Ukusetshenziswa kwesoftware ye-VAST Data Platform

Ukusetshenziswa kwesoftware ye-VAST Data Platform

Okuqukethwe fihla
1 Isingeniso
2 Iyini i-VAST Data Platform
3 Inethiwekhi kanye Node Segmentation
4 Ukuhlala Okunengqondo
5 Ukugunyazwa kanye Nokuphathwa Kobunikazi
6 Ukulawula Ukufinyelela
7 Amalebula we-Protocol ACL namalebula we-SELinux
8 Ukuphathwa Kwesitifiketi Nokubethela
9 Ikhathalogi kanye noCwaningo
10 Isistimu yokusebenza egcinwe futhi evikelekile
11 Secure Software Supply Chain
12 Isiphetho
13 Amadokhumenti / Izinsiza
13.1 Izithenjwa

Isingeniso

Ezweni lanamuhla eliqhutshwa idatha, ukugcinwa kuyimfihlo nokuvikeleka kwedatha engahlelekile kubalulekile. I-Multi-Category Security (MCS) nezici zokuqasha ezivikelekile zinikeza uhlaka oluqinile lokubhekana nalokhu kukhathazeka. I-MCS, indlela yokulawula ukufinyelela ku-Security-Enhanced Linux (SELinux), ithuthukisa ubumfihlo bedatha ngokunikeza izigaba ezithile files kanye nezinqubo. Lokhu kuqinisekisa ukuthi abasebenzisi abagunyaziwe kuphela nezinqubo ezingafinyelela kulwazi olubucayi, okunikeza isendlalelo esengeziwe sokuvikela idatha engahlelekile njengamadokhumenti, izithombe, namavidiyo.

Ukuqashwa okuvikelekile kuqinisa futhi ukuhlukaniswa kwedatha ngokudala izindawo ezihlukile zamaqembu ahlukene, iminyango, noma izinhlangano ngaphakathi kwengqalasizinda efanayo. Le ndlela iqinisekisa ukuthi idatha yesiqashi ngasinye ihlukaniswa ngokunengqondo noma ngokomzimba, ivimbela ukufinyelela okungagunyaziwe nokugcina ubumfihlo bedatha. Izici ezibalulekile zokuqasha okuvikelekile zifaka ukuhlukaniswa kwezinsiza, ukuhlukaniswa kwedatha, ukuhlukaniswa kwenethiwekhi, nezilawuli zokufinyelela eziyimbudumbudu.

I-VAST Data Platform iyisibonelo salezi zimiso ngohlelo lwayo oluphelele lwezici, kuhlanganise ne-VLAN. tagging, izilawuli zokufinyelela ezisekelwe endimeni nezisekelwe kusibaluli, nezindlela zokubethela eziqinile. Lo mbhalo uhlola ukuthi ukuhlanganisa i-MCS nokuqashwa okuphephile ngaphakathi kwe-VAST Data Platform kunikeza kanjani isisombululo esibanzi nesivikelekile sokuphatha idatha engahlelekile, ikakhulukazi ezinhlanganweni ezinezidingo eziqinile zokugcinwa kuyimfihlo kwedatha. Lesi sethulo sifushane, sigxilile, futhi sinikeza umhlahlandlela ocacile wokuqukethwe yidokhumenti, uhambisana nezinqubo ezingcono kakhulu zokubhalwa kwezobuchwepheshe.

Iyini i-VAST Data Platform

I-VAST Data Platform iyisixazululo esiphelele sokuphatha idatha engahlelekile, ikakhulukazi ye-AI kanye nezinhlelo zokufunda ezijulile. Ihlanganisa amakhono ahlukahlukene okuthwebula, ikhathalogi, ilebula, ukucebisa, nokugcina idatha, inikeze ukufinyelela kwedatha okungenazihibe ukusuka onqenqemeni kuye kumafu.

I-Disaggregated and Shared-Everything (DASE) Architecture

Lesi sakhiwo sihlukanisa i-compute logic kusuka kusimo sesistimu, okuvumela ukukala okuzimele komthamo ngokwengeza AmaNode Edatha (DNodes) nokusebenza ngokwengeza AmaNodi Ekhompiyutha (CNodes). Ihlanganisa izakhiwo zedatha eyabiwe neyohwebo ukuze kunqobe imikhawulo yezinhlelo ezisabalalisiwe zendabuko.

Amaklayenti Asekelwe: NFS, NFSoRDMA Server Message Block (SMB), Amazon S3, and Containers (CSI)

Iyini i-VAST Data Platform
Amaseva Ephrothokholi Angenasimo Sezwe (ama-CNodes)
I-Disaggregated and Shared-Everything (DASE) Architecture

I-VAST DataStore

Eyethulwe ngo-2019, i-DataStore yakhelwe ukugcina nokunikeza idatha engahlelekile. Yephula i-tradeoff phakathi kokusebenza namandla, iyenze ifanelekele isitoreji sedatha esingahlelekile esilungele ibhizinisi nge-AI.
I-VAST Database

Le ngxenye iletha ukusebenza kokuthengiselana kwesizindalwazi, ukusebenza kokuhlaziya kwenqolobane yedatha, kanye nesikali nokuthengeka kwechibi ledatha. Isekela kokubili umugqa kanye nokugcinwa kwedatha yekholomu.
I-VAST DataSpace

Yethulwe ngo-2023, i-DataSpace inikeza ukufinyelela kwedatha yomhlaba wonke ukusuka ekugcineni kuye kumafu, ibhalansisa ukuvumelana okuqinile nokusebenza kwasendaweni. Ivumela ukubalwa kwedatha kusuka kunoma iyiphi inkundla yamafu esesidlangalaleni, eyimfihlo, noma esemaphethelweni.

Inkundla ihlanganisa idatha ehlelekile nengahlelekile, i-database analytics, futhi inikeza indawo yamagama yomhlaba wonke. Isekela amaphrothokholi ahlukahlukene njenge-NFS, i-SMB, i-S3, i-SQL, futhi ishumeke i-Apache Spark yokuguqulwa kwedatha nokusetshenziswa ezinhlelweni zemiyalezo.

Inkundla yakhelwe ukunika amandla i-AI nezinhlelo zokusebenza zebhizinisi, ihlinzeka ngokuhlaziywa kwedatha okujulile kwesikhathi sangempela namandla okufunda ajulile. Ithwebula futhi icubungule idatha ngesikhathi sangempela, ivumela ukuchazwa kwe-AI, ukucebisa imethadatha, nokuqeqeshwa kabusha kwemodeli.

Iyini i-VAST Data Platform

Inethiwekhi kanye Node Segmentation

I-VAST Data Platform ihlanganisa izici ezimbalwa ezihlobene nokusebenza kahle kokuphatha nokuhlukaniswa kwenethiwekhi, okuhlanganisa ukusebenza kweqembu le-CNode, kanye nekhono lokuhlanganisa ama-CNodes kuma-VLAN. Nazi izincazelo ezinemininingwane yalezi zici, kanye nezigaba ezifanele ezivela ku-VAST Cluster 5.1 Documentation:

I-CNode Grouping and Pooling

Ukuhlanganisa Iseva (i-CNode): Izivumelwano zesitoreji zinikezwa kusukela ku-Compute Nodes (CNodes). I-VAST Data Platform ivumela ukuqoqwa kwama-CNodes abe amachibi amaseva ahlukene. I-pool ngayinye yeseva inesethi eyabelwe yamakheli e-Virtual IP (VIPs) asakazwa kuwo wonke ama-CNodes echibini. Lokhu kunikeza indlela Yekhwalithi Yesevisi (i-QoS) ngokulawula inani lamaseva anikezwe iphuli ngayinye. Uma i-CNode ingaxhunyiwe ku-inthanethi, ama-VIP ebiwasebenzisa asabalaliswa kabusha ngokungenasiphazamiso kuwo wonke ama-CNodes asele echibini. Lokhu kuqinisekisa ukulinganisa komthwalo kanye nokutholakala okuphezulu.

  • Isigaba: Imibhalo Yeqoqo Le-VAST, “Ukuphatha Amachibi E-IP Abonakalayo” [p. 593]

I-VLAN Tagukugoba nokubopha

I-VLAN Tagigama: VLAN tagi-ging ivumela abalawuli ukuthi balawule ukuthi imaphi ama-Virtual IPs avezwa kuwo ukuthi imaphi ama-VLAN akunethiwekhi. Lesi sici siqinisekisa ukuthi ithrafikhi yenethiwekhi ihlukaniswa phakathi kwama-VLAN ahlukene, ukuvimbela ukufinyelela okungagunyaziwe nokuvuza kwedatha phakathi kwabaqashi. I-VLAN tagi-ging ilungiswa ngokwakha amachibi e-Virtual IP ngaphakathi kwe-VLAN kuplathifomu ye-VAST, ehlinzeka ngokuhlukaniswa kwenethiwekhi okuvikelekile nokuhlukaniswa.

  • Isigaba: Imibhalo Yeqoqo Le-VAST, “Tagging I-Virtual IP Pools with VLANs” [p. 147]
  • Isigaba: Ukufinyelela Kwenethiwekhi Nokunikezwa Kwesitoreji (v5.1) [p. 141]

Ukuhlukaniswa Kwenethiwekhi

Lawula Ukufinyelela ku Views kanye Nezinqubo: A VAST View iwumfanekiso onamaphrothokholi amaningi wesabelo sesitoreji senethiwekhi, ukuthekelisa, noma ibhakede. Ipulatifomu ivumela abalawuli ukuthi balawule ukuthi yimaphi ama-VLAN anokufinyelela kokuthile Views nokuthi yiziphi izivumelwano ezivunyelwe ukusetshenziswa uma ufinyelela ama-VIP kulawo ma-VLAN. Lesi sici sithuthukisa ukuphepha ngokuqinisekisa ukuthi ama-VLAN agunyaziwe kuphela angafinyelela idatha namasevisi athile. Icushwa ngokusetshenziswa View Izinqubomgomo, ezingacacisa izimvume zokufinyelela ezisuselwe kuma-VLAN.

  • Ingxenye: Imibhalo Yeqoqo Le-VAST, “Ukudala View Izinqubomgomo” [p. 628]

Ukuhlala Okunengqondo

I-VAST Data Platform inikezela ngezici ezimbalwa ezihlobene nokuqashwa kwabantu abaningi ezivumela ukuhlukaniswa okuphephile nokuphathwa kwabaqashi. Nazi izici ezibalulekile zokuqasha kanye nezincazelo ezinemininingwane kanye nezigaba ezifanele ezivela ku-VAST Cluster 5.1 Documentation:

Abaqashi

Incazelo: Abaqashi Ku-VAST Data Platform bachaza izindlela zedatha ezingazodwa futhi bangaba nemithombo yabo yokuqinisekisa efana ne-Active Directory (AD), i-LDAP, noma i-NIS. Umqashi ngamunye angakwazi futhi ukuphatha okhiye bakhe bokubethela, aqinisekise ukuthi idatha ihlala yodwa ngokuphephile kwabanye abaqashi. Lesi sici sibalulekile ezindaweni eziqashe abantu abaningi lapho izinhlangano noma iminyango ehlukene idinga ukugcina ukuhlukaniswa kwedatha okuqinile.

  • Isigaba: Abaqashi (v5.1) [p. 251]

View Izinqubomgomo

Incazelo: View Izinqubomgomo zichaza izimvume zokufinyelela, amaphrothokholi, nezilungiselelo zokuphepha ze Viewyabelwe abaqashi. Lezi zinqubomgomo zivumela abalawuli ukuthi balawule ukuthi ubani ongafinyelela idatha, iziphi izenzo abangakwazi ukuzenza, nokuthi yiziphi izivumelwano abangazisebenzisa. Lokhu kulawula okuyimbudumbudu kubalulekile ekugcineni ukuphepha nokuhambisana nezindawo eziqashisayo eziningi.

  • Isigaba: Ukuphatha Views futhi View Izinqubomgomo (v5.1) [p. 260]

I-VLAN Isolation

Incazelo: Ama-VLAN angaboshwa kumqashi othize ukuze aqhubeke ahlukanise ithrafikhi phakathi kwabaqashi, avimbele ukuwela umzila noma ithrafikhi yokusakaza ukuthi yenzeke ngaphesheya komngcele we-L2.

  • Ingxenye: Tagging I-Virtual IP Pools nama-VLAN [p. 147]

Ikhwalithi Yesevisi (QoS)

Incazelo: Izinqubomgomo ze-QoS zihlinzeka ngezilawuli zokusebenza kwe-granular kumkhawulokudonsa kanye nama-IOP (ukusebenza okokufaka/okuphumayo ngomzuzwana) Viewyabelwe abaqashi. Lezi zinqubomgomo ziqinisekisa ukusebenza okubikezelwayo futhi zinqanda izinkinga zombango wezinsiza, okubaluleke kakhulu ezindaweni eziqashe abantu abaningi lapho abaqashi abahlukene bengase babe nezidingo zokusebenza ezihlukene. Ngokungeziwe emikhawulweni ephezulu ye-QoS esiza ukuvimbela ukukhathala kokusebenza, amathreshold amancane we-QoS nawo ayatholakala, ukusiza ukuvimbela inkinga enomsindo yomakhelwane yokuqasha okuningi.

  • Isigaba: Ikhwalithi Yesevisi (v5.1) [p. 323]

Izilinganiso

Incazelo: Izabelo zivumela abalawuli ukuthi babeke imikhawulo yamandla Views kanye nezinkomba zokuhlukaniswa kwabaqashi. Lesi sici siqinisekisa ukuthi akekho umqashi oyedwa ongasebenzisa ngaphezu kwesabelo sakhe esabelwe sezisetshenziswa, okusiza ukuvimbela ukuphela komthamo wesistimu okungalindelekile.

  • Isigaba: Ukuphatha Izilinganiso (v5.1) [p. 314]

Ukugunyazwa kanye Nokuphathwa Kobunikazi

Umqashi kanye Nokuphathwa Komazisi

Incazelo: Abaqashi Ku-VAST Data Platform bachaza izindlela zedatha ezingazodwa futhi bangaba nemithombo yabo yokuqinisekisa efana ne-Active Directory (AD), i-LDAP, noma i-NIS. Inkundla isekela abahlinzeki bomazisi abafika kwabayisishiyagalombili abangalungiselelwa ukusetshenziswa ezingeni lesiqashi.

  • Isigaba: Abaqashi (v5.1) [p. 251]

Views

Incazelo: Viewama-multi-protocol amasheya, ukuthunyelwa kwamanye amazwe, noma amabhakede okungewabaqashi abathile. Banikeza ukufinyelela kwedatha okuhlukaniswe ngokuvikelekile, okuqinisekisa ukuthi umqashi ngamunye angakwazi ukufinyelela idatha yakhe kuphela. Views ingalungiselelwa ngezimvume ezithile zokufinyelela kanye nezivumelwano, okuzenza zisebenziseke ngezindlela ezihlukahlukene ezimweni ezihlukahlukene zokusetshenziswa.

  • Isigaba: Ukuphatha Views futhi View Izinqubomgomo (v5.1) [p. 260]

View Izinqubomgomo

Incazelo: View Izinqubomgomo zichaza izimvume zokufinyelela, amaphrothokholi, nezilungiselelo zokuphepha ze viewyabelwe abaqashi. Lezi zinqubomgomo zivumela abalawuli ukuthi balawule ukuthi ubani ongafinyelela idatha, iziphi izenzo abangakwazi ukuzenza, nokuthi yiziphi izivumelwano abangazisebenzisa. Lokhu kulawula okuyimbudumbudu kubalulekile ekugcineni ukuphepha nokuhambisana nezindawo eziqashisayo eziningi.

  • Isigaba: Ukuphatha Views futhi View Izinqubomgomo (v5.1) [p. 260]

Ukulawula Ukufinyelela

I-VAST Data Platform inikeza uhlu olubanzi lwezici zokugunyazwa nokuphathwa kobunikazi. Nazi izincazelo ezinemininingwane yesici ngasinye kanye nezigaba ezifanele nezinombolo zekhasi ezivela ku-VAST Cluster 5.1 Documentation:

Ukulawula Ukufinyelela

I-Role-based Access Control (RBAC)

Incazelo: I-VAST Cluster isebenzisa uhlelo Lokulawula Ukufinyelela Okusekelwe Endimeni (RBAC) lokuphatha ukufinyelela ku-VAST Management System (VMS). I-RBAC ivumela abalawuli ukuthi bachaze izindima ezinezimvume ezithile futhi banikeze lezi zindima kubasebenzisi. Lokhu kuqinisekisa ukuthi abasebenzisi banokufinyelela kuphela kuzisetshenziswa nezenzo ezidingekayo zendima yabo, ukuthuthukisa ukuvikeleka nokwenza lula ukuphatha.

  • Isigaba: Ukugunyaza Ukufinyelela Nezimvume ze-VMS [p. 82]

I-Attribute-based Access Control (ABAC)

Incazelo: I-Attribute-based Access Control (ABAC) isekelwa ku- views ifinyelelwe nge-NFSv4.1 ngokufakazela ubuqiniso kwe-Kerberos noma nge-SMB nge-Kerberos noma ukuqinisekiswa kwe-NTLM. I-ABAC ivumela ukufinyelela ku-a view uma i-akhawunti yomsebenzisi ku-Active Directory inesibaluli esihlobene se-ABAC esifana ne-ABAC tag eyabelwe i view. Lokhu kunikeza ukulawula kokufinyelela okuhlaziywe kahle okusekelwe kuzibaluli zomsebenzisi.

  • Isigaba: Ukulawulwa Kokufinyelela Okusekelwe Kumfanelo (ABAC) [p. 269] Ukulawula Ukufinyelela

Ukuqinisekiswa Kwe-Sing-On (SSO)

Incazelo: I-VAST VMS isekela ukuqinisekiswa kwe-Sing-On (SSO) kusetshenziswa i-SAML-based Identity Providers (IdP). Lokhu kuvumela abaphathi be-VMS ukuthi bangene ngemvume ku-VAST Cluster besebenzisa izifakazelo zabo ezivela ku-IdP efana ne-Okta, engahlinzeka ngokungeziwe ngamakhono wokuqinisekisa izinto eziningi (MFA). I-SSO yenza inqubo yokungena ibe lula futhi ithuthukise ukuphepha ngokufaka ubuqiniso endaweni eyodwa.

  • Isigaba: Lungiselela ukuqinisekiswa kwe-SSO ku-VMS [p. 90]

Ukuhlanganiswa Kwesiqondisi Esisebenzayo

Incazelo: I-VAST Cluster isekela ukuhlanganiswa ne-Active Directory (AD) yakho kokubili i-VMS nedatha yephrothokholi yokuqinisekisa nokugunyazwa komsebenzisi. Lokhu kuvumela izinhlangano ukuthi zisebenzise ingqalasizinda yazo ye-AD ekhona kakade ukuze zilawule ukufinyelela komsebenzisi kuzinsiza ze-VAST Cluster. Ukuhlanganiswa kwe-AD kusekela izici ezifana nomlando we-SID wamaqembu nabasebenzisi, okuqinisekisa ukulawula kokufinyelela okungenazihibe.

  • Isigaba: Ixhuma Kuhla Lwemibhalo Olusebenzayo (v5.1) [p. 347]

Ukuhlanganiswa kwe-LDAP

Incazelo: Inkundla isekela ukuhlanganiswa namaseva e-LDAP kukho kokubili i-VMS nedatha yephrothokholi yokuqinisekisa nokugunyazwa komsebenzisi. Lokhu kuvumela izinhlangano ukuthi zisebenzise uhla lwemibhalo lwazo olukhona lwe-LDAP ukuze zilawule ukufinyelela kuzinsiza ze-VAST Cluster, zinikeze isisombululo sokuqinisekisa esivumelana nezimo nesikakala.

  • Isigaba: Ixhuma Kuseva ye-LDAP (v5.1) [p. 342]

Ukuhlanganiswa kwe-NIS

Incazelo: I-VAST Cluster isekela ukuhlanganiswa ne-Network Information Service (NIS) ukuze kuqinisekiswe umsebenzisi wephrothokholi yedatha. Lesi sici siwusizo ezindaweni ezithembele ku-NIS ekulawuleni ulwazi lomsebenzisi nokulawula ukufinyelela.

  • Isigaba: Ixhuma ku-NIS (v5.1) [p. 358]

Abasebenzisi Bendawo Namaqembu

Incazelo: Abalawuli bangaphatha abasebenzisi bendawo namaqembu ngokuqondile ngaphakathi kwe-VAST Cluster. Lokhu kuhlanganisa ukudala, ukulungisa, nokususa ama-akhawunti omsebenzisi wendawo namaqembu, kanye nokwabela izimvume nezindima kulawa ma-akhawunti.

  • Isigaba: Ukuphatha Abasebenzisi Bendawo (v5.1) [p. 335]
  • Isigaba: Ukuphatha Amaqembu Endawo (v5.1) [p. 337] Ukulawula Ukufinyelela

Amalebula we-Protocol ACL namalebula we-SELinux

I-VAST Data Platform isekela amaphrothokholi ahlukahlukene ACL nezici zelebula ze-SELinux, iqinisekisa ukulawula okuqinile kokufinyelela nokuvikeleka. Nazi izincazelo ezinemininingwane yesici ngasinye kanye nezigaba ezifanele nezinombolo zekhasi ezivela ku-VAST Cluster 5.1 Documentation:

I-POSIX Access Control Lists (ACLs)

Incazelo: Amasistimu e-VAST asekela ama-POSIX ACL, avumela abaphathi ukuthi bachaze izimvume ezinemininingwane ze files namafolda ngale kwemodeli elula ye-Unix/Linux. Ama-POSIX ACL anika amandla ukunikezwa kwezimvume kubasebenzisi abaningi namaqembu, ehlinzeka ngokulawula kokufinyelela okuguquguqukayo nokunokwakheka.

  • Isigaba: NFS File Isivumelwano Sokwabelana (v5.1) [p. 154]

I-NFSv4 ACLs

Incazelo: I-NFSv4 iyiphrothokholi esemthethweni enokuqinisekisa okuphephile nge-Kerberos esekela ama-ACL anemininingwane. Lawa ma-ACL ayafana ngobumbudumbudu nalawo atholakala ku-SMB naku-NTFS, okuvumela ukulawula ukufinyelela okuqinile. Ama-NFSv4 ACL angaphathwa kusetshenziswa amathuluzi e-Linux ajwayelekile ngaphezulu kwephrothokholi ye-NFS.

  • Isigaba: NFS File Isivumelwano Sokwabelana (v5.1) [p. 154]

Ama-SMB ACL

Incazelo: Ama-SMB ACL aphathwa ngendlela efanayo namasheya e-Windows, okuvumela abasebenzisi ukuthi bahlele ama-Windows ACL ahlaziywe kahle ngokusebenzisa imibhalo ye-PowerShell ne-Windows. File Isihloli nge-SMB. Lawa ma-ACL, afaka uhlu lokuphika okufakiwe, angaphoqelelwa kubasebenzisi abafinyelela ngazo zombili izivumelwano ze-SMB ne-NFS ngesikhathi esisodwa.

  • Isigaba: SMB File Iphrothokholi Yokwabelana ku-VAST Cluster (v5.1) [p. 171]

S3 Izinqubomgomo Zobunikazi

Incazelo: I-S3 Native Security Flavour ivumela ukusetshenziswa kwe-S3 Identity Policies ukulawula ukufinyelela kanye nekhono lokusetha nokushintsha ama-ACL ngokuvumelana nemithetho ye-S3. Lesi sici sihlinzeka ngokulawula ukufinyelela okuyimbudumbudu kwamabhakede e-S3 nezinto.

  • Isigaba: S3 Object Storage Protocol (v5.1) [p. 182]

I-Multi-Protocol ACLs

Incazelo: I-VAST isekela ama-ACL anezinhlelo eziningi, ihlinzeka ngemodeli yemvume ehlanganisiwe yokufinyelela idatha kuwo wonke amaphrothokholi ahlukene. Lokhu kuqinisekisa ukulawula ukufinyelela okungaguquki kanye nokuvikeleka kungakhathaliseki ukuthi iyiphi iphrothokholi esetshenziselwa ukufinyelela idatha.

  • Isigaba: Ukufinyelela Kwezinhlelo Eziningi (v5.1) [p. 151]

Izici zelebula le-SELinux

1. I-NFSv4.2 Amalebula Okuvikela

Incazelo: I-VAST Cluster 5.1 isekela ukulebula kwe-NFSv4.2 kuModi Yeseva Elinganiselwe. Kule modi, i-VAST Cluster ingagcina futhi ibuyisele amalebula okuvikela okuthi files kanye nemibhalo ku-NFS viewabaqashi abanikwe amandla i-NFSv4.2, kodwa Iqoqo alikuphoqeleli ukwenza izinqumo zokufinyelela okusekelwe kulebula. Ukunikezwa kwelebula nokuqinisekisa kwenziwa amaklayenti e-NFSv4.2.

  • Isigaba: NFSv4.2 Amalebula Okuvikela (v5.1) [p. 169]

Ukuphathwa Kwesitifiketi Nokubethela

I-VAST Data Platform inikezela ngohlu olubanzi lwezici zokubethela nokuphathwa kwesitifiketi. Nazi izincazelo ezinemininingwane yesici ngasinye kanye nezigaba ezifanele nezinombolo zekhasi ezivela ku-VAST Cluster 5.1 Documentation:

Ukubethelwa Kwedatha Ekuphumuleni

Incazelo: I-VAST Data Platform isekela ukubethelwa kwedatha lapho uphumule kusetshenziswa izixazululo zokulawula ukhiye wangaphandle. Lesi sici siqinisekisa ukuthi idatha egcinwe kunkundla ibethelwe ngokuvikelekile ngokhiye abagcinwe ngaphandle kwe-VAST Cluster, okuvikela idatha ekufinyeleleni okungagunyaziwe. Inkundla isekela iThales CipherTrust Data Security Platform kanye neFornetix Vault Core yokuphatha ukhiye wangaphandle. Iqoqo ngalinye linokhiye oyinhloko oyingqayizivele, futhi ukubethela kunganikwa amandla phakathi nokusetha kokuqala kweqoqo.

  • Isigaba: Ukubethelwa Kwedatha (v5.1) [p. 128]

Ukuqinisekiswa kwe-FIPS 140-3 Level 1

I-VAST Data Platform ishumeka i-OpenSSL 1.1.1 Cryptographic Module, okuyi-FIPS 140-3 Level 1 eqinisekisiwe. Inombolo yesitifiketi yalokhu kuqinisekisa ithi #4675. Konke ukubethela kwedatha endizeni nalapho kuphumule kuxhunywe ku-FIPS eqinisekisiwe ye-OpenSSL 1.1.1 Cryptographic Module. Inkundla isebenzisa i-TLS 1.3 ekudluliselweni kwedatha okuvikelekile kanye nokubethela okungu-256-bit AES-XTS ukuze uthole idatha ngesikhathi sokuphumula, iqinisekisa ukuvikeleka okuqinile nokuhambisana nezindinganiso zomkhakha. Ukuthuthukisa Ukuvikeleka Nokuphathwa Kwedatha Ngokuvikeleka Kwezigaba Eziningi kanye Nokuqasha Okuvikelekile 14

  • Umthombo: Uhlelo Lokuqinisekisa Imojula ye-Cryptographic (CMVP)

Ukuphathwa Kwesitifiketi se-TLS

Incazelo: Inkundla isekela ukufakwa nokuphathwa kwezitifiketi ze-TLS zokuvikela ukuxhumana
nge-VAST Management System (VMS). Abalawuli bangafaka izitifiketi ze-TLS ukuze baqinisekise ukuthi idatha iyadluliselwa
phakathi kwamaklayenti kanye ne-VMS ibethelwe futhi ivikelekile.

• Isigaba: Ukufaka Isitifiketi se-SSL se-VMS (v5.1) [p. 78]

Ukuqinisekiswa kwe-mTLS Kwamaklayenti e-VMS

Incazelo: Inkundla isekela ukuqinisekiswa kwe-mutual TLS (mTLS) ye-VMS GUI namaklayenti e-API. Uma i-mTLS inikwe amandla, i-VMS idinga ukuthi iklayenti lilethe isitifiketi esisayinwe Iziphathimandla Zesitifiketi esithile. Lokhu kungeza isendlalelo sokuqinisekisa okuhlanganyelwe, lapho kokubili iklayenti neseva ziqinisekisana, kunikeze isendlalelo esengeziwe sokuphepha sokuxhumana ne-VMS ukuze ngokuzithandela kusekelwe Amakhadi e-PIV/CAC.

  • Isigaba: Ukunika amandla ukuqinisekiswa kwe-mTLS Kumaklayenti e-VMS (v5.1) [p. 78]

Ukuvikela Ukuxhumana Kwemibhalo Esebenzayo

I-VAST Data Platform ihlinzeka ngezinyathelo zokuphepha eziqinile zokuqinisekiswa kwe-Active Directory (AD) ngokuvumela abalawuli ukuthi bakhubaze izivumelwano ze-NTLM v1 ne-v2. I-NTLM (Isiphathi se-NT LAN) iphrothokholi yokuqinisekisa endala enolwazi ngobungozi, iyenza ivikeleke kancane uma iqhathaniswa nemithethonqubo yesimanjemanje efana ne-Kerberos.

  • Isigaba: Ixhuma Kuhla Lwemibhalo Olusebenzayo (v5.1) [p. 347]

Ivikela Ukufinyelela kwe-S3

I-VAST Data Platform ithuthukisa ukuvikeleka kokufinyelela kwe-S3 ngokukuvumela ukuthi ukhubaze ukusayinda kweSiginesha yesi-2 (SigV2), uqinisekise ukuthi konke ukusebenzisana kwe-S3 kwenziwa kusetshenziswa inguqulo yesi-4 yesiginesha ephephe kakhulu (SigV4). Ukwengeza, inkundla iphoqelela ukusetshenziswa kwe-TLS 1.3 kwezokuxhumana ze-S3, isebenzise ama-ciphers aqinisekisiwe we-FIPS 140-3.

  • Isigaba: S3 Object Storage Protocol (v5.1) [p. 182]

I-Crypto Erase

Incazelo: Ukusula kwe-Crypto kuyindlela yokususa idatha yomqashisi ohlelweni lwe-VAST. Lokhu kwenziwa ngokuhoxisa noma ngokususa okhiye bomqashisi kusetshenziswa isistimu ye-VAST noma Umphathi Wokhiye Wangaphandle. Isistimu ye-VAST izosusa Okhiye Bedatha Bemfihlo (ama-DEK) kanye Nokhiye Wokubethela Okhiye (KEK) ku-RAM yesistimu, ngaleyo ndlela isuse ngokushesha ukufinyelela kuyo yonke idatha ebhalwe kusetshenziswa labo khiye. Isistimu ye-VAST ingase isule idatha ebethelwe. Lesi sici sinikeza indlela yokususa ngokuphephile idatha uma kwenzeka kuchitheka idatha noma uma isiqashi sishiya inkundla.

Isigaba: Ukubethelwa Kwedatha (v5.1) [p. 128]

Ikhathalogi kanye noCwaningo

I-VAST Data Platform ihlinzeka ngohlu olubanzi lwezici zokucwaninga nokufakwa kukhathalogi, ukuqinisekisa ukuphathwa okuqinile kwedatha nokuhambisana. Nazi izincazelo ezinemininingwane yesici ngasinye kanye nezigaba ezifanele nezinombolo zekhasi ezivela ku-VAST Cluster 5.1 Documentation:

I-Protocol Auditing

Incazelo: Ukuhlolwa kwephrothokholi ku-VAST Data Platform imisebenzi yokungena edala, esusayo, noma eshintshayo files, uhla lwemibhalo, izinto, kanye nemethadatha. Iphinda ibhale imisebenzi efundwayo neyeseshini. Lesi sici sisiza ekulandeleleni imisebenzi yabasebenzisi kanye nokuqinisekisa ukuthobela izinqubomgomo zokuphepha. Abalawuli bangamisa izilungiselelo zokuhlola zomhlaba kanye view cwaninga amalogi nge-VAST Web I-UI noma i-CLI.

  • Isigaba: I-Protocol Auditing Overview [iph. 243]
  • Isigaba: Ukumisa Izilungiselelo Zokuhlola Izimali Zomhlaba Wonke [p. 243]
  • Isigaba: Ilungiselela Ukucwaningwa Kwamabhuku nge View Izinqubomgomo [p. 245]
  • Isigaba: Ukusebenza Kwephrothokholi Ehloliwe [p. 245]
  • Ingxenye: Viewing Imibhalo Yokucwaningwa Kwamabhuku Ephrothokholi [p. 248]

Ukugcina Amalogi Wokuhlolwa Kwephrothokholi kumathebula e-VAST Database

Incazelo: I-VAST Data Platform ivumela ukucushwa kwe-VMS ukuthi igcine amalogi okuhlolwa kwephrothokholi kuthebula le-VAST Database. Okufakiwe kwamalogu kugcinwa njengamarekhodi e-JSON, okungaba viewed ngqo kusuka ku-VAST Web I-UI ekhasini lelogi ye-VAST. Lesi sici sithuthukisa amandla okwenza ukucwaninga okuningiliziwe nokuhlaziya imisebenzi yabasebenzisi. Isigaba: Ukugcina Amalogi Wokuhlolwa Kwephrothokholi Kumathebula Edathabhe ye-VAST [iph. 25]

Ikhathalogi ye-VAST

Incazelo: Ikhathalogi ye-VAST iyinkomba yemethadatha eyakhelwe ngaphakathi evumela abasebenzisi ukuthi baseshe futhi bathole idatha ngokushesha. Iphatha i file uhlelo olufana nesizindalwazi, esivumela izinhlelo zokusebenza zesizukulwane esilandelayo ze-AI ne-ML ukuthi ziyisebenzise njengesitolo sesici esizibhekayo. Ikhathalogi isekela imibuzo yesitayela se-SQL futhi inikeza enembile WebI-UI, i-CLI ecebile, nama-API wokusebenzelana.

  • Isigaba: Ikhathalogi ye-VAST Ngaphezuluview [iph. 489]
  • Isigaba: Ilungiselela Ikhathalogi ye-VAST [p. 491]
  • Isigaba: Ibuza Ikhathalogi ye-VAST evela ku-VAST Web UI [p. 492]
  • Isigaba: Ukunikeza Ukufinyelela Kwekhasimende Kukhathalogi ye-VAST CLI [p. 493] Ikhathalogi kanye noCwaningo

I-VAST Database

Incazelo: I-VAST DataBase inweba amandla ekhathalogi ye-VAST ngokugcina okuqukethwe okuyinkimbinkimbi kusizindalwazi esifakwe ngokugcwele. Isekela imibuzo yedatha enesivinini esikhulu futhi emikhulu, igcina idatha ngefomethi yekholomu ephumelelayo efana ne-Apache Parquet. Isizindalwazi siklanyelwe imibuzo yesikhathi sangempela, ecaciswe kahle ibe yimithombo eminingi yedatha yethebula kanye nemethadatha efakwe kukhathalogi.

  • Isigaba: VAST Database Overview [iph. 495]
  • Isigaba: Ukulungisa Iqoqo Le-VAST Lokufinyelela Kusizindalwazi [p. 499]
  • Isigaba: Isizindalwazi se-VAST CLI Umhlahlandlela Wokuqala Ngokushesha [p. 494]

Audit Log Record Izinkambu

Incazelo: Izinkambu zerekhodi lokucwaningwa kwamabhuku zinikeza imininingwane enemininingwane mayelana nomcimbi ngamunye ongeniwe, okuhlanganisa uhlobo lokusebenza, imininingwane yomsebenzisi, izikhathiamps, nezinsiza ezithintekayo. Lokhu kugawulwa kwemithi okunemininingwane kubalulekile ukuze kuthotshelwe futhi kuhlaziywe ngokomthetho.

  • Isigaba: Izinkambu Zokuqopha Ilogi [p. 250]

Viewnge-Protocol Audit Logs

Incazelo: Abaphathi bangakwazi view amalogi wokuhlolwa kwephrothokholi nge-VAST Web I-UI noma i-CLI. Amalogi ahlinzeka ngemininingwane emisebenzini yabasebenzisi kanye nokusebenza kwesistimu, okusiza ukuqinisekisa ukuthobela nokuthola noma yiziphi izenzo ezingagunyaziwe.

  • Ingxenye: Viewing Imibhalo Yokucwaningwa Kwamabhuku Ephrothokholi [p. 248]

Isistimu yokusebenza egcinwe futhi evikelekile

I-VAST Data Platform isebenzisa indlela ebanzi yokuvikela uhlelo lwayo lokusebenza, iqinisekisa ukuqina.
ukuvikelwa kanye nokuhambisana namazinga emboni. Nazi izici ezibalulekile zesistimu yokusebenza kanye nezinyathelo zokuphepha ezisetshenzisiwe:

Isistimu Yokusebenza Egcinwe

Incazelo: I-VAST Data Platform isebenzisa isistimu yokusebenza egcinwe ihlinzekwe yi-CIQ, ikakhulukazi i-Enterprise Rocky 8, okuyisithombe sesistimu yokusebenza ehambisana kanambambili ye-RHEL. I-CIQ's Mountain Platform iletha isithombe esivikelekile, esigunyaziwe, futhi esingakala kakhulu, iphakheji, kanye nesixazululo sokulethwa kweziqukathi esitholakala kuwo womabili amafu omphakathi nasezindaweni.

Ukupeyishwa Okujwayelekile kanye Nokuphathwa Kobungozi

Incazelo: I-VAST iqinisekisa ukuthi isistimu yokusebenza igxivizwa njalo futhi ibuyekezwa ngokuhlala unolwazi mayelana nokuba sengozini kwakamuva kwezokuphepha, ukusebenzisa iziqephu ezidingekayo, nokusebenzisa ukunciphisa okufanele ngesikhathi. Le ndlela yokusebenza isiza ukugcina ukuma kokuphepha kwesistimu yokusebenza.

Ukuqapha Okuqhubekayo

Incazelo: Izinqubo zokuqapha eziqhubekayo zenziwa ukuze kugcinwe ukuvikeleka kwesistimu yokusebenza. Lokhu kuhlanganisa ukuhlola okuvamile, ukucwaninga, nokuphindaviewizilawuli zokuphepha zesistimu nezilungiselelo, kanye nokuvumela ukugawulwa kwemithi ngemisebenzi esolisayo kanye nezigameko zokuphepha ezingaba khona.

DISA STIG Ukuthobelana

Incazelo: I-VAST Data Platform isekela i-DISA STIG (Umhlahlandlela WokuSecurity Technical Implementation) we-RedHat Linux 8, MAC 1 Pro.file – Mission Critical Classified. Lokhu kuthobelana kuqinisekisa ukuthi isistimu yokusebenza inamathela kumazinga okuphepha aqinile adingwa amakhasimende ezindaweni ezilawulwayo.

Ukuphatha Ukucushwa

Incazelo: Inkundla igcina ukucushwa okuyisisekelo kwezinhlelo ze-RHEL 8, okuhlanganisa nezilungiselelo zezingxenye zesistimu, file izimvume, nokufakwa kwesofthiwe. Iphinde isebenzise izinqubo zokulawula ushintsho ukuze ilandelele, kabushaview, futhi ivumele izinguquko ekucushweni kwesistimu, iqinisekisa ukuthi amasistimu abambelela ekucushweni okuvikelekile nokujwayelekile.

Ukusebenza okuncane

Incazelo: Umgomo wokusebenza okuncane ugcizelelwa ngokuncoma ukususwa noma ukukhutshazwa kwesofthiwe engadingekile, amasevisi, nezingxenye zesistimu. Lokhu kunciphisa ubungozi obungaba khona kanye nama-vector ahlaselayo.

Ubuqotho besistimu nolwazi

Incazelo: Ukubethela kweplathifomu nezici zokuphatha ezibalulekile, kanye nokuhlanganiswa kwayo nezinhlelo ze-SIEM, kusiza ukuqinisekisa ubuqotho bedatha nolwazi. Lokhu kuhlanganisa ukuhlolwa kokuvikela okuvamile, ukuhlolwa kokungena, nokuphathwa kobungozi ukuze kuqinisekiswe amapeshi okuphepha asesikhathini samanje, ukulungiselelwa, nemikhuba ehamba phambili.

Secure Software Supply Chain

Ukuqinisekisa uchungechunge lokuhlinzekwa kwesofthiwe evikelekile kubalulekile ukuze kuthotshelwe imithetho efana ne-Trade Agreements Act (TAA), Federal Acquisition Regulation (FAR), kanye namazinga e-ISO. I-VAST Data Platform isebenzisa izinyathelo ezibanzi zokuvikela uchungechunge lwayo lokuhlinzekwa kwesofthiwe, iqinisekisa ukuthi isofthiwe ithuthukiswa ngendlela efanele futhi ihlangabezana nezidingo eziqinile zokuphepha.

Secure Software Development Framework (SDF)

I-VAST Data Platform yamukela i-NIST Secure Software Development Framework (SSDF), ehlinzeka ngemihlahlandlela yokuthuthukiswa kwesofthiwe evikelekile. Lolu hlaka lusiza ukuvikela amaketango okuphakelwa kwesofthiwe ezingozini ngokuveza izinqubo zokubhala amakhodi okuvikelekile, ukuphathwa kokuba sengozini, nokuqapha okuqhubekayo.

I-Software Composition Analysis (SCA)

Amathuluzi afana ne-GitLab asetshenziselwa Ukuhlola Ukuvikeleka Kwesicelo Esiqinile (SAST) kanye Nokuhlolwa Kokuphepha Kwesicelo Se-Dynamic (DAST) ukuze kuhlaziywe kokubili ikhodi yobunikazi neyomthombo ovulekile ukuze uthole ubungozi. Lokhu kubalulekile ekuboneni ubuthakathaka bezokuphepha ngaphambi kokuthunyelwa.

I-Software Bill of Materials (SBOM)

Inkundla ikhiqiza futhi ilawule ama-SBOM ukuze alandelele izingxenye ezisetshenziswa ekuthuthukisweni kwesoftware. I-GitLab kanye ne-Artifactory zisetshenziswa ekuthuthukisweni kwepayipi ukuthuthukisa ukubonakala nokuthobelana ne-Executive Order 14028.

Ukuhlanganiswa Okuqhubekayo kanye Nomzila Wepayipi Wokusabalalisa (CI/CD).

Ipayipi le-CI/CD lihlanganisa ukuhlolwa kokuphepha, ikhodi kabushaview, kanye nokuhlola ukuthobela imithetho. Ipayipi isingathwe endaweni yefu esekwe e-US ukuze kuhlangatshezwane nezimfuneko ze-TAA/FAR, iqinisekisa ukuthi yonke imisebenzi yenziwa ngaphakathi e-US futhi ilawulwa amabhizinisi ase-US.

Isitsha nokusayina kwephakheji

Ukusayinwa kwedijithali kweziqukathi namaphakheji kuyasetshenziswa ukuze kuqinisekiswe ubuqotho nobuqiniso. I-Docker Content Trust kanye nokusayina kwe-RPM kuyizinqubo ezinconyiwe zokuvikela izinhlelo zokusebenza ezifakwe esitsheni kanye nokusatshalaliswa kwephakheji.

Ukuba sengozini Nokuskena Ukuthobela

Amathuluzi afana ne-Tenable ne-Qualys asetshenziselwa ukuskena amasistimu okusebenza nokwakha amaphakheji, kanye nokutholwa kwegciwane kanye nohlelo olungayilungele ikhompuyutha. Lawa mathuluzi afakwe epayipini ukuze kukhonjwe futhi kuncishiswe izinsongo ezingaba khona endaweni yesoftware.

Ukuphathwa Kwesofthiwe Yenkampani Yangaphandle

Yonke isofthiwe yenkampani yangaphandle, kungakhathaliseki ukuthi ingumthombo ovulekile noma ubunikazi, itholakala ezindaweni zase-US ukuze ihambisane nemithetho ye-TAA/FAR. Le softhiwe ifakiwe kuzinqubo zokuskena ze-SAST ne-DAST ukuze kuqinisekiswe ukuphepha.

Imibhalo kanye Nezindlela Zokucwaninga

Amadokhumenti aphelele ayo yonke inqubo kusukela ekungeneni ngekhodi kuya kuphakheji elandekayo esetshenziswa amakhasimende ayagcinwa. Le mibhalo ifinyeleleka ngaphansi kwe-NDA ukuze ihlolwe futhi iqinisekiswe ngamakhasimende, njengoba kudingwa ubuholi.

Ukuphathwa Kwabasebenzi Nempahla

Inqubo iphethwe abasebenzi bebhizinisi lase-US (Vast Federal), futhi zonke izimpahla ezisetshenziswa ekuthuthukisweni kwesofthiwe nenqubo yokuphakela ziphethwe yile nhlangano. Lokhu kuthobela kubalulekile ukuze kuhlangatshezwane nemithetho yokutholwa kwe-federal.

Secure Development Environment

Isofthiwe iyathuthukiswa futhi yakhiwe ezindaweni ezivikelekile, ngezinyathelo ezinjengokuqinisekisa kwezinto eziningi, ukufinyelela okunemibandela, nokubethelwa kwedatha ebucayi. Ukungena njalo, ukuqapha, kanye nokuhlolwa kobudlelwano bokwethenjwa kuyasetshenziswa.

Amaketanga Okunikezela Ngekhodi Yomthombo Othembekile

Amathuluzi azenzakalelayo noma izinqubo ezifanayo zisetshenziselwa ukuqinisekisa ukuphepha kwekhodi yangaphakathi nezingxenye zenkampani yangaphandle, ukuphatha ubungozi obuhlobene ngokuphumelelayo.

Ukuhlola Ukuba sengcupheni kwezokuvikela

Ongoing vulnerability checks are conducted before releasing new products, versions, or updates. A vulnerability disclosure program is maintained to assess and address disclosed software vulnerabilities promptly.

Isiphetho

Ukuhlanganiswa kwe-Multi-Category Security (MCS) enezici zokuqasha ezivikelekile kunikeza uhlaka oluqinile lokuthuthukisa ukugcinwa kuyimfihlo nokuvikeleka kwedatha engahlelekile. Ngokusebenzisa i-MCS, izinhlangano zingabela izigaba ezithile kuzo files, ukuqinisekisa ukuthi izinqubo ezigunyaziwe kuphela nabasebenzisi abangafinyelela ulwazi olubucayi. Lesi sendlalelo esengeziwe sokuvikela sibalulekile ekuvikeleni idatha engahlelekile njengamadokhumenti, izithombe, namavidiyo.

Ukuqashwa okuvikelekile kuqinisa futhi ukuhlukaniswa kwedatha ngokudala izindawo ezihlukile zamaqembu ahlukene, iminyango, noma izinhlangano ngaphakathi kwengqalasizinda efanayo. Izici ezibalulekile ezifana nokuhlukaniswa kwensiza, ukuhlukaniswa kwedatha, ukuhlukaniswa kwenethiwekhi, nezilawuli zokufinyelela eziyimbudumbudu ziqinisekisa ukuthi idatha yomqashiselwa ngamunye ihlala iyimfihlo futhi ivikelekile. I-VAST Data Platform iyisibonelo salezi zimiso ngohlelo lwayo oluphelele lwezici, kuhlanganise ne-VLAN. tagging, izilawuli zokufinyelela ezisekelwe endimeni nezisekelwe kusibaluli, nezindlela zokubethela eziqinile.

Kafushane, i-VAST Data Platform, nokuhlanganiswa kwayo kwe-MCS kanye nokuqashwa okuvikelekile, inikeza isisombululo esiphelele nesivikelekile sokuphatha idatha engahlelekile. Le ndlela ibalulekile ezinhlanganweni ezinezidingo eziqinile zokugcinwa kuyimfihlo kwedatha, njengama-ejensi kahulumeni, izikhungo zezezimali, nabahlinzeki bezempilo. Ngokusebenzisa lezi zinyathelo zokuphepha ezithuthukisiwe, izinhlangano zingavikela ngokuzethemba idatha yazo ebucayi kuyilapho zinika amandla ukuphathwa kwedatha okuphumelelayo nokungalawuleki. Lesi siphetho sigcina amaphuzu ayisihluthulelo kuyilapho siqinisekisa ukucaca nokufingqa.

Isiphetho

 

Uphawu Ukuze uthole ulwazi olwengeziwe nge-VAST Data Platform nokuthi ingakusiza kanjani ukuxazulula izinkinga zohlelo lwakho lokusebenza, xhumana nathi ku hello@vastdata.com.

Ilogo

Amadokhumenti / Izinsiza

I-VAST Data Platform Software [pdf] Umhlahlandlela Womsebenzisi
I-Data Platform Software, i-Platform Software, i-Software
I-VAST Data Platform Software [pdf] Umhlahlandlela Womsebenzisi
I-Data Platform Software, i-Platform Software, i-Software

Izithenjwa

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *