Security

CloudPhysics is a SaaS-based platform that brings the power of Big Data analytics to virtualized data centers, enabling IT to make data-driven operational decisions. It consists of two key elements: a lightweight, secure virtual appliance (“Observer”) and a web-based portal. After you deploy an Observer to your environment, it collects, scrubs, anonymizes, encrypts and streams operational metadata to the CloudPhysics platform where you can run pre-made analytics packages (called “Cards”) or your own custom analytics against this data. No data leaves your environment without being anonymized and secured.

Observer

What data is collected?

Configuration and performance metadata are collected from the following VMware objects:

  • VMs
  • Hosts
  • Clusters
  • Resource pools
  • Datastores
  • Networks
What about identifying information or sensitive data like usernames and passwords?

The Observer does not collect any data other than specified. In addition, CloudPhysics excludes sensitive information such as usernames, passwords, IP addresses, and MAC addresses from transfer by default − these are never sent, in any form, to CloudPhysics.

Is data secured for streaming to CloudPhysics?

Yes! All collected data is strongly encrypted using SSL 3.0/TLS 1.0 when streaming to CloudPhysics.

Can the Observer be set up to use a proxy?

The Observer supports proxy usage via HTTPS and no firewall modifications are needed, provided port 443 is allowed for use to the hosts, either directly or via proxy. Proxy credentials are stored inside the virtual appliance in an obfuscated text format in a configuration file.

Does CloudPhysics communicate with or send data down to the Observer?

The virtual appliance is routinely patched and updated automatically from CloudPhysics for maintenance and feature updates.

Does CloudPhysics make any changes to my environment?

CloudPhysics never makes changes to your environment.

Does anything besides the Observer have to be installed?

For most customers, the Observer is the only thing that needs to be deployed. For those who want to run the Cache Assessment Card, CloudPhysics will deploy a VMware-format, digitally-signed host VIB (VMware Installation Bundle) for virtual disk statistics collection. This is a host daemon which installs only in userworld.

Platform

How is data secured once it is received by CloudPhysics?

Once collected, your anonymized scrubbed data is securely stored in CloudPhysics’ systems.  Physical and network security are maintained to ensure only correctly authenticated access to your data.

  • Unused protocols are blocked with network firewalls and edge routers
  • Internal firewalls are used to limit data to its respective application tier
  • User and customer CloudPhysics credentials are securely hashed (SHA-512) with a 192-bit random salt
Who has access to my data once it’s on the CloudPhysics platform?

Only you − or someone you invite to your CloudPhysics account − can see and run analytics against your data.

Is any of my data shared with anyone?

Only you can give access to your data by inviting new users to your account or by engaging a third party and explicitly providing access to your data. This access is read-only or to run analytics against the data − never to manipulate the data. You have the ability to grant or revoke visibility permissions and can remove access permission at any time.

CloudPhysics does not share individually-identifiable information with third parties without explicit direction from our users and customers.

Does CloudPhysics use my data in any way other than for my own use?

Non individually-identifiable data may be queried by CloudPhysics to provide system-wide analytics (such as comparing your VM uptime to the CloudPhysics community) − but it’s never shared with any third party.