05 May 2022
A Security-First approach to Cloud Management
Last month, we saw how HPE Greenlake enables on-premise data centres to maximise cloud benefits through pre-configured infrastructure options. As part of the Greenlake offering, HPE provides, installs, manages and maintains the infrastructure. GreenLake eliminates hybrid cloud management complexities by allowing users to provision virtual machines and containers directly from the single user interface, HPE GreenLake Central.
GreenLake Central - a point-and-click cloud experience
HPE GreenLake Central is a cloud platform that provides secure and role-based access to trial, subscription, and consumption of HPE GreenLake service offerings. HPE GreenLake Central provides service orchestration, a unified cloud experience to applications and data across the customer’s HPE GreenLake estate, including private and public clouds, edge to core.
HPE GreenLake Central and associated services are developed with security as a cornerstone. Providing a robust, secure solution requires the foundation of a mature, secure software development lifecycle (SDLC) methodology. This is a critical aspect of the platform’s security, which is usually not noticed directly by users. Strict adherence to the secure SDLC is required to manage risk and achieve a demonstrably secure system.
With HPE GreenLake Central, customers can achieve a unified cloud experience across apps and data everywhere—private and public clouds, edges, and data centres—all through a single intuitive portal and management console. It brings together apps and tools that support and enrich our HPE GreenLake offering, such as HPE Consumption Analytics and continuous compliance controls (some are included, and others are available at additional cost). More than a portal, HPE GreenLake Central delivers the services that customers need to run their business, tailored and delivered to them through one unified view.
Businesses can use HPE GreenLake Central to:
- Move faster with a self-service, point-and-click cloud experience
- Deliver a tailored cloud experience with role-based access for IT, CIOs, DevOps, and finance
- Gain quick insights across all functions with high-level KPIs, such as monthly costs, capacity, and compliance conditions
- Try new services, such as continuous compliance controls and private cloud
HPE GreenLake Central security
HPE GreenLake's infrastructure is designed with security in mind. When developing, deploying, hosting, and managing cloud services, HPE GreenLake prevents unauthorised access to user profile data. GreenLake Central simplifies and secures the management of HPE GreenLake services and resources. Administrators can manage IAM roles, access, and permissions to govern user behaviour in decentralised domains.
HPE GreenLake Central acts as the management plane and only handles customer contact information and credentials, such as user ID, password, access tokens and roles. This data is always encrypted, whether in transmission or at rest, and is also securely backed up and protected by isolation within Kubernetes (K8s) containers. All data transmission within HPE GreenLake Central and between external networks to and from HPE GreenLake Central is protected by encryption using TLS 1.2. Customer data is not transmitted through nor stored in HPE GreenLake Central
HPE GreenLake Central monitoring services cover everything from source code to running components, allowing HPE GreenLake to rapidly detect, investigate, and resolve critical issues.
The following are a few of the principles used to provide embedded security guardrails and enforce security best practices in the HPE GreenLake Central software development process:
- Minimise attack surface: Enforce all service API exposure to be explicit and closed by default
- Establish secure default: Secure defaults are provided throughout the workflow to ensure developers start secure
- Provide least privilege: Services are isolated, resource sharing is structurally prohibited, and all privilege escalation must be explicit and approved
- Offer continuous verification: Validate security parameters upon deployment, continuously validating that all security parameters are appropriate and performing continuous threat detection for bad actors in the system
- Don’t trust services: All services are only accessed via public APIs and access is explicitly authenticated and authorised, rather than by network proximity or segmentation
- Ensure separation of duties: Independent service delivery and isolation ensure a strict separation of duties for all services
- Avoid security by obscurity: Use tools to ensure secrets management, secrets rotation, and handling of confidential information are all at the highest security standards
- Keep security simple: Intrusion detection, security benchmark verifications, and dependency vulnerability scanning are built into the platform, requiring no conscious effort to implement
- Fix issues correctly: Actively scan software artefacts for known vulnerabilities and automatically stop the integration process, enabling teams to remediate identified issues
GreenLake Central use cases
Being built with security at the core, GreenLake Central has the capability to serve the diverse needs of business professionals. Some notable use cases focus on cost management, provisioning and hybrid estate management.
Cost management
One of the key pain points for IT executives and LOBs is managing costs across hybrid cloud environments. Costs can quickly escalate without the right visibility and control. With HPE GreenLake Central, cost KPIs are integrated into the dashboard so businesses can easily see the current monthly costs and how spend is increasing or decreasing over time. If more detailed information is needed by location, resource, or month, it's available through the Monthly Charges report.
GreenLake offers the secure and compliant environment for these investigations to occur. With Continuous Compliance capabilities, HPE experts work with the business to tailor frameworks according to their specific needs and requirements, selecting from over 1500 controls to ensure compliance across a wide range of areas such as HIPAA, GDPR, and more
Provisioning
Businesses benefit from the simplicity and speed with which they can deploy resources in the public cloud. It lets them react to changes in the business, or competitive pressure, faster and easier. It encourages innovation and experimentation without the risk of high up-front costs.
That’s the experience HPE GreenLake provides with managed private cloud. The ability to quickly spin up resources on-premises with just a few clicks and with the pay-per-use economics of public cloud. This is truly differentiating in the market.
HPE GreenLake Central enables a consistent experience to provision, monitor, and manage workloads across the private cloud. In a single dashboard, businesses can see their instances, open tickets, and activity logs, as well as stats on availability, response time, and open incidents.
Management of the hybrid estate
One of the major struggles that businesses have is managing their entire hybrid estate holistically. Typically, it requires different tools to get the insights you need across on-premises and multi cloud, which can be cumbersome and time-intensive.
HPE GreenLake breaks down the silos to deliver the insights and control needed to optimise business operations. The HPE Consumption Analytics Portal brings together usage and spend from HPE GreenLake and public cloud environments, so organisations gain greater visibility, manage capacity, and optimise costs.
Often, resources are underutilised or no longer being used, resulting in unnecessary spend. The Insights feature offers a rules-based recommendation engine that surfaces areas where businesses can optimise costs and mitigate risk.
Conclusion
Hybrid cloud offers a wide range of services to accelerate the efficient development and delivery of applications and services to meet the ever-increasing demands from lines of business. One of the major concerns with cloud solutions, however, is ensuring the security of the environments and the consistency of security controls across cloud providers, which may have different implementations.
HPE GreenLake Central (GLC) provides a platform in which the customer has a single point of administration for all workloads managed by HPE GreenLake running on public and private clouds. All businesses using HPE GreenLake benefit from an infrastructure architecture that is built to meet the requirements of the most security-sensitive organisations. As your trusted IT partner, we can help you explore the ways Greenlake can take your business to the next level.