Click here to close now.

Welcome!

BigDataExpo® Blog Authors: Elizabeth White, Pat Romanski, Liz McMillan, Ian Goldsmith, Rex Morrow, Datical

Blog Feed Post

S3 Encryption With Porticor

Your Porticor appliance can encrypt data being stored to Amazon’s Simple Storage Service (S3). Porticor is the only system available that offers the convenience of cloud-based hosted key management without sacrificing trust by requiring someone else to manage the keys. Porticor’s split-key encryption technology protects keys and guarantees they remain under customer control and are never exposed in storage; and with homomorphic key encryption, the keys are protected – even while they are in use.

A variety of applications use S3 to store bulk data, and we support two different ways of enabling Porticor encryption with them.

  1. The first and recommended alternative is to configure the application so that data is written to and read from the Porticor appliance.
  2. Where this is not an option, you can instead configure host-to-IP mapping so that the application writing to s3.amazonaws.com actually writes to the appliance, which encrypts and forwards the data to S3.

These are two options to set up your environment, but the end result is one and the same: your data is encrypted when written to S3 and decrypted when reading from it, with no need to change the client application.

What follows are detailed instructions for both configuration options.

Alternative 1: Explicit Configuration

This alternative depends on the individual application. In fact some S3 clients are hardwired to the Amazon server addresses and cannot be configured. For these clients you must use Alternative 2.

In this alternative you configure the S3 client to connect to a special DNS address for each of your buckets and for the main S3 endpoint. These DNS addresses are installed automatically when you add your S3 “buckets” into the table on the S3 Encryption page. All buckets that are to be encrypted must be listed. If your bucket is called mylittlebucket, it will be mapped to the DNS name mylittlebucket.d.porticor.net.

The specific client configuration depends on the particular client. Following are two examples.

Configuring s3cmd

Edit the file $HOME/.s3cfg, and replace the host_base and host_bucket lines as below, where the long host_base value is your appliance’s address.

# old:
# host_base = s3.amazonaws.com
# host_bucket = %(bucket)s.s3.amazonaws.com

# new:
host_base = itbetb19zy3-pzjy3yty2zw.d.porticor.net
host_bucket = %(bucket)s.d.porticor.net

Configuring S3QL

Edit $HOME/.s3ql/authinfo2, and add a new section:

[porticor]
storage-url: s3c://itbetb19zy3-pzjy3yty2zw.d.porticor.net/bucket-name/
backend-login: aws-key-id
backend-password: aws-secret-key

To create the file system, run:

mkfs.s3ql --plain --ssl s3://bucket-name/

mount.s3ql --ssl s3://bucket-name /mnt/cloud-drive

Note the use of the “s3c” URL method. Both the --ssl and --plain flags are mandatory.

Alternative 2: Host Mapping

With this alternative you configure the host on which your S3 client is running, so that s3.amazonaws.com and bucketname.s3.amazonaws.com are resolved to the IP address of the Porticor appliance. You should not fill in the Bucket table in this alternative.
On Linux, edit the file /etc/hosts and add the lines shown below.
On Windows, add these lines to %windir%\system32\drivers\etc\lmhosts (or ...\hosts, depending on your Windows version).

Appliance-IP bucketname.s3.amazonaws.com # replicate this line for each S3 bucket
Appliance-IP s3.amazonaws.com

Use the so-called “private” IP address (10.x.x.x) of the Porticor appliance, for access from within the EC2 cloud. If you plan to access the appliance from outside the cloud or even from another AWS region you will need to use “public” address instead. Both addresses are listed in the S3 Configuration GUI page.
All communication with the virtual appliance is SSL-protected. In Alternative 2, you should make sure that your project’s CA certificate is installed on the client machine, otherwise your S3 client might refuse to connect.

Additional Notes

  • You need to wait a few minutes after the creation of a new bucket before starting to use it, so that it is recognized by all S3 servers.
  • Note that Porticor does not support “mixed buckets” containing both protected and unprotected objects.
  • Bucket names must conform with the requirements for DNS names, as recommended by Amazon Web Services. In particular they must not contain uppercase letters.

The post S3 Encryption With Porticor appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@BigDataExpo Stories
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York City, NY. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption...
SYS-CON Events announced today that BMC will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. BMC has worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, BMC pairs high-speed digital innovation with robust...
The OpenStack cloud operating system includes Trove, a database abstraction layer. Rather than applications connecting directly to a specific type of database, they connect to Trove, which in turn connects to one or more specific databases. One target database is Postgres Plus Cloud Database, which includes its own RESTful API. Trove was originally developed around MySQL, whose interfaces are significantly less complicated than those of the Postgres cloud database. In his session at 16th Cloud...
Software is eating the world. Companies that were not previously in the technology space now find themselves competing with Google and Amazon on speed of innovation. As the innovation cycle accelerates, companies must embrace rapid and constant change to both applications and their infrastructure, and find a way to deliver speed and agility of development without sacrificing reliability or efficiency of operations. In her Day 2 Keynote DevOps Summit, Victoria Livschitz, CEO of Qubell, discussed...
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
Discussions about cloud computing are evolving into discussions about enterprise IT in general. As enterprises increasingly migrate toward their own unique clouds, new issues such as the use of containers and microservices emerge to keep things interesting. In this Power Panel at 16th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists will address the state of cloud computing today, and what enterprise IT professionals need to know about how the latest topics and trends affec...
Move from reactive to proactive cloud management in a heterogeneous cloud infrastructure. In his session at 16th Cloud Expo, Manoj Khabe, Innovative Solution-Focused Transformation Leader at Vicom Computer Services, Inc., will show how to replace a help desk-centric approach with an ITIL-based service model and service-centric CMDB that’s tightly integrated with an event and incident management platform. Learn how to expand the scope of operations management to service management. He will al...
Working with Big Data is challenging, especially when decision makers depend on market insights and intelligence from your data but don't have quick access to it or find it unusable. In their session at 6th Big Data Expo, Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia; Zel Bianco, President, CEO and Co-Founder of Interactive Edge of Solgenia; and Ermanno Bonifazi, CEO & Founder at Solgenia, discussed how a revolutionary cloud-based BI along with mobile analytics is already c...
The world is at a tipping point where the technology, the device and global adoption are converging to such a point that we will see an explosion of a world where smartphone devices not only allow us to talk to each other, but allow for communication between everything – serving as a central hub from which we control our world – MediaTek is at the heart of both driving this and allowing the markets to drive this reality forward themselves. The next wave of consumer gadgets is here – smart, con...
Hardware will never be more valuable than on the day it hits your loading dock. Each day new servers are not deployed to production the business is losing money. While Moore's Law is typically cited to explain the exponential density growth of chips, a critical consequence of this is rapid depreciation of servers. The hardware for clustered systems (e.g., Hadoop, OpenStack) tends to be significant capital expenses. In his session at Big Data Expo, Mason Katz, CTO and co-founder of StackIQ, disc...
SYS-CON Events announced today that DragonGlass, an enterprise search platform, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. After eleven years of designing and building custom applications, OpenCrowd has launched DragonGlass, a cloud-based platform that enables the development of search-based applications. These are a new breed of applications that utilize a search index as their backbone for data...
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
As the Internet of Things unfolds, mobile and wearable devices are blurring the line between physical and digital, integrating ever more closely with our interests, our routines, our daily lives. Contextual computing and smart, sensor-equipped spaces bring the potential to walk through a world that recognizes us and responds accordingly. We become continuous transmitters and receivers of data. In his session at @ThingsExpo, Andrew Bolwell, Director of Innovation for HP's Printing and Personal S...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, June 9-11, 2015, at the Javits Center in New York City. Learn what is going on, contribute to the discussions, and ensure that your enter...
SYS-CON Events announced today that EnterpriseDB (EDB), the leading worldwide provider of enterprise-class Postgres products and database compatibility solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. EDB is the largest provider of Postgres software and services that provides enterprise-class performance and scalability and the open source freedom to divert budget from more costly traditiona...
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will addresses this very serious issue o...
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. 8th International Big Data Expo, co-located with 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing bo...
Can the spatial component of your Big Data be harnessed and visualized, adding another dimension of power and analytics to your data? In his session at Big Data Expo®, John Meza, Product Engineer and Performance Engineering Team Lead at Esri, discussed the spatial queries that can be used within the Hadoop ecosystem and their integration with GeoSpatial applications. The GIS Tools for Hadoop project was also discussed and its implementation to discover location-based patterns and relationships...
An effective way of thinking in Big Data is composed of a methodical framework for dealing with the predicted shortage of 50-60% of the qualified Big Data resources in the U.S. This holistic model comprises the scientific and engineering steps that are involved in accelerating Big Data solutions: problem, diagnosis, facts, analysis, hypothesis, solution, prototype and implementation. In his session at Big Data Expo®, Tony Shan focused on the concept, importance, and considerations for each of t...