Dell EMC CloudLink Administration Guide

Cloud computing offers significant benefits for deployment flexibility, infrastructure scalability, and cost-effective use of IT resources. You can take advantage of these benefits by deploying enterprise workloads in the cloud. However, because cloud computing is based on a shared, multi-tenant compute, network, and storage architecture, traditional security controls are not sufficient. Data owners must secure sensitive data that is saved in the cloud to address privacy and regulatory compliance requirements, and satisfy requirements that are related to data that might remain in the cloud after it is no longer used.

Dell EMC CloudLink secures sensitive information within machines across both public and private clouds. It provides encryption for the boot volume and additional data volumes with prestartup authorization for cloud-hosted machines. CloudLink provides this encryption by using the following native OS encryption features:

  • Microsoft BitLocker for Windows
  • dm-crypt for Linux

BitLocker and dm-crypt are proven high-performance volume encryption solutions that are widely implemented for physical machines. However, customers have not been able to use these solutions in the cloud, where you cannot use the native OS encryption features alone to encrypt the boot volume. CloudLink solves this problem.

CloudLink's VM encryption functionality enables you to use native OS encryption features to encrypt a machine's boot and data volumes in a multi tenant cloud environment. This encryption enables you to protect the integrity of the machine itself against unauthorized modifications.

CloudLink encrypts the machine boot and data volumes with unique keys that enterprise security administrators control. Neither cloud administrators nor other tenants in the cloud have access to the keys. By securing machines, you can define the security policy that must be met before passing the prestartup authorization, including verifying the integrity of the machine’s boot chain. This offers protection against tampering.

CloudLink ensures that only trusted and verified machines can run and access sensitive data that is stored in the cloud. As part of the CloudLink solution, CloudLink Center defines the key release policy, performs prestartup authorization, and monitors all CloudLink Agents, events, and logs.