DATA CENTER A High-Performance Encryption Blade for the ...scale fabric-based data security...
Transcript of DATA CENTER A High-Performance Encryption Blade for the ...scale fabric-based data security...
HIGHLIGHTS•High-performance,scalablefabric-basedencryptionenforcesdataconfidentialityandprivacyrequirements
•Unparalleledencryptionprocessingatupto96Gbpsusingindustry-standardAES-256encryptionalgorithms
•Choiceofindustry-leadingkeymanagementsolutionsthathelpreduceoperationalcostsandsimplifymanagement
•Asingle,centralizedsecurityplatformforbothdiskandtapeSANenvironmentssupportingheterogeneousenterprisedatacenters
•FrameRedirectiontechnologyenableseasy,non-intrusivedeploymentoffabric-basedsecurityservices
•Plug-inencryptionandcompressionservicesavailabletoallhostservers,includingVirtualMachines(VMs),attachedtodatacenterfabrics
•Scalableperformancewithon-demandencryptionandcompressionprocessingpowermeetsregulatorymandatesforsecuringdata
A High-Performance Encryption Blade for the Brocade DCX Backbone FamilyManagingoperationalriskbyprotectingvaluabledigitalassetshasbecomeincreasinglycriticalintoday’senterpriseITenvironments.Inadditiontoachievingcompliancewithregulatorymandatesandmeetingindustrystandardsfordataconfidentiality,ITorganizationsmustalsoprotectagainstpotentiallitigationandliabilityfollowingareportedbreach.
Inthecontextofdatacenterfabricsecurity,BrocadeprovidesadvancedfabricservicesforStorageAreaNetworks(SANs)withtheBrocade®FS8-18EncryptionBladeforuseinBrocadeDCX®8510andBrocadeDCXBackbones.Thebladeisahigh-speed,highlyreliablehardwaredevicethatdeliversfabric-basedencryptionservicestosecuredataassetseitherselectivelyoronacomprehensivebasis.
TheBrocadeFS8-18scalesnon-disruptively,providingupto96Gbpsofencryptionprocessingpowertomeettheneedsofthemostdemandingenvironmentswithflexible,on-demandperformance.Italsoprovidescompressionservicesatspeedsupto48Gbpsfortapestoragesystems.Moreover,itistightlyintegratedwithindustry-leading,enterprise-classkeymanagementsystemsthatcanscaletosupportkeylifecycleservicesacrossdistributedenvironments.
BROCADEFS8-18ENCRYPTIONBLADE
DATA CENTER
DATASHEET
FABRIC-BASED ENCRYPTIONMostsensitivecorporatedataisstoredinthedatacenter,andthevastmajorityofdatafromcriticalapplicationsresidesinaSAN—enablingorganizationstoleveragetheexistingintelligencelayerinthestoragefabric.Thislayerprovidesacentralizedframeworkinwhichtodeploy,manage,andscalefabric-baseddatasecuritysolutions.
TheBrocadeOne™strategyhelpssimplifynetworkinginfrastructuresthroughinnovativetechnologiesandsolutions.TheBrocadeFS8-18EncryptionBladesupportsthisstrategybyallowingorganizationstosecuretheirdatatomeetregulatoryandinternalcompliancerequirements.
www.brocade.com
Figure 1. TheBrocadeFS8-18EncryptionBladeplays
avitalroleintheBrocadeOnestrategy.
pointofmanagementforbothdiskandtapestoragesecurityaswellaskeymanagement,andsupportsheterogeneousstorageenvironments.Deploymentissimpleandnon-disruptive:Organizationscanencryptdatafromanyswitchportwithoutreconfiguringthefabric.
Inaddition,organizationscanimplementprovisioningwithoutshuttingdownapplicationsorchangingtheLogicalUnitNumber(LUN)mappingandLUNmaskingconfigurationsonthetargetstoragearrays.TheBrocadeFS8-18ismanagedandconfiguredusingfamiliarBrocademanagementtools—includingBrocadeNetworkAdvisor,BrocadeDataCenterFabricManager(DCFM®),andCLImanagementtools—andiseasilyintegratedintoexistingnetworkinfrastructures.
KeyadvantagesoftheBrocadeFS8-18include:
•Theabilitytoencryptdataatwirespeed
•Centralmanagementofstorageandfabric-basedsecurityresources
•Concurrentsupportforbothdiskandtapeencryptionoperationsfromasingledevice
•Transparent,onlineencryptionof“cleartext”LUNsandrekeyingofencryptedLUNswithoutdisruption
•Datacompressionandintegrityauthenticationfortapebackupdata
•Simplified,non-disruptiveinstallationandconfiguration
HIGH-VALUE APPLICATIONS AND SOLUTION AREASTwoofthegreatestbusinessbenefitsoftheBrocadeFS8-18areincreasedproductivityandreducedriskofdataexposure.Otherkeybenefitsincludeimprovedbackupperformancewhiledeployingencryption/compressionandinvestmentprotectionforexistingresources.
TheBrocadeFS8-18isidealforapplicationssuchas:
•HighlysensitiveITapplicationswithsecuredata-at-restrequirements
•Securedatabackupsforoffsitetapestorageandlong-termarchiving
•Supportforheterogeneousdiskandtapestorageenvironmentsfromasingledevicewithcentralizedmanagement
•Decommissioningofdiskarraysthatrequirelegalvalidationoftheirrecoverabledestructionofdata(TheBrocadeFS8-18enablessecuredecommissioningofstoragedevicesbyencryptinganentireLUNandpermittingdeletionofdataencryptionkeys.)
•SecurereplicationofVirtualTapeLibrary(VTL)backupstoremotefacilities
•ScalingdatacenterencryptionservicesbyimplementinguptofourBrocadeFS8-18bladesinaBrocadeDCX8510orBrocadeDCXchassis
SAN
Client/Server
Emerging Protocols
(FCoE)
Brocade Data Center Fabric
Extended Data Center Fabric
Disaster Recovery Site
Continuous Remote
Replication
Key Management
Branch Office
Virtual and Standalone
Servers
Virtual and Standalone
Servers
Storage
Brocade FS8-18 Encryption Blade
Brocade DCX Backbone
Encryption
DirectorsSwitches
Thestoragefabricenablescentralizedmanagementtosupportnearlyeveryaspectofthedatacenter,fromserverenvironmentsandworkstationstoedgecomputingandbackupenvironments.Asaresult,itisanidealplacetostandardizeandconsolidateaholisticdata-at-restsecuritystrategy.Organizationscanalsoimplementthistypeofbest-practicemethodologyinotherpartsofthedatacenter,helpingtoprotectdatathroughouttheenterprise.
Mostcurrentindustrysolutionsincludeeitherhost-basedsoftwareencryption,device-embeddedencryption,oredgeencryption—allofwhichprovideisolatedservicestospecificapplicationsbuttypicallycannotscaleacrossextendedenterprisestorageenvironments.Incontrast,Brocadedeliversfabric-basedencryptionforbothdisk-andtape-basedstoragedevicesaspartoftheindustry-leadingBrocadeOnestrategyandinnovativeBrocadeAdaptiveNetworkingservices(seeFigure1).
Basedonindustrystandards,Brocadeencryptionfordata-at-restprovidescentralized,scalableencryptionandcompressionservicesthatseamlesslyintegrateintoexistingBrocadeFabricOS®(FOS)andBrocadeM-EnterpriseOS(M-EOS)environments1.
TheBrocadefabric-basedapproachtodataencryptionscalestomeetperformancerequirements,providesacentralized
1 Brocade M-EOS fabrics are McDATA switches and directors running McDATA Enterprise OS in McDATA Fabric mode or McDATA Open Fabric mode.
TheBrocadeFS8-18isdesignedforuseinthefollowingSANenvironments:
•Large-scaleencryptioninnewdatacenterdeployments
•Plug-instoragesecurityservicesforexistingSANfabrics
•Heterogeneousdiskandtapestorageenvironments
•StandalonedatacenterbackboneswithencryptionandcompressioninBrocadeFOSandBrocadeM-EOSfabrics
•Securefabric-basedenvironmentsthatintegratewithexistingenterprisekeymanagementsystems
•Expandingencryptionenvironmentsthatrequireprotectionforcurrentdatasecurityandkeymanagementinvestments
INVESTMENT PROTECTION AND EFFICIENCYTheBrocadeFS8-18istheindustry’smosteffectiveencryptionplatformintermsofpowerefficiencyandsystemperformance.Infact,itprovidesseveraltimestheencryptionandcompressionprocessingpowerofcompetitiveofferingswhiledeliveringasignificantadvantageinrackspaceutilization.
Tohelporganizationsprotecttheirtechnologyinvestments,theBrocadeFS8-18integratedintotheBrocadeDCXBackbonefamilychassisfeaturesforwardandbackwardcompatibilitywithBrocadeB-SeriesandM-Seriesfabrics.Byadoptinganevolutionarystrategyratherthana“rip-and-replace”approach,organizationscansavesignificanttime,money,andeffortwhileminimizingdisruptionandrisk.
Moreover,strategicrelationshipswithBrocadePartnersprovidethebroadestchoiceofintegrated,best-in-classkeymanagementandsecuritysolutions.Thisintegrationenablesorganizationstoleverageexistingkeymanagementinfrastructureinvestmentsandmaintaincurrentpolicies,procedures,andtrainingefficiencies.
BROCADE ENCRYPTION PROFESSIONAL SERVICESBrocadeProfessionalServiceshelpsorganizationsdeployandaddresstheirmanagement,encryption,andsecurityprocessesinaholisticapproachtomeetcomplianceandregulatoryrequirementsforencryptionofdata-at-rest.Auniqueend-to-endapproachconsidersthesolutiondesignfromanarchitectural,policy,andoperationalperspective.
Followingthedesignphase,Brocadeexpertswillinstallandconfigurethehardwareintoaneworexistingfabricinahighlyeffectiveandtimelymanneraccordingtobestpractices.Uponcompletionoftheengagement,organizationsreceivefulldocumentationofthesolution.ThistransferofinformationeducatesITstaffsotheycanbetterunderstandandassumeresponsibilityforthesolution.
BROCADE GLOBAL SERVICES BrocadeGlobalServiceshastheexpertisetohelporganizationsbuildscalable,efficientcloudinfrastructures.Leveraging15yearsofexpertiseinstorage,networking,andvirtualization,BrocadeGlobalServicesdeliversworld-classprofessionalservices,technicalsupport,networkmonitoringservices,andeducation,enablingorganizationstomaximizetheirBrocadeinvestments,acceleratenewtechnologydeployments,andoptimizetheperformanceofnetworkinginfrastructures.
MAXIMIZING INVESTMENTSTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeprofessionalservices,technicalsupport,andeducation.Formoreinformation,contactaBrocadesalespartnerorvisitwww.brocade.com.
Systems ArchitectureFibreChannelports 16ports,universal(F/FL/E/EX/M)Ethernetports Tworedundant1000BaseTEthernetportsfor
clusteringandI/Osynchronizationduringrekeyingoperation
Smartcards Masterkeyrecovery,quorumauthorization,andsystemrecoveryoperations
Compressionfortape Hardware-baseddatacompressionpriortoencryption
Compatibility IEEE1619standard-basedmode(diskandtape)
DataFort-compatiblemode(diskandtape)Datarekeying Onlineorofflineconversionofdatafromcleartextto
ciphertext;manualorautomatedrekeyingsessionsCryptoscalability Upto256targetdevicesandinitiatorsper
encryptionengineCryptoengine Maximum96Gbpshardwareprocessingfordisk*
Maximum48Gbpshardwareprocessingfortapewithcompression*
FibreChannelperformance
1.063Gbpslinespeed,fullduplex;2.125Gbpslinespeed,fullduplex;4.25Gbpslinespeed,fullduplex;8.5Gbpslinespeed,fullduplex;auto-sensingof1,2,4,and8Gbpsportspeeds;optionallyprogrammabletofixedportspeed;speedmatchingbetween1,2,4,and8Gbpsports
Systemscalability UptofourBrocadeFS8-18bladesperBrocadeDCXBackbonefamilychassis
ISLTrunking Frame-basedtrunkingwithuptoeight8GbpsportsperISLtrunk;upto64GbpsthroughputperISLtrunk
Maximumframesize 2112-bytepayloadforFibreChannel
Classesofservice Class2(unencryptedtraffic),Class3(encryptedandunencrypted),andClassF(inter-switchframes)
Datatraffictypes Fabricswitchessupportingunicast,multicast(255groups),andbroadcast
BROCADE FS8-18 ENCRYPTION BLADE SPECIFICATIONS
DATASHEET
©2012BrocadeCommunicationsSystems,Inc.AllRightsReserved.03/12GA-DS-1222-05
Brocade,BrocadeAssurance,theB-wingsymbol,DCX,FabricOS,MLX,SANHealth,VCS,andVDXareregisteredtrademarks,andAnyIO,BrocadeOne,CloudPlex,EffortlessNetworking,ICX,NETHealth,OpenScript,andTheEffortlessNetworkaretrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Otherbrands,products,orservicenamesmentionedmaybetrademarksoftheirrespectiveowners.
Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.
Corporate Headquarters SanJose,CAUSAT:[email protected]
European Headquarters Geneva,SwitzerlandT:[email protected]
Asia Pacific Headquarters SingaporeT:[email protected]
Mediatypes 8Gbps:UtilizesBrocadehot-pluggableSFP+,LCconnector;Short-WavelengthLaser(SWL);distancedependsonfiber-opticcableandportspeed
Fabricservices SimpleNameServer(SNS),RegisteredStateChangeNotification(RSCN),NTPv3,ReliableCommitService(RCS),DynamicPathSelection(DPS),BrocadeAdvancedZoning(defaultzoning,port/WWNzoning,broadcastzoning),N_PortIDVirtualization(NPIV),FDMI,ManagementServer,FSPF,EnhancedGroupManagement,IPFC,FrameRedirection,PortFencing,BBcreditrecovery
Optionalfabricservices:BrocadeFabricWatch,ExtendedFabrics,ISLTrunking,AdvancedPerformanceMonitoring,AdaptiveNetworking(per-dataflowQoS,IngressRateLimiting,TrafficIsolation,FabricDynamicsProfiling,andIntegratedRouting)
FIPScertification FIPS140-2Level-3ValidatedCryptographicModule
ManagementAdministratorroles Administrator,fabricadministrator,security
administrator,recoveryofficerKeymanagement NetAppLifetimeKeyManager(LKM)4.0;SafeNet
KeySecurek460;RSAKeyManager(RKM)Appliance;HPSecureKeyManager(SKM)/EnterpriseSecureKeyManager(ESKM);ThalesEncryptionManagerforStorage(TEMS);IBMTivoliKeyLifecycleManager(TKLM)
MechanicalsSize Width:3.60cm(1.41in)
Height:41.11cm(16.19in)
Depth:27.98cm(11.02in)
OccupiesoneslotinaBrocadeDCXBackbonechassisSystemweight 5.5kg(12.0lb)withoutSFPs
EnvironmentalsTemperature Operating:0°Cto40°C(32°Fto104°F)
Non-operating:–25°Cto70°C(–13°Fto158°F)Altitude Operating:Upto3000meters(9842feet)
Storage:Upto12kilometers(39,370feet)Shock Operating:20g,6mshalf-sine
Non-operating:33g11mshalf-sine,3/egAxis
PowerACinputrange 40to50VACMaximumpower 235watts
ConfigurationsBasecryptomodel BrocadeFS8-18EncryptionBlade:16Fibre
Channelports,48Gbps*maximumencryptionprocessing
Cryptoengineperformanceupgrade
96Gbps*maximumdiskencryptionprocessingupgradeforallBrocadeFS8-18EncryptionBladesinaBrocadeDCXBackbonefamilychassis
BROCADE FS8-18 ENCRYPTION BLADE SPECIFICATIONS (CONTINUED)
ForinformationaboutsupportedSANstandards,visitwww.brocade.com/sanstandards.Forinformationaboutswitchanddeviceinteroperability,visitwww.brocade.com/interoperability.Forinformationabouthardwareregulatorycompliance,visitwww.brocade.com/regulatorycompliance.
* Actualencryptionperformancelevelsvarybaseduponuserconfigurationandenvironment.
www.brocade.com