Airgap

Airgap Product Specification

• Use of this document
• Overview
• Terms
• Functional Specification Description

Use of this document

This document is the functional specification definition of the product's functionality.

Overview

The Airgap product automates data sync from a PowerScale cluster running 9.4 software to another PowerScale Cluster that is physically connected to only the production cluster. This creates a private network between the production cluster and the vault cluster for the purpose of maintaining a copy of production data that is inaccessible to the internal corporate network within a customer environment. This isolation allows customers to maintain a recovery copy of data that is usable as a recovery copy under potential cyber threats that affect customers production IT infrastructure and data residing on the production cluster.

Terms

1. Eyeglass GUI - User monitoring, alarms and user interface to interact with product configuration and threats raised.

2. Vault Agent VM’s  -  These are the VM's that orchestrate the vault data replication and shuts down access to the vault during idle periods.

3. Ransomware Defender or Security Edition - This capability is referenced on this link is a required component of any Airgap solution.

Functional Specification Description

1. Dependencies 

   1. Cluster must be licensed for Airgap and Ransomware Defender 

   2. Only available in vmware OVA format

   3. Physical network design must match product documentation exactly as shown without any deviations to be a valid supported solution. Any deviations not approved in writing by Superna are immediately invalid and voids and support of the solution.

2. Physical and logical Security

   1. All physical security must be in place to ensure no unauthorized access, tampering of the equipment that comprises the vault. This includes cables, fibers, Ethernet switches, firewalls, compute hosts and remote access management equipment, the vault cluster.

   2. Physical security is outside scope of responsibility of Superna's software and services.

   3. Physical security must guarantee no physical access to any hardware

   4. Logical or management access to software used to manage the physical equipment must include 2FA, encryption at rest and inflight, patch process for management tools, quarterly penetration testing and inspection of all tools, hardware configuration is following security hardening procedures from all vendors with equipment that comprises the vault, trusted certificates used on all devices signed by a trusted CA, access rules based on IP ranges, users and roles within an RBAC design, auditing of all activity both logical access and physical access, user action traceability, role based access, biometric detection and authorization, procedures and policies documented that ensure all of the above in up to date, Immutable audit logs of al phsycal or logical access to any equipment within the vault, vault network, vault management network.

   5. Employee background checks and processes to ensure only trusted indivviduals are allowed to maintain, monitor, operate, update, upgrade any component within the vault equipment.

   6. The above is not intended to be an exhaustive list, all security best practices for hardware and software must be followed.

   7. Failure to demonstrate compliance with these external requirements will void any liability resulting from a security incident that affects the vault equipment or vault data.

3. Patching

   1. The product does not support hotfix patching and requires and complete upgrade of the software version or build number to apply any patch

   2. Operating system patches are not provided and must be downloaded directly through an out of band method and requires physical access to the secured physical equipment to apply patches, updates, or upgrades.

4. Compatibility 

   1. The product does not support forward compatibility with target devices and will require a software upgrade to support a forward version of a target device.   This includes minor or build number changes of the target device.

5. Appliance Modifications

   1. Modifying the operating system packages, removing or adding packages, changing the OS configuration and support of these changes is not covered by support and customers must support OS modifications and perform necessary testing.   No support for customer modifications with the exception of applying open suse OS package patches that shipped with the original appliance or published procedure in documentation.

6. Operational Procedures

   1. If documentation does not list a procedure, it is explicitly unsupported unless support provides a procedure. 

7. Installation

   1. This product is not customer installable and must be installed and configured by professional services for correct deployment and validation of the software integration with the cluster.

8. Use limitations

   1. Combining this product with any other product is in violation of the specification & documentation unless it is found in documentation. Only equipment listed in documentation is considered authorized for use equipment. If not listed, a written response by Superna to use alternate equipment in a vault solution is required.

   2. Failure to receive approval will null and void your support.

9. Airgap software Automates

   1. Data sync from production to vault cluster
   2. opens and closes IP interface on vault cluster when required for data sync
   3. Collects alarms from vault cluster, disk utilization, airgap product log and syncs them to eyeglass for support purposes, including valut cluster logs are synced to production cluster for Dell support to monitor the hardware health
   4. Reports on data synced on a daily basis with metrics on data synced, time to sync
   5. Allows schedule management of when data should be synced
   6. Allows for configuration of new clusters or new data sets to be configured for vault sync
   7. Monitors the network between the production cluster and the vault cluster

10. Airgap Function

    1. This function automates syncing data using synciq between Isilon or powerscale clusters on a closed private network for the purpose of maintaining an offline copy of data. This helps ensure best practices for data protection.

    2. 2 different product options are available with outside the vault network automation of and inside the vault with a different license required for inside the vault automation.

       1. Licenses

          1. Airgap Enterprise

             1. License required for vault agent VM deployment inside the vault

    3. Enterprise airgap operates inside the vault on the vault cluster management network secured and closed network. The cluster IP interfaces are added or deleted to allow synciq to reach the vault cluster

    4. Management

       1. During airgap sync operations alarms are retrieved from the vault cluster from an ssh session on the production protected cluster and requires the PAPI to be reachable to collect alarms using a vault minimum permissions user that is allowed to collect alarms. These alarms are proxied to users through Eyeglass email or syslog alarm subsystem.

       2. Enterprise vault agent VM will push logs during airgap sync operations to Eyeglass VM using SSH and API to store logs on eyeglass for support purposes

       3. Scheduled airgap maintenance can be requested from eyeglass on an interval of eery 2 hours (enterprise airgap) or on demand with basic airgap. This uses a heart beat process that checks for maintenance requests created using a CLI command on eyeglass. Maintenance activities would include debugging or software upgrades

    5. Reporting

       1. Both versions offer reporting that tracks synciq replication using the reports to summarize success or failures and includes other metrics such as throughput, sync duration, quantity of data replicated. This report is scheduled daily and reports are visible in the airgap Icon management interface.

    6. Monitoring

       1. Both versions offer monitoring of airgap job steps from the airgap management interface showing previous executions and access to reports that summarize replication status

       2. Proxy alarms from the vault hardware are viewable in the alarm icon interface

    7. Smart Airgap

       1. This feature checks threat level determined by Airgap or Easy Auditor , if an active threat is raised in either product any scheduled sync to the vault is paused to keep the vault cluster offline. The administrator must clear the active alarms before normal sync operations will continue

    8. Configuration

       1. Adding the static route, and service user to get alarms from the vault cluster and the schedule of data sync to the vault cluster

       2. Enterprise version also requires control of the schedules and must be enabled for Enterprise version

    9. Data Security

       1. The solution adds significant protection to maintain an offline copy of data. The solution requires that operational step are followed and all devices used in the airgap , including switches, routers, firewalls,, vault cluster are patched regularly for security related patches, including the OS on all eyeglass VM's.

       2. The solution reduces the potential of the data in the vault from being compromised but does not eliminate all possible attacks or threats to the data in the vault. Physical threat or insider threats or other threat risk is not reduced to zero percent possibility. The solution reduces this potential if all operational guidelines are followed. No guarantee or warranty is made about the threat reduction to zero or the possibility of comprising the vault data.

11. Installation Knowledge Transfer post installation

    1. The product installation process informs customers of the decisions they own to determine the protection and activation of protection features. Operational training is provided by Superna installation services. Failure to follow documented procedures in documentation can limit or terminate your entitlement to support.

12. Operational Expectations for all deployments

    1. Airgap is a component of an overall security solution that must include the following best practices in order to correctly deploy a security solution.  The operational steps below are expected to be followed for correctly using and integrating Airgap into a security solution.

       1. A data security plan should include multiple layers of security including endpoint protection and a backup system to recover data.  Airgap is not intended to replace other security solutions or backups of your data.

       2. Backup data should be stored off line so that it is not connected to the network.  An offline backup is a requirement in all scenarios. A vault is not a primary backup recovery system.

       3. Network monitoring tools, SIEM tools with logging and monitoring of all key components and high risk systems, including the storage environment.

       4. The specification and operational management of this product Requires:

          1. May not detect or prevent any or all malicious code or that use of the licensed program and related updates or upgrades will keep company’s network or computer systems free from viruses or other malicious or unwanted content or safe from intrusions or other security breaches

          2. Patching and firmware updates to all hardware components that make up the vault network, vault storage and vault compute and management

          3. Product usage assumes endpoint protection Anti-virus software is in place on all operating systems, devices, computers.

          4. All computers with operating systems are patched regularly

          5. All CVE's are acted upon with patches and remediation applied to all devices within the IT infrastructure.

          6. All firewalls, security devices are running current versions and configured correctly to protect networks

          7. The compute infrastructure is maintained and provides minimum product requirements for cpu, memory, disk latency.

          8. The end users and IT are trained to respond to a Airgap attack and have a run book to respond to an incident.

          9. End users are trained regularly for phishing attacks and social attacks intended to compromise computers with Malware/Airgap

          10. All product alerts are acted on in a timely manner to ensure processing of audit data is protecting the file system.

          11. Daily Mandatory operational tasks

              1. Monitor successful data syncs into the vault, monitoring of disk space within the vault, alarm monitoring and response actions necessary to resolve any faults within the vault solution, monitoring the vault components (cluster, network devices , switches, firewall walls, management devices for remote access, security logs)