AFORE Solutions has created AFORE Cloudlink, which won the Best of VMworld for Security at VMworld 2011 in the United States. Yet, many people were scratching their head saying, who are AFORE and why did they win. AFORE moved from a physical appliance to a virtual appliance about 3 years ago providing a way to move data between data centers in an encrypted fashion, which at the time was desperately needed. After three years they have made quite a few changes, but still have their core functionality, but now included data at rest encryption and the ability to stretch layer-2 and layer-3 networks between locations amongst others.
Now there are several tools that provide the same functionality, such as VMware vShield Edge, so what makes AFORE’s Cloudlink special?
- AES 256 Encrypted Tunnel between Cloudlink Gateways and vNodes
- Stretches Layer-2 and Layer-3 between Clouds
- AES 256 Encrypted Virtual Storage Appliance (VSA)
- Each Tenant has their own encryption keys
- Single point for each tenant to manage and control key transfers
- Integrates with VMware vCenter and VMware vCloud Director
AFORE’s CloudLink provides some of the necessary underpinnings to consider when designing any cloud for Trusted Multi-Tenancy; secure workload transfers between locations, key management, and encryption at rest for storage, and a way to create a stretch layer-2 entity between two or more cloud entities.Â When workloads are moved between clouds, they do so as virtual machines usually. As the VMs are migrated between clouds they are deposited into a encrypted storage and run from there.
The encrypted VSA provides encryption at rest of each tenants workloads, which is important as the common rule when dealing with clouds at the moment is that you must encrypt your data before sending it to the cloud. This means that when or if physical disks are removed from the system either because they have gone bad or for some other reason, the disks associated with each tenants encrypted VSA stay encrypted. Granted, since the VSA connects to the hypervisor and the workloads should still be usable, their is no encryption in motion within each cloud, just at rest. However, workloads are encrypted during transfer between clouds.
AFORE CloudLink provides important additional layers of security between clouds including those that make use ofÂ VMware vCloud Director and can replace or augment the existing vShield Edge requirements for such clouds.