IT Asset Management for Companies that Care About Measurable Return on Investment

Hosting Environment

LIVE! is hosted in Amazon’s EC2 cloud. The security aspects of the EC2 service are well documented and can be downloaded from Amazon;

http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf

End-to-End Security

In addition to the security measures provided by Amazon as part of the EC2 cloud infrastructure, the hosted element of Scalable LIVE! implements further levels of security;

1. Hardened Ubuntu Server OS with instance specific firewall.

2. AES encrypted file systems for secure storage of data.

3. AES encrypted backups.

4. HTTPS and trusted certificates used for a communication.

LIVE! Instance Creation

A LIVE! instance can be automatically created via a simple, secure form on www.scalable.com or on a partner website (as long as the partner site abides by certain security pre-requisites). The registration process ensures no passwords are ever sent via email. Once the registration data has been collected, the instance is automatically created and an email sent to the customer notifying of availability. The customer then has 24 hours to log in before the instance is deleted.

PAD Deployment

Once logged in, the customer must download and install at least one PAD. The PAD allows asset data to be discovered, data from onsite systems to be accessed and other tasks to be performed as required by the LIVE! application instance. The PAD is downloaded with a customer-specific certificate, which is used to authenticate with the LIVE! instance to establish an HTTPS connection. To maintain the chain of trust, the PAD initiates all communication when establishing the secure channel back to the hosted LIVE! instance. The server never contacts the PAD, so no special firewall rules are required. The PAD can only connect to the LIVE! instance from which it was downloaded, and the LIVE! instance will not accept inbound connection requests from PADs downloaded from other LIVE! instances.

Credential Security

To perform agent-less discovery and to access and control other onsite systems, the PAD requires access credentials. There are two options for storing credentials, which can be mixed or matched as required;

1. Stored on the LIVE! instance: Any credentials entered are encrypted using RSA and stored in the LIVE! DB, which is itself located on an AES encrypted file system. When required they are downloaded to the PAD and decrypted. They are never decrypted on the LIVE! instance. The advantages of this are that many PADs can use one set of credentials.

2. Stored on the PAD: Any credentials entered are encrypted using RSA and then stored directly on the PAD of the Administrators choice, inside the customers firewall. In this case they are never stored on the disks of the LIVE! instance. When required they are decoded and used locally by the PAD.