AFORE Solutions has created AFORE Cloudlink, which won the Best of VMworld for Security at VMworld 2011 in the United States. Yet, many people were scratching their head saying, who are AFORE and why did they win. AFORE moved from a physical appliance to a virtual appliance about 3 years ago providing a way to move data between data centers in an encrypted fashion, which at the time was desperately needed. After three years they have made quite a few changes, but still have their core functionality, but now included data at rest encryption and the ability to stretch layer-2 and layer-3 networks between locations amongst others.

Now there are several tools that provide the same functionality, such as VMware vShield Edge, so what makes AFORE’s Cloudlink special?

Figure 1: Cloudlink image courtesy of AFORE Solutions

  • AES 256 Encrypted Tunnel between Cloudlink Gateways and vNodes
  • Stretches Layer-2 and Layer-3 between Clouds
  • AES 256 Encrypted Virtual Storage Appliance (VSA)
  • Each Tenant has their own encryption keys
  • Single point for each tenant to manage and control key transfers
  • Integrates with VMware vCenter and VMware vCloud Director

AFORE’s CloudLink provides some of the necessary underpinnings to consider when designing any cloud for Trusted Multi-Tenancy; secure workload transfers between locations, key management, and encryption at rest for storage, and a way to create a stretch layer-2 entity between two or more cloud entities.  When workloads are moved between clouds, they do so as virtual machines usually. As the VMs are migrated between clouds they are deposited into a encrypted storage and run from there.

The encrypted VSA provides encryption at rest of each tenants workloads, which is important as the common rule when dealing with clouds at the moment is that you must encrypt your data before sending it to the cloud. This means that when or if physical disks are removed from the system either because they have gone bad or for some other reason, the disks associated with each tenants encrypted VSA stay encrypted. Granted, since the VSA connects to the hypervisor and the workloads should still be usable, their is no encryption in motion within each cloud, just at rest. However, workloads are encrypted during transfer between clouds.

AFORE CloudLink provides important additional layers of security between clouds including those that make use of  VMware vCloud Director and can replace or augment the existing vShield Edge requirements for such clouds.

Share this Article:

Share Button
Edward Haletky (367 Posts)

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.

[All Papers/Publications...]

Connect with Edward Haletky:


Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *


8 × = seventy two