Cyber Essentials Plus Legacy Container: 4 Weeks POC

Bytes Software Services

Bytes/Droplet Nevertrust containers completely isolate your legacy servers or applications inside a block all security layer

Install your applications or run existing non-compliant servers using Bytes/Droplet converter to isolate and protect vulnerable 16,32- or 64-bit applications and servers to achieve Cyber Essentials Plus or NIST compliance standards. This will allow you to adopt Microsoft Azure at a faster pace with fewer complications. Bytes/Droplet has installations in large corporate, military and public sector organizations who have successfully deployed Droplet in Microsoft Azure native or AVD that has passed audit and pen tests for CE plus and NIST.

Week 1 Pre-Req POC Checklist:

  1. Discover how much disk space your source system is currently consuming (OVA/WHPX: 18GB, 88GB, ?)
  2. Management Workstation built with access to current Hypervisor
  3. WinSCP installed to Management Workstation (available on the liftandshift.iso)
  4. PuTTy installed to Management Workstation (available on the liftandshift.iso)
  5. Exported OVA file present on the Management Workstation
  6. Three Networks established – Management, Container and Client associated with 3 different VLANs NOTE: You can use existing VLANS/Portgroups – but you maybe challenged by your infrastructure/security/network team. A stand-alone host with no existing VMs with full root access is perhaps the best way to avoid making too many change management request during the POC – but the networks are still a requirement. Beware that apps both on the server and client may need to speak to Active Directory and/or network shares. Please thinking about those dependencies. The client network needs to be accessible to end-users. The Server container network can be made routable – but ideally if I can run independent from any AD domain this allows for great isolation. Alternatively, configure a single read-only AD/DNS with access to the Container Network to allow authentication to continue.
  7. Four IP Addresses – Management (1), Container (1), Client (2)
  8. If VMware vSphere Security Policies on Container and Client Portgroups set to ACCEPT:ACCEPT:ACCEPT
  9. Droplet_Windows Client, Droplet Client Image Downloaded Note: Make sure you have your client-side software available ready to install to the client container
  11. DropletServerAppliance.OVA Downloaded
  12. YOUR Signature:

Week 2 Convert existing VM into Droplet format via management workstation.

Week 3 End user testing and optional PEN testing.

Week 4 Refine solution based on ULA feedback