Creates a Secure ‘Panic Room’ Inside Every Server

Anchored by the Nebulon SPU, it contains all NVMe, SAS and SATA SSDs, boot and data volumes, and infrastructure services in each application server to securely isolate the infrastructure services from the server operating system and application attack surface.

Nebulon Secure Enclave

Data & OS Protection From Ransomware

Continued Operation During 
OS Fault/Maintenance

Secure Out of Band Cloud Management

How it Works

Application Server

Application Services Domain


Hypervisor, VMs


Cluster Software

Config Tools

Secure Isolation: “Secure Enclave”

Infrastructure Service Domain

Server Management

Network Services

Storage Services

Cyber Services

See the Nebulon Secure Enclave in Action

Data & OS Protection From Ransomware

As data is written to the Secure Enclave, changes in entropy are tracked and analyzed, flagging any suspicious changes. In the event of a ransomware attack, all servers in an nPod can be restored to a prior version of their operating system and application data in just minutes. The Secure Enclave protects the recovery utilities and all point-in-time copies of the operating system and data volumes necessary for recovery. Recovery is done with a simple push-button operation, reverting all volumes, boot volume and data volumes a previous point in time.

Continued Operation During OS Fault/Maintenance

The SPU creates two separate operating domains: one for the application server and one for infrastructure services–the Secure Enclave. As long as the server has power, the Secure Enclave resources are available to the servers in the cluster.

The host operating system can be rebooted or crash without affecting availability, performance, or data redundancy. This means maintenance complexity is substantially reduced as data does not require special care prior to OS reboot. In addition some servers power down during a reboot–the Secure Enclave is protected from such brown-out scenarios by a battery on the SPU.

Secure Out-of-Band Cloud Management

Only authorized infrastructure users can gain access to the infrastructure domain, reducing the risk that an application user may intentionally or unintentionally bring harm to the environment.

Beyond that, all in-band management access to the system is disabled, preventing bad actors from infiltrating the Nebulon Secure Enclave through that means. All management is out-of-band and subject to a zero-trust authentication model and Nebulon’s patented security triangle (see Nebulon ON page to learn more).

Nebulon Secure Enclave 
in detail

How does Nebulon Secure Enclave fit into smartInfrastrucure?

Transform industry standard servers to efficient, cyber-resilient 
application Infrastructure.

Feature Resources

Read up, chat up, and stay up (-to-date), on everything smartInfrastructure