We do not sell or rent personal information. phData infrastructure has security measures in place to help protect against the loss, misuse, or alteration of information under our control. These measures include encryption of data using the Secure Socket Layer (SSL) system and encryption at rest.
Introduction
phData requires secure network access to customer’s Hadoop infrastructure. phData has three approaches which satisfy this requirement.
The least scalable and most expensive solution is the customer laptop.
phData Cleanroom
phData requires the setup of a cleanroom specific to the customer’s environment. The cleanroom is a secure, scalable and trusted access service for phData operations staff to customer Hadoop resources. Cleanrooms are not shared across customers. phData will work with the customer network operations team to setup up the required secure connectivity. phData will publish the location of audit and session data of all operations activity for both security and training.
VPN Connectivity
phData cleanroom setup requires establishing a site-to-site IPSEC VPN between the customer’s network and phData cleanroom. phData follows industry standard RFC’s for IKE and IPSEC encryption and can accommodate multiple different settings for each based on customer security requirements. Below are the required details from the customer’s network operations team.
Network Detail and Example
Firewall rules necessary to allow IPSEC connection:
Inbound rules (Internet in)
phData Gateway to Customer Gateway – ESP, UDP 500
Outbound rules (To Internet)
Customer Gateway to phData Gateway – ESP, UDP 500
* If using NAT transversal, then UDP 4500 must be allowed.
With the above details, phData will setup a VPN connection and present the customer’s network operations with configuration details for finishing the VPN setup. In addition, the cleanroom network defined above will need the following ports and network ACLs established.
Network Requirement
Cleanroom network needs routes and access to the Hadoop and Active Directory hosts.
Cleanroom needs the following ports open: 22, 80, 443, and all ports listed here.
Security Details
phData cleanroom strives for the highest standards of security and adheres to the following security practices:
Customer Client VPN
Customer provides client VPN software and credentials that can be installed on a local Virtual Machine (VM) for each named customer contact. phData’s employee laptops will serve as the VM host and have the following properties:
Customer Laptop
Customer provides a laptop to access the customer network with client VPN access. This approach is the least scalable and has an additional fee.
Subscribe to our newsletter
Data Coach is our premium analytics training program with one-on-one coaching from renowned experts.