The following security considerations apply to Google Compute Engine Disaster Recovery by JetStream:

    • All data and management communications remain entirely within the user GCP infrastructure, except for metering information sent to the GCP Marketplace.
    • Web UI access to AROVA is restricted to port 443 through the IAP framework. By default, all AROVA appliances are configured to access a dedicated network without access to production VMs.
    • Access to the Administrator web interface is restricted through granting users access to AROVA ports through IAP.
      (https://cloud.google.com/iap/docs/using-tcp-forwarding#tunneling_other_tcp_connections)
    • AROVA appliances gain elevated privileges through the service account they are configured with.
      (see Appendix A for the list of permissions).
    • The service account is granted limited permission Role access to the projects where protected VMs reside.
    • AROVA ACD only stores metadata about the VMs and does not contain any sensitive user data.
    • The ARO Marketplace server does not access the user infrastructure and only receives and saves usage reports from AROVA appliances.