Designlet: Technical Guidance for VMware Sovereign Cloud Providers - What is a VMware Sovereign Cloud?
Introduction
The VMware Sovereign Cloud Technical Guidance for VMware Cloud Provider Partners is a technical reference point for deploying all components needed to build and maintain a VMware Sovereign Cloud. The intent of the technical guidance is to document a verified stack along with other components that will define a technical approach to building a Sovereign Cloud.
VMware's Sovereign Cloud Initiative recognizes VMware Cloud Verified partners that meet VMware’s definition of a Sovereign Cloud. Partners who implement the VMware Sovereign Cloud guidance will be better able to protect the sovereignty of their customer's workloads and data.
While the definition of what a Sovereign Cloud is, continues to evolve and is truly based on the Sovereign Nation or entity where the workloads/data/people will reside, technical guidance is needed to make our VMware Cloud Providers successful in serving their customers. This guidance will be flexible enough to allow different configurations and implementations to comply with the entity that is providing the requirements of their Sovereign Cloud.
VMware Cloud Providers benefit from clear guidelines around data sovereignty, data residency, data access, jurisdiction, control, and much more to provide customers with the assurance that their most sensitive data is managed securely. With sovereign cloud capabilities, customers benefit from the scale of a multi-tenant, hybrid cloud environment while maintaining security, access, and control like a traditional on-premises, legacy computing environment.
Legal Disclaimer
This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Audience
This document is intended for VMware Cloud Provider architects and technical leads responsible for planning and performing the implementation and maintenance of a VMware Sovereign Cloud environment.
Scope
This document addresses the following aspects:
What is a VMware Sovereign Cloud?
The core proposition of a VMware Sovereign Cloud is to provide enforcement of data and workload residency, extend data sovereignty protections beyond the immediate platform where possible, and enable secure, audited connectivity and data transactions between resident, sovereign, and non-sovereign data classifications.
Interoperability stack
Provides a list of all the components comprising the software stack. This will be a foundation of the VMware Cloud Verified software stack and a list of other components required to build a VMware Sovereign Cloud.
Note: Versions of the provided software stack should be verified against the VMware Product Interoperability Matrices to ensure compatibility and support. This is the authoritative resource for interoperability between the VMware software components.
Security and Compliance Guidance
To align with the VMware Sovereign Cloud definition, a compliant solution must comply with all relevant security guidelines outlined in the product-specific documentation. System administrators and implementation teams for VMware Sovereign Cloud Foundation use the Security and Compliance Configuration Guides for the different components of the stack that make up a VMware Sovereign Cloud to assess and implement user-defined configurations. Default configurations that address compliance are not a subject of the configuration guide because they do not require additional configuration. In some cases, default configurations must be evaluated to ensure the default parameter aligns with the policy and procedures of your organization. Guidance for auditors who evaluate a VMware Sovereign Cloud environment can use the references in this guide to evaluate both default and user-defined configurations.
Default configurations
Security configurations based on compliance requirements that are configured by default in VMware Sovereign Cloud. According to the different regulatory requirements, the parameter values might require changes, but by secure design, these configurations are included in the current implementation.
User-defined configurations
Additional input by the organization is required to identify, select, and set configurations based on a target regulation.
What is a VMware Sovereign Cloud?
A VMware Sovereign Cloud aims to maintain the sovereignty of data in all possible ways for any entity (country, region, enterprise, government, institution, etc.).
Table 1: Criteria for a VMware Sovereign Cloud
Criteria |
Notes |
Data Sovereignty and Jurisdictional Control |
|
Data Access and Integrity |
|
Data Security and Compliance |
|
Data Independence and Interoperability |
|
VMware Sovereign Cloud Terminology
Here are some terms that are specific to Sovereign Cloud that should be understood before determining what is needed in your design.
- Data residency - Refers to the physical location in which data is stored and processed, by extension this includes the systems on which that data resides. Controls within a Sovereign Cloud platform over workload placement, data storage, and processing ensure that the resident status of the data is always preserved.
- Data sovereignty - Refers to data being subject to the laws of the jurisdiction it is collected in. This generally implies that the data is generated within the geography of the jurisdiction and that it will remain there.
- Data localization – The process of storing and processing data where it is first collected and persistently maintains its resident and sovereign status, effectively creating compute and data silos along jurisdictional boundaries.
- Security domains - A security domain is a conceptual grouping of systems, network connections, supporting infrastructure, people, and operation processes that fall within a common security boundary. Security domains typically represent a common authentication and authorization boundary (e.g., an LDAP realm), such that being granted access to one system in a security domain leads to the explicit or implicit granting of access to other systems in that domain. A security domain can represent a network connectivity area with a common security posture with protections located at the domain boundary, security domains can optionally be further subdivided into smaller connectivity areas using subnetting and micro-segmentation.
VMware Security Domains
All VMware Sovereign Clouds must include two prescribed security domains: Resident domain and Sovereign domain. These domains encompass management and workload domains in vSphere and all supporting infrastructure and management elements.
Figure 1: Sovereign Cloud Security Domains
Interoperability Stack (Bill of Materials)
The Bill of Materials for a VMware Sovereign Cloud follows the VMware Validated Solution for Cloud Providers. This table lists a defined set of software components that can be used to implement a VMware Sovereign Cloud. The VMware Sovereign Cloud Bill of Materials information is found in Table 1 of the VVS for VMware Cloud Director 10.2-10.4 document.
Security and Compliance Guidance
For VMware Sovereign Cloud implementations, a best practice would be to transfer security over to a dedicated team (post-deployment) to augment and monitor the security posture. It is the responsibility of each security, compliance, and audit team in your organization to verify that configurations meet their compliance requirements. The attack vectors and compliance guidelines are constantly evolving, which requires constant monitoring and risk management processes.
It is important to note that the VMware Sovereign Cloud security guidance is not enough on its own. Each organization needs to assess its own risk posture and identify applicable controls using a series of supporting security architecture, technology, processes, and people to evaluate the environment.
Super users of the system inherit various technologies and typically work with security specialists to implement controls effectively. VMware Sovereign Cloud deployments benefit from post-implementation security health checks to enhance the organization's security posture as it relates to the requirements of the sovereign entity where the VMware Sovereign Cloud resides.
Governance, Risk, and Compliance Mapping
This guidance describes the security configurations that can support Governance, Risk, and Compliance (GRC) considerations. Due to the variety of compliance standards and different organizational business needs, due care should be taken to identify and map VMware Sovereign Cloud configurations against a targeted regulation.
Organizations expect to keep data safe. They must often comply with one or more regulations from government standards to private standards such as:
National Institute of Standards and Technology (NIST)
Federal Risk and Authorization Management Program (FedRAMP)
International Organization for Standardization number 27001 (ISO27001)
International Organization for Standardization number 27032 (ISO27032)
British Standards Institution (BSI)
Internet Engineering Task Force (IETF)
Security Versus Compliance
The VMware Sovereign Cloud approaches security and compliance concepts in a practical manner. Security supported by the VMware Sovereign Cloud reduces the risk of data theft, cyber-attack, or unauthorized access. While compliance is proof that a specific security control is in place, typically within a defined timeline. Security and compliance work with a broader set of considerations including people, processes, and technology. Security is primarily outlined in the design decisions and highlighted within the technology configurations. Compliance is focused on mapping the correlation between security controls and specific requirements. A compliance mapping provides a centralized view to list out many of the required security controls. Those controls are further detailed by including each security control's respective compliance citations as dictated by a domain such as NIST, PCI, FedRAMP, HIPAA, and so forth.