SlideShare uma empresa Scribd logo

Scality RING Security White Paper

P
Phillip Tribble

The document discusses security mechanisms in the Scality RING data storage architecture. It describes the RING's layered architecture including connectors, storage nodes, and disks. It then discusses how the RING implements security features like role-based access, data encryption, checksums, logging, and versioning to address compliance requirements. The supervisor also uses security protocols for management and role-based access control.

Tecnologia
1 de 7
Baixar para ler offline
Scality Technical White Paper February 2017 Data Security in the Scality RING Overview of the Security Mechanisms in the Scality RING
Data Security in the Scality RING 2 White Paper Table of Contents Introduction 3 Chapter 1: The Impact of Security Regulations 3 Chapter 2: The Scality Ring Architecture 3 Chapter 3: Connector and User Interface Security 4 Chapter 4: Core RING Security 5 Summary 6 Appendix A 7 Data Security in the Scality RING Overview of the Security Mechanisms in the Scality RING
Data Security in the Scality RING 3 Introduction When it comes to designing a cloud-based storage infrastructure, there are more important design principles to address than simply storing files. A well-designed storage solution will take into consideration compliance needs and implement proper security protocols and best practices in the architecture. The scope of this whitepaper is to describe how the Scality RING addresses compliance needs for organizations and how security is implemented in the RING’s architecture. Chapter 1: The Impact of Security Regulations There are many different regulatory rules out there that organizations are using. For example, HIPAA is a set of security rules set of rules and safeguards that must be implemented when working with public health information and FIPS-140-2 is used by Government organizations to list requirements and standards for encryption used. Depending on the nature of a particular business, organizations will be impacted by some form of compliance rules whether it is a regulatory compliance such as HIPAA or FIPS 140-2. IT organizations will have to adjust their solutions, services, and workflows to accommodate regulatory practices which can be intensive and chaotic at times. The good news is that there is some common ground between compliance regulations. Here are a few common requirements that organizations take into consideration. ■■ Role-based Access - Not everyone should have privileged access to sensitive information in an organization. Different levels of access should be provided through roles such as user, admin, etc to control access to sensitive data. ■■ Data Encryption - Encryption must be used when uploading and downloading data. ■■ Data Integrity - Ensure that protections are in place to prevent data from being tampered or altered. ■■ Network Security - Firewall rules and network segmentation to protect systems and services. ■■ Auditing - A way to record all the transactions and changes made to a system. The following chapters will explain how the Scality RING implements the compliance requirements that organizations need to remain compliant with regulations. Chapter 2: The Scality Ring Architecture The Scality RING architecture is composed of several layers as displayed in Figure 1. Let’s explore each layer in detail to get a better understanding of the RING architecture. 2.1 Connector Layer The Scality Ring connector layer provides support for the following protocols: ■■ Object: S3, REST. ■■ File System: FUSE, NFS, and SMB. The connector layer is also in charge of chunking files and dispersing the chunks on the Scality Ring using file replication or erasure coding. DISK LAYER STORAGE NODE LAYER CONNECTOR LAYER OBJECT ACCESS S3 / REST FILE ACCESS FUSE / NFS / SMB HDD HDD HDD HDD HDD HDD HDD HDD HDD HDD Figure 1. – Scality Ring Architecture Layers
Data Security in the Scality RING 4 2.2 Storage Node Layer The Storage Node layer consists of a distributed peer-to-peer architecture that ensures files and metadata are properly distributed amongst the storage nodes and disks in the cluster. A RING installation can even span across multiple physical sites and tolerate the loss of an entire site. The RING supports data protection mechanisms such as erasure coding and replication. This intelligent architecture design provides organizations with maximum data durability. 2.3 Disk Layer This is the layer where the file data chunks are written to SAS/SATA drives and the file metadata is written to solid-state drives (SSD’s). Chapter 3: Connector and User Interface Security 3.1 Scality S3 Connector ■■ The Scality S3 Connector supports AWS S3 certificate-based authentication (Signatures v2 and v4) with support for HTTPS to provide secure access to the RING storage. ■■ The Scality Scality S3 Connector implements IAM for Multi-Tenancy: ●● Accounts, users, and groups ●● Access/Secret Key pairs ■■ The Scality S3 Connector supports identity federation for delegated access to APIs: ●● Any SAML 2.0 compatible identity providers ●● Active Directory Federation (ADFS) Scality RING Storage Local and Geo-Protection • Any Hardware File / Object / OpenStack • Multi-Workload Linear Performance Scaling • Limitless Infrastructure Scaling Data to Store (unencrypted) Customer KMS (e.g., SafeNet) Data to Store (unencrypted) KEYS S3 Connector Key GeneratorBucket ID Encryption Key Figure 2. – S3 Connector Architecture
Data Security in the Scality RING 5 3.2 REST Protocol The REST protocol supports HTTPS and can be configured to use basic authentication with the Apache web server to require a username and password. 3.3 File System Protocols ■■ The Scality NFS v3 connector supports Kerberos KDC. ■■ The Scality SMB connector provides Active Directory Server integration and support for simple Windows ACL’s (user and group). Chapter 4: Core RING Security 4.1 Logging All actions performed by a user are in the Supervisor Web Administration console are logged to a file (by default /var/log/scality/dsup/audit.log) on the Supervisor server and can also be set to another location. The audit log file provides detailed information on the user, date and time, name of the action performed (e.g. list, retrieve, delete, modify), RING component (Supervisor, Connector, Storage Node) on which the action was performed, result of the action (successful or not), duration of the action, and the detailed error message if the action wasn’t successful. 4.2 Versioning and WORM As mentioned earlier in this paper, data integrity requirements are in place to ensure that information is not tampered or altered. The S3 connector for the RING supports the versioning features from the Amazon S3 API. If enabled, this feature will allow users to keep track of different versions of a file on the RING storage. Using the standard S3 API calls, organizations will have the ability to view the modification dates and times of each file and it’s checksum as well as the ability to download previous versions of a file. Versioning is not always enough to address compliance requirements so organizations look for solutions that support Write once read many (WORM) operations. If an organization uses a solution that supports WORM, they can be assured that data will be read only and can not be altered. To help address this compliance requirement, Scality created a joint solution with iTernity that can meet legal and industry-specific regulations to provide a compliant long-term archiving solution. For more information, please check out the link to the solution sheet with iTernity in Appendix A. 4.3 Checksums The Scality RING uses a built-in CRC-32 checksum mechanism to ensure that the data being read is the same that was originally written to the RING. Upon reading replicated or Erasure Coded chunks on the disks, the RING calculates a CRC-32 checksum for each of the chunks it has to read and compares it to the CRC-32 checksum that was calculated upon writing the chunk (and stored in metadata with the chunk). If any of the chunks are found to be corrupted, (meaning the checksums do not match), the RING does two things: 1. Uses another replica or EC chunk to serve the requested data 2. Launches a chunk repair operation to repair the corrupted chunk (basically to replace the replica chunk by another replica or recalculates an Erasure Coded chunk). 4.4 Data Encryption Encryption on the disk level can be done today from array controllers or with encrypted
Data Security in the Scality RING 6 drives. The Scality S3 connector supports bucket level encryption via an API extension which is a customized HTTP header used when a file is uploaded. The files are encrypted using OpenSSL with the AES-256 standard and the RING uses an external Key Management Service (KMS) to manage the encryption keys. 4.5 Supervisor Security The Supervisor is the web-based GUI for managing, monitoring, and provisioning resources on the RING. The Supervisor has the following security mechanisms: 1. HTTPS with password authentication. 2. Role-based Access Control (RBAC). Summary This paper explained what it takes to have a compliant storage solution built for the enterprise and went over the impact of security regulations and common compliance requirements. The security mechanisms of the Scality RING architecture was explained in detail ranging from the application layer to the storage layer. We hope that you now have a better idea of the Scality RING architecture and how we implemented common compliance features and security. Figure 4. – Scality Ring Supervisor Ring Overview Figure 3. – Scality Ring Supervisor Login Screen
© 2017 Scality. All rights reserved. Specifications are subject to change without notice. Scality, the Scality logo, Scality RING are trademarks of Scality in the United States and/or other countries. Follow us on Twitter @scality and visit us at www.scality.com to learn more WPSR1-1702 Appendix A A.1 Going beyond this White Paper 1. Information on Scality products and use cases can be found here: http://www.scality.com 2. For more information on the Scality Ring, please view the technical white paper: http://storage.scality.com/white-paper-scality-technical-wp.html 3. Get more information on the S3 Connector in the following white paper: http://storage.scality.com/white-paper-scality-ring-s3-connector.html 4. Get more information on the joint solution with iTernity: http://www.scality.com/partners/iternity/

Recomendados

Introduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceIntroduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceTesora
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileRainer Gerhards
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
redis 소개자료 - 네오클로바
redis 소개자료 - 네오클로바redis 소개자료 - 네오클로바
redis 소개자료 - 네오클로바NeoClova
 
MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼NeoClova
 
Oracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsOracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsAnil Nair
 
Oracle Golden Gate Interview Questions
Oracle Golden Gate Interview QuestionsOracle Golden Gate Interview Questions
Oracle Golden Gate Interview QuestionsArun Sharma
 
Evolution of MongoDB Replicaset and Its Best Practices
Evolution of MongoDB Replicaset and Its Best PracticesEvolution of MongoDB Replicaset and Its Best Practices
Evolution of MongoDB Replicaset and Its Best PracticesMydbops
 

Recomendados

Introduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceIntroduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceTesora
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileRainer Gerhards
 
Cilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshCilium + Istio with Gloo Mesh
Cilium + Istio with Gloo MeshChristian Posta
 
redis 소개자료 - 네오클로바
redis 소개자료 - 네오클로바redis 소개자료 - 네오클로바
redis 소개자료 - 네오클로바NeoClova
 
MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼MariaDB MaxScale monitor 매뉴얼
MariaDB MaxScale monitor 매뉴얼NeoClova
 
Oracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsOracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsAnil Nair
 
Oracle Golden Gate Interview Questions
Oracle Golden Gate Interview QuestionsOracle Golden Gate Interview Questions
Oracle Golden Gate Interview QuestionsArun Sharma
 
Evolution of MongoDB Replicaset and Its Best Practices
Evolution of MongoDB Replicaset and Its Best PracticesEvolution of MongoDB Replicaset and Its Best Practices
Evolution of MongoDB Replicaset and Its Best PracticesMydbops
 
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường ChiếnCI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường ChiếnVietnam Open Infrastructure User Group
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7 Mark Swarbrick
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
Maria db 이중화구성_고민하기
Maria db 이중화구성_고민하기Maria db 이중화구성_고민하기
Maria db 이중화구성_고민하기NeoClova
 
Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRed Hat Developers
 
Alphorm.com Formation Nouveautés Windows Server 2016
Alphorm.com Formation Nouveautés Windows Server 2016Alphorm.com Formation Nouveautés Windows Server 2016
Alphorm.com Formation Nouveautés Windows Server 2016Alphorm
 
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...Felipe Blini
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & SetupSatishbabu Gunukula
 
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster Dirk Oppenkowski
 
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)Aurimas Mikalauskas
 
Alfresco紹介
Alfresco紹介Alfresco紹介
Alfresco紹介Tetsuya Hasegawa
 
MAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMarkus Michalewicz
 
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャZero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャオラクルエンジニア通信
 
DATABASE AUTOMATION with Thousands of database, monitoring and backup
DATABASE AUTOMATION with Thousands of database, monitoring and backupDATABASE AUTOMATION with Thousands of database, monitoring and backup
DATABASE AUTOMATION with Thousands of database, monitoring and backupSaewoong Lee
 
NetApp & Storage fundamentals
NetApp & Storage fundamentalsNetApp & Storage fundamentals
NetApp & Storage fundamentalsShashidhar Basavaraju
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaEdureka!
 
MySQL8.0_performance_schema.pptx
MySQL8.0_performance_schema.pptxMySQL8.0_performance_schema.pptx
MySQL8.0_performance_schema.pptxNeoClova
 
E tech vmware presentation
E tech vmware presentationE tech vmware presentation
E tech vmware presentationjpenney
 
IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET Journal
 
IRJET-Using Downtoken Secure Group Data Sharing on Cloud
IRJET-Using Downtoken Secure Group Data Sharing on CloudIRJET-Using Downtoken Secure Group Data Sharing on Cloud
IRJET-Using Downtoken Secure Group Data Sharing on CloudIRJET Journal
 

Mais conteúdo relacionado

Mais procurados

CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường ChiếnCI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường ChiếnVietnam Open Infrastructure User Group
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
Maria db 이중화구성_고민하기
Maria db 이중화구성_고민하기Maria db 이중화구성_고민하기
Maria db 이중화구성_고민하기NeoClova
 
Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRed Hat Developers
 
Alphorm.com Formation Nouveautés Windows Server 2016
Alphorm.com Formation Nouveautés Windows Server 2016Alphorm.com Formation Nouveautés Windows Server 2016
Alphorm.com Formation Nouveautés Windows Server 2016Alphorm
 
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...Felipe Blini
 
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster Dirk Oppenkowski
 
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)Aurimas Mikalauskas
 
MAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMarkus Michalewicz
 
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャZero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャオラクルエンジニア通信
 
DATABASE AUTOMATION with Thousands of database, monitoring and backup
DATABASE AUTOMATION with Thousands of database, monitoring and backupDATABASE AUTOMATION with Thousands of database, monitoring and backup
DATABASE AUTOMATION with Thousands of database, monitoring and backupSaewoong Lee
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaEdureka!
 
MySQL8.0_performance_schema.pptx
MySQL8.0_performance_schema.pptxMySQL8.0_performance_schema.pptx
MySQL8.0_performance_schema.pptxNeoClova
 
E tech vmware presentation
E tech vmware presentationE tech vmware presentation
E tech vmware presentationjpenney
 

Mais procurados (20)

CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường ChiếnCI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
 
Mysql security 5.7
Mysql security 5.7 Mysql security 5.7
Mysql security 5.7
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
Maria db 이중화구성_고민하기
Maria db 이중화구성_고민하기Maria db 이중화구성_고민하기
Maria db 이중화구성_고민하기
 
Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech Talk
 
Alphorm.com Formation Nouveautés Windows Server 2016
Alphorm.com Formation Nouveautés Windows Server 2016Alphorm.com Formation Nouveautés Windows Server 2016
Alphorm.com Formation Nouveautés Windows Server 2016
 
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...
Monitoramento de serviços com Zabbix + Grafana + Python - Marcelo Santoto - D...
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & Setup
 
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster
SUSE Linux Enterprise and SAP NetWeaver 7.30 HA Cluster
 
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)
MySQL Performance Tuning. Part 1: MySQL Configuration (includes MySQL 5.7)
 
Alfresco紹介
Alfresco紹介Alfresco紹介
Alfresco紹介
 
MAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the Cloud
 
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャZero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
Zero Data Loss Recovery Applianceによるデータベース保護のアーキテクチャ
 
DATABASE AUTOMATION with Thousands of database, monitoring and backup
DATABASE AUTOMATION with Thousands of database, monitoring and backupDATABASE AUTOMATION with Thousands of database, monitoring and backup
DATABASE AUTOMATION with Thousands of database, monitoring and backup
 
NetApp & Storage fundamentals
NetApp & Storage fundamentalsNetApp & Storage fundamentals
NetApp & Storage fundamentals
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020
 
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | EdurekaGetting Started With Docker | Docker Tutorial | Docker Training | Edureka
Getting Started With Docker | Docker Tutorial | Docker Training | Edureka
 
MySQL8.0_performance_schema.pptx
MySQL8.0_performance_schema.pptxMySQL8.0_performance_schema.pptx
MySQL8.0_performance_schema.pptx
 
E tech vmware presentation
E tech vmware presentationE tech vmware presentation
E tech vmware presentation
 

Semelhante a Scality RING Security White Paper

IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET Journal
 
IRJET-Using Downtoken Secure Group Data Sharing on Cloud
IRJET-Using Downtoken Secure Group Data Sharing on CloudIRJET-Using Downtoken Secure Group Data Sharing on Cloud
IRJET-Using Downtoken Secure Group Data Sharing on CloudIRJET Journal
 
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET Journal
 
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET Journal
 
IRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key ExposureIRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key ExposureIRJET Journal
 
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAEXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAIRJET Journal
 
Cloud Storage System like Dropbox
Cloud Storage System like DropboxCloud Storage System like Dropbox
Cloud Storage System like DropboxIRJET Journal
 
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud SystemsIRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud SystemsIRJET Journal
 
Survey on Lightweight Secured Data Sharing Scheme for Cloud Computing
Survey on Lightweight Secured Data Sharing Scheme for Cloud ComputingSurvey on Lightweight Secured Data Sharing Scheme for Cloud Computing
Survey on Lightweight Secured Data Sharing Scheme for Cloud ComputingIRJET Journal
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
An Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud ComputingAn Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud Computingijceronline
 
IRJET- A Survey on File Storage and Retrieval using Blockchain Technology
IRJET- A Survey on File Storage and Retrieval using Blockchain TechnologyIRJET- A Survey on File Storage and Retrieval using Blockchain Technology
IRJET- A Survey on File Storage and Retrieval using Blockchain TechnologyIRJET Journal
 
IRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing DatabasesIRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing DatabasesIRJET Journal
 
Secure Logging as a Service
Secure Logging as a ServiceSecure Logging as a Service
Secure Logging as a ServiceArul Edison
 
CLOUD STORAGE AND RETRIEVAL USING BLOCKCHAIN
CLOUD STORAGE AND RETRIEVAL USING BLOCKCHAINCLOUD STORAGE AND RETRIEVAL USING BLOCKCHAIN
CLOUD STORAGE AND RETRIEVAL USING BLOCKCHAINIRJET Journal
 
Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...IRJET Journal
 
IRJET- Blockchain based Data Sharing Framework
IRJET- Blockchain based Data Sharing FrameworkIRJET- Blockchain based Data Sharing Framework
IRJET- Blockchain based Data Sharing FrameworkIRJET Journal
 

Semelhante a Scality RING Security White Paper (20)

IRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud EnvironmentIRJET- Improving Data Storage Security and Performance in Cloud Environment
IRJET- Improving Data Storage Security and Performance in Cloud Environment
 
IRJET-Using Downtoken Secure Group Data Sharing on Cloud
IRJET-Using Downtoken Secure Group Data Sharing on CloudIRJET-Using Downtoken Secure Group Data Sharing on Cloud
IRJET-Using Downtoken Secure Group Data Sharing on Cloud
 
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
 
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASC
 
IRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key ExposureIRJET- Securing Cloud Data Under Key Exposure
IRJET- Securing Cloud Data Under Key Exposure
 
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATAEXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
EXPLORING WOMEN SECURITY BY DEDUPLICATION OF DATA
 
Cloud Storage System like Dropbox
Cloud Storage System like DropboxCloud Storage System like Dropbox
Cloud Storage System like Dropbox
 
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud SystemsIRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
 
Survey on Lightweight Secured Data Sharing Scheme for Cloud Computing
Survey on Lightweight Secured Data Sharing Scheme for Cloud ComputingSurvey on Lightweight Secured Data Sharing Scheme for Cloud Computing
Survey on Lightweight Secured Data Sharing Scheme for Cloud Computing
 
Paper2
Paper2Paper2
Paper2
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
An Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud ComputingAn Auditing Protocol for Protected Data Storage in Cloud Computing
An Auditing Protocol for Protected Data Storage in Cloud Computing
 
IRJET- A Survey on File Storage and Retrieval using Blockchain Technology
IRJET- A Survey on File Storage and Retrieval using Blockchain TechnologyIRJET- A Survey on File Storage and Retrieval using Blockchain Technology
IRJET- A Survey on File Storage and Retrieval using Blockchain Technology
 
CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session CompTIA Security Plus Mini Bootcamp Session
CompTIA Security Plus Mini Bootcamp Session
 
IRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing DatabasesIRJET- Data and Technical Security Issues in Cloud Computing Databases
IRJET- Data and Technical Security Issues in Cloud Computing Databases
 
Secure Logging as a Service
Secure Logging as a ServiceSecure Logging as a Service
Secure Logging as a Service
 
CLOUD STORAGE AND RETRIEVAL USING BLOCKCHAIN
CLOUD STORAGE AND RETRIEVAL USING BLOCKCHAINCLOUD STORAGE AND RETRIEVAL USING BLOCKCHAIN
CLOUD STORAGE AND RETRIEVAL USING BLOCKCHAIN
 
Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...Revocation based De-duplication Systems for Improving Reliability in Cloud St...
Revocation based De-duplication Systems for Improving Reliability in Cloud St...
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and compliance
 
IRJET- Blockchain based Data Sharing Framework
IRJET- Blockchain based Data Sharing FrameworkIRJET- Blockchain based Data Sharing Framework
IRJET- Blockchain based Data Sharing Framework
 

Último

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 

Último (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

Scality RING Security White Paper

  • 1. Scality Technical White Paper February 2017 Data Security in the Scality RING Overview of the Security Mechanisms in the Scality RING
  • 2. Data Security in the Scality RING 2 White Paper Table of Contents Introduction 3 Chapter 1: The Impact of Security Regulations 3 Chapter 2: The Scality Ring Architecture 3 Chapter 3: Connector and User Interface Security 4 Chapter 4: Core RING Security 5 Summary 6 Appendix A 7 Data Security in the Scality RING Overview of the Security Mechanisms in the Scality RING
  • 3. Data Security in the Scality RING 3 Introduction When it comes to designing a cloud-based storage infrastructure, there are more important design principles to address than simply storing files. A well-designed storage solution will take into consideration compliance needs and implement proper security protocols and best practices in the architecture. The scope of this whitepaper is to describe how the Scality RING addresses compliance needs for organizations and how security is implemented in the RING’s architecture. Chapter 1: The Impact of Security Regulations There are many different regulatory rules out there that organizations are using. For example, HIPAA is a set of security rules set of rules and safeguards that must be implemented when working with public health information and FIPS-140-2 is used by Government organizations to list requirements and standards for encryption used. Depending on the nature of a particular business, organizations will be impacted by some form of compliance rules whether it is a regulatory compliance such as HIPAA or FIPS 140-2. IT organizations will have to adjust their solutions, services, and workflows to accommodate regulatory practices which can be intensive and chaotic at times. The good news is that there is some common ground between compliance regulations. Here are a few common requirements that organizations take into consideration. ■■ Role-based Access - Not everyone should have privileged access to sensitive information in an organization. Different levels of access should be provided through roles such as user, admin, etc to control access to sensitive data. ■■ Data Encryption - Encryption must be used when uploading and downloading data. ■■ Data Integrity - Ensure that protections are in place to prevent data from being tampered or altered. ■■ Network Security - Firewall rules and network segmentation to protect systems and services. ■■ Auditing - A way to record all the transactions and changes made to a system. The following chapters will explain how the Scality RING implements the compliance requirements that organizations need to remain compliant with regulations. Chapter 2: The Scality Ring Architecture The Scality RING architecture is composed of several layers as displayed in Figure 1. Let’s explore each layer in detail to get a better understanding of the RING architecture. 2.1 Connector Layer The Scality Ring connector layer provides support for the following protocols: ■■ Object: S3, REST. ■■ File System: FUSE, NFS, and SMB. The connector layer is also in charge of chunking files and dispersing the chunks on the Scality Ring using file replication or erasure coding. DISK LAYER STORAGE NODE LAYER CONNECTOR LAYER OBJECT ACCESS S3 / REST FILE ACCESS FUSE / NFS / SMB HDD HDD HDD HDD HDD HDD HDD HDD HDD HDD Figure 1. – Scality Ring Architecture Layers
  • 4. Data Security in the Scality RING 4 2.2 Storage Node Layer The Storage Node layer consists of a distributed peer-to-peer architecture that ensures files and metadata are properly distributed amongst the storage nodes and disks in the cluster. A RING installation can even span across multiple physical sites and tolerate the loss of an entire site. The RING supports data protection mechanisms such as erasure coding and replication. This intelligent architecture design provides organizations with maximum data durability. 2.3 Disk Layer This is the layer where the file data chunks are written to SAS/SATA drives and the file metadata is written to solid-state drives (SSD’s). Chapter 3: Connector and User Interface Security 3.1 Scality S3 Connector ■■ The Scality S3 Connector supports AWS S3 certificate-based authentication (Signatures v2 and v4) with support for HTTPS to provide secure access to the RING storage. ■■ The Scality Scality S3 Connector implements IAM for Multi-Tenancy: ●● Accounts, users, and groups ●● Access/Secret Key pairs ■■ The Scality S3 Connector supports identity federation for delegated access to APIs: ●● Any SAML 2.0 compatible identity providers ●● Active Directory Federation (ADFS) Scality RING Storage Local and Geo-Protection • Any Hardware File / Object / OpenStack • Multi-Workload Linear Performance Scaling • Limitless Infrastructure Scaling Data to Store (unencrypted) Customer KMS (e.g., SafeNet) Data to Store (unencrypted) KEYS S3 Connector Key GeneratorBucket ID Encryption Key Figure 2. – S3 Connector Architecture
  • 5. Data Security in the Scality RING 5 3.2 REST Protocol The REST protocol supports HTTPS and can be configured to use basic authentication with the Apache web server to require a username and password. 3.3 File System Protocols ■■ The Scality NFS v3 connector supports Kerberos KDC. ■■ The Scality SMB connector provides Active Directory Server integration and support for simple Windows ACL’s (user and group). Chapter 4: Core RING Security 4.1 Logging All actions performed by a user are in the Supervisor Web Administration console are logged to a file (by default /var/log/scality/dsup/audit.log) on the Supervisor server and can also be set to another location. The audit log file provides detailed information on the user, date and time, name of the action performed (e.g. list, retrieve, delete, modify), RING component (Supervisor, Connector, Storage Node) on which the action was performed, result of the action (successful or not), duration of the action, and the detailed error message if the action wasn’t successful. 4.2 Versioning and WORM As mentioned earlier in this paper, data integrity requirements are in place to ensure that information is not tampered or altered. The S3 connector for the RING supports the versioning features from the Amazon S3 API. If enabled, this feature will allow users to keep track of different versions of a file on the RING storage. Using the standard S3 API calls, organizations will have the ability to view the modification dates and times of each file and it’s checksum as well as the ability to download previous versions of a file. Versioning is not always enough to address compliance requirements so organizations look for solutions that support Write once read many (WORM) operations. If an organization uses a solution that supports WORM, they can be assured that data will be read only and can not be altered. To help address this compliance requirement, Scality created a joint solution with iTernity that can meet legal and industry-specific regulations to provide a compliant long-term archiving solution. For more information, please check out the link to the solution sheet with iTernity in Appendix A. 4.3 Checksums The Scality RING uses a built-in CRC-32 checksum mechanism to ensure that the data being read is the same that was originally written to the RING. Upon reading replicated or Erasure Coded chunks on the disks, the RING calculates a CRC-32 checksum for each of the chunks it has to read and compares it to the CRC-32 checksum that was calculated upon writing the chunk (and stored in metadata with the chunk). If any of the chunks are found to be corrupted, (meaning the checksums do not match), the RING does two things: 1. Uses another replica or EC chunk to serve the requested data 2. Launches a chunk repair operation to repair the corrupted chunk (basically to replace the replica chunk by another replica or recalculates an Erasure Coded chunk). 4.4 Data Encryption Encryption on the disk level can be done today from array controllers or with encrypted
  • 6. Data Security in the Scality RING 6 drives. The Scality S3 connector supports bucket level encryption via an API extension which is a customized HTTP header used when a file is uploaded. The files are encrypted using OpenSSL with the AES-256 standard and the RING uses an external Key Management Service (KMS) to manage the encryption keys. 4.5 Supervisor Security The Supervisor is the web-based GUI for managing, monitoring, and provisioning resources on the RING. The Supervisor has the following security mechanisms: 1. HTTPS with password authentication. 2. Role-based Access Control (RBAC). Summary This paper explained what it takes to have a compliant storage solution built for the enterprise and went over the impact of security regulations and common compliance requirements. The security mechanisms of the Scality RING architecture was explained in detail ranging from the application layer to the storage layer. We hope that you now have a better idea of the Scality RING architecture and how we implemented common compliance features and security. Figure 4. – Scality Ring Supervisor Ring Overview Figure 3. – Scality Ring Supervisor Login Screen
  • 7. © 2017 Scality. All rights reserved. Specifications are subject to change without notice. Scality, the Scality logo, Scality RING are trademarks of Scality in the United States and/or other countries. Follow us on Twitter @scality and visit us at www.scality.com to learn more WPSR1-1702 Appendix A A.1 Going beyond this White Paper 1. Information on Scality products and use cases can be found here: http://www.scality.com 2. For more information on the Scality Ring, please view the technical white paper: http://storage.scality.com/white-paper-scality-technical-wp.html 3. Get more information on the S3 Connector in the following white paper: http://storage.scality.com/white-paper-scality-ring-s3-connector.html 4. Get more information on the joint solution with iTernity: http://www.scality.com/partners/iternity/