Inhaltsverzeichnis

Cloud integracija

Ciljana skupina: Cloud arhitekti, DevOps
Fokus: HSM integracija, upravljanje tajnama, Multi-Cloud

Integracija PQ-sposobne PKI s Cloud HSM i servisima za upravljanje tajnama.

Pregled

flowchart TB subgraph ONPREM["ON-PREMISES"] CA[CA Server] HSM[HSM] end subgraph AZURE["AZURE"] AKV[Azure Key Vault] AHSM[Managed HSM] end subgraph AWS["AWS"] ACM[AWS Certificate Manager] KMS[AWS KMS] CHSM[CloudHSM] end subgraph MULTI["MULTI-CLOUD"] HV[HashiCorp Vault] end CA --> AKV & ACM & HV HSM -.->|Backup| AHSM & CHSM HV --> AZURE & AWS style HV fill:#e8f5e9 style AKV fill:#e3f2fd style ACM fill:#fff3e0

Usporedba Cloud providera

Značajka Azure Key Vault AWS KMS HashiCorp Vault
———-—————–————————–
HSM FIPS 140-2 Level 3 (Managed HSM) Level 3 (CloudHSM) Level 2 (Transit)
PQ podrška Još ne Još ne Da, putem pluginova
Upravljanje certifikatima Da, nativno Da, ACM Da, PKI Engine
Multi-Cloud Ne Ne Da
Troškovi Srednji Visoki (CloudHSM) Open Source + Enterprise

Scenariji

Scenarij Cloud Tip HSM-a
Azure Key Vault Azure Managed HSM
AWS KMS + CloudHSM AWS CloudHSM
HashiCorp Vault Multi-Cloud Transit SE

Stablo odlučivanja

flowchart TD A[Potreban Cloud HSM?] --> B{Primarni Cloud?} B -->|Azure| C[Azure Key Vault] B -->|AWS| D[AWS KMS/CloudHSM] B -->|Multi-Cloud| E[HashiCorp Vault] B -->|On-Prem + Cloud| F[Vault + Cloud integracija] C --> G{FIPS Level 3?} G -->|Da| H[Managed HSM] G -->|Ne| I[Standard Key Vault] D --> J{Budžet?} J -->|Visok| K[CloudHSM] J -->|Srednji| L[KMS] style E fill:#e8f5e9 style H fill:#e3f2fd style K fill:#fff3e0

Hibridna strategija

Preporuka: On-Premises Root CA + Cloud Intermediate za Cloud workloadove

Komponenta Lokacija Obrazloženje
———————-————–
Root CA On-Premises (HSM) Najviša sigurnost
Intermediate (Cloud) Azure/AWS/Vault Blizina workloadovima
End-Entity Cloud Auto-Provisioning
Backup Multi-Cloud Disaster Recovery

Povezana dokumentacija

« <- Operatorski scenariji | -> Azure Key Vault »

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

, , , , ,