COMPUTING > Cloud Servers > Use and technology > Certificates in use on Cloud Panels

1.1.4 Certificates in use on Cloud Panels

In a Cloud service, data flows from/to systems and servers exposed to the Internet, are protected using a TLS secure channel on a suitably configured server, thereby guaranteeing:
  • server authentication (with a 2048 bit RSA key);
  • session encryption with a symmetric encryption algorithm considered to be sufficiently secure on that date, and with a minimum 128 bit (where possible, 256 bit) session key.
This applies both to interactive originating flows (web browsing) and automatically generated flows (for example, Web Services). AES is primarily used as the symmetric encryption algorithm and the latest TLS version is always used.

Sensitive data at rest (not in transit) are generally protected by symmetric encryption, using an adequately secure algorithm (e.g. AES, 3DES), with a 256 bit key. To protect login credentials, passwords are irreversibly hashed (data fingerprint or digest), using the SHA-512 hashing algorithm and memorized inside the repository.

The Aruba Cloud Backup service provides the option of encrypting backed up data before it is transferred using a complex password (AES-256 standard).

Certificates used in Control Panels

The table below lists the certificates used in Control Panels, organized by type of service.
 
COMPUTING Certificate issued to Signature hash algorithm Public key
Public Computing admin.dc1.computing.cloud.it sha256 RSA (2048 bit)
  admin.dc2.computing.cloud.it sha256 RSA (2048 bit)
  admin.dc3.computing.cloud.it sha256 RSA (2048 bit)
  admin.dc4.computing.cloud.it sha256 RSA (2048 bit)
  admin.dc5.computing.cloud.it sha256 RSA (2048 bit)
  admin.dc6.computing.cloud.it sha256 RSA (2048 bit)
  admin.dc7.computing.cloud.it sha256 RSA (2048 bit)
  admin.dc8.computing.cloud.it sha256 RSA (2048 bit)
Public VPN vpn-dc1.computing.cloud.it sha256 RSA (2048 bit)
  vpn-dc2.computing.cloud.it sha256 RSA (2048 bit)
  vpn-dc3.computing.cloud.it sha256 RSA (2048 bit)
  vpn-dc4.computing.cloud.it sha256 RSA (2048 bit)
  vpn-dc5.computing.cloud.it sha256 RSA (2048 bit)
  vpn-dc6.computing.cloud.it sha256 RSA (2048 bit)
  vpn-dc7.computing.cloud.it sha256 RSA (2048 bit)
  vpn-dc8.computing.cloud.it sha256 RSA (2048 bit)
Recovery Console console01.dc1.computing.cloud.it sha256 RSA (2048 bit)
  console02.dc1.computing.cloud.it sha256 RSA (2048 bit)
  console01.dc2.computing.cloud.it sha256 RSA (2048 bit)
  console01.dc3.computing.cloud.it sha256 RSA (2048 bit)
  console01.dc4.computing.cloud.it sha256 RSA (2048 bit)
  console01.dc5.computing.cloud.it sha256 RSA (2048 bit)
  console01.dc6.computing.cloud.it sha256 RSA (2048 bit)
  console01.dc7.computing.cloud.it sha256 RSA (2048 bit)
  console01.dc8.computing.cloud.it sha256 RSA (2048 bit)
FTP ftp1.dc1.computing.cloud.it sha256 RSA (2048 bit)
  ftp1.dc2.computing.cloud.it sha256 RSA (2048 bit)
  ftp1.dc3.computing.cloud.it sha256 RSA (2048 bit)
  ftp1.dc4.computing.cloud.it sha256 RSA (2048 bit)
  ftp1.dc5.computing.cloud.it sha256 RSA (2048 bit)
  ftp1.dc6.computing.cloud.it sha256 RSA (2048 bit)
  ftp1.dc7.computing.cloud.it sha256 RSA (2048 bit)
  ftp1.dc8.computing.cloud.it sha256 RSA (2048 bit)
  ftp2.dc1.computing.cloud.it sha256 RSA (2048 bit)
  ftp3.dc1.computing.cloud.it sha256 RSA (2048 bit)
SERVICES Certificate issued to Signature hash algorithm Public key
Services admin.services.cloud.it sha256 RSA (2048 bit)
PRIVATE Certificate issued to Signature hash algorithm Public key
Private admin01.dc1.private.cloud.it sha256 RSA (2048 bit)
  admin02.dc1.private.cloud.it sha256 RSA (2048 bit)
  admin03.dc1.private.cloud.it sha256 RSA (2048 bit)
  admin04.dc1.private.cloud.it sha256 RSA (2048 bit)
  admin05.dc1.private.cloud.it sha256 RSA (2048 bit)
  admin01.dc2.private.cloud.it sha256 RSA (2048 bit)
  admin01.dc7.private.cloud.it sha256 RSA (2048 bit)
Private Stats stats01.dc1.private.cloud.it sha256 RSA (2048 bit)
  stats02.dc1.private.cloud.it sha256 RSA (2048 bit)
  stats03.dc1.private.cloud.it sha256 RSA (2048 bit)
  stats04.dc1.private.cloud.it sha256 RSA (2048 bit)
  stats05.dc1.private.cloud.it sha256 RSA (2048 bit)
Private Gate service gate01.dc1.private.cloud.it sha256 RSA (2048 bit)
  gate02.dc1.private.cloud.it sha256 RSA (2048 bit)
  gate03.dc1.private.cloud.it sha256 RSA (2048 bit)
  gate04.dc1.private.cloud.it sha256 RSA (2048 bit)
  gate05.dc1.private.cloud.it sha256 RSA (2048 bit)
Private vSphere console01.dc1.private.cloud.it sha256 RSA (2048 bit)
  console02.dc1.private.cloud.it sha256 RSA (2048 bit)
  console03.dc1.private.cloud.it sha256 RSA (2048 bit)
  console04.dc1.private.cloud.it sha256 RSA (2048 bit)
  console05.dc1.private.cloud.it sha256 RSA (2048 bit)
  console01.dc2.private.cloud.it sha256 RSA (2048 bit)
  console01.dc7.private.cloud.it sha256 RSA (2048 bit)
Disaster Recovery admin.r1-it.dr.cloud.it sha256 RSA (2048 bit)
  admin02.r1-it.dr.cloud.it sha256 RSA (2048 bit)
  admin03.r1-it.dr.cloud.it sha256 RSA (2048 bit)
  admin04.r1-it.dr.cloud.it sha256 RSA (2048 bit)
  admin05n01.r1-it.dr.cloud.it sha256 RSA (2048 bit)
  admin05n02.r1-it.dr.cloud.it sha256 RSA (2048 bit)
  admin01.r2-it.dr.cloud.it sha256 RSA (2048 bit)
  admin01.r1-it3.dr.cloud.it sha256 RSA (2048 bit)
BACKUP Certificate issued to Signature hash algorithm Public key
Backup admin.r1-it1.backup.cloud.it sha256 RSA (2048 bit)
  admin.r1-it2.backup.cloud.it sha256 RSA (2048 bit)
  admin.r1-cz.backup.cloud.it sha256 RSA (2048 bit)
  admin.r1-fr.backup.cloud.it sha256 RSA (2048 bit)
  admin.r1-de.backup.cloud.it sha256 RSA (2048 bit)
  admin.r1-uk.backup.cloud.it sha256 RSA (2048 bit)
  admin.r1-pl.backup.cloud.it sha256 RSA (2048 bit)
Bare Metal Backup admin01.dc1.baas.cloud.it sha256 RSA (2048 bit)
  admin02.dc1.baas.cloud.it sha256 RSA (2048 bit)
  admin03.dc1.baas.cloud.it sha256 RSA (2048 bit)
  admin04.dc1.baas.cloud.it sha256 RSA (2048 bit)
  admin05.dc1.baas.cloud.it sha256 RSA (2048 bit)
  admin01.dc7.baas.cloud.it sha256 RSA (2048 bit)
OBJECT STORAGE Certificate issued to Signature hash algorithm Public key
Object Storage r1-it.storage.cloud.it sha256 RSA (2048 bit)
PARTNER Certificate issued to Signature hash algorithm Public key
Partner admin.partner.cloud.it sha256 RSA (2048 bit)

Protocols used on public network

Details of the protocols used on public network are outlined below.
 
VPS/PRO COMPUTING
Configuration of Cloud VPS and PRO is performed from the Cloud Control Panel, which uses the HTTPS protocol. VMs are delivered to the Customer on a public network and accessible exclusively using RSA 2048 bit encrypted SSH protocol (for Linux machines) and Secure Remote Desktop Protocol (SSL). The direct control panel of the machine (KVM) is managed via HTTPS protocol.
PRIVATE
Configuration of Private Cloud is performed from the vCloud Director Control Panel which uses the HTTPS protocol. VMs are delivered to the Customer on a private network with its own virtual dedicated firewall (NSX Edge) which uncouples the machine from the public network. VMs provided by Aruba can only be accessed via RSA 2048 bit encrypted SSH protocol (for Linux machines) and Secure Remote Desktop Protocol (SSL). The direct control panel of the machine (KVM) is managed via HTTPS protocol.
DRaaS (Disaster Recovery as a Service)
When the Customer’s offices and Aruba offices are interconnected, the public transport component is guaranteed by an IPSEC VPN with AES encryption (agreed with the customer) that encapsulates all necessary traffic between them and ensures security. Even in the case of interconnection between Aruba Data Centers, the public transport component is guaranteed by a similar AES encrypted IPSEC VPN dedicated to the service.
BACKUP
Cloud Backup
Jobs produced are encrypted at source and transmitted with AES protocol using a password known only by the Customer. The HTTPS protocol is used for configuration performed from the Control Panel.
Bare Metal Backup
The service configuration panel is provided on the HTTPS protocol. All data within it travel on a segregated, internal private network on the Aruba Cloud.
OBJECT STORAGE
Cloud Object Storage
The profile and storage plan configuration is performed using the Control Panel using the HTTPS protocol. For the S3 protocol, the customer can choose, according to its features, to use the HTTPS protocol.
MONITORING
Cloud Monitoring
The Control Panel for configuring the monitoring system uses the HTTPS protocol. Checks use the protocols selected by the customer and based on the application features that the customer has chosen.
DOMAIN CENTER
Cloud Domains
Configuration of domains and DNS is performed using the Cloud Control Panel which uses the HTTPS protocol. The service provides the DNS protocol (which is not encrypted by design).
DBAAS
Cloud DBaaS
Configuration of Cloud DBaaS is performed using the Cloud Control Panel which uses the HTTPS protocol.


 
 
Not found the answers you are looking for?
GET SUPPORT
 
Not a customer? Get the voucher code and take a test drive.
TRY IT FOR FREE