Vormetric Transparent Encryption for Pivotal Platform

This documentation describes the Vormetric Transparent Encryption (VTE) for Pivotal Platform. Vormetric Transparent Encryption for Pivotal Platform works in conjunction with other on-demand Pivotal Platform products by encrypting the data of the products with access control, allowing security administrators to manage and monitor the instances through the console of the Vormetric Data Security Manager (DSM).

Overview

Vormetric Transparent Encryption for Pivotal Platform protects data stored within Pivotal Platform products with file-level encryption and access control, effectively limiting data file access to only allowed users, groups, and processes. This combination enables organizations to meet compliance requirements and best practices for data security, including access control for administrators of the Pivotal environment.

The solution is a BOSH Add-on and supports multi-tenancy. A Registration Service maps tenant organizations and spaces as defined in Pivotal Apps Manager to domains within a Vormetric data security management environment. After you are registered, the Vormetric tile protects directories based on pre-configured encryption keys and policies. Domains within this management environment can isolate management of data security policies and keys for specific Pivotal Platform instances to specific organizations or business units.

A Vormetric Data Security Manager is required to use the VTE tile, and you must have a base VTE and a Live Data Transformation (LDT) license to activate. Contact your Thales e-Security account manager or sales@thalesesec.com to obtain these licenses.

The Vormetric Transparent Encryption for Pivotal Platform currently supports the following Pivotal Platform products:

  • MySQL for Pivotal Platform v2.4.0 and later

Key Features

Vormetric Transparent Encryption for Pivotal Platform includes the following key features:

  • Meet compliance and regulatory requirements for protecting sensitive data – encrypt and control access to data files used with Pivotal Platform product instances
  • Scalable and automated – automatically protect data as you add new Pivotal Platform product instances
  • High Performance – the tile accelerates encryption operations using the hardware encryption capabilities of CPUs in the underlying Pivotal Platform environment
  • Multi-tenant – supports multi-tenancy with mappings between Pivotal Organization Space and Vormetric Data Security Domains

Product Snapshot

The following table provides version and version-support information about the Vormetric Transparent Encryption for Pivotal Platform.

Element Details
Tile version v1.0.0
Release date June 7, 2019
Vormetric Transparent Encryption version v6.1.3-53
Vormetric Data Security Manager version v6.0.3+
Compatible Ubuntu Xenial kernel versions (up to) 4.15.0-50-generic
Compatible Ubuntu Xenial Stemcell versions (up to)** 97.108, 170.78
Compatible MySQL for Pivotal Platform version(s) v2.4.x and v2.5.x
Compatible Ops Manager version(s) v2.3.x, v2.4.x, and v2.5.x
Compatible Pivotal Application Service version(s) v2.3.x, v2.4.x, and v2.5.x
IaaS support AWS, Azure, GCP, OpenStack, and vSphere
IPsec support No

** Stemcells with versions above those listed may work if the underlying kernels are compatible with VTE.

Requirements

The Vormetric Transparent Encryption for Pivotal Platform has the following requirements:

  • You must have Vormetric Data Security Manager running software v6.0.3 or later.
  • You must have an active account with Thales e-Security for the support of Vormetric encryption product suite.
  • You must obtain a license for the Vormetric encryption product suite with the Live Data Transformation (LDT) feature.
  • You must install Offline Java Buildpack in Pivotal Platform.
  • You must use MySQL for Pivotal Platform v2.4.0 or later.

Limitations

  • Manual configuration of domains and security policies, etc. in the Vormetric Data Security Manager is required before using the tile.
  • Shared secret for VTE registration must be the same for all host groups and domains in the Vormetric Data Security Manager.
  • Per-instance activation in one Pivotal Platform environment is not supported.
  • The release was tested on Azure and Google Cloud Platform and is expected to work with other IaaSes as well.

Feedback

If you have a feature request, questions, or information about a bug, email Pivotal Platform Feedback.

For Vormetric-specific issues, questions, or feedback, contact Support using one of the following methods:

For Thales e-Security Sales:

  • Email Sales
  • Call 888-267-3732

License

A license for the Vormetric encryption product suite with the Live Data Transformation (LDT) feature is required to use the tile.