Professional Documents
Culture Documents
Cyber Recovery Workshop 2024 - Cyber Recovery Vault in The Cloud
Cyber Recovery Workshop 2024 - Cyber Recovery Vault in The Cloud
Cyber Recovery Workshop 2024 - Cyber Recovery Vault in The Cloud
Frankfurt
January 2024
• CyberSense can be
installed separately
• AWS
• CloudFormation stack deploys the entire CR vault with all its components
• CyberSense can be installed separately
• AWS
• The CloudFormation stack template is shared with the customer
• The stack template deploys the Cyber Recovery Management Host from a private AMI stored on Dell’s
AWS account. This AMI needs to be shared with the customer’s AWS account
• AWS
• The template deploys:
• CR management host
• Hardened Windows jump host
• DDVE
• S3 bucket for the DDVE
• VPC with 2 subnets:
• Subnet for the jump host
• Subnet for the CR host and DDVE
• Security groups
• ACLs
• AWS
CyberSense
• Deployed and launched using a private AMI that is shared with the customer's AWS account
Private AMI
Shared AMI name Dell AWS
Account
• Azure
• Template file deploys the entire vault
• Azure
• ARM (Azure Resource Manager) template files are shared with the customer
• VM image is shared with the customer
• Azure
• A resource group is created with all the components in it
• GCP
• Template file deploys the entire vault
• GCP
• Terraform template file is shared with the customer
• Image is shared with the customer’s Service Account or user (email address)
• GCP
• GCP
The template deploys:
• CR management host
• Hardened Windows jump host
• DDVE
• Storage bucket for the DDVE
• 2 VPCs with 3 subnets:
• Subnet for the jump host
• Subnet for the CR host and DDVE
• Subnet for the DDVE replication NIC
• Firewall rules
• Connect your Prod to the AWS Vault with VPN or direct connection
• Reset the Cyber Recovery root and application passwords (MongoDB, CRSO user, Lockbox)
• Configure the jump host to receive files, then install an offline version of a supported web browser
(the hardened Windows VM doesn’t have Chrome installed on it by default)
• Configure the DDVE and its filesystem on the deployed S3 bucket/storage bucket/storage account
• Configure the replication contexts to the vault, including editing security groups and ACLs
Cloud Vault
DDVE
Application Hosts
Production /
Clean Room/
Another Cloud Account Cloud Vault
DDVE
Application Hosts
AWS:
• Configuration of replication contexts issues because of (inbound and outbound) Security Groups AND
ACLs
AWS:
AWS:
• CyberSense issues:
• Deployed not the in same subnet as the DDVE and CR