This article can also be found in the Premium Editorial Download "Storage magazine: Comparing EMC Symmetrix DMX-3 vs. Hitachi Data Systems USP1100."
Download it now to read this article plus other related content.
ESG believes storage providers should actively embrace TCG-enabled storage because it can help them deliver:
Granular storage security configuration enforcement. TCG-enabled storage provides a framework for granular, role-based configuration management and change controls. For example, individual storage functionality "containers" (TCG calls them service providers or SPs) on the storage device are "sandboxed" and exclusively controlled by a designated owner. This provides tight control over storage assets and functionality where access control is based on credentials.
Improved storage access controls. To protect storage from rogue apps and systems, admins use zoning, LUN masking and access control lists. TCG-enabled storage takes access control methods a step further with the concepts of enrollment and connection. This process can map specific hosts to specific storage devices and/or specific storage devices to specific hosts. The TCG-enabled storage provides more granular mapping and defines what protected storage locations can be allocated to specific users, systems or apps.
Scalable, device-level encryption. TCG-enabled storage provides an onboard encryption engine for high-speed encryption at the device level. This can help overcome the performance and scalability problems often associated with encryption. Cryptographic operations are handled by a dedicated processor in the drive. And because encryption is done on a drive-by-drive
Automated backup. TCG-enabled storage can allow backup from one secure "service provider" (i.e., storage sandbox) to another. In this scenario, the SP owner must have access to another SP with registry capabilities on another storage device. With this permission in place, TCG-enabled storage can mirror SPs on one or multiple devices.
TCG-enabled storage helps to lock down storage infrastructure and the data residing on it. Access controls are based on establishing trust relationships that are authenticated at run time with credential checks. These tight controls reduce the possibility of an accidental or intentional breach of storage infrastructure or valuable data.
This was first published in January 2007