NEBULON SECURE ENCLAVE
Creates a Secure ‘Panic Room’ Inside Every Server
Anchored by the Nebulon SPU, it contains all NVMe, SAS and SATA SSDs, boot and data volumes, and infrastructure services in each application server to securely isolate the infrastructure services from the server operating system and application attack surface.
Nebulon Secure Enclave
Data & OS Protection From Ransomware
Continued Operation During OS Fault/Maintenance
Secure Out of Band Cloud Management
How it Works
Application Server
Application Services Domain
OS
Hypervisor, VMs
Containers
Cluster Software
Config Tools
Secure Isolation: “Secure Enclave”
Infrastructure Service Domain
Server Management
Network Services
Storage Services
Cyber Services
See the Nebulon Secure Enclave in Action
Data & OS Protection From Ransomware
As data is written to the Secure Enclave, changes in entropy are tracked and analyzed, flagging any suspicious changes. In the event of a ransomware attack, all servers in an nPod can be restored to a prior version of their operating system and application data in just minutes. The Secure Enclave protects the recovery utilities and all point-in-time copies of the operating system and data volumes necessary for recovery. Recovery is done with a simple push-button operation, reverting all volumes, boot volume and data volumes a previous point in time.
Continued Operation During OS Fault/Maintenance
The SPU creates two separate operating domains: one for the application server and one for infrastructure services–the Secure Enclave. As long as the server has power, the Secure Enclave resources are available to the servers in the cluster.
The host operating system can be rebooted or crash without affecting availability, performance, or data redundancy. This means maintenance complexity is substantially reduced as data does not require special care prior to OS reboot. In addition some servers power down during a reboot–the Secure Enclave is protected from such brown-out scenarios by a battery on the SPU.
Secure Out-of-Band Cloud Management
Only authorized infrastructure users can gain access to the infrastructure domain, reducing the risk that an application user may intentionally or unintentionally bring harm to the environment.
Beyond that, all in-band management access to the system is disabled, preventing bad actors from infiltrating the Nebulon Secure Enclave through that means. All management is out-of-band and subject to a zero-trust authentication model and Nebulon’s patented security triangle (see Nebulon ON page to learn more).
Nebulon Secure Enclave in detail
How does Nebulon Secure Enclave fit into smartInfrastrucure?
Transform industry standard servers to efficient, cyber-resilient application Infrastructure.
Feature Resources
Read up, chat up, and stay up (-to-date), on everything smartInfrastructure