Loading...
 

VPDC Security FAQs


We leverage vCloud® Networking and Security™ to provide necessary security for your virtualized environment. The integration with VMware vCloud Director® allows the cost effective management of your VPDC without the added complexity by using the software package you are familiar with. This web interface gives you much more control of your virtual machines and networks than in any public cloud solution.


Yes. PhoenixNAP will provision a single vCloud Director login for VPDC customers which is provided as a part of the turn up process. From that point, the admin user may setup other logins for other users within the organization in question. You can then run practically any application or service that you can run from a traditional, physical machine.


vCloud Director uses logical containers called vApps to separate private environments within your cloud infrastructure. By using vApps you can group or segregate virtual machines and virtual networks which is well-suited for computing environments requiring secure multi-tenancy. In that way, you can have multiple different departments, such as QA and development, using the same VPDC without having one department interfering with the other department’s VMs. Additionally, each vApp can be duplicated and modified as desired. For more information on working with vApps visit VMware’s Documentation Center.


We leverage security tools from F5 Networks, Arbor Networks, Rapid7 / Metasploit, and VMware in order to maintain compliance with PCI DSS 2.0, SSAE 16 Type 1 and SOC 2 Type 2. All of our systems leverage Two-Factor authentication for administrative access and all events are centrally logged and reported in real time. These controls are in place to secure the underlying infrastructure that powers our IaaS systems and are not in place to protect or enhance the logical security of our customers’ infrastructure.


PhoenixNAP uses VMware’s solutions for the management and infrastructure security which is in compliance with PCI Data Security Standards. However, clients themselves will need to implement all the rest of the PCI DSS controls inside their network. Even though PCI Data Security Standards can be met with a shared environment such as our VPDC, it is much easier to do so in a dedicated environment such as our Managed Private Cloud.


All of our systems are configured in blocking mode rather than alerting mode. However, the availability of the Client Portal and billing systems are the only components that would be unavailable if a false positive was triggered.


Signature update periods vary per vendor but happen at least quarterly.


VPDC clients are responsible for securing their virtual machines and network. You need to implement security measures that are commercially reasonable for your use of VPDC, including encryption technologies, password and user ID requirements, as well as procedures regarding the application of security patches and updates. If any breach happens on the management side, phoenixNAP will be held responsible.


Once you delete a virtual machine from a vApp, your data will be deleted with it. When you perform that action, you will no longer have logical or direct access to the drive and thus the data cannot become visible to anyone.


Your Virtual Private Data Center is secured by phoenixNAP DDoS Protect™ which takes care of your network traffic and constantly monitors for any attacks. Your services remain online even during attacks while we are working to eliminate them. We have a team of certified engineers, support staff and an automated rule sets to make sure your business stays unaffected.