Presentation is loading. Please wait.

Presentation is loading. Please wait.

KMIP Cloud Use Case Kiran Thota – VMware Inc. Saikat Saha – Oracle Corp.

Published byDominic Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "KMIP Cloud Use Case Kiran Thota – VMware Inc. Saikat Saha – Oracle Corp."— Presentation transcript:

1 KMIP Cloud Use Case Kiran Thota – VMware Inc. Saikat Saha – Oracle Corp.

2 Agenda Discuss Cloud Challenges KMIP Sub-tasks & Plan

3 Background Traditional data center centric Key management insufficient for cloud in - – Scale (Client population expands and shrinks in real-time) – Automation – Migration – Geographical distribution and Key manager locality for better service experience (hybrid- cloud)

4 Background Virtualization enables movement of workloads across infrastructure – Dynamic and Automated Key Management Distribution of keys – Enterprises to Cloud Service Provider (CSP) – Key manager dedicated to a tenant (or shareable key manager infrastructure)

5 Scenario: KMIP in Cloud Cloud Service Provider App Data Enterprise IT Application Users CSP Administrators Enterprise Administrators Enterprise App Key DB vSphere Key Server

6 Key Security Challenges in Cloud  Trust establishment (contractual and on-line)  Ownership of keys  Protection of keys at rest  Protection of keys in transit  Defining & Programming key policy  Propagating key policy (server-to-server & server-to-client)  Negotiating key policy (server-to-client for diverse clients)  Managing access to keys  Managing key life-cycle  Enforcement of key policy  Visibility of key-related services and infrastructure  Proof of possession  Client capabilities to ensure adequate protection of keys

7 Key Management in the Cloud Four big considerations – Where are keys created? – Where are keys used? – Where are keys stored? – Where are key policies managed? Enterprise – Keys created, used, stored and managed by enterprise Hybrid – Keys created, stored and managed by enterprise – Key created, stored and managed by enterprise but at CSP’s infrastructure CSP – Keys created, used, stored and managed by CSP

8 Sub-Tasks Client-to-Server – Client Registration – Server Capability Query – Grouping and Policy Definition Server-to-Client – Notification to purge or kill – Client query (guarantee protection of keys) Note: KMIP does not yet address migration of keys between Key Managers (server-to-server)

9 Client Registration Automated scalable client registration Owner: Stan Feather (to confirm)

10 Server Capability Query Query server for capabilities – RNG – FIPS Owner: Tim Hudson (to confirm)

11 Grouping and Policy Propose changes to allow grouping and policy for bulk management of keys. Owner: Kiran Thota/ Saikat Saha Proposal by: Jan 30

12 Notify – Purge/Kill Propose a notification from server to client to purge a key from usage. Owner: Kiran Thota/ Saikat Saha Proposal by: Feb 07

13 Client Query Propose a query from server to client to evaluate client capabilities. Owner: Kiran Thota/ Saikat Saha Proposal by: Feb 20

Download ppt "KMIP Cloud Use Case Kiran Thota – VMware Inc. Saikat Saha – Oracle Corp."

Similar presentations

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415) 606-4416

© 2009 VMware Inc. All rights reserved VMware Horizon Mobile Intro - NetHope Deepak Puri Director Mobile Business Development +1 (415)
The future of Desktops Transform Your Desktop with Virtualization.

The future of Desktops Transform Your Desktop with Virtualization.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
High memory instances Monthly SLA : Virtual Machines Validated & supported Microsoft workloads Price reduction: standard Windows (22%) & Linux (29%)

High memory instances Monthly SLA : Virtual Machines Validated & supported Microsoft workloads Price reduction: standard Windows (22%) & Linux (29%)
Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh †‡ Srikanth Kandula ‡ Albert Greenberg ‡ †‡
Understanding Active Directory

Understanding Active Directory
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
Microsoft SQL Server x 46% 900+ For Hosting Service Providers

Microsoft SQL Server x 46% 900+ For Hosting Service Providers
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
........ Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.

Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas

© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
Www.oasis-open.org Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.

Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
Microsoft TechForge 2009 SQL Server 2008 Unplugged Microsoft’s Data Platform Vinod Kumar Technology Evangelist – DB and BI

Microsoft TechForge 2009 SQL Server 2008 Unplugged Microsoft’s Data Platform Vinod Kumar Technology Evangelist – DB and BI

Similar presentations

Ads by Google