Security | Teradata VantageCore with Dell ECS Object Storage - Security - Teradata VantageCore

Teradata® VantageCore with Dell ECS Object Storage - Architectural Reference Specification
Deployment
VantageCore
Edition
VMware
Product
Teradata VantageCore
Published
January 2025
ft:locale
en-US
ft:lastEdition
2025-01-22
dita:mapPath
wma1717779208646.ditamap
dita:ditavalPath
ayr1485454803741.ditaval
dita:id
wma1717779208646
Dell ECS Object Storage is equipped with many features that enhance the security and data protection of their object storage solution. The full spectrum of security best practices and security hardening recommendations are described in the following documentation from the Dell InfoHub:
  • ECS General Best Practices
  • ECS Security Configuration Guide
Teradata strongly encourages customers to apply the recommendations outlined in these documents. They include important information about security considerations, including, but not limited to the following topics:
  • Creating/applying/leveraging signed certificates for identity management and validation
  • Ensuring all ECS/ECM management and system users use non-default credentials and strong passwords
  • Enabling LDAP/AD authentication for user roles
  • Configuring user authentication and access control
  • Enabling platform lockdown (disabling ssh)
  • Defining retention policies
  • Enabling audit events/tracking
  • Use TLS (HTTPS) for encrypted data transport
  • Enabling D@RE (data-at-rest encryption)
  • Revoking access to unused applications
  • Disabling unused ECS services
  • Granting as few permissions as possible
  • Storing any tokens and keys securely
  • Selecting a key management strategy and implementation (native key management versus external key management)
  • Enabling rotation of keys
In addition, Teradata recommends the following:
  • Configure separate VLANs for ECS cluster management traffic at a minimum, and ideally to segregate all four traffic types
  • Ensure appropriate event logging is forwarded to Security Information and Event Management (SIEM) as required by your Information Security policies and standards. Examples include failed authentication, blocked connection attempts, failed access requests, and so on.
  • Consider whether a centralized key management system (KMS) may provide improved security over native key management.
  • Review the supported versions of TLS and allowed cipher suites to ensure they are current and meet your Information Security requirements.
  • Consider using Access Control Lists and/or IP address filtering to limit access to the Dell ECS Object Storage solution.
The customer must configure the security features that are appropriate to their environment and aligned with their security requirements. These actions must be applied by the customer following the installation and deployment of the system. Customers are strongly encouraged to read the "Security" section of the ECS General Best Practices and the ECS Security Configuration Guide carefully to ensure the benefit and implications of each security recommendation are fully understood and implemented (as appropriate).