Your web browser doesn't support some required capabilities.
This demo works best with the latest version of Chrome, Firefox, or Safari. IE 9+ also sort of works...
This simulation works best with the latest version of Chrome, Firefox, or Safari. IE 9+ also sort of works...
This demo file is incomplete or damaged. Please reload the page, or download again:
For VMware partners:
www.vmware.com/go/partnerdemos
For VMware employees:
www.vmware.com/go/demos
This simulation did not load correctly. Please reload the page.
Visit the VMware Demo Library
to get more demos!
For VMware partners:
www.vmware.com/go/partnerdemos
For VMware employees:
www.vmware.com/go/demos
The demo will restart in 5 seconds.
Hit Esc to cancel
Drive it with your mouse, your finger, or just use the arrow keys.
Use Learn mode to learn the demo. The orange boxes show where to click.
Use Present mode to hide the orange boxes and notes.
Use Autoplay mode to make it play like a movie. Hit the Esc key to stop.
Click a Shortcut to jump to a specific part of the demo.
In this interactive simulation, we will show how VMware Cloud Foundation running on the IBM Cloud, together with the HyTrust Workload Security Solutions, allows IT to secure their workloads running in the hybrid cloud in order to reduce risks associated with workload mobility within the hybrid and by automating compliance and enforcement of security-based policies.
This simulation contains two demos.
This part of the lab is presented as a Hands-on Labs Interactive Simulation. This will allow you to experience steps which are too time-consuming or resource intensive to do live in the lab environment. In this simulation, you can use the software interface as if you are interacting with a live environment.
The orange boxes show where to click, and the left and right arrow keys can also be used to move through the simulation in either direction.
First, we will show how HyTrust CloudControl can be used to limit virtual machine mobility. In this demo, we will show how HyTrust allows the virtual machine dev-0201 to run on the ESXi host host0.sjc01.bluemix.com and host0.sjc01.bluemix.com, but blocks attempts to move it to other hosts.
We begin at the IBM Bluemix portal where we see our Cloud Foundation instance, named sjc01, that running in the IBM Cloud San Jose facility.
Here we see the details for our Cloud Foundation instance, to include the name, the location, and the software versions for the SDDC software components along with credential information.
Next, well connect to the vSphere web client and initiate a successful migration for the virtual machine dev-0201 from Host 0 to Host 1.
We see that the virtual machine dev-0201 is currently running on host0 in our SDDC-Cluster.
Note the virtual machine dev-0201 is successfully migrated to host1.sjc01.bluemix.vmware.com.
Next, lets repeat the migration, but this time well attempt to migrate the virtual machine dev-0201 to ESXi host host2.sjc.bluemix.vmware.com, which goes against the HyTrust security policy that has been assigned.
Here we see that the migration has failed due to the HyTrust security policy. Note that this migration attempt has been logged on the HyTrust CloudControl console.
Here we see the details for the failed migration attempt.
We just showed a simple example of using HyTrust CloudControl to control where virtual machines are able to run. While this example showed migrating virtual machines between hosts in the same vSphere cluster, we could have just as easily define policies that limit virtual machine migrations across clusters with between data centers in our hybrid cloud.
Next, we will show HyTrust DataControl provides powerful data-at-rest encryption and integrated key management for workloads running in the cloud foundation based hybrid cloud.
For this demo, we will use the virtual machine gpdr-1 to show how a drive can be successfully mapped when the Virtual Machine is running on an authorized ESXi hosts, but becomes unmapped as soon as it is migrated to an unauthorized ESXi host.
We start by logging out as trustedonly@bluemix.vmware.com and logging in as superadmin@bluemix.vmware.com
Were now logged in as the user superadmin. Lets connect to the virtual machine gpdr-1 and view the current drive mappings.
We see the VM is currently running on the authorized ESXi host: host0.sjc01.bluemix.vmware.com.
At the console, we see there are currently two hard drives mapped to the virtual machine, the C:\ drive and D:\ drive. In the HyTrust GUI we see that the D:\, which contains sensitive data, currently has a cipher and associated GUID.
Lets see what happens when we migrate the virtual machine to an unauthorized host.
We see that the migration completes successfully. However, what about the sensitive data on the D:\.
At the virtual machine console, we can see that as a result of the migration the D:\ has been disconnected. This is because the policy defined in HyTrust only allows this drive to be attached when the virtual machine is running on an authorized host, and host2.sjc01.bluemix.vmware.com is not authorized. As such, as soon as we moved the virtual machine to the non-authorized hosts the drive was immediately detached thus protecting the sensitive data.
Next, lets try to re-authorize the drive mapping from the HyTrust GUI.
We see that the authentication attempt has failed. This is because the host2.sjc01.bluemix.vmware.com is not an authorized host and as such, any attempt by the administrator to override the HyTrust security policy will be denied. We can also see that this attempt has been logged in the HyTrust Cloud Control console.
Here we see where the details for the attempt to access the secured drive has been logged by HyTrust.
Next, lets move the virtual machine gpdr-1 back to an authorized host and re-map the drive.
We see that the migration completes successfully. With the virtual machine back on authorized host, we are now able to successfully remap the D:\.
Here we see the authentication succeeded and the D:\ is again mapped to the virtual machine which once again has access to the sensitive data. Note, here again, HyTrust has logged everything and these logs can be viewed from the HyTrust CloudControl console.
To view the virtual machine migration:
We see the operation has been permitted
To view the mapping of the secured D:\ inside the virtual machine:
Here we see the details of the successful authentication and drive mapping.
This concludes our interactive simulation. In this interactive simulation, we showed how Cloud Foundation together with HyTrust Workload Security Solutions enables IT to secure workloads in the cloud and reduce risks associated with hybrid cloud mobility by automating compliance and enforcing security-based policies across private and public clouds.
To return to the lab, click the link in the top right corner or close this browser tab.