DSC System and Security FAQs
DSC is a multi-tenant environment, hosted on a shared physical platform. However, through strict virtualization and segmentation controls, it is a secure hosting platform that has passed the scrutiny of industry certifications such as PCI. Hosted in a secure facility with strict physical controls where activity is monitored and logged 24/7, access to this environment is also restricted to specially designated staff. Encryption and access controls inherent in the platform prevent even those with physical access from acquiring or manipulating the data, maintaining the integrity and authenticity of the data in your environment.
Through our partnerships with VMWare and Intel, we maintain access to the latest versions of the software, where we are constantly monitoring and remediating discovered vulnerabilities that could jeopardize the integrity and isolation of the multi-tenant compute environments. We actively scan our environments for the latest vulnerabilities using multiple sources and through subscriptions to exploit notification services, monitor and create compensating controls to address Advanced Persistent Threat (APT) and 0-Day discoveries.
One of the value propositions of a multi-tenant environment is the ability to aggregate and overprovision the physical resource pools across multiple virtual cloud environments. Some workloads are sensitive to sharing resources that way and may require dedicated resources allocated 100% of the time. We can accommodate this scenario by allocating dedicated resources to your virtual cloud environment, which will not be shared or affected by other workloads.
A secure environment starts with a design that incorporates security fundamentals as part of its core architecture. Increasing security posture involves greater controls against application and network components while increasing visibility into the activity of your network/infrastructure. We designed the DSC solution from the ground up, as a new product, so that there was no reliance or inheritance from prior products that could compromise this design.
By incorporating our processes as part of this design, we are able to provide a holistic approach that meets and exceeds industry standards. We focused on exposing increased control to our customers while providing enhanced logging capabilities to increase visibility inside customer networks. These are all base features available to DSC customers that we believe are unique to this service offering.
We leverage the latest in hardware for both networking and compute technologies while using the latest technology such as Software Defined Networking, Hardware Based Encryption (at rest), and 24/7 Threat Monitoring and Response services. Through the use of the latest versions of VMWare and NSX, we have enhanced the networking and security capabilities accessible to clients, and through vCloud Director 9, have given our customers greater control and visibility into their multi-site deployments. Through the use of micro-segmentation capabilities, we can now apply Access Control Lists (ACLs) against the networking ports of individual devices, gaining strict control of the in-network communication, which in turn creates layers of security protection that was not possible in a cloud environment.
All this technology does not forgo the need for secure network designs and good operational policies for the customer compute platform, yet you now have access to advanced tools to facilitate these designs, which was not possible before.
The actual time to migrate varies drastically, depending on factors such as storage footprint, complexity, etc. These timeframes can vary from 1 day to several weeks, and as every instance is tailored to your needs, a more reflective timeline can be obtained via a conversation with our Sales Team.
Yes. The amount of downtime is dependent on the chosen method::
- Cold (Offline) Migration - If your business model allows for offline time for your servers and virtual machines, we can perform a cold migration. During that time, we will power off the virtual machines, replicate them into the new environment, and provision them in DSC. The total downtime depends on the size and complexity of the environment. The value of this method is that all IP addresses and EDGE configuration elements can transfer without requiring any further updates to NAT translations or DNS records.
- Hot Migration - We will utilize Zerto to pre-seed and replicate your environment over a designated time period, and when time to cut over, we will fail-over the compute environment to DSC. Although this failover process is quick and the internal IP addresses will not change, EDGE configurations such as external (public) IP addresses will need to be remapped, requiring DNS changes that could take up to 60 minutes to replicate depending on your TTL settings.
Yes, we can create your new DSC environment and keep your old public IP address only if you choose the cold migration method.
We maintain a strong leadership position as a VMWare partner, therefore we use the latest in VMWare hypervisor technologies (ESXi), including complementary products such as NSX, Operations Manager, and vCloud Director.
Data Security Cloud relies on VMware NSX® for network virtualization and as a security platform. VMware NSX enables granular control of security policies, allows micro-segmentation of your network, and delivers multi-level data protection.
To learn more about the VMware NSX® platform, visit their product page.
As we are hosted on a VMWare platform, you will manage your environment through the latest version of vCloud Director.
We utilize the current, most stable release of VMWare vSphere and vCloud Director. We maintain a strict change control and patch management process to maintain the latest patch levels, ensuring the stability and integrity of the environment.
Yes. With DSC, a new cluster of Encrypted LUNs can be leveraged to offer data at rest encryption. You can have a mix of encrypted and unencrypted LUNs which can be used for normal and sensitive workloads.
Secured via strict Access Control policies and multi-factor authentication technologies, unauthorized changes are unlikely. However, in the case of suspicious activity, our logging system will provide detailed activity reports that could reveal the source and nature of these changes. In the event of Brute-Force attempts to access your environment, our Security Operations Center (SOC) will take mitigating action and be in communication with you to prevent service disruption.
All applications interacting with the administrative components must be at least TLS version 1.1. As TLS 1.1 is about to be deprecated, TLS 1.2 is highly recommended.