DATA SHEET BROCADE ENCRYPTION SWITCH ENCRYPTION... · 2013-11-03 · Smart cards Master key...
Transcript of DATA SHEET BROCADE ENCRYPTION SWITCH ENCRYPTION... · 2013-11-03 · Smart cards Master key...
HIGHLIGHTS•High-performance,scalablefabric-basedencryptionenforcesdataconfidentialityandprivacyrequirements
•Unparalleledencryptionprocessingatupto96Gbpsusingindustry-standardAES-256encryptionalgorithms
•Choiceofindustry-leadingkeymanagementsolutionsthathelpreduceoperationalcostsandsimplifymanagement
•Asingle,centralizedsecurityplatformforbothdiskandtapeSANenvironmentssupportingheterogeneousenterprisedatacenters
•FrameRedirectiontechnologyenableseasy,non-intrusivedeploymentoffabric-basedsecurityservices
•Plug-inencryptionandcompressionservicesavailabletoallhostservers,includingVirtualMachines(VMs),attachedtodatacenterfabrics
•Scalableperformancewithon-demandencryptionandcompressionprocessingpowermeetsregulatorymandatesforsecuringdata
High-Performance Encryption for Data-at-Rest
Managingoperationalriskbyprotectingvaluabledigitalassetshasbecomeincreasinglycriticalintoday’senterpriseITenvironments.Inadditiontoachievingcompliancewithregulatorymandatesandmeetingindustrystandardsfordataconfidentiality,ITorganizationsmustalsoprotectagainstpotentiallitigationandliabilityfollowingareportedbreach.
Inthecontextofdatacenterfabricsecurity,BrocadeprovidesadvancedfabricservicesforStorageAreaNetworks(SANs)withtheBrocade®EncryptionSwitch.Theswitchisahigh-speed,highlyreliablehardwaredevicethatdeliversfabric-basedencryptionservicestosecuredataassetseitherselectivelyoronacomprehensivebasis.
TheBrocadeEncryptionSwitchscalesnon-disruptively,providingupto96Gbpsofencryptionprocessingpowertomeetthe
BROCADEENCRYPTIONSWITCH
DATA CENTER
DATASHEET
needsofthemostdemandingenvironmentswithflexible,on-demandperformance.Italsoprovidescompressionservicesatspeedsupto48Gbpsfortapestoragesystems.Moreover,itistightlyintegratedwithindustry-leading,enterprise-classkeymanagementsystemsthatcanscaletosupportkeylifecycleservicesacrossdistributedenvironments.
FABRIC-BASED ENCRYPTIONMostsensitivecorporatedataisstoredinthedatacenter,andthevastmajorityofdatafromcriticalapplicationsresidesinaSAN—enablingorganizationstoleveragetheexistingintelligencelayerinthestoragefabric.Thislayerprovidesacentralizedframeworkinwhichtodeploy,manage,andscalefabric-baseddatasecuritysolutions.
TheBrocadeOne™strategyhelpssimplifynetworkinginfrastructuresthroughinnovativetechnologiesandsolutions.TheBrocadeEncryptionSwitchsupportsthisstrategybyallowingorganizationstosecuretheirdatatomeetregulatoryandinternalcompliancerequirements.
www.brocade.com
Figure 1. TheBrocadeEncryptionSwitchplaysavitalroleintheBrocadeOnestrategy.
tapestoragesecurityaswellaskeymanagement,andsupportsheterogeneousstorageenvironments.Deploymentissimpleandnon-disruptive:Organizationscanencryptdatafromanyswitchportwithoutreconfiguringthefabric.
Inaddition,organizationscanimplementprovisioningwithoutshuttingdownapplicationsorchangingtheLogicalUnitNumber(LUN)mappingandLUNmaskingconfigurationsonthetargetstoragearrays.TheBrocadeEncryptionSwitchismanagedandconfiguredusingfamiliarBrocademanagementtools—includingBrocadeNetworkAdvisor,BrocadeDataCenterFabricManager(DCFM®),andCLImanagementtools—andiseasilyintegratedintoexistingnetworkinfrastructures.
KeyadvantagesoftheBrocadeEncryptionSwitchinclude:
•Theabilitytoencryptdataatwirespeed
•Centralmanagementofstorageandfabric-basedsecurityresources
•Concurrentsupportforbothdiskandtapeencryptionoperationsfromasingledevice
•Transparent,onlineencryptionof“cleartext”LUNsandrekeyingofencryptedLUNswithoutdisruption
•Datacompressionandintegrityauthenticationfortapebackup
•Simplified,non-disruptiveinstallationandconfiguration
HIGH-VALUE APPLICATIONS AND SOLUTION AREASTwoofthegreatestbusinessbenefitsoftheBrocadeEncryptionSwitchareincreasedproductivityandreducedriskofdataexposure.Otherkeybenefitsincludeimprovedbackupperformancewhiledeployingencryption/compressionandinvestmentprotectionforexistingresources.
TheBrocadeEncryptionSwitchisidealforapplicationssuchas:
•HighlysensitiveITapplicationswithsecuredata-at-restrequirements
•Securedatabackupsforoffsitediskandtapestorageandlong-termarchiving
•Supportforheterogeneousdiskandtapestorageenvironmentsfromasingledevicewithcentralizedmanagement
•Decommissioningofdiskarraysthatrequirelegalvalidationoftheirrecoverabledestructionofdata(TheBrocadeEncryptionSwitchenablessecuredecommissioningofstoragedevicesbyencryptinganentireLUNandpermittingdeletionofdataencryptionkeys.)
•SecurereplicationofVirtualTapeLibrary(VTL)backupstoremotefacilities
TheBrocadeEncryptionSwitchisdesignedforuseinthefollowingSANenvironments:
•Large-scaleencryptioninnewdatacenterdeployments
•Plug-instoragesecurityservicesforexistingSANfabrics
SAN
Client/Server
Emerging Protocols
(FCoE)
Brocade Data Center Fabric
Extended Data Center Fabric
Disaster Recovery Site
Continuous Remote
Replication
Key Management
Brocade Encryption
Switch
Branch Office
Virtual and Standalone
Servers
Virtual and Standalone
Servers
Storage
Brocade Encryption
Switch
Brocade DCX Backbone
Encryption
DirectorsSwitches
1 Brocade M-EOS fabrics are McDATA switches and directors running McDATA Enterprise OS in McDATA Fabric mode or McDATA Open Fabric mode.
Thestoragefabricenablescentralizedmanagementtosupportnearlyeveryaspectofthedatacenter,fromserverenvironmentsandworkstationstoedgecomputingandbackupenvironments.Asaresult,itisanidealplacetostandardizeandconsolidateaholisticdata-at-restsecuritystrategy.Organizationscanalsoimplementthistypeofbest-practicemethodologyinotherpartsofthedatacenter,helpingtoprotectdatathroughouttheenterprise.
Mostcurrentindustrysolutionsincludeeitherhost-basedsoftwareencryption,device-embeddedencryption,oredgeencryption—allofwhichprovideisolatedservicestospecificapplicationsbuttypicallycannotscaleacrossextendedenterprisestorageenvironments.Incontrast,Brocadedeliversfabric-basedencryptionforbothdisk-andtape-basedstoragedevicesaspartoftheindustry-leadingBrocadeOnestrategyandinnovativeBrocadeAdaptiveNetworkingservices(seeFigure1).
Basedonindustrystandards,Brocadeencryptionfordata-at-restprovidescentralized,scalableencryptionandcompressionservicesthatseamlesslyintegrateintoexistingBrocadeFabricOS®(FOS)andBrocadeM-EnterpriseOS(M-EOS)environments1.
TheBrocadefabric-basedapproachtodataencryptionscalestomeetperformancerequirements,providesacentralizedpointofmanagementforbothdiskand
•Heterogeneousdiskandtapestorageenvironments
•Standaloneswitcheswithencryptionandcompression
•SingleanddualSANfabrics
•Securefabric-basedenvironmentsthatintegratewithexistingenterprisekeymanagementsystems
•Expandingencryptionenvironmentsthatrequireprotectionforcurrentdatasecurityandkeymanagementinvestments
INVESTMENT PROTECTION AND EFFICIENCYTheBrocadeEncryptionSwitchistheindustry’smosteffectiveencryptionplatformintermsofpowerefficiencyandsystemperformance.Infact,itprovidesseveraltimestheencryptionandcompressionprocessingpowerofcompetitiveofferingswhiledeliveringasignificantadvantageinrackspaceutilization.
Tohelporganizationsprotecttheirtechnologyinvestments,theBrocadeEncryptionSwitchfeaturesforwardandbackwardcompatibilitywithBrocadeB-SeriesandM-Seriesfabrics.Byadopting
anevolutionarystrategyratherthana“rip-and-replace”approach,organizationscansavesignificanttime,money,andeffortwhileminimizingdisruptionandrisk.
Moreover,strategicrelationshipswithBrocadePartnersprovidethebroadestchoiceofintegrated,best-in-classkeymanagementandsecuritysolutions.Thisintegrationenablesorganizationstoleverageexistingkeymanagementinfrastructureinvestmentsandmaintaincurrentpolicies,procedures,andtrainingefficiencies.
BROCADE ENCRYPTION PROFESSIONAL SERVICESBrocadeProfessionalServiceshelpsorganizationsdeployandaddresstheirmanagement,encryption,andsecurityprocessesinaholisticapproachtomeetcomplianceandregulatoryrequirementsforencryptionofdata-at-rest.Auniqueend-to-endapproachconsidersthesolutiondesignfromanarchitectural,policy,andoperationalperspective.
Followingthedesignphase,Brocadeexpertswillinstallandconfigurethehardwareintoaneworexistingfabricinahighlyeffectiveandtimelymanneraccordingtobestpractices.
Uponcompletionoftheengagement,organizationsreceivefulldocumentationofthesolution.ThistransferofinformationeducatesITstaffsotheycanbetterunderstandandassumeresponsibilityforthesolution.
BROCADE GLOBAL SERVICES BrocadeGlobalServiceshastheexpertisetohelporganizationsbuildscalable,efficientcloudinfrastructures.Leveraging15yearsofexpertiseinstorage,networking,andvirtualization,BrocadeGlobalServicesdeliversworld-classprofessionalservices,technicalsupport,networkmonitoringservices,andeducation,enablingorganizationstomaximizetheirBrocadeinvestments,acceleratenewtechnologydeployments,andoptimizetheperformanceofnetworkinginfrastructures.
MAXIMIZING INVESTMENTSTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeprofessionalservices,technicalsupport,andeducation.Formoreinformation,contactaBrocadesalespartnerorvisitwww.brocade.com.
Systems ArchitectureFibreChannelports 32ports,universal(F/FL/E/EX/M)Ethernetports Tworedundant1000BaseTEthernetportsfor
clusteringandI/Osynchronizationduringrekeyingoperation
Smartcards Masterkeyrecovery,quorumauthorization,andsystemrecoveryoperations
Compressionfortape Hardware-baseddatacompressionpriortoencryption
Compatibility IEEE1619standard-basedmode(diskandtape)
DataFort-compatiblemode(diskandtape)Datarekeying Onlineorofflineconversionofdatafromcleartextto
ciphertext;manualorautomatedrekeyingsessionsCryptoscalability Upto256targetdevicesandinitiators;perengineCryptoengine Maximum96Gbpshardwareprocessingfordisk*
Maximum48Gbpshardwareprocessingfortapewithcompression*
FibreChannelperformance
1.063Gbpslinespeed,fullduplex;2.125Gbpslinespeed,fullduplex;4.25Gbpslinespeed,fullduplex;8.5Gbpslinespeed,fullduplex;auto-sensingof1,2,4,and8Gbpsportspeeds;optionallyprogrammabletofixedportspeed;speedmatchingbetween1,2,4,and8Gbpsports
FibreChannelscalability
Full-fabricarchitectureof239switches
Certifiedmaximum SingleBrocadeFOSfabric:56domains,19hops
SingleBrocadeM-EOSfabric:31domains,3hops
Largerfabricscertifiedasrequired;consultBrocadeorOEMSANdesigndocumentsforconfigurationdetails
ISLTrunking Frame-basedtrunkingwithuptoeight8GbpsportsperISLtrunk;upto64GbpsthroughputperISLtrunk
Maximumframesize 2112-bytepayloadforFibreChannelClassesofservice Class2(unencryptedtraffic),Class3(encrypted
andunencrypted),andClassF(inter-switchframes)Datatraffictypes Fabricswitchessupportingunicast,multicast
(255groups),andbroadcastUSB OneUSBportforsystemlogfiledownloadsor
firmwareupgrades
BROCADE ENCRYPTION SWITCH SPECIFICATIONS
DATASHEET
©2012BrocadeCommunicationsSystems,Inc.AllRightsReserved.03/12GA-DS-1223-05
Brocade,BrocadeAssurance,theB-wingsymbol,DCX,FabricOS,MLX,SANHealth,VCS,andVDXareregisteredtrademarks,andAnyIO,BrocadeOne,CloudPlex,EffortlessNetworking,ICX,NETHealth,OpenScript,andTheEffortlessNetworkaretrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Otherbrands,products,orservicenamesmentionedmaybetrademarksoftheirrespectiveowners.
Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.
Corporate Headquarters SanJose,CAUSAT:[email protected]
European Headquarters Geneva,SwitzerlandT:[email protected]
Asia Pacific Headquarters SingaporeT:[email protected]
ForinformationaboutsupportedSANstandards,visitwww.brocade.com/sanstandards.Forinformationaboutswitchanddeviceinteroperability,visitwww.brocade.com/interoperability.Forinformationabouthardwareregulatorycompliance,visitwww.brocade.com/regulatorycompliance.
* Actualencryptionperformancelevelsvarybaseduponuserconfigurationandenvironment.
Mediatypes 8Gbps:UtilizesBrocadehot-pluggableSFP+,LCconnector;Short-WavelengthLaser(SWL);distancedependsonfiber-opticcableandportspeed
Fabricservices SimpleNameServer(SNS),RegisteredStateChangeNotification(RSCN),NTPv3,ReliableCommitService(RCS),DynamicPathSelection(DPS),BrocadeAdvancedZoning(defaultzoning,port/WWNzoning,broadcastzoning),N_PortIDVirtualization(NPIV),FDMI,ManagementServer,FSPF,EnhancedGroupManagement,IPFC,FrameRedirection,PortFencing,BBcreditrecovery
Optionalfabricservices:BrocadeFabricWatch,ExtendedFabrics,ISLTrunking,AdvancedPerformanceMonitoring,AdaptiveNetworking(per-dataflowQoS,IngressRateLimiting,TrafficIsolation,FabricDynamicsProfiling),andIntegratedRouting
FIPScertification FIPS140-2Level-3ValidatedCryptographicModule
ManagementAdministratorroles Administrator,fabricadministrator,security
administrator,recoveryofficerManagement Telnet,HTTP,LDAP,Syslog,SCP,auditing,IPfiltering;
SNMPv1/v3(FEMIB,FibreChannelManagementMIB);BrocadeAdvancedWebTools;BrocadeNetworkAdvisor;BrocadeDataCenterFabricManager(DCFM);SMI-Scompliant,SMI-Sscriptingtoolkit,AdministrativeDomains
Managementprotocolsandaccesscontrols
SSL,SSHv2,HTTPS,RADIUS,Role-BasedAccessControl(RBAC)
SANsecurity DH-CHAP(betweenswitchesandenddevices),portbinding,switchbinding,secureRPC,trustedswitch,changetracking
Managementaccess 10/100/1000Ethernet(RJ-45);in-bandoverFibreChannel;serialport(RJ-45);USB;call-homeintegrationenabledthroughBrocadeDCFM
Diagnosticsandsupportability
POSTandembeddedonline/offlinediagnostics,includingRAStracelogging,environmentalmonitoring,non-disruptivedaemonrestart,FCpingandPathinfo(FCtraceroute),PortMirroring(SPANport)
Keymanagement NetAppLifetimeKeyManager(LKM);SafeNetKeySecurek460;RSAKeyManager(RKM)Appliance;HPSecureKeyManager(SKM)/EnterpriseSecureKeyManager(ESKM);ThalesEncryptionManagerforStorage(TEMS);IBMTivoliKeyLifecycleManager(TKLM)
MechanicalsEnclosure Non-porttoportsideairflow;2U,19-inch
EIA-compliant,powerfromnon-portsideSize Width:42.9cm(16.9in)
Height:8.7cm(3.4in)
Depth:64.8cm(25.5in)Systemweight 22.4kg(49.4lb)withtwopowersupplyFRUs,
withoutSFP/SFP+transceivers
EnvironmentalsTemperature Operating:0°Cto40°C(32°Fto104°F)
Non-operating:–25°Cto70°C(–13°Fto158°F)Altitude Operating:Upto3000meters(9842feet)
Storage:Upto12kilometers(39,370feet)Shock Operating:20g,6mshalf-sine
Non-operating:33g11mshalf-sine,3/egAxisCO2emissions 1048.57kgperyear(witheightports)Airflow Maximum76CFM(cu.ft./min);nominal53CFM
PowerPowerinlet C13ACinputrange 85to264VACFrequencyrange 47to63HzPowerconsumption 285wattswith328Gbpsports
ConfigurationsBasecryptomodel BrocadeEncryptionSwitch,32FibreChannel
ports,48Gbps*maximumencryptionprocessing
Advancedcryptomodel BrocadeEncryptionSwitch,32FibreChannelports,96Gbps*maximumdiskencryptionprocessing
BROCADE ENCRYPTION SWITCH SPECIFICATIONS (CONTINUED)
www.brocade.com