As announced on September 16th, today Microsoft made available the second package of updates to Cloud Platform System (CPS). CPS Update 2 helps make it easier and less costly to secure, back up, and recover your cloud infrastructure and your tenant and customer data, and track and demonstrate your compliance with FedRAMP requirements.
- BitLocker Drive Encryption – Help secure your enterprise and customer data by deploying BitLocker Drive Encryption to CPS resources.
- FedRAMP templates – Use templates to help you secure FedRAMP authorization and track your levels of compliance.
- Disaster recovery to Azure Public Cloud – Lower costs and gain peace of mind by using the Microsoft Azure public cloud as your recovery site.
- Off-stamp backup and easier long-term backup – Deploy offsite Data Protection Manager (DPM) servers, and use secondary DPM servers for tenant backup, reducing steps for long-term backup.
Here’s more detail about what CPS Update 2 offers:
Disaster Recovery to Azure Public Cloud
Before Update 2, offering disaster recovery to tenants required a minimum of two CPS stamps, which increases costs. Starting with CPS 1.0 Update 2, you can use Microsoft Azure as the recovery site. If a disaster affects the primary CPS stamp, you can temporarily move workloads to Azure with a simple click. This lets you avoid the expense of purchasing and managing a second CPS stamp for recovery. This requires fewer configuration steps for CPS administrators who create and publish Azure Pack plans that include disaster recovery.
CPS has been evaluated for compliance with the most current FedRAMP baseline. You can now use a precompiled System Security Plan (SSP) template and a Customer Responsibility Matrix (CRM) when you’re seeking FedRAMP certification. The SSP and CRM help streamline parts of the FedRAMP authorization process, providing you with an easy way to understand your compliance levels when you are deploying services to internal or tenant users that require FedRAMP compliance. The SSP and CRM can increase your confidence that with CPS, your IT infrastructure can be FedRAMP certified with a significant reduction in time, cost, and resources required by the process.
BitLocker Drive Encryption
Customers seeking stronger security for their data at rest are now able to encrypt management, tenant, and backup data in CPS by configuring BitLocker Drive Encryption. For more information, see Enable BitLocker in CPS.
Before Update 2, CPS backup let customers back up tenant VMs to disk and retain them for a week, which gives them time to do operational recovery. But this couldn’t provide backup for scenarios such as offsite backup or long-term retention. As part of CPS Update 2, you can now deploy Data Protection Manager (DPM) servers either on or off site, outside of CPS. You can back up tenant VMs to secondary DPM servers, which give you the option of having an offsite, backed-up copy on disk, and/or tape backup for long-term retention. Off-stamp backup lets you more easily meet tenant backup requirements, such as offsite backup copies, or long-term retention for their VMs.
Update 2 also includes more than 40 firmware, driver, and tool updates, along with the latest updates for System Center 2012 R2, Windows Server 2012 R2, and Windows Azure Pack. You can find the full list in this KnowledgeBase article: https://support.microsoft.com/en-us/kb/3073826.