WebexOne (Took place on 9th and 10th December 2020) is Cisco’s first digital collaboration conference that brings together business men ,clients and partners to discuss the future of work.
Since the pandemic, Webex has not only continued to help businesses thrive, it has also been an integral platform for governments to continue to lead remotely, doctors to meet with patients safely, and educators to teach students at a distance. It’s clear that the future of work will involve a combination of remote and on-site interactions, known as hybrid-work.
The All New Webex: The all new Webex available today, provides call, meet and message in one app.
More than 50 innovations announced today fall into three areas: seamless collaboration, smart hybrid work experiences, and intelligent customer experiences
I found this very amazing video in Youtube as an introduction to Cloudlock overview
Cloudlock is a Cyber security company that was acquired by Cisco in 2016 and is a security company specialized in the Cloud .Cisco is using Cloudlock as the cloud-native CASB and Cloud Cybersecurity Platform.
Cloud access security broker (CASB) is an on-premises or a cloud-based software that sits between cloud service users and cloud applications.it is a visibility (What apps are authorized or not authorized are your users accessing) and policy control access point.
It monitors all activity and enforces security policies. A CASB can offer a variety of services, including, but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.Cisco Cloudlock secures your cloud users, data, and apps across Software-as-a-Service (SAAS), Platform-as-a-Service (PAAS), Infrastructure-as-a-Service (IAAS)
Here is a small video form Youtube about the CASB (Cloud Access Security Brokers):
Data security has been the primary focus in designing Cisco Webex Teams. End-to-end content encryption is enabled by Webex Teams clients interacting with the Key Management Service (KMS). The KMS is responsible for creating and managing the cryptographic keys that clients (Webex teams) use to dynamically encrypt and decrypt messages and files.
Hybrid Data Security moves the KMS and other security-related functions to your enterprise data center, so nobody but you holds the keys to your encrypted content.
By default, all Webex Teams customers get end-to-end encryption with dynamic keys stored in the cloud KMS, in Cisco’s security realm.
To understand Hybrid Data Security, let’s first look at this pure cloud case, where Cisco is providing all functions in its cloud realms.
The identity service in Data Center A, the only place where users can be directly correlated with their personal information such as email address, is logically and physically separate from the security realm in data center B. Both are in turn separate from the realm where encrypted content is ultimately stored, in data center C.
In this diagram, the client is the Cisco Webex Teams app running on a user’s laptop, and has authenticated with the identity service. When the user composes a message to send to a space, the following steps take place:
1-The client establishes a secure connection with the key management service (KMS), then requests a key to encrypt the message.
2-The message is encrypted before it leaves the client. The client sends it to the indexing service, which creates encrypted search indexes to aid in future searches for the content.
3-The encrypted message is sent to the compliance service for compliance checks.
4-The encrypted message is stored in the storage realm.
When you deploy Hybrid Data Security, you move the security realm functions (KMS, indexing, and compliance) to your on-premises data center. The other cloud services that make up Cisco Webex (including identity and content storage) remain in Cisco’s realms.
The architecture of Cisco Webex allows customers to either use the Cisco provided KMS in the cloud (default) or to deploy their own instance of the KMS in a customer owned datacenter (Cisco Hybrid Data Security – HDS, enhanced feature available as part of the Cisco Webex Pro Pack). By deploying a separate instance of KMS in the customer environment, the customer’s encryption keys for their Webex organization are now located and owned by the customer. This provides an additional level of security and control to the customer.
Cisco Webex Team Hybrid Data Security:
Deploy Cisco HDS Configuration Utility Configuration for the Cisco HDS nodes is deployed through a virtual ISO file mounted on each HDS node in the VMware ESXi environment. Cisco provides a configuration utility to create and update the ISO configuration image as a Docker container. The next steps show how to pull and deploy the Docker image to create the Cisco HDS ISO configuration.
To make it simple,you need the Docker in order to create the iso configuration file. and this ISO file will be mounted on the new VM to build the HDS Node (Local KMS)
1. The pre-requisite for installing the Docker package is to have a machine or VM machine with a linux distribution .Mine is a CentOS Linux 7 with 4Gig of RAM and 80 Gig Disk.and a minimum knowledge of Linux environment and Yum Tool
For those like me who are not Linux Geek,I found this definition for Yum Tool:
yum is the primary tool for getting, installing, deleting, querying, and managing Red Hat Enterprise Linux RPM software packages from official Red Hat software repositories, as well as other third-party repositories. yum is used in Red Hat Enterprise Linux versions 5 and later.
To download the iso file for CentOs 7 go to the link below:
https://www.centos.org/download/ and choose the minimal ISO :
as shown in the following Screenshot:
CentOS 7 VM build on VMware ESXi 6.5 Host:
2.Install Docker using the following command: yum -y install docker.
3.Start the Docker
daemon using the following command: systemctl start docker.
4.Enable the automatic
start of Docker on boot: systemctl enable docker.
5.Verify that Docker is installed and running: docker run hello-world.
6.This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits. You might need to scroll up again to see the following output
Cisco provides a configuration utility to create
and update the ISO configuration image as a Docker container. The next steps show how to pull and deploy the Docker image to create
the Cisco HDS ISO configuration.
