Secure Data at Rest, on the Wire, and Access Management
Zetacloud OS provides multiple ways to strengthen data access management, internal data security and data being transmitted, i.e., on the wire. At Zetacloud, we assure clients of their data being secure. Therefore we consider all the different attack vectors.
- Disk Encryption
- Filesystem-native disk encryption ensures that confidential data on the disk isn't accessible even if someone gets accesses the physical disks. The encryption algorithms used are AES-compliant.
- File Permissions
- ZFS fully supports ther newer NFSv4 file/directory ACL models. With the introduction of NFSv4, a new ACL model fully supports the interoperability that NFSv4 offers between UNIX and non-UNIX clients. The new ACL implementation, as defined in the NFSv4 specification, provides much richer semantics that are based on NT-style ACLs.
These file permissions also ensure that access is granted to users and groups only on the basis of need or role.
- IPsec, IP Overlays
- There's multiple mechanisms available on ZCOS for creating encrypted links between diverse systems which will ensure all traffic across the wire is always sercure and encrypted. These allow diverse systems to be stithed together into a cohesive virtual network.
- IP Filters, IP NAT
- A complete system-level firewall is available at both the VM level as well as at the cloud host leve. The're also a firewall and NAT address translation table available for inter- and intra-VM data flows.
- OpenVPN Access
- Access to any physical or virtual network managed by ZCOS can be limited to only via the Web UI or via tunnel forwarding traffic via a VPN tunnel. This assures that system access is not only restricted by passwords, but also that access is only provided at or during a predefined time(s).