Ping a Specific Port

Question

Chopper3

Asked: 2009-06-03 03:55:11 +0800 CST2009-06-03 03:55:11 +0800 CST 2009-06-03 03:55:11 +0800 CST

Secure storage solution sought

772

I need an end-to-end multi-client/multi-supplier secure storage system, I can build it using various bits and pieces but it feels overcomplex - am I missing a trick?

Specifically I need to offer multiple clients VPN-secured, secure file transfer into a secure filesystem (as in encrypted on the disk/over fibre) then served out, again via VPN-secured, secure file transfer to a range of other suppliers. No client files can 'mix' at any point and ALL points in the chain must be secure. Oh and it has to be highly resilient, so this must all be clustered/load-balanced. Expecting around 500GB/client/supplier per day, total storage is unlikely to go over 30TB.

My current thought is to use a combination of Checkpoint Virtual Firewalls, 2/3 VMware hosts with lots of NICs connected to the FW, each host connected via Brocade secure FC HBAs to a secure FC SAN box, with each client's VPN tunnel being truncated inside their own VM (which will be clustered using a front-end load balancer), the VMs will then SFTP over the tunnel from the client, drop the files over the secure FC into a dedicated disk-group/LUN/datastore/VMDK chain. Then I'd do the same the other way out to suppliers (except we do apply some DRM as we transmit).

I'd appreciate any suggestions of how to make this simpler, more secure or both.

Thank you.

4 Answers

Voted

Mike Fiedler · Answer 1 · 2009-06-03T04:04:23+08:00

Best Answer

Mike Fiedler

2009-06-03T04:04:23+08:002009-06-03T04:04:23+08:00

Seems like you've covered it.

We use a secure file transfer vendor - Accellion - as they provide a pretty decent all-in-one solution, that also runs on top of VMWare (they provide a complete vm image).

One requirement is that everything be encrypted - so you have to get on the VPN to access the service. Once in, the vm appliance takes over, authenticates users, stores the files where you need them to be on the SAN, encrypting everything in its path.

3

StevoIBM · Answer 2 · 2009-06-04T14:49:44+08:00

StevoIBM

2009-06-04T14:49:44+08:002009-06-04T14:49:44+08:00

You can also look at IBM ISS solutions as well for securing your file and data transfer protocols using the IPS appliance. This would help maintain security of these systems.

1

Mark Henderson · Answer 3 · 2009-06-04T18:40:47+08:00

Mark Henderson

2009-06-04T18:40:47+08:002009-06-04T18:40:47+08:00

I'd be doing a lot of research into which VM solution to use. There are some known exploits in VMWare (and likely other solutions as well) that will allow one compromised virtual machine to access the memory space of the host (and thus, other virtual machines).

1

pfo · Answer 4 · 2010-01-16T04:19:08+08:00

pfo

2010-01-16T04:19:08+08:002010-01-16T04:19:08+08:00

NetApp has some secure storage options as well, even with integration into tape encryption etc.

1

Secure storage solution sought

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?