Post on 18-Oct-2021
HigHligHts•High-performance,scalablefabric-basedencryptiontoenforcedataconfidentialityandprivacyrequirements
•Unparalleledencryptionprocessingatupto96Gbit/sectosupportheterogeneousenterprisedatacenters
•Choiceofintegrationwithindustry-leadingkeymanagementsolutions,reducingoperationalcostsandsimplifyingdeploymentandmanagement
•Industry-standardAES-256encryptionalgorithmsforbothdiskandtapeinacentralizedsecurityplatformforSANenvironments
•FrameRedirectiontechnologythatenableseasy,non-intrusivedeploymentoffabric-basedsecurityservices
•Plug-inencryptionservicesavailabletoallheterogeneousservers,includingvirtualmachines,indatacenterfabrics
•Scalableperformancewithon-demandencryptionandcompressionprocessingpowertomeetregulatorymandatesforprotectingdata
High-Performance Encryption for Data-at-Rest
Managingoperationalriskbyprotectingvaluabledigitalassetshasbecomeincreasinglycriticalintoday’senterpriseITenvironments.Inadditiontoachievingcompliancewithregulatorymandatesandmeetingindustrystandardsfordataconfidentiality,ITorganizationsmustalsoprotectagainstpotentiallitigationandliabilityfollowingareportedbreach.
Inthecontextofdatacenterfabricsecurity,Brocade®providesadvancedfabricservicesforStorageAreaNetworks(SANs)withtheBrocadeEncryptionSwitch.Theswitchisahigh-speed,highlyreliablehardwaredevicethatdeliversfabric-basedencryptionservicestosecuredataassetseitherselectivelyoronacomprehensivebasis.
TheBrocadeEncryptionSwitchscalesnon-disruptively,providingfrom48upto96Gbit/secofencryptionprocessing
BRoCAdEENCRYPTIoNSWITCH
DATA CENTER
dATASHEET
powertomeettheneedsofthemostdemandingenvironmentswithflexible,on-demandperformance.Italsoprovidescompressionservicesatspeedsupto48Gbit/secfortapestoragesystems.Moreover,itistightlyintegratedwithindustry-leading,enterprise-classkeymanagementsystemsthatcanscaletosupportkeylifecycleservicesacrossdistributedenvironments.
FABRiC-BAsED ENCRYPtiONMostsensitivecorporatedataisstoredinthedatacenter,andthevastmajorityofdatafromcriticalapplicationsresidesinaSAN—enablingorganizationstoleveragetheexistingintelligencelayerinthestoragefabric.Thislayerprovidesacentralizedframeworkinwhichtodeploy,manage,andscalefabric-baseddatasecuritysolutions.
Figure 1. TheBrocadeEncryptionSwitchplaysa
vitalroleintheBrocadedCFarchitecture.
TheBrocadefabric-basedapproachtodataencryptionscalestomeetperformancerequirements,providesacentralizedpointofmanagementforstoragesecurityandkeymanagement,andsupportsheterogeneousstorageenvironments.deploymentissimpleandnon-disruptive:organizationscanencryptdatafromanyswitchportwithoutreconfiguringthefabric.
Inaddition,organizationscanimplementprovisioningwithoutshuttingdownapplicationsorchangingtheLogicalUnitNumber(LUN)mappingandLUNmaskingconfigurationsonthetargetstoragearrays.TheBrocadeEncryptionSwitchismanagedandconfiguredusingfamiliarBrocadedataCenterFabricManager(dCFM™)EnterpriseandCLImanagementtools,andiseasilyintegratedintoexistingnetworkinfrastructures.
KeyadvantagesoftheBrocadeEncryptionSwitchinclude:
•Theabilitytoencryptdataatwirespeed
•Centralmanagementofstorageandfabric-basedsecurityresources
•Transparent,onlineencryptionof“cleartext”LUNsandrekeyingofencryptedLUNswithoutdisruption
•datacompressionandintegrityauthenticationfortapebackup
•Simplified,non-disruptiveinstallationandconfiguration
HigH-VAlUE APPliCAtiONs AND sOlUtiON AREAsTwoofthegreatestbusinessbenefitsoftheBrocadeEncryptionSwitchareincreasedproductivityandreducedriskofdataexposure.otherkeybenefitsincludeimprovedbackupperformancewhiledeployingencryption/compressionandinvestmentprotectionforexistingresources.
TheBrocadeEncryptionSwitchisidealforapplicationssuchas:
•HighlysensitiveITapplicationswithsecuredata-at-restrequirements
•Securedatabackupsforoffsitediskandtapestorageandlong-termarchiving
•Supportforheterogeneousdiskandtapestorageenvironmentsfromacentralizedpointofmanagement
•decommissioningofdiskarraysthatrequirelegalvalidationofthelogicaldestructionanddatashreddingofdevices(theBrocadeEncryptionSwitchhelpsdecommissiondevicesbyencryptinganentireLUNanddestroyingthedataencryptionkey)
•SecurereplicationofVirtualTapeLibrary(VTL)backupstoremotefacilities
SAN
Client/Server
Emerging Protocols
(FCoE)
Brocade Data Center Fabric
Extended Data Center Fabric
Disaster Recovery Site
Continuous Remote
Replication
Key Management
Brocade Encryption
Switch
Branch Office
Virtual and Standalone
Servers
Virtual and Standalone
Servers
Storage
Brocade Encryption
Switch
Brocade DCX Backbone
Encryption
DirectorsSwitches
1 Brocade M-EOS fabrics are McDATA switches and directors running McDATA Enterprise OS in McDATA Fabric mode or McDATA Open Fabric mode.
Thestoragefabricenablescentralizedmanagementtosupportnearlyeveryaspectofthedatacenter,fromserverenvironmentsandworkstationstoedgecomputingandbackupenvironments.Asaresult,itisanidealplacetostandardizeandconsolidateaholisticdata-at-restsecuritystrategy.organizationscanalsoimplementthistypeofbest-practicemethodologyinotherpartsofthedatacenter,helpingtoprotectdatathroughouttheenterprise.
Mostcurrentindustrysolutionsincludeeitherhost-basedsoftwareencryption,device-embeddedencryption,oredgeencryption—allofwhichprovideisolatedservicestospecificapplicationsbuttypicallycannotscaleacrossextendedenterprisestorageenvironments.Incontrast,Brocadedeliversfabric-basedencryptionaspartoftheindustry-leadingBrocadedataCenterFabric(dCF)architectureandinnovativeBrocadeAdaptiveNetworkingservices(seeFigure1).
Basedonindustrystandards,Brocadeencryptionfordata-at-restprovidescentralized,scalableencryptionandcompressionservicesthatseamlesslyintegrateintoexistingBrocadeFabricoS®(FoS)andBrocadeM-EnterpriseoS(M-EoS)environments1.
TheBrocadeEncryptionSwitchisdesignedforuseinthefollowingSANenvironments:
•Large-scaleencryptioninnewdatacenterdeployments
•Plug-instoragesecurityservicesforexistingSANfabrics
•Heterogeneousdiskandtapestorageenvironments
•Standaloneswitcheswithencryptionandcompression
•SingleanddualFoSandM-EoSfabrics
•Securefabric-basedenvironmentsthatintegratewithexistingenterprisekeymanagementsystems
•Expandingencryptionenvironmentsthatrequireprotectionforcurrentdatasecurityandkeymanagementinvestments
iNVEstMENt PROtECtiON AND EFFiCiENCYTheBrocadeEncryptionSwitchistheindustry’smosteffectiveencryptionplatformintermsofpowerefficiencyandsystemperformance.Infact,itprovidesseveraltimestheencryptionandcompressionprocessingpowerofcompetitiveofferingswhiledeliveringasignificantadvantageinrackspaceutilization.
Tohelporganizationsprotecttheirtechnologyinvestments,theBrocadeEncryptionSwitchfeaturesforwardandbackwardcompatibilitywithBrocadeB-SeriesandM-Seriesfabrics.Byadoptinganevolutionarystrategyratherthana“rip-and-replace”approach,organizationscansavesignificanttime,money,andeffortwhileminimizingdisruptionandrisk.
Moreover,strategicrelationshipswithBrocadePartnersprovidethebroadestchoiceofintegrated,best-in-classkeymanagementandsecuritysolutions.Thisintegrationenablesorganizationstoleverageexistingkeymanagementinfrastructureinvestmentsandmaintaincurrentpolicies,procedures,andtrainingefficiencies.
BROCADE ENCRYPtiON PROFEssiONAl sERViCEsBrocadeProfessionalServiceshelporganizationsdeployandaddresstheirmanagement,encryption,andsecurityprocessesinaholisticapproachtomeetcomplianceandregulatoryrequirementsforencryptionofdata-at-rest.Auniqueend-to-endapproachconsidersthesolutiondesignfromanarchitectural,policy,andoperationalperspective.
Followingthedesignphase,Brocadeexpertswillinstallandconfigurethehardwareintoaneworexistingfabricinahighlyeffectiveandtimelymanneraccordingtobestpractices.Uponcompletionoftheengagement,organizationsreceivefulldocumentationofthesolution.ThistransferofinformationeducatesITstaffsotheycanbetterunderstandandassumeresponsibilityforthesolution.
MAXiMiZiNg iNVEstMENtsTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeeducation,support,andservices.Formoreinformation,contactaBrocadesalespartnerorvisitwww.brocade.com.
systems ArchitectureFibreChannelports 32ports,universal(F/FL/E/EX/M)Ethernetports Tworedundant1000BaseEthernetportsforclustering
andI/osynchronizationduringrekeyingoperationSmartcards MasterkeyrecoverycardsCompressionfortape Hardware-baseddatacompressionpriorto
encryptionCompatibility IEEE1619standard-basedmode(diskandtape)
dataFort-compatiblemode(diskandtape)datarekeying onlineorofflineconversionofdatafromcleartextto
ciphertext;manualorautomatedrekeyingsessionsCryptoscalability Upto256targetdevices;1024hostportsper
encryptionengineCryptoengine Maximum96Gbit/sechardwareprocessingfordisk*
Maximum48Gbit/sechardwareprocessorfortapewith2:1compression*
FibreChannelperformance
1.063Gbit/seclinespeed,fullduplex;2.125Gbit/seclinespeed,fullduplex;4.25Gbit/seclinespeed,fullduplex;8.5Gbit/seclinespeed,fullduplex;auto-sensingof1,2,4,and8Gbportspeeds;optionallyprogrammabletofixedportspeed;speedmatchingbetween1,2,4,and8Gbports
FibreChannelscalability
Full-fabricarchitectureof239switches
Certifiedmaximum SingleBrocadeFoSfabric:56domains,19hops
SingleBrocadeM-EoSfabric:31domains,3hops
Largerfabricscertifiedasrequired;consultBrocadeoroEMSANdesigndocumentsforconfigurationdetails
ISLTrunking Frame-basedtrunkingwithuptoeight8GbportsperISLtrunk;upto64Gbit/secthroughputperISLtrunk
Maximumframesize 2112-bytepayloadforFibreChannelClassesofservice Class2(unencryptedtraffic),Class3(encrypted
andunencrypted),andClassF(inter-switchframes)datatraffictypes Fabricswitchessupportingunicast,multicast
(255groups),andbroadcastUSB oneUSBportforsystemlogfiledownloadsor
firmwareupgrades
BROCADE ENCRYPtiON switCH sPECiFiCAtiONs
dATASHEET
©2009BrocadeCommunicationsSystems,Inc.AllRightsReserved.01/09GA-dS-1223-01
Brocade,theB-wingsymbol,dCX,FabricoS,FileLifecycleManager,MyView,andStorageXareregisteredtrademarks,anddCFMandSANHealtharetrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Allotherbrands,products,orservicenamesareormaybetrademarksorservicemarksof,andareusedtoidentify,productsorservicesoftheirrespectiveowners.
Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.
Corporate Headquarters SanJose,CAUSAT:+1-408-333-8000info@brocade.com
European Headquarters Geneva,SwitzerlandT:+41-22-799-56-40emea-info@brocade.com
Asia Pacific Headquarters SingaporeT:+65-6538-4700apac-info@brocade.com
ForinformationaboutsupportedSANstandards,visitwww.brocade.com/sanstandardsForinformationaboutswitchanddeviceinteroperability,visitwww.brocade.com/interoperabilityForinformationabouthardwareregulatorycompliance,visitwww.brocade.com/regulatorycompliance
* Actualencryptionperformancelevelsvarybaseduponuserconfigurationandenvironment.
Mediatypes 8Gb:UtilizesBrocadehot-pluggableSFP+,LCconnector;Short-WavelengthLaser(SWL);distancedependsonfiber-opticcableandportspeed
Fabricservices SimpleNameServer(SNS),RegisteredStateChangeNotification(RSCN),NTPv3,ReliableCommitService(RCS),dynamicPathSelection(dPS),BrocadeAdvancedZoning(defaultzoning,port/WWNzoning,broadcastzoning),N_PortIdVirtualization(NPIV),FdMI,ManagementServer,FSPF,EnhancedGroupManagement,IPFC,FrameRedirection,PortFencing,BBcreditrecovery
optionalfabricservices:FabricWatch,ExtendedFabrics,ISLTrunking,AdvancedPerformanceMonitoring,AdaptiveNetworking(per-dataflowQoS,IngressRateLimiting,TrafficIsolation,FabricdynamicsProfiling,andIntegratedRouting)
FIPScertification FIPS140-2Level-3CompliantCryptographicModule
ManagementAdministratorroles Administrator,fabricadministrator,security
administrator,recoveryofficerManagement Telnet,HTTP,LdAP,Syslog,SCP,auditing,IPfiltering;
SNMPv1/v3(FEMIB,FibreChannelManagementMIB);BrocadeAdvancedWebTools;BrocadedataCenterFabricManager(dCFM)Enterprise;SMI-Scompliant,SMI-Sscriptingtoolkit,Administrativedomains
Managementprotocolsandaccesscontrols
SSL,SSHv2,HTTPS,RAdIUS,Role-BasedAccessControl(RBAC)
SANsecurity dH-CHAP(betweenswitchesandenddevices),portbinding,switchbinding,secureRPC,trustedswitch,changetracking
Managementaccess 10/100/1000Ethernet(RJ-45);in-bandoverFibreChannel;serialport(RJ-45);USB;call-homeintegrationenabledthroughBrocadedCFM
diagnosticsandsupportability
PoSTandembeddedonline/offlinediagnostics,includingRAStracelogging,environmentalmonitoring,non-disruptivedaemonrestart,FCpingandPathinfo(FCtraceroute),PortMirroring(SPANport)
Keymanagement NetAppLKM4.0orlater;RSAKeyManager2.1.3orlater;HPSKM1.1
MechanicalsEnclosure Non-porttoportsideairflow;2U,19-inch
EIA-compliant,powerfromnon-portsideSize Width:42.9cm(16.9in)
Height:8.7cm(3.4in)
depth:64.8cm(25.5in)Systemweight 22.4kg(49.4lbs)withtwopowersupplyFRUs,
withoutSFP/SFP+transceivers
EnvironmentalsTemperature operating:0to40°C(32to104°F)
Non-operating:–25to70°C(–13to158°F)Altitude operating:Upto3,000meters(9,842feet)
Storage:Upto12kilometers(39,370feet)Shock operating:20g,6mshalf-sine
Non-operating:halfsine,33g11ms,3/egAxisHeatdissipation Maximum80ports:1183BTU/hrCo2emissions 1048.57kgperyear(witheightports)Airflow Maximum76CFM(cu.ft./min);nominal53CFM
PowerPowerinlet C13ACinputrange 85to264VACFrequencyrange 47to63HzPowerconsumption 347wattswith328Gbports
ConfigurationsBasecryptomodel BrocadeEncryptionSwitch,32FibreChannel
ports,48Gbit/sec*maximumhardwareencryptionprocessing
Advancedcryptomodel BrocadeEncryptionSwitch,32FibreChannelports,96Gbit/sec*maximumhardwarediskencryptionprocessing
BROCADE ENCRYPtiON switCH sPECiFiCAtiONs (CONtiNUED)