This article can also be found in the Premium Editorial Download "Storage magazine: A report on storage standards: SMI-S, XAM, encryption key management and FAIS."
Download it now to read this article plus other related content.
SAN-based encryption appliance: Encryption appliances offer line-speed encryption capabilities and key management capabilities. Veteran vendors such as Decru (a NetApp company) and NeoScale Systems have been joined by companies such as CipherMax and Crossroads Systems. These appliances sit in the data path between the backup server and tape library, and can encrypt the data stream in real time with little or no performance penalty. There's considerable variation among these products in terms of the number of ports available, which could impact scalability and configuration complexity. An advantage is that these appliances are agnostic with regards to backup software and tape hardware.
SAN switch-based encryption: An alternative to the SAN-based appliance has emerged in the form of the Cisco MDS 9000 Family Storage Media Encryption Package. Designed to run on multiservice modules available for Cisco 9000 switches, the device functions in a manner similar to that of an encryption appliance. The biggest difference is the ability to perform hardware-based encryption without the complexities of additional external devices and cabling.
Tape drive encryption: Perhaps the most eagerly awaited encryption development over the past year has been the introduction of tape drives with embedded encryption. Initially offered only in high-end ($30,000-plus) tape drives such as the
| IBM System Storage TS1120 and the Sun Microsystems StorageTek T10000, LTO-4 has brought this capability to the midrange level. Tape drives have included onboard compression for years and, all other things being equal, they seem logical targets for data encryption as well.
Another factor to keep in mind is the lack of key portability among vendors. While there's an emerging IEEE standard (P1619.3) and most vendors have pledged to support it, it's reasonable to anticipate potential transitioning challenges depending on organizational tape-retention policies.
This was first published in January 2008