Monday, October 24, 2011

Data at Rest Encryption - Storage Arrays


Three methods:-

  1. Hardware (Back-end) encryption on all types of disks – HDS VSP (and HP P9500) and EMC VMAX can only do this today.

  2. Fabric based data encryption – Brocade Encryption Switch (or DCX encryption blade) with external key management (Thales Key Manager, Tivoli KeyLifecycle Manager, HP Secure Key Manager, RSA) or Cisco MDS 9000 Storage Media Encryption solution.

  3. Self-Encrypted drives (SED) – Encryption in-built drives from Seagate, Hitachi... (IBM DS, NetApp FAS, EMC VNX, HDS AMS, …, SEDs are popular in midrange models)

Interesting to note, Only HDS VSP (and HP P9500) and EMC VMAX can do Encryption on all the supported disk drives in the array (not limited to a drive type or model).

3PAR (P10000), I could not find any public document on Encryption in the array or support for SED drives.

DS8800 red book specifies the drive types supported for encryption and key management and applicable limitations of using encryption on drives.

FAS6200, I could not find any public document on Encryption in the array (ONTAP) or support for SED drives. But I have seen NetApp has claimed/quoted SED drives for FAS6200. Other FAS models support SED, Fair assumption FAS6200 supports SEDs.

No comments:

Post a Comment