HSM_Logical_Arch1

Cloud HSM: Our secure key management approach

Customers concerned about key management often require a HSM (hardware security module). They want the same level of key protection in the cloud as they do on-premises. An HSM provides guaranteed access to encrypted data by authorized users by storing mission-critical master encryption keys in HSM and backing it up. Powered by SafeNet’s HSM and hosted in geographically dispersed data centers under controlled environments independently validated for compliance, IBM Cloud HSM offers enterprises high-assurance protection for encryption keys and also helps customers meet their corporate, contractual, and regulatory compliance requirements.

You can easily order Cloud HSM through the SoftLayer customer portal or Softlayer APIs. A dedicated FIPS complaint HSM device will be provisioned inside your private network.

Your HSM access credentials that are provided to you are reset as part of your first login. This ensures that you are the only entity with access to your HSM functionality. SoftLayer is responsible for the management of the HSM in terms of health and uptime; this is done without access to the partitions, roles, keys stored and managed on the HSM. You are responsible for the use of the HSM to manage and backup the customer’s keys.

Cloud HSM supports a variety of use cases and applications, such as database encryption, digital rights management (DRM), public key infrastructure (PKI), authentication and authorization, document signing, and transaction processing. NAT and IP aliasing will not work with HSM, while BYOIP might be possible in future. Currently, HSM is not in federal data centers, but it certainly is on the roadmap.

Configuration

Cloud HSM is “used” and accessed in exactly the same way as an on-prem managed HSM.

As part of provisioning, you receive administrator credentials for the appliance, initialize the HSM, manage the HSM, create roles and create HSM partitions on the appliance. After creating HSM partitions, you can configure a Luna client (on a virtual server) that allows applications to use the APIs provided by the HSM. The cryptographic partition is a logical and physical security boundary whose knowledge is secure with the partition owner authorized by you. Any attempts to tamper the physical appliance will result in data being erased. Similarly incorrect attempts to login beyond a threshold will result in erasing partitions, hence we highly recommend backing up your keys.

 

Source :http://blog.softlayer.com/2016/cloud-hsm

cloud_stack

Magic Quadrants, Performance Metrics & Water Cooler Discussions

When you make decisions about extending your infrastructure footprint into the cloud, you do so very intentionally. You hunt down analyst reports, ask peers for recommendations, and seek out quantitative research to compare the seemingly endless array of cloud-based options. But how can you be sure that you’re getting the most relevant information for your business case? Bias exists and definitions matter. So each perspective is really just a single input in the decision-making process.

The best process for evaluating any cloud solution involves four simple steps:

  1. Understand what you need.
  2. Understand what you’re buying.
  3. Understand how you’ll use it.
  4. Test it yourself.

Understand What You Need

The first step in approaching cloud adoption is to understand the resources your business actually needs. Are you looking to supplement your on-premises infrastructure with raw compute and storage power? Do your developers just need runtimes and turnkey services? Would you prefer infrastructure-abstracted software functionality?

In the past, your answers to those questions may send you to three different cloud providers, but the times are changing. The lines between “Infrastructure as a Service,” “Platform as a Service,” and “Software as a Service” have blurred, and many cloud providers are delivering those offerings side-by-side. While SoftLayer cloud resources would be considered “infrastructure,” SoftLayer is only part of the broader IBM Cloud story.

Within the IBM Cloud portfolio, customers find IaaS, PaaS, and SaaS solutions to meet their unique workload demands. From an infrastructure perspective alone, IBM Cloud offers cloud servers and storage from SoftLayer; containers, databases, deployment, and monitoring tools within Bluemix; and turnkey OpenStack private cloud environments from Blue Box. We are integrating every component of the IBM Cloud portfolio into a seamless user experience so that when a customer needs to add cognitive capabilities or a private cloud or video services to their bare metal server infrastructure, the process is quick and easy.

Any evaluation of SoftLayer as a cloud provider would be shortsighted if it doesn’t take into account the full context of how IBM Cloud is bringing together multiple unique, highly differentiated offerings to provide a dynamic, full-featured portfolio of tools and services in the cloud. And as you determine what you need in the cloud, you should look for a provider that enables the same kind of cross-functional flexibility so that you don’t end up splintering your IT environment across multiple providers.

Source : http://blog.softlayer.com/2016/evaluating-cloud-iaas-gartner-forrester-frost-sullivan

ibm-softlayer-logo-96436

SoftLayer API Overview

SoftLayer’s Application Programming Interface (API) is the development interface that gives developers and system administrators direct interaction with SoftLayer’s backend system. The functionality exposed by our API allows users to perform remote server management, monitoring and retrieve information from SoftLayer’s various systems such as accounting, inventory and DNS. Our API powers many of the features in the SoftLayer Customer Portal, which typically means if an interaction is possible in the Customer Portal, it may be executed in our API, as well.

Who Should Use the API?

The SoftLayer API (SLAPI) is available to all SoftLayer customers at no additional charge. We encourage our customers with a basic knowledge of object-oriented programming to take full advantage of the capabilities the SLAPI offers. While SoftLayer customers use the SLAPI for a variety of tasks, the ability to programmatically interact with all portions of the SoftLayer environment within the API results in the majority of our customers using the SLAPI to automate tasks.

Where to go From Here

Now that you know the basics, it is time to start coding. Check out our Getting Started Guide to see how to create an API user and make your first call. We also maintain a number of guides for specific languages:

  • C#
  • Perl
  • PHP
  • Python
  • Ruby
  • Visual Basic .NET

 

Source :  http://sldn.softlayer.com/article/SoftLayer-API-Overview