Chances are, you aren’t. According to a recent poll1, 74% of customers report experiencing some form of cyber attack in the last twelve months, and 86% were concerned about potential cyberattacks. Clearly, data center security is a topic than can no longer be ignored - and most of our customers are taking steps to ensure their data is safe. Yet even though it’s necessary, adopting data center security can be confusing, complex, and difficult to implement.
Dell EMC CloudLink aides our customers in this effort by being reliable, flexible, and easy to use. Our 7.1 release adds new tools to our toolbox including shallow rekey for our Container based encryption, support for vVols encryption and IPv6 only environments, and the new Secure Configuration Summary page designed to make security audits of CloudLink a breeze.
Every security related framework published discusses the need for regular monitoring and assessment of implemented security controls to ensure that the products and deployment are meeting relevant industry standards. Such activities usually include the dreaded yearly security audit. Datacenter administrators view this effort with disfavor because it takes time out of their already busy schedule to walk through the deployment with the auditor to prove compliance.
In the past we’ve heard from our customers that the CloudLink GUI is easy enough to navigate that security audit reviews weren’t too painful, but they occasionally expressed that it would be nice to make them a little bit easier. Well we heard their requests loud and clear and have obliged with the Secure Configuration Summary. We’ve gathered the information commonly requested during security audits onto one page so when the security administrator and auditor go to CloudLink for a review, it’s a one stop shop.
With audits though, simply viewing configuration settings isn’t enough as most auditors require tangible proof to attach to their reports. Screen shots work but we offer something better – the ability to export the configuration settings provided on the summary page. As with most of our GUI pages, you can export the Secure Configuration Summary to a handy-dandy spreadsheet which can be presented directly to the auditor. A one click audit review – can it get any easier than that?
Of course, not all audits are the same and some requirements are more extensive than others. To accommodate this eventuality, our summary page provides direct links to the configuration pages for each setting. If an auditor needs more information on a particular configuration, simply jump to the relevant page, review, and download an export if needed.
Encryption is hard and it can be a challenge to understand, implement, and maintain. We understand that most of our customers are not in the datacenter security business. CloudLink strives to make data encryption in the datacenter a simple, set it and forget it task, so that our customers can focus on their core business, not on trying to figure out how to keep their data safe – that’s our job.
If you would like to know more about CloudLink and our latest release please visit our website and reach out to your Dell Technologies sales team to ask how we can make data encryption easy for you too.
1 Source: statista.com
Related Blog Posts
Driving Innovation with the Dell Validated Platform for Red Hat OpenShift and IBM Instana
Wed, 14 Dec 2022 21:20:39 -0000
|Read Time: 0 minutes
“There is no innovation and creativity without failure. Period.” – Brené Brown
In the Information Technology field today, it seems like it’s impossible to go five minutes without someone using some variation of the word innovate. We are constantly told we need to innovate to stay competitive and remain relevant. I don’t want to spend time arguing the importance of innovation, because if you’re reading this then you probably already understand its importance.
What I do want to focus on is the role that failure plays in innovation. One of the biggest barriers to innovation is the fear of failure. We have all experienced some level of failure in our lives, and the costly mistakes can be particularly memorable. To create a culture that fosters innovation, we need to create an environment that reduces the costs associated with failure – these can be financial costs, time costs, or reputation costs. This is why one of the core tenets of modern application architecture is “fail fast”. Put simply, it means to identify mistakes quickly and adjust. The idea is that a flawed process or assumption will cost more to fix the longer it is present in the system. With traditional waterfall processes, that flaw could be present and undetected for months during the development process, and in some cases, even make it through to production.
While the benefits of fail fast can be easy to see, implementing it can be a bit harder. It involves streamlining not just the development process, but also the build process, the release process, and having proper instrumentation all the way through from dev to production. This last part, instrumentation, is the focus of this article. Instrumentation means monitoring a system to allow the operators to:
- See current state
- Identify application performance
- Detect when something is not operating as expected
While the need for instrumentation has always been present, developers are often faced with difficult timelines and the first feature areas that tend to be cut are testing and instrumentation. This can help in the short term, but it often ends up costing more down the road, both financially and in the end-user experience.
IBM Instana is a tool that provides observability of complete systems, with support for over 250 different technologies. This means that you can deploy Instana into the environment and start seeing valuable information without requiring any code changes. If you are supporting web-based applications, you can also take things further by including basic script references in the code to gain insights from client statistics as well.
Announcing Support for Instana on the Dell Validated Platform for Red Hat OpenShift
Installing IBM Instana into the Dell Validated Platform for Red Hat OpenShift can be done by Operator, Helm Chart, or YAML File.
The simplest way is to use the Operator. This consists of the following steps:
- Create the instana-agent project
- Set the policy permissions for the instana-agent service account
- Install the Operator
- Apply the Operator Configuration using a custom resource YAML file
You can configure IBM Instana to point to IBM’s cloud endpoint. Or for high security environments, you can choose to connect to a private IBM Instana endpoint hosted internally.
Figure 1. Infrastructure view of the OpenShift Cluster
Once configured, the IBM Instana agent starts sending data to the endpoint for analysis. The graphical view in Figure 1 shows the overall health of the Kubernetes cluster, and the node on which each resource is located. The resources in a normal state are gray: any resource requiring attention would appear in a different color.
Figure 2: Cluster View
We can also see the metrics across the cluster, including CPU and Memory statistics. The charts are kept in time sync, so if you highlight a given area or narrow the time period, all of the charts remain in the same context. This makes it easy to identify correlations between different metrics and events.
Figure 3: Application Calls View
Looking at the application calls allows you to see how a given application is performing over time. Being able to narrow down to a one second granularity means that you can actually follow individual calls through the system and see things like the parameters passed in the call. This can be incredibly helpful for troubleshooting intermittent application issues.
Figure 4: Application Dependencies View
The dependencies view gives you a graphical representation of all the components within a system and how they relate to each other, in a dependency diagram. This is critically important in modern application design because as you implement a larger number of more focused services, often created by different DevOps teams, it can be difficult to keep track of what services are being composed together.
Figure 5: Application Stack Traces
The application stack trace allows you to walk the stack of an application to see what calls were made, and how much time each call took to complete. Knowing that a page load took five seconds can help indicate a problem, but being able to walk the stack and identify that 4.8 seconds was spent running a database query (and exactly what query that was) means that you can spend less time troubleshooting, because you already know exactly what needs to be fixed.
For more information about the Dell Validated Platform for Red Hat OpenShift, see our launch announcement: Accelerate DevOps and Cloud Native Apps with the Dell Validated Platform for Red Hat OpenShift | Dell Technologies Info Hub.
Author: Michael Wells, PowerFlex Engineering Technologist
Twitter: @SqlTechMike
LinkedIn
The Benefits of Composable Infrastructure for VMware Cloud Foundation on vSAN Ready Nodes
Thu, 25 Aug 2022 17:14:52 -0000
|Read Time: 0 minutes
Discussions comparing the public cloud to on-premise architectures have shifted to discussions about the best way to build a hybrid model.
Multi-cloud delivery services alongside on-premise infrastructure seems to provide the versatility that organizations need for business critical missions, however they are often complex and costly. Ending up with multiple administrative teams, toolkits, and processes doesn’t appeal to most organizations as a winning horse.
As usual, simplicity comes to our rescue. An integrated offering that provides customers with the advantages of both the public cloud and an on-premise infrastructure helps organizations with the following:
- Control infrastructure price and performance
- Improve their deployment times and thus time to value
- Minimize cost and complexity, through a single set of skills and tools
Most organizations that are interested in these benefits are not prepared to build a hybrid cloud themselves. Running an on-premise datacenter or building assets in the main public cloud tends to be more familiar for most IT teams, but managing both at the same time may be beyond the capabilities of some existing IT teams.
In these cases, a trusted partner that brings guidance and innovation to follow this path is crucial. Such a partner can provide a set of familiar management tools with all the administrative and analytics capabilities required to monitor business workloads—such as tools that can be extended to multiple public cloud providers, giving organizations the advantages of compelling cost, efficiency, and speed.
Because most organizations today are using virtualized on-premise infrastructure, VMware comes to my mind as a perfect partner for this journey, having a mature technology offering to help companies build a hybrid cloud.
VMware on Dell offers infrastructure to build a foundational hybrid cloud. This architecture makes the on-premise more cloudy and enables workload mobility to place every workload, whether it is in a public cloud or in our on-premise infrastructure.
Dell PowerEdge MX offers a software defined data center that empowers organizations towards a hybrid cloud model. For example, when this infrastructure is coupled with VMware Cloud Foundation (VCF) and VMware on AWS organizations can build a hybrid cloud using popular VMware tools and capabilities.
Figure 1: MX composable infrastructure chassis
MX chassis is built with capabilities that perfectly match vSAN requirements. Each node can hold six drives, which ensures that that two of the drives are caching devices within the vSAN cluster for optimal performance.
A low latency smart fabric is built into the MX design. This minimizes the risk that lack of throughput or excessive latency presents for a hybrid cloud deployment. Expandable and extensible by design, the MX family can deliver cloud value across many technology generations.
Dell MX management is integrated with VMware Cloud Foundation 4.x. The MX hardware has the systems’ management and APIs to hook into the VMware consoles that customers are used to. This way we can deploy VCF into the MX infrastructure though a simplified path that eliminates tedious stepwise processes around setup, monitoring, provisioning, and management.
Dell and VMware have also worked together to improve telemetry and insight, giving operators an improved view of resource utilization for each node and chassis in the MX infrastructure.
In summary, the advantages of running VCF on Dell vSAN Ready Nodes based on PowerEdge MX servers include:
- A scalable network design that provides a low latency, automated and not oversubscribed fabric to support any workload deployment the business may need
- A secured stack all the way from the hardware to the VMware management console
- An integrated management with tool set that helps IT admins provision, monitor, and maintain their MX based vSAN Ready Node farm. One console can manage multiple chassis and even other server and storage types.
Figure 2: MX integrated management simplifies hybrid cloud operations
One way to see the integration of VCF with MX based vSAN Ready Nodes in action is to deploy a new workload cluster of Dell vSAN Ready Nodes MX750c into an existing VCF infrastructure.
Principled Technologies performed this test and showed how simple and straightforward the expansion process is with MX servers. They also showed, by following the same expansion process with two generations of MX servers (MX740c and 750c), that the tools and processes remain the same across server generations.
The engineers completed the expansion process in just two hours and 21 minutes. It took the same time for each of the two server generations.
For more information about this test case, see the Principled Technologies report.
Conclusion
Although building a functioning hybrid cloud to support real business workloads may look complex, it can be simplified if by using the proper technologies and tools. VCF combined with Dell vSAN Ready Nodes MX composable infrastructure offers a perfect duo to reach an organization’s hybrid cloud goals.
You can read more about Dell vSAN Ready Nodes at the Dell Technologies Info Hub.
Author information
Iñigo Olcoz
Twitter: @virtualOlcoz