vblock ready™ certification test plan report...
TRANSCRIPT
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
Vblock Ready™ Certification Test Plan Report Vormetric Security Manager v5.1.1
September 18, 2013
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
2 |Page
1 Certification Overview ...................................................................................................................................... 4
2 Product Terminology and Definitions ............................................................................................................... 5
3 Certification Status ........................................................................................................................................... 6
4 Executive Summary .......................................................................................................................................... 6
5 Product Overview ............................................................................................................................................. 7
6 Certification Test Cases .................................................................................................................................... 8
7 Certification Environment ................................................................................................................................ 9
8 Product Dependence to Vblock Types ............................................................................................................. 9
9 Vblock Platform Hardware and Software Component ..................................................................................... 9
10 Certification Product Components and Configuration Details ....................................................................... 10
11 Certification Results ........................................................................................................................................ 11
12 Test Case Execution Results Summary ........................................................................................................... 12
13 Recommendations & Future Considerations ................................................................................................. 12
14 Certification Summary .................................................................................................................................... 13
15 Test Case Details ............................................................................................................................................. 14
15.1 Test ID : 1230 - VCE ISV COMMON - Vendor Appliance Live Migration (vMotion) ............................. 14
15.1.1 Steps ................................................................................................................................................. 14
15.2 Test ID : 1233 - VCE ISV COMMON - Software Restart (Graceful) ....................................................... 14
15.2.1 Steps ................................................................................................................................................. 15
15.3 Test ID : 1234 - VCE ISV COMMON - Software Restart (Forced_Unexpected) .................................... 15
15.3.1 Steps ................................................................................................................................................. 15
15.4 Test ID : 1235 - VCE ISV COMMON - Loss of communications ............................................................ 16
15.4.1 Steps ................................................................................................................................................. 16
15.5 Test ID : 1236 - VCE ISV COMMON - High Availability Test (Forced_Unexpected) .............................. 16
15.5.1 Steps ................................................................................................................................................. 17
15.6 Test ID : 1237 - VCE ISV COMMON - High Availability Test (Graceful) ................................................. 17
15.6.1 Steps ................................................................................................................................................. 17
15.7 Test ID : 1240 - VCE ISV IHV COMMON - Installation ........................................................................... 17
15.7.1 Steps ................................................................................................................................................. 18
15.8 Test ID : 1241 - VCE ISV IHV COMMON - Removal ............................................................................... 18
15.8.1 Steps ................................................................................................................................................. 18
15.9 Test ID : 1242 - VCE ISV IHV COMMON - Documentation ................................................................... 18
15.10 Test ID : 1261 - Vendor Test 1 - Transform Data from Clear to Encrypted .......................................... 19
15.10.1 Steps .............................................................................................................................................. 19
15.11 Test ID : 1262 - Vendor Test 2 - Apply production policy after Data transformation.......................... 20
15.11.1 Steps .............................................................................................................................................. 21
15.12 Test ID : 1263 - Vendor Test 3 - Quest Benchmark Facility Test 1 ....................................................... 22
15.12.1 Steps .............................................................................................................................................. 22
15.13 Test ID : 1264 - Vendor Test 4 - Quest Benchmark Test 2 ................................................................... 23
15.13.1 Steps .............................................................................................................................................. 23
15.14 Test ID : 1265 - Vendor Test 5 - DSM Unreachable .............................................................................. 24
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
3 |Page
15.14.1 Steps .............................................................................................................................................. 24
15.15 Test ID : 1266 - IOmeter tests for one volume non-encryted on vormetric Win appliance VM ......... 25
15.15.1 Steps .............................................................................................................................................. 25
15.16 Test ID : 1267 - IOmeter tests for one volume encryted on vormetric Win appliance VM ................. 25
15.16.1 Steps .............................................................................................................................................. 25
16 Testing Results ................................................................................................................................................ 26
16.1 Configuration: Test ID : 1230 - VCE ISV COMMON - Vendor Appliance Live Migration (vMotion) .... 26
16.2 Configuration: Test ID : 1233 - VCE ISV COMMON - Software Restart (Graceful) .............................. 26
16.3 Configuration: Test ID : 1234 - VCE ISV COMMON - Software Restart (Forced_Unexpected) ........... 26
16.4 Configuration: Test ID : 1235 - VCE ISV COMMON - Loss of communications ................................... 27
16.5 Configuration: Test ID : 1236 - VCE ISV COMMON - High Availability Test (Forced_Unexpected) .... 27
16.6 Configuration: Test ID : 1237 - VCE ISV COMMON - High Availability Test (Graceful) ....................... 27
16.7 Configuration: Test ID : 1240 - VCE ISV IHV COMMON - Installation.................................................. 27
16.8 Configuration: Test ID : 1241 - VCE ISV IHV COMMON - Removal ...................................................... 28
16.9 Configuration: Test ID : 1242 - VCE ISV IHV COMMON - Documentation .......................................... 28
16.10 Configuration: Test ID : 1261 - Vendor Test 1 - Transform Data from Clear to Encrypted ................. 28
16.11 Configuration: Test ID : 1262 - Vendor Test 2 - Apply production policy after Data transformation 29
16.12 Configuration: Test ID : 1263 - Vendor Test 3 - Quest Benchmark Facility Test 1 .............................. 29
16.13 Configuration: Test ID : 1264 - Vendor Test 4 - Quest Benchmark Test 2 .......................................... 30
16.14 Configuration: Test ID : 1265 - Vendor Test 5 - DSM Unreachable..................................................... 31
16.15 Configuration: Test ID : 1266 - IOmeter tests for one volume non-encryted on vormetric Win appliance VM ...................................................................................................................................................... 31
16.16 Configuration: Test ID : 1267 - IOmeter tests for one volume encryted on vormetric Win appliance VM 31
17 About The Vblock Ready™ Certification Process ............................................................................................ 33
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
4 |Page
1 Certification Overview
Test Plan Name Vormetric Security Manager 5.1.1 Certification Final Report
Product Vormetric Data Security Manager (DSM) (V5.1.1) Vormetric Encryption Expert Agent for Linux & Windows (V5.1.2)
Product Version V5.1.1
Revision History:
Rev Number
Date Author Description – Reason for Change
0.1 September 18, 2013 Sandra Escarraga Initial Draft
0.2 September 18, 2013 Sandra Escarraga Draft for review
0.3 September 18, 2013 Emily Chan Edits
1.0 September 19, 2013 Emily Chan Report for Review
1.1 September 19, 2013 Emily Chan Added more data
1.2 October 16, 2013 Emily Chan Added corrections
Review List:
Area of Expertise Name Role Review Date
VCE Certification Sponsor Jamie Chui Approver Sept. 19, 2013
Superna Certification Program Manager
Andrew MacKay Approver Sept. 19, 2013
Product References:
Document Name Link Description
Data Security Manager
http://www.vormetric.com/products/encryption/data-security-manager
Overview product
Vormetric Encryption Expert Agent
http://www.vormetric.com/products/encryption Overview product
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
5 |Page
2 Product Terminology and Definitions Vormetric Encryption allows enterprises to encrypt sensitive data on servers, control access to the encrypted data, and then to report on who is accessing that information. Vormetric Encryption supports all of the major platforms – Linux, Unix, Windows – and can be used in physical, virtual and cloud environments. This enterprise data encryption solution protects both structured and unstructured data with integrated data encryption, encryption key management and a common infrastructure environment. GuardPoint - A GuardPoint is a location in the file system hierarchy where everything underneath has the policy applied to it. It can be thought of as a UNIX mount point. The File System Agent intercepts any attempt to access anything in the GuardPoint and uses policies obtained from the DSM to grant or deny the access attempt Agent - A Vormetric software program that is loaded onto the host machine containing the data to be secured. Vormetric Agents implement the security policies that are defined and stored in the DSM. Vormetric Agents include the File Systems Agent, Backup Agents for DB2 and IDS, and Key Agents for Oracle Database TDE and Microsoft SQL Server. Challenge-response - The cryptographic algorithm used to limit access to the Management Console. The host user enters a new password each time a host password is required. When a host is configured with a dynamic password, the host user runs a utility that displays a seemingly random string (the challenge), which he or she then gives to a DSM administrator. The DSM administrator returns a counter-string (the response) that the host user must enter to decrypt guarded data. The host user has 15 minutes to enter the counter-string. ciphertext - Data in its encrypted form. Ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Decryption - The process of changing ciphertext into plaintext using a cryptographic algorithm and key. Digital signature - A cryptographic transformation of data that provides the services of origin authentication, data integrity, and signer non-repudiation. Encryption - The process of changing plaintext into ciphertext using a cryptographic algorithm and key. Policies - A set of security access rules for protected data. These rules are specified by security administrators, stored in the DSM, and implemented on hosts by agents.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
6 |Page
3 Certification Status Certification Status: Certified Certification Date: September 19, 2013 Certification Type: Standard Product Certification Certification HW: VB700MX Certification RCM: 3.5.3
4 Executive Summary This report is focused on the results and findings of the Vblock Ready™ Certification project that was completed for Vormetric Data Security Manager and Vormetric Encryption Expert Agent. Vormetric Data Security Manager is a FIPS 140-2 certified hardware appliance that provides centralized key and policy management for all Vormetric Encryption Expert Agents installed on servers across the distributed enterprises. The Vormetric Data Security Manager can also provide enterprise encryption management for Transparent Data Encryption from Oracle and Microsoft SQL Server databases as well as providing storage for any other encryption key. Features and benefits for this data security management system include:
- Automated key generation and distribution - Automated policy distribution - Health monitoring and alerting for Vormetric Encryption Expert Agents - Centralized data access logging and auditing
Vormetric Data Security Manager and Vormetric Encryption Expert Agent are posted in EMC Solutions Gallery:
Vital Stats
i
Certification: RSA Secured
Classification: Integration
EMC Products Supported: RSA enVision
Date Added: Feb 17, 2012
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
7 |Page
Support statement: The primary goals of the Vblock Ready™ certification tests conducted for the Vormetric Data Security Manager and Vormetric Encryption Expert Agent were:
1. Ensure the integration of Vormetric Data Security Manager and Vormetric Encryption Expert Agent software with an operationally clean, running Vblock produces no errors or performance degradations.
2. Demonstrate logical integration with VCE Vblock System 700 elements and managers 3. Observe accurately represented events from connected VCE Vblock System 700 elements 4. Demonstrate operation functionality of Vormetric software by performing operational and
management activities available from vendor software The Vormetric Data Security Manager and Vormetric Encryption Expert Agent met these goals, and achieved Vblock Ready™ certification.
5 Product Overview Vormetric Data Security Manager provides centralized key and policy management for Vormetric Encryption. The Data Security Manager provides console functionality in a FIPS 140-2 certified appliance. The Data Security Manager functions as a console for both Vormetric Encryption and Vormetric Key Management. Vormetric Encryption Expert Agent software applies the enterprise encryption policies established at the Data Security Manager console. Encryption Expert Agents support the leading operating systems – Linux, Unix and Windows. Vormetric Encryption delivers:
- Near zero performance overhead through software optimization and support for hardware cryptographic acceleration technologies including Intel® AES-NI and SPARC Niagara Crypto.
- Centralized policy management and audit across the distributed enterprise for file systems, databases and applications.
- Application and database transparent data security - eliminating application, database, and storage change requirements.
- Strong encryption, access control and encryption key management across platforms, applications and devices.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
8 |Page
- Flexible security infrastructure for distributed environments including physical, virtual and cloud environments.
- Highly configurable security and policy enforcement through granular access control, audit and host integrity capabilities.
- Common Vormetric Data Security infrastructure with Vormetric Key Management that can manage encryption keys from Transparent Data Encryption for Oracle and Microsoft SQL Server along with key vaulting to store other encryption keys
6 Certification Test Cases The test cases that were developed and used for this certification are outlined below and discussed in complete detail in the certification test plan. The test cases were developed to demonstrate the primary functionality of Vormetric Data Security. The following outlines the test cases performed:
1. Server Integration in Vblock System 700 2. Logical integration of software with VNX 5300 3. Vormetric Data Security Management Console (Create domains, create hosts, created keys, created
policies, apply policies and rules, guard file systems, monitor VM resources, monitor application resources, fill datastore, delete archive)
A high level overview of the test execution is shown below:
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
9 |Page
7 Certification Environment The test cases took place in the Superna Vblock Ready™ Certification Lab on a Vblock System 700 platform. The following table summarizes the test cases conducted and the expected sensitivity across Vblock platforms. Sensitivity is given as (H,M,L) corresponding to High, Medium, Low and is noted below:
Vblock System 100 Vblock System 200 Vblock System 300 Vblock System 700
Vormetric Data Security Manager and Vormetric Encryption Expert Agent for Linux & Windows (V5.1.2)
L L L L
Logical Software Integration L L L L
Observe Relative Events L L L L
Normal Software Functionality (Monitor Resources/Generate Reports)
L L L L
Vendor Solution Disassociation L L L L
8 Product Dependence to Vblock Types
There are currently no known Vblock type dependencies.
9 Vblock Platform Hardware and Software Component The following table provides additional information regarding the hardware and software used in the test environment. Certification RCM: 3.5.3
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
10 |Page
10 Certification Product Components and Configuration Details
Software Version Description
Vormetric Data Security Manager (DSM) (V5.1.1) Vormetric Encryption Expert Agent for Linux & Windows (V5.1.2)
5.0
Windows 2008 Server R2 Standard Agent
CentOs Linux Standard Agent
ESXi 5.1 VMware Hypervisor
Please refer to the following diagram for an architectural overview of the Vormetric Data Security Manager and Vormetric Encryption Expert Agent for Linux and Windows for this Vblock Ready™ Certification:
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
11 |Page
11 Certification Results All certification tests yielded results that were expected and met the defined success criteria for the effort. The tables below summarize the test case and success criteria findings. Success Criteria Validation Results Summary:
Vormetric and Superna have agreed that certification is achieved based on completion of the following test criteria:
Successfully integration of Vormetric Data Security Manager and the Vblock Platform
Successfully integration of Vormetric Encryption Expert Agent for Linux & Windows and Vblock Platform.
Ensure no critical system errors or performance degradation after integration of Vormetric Data Security Manager and the Vblock platform.
Successfully run desired test cases as outlined in the Test Case scenarios.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
12 |Page
12 Test Case Execution Results Summary
Success Criteria Result
Pass
Fail
No critical events recorded in VMware Hypervisor
✔
No critical events recorded in VMware vCenter ✔
No critical events on UCS compute chassis or Blades
✔
Application installed without error ✔
Application is virtualized ✔
No performance degradation on the UCS or Virtual Machine during test case(s) execution
✔
Application functionality validated on Vblock Platform
✔
Application test cases completed without errors on Vblock Platform.
✔
Application test cases completed with acceptable response time on Vblock Platform.
✔
13 Recommendations & Future Considerations
Recommendation #1: Updating Installation Guide with Requirements Section for Linux Agent Install When following the installation guide for Linux Agent install, there was no mention of requirements on the VM. However, when running the installation, two issues were run into. The first being that perl needed to be installed before the installation could run. The second was disabling firewall ports so that the server and agent could communicate. It was not clearly outlined in the Linux portion of the agent installation documentation. The commands to install perl as well as the instruction or either disabling firewall ports or firewall altogether is recommended to be included in documentation.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
13 |Page
Recommendation #2: Integrating Partner Product with VCE Systems and Management Tools VCE continues to evolve its Vblock System platforms and its systems management technologies. With respect to Vblock Systems management framework, VCE has always considered a converged infrastructure foundational software layer as strategic and continues to develop its software in this space. As VCE makes new system management capabilities and API's available to its developer community and the market, it will be important for FIS to evaluate these capabilities and determine how FIS Profile and GT.M software can leverage and integrate to the Vblock by way of this software layer and these API's. In addition, updated certification will be required at which time these new VCE system management integration capabilities are available.
Recommendation #3: Acquiring VMware Ready certified status for the product Vormetric Data Security Manager and Vormetric Encryption Expert Agent is not VMware Ready certified. It is important to note that VMware Ready™ certification is not a hard pre-requisite for Vblock Ready™ certification but it is a recommendation of this report that Vormetric considers VMware Ready™ certification for this product. Given the pervasive nature of virtualization with the Vblock platform, having this certification would help to further increase customer confidence and also act as an additional level of validation with respect to any technical inconsistencies or challenges. VMware has complete details on this program on their website.
14 Certification Summary Superna certifies that the Vormetric Data Security Manager and Vormetric Encryption Expert Agent for Linux & Windows are Vblock Ready™. Superna has tested the product on Vblock Systems, verified the product does not result in degradation of Vblock platform performance or availability, and the product has met the jointly agreed upon entrance, integration, and interoperability criteria.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
14 |Page
15 Test Case Details
15.1 Test ID : 1230 - VCE ISV COMMON - Vendor Appliance Live Migration (vMotion)
Field Label Field Value Field Label Field Value
Creation Date: 7/2/2013 Template:
Test Name: VCE ISV COMMON - Vendor Appliance Live Migration (vMotion)
Test ID: 1230
Execution Status: Passed Type: MANUAL
Description
Test VMWare Live Migration function on vendor appliance.
15.1.1 Steps
Step Name Description Expected Result
Step 1 Vendor application has been fully deployed and tested.
Step 2 Perform a live migration of the vendor appliance from existing blade to another blade in the Vblock cluster.
Step 3 Test vendor functionality during live migration. If migration completes prior to functionality test, complete testing at destination.
Step 4 Migrate the vendor appliance back to the original blade.
Step 5 Retest vendor functionality during live migration. If migration completes prior to functionality test, complete testing at destination.
15.2 Test ID : 1233 - VCE ISV COMMON - Software Restart (Graceful)
Field Label Field Value Field Label Field Value
Creation Date: 7/2/2013 Template:
Test Name: VCE ISV COMMON - Software Restart (Graceful)
Test ID: 1233
Execution Status: Passed Type: MANUAL
Description
This is a graceful restart of the vendor’s software. Tests the ability of software under certification to recover and resume operation after a restart following vendor procedure.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
15 |Page
15.2.1 Steps
Step Name Description Expected Result
Step 1 Follow vendor documentation to perform a restart of software under test. All vendor documented procedures are to be followed exactly as precribed. Attach procedure for restart to this test run.
Procedures for restart are available. Software restarts and resumes functional operation equivalent to pre-restart state.
Step 2 Vormetric Linux agent restart
Software restarts and resumes functional operation equivalent to pre-restart state.
Step 3 Restart Security Server Software
Software restarts and resumes functional operation equivalent to pre-restart state
15.3 Test ID : 1234 - VCE ISV COMMON - Software Restart (Forced_Unexpected)
Field Label Field Value Field Label Field Value
Creation Date: 7/2/2013 Template:
Test Name: VCE ISV COMMON - Software Restart (Forced_Unexpected)
Test ID: 1234
Execution Status: Passed Type: MANUAL
Description
This test case is designed to test the software under certification’s ability to recover from an unexpected interruption. Software will be runnning and operationally configured. The virtual machine will be reset unexpectedly using the vSphere client.
15.3.1 Steps
Step Name Description Expected Result
Step 1 1. Launch the vSphere client. 2. Browse to the management or main component of
the software under certification. 3. Right click on the icon representing the virtual
machine. 4. Select Power then Reset 5. Click Yes on the Confirm Reset Dialog 6. Wait for vendor VM to restart- progress can (usually)
be monitored in the vm console window. 7. After restart has completed, confirm that the virtual
machine is functionally and operationally equivalent to state prior to starting this test case.
Virtual machine restarts and resumes operation without user intervention.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
16 |Page
15.4 Test ID : 1235 - VCE ISV COMMON - Loss of communications
Field Label Field Value Field Label Field Value
Creation Date: 7/2/2013 Template:
Test Name: VCE ISV COMMON - Loss of communications
Test ID: 1235
Execution Status: Passed Type: MANUAL
Description
Tests ability of software under test to automatically recover after a 15 minute loss of communications. Software is configured and operationally functional prior to the start of this test. All vendor to Vblock element API connections are configured and operationally functional/normal.
15.4.1 Steps
Step Name Description Expected Result
Step 1 1. Launch vCenter Server and locate virtual machine being tested.
2. Edit running vendor virtual machine by right clicking on the vCenter vm icon and selecting "Edit Setting"
Click on the network adapter(s) responsible for connectivity to Vblock Management APIs and uncheck the "Connected" box.
Repeat for all management interfaces if multiple interfaces are used to provide high availability connectivity to management infrastructure
4. Click OK
** If vendor management is running on bare metal server physically disconnect management interface(s) connections.
Wait for a period of 15 minutes.
Vendor software should lose connectivity with all Vblock elements being managed.
Step 2 Enable (or reconnect) interface(s) by ticking the "Connected" box under and then clicking ok. Retest management functions by browsing all Vblock elements being managed by vendor software.
Vendor software should automatically reconnect to all Vblock elements being managed. Operation and functions of vendor software should be restored to an operational state.
15.5 Test ID : 1236 - VCE ISV COMMON - High Availability Test (Forced_Unexpected)
Field Label Field Value Field Label Field Value
Creation Date: 7/2/2013 Template:
Test Name: VCE ISV COMMON - High Availability Test (Forced_Unexpected)
Test ID: 1236
Execution Status: Passed Type: MANUAL
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
17 |Page
15.5.1 Steps
Step Name Description Expected Result
Step 1 Convert failover server dsm-server-1 as primary server.
Step 2 Convert primary server dsm-server-2 as a failover server.
15.6 Test ID : 1237 - VCE ISV COMMON - High Availability Test (Graceful)
Field Label Field Value Field Label Field Value
Creation Date: 7/2/2013 Template:
Test Name: VCE ISV COMMON - High Availability Test (Graceful)
Test ID: 1237
Execution Status: Passed Type: MANUAL
15.6.1 Steps
Step Name Description Expected Result
Step 1 High Availability Test (Graceful)
Step 2 Convert primary server as failover Synchronized the servers
15.7 Test ID : 1240 - VCE ISV IHV COMMON - Installation
Field Label Field Value Field Label Field Value
Creation Date: 02/07/2013 Template:
Test Name: VCE ISV IHV COMMON - Installation
Test ID: 1240
Execution Status: Passed Type: MANUAL
Description
This test case is designed to demonstrate successful installation of software under certificication. Insert steps in Design Section.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
18 |Page
15.7.1 Steps
Step Name Description Expected Result
Step 1 Install Vendor Software
Software is installed by following vendor documentation, or by vendor if part of service. Vblock does not need any modification to core elements (firmware, Vblock service networks) Attach Installation procedure or notes.
15.8 Test ID : 1241 - VCE ISV IHV COMMON - Removal
Field Label Field Value Field Label Field Value
Creation Date: 02/07/2013 Template:
Test Name: VCE ISV IHV COMMON - Removal Test ID: 1241
Execution Status: Passed Type: MANUAL
Description
Dissassociation of Vendor SW/HW from Vblock. Insert Steps here
15.8.1 Steps
Step Name Description Expected Result
Step 1 Uninstall/Removal of Vendor Software
Software is uninstalled by following vendor documentation, or by vendor if part of service. Vblock does not need any modification to core elements (firmware, Vblock service networks) Attach removal procedure or notes.
15.9 Test ID : 1242 - VCE ISV IHV COMMON - Documentation
Field Label Field Value Field Label Field Value
Creation Date: 02/07/2013 Template:
Test Name: VCE ISV IHV COMMON - Documentation
Test ID: 1242
Execution Status: Passed Type: MANUAL
Description
Ensures vendor documentation is clear and error free.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
19 |Page
15.10 Test ID : 1261 - Vendor Test 1 - Transform Data from Clear to Encrypted
Field Label Field Value Field Label Field Value
Creation Date: 9/9/2013 Template:
Test Name: Vendor Test 1 - Transform Data from Clear to Encrypted
Test ID: 1261
Execution Status: Passed Type: MANUAL
Description
Test the ability to transform data from clear to encrypted data
15.10.1 Steps
Step Name Description Expected Result
Step 1 Create a host in DSM and check "Communication Enabled" box for the FS agent under "Hosts" tab.
Afterwards, install Vormetric agent in a Linux or Windows host and register it to the DSM.
There should be connectivitiy between hosts and DSM
Step 2 Log into DSM using an "ALL" type administrator. Afterwards click on "Domains" -> "Switch Domains". Select the domain that you’ve created and click on
"Switch to domain".
You should have access to new tabs with different functions now
Step 3 Click on "Keys" -> "Agent Keys" -> "Key". Click on "Add" to add a new AES-256 key.
Enter "key_aes256" for the key name, select "AES256" for algorithm.
Click "OK" to generate the key.
New line with key should populate the table
Step 4 Click on "Policies" -> "Manage Policies". Then click on "Add Online Policy" button to create a
policy. You will see "Online Policy Composer" java applet shows up.
Click on the "Action", select "key_ops operations" and click on "Add" button.
Click on "OK" to close the windows. Afterwards, click on "Effect" and select "permit" and
"apply_key" and click on OK to close the java windows.
Finally, click "Add" button to add the policy rule. Afterwards, click on the "Key Selection Rules" and
select "clear_key". In the "Data Transformation Rules", select
"key_aes256" as follow. Afterwards, click on "Policy" -> "save" to save the policy. Name the policy
Check with attached screenshots to compare output
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
20 |Page
Dataxform.
Step 5 In the host where the Vormetric agent is installed, create a directory and copy some clear data over from a source directory. It’s better that the data contain some text files so you can check the files later for encryption.
Create directory with data
Step 6 Go back to DSM and click on "Hosts" and select the host that has Vormetric agent installed.
Click on "Guard FS" -> "Guard". Select the "Dataxform" as the policy, use "Directory
(Auto Guard)", then click on browse button and pick the same directory that you’ve copied the clear data in Step 5.
Afterwards, click OK to guard.
Manager GUI should reflect changes
Step 7 Click the "Refresh" button and wait until the "status" light turns green under "Guard FS" in Hosts tab.
When the status light turns agree, the policy has been implemented at the agent side.
Step 8 Open a SSH or command prompt for Windows session, and run "dataxform –rekey –gp Guard_Point" where Guard_Point is the name of the directory that you have guard in Step 6.
Dataxform will transform the data from clear to encrypted data using key_aes256 specified by the Dataxform policy.
[root@linux2612 home]# dataxform --rekey --gp /home/dataxform Checking if /home/dataxform is a guard point with a rekey policy applied /home/dataxform is a guard point with a rekey policy applied About to perform the requested data transform operation -- Be sure to back up your data -- Please do not access files in the guard point during the transform process -- Please do not attempt to terminate the application Do you wish to continue (y/n)?y Scan found 229 files (47 MB) in 1 directories for guard point /home/dataxform Transformed 229 files (47 MB) of 229 files (47 MB) for guard point /home/dataxform The data transform operation took 0 hours, 0 minutes and 1 seconds The data transform program ran from Tue Sep 3 14:01:42 2013 until Tue Sep 3 14:01:43 2013 Data transform for guard point /home/dataxform finished
15.11 Test ID : 1262 - Vendor Test 2 - Apply production policy after Data transformation
Field Label Field Value Field Label Field Value
Creation Date: 9/9/2013 Template:
Test Name: Vendor Test 2 - Apply production policy after Data transformation
Test ID: 1262
Execution Status: Passed Type: MANUAL
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
21 |Page
15.11.1 Steps
Step Name Description Expected Result
Step 1 After performing test case #1, we need to unguard the dataxform policy and apply a production policy to the same directory.
Log into the DSM, switch domain, click on "Hosts" and select the host that has the dataxform policy.
No issues expected
Step 2 Click on "Guard FS" tab and select the dataxform policy.
Click on "Unguard" button to unguard the dataxform policy.
GUI should reflect changes
Step 3 Wait and click on the "Refresh" button until the dataxform policy disappears from the web GUI
Policy is removed
Step 4 In DSM, click on "Policies"->"Manage Policies" to go to policies web page.
Click on "Add Online Policy" button to create a production policy using the same key, ie key_aes256.
In the policy composer, click "Action" and add "all_ops" to the action.
Click on "Effect" button and add "permit apply_key" to the selection.
Click "Add" button to add the policy rule.
Select "key_aes256" and add it to the You don’t need to select anything in the "Data Tranformation Rules" because this is a production policy.
Save the policy as "po_aes256". The production policy should have the follow security and key selection rules.
Check with attached screenshots
Step 5 In DSM, click on "Hosts" and click on the host that has Vormeric agent installed.
Click on "Guard FS"-> "Guard" and select "po_aes256" as the policy, "Directory (auto guard)" as type, and browse to the same directory that is previously guarded by Dataxform policy in test case #1.
Click "OK" to apply the production policy, po_aes256.
No issues expected
Step 6 Click on "Refresh" button and wait until the status light turns green.
Open a SSH in Linux and type "secfsd –status guard" to see if the policy is guarded under the status field.
For Windows, right-click on the Vormetric icon in the taskbar and click on "status".
Run system utility command such as "diff" for Linux or "fc" for windows to compare the original source directory and the encrypted directory. The files should be identical
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
22 |Page
15.12 Test ID : 1263 - Vendor Test 3 - Quest Benchmark Facility Test 1
Field Label Field Value Field Label Field Value
Creation Date: 9/9/2013 Template:
Test Name: Vendor Test 3 - Quest Benchmark Facility Test 1
Test ID: 1263
Execution Status: Passed Type: MANUAL
Description
Install Microsoft SQL server and run Quest Benchmark Factory for SQL baseline
15.12.1 Steps
Step Name Description Expected Result
Step 1 Install SQL 2008 64-bit or SQL 2012 64-bit to a non-guarded directory
No issues expected
Step 2 Download 64-bit version of Quest Benchmark factory trail version from here, http://www.quest.com/benchmark-factory/
A 30 days trial license can be provided upon installation. Install Benchmark Factory to a non-guarded directory. You can watch a demo video from the download page to see how Benchmark factory works.
No issues expected
Step 3 Create a regular (non-encrypted) directory. Login to MS SQL manager and create a new Database in Microsoft SQL called "baseline"
No Issues expected
Step 4 In Benchmark factory wizard, you will need to select "industry standard" and pick "TPC-E".
Create a new profile that point to Microsoft SQL ODBC.
Click on "Add DSN" to add the appreciate DSN, user, password for ODBC connection.
Point the default database to "baseline" instead of master database or the same database that you’ve created in step 3
No issues expected
Step 5 During the load scenario wizard, select Benchmark Scale "6".
You also wan to add selected user load of 1, 4, 8, 10, 50, 100. Finally click on "submit" to run job
Benchmark factory completes successfully. Record all baseline number for user load 1, 2, 4, 8, 10, 50, 100.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
23 |Page
15.13 Test ID : 1264 - Vendor Test 4 - Quest Benchmark Test 2
Field Label Field Value Field Label Field Value
Creation Date: 9/9/2013 Template:
Test Name: Vendor Test 4 - Quest Benchmark Test 2
Test ID: 1264
Execution Status: Passed Type: MANUAL
Description
Run Benchmark factory in the encrypted directory
15.13.1 Steps
Step Name Description Expected Result
Step 1 For fair comparison, reboot the system after Case #3
Communiation and services should be restored
Step 2 After reboot, log into Microsoft SQL server management studio and create a new database in the encrypted directory that is guarded by production policy "po_aes256" in case #2.
Call the new database "encrypted".
No issues expected
Step 3 Open the Benchmark factory, click on Wizards-> profile creation.
Afterwards select MS SQL server (ODBC), and select TPC-E, and create a new profile.
Add a new DSN. This is similar to case 3 step 4, except that you will
change the default database to point to "encrypted" database that you’ve created in step 2.
No issues expected
Step 4 During the load scenario wizard, select Benchmark Scale "6".
You also wan to add selected user load of 1, 4, 8, 10, 50, 100.
Finally click on "submit" to run job. (Check the storage to make sure that there is enough free space to run benchmark scale 6).
Benchmark factory completes successfully. Record all encrypted number for user load 1, 2, 4, 8, 10, 50, 100. Compare the numbers with baseline to make sure there is no significant performance degradation.
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
24 |Page
15.14 Test ID : 1265 - Vendor Test 5 - DSM Unreachable
Field Label Field Value Field Label Field Value
Creation Date: 9/9/2013 Template:
Test Name: Vendor Test 5 - DSM Unreachable Test ID: 1265
Execution Status: Passed Type: MANUAL
Description
Challenge and response when DSM is not reachable
15.14.1 Steps
Step Name Description Expected Result
Step 1 Log into DSM, click on Domains->Switch domain. Select the domain and click on "Switch to domain".
No issues expected
Step 2 Click on Hosts and click on the host name that has Vormetric agent installed.
Afterwards, uncheck "Communication Enabled" in the "General" tab.
Loss of communication is expected
Step 3 SSH to a linux agent or log into a Windows agent and reboot the host
Step 4 After host rebooted, login through ssh(Linux) or remote desktop (windows).
Cd to the guarded directory and perform simple "cat file"(Linux) or "type file" (windows).
Since the DSM communication is disabled, the guarded directory will not be accessible.
Step 5 Open SSH(linux) and type "vmsec challenge" to obtain a challenge string in Linux.
In Windows, right-click on the Vormetric icon in the taskbar, select "challenge" and click on "response".
A windows will pop up with challenge.
See attached screenshot for verification
Step 6 Log into DSM, switch domain, and select the host that generated the challenge.
Click on "Challenge Response" tab and input the challenge.
Response should be generated
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
25 |Page
Click "Apply" to generate the response.
Step 7 Copy the response strings and input them back to the agent.
After entering correct response, the guard point should be accessible afterwards.
15.15 Test ID : 1266 - IOmeter tests for one volume non-encryted on vormetric Win appliance VM
Field Label Field Value Field Label Field Value
Creation Date: 9/17/2013 Template:
Test Name: IOmeter tests for one volume non-encryted on vormetric Win appliance VM
Test ID: 1266
Execution Status: Passed Type: MANUAL
15.15.1 Steps
Step Name Description Expected Result
Encryption Off Ensure encryption is not configured before running sweep.
Step 1 Perform IOmeter sweep test with profile to run all io sizes 512b - 2Kb. and with different queu depth. Attach all result files to test case
document protocol, setup with diagram, excel file graph of results
15.16 Test ID : 1267 - IOmeter tests for one volume encryted on vormetric Win appliance VM
Field Label Field Value Field Label Field Value
Creation Date: 9/17/2013 Template:
Test Name: IOmeter tests for one volume encryted on vormetric Win appliance VM
Test ID: 1267
Execution Status: Passed Type: MANUAL
15.16.1 Steps
Step Name Description Expected Result
Encryption On Ensure encryption is configured correctly before running sweep.
Step 1 Perform IOmeter sweep test with profile to run all io sizes 512b - 2Kb. and with different queu depth. Attach all result files to test case
document protocol, setup with diagram, excel file graph of results
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
26 |Page
16 Testing Results
16.1 Configuration: Test ID : 1230 - VCE ISV COMMON - Vendor Appliance Live Migration (vMotion)
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV COMMON - Vendor Appliance Live Migration (vMotion)
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/16/2013
Type: MANUAL Time 12:36:28 PM
Name: [4184]VCE ISV COMMON - Vendor Appliance Live Migration (vMotion)
Status: Passed
16.2 Configuration: Test ID : 1233 - VCE ISV COMMON - Software Restart (Graceful)
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV COMMON - Software Restart (Graceful)
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/11/2013
Type: MANUAL Time 1:05:56 PM
Name: [4186]VCE ISV COMMON - Software Restart (Graceful)
Status: Passed
16.3 Configuration: Test ID : 1234 - VCE ISV COMMON - Software Restart (Forced_Unexpected)
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV COMMON - Software Restart (Forced_Unexpected)
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/11/2013
Type: MANUAL Time 2:59:50 PM
Name: [4187]VCE ISV COMMON - Software Restart (Forced_Unexpected)
Status: Passed
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
27 |Page
16.4 Configuration: Test ID : 1235 - VCE ISV COMMON - Loss of communications
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV COMMON - Loss of communications
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/12/2013
Type: MANUAL Time 3:41:26 PM
Name: [4188]VCE ISV COMMON - Loss of communications
Status: Passed
16.5 Configuration: Test ID : 1236 - VCE ISV COMMON - High Availability Test (Forced_Unexpected)
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV COMMON - High Availability Test (Forced_Unexpected)
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/12/2013
Type: MANUAL Time 2:26:44 PM
Name: [4189]VCE ISV COMMON - High Availability Test (Forced_Unexpected)
Status: Passed
16.6 Configuration: Test ID : 1237 - VCE ISV COMMON - High Availability Test (Graceful)
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV COMMON - High Availability Test (Graceful)
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/12/2013
Type: MANUAL Time 11:42:24 AM
Name: [4190]VCE ISV COMMON - High Availability Test (Graceful)
Status: Passed
16.7 Configuration: Test ID : 1240 - VCE ISV IHV COMMON - Installation
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV IHV COMMON - Installation
Target Cycle: Vormetric Security Manager 5.1.1
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
28 |Page
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: emily Exec Date: 06/09/2013
Type: MANUAL Time 4:46:34 PM
Name: [4193]VCE ISV IHV COMMON - Installation
Status: Passed
16.8 Configuration: Test ID : 1241 - VCE ISV IHV COMMON - Removal
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV IHV COMMON - Removal Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: emily Exec Date: 19/09/2013
Type: MANUAL Time 9:58:58 AM
Name: [4194]VCE ISV IHV COMMON - Removal
Status: Passed
16.9 Configuration: Test ID : 1242 - VCE ISV IHV COMMON - Documentation
Field Label Field Value Field Label Field Value
Test: Test Name: VCE ISV IHV COMMON - Documentation
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: emily Exec Date: 19/09/2013
Type: MANUAL Time 9:37:53 AM
Name: [4195]VCE ISV IHV COMMON - Documentation
Status: Passed
16.10 Configuration: Test ID : 1261 - Vendor Test 1 - Transform Data from Clear to Encrypted
Field Label Field Value Field Label Field Value
Test: Test Name: Vendor Test 1 - Transform Data from Clear to Encrypted
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: daniel Exec Date: 9/11/2013
Type: MANUAL Time 5:44:32 AM
Name: [4998]Vendor Test 1 - Transform Data from Clear to Encrypted
Status: Passed
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
29 |Page
16.11 Configuration: Test ID : 1262 - Vendor Test 2 - Apply production policy after Data transformation
Field Label Field Value Field Label Field Value
Test: Test Name: Vendor Test 2 - Apply production policy after Data transformation
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: daniel Exec Date: 9/11/2013
Type: MANUAL Time 6:00:02 AM
Name: [4999]Vendor Test 2 - Apply production policy after Data transformation
Status: Passed
16.12 Configuration: Test ID : 1263 - Vendor Test 3 - Quest Benchmark Facility Test 1
Field Label Field Value Field Label Field Value
Test: Test Name: Vendor Test 3 - Quest Benchmark Facility Test 1
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: daniel Exec Date: 9/18/2013
Type: MANUAL Time 1:54:39 AM
Name: [5000]Vendor Test 3 - Quest Benchmark Facility Test 1
Status: Passed
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
30 |Page
16.13 Configuration: Test ID : 1264 - Vendor Test 4 - Quest Benchmark Test 2
Field Label Field Value Field Label Field Value
Test: Test Name: Vendor Test 4 - Quest Benchmark Test 2
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: daniel Exec Date: 9/18/2013
Type: MANUAL Time 1:57:18 AM
Name: [5001]Vendor Test 4 - Quest Benchmark Test 2
Status: Passed
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
31 |Page
16.14 Configuration: Test ID : 1265 - Vendor Test 5 - DSM Unreachable
Field Label Field Value Field Label Field Value
Test: Test Name: Vendor Test 5 - DSM Unreachable Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/16/2013
Type: MANUAL Time 2:56:07 PM
Name: [5002]Vendor Test 5 - DSM Unreachable
Status: Passed
16.15 Configuration: Test ID : 1266 - IOmeter tests for one volume non-encryted on vormetric Win appliance VM
Field Label Field Value Field Label Field Value
Test: Test Name: IOmeter tests for one volume non-encryted on vormetric Win appliance VM
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/17/2013
Type: MANUAL Time 10:24:07 AM
Name: [5010]IOmeter tests for one volume non-encryted on vormetric Win appliance VM
Status: Passed
16.16 Configuration: Test ID : 1267 - IOmeter tests for one volume encryted on vormetric Win appliance VM
Field Label Field Value Field Label Field Value
Test: Test Name: IOmeter tests for one volume encryted on vormetric Win appliance VM
Target Cycle: Vormetric Security Manager 5.1.1
Configuration: Execution Status:
Passed Test: Execution Status: Passed
Tester: sandra Exec Date: 9/18/2013
Type: MANUAL Time 9:40:31 AM
Name: [5011]IOmeter tests for one volume encryted on vormetric Win appliance VM
Status: Passed
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
32 |Page
Memory Usage during Sweep Test
Average CPU: average %CPU utilization for non-encrypted is 1.49% and encrypted is 7.52%
104 Schneider Road Kanata, Ontario K2K 1Y2
Tel: 613-729-1100 Fax: 613-591-3352
www.superna.net
33 |Page
17 About The Vblock Ready™ Certification Process Superna offers Vblock Ready™ Certification for third party products that integrate with the Vblock Systems. The VCE “Vblock Ready™” Certification ensures that:
The primary functionality of a product has been tested on Vblock Systems and VCE will support a customer’s decision to implement that product.
The interaction of the product does not result in any degradation of Vblock Platform performance or availability
The product has met jointly agreed upon entrance, integration, and interoperability criteria.