Nexsan Technologies Ltd., has upped the ante in the content-addressed storage CAS market with a box that provides native encryption on top of traditional CAS features like single instance storage, scheduled
The product, called Assureon, is the result of Nexsan's acquisition of software startup EverTrust in March. EverTrust provided the security and CAS software for the product while Nexsan provided the RAID storage hardware and firmware.
The five foot tall cabinet comes with 8 terabytes (TB) of SATA disks and has space for up to 84 raw terabytes in one box. These are served by 1U blades (four in the starter version) and a system of processors that scale separately from the drives. Though the box is actually a server cluster system, Nexsan's Assureon software manages it as a single unit.
Assureon is meant to be an archive that stores files according to tiered storage policies set by the user. The box stores file meta data separately from the file itself, meaning that the same file can be kept accessible to different users for different periods of time. An example of this would be a company in which a human resources department only wanted to keep an employee manual on file for a year, but the legal department wanted to keep it for 10 years in case it was needed for litigation.
The box also supports AES-256 encryption of the disks refreshed on a monthly basis. Each file is given a separate key, which is then rolled into a larger bundle on a separately encrypted CD-ROM. The encrypted key is then sent to a third party key management company. Both the CD-ROM and "smart-card" tokens are needed to decrypt the keys.
According to the system devised by Nexsan, the key encryption is "rolled" once a month –- the lists of keys are decrypted then re-encrypted with a new algorithm. Companies fearing an internal security breach can make this change on demand.
Encryption, in some cases, can make the search and recovery process slower, but according to Nexsan CEO Philip Black, the scalability of the server cluster within the Assureon could address it if it becomes an issue.
"Decrypting and recovering files takes a little bit more time but not a particularly long time; from a normal point of view, it's not a problem," Black said. "If you have billions and billions of files all being requested at the same time it could be an issue, but we can then scale the cluster if the customer needs it."
For compliance issues, the Nexsan box uses a dual cryptographic hash of the file using SHA-1 and MD-5 numbers, along with the length of the file into a "unique fingerprint" that automatically changes if a bit within the file changes. If the hash changes, the system makes a new separate file, meaning files can't be retroactively changed.
Another feature of the box gives every object a unique number in a sequence –- a process called "serialization" –- and an agent counts through the sequence periodically to make sure none of the files has been deleted. Because the system supports replication, the self-auditing agent can also replace an improperly deleted file with a backup copy.
Furthermore, the Nexsan box stores every asset into two separate physical RAID boxes, supports asynchronous remote mirroring and back up to tape or optical disk. When writing to off-site media, the Assureon makes seven random pattern writes so that if a key is destroyed, the archive tape or disk is unreadable.
Challenging EMCNexsan is being aggressive in its promotion of the appliance as an alternative to the bigger players' products, especially EMC Corp.'s Centera.
Black claims Assureon offers native encryption and improved hashing algorithms not available on Centera and is a combined system, unlike the Decru Inc./Network Appliance Inc. offering.
While EMC continues its stranglehold on the CAS market –- after all, it invented the term with the release of its Centera product –- Nexsan might make inroads for users that want a smaller, more affordable CAS system, according to analysts.
"I've spent a lot of time talking to guys at mediumsized companies and they've been asking about archiving –- but the high-end stuff was too big for them," said Brad O'Neill, senior analyst with the Taneja group.
He said that EMC's four-node "Baby Centera" had been an attempt to reach this market, but that Nexsan's box would be more cost effective. EMC charges around $100,000 for 2 TB of usable capacity on the four-node system, roughly the same price as Nexsan for 8 TB.
Security hype versus reality"The whole issue with security in general has high visibility right now," said Marc Staimer, of Dragon Slayer Consulting. "But as a market, there aren't huge sales coming from it. People are looking at it trying to do the minimum possible because it's not revenue generating. There's a lot of hype about this in the space but not a lot of buying.
"The issue of compliance is cost of penalties for noncompliance," Staimer added. "It's like insurance. If you could spend less money on insurance and get the same coverage, would you do it? That's what they bring to the table.
"I think it's a very good product," Staimer said. "But they're going to have a problem getting it sold. People are going to look at it and say, 'this is Nexsan, they're great for secondary data, but this is compliance stuff. I'm going to let other people test it out and say it works first.' They're going to have to prove themselves in the market to be successful."
More competitionHewlett-Packard Co. (HP) jumped into the CAS market via its acquisition of Persist Technologies Inc. in 2003. The resulting product was HP's Reference Information Storage System for long-term data archiving.
Storage Technology Corp. (StorageTek) announced a CAS system called IntelliStore in June, before being acquired by Sun Microsystems Inc. Sun had its own development project going in this area, codenamed Honeycomb and is still working out its positioning of the two products, if indeed it keeps both of them.
Startup Permabit Inc. sells CAS software, called Permeon that runs on any hardware. Permabit had an OEM deal with StorageTek until it introduced its own product, IntelliStore, killing its OEM partnership.