This article can also be found in the Premium Editorial Download "Storage magazine: Boosting data storage array performance."
Download it now to read this article plus other related content.
NeoScale Systems' CryptoStor FC
PLATFORM: Any (no host software required)
Neoscale's inline architecture will appeal to administrators who don't like adding agents to their servers, and who are looking for the highest levels of throughput with no impact on server utilization. CryptoStor FC runs at 2Gb/sec and will support 4Gb/sec throughput when it becomes available in the first half of 2006.
However, CryptoStor works only with FC storage and only at the LUN level, so an entire storage device is either encrypted or not. NeoScale has separate appliances for handling tape and storage over WAN (VPN) encryption.
With its wizard-based installation and configuration program, CryptoStor is very simple to set up. Once the network configuration is completed, the rest of the configuration and management is done using CryptoStor's dedicated Web management interface. After the system encryption keys are created, the storage can be attached, the encryption enabled and the disk formatted.
NeoScale's installation procedure assumes that CryptoStor will be installed with a new storage subsystem. It's possible to install the appliance between a server and an existing storage subsystem, but that requires all the data on the storage to be rewritten with an online data prep utility, which encrypts the existing data before it can be made available to users again. This process runs at approximately 500KB/sec. CryptoStor supports storage virtualization that moves blocks via a host agent, but you'll want to check with the virtualization manufacturer to determine whether its product moves blocks or data at the file system or higher level.
The CryptoStor system supports Federal Information Processing Standards (FIPS)-compliant mode, which meets all of the security requirements for government high-security data processing, such as forcing separate roles for a storage administrator and a security officer. But NeoScale lets you combine these roles if you choose not to use the FIPS-compliant mode.
Keys can be exported onto a smart card or into an encrypted file (password and system key protected), and offsite disaster recovery technicians can use a software utility to unencrypt data if necessary.
CryptoStor is a transparent and simple encryption system that produces little or no loss of performance in an FC environment. For administrators who don't have policy enforcement issues or a requirement to keep some data in the clear, CryptoStor is easier to implement and use than agent-based systems.
This was first published in January 2006