KMIP Cloud Use Case Kiran Thota – VMware Inc. Saikat Saha – Oracle Corp.

Slides:



Advertisements
Similar presentations
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Advertisements

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.
System Center 2012 R2 Overview
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415)
The future of Desktops Transform Your Desktop with Virtualization.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
High memory instances Monthly SLA : Virtual Machines Validated & supported Microsoft workloads Price reduction: standard Windows (22%) & Linux (29%)
Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡
Understanding Active Directory
Unified Logs and Reporting for Hybrid Centralized Management
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
Microsoft SQL Server x 46% 900+ For Hosting Service Providers
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
Microsoft TechForge 2009 SQL Server 2008 Unplugged Microsoft’s Data Platform Vinod Kumar Technology Evangelist – DB and BI
Group Kiran Thota, VMware Saikat Saha, Oracle. What is Group? Group can be defined as a logical collection or container of objects – Managed Objects –
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
© 2011 IBM Corporation 1 (ENSUREing we can) Ride the Wave (on a Cloud) Presenter: Michael Factor, Ph.D. IBM Research – Haifa
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
© 2010 VMware Inc. All rights reserved vSphere 4.1: Install, Configure, Manage.
NON-COMPULSORY BRIEFING SESSION REQUEST FOR INFORMATION: ICT SECURITY SOLUTIONS RAF /2015/00019 Date: 29 September 2015 Time: 10:00.
EOSDIS User Registration System (URS) 1 GES DISC User Working Group May 10, 2011 GSFC, NASA.
Microsoft Virtual Academy. Microsoft Virtual Academy Part 1 | Windows Server 2012 Hyper-V &. VMware vSphere 5.1 Part 2 | System Center 2012 SP1 & VMware’s.
Accumulus Delivers Enterprise Class Subscription Billing and Automation Solutions for Gaming, Retail, and More on the Scalable Microsoft Azure Platform.
Look, Ma, No Hardware -Stephanie Schossow. Cisco & VMware  September 16, Industry leaders in virtualization Cisco and VMware® announced that they.
Corent’s SurPaaS Transforms Your Software into Scalable SaaS on Windows Azure – in Days! COMPANY PROFILE: CORENT TECHNOLOGY INC. Corent’s SurPaaS is a.
Sofia Event Center November 2013 IT Service Management Damien Caro Technical Evangelist Manager Microsoft Corp
Microsoft Azure Active Directory. AD Microsoft Azure Active Directory.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Data-Centric Security and User Access Controls for Hadoop on Microsoft Azure MICROSOFT AZURE APP BUILDER PROFILE: BLUETALON BlueTalon provides data-centric.
Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
October 15-18, 2013 Charlotte, NC Being the DBA of the Future A World of On-Premises and Cloud Dandy Weyn, Snr. Technical Marketing Product Manager Microsoft.
1 Key Management Interoperability Protocol (KMIP) Bob Griffin co-chair, KMIP TC
Cloud Computing Security With More Than 50 Years Of Security And Enterprise Experience Cloud Raxak Automating Cloud Security. Cloud Raxak automates and.
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Data-centric security of Blutalon
Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.
Understanding The Cloud
Organizations Are Embracing New Opportunities
ENSURE: Enabling kNowledge Sustainability, Usability and Recovery for Economic value Architect and build the next generation preservation system, ensuring.
Microsoft Operations Management Suite Insight and Analytics
New Heights by Guiding Them into the Cloud
Microsoft SharePoint Server 2016
Infrastructure Provisioning Kenon Owens Sr
Configuration Store in ONAP using Distributed KV Store (As part of making ONAP carrier grade) Consul.
Red Hat User Group June 2014 Marco Berube, Cloud Solutions Architect
Data Protection & Security
Migrating Your BI Platform To Azure
Enabling Encryption for Data at Rest
Enabling Encryption for Data at Rest
Modernizing your enterprise with hybrid it
ideas to mobile apps in record time,
Microsoft Virtual Academy
NSX Data Center for Security
Enterprise Data Solution Running on the Azure Cloud Platform Protects, Preserves Critical Data “Druva takes a proactive approach to help customers address.
Application Performance & Availability with vCloud Hybrid Service and KEMP Technologies New York: • Limerick: • Hannover:
Microsoft Virtual Academy
Day 2, Session 2 Connecting System Center to the Public Cloud
Computer Services Business challenge
Microsoft Virtual Academy
Presentation transcript:

KMIP Cloud Use Case Kiran Thota – VMware Inc. Saikat Saha – Oracle Corp.

Agenda Discuss Cloud Challenges KMIP Sub-tasks & Plan

Background Traditional data center centric Key management insufficient for cloud in - – Scale (Client population expands and shrinks in real-time) – Automation – Migration – Geographical distribution and Key manager locality for better service experience (hybrid- cloud)

Background Virtualization enables movement of workloads across infrastructure – Dynamic and Automated Key Management Distribution of keys – Enterprises to Cloud Service Provider (CSP) – Key manager dedicated to a tenant (or shareable key manager infrastructure)

Scenario: KMIP in Cloud Cloud Service Provider App Data Enterprise IT Application Users CSP Administrators Enterprise Administrators Enterprise App Key DB vSphere Key Server

Key Security Challenges in Cloud  Trust establishment (contractual and on-line)  Ownership of keys  Protection of keys at rest  Protection of keys in transit  Defining & Programming key policy  Propagating key policy (server-to-server & server-to-client)  Negotiating key policy (server-to-client for diverse clients)  Managing access to keys  Managing key life-cycle  Enforcement of key policy  Visibility of key-related services and infrastructure  Proof of possession  Client capabilities to ensure adequate protection of keys

Key Management in the Cloud Four big considerations – Where are keys created? – Where are keys used? – Where are keys stored? – Where are key policies managed? Enterprise – Keys created, used, stored and managed by enterprise Hybrid – Keys created, stored and managed by enterprise – Key created, stored and managed by enterprise but at CSP’s infrastructure CSP – Keys created, used, stored and managed by CSP

Sub-Tasks Client-to-Server – Client Registration – Server Capability Query – Grouping and Policy Definition Server-to-Client – Notification to purge or kill – Client query (guarantee protection of keys) Note: KMIP does not yet address migration of keys between Key Managers (server-to-server)

Client Registration Automated scalable client registration Owner: Stan Feather (to confirm)

Server Capability Query Query server for capabilities – RNG – FIPS Owner: Tim Hudson (to confirm)

Grouping and Policy Propose changes to allow grouping and policy for bulk management of keys. Owner: Kiran Thota/ Saikat Saha Proposal by: Jan 30

Notify – Purge/Kill Propose a notification from server to client to purge a key from usage. Owner: Kiran Thota/ Saikat Saha Proposal by: Feb 07

Client Query Propose a query from server to client to evaluate client capabilities. Owner: Kiran Thota/ Saikat Saha Proposal by: Feb 20

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.