Dell PowerFlex Appliance with PowerFlex 4.x Architecture Overview

Asset management

• PowerFlex Manager simplifies asset discovery and system resources inventory management
• Resource deployment services template and resource tagging allow you to efficiently deploy a complex environment with consistency

Identity authentication and authorization

PowerFlex appliance architecture offers built-in security controls to meet authentication and authorization needs. Some of the key security controls are:

• LDAP/Active Directory integration
• Role-based access control (RBAC)
• RSA SecurID MFA option (using key cloak)

Data confidentiality

Confidentiality is one of the key pillars of the security triad (CIA). PowerFlex appliance offers both software and hardware based FIPS 140-2 compliant data at rest encryption. For hardware-based D@RE, you can choose self encrypting drives (SED)s that meet your business needs and use integrated CloudLink for key management. The integrated CloudLink can also be used to provide software-based encryption for PowerFlex storage data servers (SDS) that is transparent to the features and operation of the PowerFlex solution. CloudLink uses dm-crypt, a native Linux encryption package, to secure SDS devices. A proven high-performance volume encryption solution, dm-crypt is widely implemented for Linux machines.

CloudLink encrypts the storage data server devices with unique keys that are controlled by enterprise security administrators. CloudLink Center provides centralized, policy-based management for these keys, enabling single-screen security monitoring and management across one or more PowerFlex deployments.

System trust

PowerFlex appliance is built with Dell PowerEdge servers that are called PowerFlex nodes. PowerFlex nodes inherit all the cutting-edge cyber-resiliency and security features such as:

• An immutable silicon-based root of trust to securely boot iDRAC, BIOS and firmware
• Virtual lock for preventing server configuration/firmware changes and drift detection
• Rapid recovery to a trusted image when authentication fails
• Rollback to known good firmware version if firmware is compromised
• Secure system erase internal server storage devices including HDD, SSD, and NVMe drives​
• Industry leading secure supply chain
• PowerFlex software integrity check

Network security

PowerFlex appliance not only offers built-in access/aggregation or leaf-spine network topology but also incorporates many advanced security features that are available with Cisco and Dell network switches. These security features help you protect your network against data loss or compromise resulting from intentional attacks and from unintended but damaging actions made by well-meaning network users. Some of the key security features include:

• Network segmentation with, ACL, firewall, and VLAN
• TACACS+ security protocols support
• LDAP authentication and authorization support
• Role-based access control (RBAC) to control and limit access to operations on the Cisco NX-OS device
• Authentication, authorization, and accounting (AAA) an architectural framework support
• Access control list (ACL) support. IP ACLs, MAC ACL and VACL are available options to filter traffic based on IPv4 addresses, MAC address in the packet header, and VLAN routing.
• Simple Certificate Enrollment Protocol (SCEP) support
• Dynamic ARP inspection, DHCP snooping, key chain management, and control plane policing can used to further harden the security.

Auditing and accountability

Audit and accountability's primary objectives are to maintain a record of system activities, and provide the ability to establish individual accountability, detect system anomalies, reconstruct system events using audit logs and records. PowerFlex appliance creates and retains system audit logs, event logs and alert records to that can be used for monitoring, trend and behavior analysis, incident investigation, and reporting of unlawful or unauthorized system activities.