VAST Data Platform Software Amfani

VAST Data Platform Software Amfani

Abubuwan da ke ciki boye
1 Gabatarwa
2 Menene VAST Data Platform
3 Network da Node Segmentation
4 Hayar Ma'ana
5 Izini da Gudanar da Shaida
6 Ikon shiga
7 Protocol ACLs da Lambobin SELinux
8 Gudanar da Takaddun shaida da ɓoyewa
9 Catalog da Audit
10 Tsare-tsare da Tsare-tsaren Tsare-tsare
11 Amintaccen Sarkar Sayar da Software
12 Kammalawa
13 Takardu / Albarkatu
13.1 Magana

Gabatarwa

A cikin duniyar yau mai sarrafa bayanai, sirri da tsaro na bayanan da ba a tsara su ba su ne mafi mahimmanci. Multi-Category Security (MCS) da amintattun fasalulluka na haya suna ba da ingantaccen tsari don magance waɗannan matsalolin. MCS, hanyar sarrafa damar shiga cikin Linux Ingantaccen Tsaro (SELinux), yana haɓaka sirrin bayanai ta hanyar sanya takamaiman nau'ikan zuwa files da tafiyar matakai. Wannan yana tabbatar da cewa masu amfani da izini kawai da matakai zasu iya samun damar bayanai masu mahimmanci, samar da ƙarin kariya ga bayanan da ba a tsara su kamar takardu, hotuna, da bidiyoyi.

Amintaccen ɗan haya yana ƙara ƙarfafa keɓanta bayanai ta hanyar ƙirƙirar yanayi daban-daban don ƙungiyoyi daban-daban, sassa, ko ƙungiyoyi a cikin ababen more rayuwa iri ɗaya. Wannan hanyar tana tabbatar da cewa bayanan kowane mai haya ya kasance a hankali ko kuma an raba shi ta jiki, yana hana shiga mara izini da kiyaye sirrin bayanan. Maɓalli na amintaccen amintaccen hayar sun haɗa da keɓancewar albarkatu, keɓancewar bayanai, rarrabuwar hanyar sadarwa, da sarrafa isa ga granular.

Platform na VAST Data Platform yana misalta waɗannan ƙa'idodin ta hanyar cikakkun abubuwan fasali, gami da VLAN. tagging, tushen rawar aiki da sarrafawar samun damar sifa, da ingantattun hanyoyin ɓoyewa. Wannan takaddar tana bincika yadda haɗa MCS tare da amintaccen hayar hayar a cikin VAST Data Platform yana ba da cikakkiyar kuma amintaccen bayani don sarrafa bayanan da ba a tsara su ba, musamman ga ƙungiyoyi masu tsananin buƙatun sirrin bayanai. Wannan gabatarwar taƙaitacciya ce, mai da hankali, kuma tana ba da fayyace jagora ga abubuwan da ke cikin takaddar, daidaitawa tare da mafi kyawun ayyuka don takaddun fasaha.

Menene VAST Data Platform

VAST Data Platform shine cikakkiyar bayani don sarrafa bayanan da ba a tsara su ba, musamman don AI da aikace-aikacen ilmantarwa mai zurfi. Yana haɗa iyawa daban-daban don kamawa, katalogi, lakabi, haɓakawa, da adana bayanai, yana ba da damar samun bayanai mara kyau daga gefe zuwa gajimare.

Rarraba da Raba-Komai (DASE) Gine-gine

Wannan gine-gine yana ƙaddamar da ƙididdige ma'ana daga tsarin tsarin, yana ba da izinin ƙima mai zaman kansa ta hanyar ƙara Data Nodes (DNodes) da aiki ta ƙara Ƙididdigar Ƙididdigar (CNodes). Yana haɗu da tsarin bayanai na rabawa da ma'amala don shawo kan iyakokin tsarin rarraba na gargajiya.

Abokan ciniki masu goyan baya: NFS, NFSoRDMA Saƙon Sakon Sabar (SMB), Amazon S3, da Kwantena (CSI)

Menene VAST Data Platform
Sabar Protocol Mara Jiha (CNodes)
Rarraba da Raba-Komai (DASE) Gine-gine

VAST DataStore

An ƙaddamar da shi a cikin 2019, an tsara DataStore don adanawa da ba da bayanan da ba a tsara su ba. Yana karya ciniki tsakanin aiki da iya aiki, yana mai da shi dacewa da kasuwancin AI-shirye-shiryen ajiyar bayanai mara tsari.
VAST DataBase

Wannan bangaren yana ba da aikin ma'amala na ma'ajin bayanai, da aikin nazari na ma'ajiyar bayanai, da ma'auni da araha na tafkin bayanai. Yana goyan bayan ajiyar bayanan layi da na columnar.
VAST DataSpace

An ƙaddamar da shi a cikin 2023, DataSpace yana ba da damar samun damar bayanai na duniya daga gefe zuwa gajimare, daidaita daidaiton daidaito tare da aikin gida. Yana ba da damar ƙididdige bayanai daga kowane dandamali na girgije na jama'a, masu zaman kansu, ko gefuna.

Dandalin yana haɗa bayanai da aka tsara da marasa tsari, ƙididdigar bayanai, da kuma samar da sunan duniya. Yana goyan bayan ka'idoji daban-daban kamar NFS, SMB, S3, SQL, da kuma saka Apache Spark don sauya bayanai da amfani daga tsarin saƙo.

An gina dandalin don yin amfani da AI da aikace-aikacen kasuwanci, yana ba da cikakken nazarin bayanai na ainihin lokaci da zurfin ilmantarwa. Yana ɗauka da sarrafa bayanai a cikin ainihin-lokaci, yana ba da damar ƙaddamar da AI, haɓaka metadata, da sake horar da ƙira.

Menene VAST Data Platform

Network da Node Segmentation

Platform VAST Data Platform ya haɗa da fasali da yawa masu alaƙa da ƙwarewar gudanarwa da rarrabuwar hanyar sadarwa, gami da ayyukan haɗakarwar CNode, da kuma ikon ɗaure CNodes zuwa VLANs. Anan ga cikakkun bayanan waɗannan fasalulluka, tare da sassan da suka dace daga Takardun VAST Cluster 5.1:

Rukunin CNode da Pooling

Sabar (CNode) Pooling: Ana ba da ka'idojin ajiya daga Ƙididdigar Ƙididdigar (CNodes). VAST Data Platform yana ba da damar haɗa CNodes zuwa wuraren tafkunan sabar sabar. Kowane tafkin uwar garken yana da saitin adiresoshin IP na Virtual (VIPs) waɗanda aka rarraba a cikin CNodes a cikin tafkin. Wannan yana ba da tsari don ingancin Sabis (QoS) ta hanyar sarrafa adadin sabar da aka sanya wa kowane tafkin. Lokacin da CNode ke aiki ba layi ba, VIPs ɗin da yake hidima ba a sake rarraba su cikin ragowar CNodes a cikin tafkin. Wannan yana tabbatar da daidaita nauyin kaya da babban samuwa.

  • Sashe: VAST Cluster Takardun, "Mai Sarrafa Mahimman Ruwa na IP" [shafi. 593]

VLAN Tagging da dauri

VLAN TagFarashin: VLAN tagging yana ba masu gudanarwa damar sarrafa abin da Virtual IPs aka fallasa wa wanda VLANs akan hanyar sadarwa. Wannan fasalin yana tabbatar da cewa zirga-zirgar hanyar sadarwa ta keɓe tsakanin VLANs daban-daban, yana hana samun izini mara izini da ɗigon bayanai tsakanin masu haya. VLAN tagAna saita ging ta hanyar ƙirƙirar wuraren waha na IP a cikin VLANs a cikin dandamali na VAST, yana ba da amintaccen yanki na cibiyar sadarwa da keɓewa.

  • Sashi: VAST Cluster Takardun, "Tagging Virtual IP Pools tare da VLANs" [p. 147]
  • Sashi: Samun hanyar sadarwa da Samar da Ajiye (v5.1) [shafi. 141]

Rarraba hanyar sadarwa

Sarrafa Samun damar zuwa Views and Protocols: A VAST View wakilcin ƙa'idodi ne da yawa na rabon ajiya na cibiyar sadarwa, fitarwa, ko guga. Dandalin yana bawa masu gudanarwa damar sarrafa abin da VLANs ke da damar yin amfani da takamaiman Views da waɗanne ƙa'idodi ne aka yarda a yi amfani da su lokacin samun damar VIPs akan waɗancan VLANs. Wannan fasalin yana haɓaka tsaro ta hanyar tabbatar da cewa VLANs masu izini kawai za su iya samun dama ga wasu bayanai da ayyuka. An saita shi ta amfani da shi View Manufofi, waɗanda zasu iya ƙayyade izinin shiga bisa VLANs.

  • Sashe: VAST Rukunin Takardun Taro, “Ƙirƙirar View Manufofin” [shafi. 628]

Hayar Ma'ana

Platform na VAST Data Platform yana ba da fasali da yawa masu alaƙa da yawan hayar da ke ba da damar keɓancewa da sarrafa masu haya. Anan ga mahimman fasalulluka na haya tare da cikakkun bayanai da sassan da suka dace daga Takardun VAST Cluster 5.1:

Masu haya

Bayani: Masu haya a cikin VAST Data Platform suna ayyana keɓantattun hanyoyin bayanai kuma suna iya samun hanyoyin tabbatar da nasu kamar Active Directory (AD), LDAP, ko NIS. Kowane ɗan haya kuma yana iya sarrafa maɓallan ɓoyayyen nasa, yana tabbatar da cewa bayanan sun kasance a keɓe amintacce daga sauran masu haya. Wannan fasalin yana da mahimmanci ga mahallin masu haya da yawa inda ƙungiyoyi ko sassa daban-daban ke buƙatar kiyaye tsayayyen rarrabuwar bayanai.

  • Sashi: Masu haya (v5.1) [shafi. 251]

View Manufofi

Bayani: View Manufofin suna bayyana izinin shiga, ladabi, da saitunan tsaro don Views sanya wa masu haya. Waɗannan manufofin suna ba masu gudanarwa damar sarrafa waɗanda za su iya samun damar bayanai, waɗanne ayyuka za su iya yi, da waɗanne ƙa'idodin da za su iya amfani da su. Wannan iko na granular yana da mahimmanci don kiyaye tsaro da yarda a cikin mahallin masu haya da yawa.

  • Sashe: Gudanarwa Views kuma View Manufofin (v5.1) [p. 260]

Warewa VLAN

Bayani: VLANs za a iya ɗaure su da wani ɗan haya na musamman don ƙara ware zirga-zirga tsakanin masu haya, hana zirga-zirgar zirga-zirgar ababen hawa ko watsa zirga-zirgar ababen hawa daga faruwa a kan iyakar L2.

  • Sashe: Tagging Virtual IP Pools tare da VLANs [p. 147]

Ingancin Sabis (QoS)

Bayani: Manufofin QoS suna ba da ikon sarrafa ayyuka masu girma don bandwidth da IOPs (ayyukan shigarwa / fitarwa a sakan daya) don Views sanya wa masu haya. Waɗannan manufofin suna tabbatar da aikin da ake iya faɗi da kuma hana al'amurran da suka shafi rigimar albarkatu, waɗanda ke da mahimmanci musamman a cikin mahallin masu haya da yawa inda masu haya daban-daban na iya samun buƙatun aiki daban-daban. Baya ga matsakaicin iyakar QoS waɗanda ke taimakawa hana gajiyawar aiki, QoS mafi ƙarancin ƙofofin kuma ana samun su, don taimakawa hana hayaniya-makwabci na masu haya da yawa.

  • Sashi: ingancin Sabis (v5.1) [shafi 323]

Ƙidaya

Bayani: Ƙididdigar ƙididdiga ta ba da damar masu gudanarwa su saita iyakokin iya aiki Views da kundayen adireshi don keɓe masu haya. Wannan fasalin yana tabbatar da cewa babu wani ɗan haya ɗaya da zai iya cinye fiye da rabon albarkatun da aka keɓance su, yana taimakawa hana ƙarancin ƙarfin tsarin da ba zato ba tsammani.

  • Sashe: Gudanar da Ƙimar (v5.1) [shafi. 314]

Izini da Gudanar da Shaida

Mai haya da Gudanar da Shaida

Bayani: Masu haya a cikin VAST Data Platform suna ayyana keɓantattun hanyoyin bayanai kuma suna iya samun hanyoyin tabbatar da nasu kamar Active Directory (AD), LDAP, ko NIS. Dandalin yana tallafawa har zuwa masu ba da shaida na musamman guda takwas waɗanda za'a iya saita su don amfani a matakin ɗan haya.

  • Sashi: Masu haya (v5.1) [shafi. 251]

Views

Bayani: Views hannun jari ne na yarjejeniya da yawa, fitarwa, ko bokiti na takamaiman masu haya. Suna ba da damar shiga cikin keɓaɓɓen bayanan, tabbatar da cewa kowane ɗan haya zai iya samun damar bayanan kansa kawai. Views za a iya daidaita shi tare da takamaiman izini da ka'idoji, yana sa su zama masu dacewa don lokuta daban-daban na amfani.

  • Sashe: Gudanarwa Views kuma View Manufofin (v5.1) [p. 260]

View Manufofi

Bayani: View Manufofin suna bayyana izinin shiga, ladabi, da saitunan tsaro don views sanya wa masu haya. Waɗannan manufofin suna ba masu gudanarwa damar sarrafa waɗanda za su iya samun damar bayanai, waɗanne ayyuka za su iya yi, da waɗanne ƙa'idodin da za su iya amfani da su. Wannan iko na granular yana da mahimmanci don kiyaye tsaro da yarda a cikin mahallin masu haya da yawa.

  • Sashe: Gudanarwa Views kuma View Manufofin (v5.1) [p. 260]

Ikon shiga

VAST Data Platform yana ba da cikakkiyar fa'ida don ba da izini da sarrafa ainihi. Anan ga cikakken bayanin kowane fasali tare da sassan da suka dace da lambobin shafi daga Takardun VAST Cluster 5.1:

Ikon shiga

Ikon Samun Mahimmanci (RBAC)

Bayani: VAST Cluster yana amfani da tsarin Gudanar da Samun Rago-Based (RBAC) don sarrafa damar zuwa Tsarin Gudanar da VAST (VMS). RBAC tana ba masu gudanarwa damar ayyana ayyuka tare da takamaiman izini kuma su sanya waɗannan ayyukan ga masu amfani. Wannan yana tabbatar da cewa masu amfani sun sami dama ga albarkatun da ayyukan da suka dace don ayyukansu, haɓaka tsaro da sauƙaƙe gudanarwa.

  • Sashe: Izinin Samun damar VMS da izini [p. 82]

Ikon Samun Mahimmancin Sifa (ABAC)

Bayani: Ana samun goyan bayan Ikon-Based Access Control (ABAC). viewAna samun dama ta hanyar NFSv4.1 tare da ingantaccen Kerberos ko ta hanyar SMB tare da ingantaccen Kerberos ko NTLM. ABAC yana ba da damar samun dama ga a view idan asusun mai amfani a cikin Active Directory yana da alaƙa ABAC sifa wanda yayi daidai da ABAC tag sanya wa view. Wannan yana ba da ingantaccen ikon samun dama bisa ga halayen mai amfani.

  • Sashe: Ƙimar-Based Access Control (ABAC) [shafi 269] Ikon shiga

Tabbatar da Sa hannu guda ɗaya (SSO).

Bayani: VAST VMS yana goyan bayan ingantaccen sa hannu guda ɗaya (SSO) ta amfani da masu ba da Shaida na tushen SAML (IdP). Wannan yana bawa manajojin VMS damar shiga cikin VAST Cluster ta amfani da takaddun shaidar su daga IdP kamar Okta, wanda kuma zai iya ba da damar tantance abubuwa da yawa (MFA). SSO yana sauƙaƙa tsarin shiga kuma yana haɓaka tsaro ta tsakiya ta tantancewa.

  • Sashe: Sanya ingantaccen SSO a cikin VMS [p. 90]

Haɗin Littafin Aiki Mai Aiki

Bayani: VAST Cluster yana goyan bayan haɗin kai tare da Active Directory (AD) don duka VMS da amincin mai amfani da ka'idar bayanai. Wannan yana bawa ƙungiyoyi damar yin amfani da ababen more rayuwa na AD don sarrafa damar mai amfani zuwa albarkatun VAST Cluster. Haɗin AD yana goyan bayan fasalulluka kamar Tarihin SID don ƙungiyoyi da masu amfani, yana tabbatar da ikon samun damar shiga mara kyau.

  • Sashe: Haɗa zuwa Littafin Jagora (v5.1) [shafi. 347]

Haɗin LDAP

Bayani: Dandalin yana goyan bayan haɗin kai tare da sabar LDAP don duka VMS da ƙa'idar mai amfani da izini da izini. Wannan yana bawa ƙungiyoyi damar amfani da kundayen adireshi na LDAP na yanzu don sarrafa damar zuwa albarkatun VAST Cluster, samar da mafita mai sassauƙa da ƙima.

  • Sashe: Haɗa zuwa uwar garken LDAP (v5.1) [p. 342]

Haɗin kai NIS

Bayani: VAST Cluster yana goyan bayan haɗin kai tare da Sabis na Bayani na hanyar sadarwa (NIS) don amincin mai amfani da ƙa'idar bayanai. Wannan fasalin yana da amfani ga mahallin da suka dogara da NIS don sarrafa bayanan mai amfani da ikon samun dama.

  • Sashi: Haɗa zuwa NIS (v5.1) [p. 358]

Masu Amfani da Gida da Ƙungiyoyi

Bayani: Masu gudanarwa na iya sarrafa masu amfani da gida da ƙungiyoyi kai tsaye a cikin VAST Cluster. Wannan ya haɗa da ƙirƙira, gyara, da share asusun masu amfani na gida da ƙungiyoyi, da kuma ba da izini da matsayi ga waɗannan asusun.

  • Sashe: Gudanar da Masu Amfani na Gida (v5.1) [shafi 335]
  • Sashi: Gudanar da Ƙungiyoyin Gida (v5.1) [shafi. 337] Ikon shiga

Protocol ACLs da Lambobin SELinux

Platform VAST Data Platform yana goyan bayan ACLs daban-daban na yarjejeniya da fasalulluka na alamar SELinux, yana tabbatar da ingantaccen iko da tsaro. Anan ga cikakken bayanin kowane fasali tare da sassan da suka dace da lambobin shafi daga Takardun VAST Cluster 5.1:

POSIX Jerin Gudanar da Samun damar (ACLs)

Bayani: Tsarin VAST yana goyan bayan POSIX ACLs, yana bawa masu gudanarwa damar ayyana cikakken izini don files da manyan fayiloli sama da sauƙin Unix/Linux. POSIX ACLs suna ba da damar ba da izini ga masu amfani da ƙungiyoyi da yawa, suna ba da sassauƙa da ikon samun damar shiga.

  • Sashe: NFS File Ka'idar Raba (v5.1) [shafi 154]

Bayani na NFSv4ACL

Bayani: NFSv4 ƙayyadaddun ka'ida ce tare da ingantaccen tabbaci ta hanyar Kerberos wanda ke goyan bayan cikakken ACLs. Waɗannan ACLs sun yi kama da ƙaƙƙarfan ƙaƙƙarfan waɗanda ake samu a cikin SMB da NTFS, suna ba da izinin sarrafa damar samun ƙarfi. Ana iya sarrafa NFSv4 ACLs ta amfani da daidaitattun kayan aikin Linux akan ka'idar NFS.

  • Sashe: NFS File Ka'idar Raba (v5.1) [shafi 154]

Farashin SMB ACL

Bayani: SMB ACLs ana sarrafa su daidai da hannun jari na Windows, yana bawa masu amfani damar saita Windows ACLs masu kyau ta hanyar rubutun PowerShell da Windows. File Explorer akan SMB. Waɗannan ACLs, gami da ƙin shigarwar jeri, ana iya aiwatar da su akan masu amfani waɗanda ke samun damar ta duka ka'idojin SMB da NFS a lokaci guda.

  • Sashe: SMB File Rarraba Protocol akan VAST Cluster (v5.1) [shafi. 171]

Manufofin Shaida na S3

Bayani: Flavor Tsaro na S3 yana ba da damar amfani da Manufofin Shaida na S3 don sarrafa dama da ikon saitawa da canza ACLs bisa ga dokokin S3. Wannan fasalin yana ba da ikon isa ga granular damar buckets da abubuwa S3.

  • Sashi: S3 Ka'idar Adana Abubuwan Ajiye (v5.1) [shafi. 182]

Multi-Protocol ACLs

Bayani: VAST yana goyan bayan ACLs masu yawa, yana ba da samfurin izini ɗaya don samun damar bayanai a cikin ladabi daban-daban. Wannan yana tabbatar da daidaiton kulawa da tsaro ba tare da la'akari da ƙa'idar da aka yi amfani da ita don samun damar bayanai ba.

  • Sashe: Samun dama ga yarjejeniya da yawa (v5.1) [shafi. 151]

Siffofin Alamar SELinux

1. NFSv4.2 Tsaro Label

Bayani: VAST Cluster 5.1 yana goyan bayan lakabin NFSv4.2 a Yanayin Sabar Mai iyaka. A cikin wannan yanayin, VAST Cluster na iya adanawa da dawo da alamun tsaro na files da kundayen adireshi akan NFS views na masu haya na NFSv4.2, amma Ƙungiya ba ta tilasta yin shawarwarin samun dama ga alamar. Abokan ciniki NFSv4.2 ne ke yin aikin lakabi da tabbatarwa.

  • Sashe: NFSv4.2 Label na Tsaro (v5.1) [shafi. 169]

Gudanar da Takaddun shaida da ɓoyewa

Platform na VAST Data yana ba da cikakkiyar fasali don ɓoyewa da sarrafa takaddun shaida. Anan ga cikakken bayanin kowane fasali tare da sassan da suka dace da lambobin shafi daga Takardun VAST Cluster 5.1:

Rufaffen bayanai a Sauran

Bayani: VAST Data Platform yana goyan bayan ɓoye bayanan yayin hutawa ta amfani da hanyoyin sarrafa maɓalli na waje. Wannan fasalin yana tabbatar da cewa bayanan da aka adana akan dandamali an ɓoye su cikin aminci tare da maɓallan da aka adana a waje zuwa ga Rukunin VAST, suna kare bayanai daga shiga mara izini. Dandalin yana goyan bayan Thales CipherTrust Data Security Platform da Fornetix Vault Core don sarrafa maɓalli na waje. Kowane gungu yana da maɓalli na musamman na musamman, kuma ana iya kunna ɓoyayye yayin saitin farko na gungu.

  • Sashe: Rufe bayanan (v5.1) [p. 128]

FIPS 140-3 Tabbatar da Mataki na 1

VAST Data Platform ya haɗa da OpenSSL 1.1.1 Cryptographic Module, wanda FIPS 140-3 Level 1 ingantacce. Lambar takardar shaidar wannan ingantaccen ita ce #4675. Duk boye-boye don bayanai a cikin jirgin da kuma lokacin hutu ana haɗe su zuwa FIPS ingantaccen Module Cryptographic na OpenSSL 1.1.1. Dandalin yana amfani da TLS 1.3 don amintaccen watsa bayanai da 256-bit AES-XTS boye-boye don bayanai a sauran, tabbatar da tsaro mai ƙarfi da bin ka'idodin masana'antu. Haɓaka Tsaron Bayanai da Gudanarwa tare da Tsaron Rukuni da yawa da Amintaccen Hayar 14

  • Tushen: Shirin Tabbatar da Module Cryptographic (CMVP)

Gudanar da Takaddun shaida na TLS

Bayani: Dandalin yana goyan bayan shigarwa da sarrafa takaddun shaida na TLS don amintar sadarwa
tare da VAST Management System (VMS). Masu gudanarwa na iya shigar da takaddun shaida na TLS don tabbatar da cewa an watsa bayanai
tsakanin abokan ciniki da VMS an rufaffen asiri ne kuma amintattu.

Sashe: Shigar da Takaddun shaida na SSL don VMS (v5.1) [shafi. 78]

Tabbatar da mTLS don Abokan ciniki na VMS

Bayani: Dandali yana goyan bayan amincin TLS (mTLS) na juna don VMS GUI da abokan cinikin API. Lokacin da aka kunna mTLS, VMS yana buƙatar abokin ciniki ya gabatar da takaddun shaida ta takamaiman Hukumar Takaddun shaida. Wannan yana ƙara ƙirar tabbatar da juna, wanda duka abokin ciniki da uwar garken ke tabbatar da juna, suna ba da ƙarin ƙarin tsaro don sadarwa tare da VMS don tallafawa zaɓin PIV/CAC Cards.

  • Sashe: Ƙaddamar da Tabbatar da mTLS don Abokan Ciniki na VMS (v5.1) [shafi. 78]

Tabbatar da Sadarwar Directory Active

Platform VAST Data Platform yana ba da ingantattun matakan tsaro don tabbatarwa Active Directory (AD) ta hanyar kyale masu gudanarwa su kashe ka'idojin NTLM v1 da v2. NTLM (NT LAN Manager) tsohuwar ka'idar tabbatarwa ce wacce ta san raunin rauni, yana mai da shi ƙasa da tsaro idan aka kwatanta da ƙarin ƙa'idodi na zamani kamar Kerberos.

  • Sashe: Haɗa zuwa Littafin Jagora (v5.1) [shafi. 347]

Tabbatar da shiga S3

VAST Data Platform yana haɓaka tsaro na samun damar S3 ta hanyar ba ku damar musaki Sa hannu na 2 (SigV2), tabbatar da cewa ana gudanar da duk hulɗar S3 ta amfani da mafi amintaccen Sa hannu Sigar 4 (SigV4). Bugu da ƙari, dandali yana tilasta amfani da TLS 1.3 don sadarwar S3, yana ba da damar FIPS 140-3 ingantaccen sifa.

  • Sashi: S3 Ka'idar Adana Abubuwan Ajiye (v5.1) [shafi. 182]

Kashe Crypto

Bayani: Goge Crypto hanya ce don cire bayanan mai haya daga tsarin VAST. Ana yin wannan ta sokewa ko goge maɓallan mai haya ta amfani da tsarin VAST ko Manajan Maɓalli na waje. Tsarin VAST zai share maɓallan ɓoye bayanan (DEKs) da Key Encryption Keys (KEKs) daga tsarin RAM, ta haka nan take cire damar yin amfani da duk bayanan da aka rubuta ta amfani da waɗannan maɓallan. Tsarin VAST na iya goge bayanan da aka rufaffen. Wannan fasalin yana ba da hanyar da za a iya share bayanan amintattu idan akwai zubewar bayanai ko lokacin da mai haya ya bar dandamali.

Sashe: Rufe bayanan (v5.1) [p. 128]

Catalog da Audit

Dandalin VAST Data Platform yana ba da cikakkiyar fasali don dubawa da kasida, tabbatar da ingantaccen sarrafa bayanai da bin ka'ida. Anan ga cikakken bayanin kowane fasali tare da sassan da suka dace da lambobin shafi daga Takardun VAST Cluster 5.1:

Binciken Protocol

Bayani: Binciken yarjejeniya a cikin ayyukan VAST Data Platform logs wanda ke ƙirƙira, sharewa, ko gyarawa files, kundayen adireshi, abubuwa, da metadata. Hakanan yana rikodin ayyukan karantawa da ayyukan zama. Wannan fasalin yana taimakawa wajen bin diddigin ayyukan mai amfani da kuma tabbatar da bin manufofin tsaro. Masu gudanarwa na iya saita saitunan duba bayanan duniya da view duba rajistan ayyukan ta hanyar VAST Web UI ko CLI.

  • Sashe: Ƙarfafa Binciken Ƙarfafawaview [p. 243]
  • Sashe: Yana Haɓaka Saitunan Dubawa na Duniya [p. 243]
  • Sashe: Saita Auditing tare da View Manufofin [p. 245]
  • Sashe: Ayyukan Protocol Audited [p. 245]
  • Sashe: ViewƘididdigar Lissafin Lantarki na Protocol [p. 248]

Ajiye rajistan ayyukan tantancewa na yarjejeniya a cikin VAST Database Tables

Bayani: VAST Data Platform yana ba da damar daidaitawar VMS don adana rajistan ayyukan tantancewa a cikin tebur na VAST Database. Ana adana shigarwar shiga azaman bayanan JSON, wanda zai iya zama viewed kai tsaye daga VAST Web UI a cikin VAST Audit Log page. Wannan fasalin yana haɓaka ikon yin cikakken bincike da nazarin ayyukan mai amfani. Sashe: Ajiye rajistan ayyukan tantance bayanan yarjejeniya a cikin VAST Database Tables [p. 25]

VAST Catalog

Bayani: VAST Catalog ginanniyar ƙididdigar metadata ce wacce ke ba masu amfani damar bincika da nemo bayanai cikin sauri. Yana maganin file tsarin kamar bayanan bayanai, yana ba da damar AI da aikace-aikacen ML na gaba don amfani da shi azaman kantin sayar da sifa na kai. Kas ɗin yana goyan bayan tambayoyin salon SQL kuma yana ba da fahimta WebUI, CLI mai wadata, da APIs don hulɗa.

  • Sashe: VAST Catalog Overview [p. 489]
  • Sashe: Yana saita VAST Catalog [p. 491]
  • Sashe: Tambayar VAST Catalog daga VAST Web UI [p. 492]
  • Sashe: Samar da damar Abokin ciniki zuwa VAST Catalog CLI [p. 493] Catalog da Audit

VAST DataBase

Bayani: VAST DataBase yana faɗaɗa iyawar VAST Catalog ta hanyar adana ƙarin hadaddun abun ciki a cikin cikakkun bayanai na bayanai. Yana goyan bayan babban sauri da manyan tambayoyin bayanai, adana bayanai a cikin ingantaccen tsarin shafi mai kama da Apache Parquet. An ƙirƙira ma'ajin bayanai don ainihin-lokaci, ingantattun tambayoyin tambayoyi cikin ɗimbin tanadi na bayanan tambura da ƙayyadaddun metadata.

  • Sashe: VAST DataBase Overview [p. 495]
  • Sashe: Yana saita VAST Cluster don Samun Bayanai [p. 499]
  • Sashe: VAST Database CLI Jagoran Fara Saurin [p. 494]

Filayen Rikodin Log na Audit

Bayani: Filayen rikodin rajistar rajista suna ba da cikakkun bayanai game da kowane taron da aka shiga, gami da nau'in aiki, bayanan mai amfani, lokaci.amps, da albarkatun da abin ya shafa. Wannan cikakken rajistan shiga yana da mahimmanci don bin ka'ida da bincike na shari'a.

  • Sashe: Filayen Rikodin Log na Audit [p. 250]

Viewing Protocol Audit Logs

Bayani: Masu gudanarwa na iya view rajistan ayyukan duba ladabi ta hanyar VAST Web UI ko CLI. Rubutun suna ba da haske game da ayyukan mai amfani da ayyukan tsarin, suna taimakawa don tabbatar da bin doka da gano duk wani aiki mara izini.

  • Sashe: ViewƘididdigar Lissafin Lantarki na Protocol [p. 248]

Tsare-tsare da Tsare-tsaren Tsare-tsare

Platform na VAST Data Platform yana amfani da cikakkiyar hanya don tabbatar da tsarin aiki, yana tabbatar da ƙarfi.
kariya da bin ka'idojin masana'antu. Anan ga mahimman abubuwan tsarin aiki da matakan tsaro da aka aiwatar:

Tsare-tsaren Aiki

Bayani: VAST Data Platform yana amfani da tsarin aiki wanda CIQ ke bayarwa, musamman Enterprise Rocky 8, wanda shine hoton tsarin aiki na binary na RHEL. CIQ's Mountain Platform yana ba da ingantaccen hoto, mai iko, kuma mai girman girman hoto, fakiti, da mafita na isar da kwantena da ake samu akan gajimare na jama'a da kan-gidaje.

Faci na yau da kullun da Gudanar da Lalacewa

Bayani: VAST yana tabbatar da cewa ana sabunta tsarin aiki akai-akai ta hanyar sanar da ku game da sabbin lahanin tsaro, amfani da facin da suka dace, da aiwatar da matakan da suka dace a kan lokaci. Wannan hanya mai fa'ida tana taimakawa kiyaye yanayin tsaro na tsarin aiki.

Ci gaba da Kulawa

Bayani: Ana aiwatar da ayyukan sa ido na ci gaba don kiyaye yanayin tsaro na tsarin aiki. Wannan ya haɗa da kimantawa akai-akai, dubawa, da sakewaviews na tsarin tsaro na tsarin sarrafawa da daidaitawa, tare da ba da damar shiga don ayyukan da ake tuhuma da yuwuwar abubuwan tsaro.

Yarda da DISA STIG

Bayani: VAST Data Platform yana goyan bayan DISA STIG (Jagorar Aiwatar da Fasaha ta Tsaro) don RedHat Linux 8, MAC 1 Profile – An Rarraba Mahimmancin Ofishin Jakadancin. Wannan yardawar tana tabbatar da cewa tsarin aiki yana bin ƙaƙƙarfan ƙa'idodin tsaro waɗanda abokan ciniki ke buƙata a wuraren da aka tsara.

Gudanarwar Kanfigareshan

Bayani: Dandalin yana kula da tsarin asali don tsarin RHEL 8, gami da saituna don abubuwan tsarin, file izini, da shigar da software. Hakanan yana aiwatar da hanyoyin sarrafa canji don waƙa, sakeview, da kuma yarda da canje-canje ga tsarin tsarin, tabbatar da cewa tsarin yana bin tsari mai tsaro da daidaitaccen tsari.

Mafi ƙarancin Aiki

Bayani: An jaddada ƙa'idar mafi ƙarancin aiki ta hanyar ba da shawarar cirewa ko kashe software, ayyuka, da abubuwan tsarin da ba dole ba. Wannan yana rage yuwuwar lahani da kai hari.

Tsari da Mutuncin Bayanai

Bayani: Siffar ɓoyayyen dandali da mahimman fasalulluka na gudanarwa, da haɗin kai tare da tsarin SIEM, suna taimakawa tabbatar da amincin bayanai da bayanai. Wannan ya haɗa da ƙididdigar tsaro na yau da kullun, gwajin shigar ciki, da sarrafa rauni don tabbatar da facin tsaro na zamani, daidaitawa, da mafi kyawun ayyuka.

Amintaccen Sarkar Sayar da Software

Tabbatar da amintaccen sarkar samar da software yana da mahimmanci don bin ka'idoji kamar Dokar Yarjejeniyar Ciniki (TAA), Dokokin Samar da Tarayya (FAR), da ka'idojin ISO. Platform VAST Data Platform yana aiwatar da ingantattun matakai don kiyaye sarkar samar da software, tabbatar da cewa software an ƙera ta daidai kuma ta cika ƙaƙƙarfan buƙatun tsaro.

Tsare-tsaren Ci gaban Software (SSDF)

Platform VAST Data Platform yana ɗaukar NIST Secure Software Development Framework (SSDF), wanda ke ba da jagorori don ingantaccen haɓaka software. Wannan tsarin yana taimakawa kare sarƙoƙin samar da software daga haɗari ta hanyar bayyana ayyuka don amintaccen coding, sarrafa rauni, da ci gaba da sa ido.

Binciken Haɗin Software (SCA)

Ana amfani da kayan aiki kamar GitLab don Gwajin Tsaron Aikace-aikacen Static (SAST) da Gwajin Tsaro na Aikace-aikacen Tsayi (DAST) don bincika lambar mallakar mallaka da buɗaɗɗen tushe don raunin rauni. Wannan yana da mahimmanci don gano raunin tsaro kafin turawa.

Lissafin Kayayyakin Software (SBOM)

Dandalin yana samarwa da sarrafa SBOMs don bin diddigin abubuwan da aka yi amfani da su wajen haɓaka software. GitLab da Artifctory ana amfani da su a cikin bututun don haɓaka gaskiya da bin umarnin zartarwa 14028.

Ci gaba da Haɗuwa da Bututun Ci gaba (CI/CD).

Bututun CI/CD ya haɗa da gwajin tsaro, lambar review, da kuma tabbatar da bin doka. An shirya bututun a kan dandamalin gajimare na tushen Amurka don biyan buƙatun TAA/FAR, tabbatar da cewa ana gudanar da duk ayyuka a cikin Amurka kuma ƙungiyoyin Amurka ne ke sarrafa su.

Kwantena da Sa hannu na Kunshin

Ana aiwatar da sa hannun dijital na kwantena da fakiti don tabbatar da gaskiya da gaskiya. Docker Content Trust da RPM sa hannu ana ba da shawarar ayyuka don amintaccen aikace-aikacen kwantena da rarraba fakiti.

Lalacewa da Binciken Biyayya

Ana amfani da kayan aiki irin su Tenable da Qualys don bincika tsarin aiki da gina fakiti, da kuma gano ƙwayoyin cuta da malware. Ana shigar da waɗannan kayan aikin a cikin bututun don ganowa da rage yiwuwar barazanar da ke cikin yanayin software.

Gudanar da Software na ɓangare na uku

Duk software na ɓangare na uku, ko buɗe tushen ko na mallakar mallaka, an samo su ne daga wuraren Amurka don bin ƙa'idodin TAA/FAR. An haɗa wannan software a cikin tsarin binciken SAST da DAST don tabbatar da tsaro.

Takardu da Hanyoyi na Audit

Ana kiyaye cikakkun takaddun tsarin gaba ɗaya daga rajistar lamba zuwa fakitin da za a iya saukewa da abokan ciniki ke amfani da su. Ana samun damar wannan takaddun a ƙarƙashin NDA don tantancewa da tabbatarwa ta abokan ciniki, kamar yadda jagoranci ya buƙata.

Ma'aikata da Gudanar da Dukiya

Ma'aikatan Ƙungiyar Amurka (Vast Federal) ne ke gudanar da tsarin, kuma duk kadarorin da aka yi amfani da su wajen haɓaka software da tsarin turawa mallakin wannan mahallin ne. Wannan yarda yana da mahimmanci don saduwa da ƙa'idodin saye na tarayya.

Amintaccen muhallin ci gaba

An haɓaka software kuma an gina ta a cikin amintattun wurare, tare da ma'auni kamar tantance abubuwa da yawa, damar yanayi, da ɓoye bayanan sirri. Ana aiwatar da rajista na yau da kullun, saka idanu, da duba alaƙar amintattu.

Amintattun Sarƙoƙin Sayar da Lambar Tushen Tushen

Ana amfani da kayan aikin sarrafa kai ko kwatankwacin matakai don tabbatar da amincin lambar ciki da abubuwan ɓangare na uku, sarrafa lahani masu alaƙa yadda ya kamata.

Duban Rashin Lafiyar Tsaro

Ongoing vulnerability checks are conducted before releasing new products, versions, or updates. A vulnerability disclosure program is maintained to assess and address disclosed software vulnerabilities promptly.

Kammalawa

Haɗin Tsaro Mai Rukunin Rukunin Multi-Category (MCS) tare da amintattun fasalulluka na haya yana ba da ƙaƙƙarfan tsari don haɓaka sirri da amincin bayanan da ba a tsara su ba. Ta hanyar yin amfani da MCS, ƙungiyoyi za su iya sanya takamaiman nau'ikan zuwa files, tabbatar da cewa matakai masu izini kawai da masu amfani zasu iya samun damar bayanai masu mahimmanci. Wannan ƙarin matakan tsaro yana da mahimmanci don kare bayanan da ba a tsara su ba kamar takardu, hotuna, da bidiyoyi.

Amintaccen ɗan haya yana ƙara ƙarfafa keɓanta bayanai ta hanyar ƙirƙirar yanayi daban-daban don ƙungiyoyi daban-daban, sassa, ko ƙungiyoyi a cikin ababen more rayuwa iri ɗaya. Maɓalli masu mahimmanci kamar keɓewar albarkatu, rarrabuwar bayanai, rarrabuwar hanyar sadarwa, da sarrafa isa ga granular suna tabbatar da cewa bayanan kowane mai haya ya kasance mai sirri da tsaro. Platform na VAST Data Platform yana misalta waɗannan ƙa'idodin ta hanyar cikakkun abubuwan fasali, gami da VLAN. tagging, tushen rawar aiki da sarrafawar samun damar sifa, da ingantattun hanyoyin ɓoyewa.

A taƙaice, VAST Data Platform, tare da haɗin kai na MCS da amintaccen hayar haya, yana ba da cikakkiyar mafita kuma amintaccen bayani don sarrafa bayanan da ba a tsara su ba. Wannan tsarin yana da mahimmanci ga ƙungiyoyi masu tsauraran buƙatun sirrin bayanai, kamar hukumomin gwamnati, cibiyoyin kuɗi, da masu ba da lafiya. Ta hanyar aiwatar da waɗannan matakan tsaro na ci gaba, ƙungiyoyi za su iya amincewa da kare mahimman bayanansu yayin da suke ba da damar sarrafa bayanai masu inganci da ƙima. Wannan ƙarshe yana kiyaye mahimman bayanai yayin tabbatar da tsabta da taƙaitaccen bayani.

Kammalawa

 

Alama Don ƙarin bayani kan VAST Data Platform da yadda zai taimaka muku warware matsalolin aikace-aikacenku, tuntuɓe mu a hello@vastdata.com.

Logo

Takardu / Albarkatu

VAST Data Platform Software [pdf] Jagorar mai amfani
Data Platform Software, Platform Software, Software
VAST Data Platform Software [pdf] Jagorar mai amfani
Data Platform Software, Platform Software, Software

Magana

Bar sharhi

Ba za a buga adireshin imel ɗin ku ba. Ana yiwa filayen da ake buƙata alama *