enStratius provides the IT policies and security processes required to operate and build systems on the cloud.
By accessing the cloud through enStratius, secure control of the cloud's infrastructure becomes possible enabling specific protection of data.
The enStratius system itself operates at a completely different location such as on-premise from public clouds.
All customer data is stored at an independently held datacenter.
SaaS type enStratius systems are operated via virtualization of highly redundant dedicated hardware located in a brandnew datacenter in downtown Minneapolis.
enStratius's system has 3 VLANs, of which two are accessible via the public internet. One VLAN is acccessed is accessed by web console and web services, while the second VLAN is accessed by our provisioning.
The third VLAN handles authentication information of the customer and cannot be accessed via the public internet. Additionally, access from our company's system is limited to the utmost.
■ Web Console and Web Services
This console is used to perform all responses for enStratius: via web applications, and web service APIs.
The system administrator can set the number of users which use each piece of infrastructure as well as being able to relate different users to different roles. In the same manner, it is possible to create multiple accounts and to specify different roles for each account.
If a change is added to a user account, whether it be a role change or password change, an e-mail is sent to the user from enStratius notifying the user of the change. The user can check whether such changes are the result of an attack on the system through warnings given by these mails in the form of alerts.
Additionally, the web console has been localized to Japanese resulting in an interface of high usability.
* Japanese-converted web UI
■ Provisioning Systems
Communications are performed via a web service API to go-between the provisioning system and the data. The database will not be accessed in this connection. All web services are transmitted by SSL certification under GeoTrust, VeriSign, GlobalSign.
The provisioning system does not keep the authentication data or keys of important customers but leaves data keeping to the authentication system. The encrypted data of the authentication system is encrypt calculated by the provisioning system and kept in the memory of the provisioning system.
Each time the system status changes, enStratius writes the change into the log of a write-only monitoring database. To satisfy a customer's independent monitoring, enStratius has prepared an independent event log for the customer.
■ Credentials Management
As the authentication management system keeps all the customer's encrypted and authenticated data in and AES-256 encrypted database, no encrypted key for the authentication management zone exists.
enStratius does not keep data on its authentication system which would allow identification of who the contents of the database belongs to or what the encrypted data would be used for.
■ Server Agents
A customer's virtualization server on a cloud can use the enStratius agent.
The agent can securely use all important data related to the enStratius cloud.
・System backup and encryption of the backup
・Encryption of the file system
・Configuration of the SSL
・Bundling of the machine images
・User management of Shell/Remote desktops
・Integration of the unauthorized invasion detection system
■ File System Encryption
enStratius also can provide the option of automatic encryption of multiple environments on the cloud.
■ Backup Encryption
If the customer selects the option of backup encryption, enStratius will, after encrypting all the backup data, upload the data to cloud storage or the customer's backup cloud.
■ Shell/Remote Desktop Access
Access to Shell or remote desktop shall be managed and protected securely.
■ Customer Data Management
enStratius shall not directly access important data of the customer;
・we shall not access the customer's server on the cloud without the special permissions of the customer.
・as all the encrypted authentication keys are kept after calculation in memory, employees of enStratius do not hold the means of accessing the complex data.
・credit card data of the customer is kept on a PCI Level 1 billing provider called Aria. enStratius is not allowed access here either.
The development of mechanisms to access such data is prohibited in enStratius's policies.
■ System Access
enStratius strictly separates all administrators and ensures redundancy. For any system, enStratius does not set a general administrator account. Instead, all users each have authenticated access authorizations with each having different escalations.
Authorizations are held.
■ Encryption and Key Management
All file systems attached to enStratius's system servers are encrypted. Additionally, all backup data is encrypted before being backed-up to their respective environments.
■ Availability and Disaster Recovery
In the event of all data at a datacenter being destroyed due to the occurrence of a disaster, a recovery point is used and recovery performed from 24-hr operating off-site backup data. In other words, even if enStratius goes down, the customer's cloud can continue operating normally.
■ Provided Configurations
SaaS Pricing Plans are as follows:
|Managed Server Number||5||None||None||None|
|Timed payment per server||－||5 yen/hr||4 yen/hr||2 yen/hr|
|Number of users||3||10||No limit||No limit|
|Monthly expense||Free||5,000 yen||50,000 yen||500,000 yen|
* Depending on the provided function and other functions, optional charges may be incurred. For further information, contact our company.
2.System of Software Provision
2.1 System of Software Provision
|VM number||Monthly Price|
|More than 3000 nodes||Quotation based|
2.2 Pricing Plan based on physical node number
|Node number||Yearly Price / Server|
|More than 500 nodes||Quotation based|
※ 2 CPU sockets／server
Any system construction expenses related to software provision is considered separately.
【 Contact details 】
Creationline, Inc. TEL: 03-6228-3555