kmip cloud use case

KMIP Cloud Use Case

Kiran Thota – VMware Inc.Saikat Saha – Oracle Corp.

Agenda

• Discuss Cloud Challenges• KMIP• Sub-tasks & Plan

Background

• Traditional data center centric Key management insufficient for cloud in -– Scale (Client population expands and shrinks in

real-time)– Automation– Migration– Geographical distribution and Key manager

locality for better service experience (hybrid-cloud)

Background

• Virtualization enables movement of workloads across infrastructure– Dynamic and Automated Key Management

• Distribution of keys– Enterprises to Cloud Service Provider (CSP)– Key manager dedicated to a tenant (or shareable

key manager infrastructure)

Scenario: KMIP in Cloud

Cloud Service Provider

App Data

Enterprise IT

Application Users

CSPAdministrators

EnterpriseAdministrators

Enterprise App

Key DB

vSphereKey Server

Key Security Challenges in Cloud Trust establishment (contractual and on-line) Ownership of keys Protection of keys at rest Protection of keys in transit Defining & Programming key policy Propagating key policy (server-to-server & server-to-client) Negotiating key policy (server-to-client for diverse clients) Managing access to keys Managing key life-cycle Enforcement of key policy Visibility of key-related services and infrastructure Proof of possession Client capabilities to ensure adequate protection of keys

Key Management in the Cloud

• Four big considerations– Where are keys created?– Where are keys used?– Where are keys stored?– Where are key policies managed?

• Enterprise– Keys created, used, stored and managed by enterprise

• Hybrid– Keys created, stored and managed by enterprise– Key created, stored and managed by enterprise but at CSP’s

infrastructure• CSP

– Keys created, used, stored and managed by CSP

Sub-Tasks• Client-to-Server– Client Registration– Server Capability Query– Grouping and Policy Definition

• Server-to-Client– Notification to purge or kill– Client query (guarantee protection of keys)

Note: KMIP does not yet address migration of keys between Key Managers (server-to-server)

Client Registration

Automated scalable client registrationOwner: Stan Feather (to confirm)

Server Capability Query

Query server for capabilities– RNG– FIPS

Owner: Tim Hudson (to confirm)

Grouping and Policy

Propose changes to allow grouping and policy for bulk management of keys.

Owner: Kiran Thota/ Saikat Saha Proposal by: Jan 30

Notify – Purge/Kill

Propose a notification from server to client to purge a key from usage.

Owner: Kiran Thota/ Saikat Saha Proposal by: Feb 07

Client Query

Propose a query from server to client to evaluate client capabilities.

Owner: Kiran Thota/ Saikat Saha Proposal by: Feb 20