A comprehensive solution to private cloud security in enterprises

From the original as to meet the "remote Access", "Remote Application" rigid demand and the emergence of the virtual application software, in the gradual embodiment of less occupied resources, easy to manage the centralized application of advantages, has been more recognized. With the rapid growth of demand for mobile clients, virtual application mode is more useful to cross-platform support, and more and more enterprises choose to use virtual application software to build private cloud it platform.

At the same time, the opening of access access will bring more test to the security of information system than the restricted area network, and must pay enough attention to it. As the platform software of virtual application management, the necessary security management means and functions should be provided.

I. Login security

User name/password (static password) login basically rely on the user's own security awareness, is the main hidden dangers of system security. For security requirements of the user login mode, the current commonly used dynamic password (dynamic password), USB Key (U shield, encryption Lock), simple operation, strong security. With the improvement of such hardware products and price reduction, has been widely popular.

Private cloud It platforms need to provide support for dynamic passwords and USB keys to meet the high security requirements of critical positions or applications. In particular, the USB key login method, bringing the convenience of operation will significantly improve the user experience satisfaction.

Figure 1:usb Disk Key is one of the VA virtual Application Management Platform client login modes to simplify login and enhance security

Second, access security verification

As an information management system within an enterprise, it is not enough to rely on user name/password access authentication, and in most cases, more complex background verification is required, and the Access object is appropriately restricted. This kind of authentication technology realization We call it "Access Firewall".

Access to the firewall to set the rules to protect the "cloud terminal" access to the legality. Firewalls filter client devices through user/user groups, IP address/client fingerprint/Client name/intranet restrictions, and so on, ensuring a legitimate client Access server. The firewall can also control the time that a client or registered user accesses a different application. Therefore, the access firewall can be described simply as: Who, where, at what time, what access, what, is allowed, or denied.

can also play a role in the stability of the system operation. For example, you can restrict extranet access to some of the larger applications of network traffic and protect other remote access bandwidth.

Figure 2:va Virtual Application Management firewall to manage visitors and access resources comprehensively

Iii. Server Security Policy

The virtual application is based on the server computing Mode technology (server-based computing), the server cluster is the base platform of the application virtualization, which guarantees the stability and security of the platform, and ensures the stability and security of the private cloud system. In order to better secure policy settings for the server system, it is necessary to preset various levels of security policies for the characteristics of the virtual application, and to support custom security policies that bind each user.

In some cases, restrictions on security policies can cause application loading problems, so you need to be able to set up different ways of loading your application to avoid such problems.

Figure 3:va Virtual application of the server security policy, through more than 200 policy settings, can effectively prevent unauthorized operation of the server.

Iv. Real-time monitoring

The real-time monitoring of the system includes: Server resource and running state, the full information of the access session, and the situation of the application. You can view the real-time status and access details of the entire platform, intervention control and emergency handling if necessary.

Figure 4:va Virtual application cluster state monitoring, including diagram server State and session state, application status

V. System Data Security

The system data security of virtual application itself must be protected effectively. At the same time, backup and restore operations, uninstall, upgrade, and migration, the processing should provide the appropriate maintenance tools and practical solutions.

Figure 5:va Virtual application System data security design, effectively protect the cloud computing platform security

Vi. Security Audits

As a routine supervision or postmortem inspection, the security audit is based on the system operation and user activities related records. The system needs to provide as comprehensive data and verification functions as possible, including records of the above security management, recording of session and Access applications, print records, System run alarm event records, file access records, etc.

Figure 6:va The historical diary data of the virtual application to provide a comprehensive running record

Summary: The security of information system needs omni-directional protection, the construction of private cloud information platform should choose the virtual application software with omni-directional security function, while guaranteeing the technical means, we should pay attention to the construction and execution of the safety management system, and provide the effective security for the new generation enterprise IT platform.