Security in Cloud

Cloud4com ensures safe operation of your applications
in a virtual private data center.

Main pillars of security in Cloud


Security of Cloud Platform / Intel TXT

Thanks to Intel TXT is Cloud4com able to guarantee to our customers that their servers are operated on a secure computing platform that was not compromised or attacked.

When booting the server, Intel TXT checks the critical components of the computer system - BIOS, system firmware, the hypervisor of virtualization system and its components are contolled. Intel TXT creates unique cryptographic hash for each component, which is then compared with the values ​​stored at so called while-list of verified values ​​of attestation services. Intel TXT enables the start of the server and of the operating system only if all the values ​​correspond to those trusted values.

With this technology, it is possible to create the so-called „Trusted pool“ of reliable servers. Cloud4com also integrated Intel TXT with its own software Virtix, through which the customers manage their virtual data centers. For each virtual server, the customer can access information on whether the server is operated by a group of trusted servers.


Data encryption

Another security technology, offered in the Cloud of Cloud4com, is data and virtual servers encryption. During encryption of virtual servers the entire virtual server and all of its data is encrypted by using the ProtectV technology from Gemalto.. It offers the highest level of protection of sensitive data and information.

As with any encryption, the most important thing is where the encryption keys – the cryptographic material - are stored themselves, and who has access to them and can manage them. In the solution from Cloud4com can be the so called Key Management Server, which is a specialized appliance, where the keys are stored, located at the customer's site or at its own data center. So this device is lacated separately from other systems operating in the Cloud, plus only the customer has the access. This solution guarantees full control of cryptographic material by the customer. The Cloud provider can never read the data of the server, because he does not have access to its cryptographic keys.


Physical security of the data center

All technologies are safely located in data centers corresponding to the level Tier 3 . The data center perimeter is guarded by photocells and constantly monitored by security guards. Entry into the data center is allowed only to authorized persons who must be authorized every time they enter. Entry into the individual DC rooms is possible only with an electronic chip. Data center space is constantly monitored by cameras and the recorded images are stored for 30 days.

Fire safety is ensured in every DC room by electronic fire alarm system - smoke detectors are distributed in the entire space and also under the raised floor, each room has a switchboard connected to central monitoring, which operates in 24x7x365 mode. In case of fire detection, the fire suppression system with FM200 gas is automatically activated.


Network Security

Network security in Cloud4com’s cloud is assured by a multitenant architecture and controlled access from the Internet. Each customer´s environment - vPDC - contains its own VLAN, which has a network with private addressing. Internet access and inter-VLAN routing is enabled by virtual router and NAT. Trough the portal Vitrix, the customer can connect each vServer to different VLAN and set DNAT rules on public IP addresses and individual services - direct Internet traffic to vServer. This solution provides a fundamental level of network security, because only specifically authorized services are available from the Internet, thus significantly reducing the area of ​​vulnerability. For remote access of administrators to vServers we recommend using encrypted OpenVPN communication terminated at vRouter, and open only public services from the Internet.

Each vRouter is its own virtual server, not just VRF on shared device. In combination with traffic separation at the VLAN level, this solution enables the operation of strictly isolated environments on a shared infrastructure. Because every environment has its own vRouter, it is possible to customize the configuration to specific customer requirements and also prevent one customer influencing others. vRouter provides stateful firewall, DNAT, SNAT and OpenVPN Server. Furthermore, the vRouter is typically used for encrypted IPsec Site-to-Site VPN, VLAN ACLs, 1: 1 NAT, and GRE tunnels. More comprehensive solutions include dynamic routing such as BGP or OSPF.


Access permissions

Separation of roles and privileges is one of the basic conditions for ensuring safe operation of the system - thanks to the features of Virtix applications, we are able to offer it to our customers.

Virtix is ​​an application through which customers manage their virtual data centers in the cloud of Cloud4com. It allows them to set specific permissions for individual users that define what actions the user can perform. The second level of restriction is the definition of a device or group of devices to which these permissions are linked.

An example might be a server administrator who has permissions to manage only one or a limited group of servers. He can configure server discs, backup, or modify server configuration (memory size and the number of vCPU). A server operator with a limited set of rights is only allowed to restart the server or access to the KVM interface. A completely different group of users may manage the network, storage system, etc.

white papers & case studies

Important links Documents to download
  • Gemalto Case Study
  • Intel Case Study
  • Intel Case Study 2
  • Activating Intel® TXT
  • Trusted Compute Pools with Intel® TXT
  • One-Stop Intel TXT Activation Guide
  • Dupont Private Cloud Study
  • Intel Trusted Execution Technology
  • Intel Case Study UOL
Please enter the email address for the download and you will recieve a link


Call us

+420 734 649 949

Visit us

U Uranie 18/954, 170 00 Praha 7, Czech Republic

Send us e-mail

open the map
close the map

Contact form

All the fields are required