WIXLIB

VMware virtualisation gives you:Secure architecture and design: Based on astreamlined and purpose-built architecture,vSphere is considered by experts to be themost secure virtualisation platform.Third party validation of security standards:VMware has validated the security of theirsoftware against standards set by CommonCriteria, NIST and other organisations.VMware ESXi has Common Criteria EAL 4 CertificationProven technology: More than 300,000customers – including all of the Fortune100 as well as military and governmentinstallations – trust VMware to virtualise theirmission-critical applications.The implementation of VMware vSphere andvCloud Director and related technologiesin the CloudCore environment has beenperformed following VMware and Calligo’sbest practice hardening guidelines along withthe use of enterprise controls for security andcompliance.cloud centre overview screenthat are needed along with completeperimeter network security provided byvShield Edge.ensure that standard machines are deployedthat conform to a client’s information securitypolicy.VSHIELD EDGEVMware vShield Edge integrates with vCloudDirector and vSphere providing featuressuch as Firewall, IPSec VPN, NAT and DHCPservices that provide the required perimetersecurity between the vDC and any otherexternal networks. Customer configurationthrough the CloudCentre web portal offersvirtualisation aware security, simplifyingapplication deployment and enforcing theboundaries and edge security required bycompliance standards.CLOUDCENTRE PORTALThis has been developed by Calligo toprovide an easy to use, highly visual tool forreporting and management. It can connect tomultiple clouds (e.g. Calligo’s CloudCore, aprivate cloud or a third party cloud) to allowconsistent management of cloud resources.CATALOGUESCustomers can deploy standard servicesfrom catalogues through the CloudCentreweb portal. Catalogues contain templatessuch as vApps (to deploy virtual applicationscontaining one or more virtual machines), andmedia that they can attach to virtual machinesto then appear as if a CD had been inserted.Catalogues are an important feature of amodern cloud computing environment. Theyinfo@mcs.kyIsolation is provided by design for all aspectsincluding:CPU & Memory: VMs have limited accessto CPU, memory isolation is enforced byhardware, and memory pages are zeroed outbefore being used by a VMVirtual Storage: VMs only see virtual SCSIdevices, not actual storage. Exclusive VMaccess to virtual disks is enforced by VMFSusing SCSI file locksVirtual Network: No code exists to link thevirtual switches, and virtual switches areimmune to learning and bridging attacksThe screenshot above shows variousperformance and trend statistics and a realtime view from Calligo’s Helpdesk system.INFRASTRUCTURE AS A SERVICE (IAAS)SECURITYCalligo’s CloudCore Infrastructure as aService product is based on VMwaretechnologies.VMware vShield Edge is used to providecomprehensive perimeter network securityfor virtual datacentres integrating seamlesslywith VMware vSphere and VMware vCloudDirector. It provides the essential securitygateway services to safely share networkresources by creating logical securityboundaries that provide isolation for virtualdatacentres in the vCloud environment.VMware offers secure and robustvirtualisation solutions for virtual datacentresand cloud infrastructures, and has both thetechnology and the processes to ensure thatthis high standard is maintained in all currentand future products.3vShield Edge is deployed as a virtualappliance to provide firewall, VPN, NAT andDHCP services, delivering network securitywithin the virtualised environments andproviding the logging and auditing controlsthat are needed to demonstrate compliancewith internal policies and external regulatoryrequirements.cloudcore infrastructureCloudCore is architected to deliverconsistent, high performance, even whenhandling the most demanding workloads.A major contributor to that is the 100%use of solid state storage. Calligo was thefirst cloud service provider in the worldto use the SolidFire storage system. Thisgroundbreaking storage platform wasarchitected from the ground up to deliverguaranteed Quality of Service (QoS) acrossmultiple volumes in large-scale cloudinfrastructures.Using SolidFire’s storage platform Calligo candeliver a guaranteed level of performanceand bandwidth within a multi-tenantedinfrastructure without traditional storageissues such as noisy neighbour. SolidFireincludes several core architectural elementsthat combine to deliver exceptionalperformance.100% SOLID STATE STORAGEOne of the biggest challenges for anycloud services provider is how to deal withinconsistent and unpredictable applicationperformance. The first requirement forachieving this level of performance ismoving from spinning media to an all-SSDarchitecture. A 100% SSD architecture meansthat Calligo can guarantee consistent latencyfor every IO. This means that CloudCoreis ideally suited to host business critical,performance sensitive applications. A 1Ushelf containing SolidFire drives delivers50,000 IO compared to 514 IO for traditionalfibre channel disks. That’s a performanceimprovement close to 100x.www.mcs.ky

TRUE SCALE-OUT ARCHITECTURESolidFire’s storage platform is scaledup by adding further nodes. Each nodeadds controller resources and storagecapacity together. This means that as thetotal storage capacity grows the SolidFirearchitecture ensures that controllerperformance does not become a bottleneckand that performance grows in a consistentmanner. It also means that Calligo canseamlessly add additional storage capacitywithout any disruption to clients.RAID-LESS DATA PROTECTIONSolidFire uses a RAID-less data protectionsolution designed to maintain dataavailability and performance without theoverhead of traditional RAID. This patentpending technology is a distributedreplication algorithm that spreads at leasttwo redundant copies of data across alldrives within the system. This allows thesystem to absorb multiple failures acrossall levels of the storage solution whilemaintaining data redundancy and Quality ofService (QoS) settings.SolidFire includes 128-bit AES drive levelencryption across the entire storagesolution. This enhances data securityand because of the 100% use of SSDs ithas no negative impact on performanceor efficiency. If a drive or node is everremoved from a SolidFire system the data isunreadable and unusable. Additionally, theencryption key is managed at the clusterlevel so no individual node stores the key toaccess the encrypted drives and the clusterkeys never leave the SolidFire system. Also,when a drive is gracefully removed from thesystem using the API or UI the administratorhas the option of performing a SSD specific“secure erase” command making any dataon the disk unreadable.info@mcs.kygovernance andinformation securityCalligo has a dedicated team ofprofessionals with responsibility, acrossall areas of the organisation, for Security& Compliance. This includes productdevelopment, the delivery of services andthe day-to-day management of the company.The Chief Security Officer, who is a memberof Calligo’s executive management team,leads the Security & Compliance group.Calligo is an Accredited QualityManagement System (QMS) company asspecified in ISO 9001:2008. The scope ofCalligo’s QMS comprises Service Delivery,Project Management, HR and SupplierManagement.Within the Security & Compliance groupCalligo has a dedicated Standards &Compliance Manager, who is professionallytrained as a lead auditor, to maintain andimprove quality, both internally and toclients.In addition, Calligo has implemented anInformation Security Management System(ISMS) across all areas of the business. Thisis based on, and independently accreditedto ISO 270001:2013, which is considered theindustry standard for information securitymanagement.Calligo ensures the constant integration ofbest practice and operational conformanceto its published policies and proceduresis undertaken. Calligo achieves this byimplementing an internal audit processthat ensures that the activities undertakenby the team are fully conformant with thedefined processes, and where necessarythis is supplemented by third party audits.An example of this would be the externalaudit undertaken of Calligo’s ISO9001implementation.www.mcs.ky

The policies and procedures that Calligo hasdeployed are fully aligned to the standardsthat are published by the Cloud SecurityAlliance (CSA), known as the STAR standards.These extend the ISO standards and reflectbest practice that is specific to cloud serviceproviders. Calligo will soon be seeking CSASTAR certification.100% DATA ENCRYPTIONAs described above all data stored inCloudCore is 128 bit encrypted usingSolidFire’s technology.All data backed up using CloudCopy is 256bit encrypted.ANTI-VIRUS PROTECTIONCalligo has partnered with Trend Microand offers several of their security andprotection products. CloudCore servers canbe protected using Trend’s Deep Securityproduct. This integrates with the VMwareenvironment to deliver security without anyadditional footprint through agentless integritymonitoring, intrusion prevention, firewall andanti-malware.INTRUSION DETECTION / PREVENTIONAND LOGGINGUsing a combination of security solutionsfrom trusted partners Calligo has built amulti layered deployment Security Platform.It delivers a comprehensive, vendor neutral,adaptive and highly efficient protectionservice across the environment that defendsand protects at every level of the platform,covering areas such as anti-malware, intrusiondetection and prevention, firewalls, webapplication protection, full end to end integritymonitoring and detailed log inspection. Thisis running in real time across the entire cloudplatform.The solution is deployed both internally andexternally ensuring full defence at multiplelayers throughout the environment.info@mcs.kySuites, client’s reserve, and pay for, a smallpercentage of their live resources at the DRlocation. Data is 100% replicated between theproduction and DR site and on invocation ortesting the other resources, CPU and Memory,are provisioned to 100% and paid for.disaster recovery cloudshieldCloud computing has many benefits thatassist in the delivery of a Business Continuityplan including the ability to simplify andautomate the tasks required to providereliable and rapid disaster recovery.This provides a very cost effective DRcapability. Data is always held in twogeographically diverse locations but computeresources are only paid for when needed.Compared to traditional, in-house delivered,solutions it avoids the need for major capitalinvestment in storage and compute resourcesthat are rarely used.Technologies that are standard within theCloudCore product such as high availabilityand fault tolerance mean that clients are wellpositioned to survive the loss of a single ormultiple devices. In most cases services willcontinue to be delivered without any impactto end users.CloudShield can be used to deliver DRprotection for traditional on premise, orhosted, systems, as well as cloud servicesincluding CloudCore. There are manyscenarios where Calligo and CloudCore candeliver flexible and effective disaster recoverycapabilities.The standard CloudCore service alreadyprovides a highly available service withguaranteed service levels so a disasterrecovery service would only be needed inextreme circumstances such as the loss ofthe whole site. Although it is rare to invokea disaster recovery service the nature ofmany businesses mean that this is a scenariothat needs to be considered. There is oftena regulatory requirement to have reliableand regularly tested business continuity anddisaster recovery plans.CLOUDCOPYThis is Calligo’s backup service. It can be usedto back-up CloudCore, on premise or anotherhosted service. CloudCopy is a fully managedservice meaning that clients can concentrateon other aspects of IT delivery knowing thattheir data is continuously protected andreplicated across two geographically diversesites.Where a disaster recovery option is neededthen there are a number of options. DualCloudCore services can be configured fromdifferent Calligo locations or CloudCorecan integrate with a private cloud or thirdparty cloud provider all via our CloudShieldoffering. Because CloudCore and CloudShieldare engineered using standard componentsfrom VMware, the world’s leading provider ofcloud technologies, the range of options isextensive.CloudCopy is described in the “CloudCopyOverview” available separately.INTER SITE DISASTER RECOVERY OPTIONSAs discussed above CloudCore is wellsuited to delivering a Disaster Recovery (DR)capability. CloudCore can be used to protecta private cloud, another public cloud serviceor many Calligo clients use diverse CloudCoreservices to deliver both Live and DR.CLOUDSHIELDCloudShield is Calligo’s disaster recoveryoption. It is a specially designed variant ofCloudCore that allows clients to reserve thecomputing capacity they would need in adisaster scenario but only pay for it when itis needed. Analogous to Business ContinuityOrganisations will have different DRrequirements driven by their Recovery Time(RTO) and Recovery Point Objectives (RPO)as well as their budget and the existing5technologies that they use. AccordinglyCalligo offer a choice of replication andprotection services.In simple terms the RTO describes howquickly services must be restored after adisruptive event. The RPO is the point in timefrom which a known and valid data set can berecovered. In the historical world of overnighttape backups a RPO of 12 to 24 hours wouldbe common.Defining an organisation’s RTOs & RPOs isa function of Business Continuity Planning.Some businesses will deem that a RTO of4 hours and a RPO of 1 hour is acceptableand for many organisations that would bea dramatic improvement on their currentcapabilities. Other organisations will demandRTOs of a few minutes with almost no loss ofdata, i.e. a RPO measured in seconds.Calligo offer three technology options thataddress these different requirements:VMware’s Site Recovery Manager (SRM)Veeam Backup & ReplicationZerto’s hypervisor based replication.VMWARE’S SITE RECOVERY MANAGER(SRM)SRM integrates natively with other VMwareproducts including vSphere Replication andsupports a broad set of high performancearray-based replication products to reliablycopy virtual machines across sites. It providesautomated orchestration and non-disruptivetesting of centralized recovery plans tosimplify disaster-recovery management for allvirtualized applications.The RPO for vSphere replication isasynchronous and scales between 15 minutesand 24 hours at 15 minute increments,however it will endeavour to replicate in asnear time as possible, bandwidth depending.www.mcs.ky

VEEAM BACKUP & REPLICATIONVeeam Backup & Replication combines imagebased backup and replication for VMware ina single solution. It can replicate continuouslyif required. It is easy to configure and fitsparticularly well where Veeam is already beingused for backups. It lacks the orchestration ofSRM or Zerto but does include the ability tomaintain multiple replica restore points.ZERTOZerto provides hypervisor based replication atseveral levels; a single virtual machine, a groupof machines or a virtual application. Zerto’sreplication achieves RPO in seconds and RTOin minutes. It can create multiple recoverypoints and uniquely it supports replication tomore than one DR site. Zerto has the mostcomprehensive management tools, providesscripting and orchestration options andintegrates tightly with VMware products suchas vCloud.other resourcesMore detailed information on CloudCentre,CloudCopy and other Calligo services areavailable from Calligo’s websitewww.calligo.netdocument controlFor more details .ky

disaster recovery - cloudshield 6 § CLOUDSHIELD6 § CLOUDCOPY6 § INTER SITE DISASTER RECOVERY OPTIONS 6 . document control 7 OVERVIEW V11 Supports the Most Demanding Workloads ISO 27001:2013 Security with 100% Data Encryption VMware s vCloud Air Network Service Compatible Choice of Multiple O shore Jurisdictions info@mcs.ky www.mcs.ky .