Brocade is beefing up its security by rolling out an encryption Fibre Channel switch and an encryption blade for data at rest. Encryption for data at rest secures information stored on disk for backups. Brocade's Encryption Switch is a 32-port, 8 Gbps Fibre Channel switch. The FS8-18 Encryption Blade is a 16-port blade that plugs into Brocade's DCX Backbone switches. Both the switch and the blade scale up to 96 Gbps of encryption processing power.
Brocade positions its encryption switch and encryption blade as higher performing and higher scaling devices than those that vendors such as Decru, NeoScale and Kasten Chase brought out a few years back. However, none of those products gained widescale acceptance. NetApp acquired Decru in 2005 but hasn't generated as much interest in the Decru DataFort product as it had hoped. NCipher bought up NeoScale's assets last year. Kasten Chase has gone out of business.
"Encryption has been around for decades, and it's been deployed widely in different verticals," said Jose Carreon, director of data center infrastructure security product marketing for Brocade. "We're putting encryption in the core of the fabric."
Data encryption is supported as a plug-in service with Brocade's new Data Center Fabric Manager (DCFM), which replaces the company's Enterprise Fabric Connectivity Manager (EFCM) and Brocade Fabric Manager applications.
Supports key management products
Brocade's encryption will support key management products from NetApp and EMC/RSA in its first release; support is also planned for key management from Hewlett-Packard and nCipher. The encryption switch and blade devices also support Symantec NetBackup, IBM Tivoli Storage Manager, EMC Networker and CommVault Simpana backup applications. Brocade pledges support for HP Data Protector and BakBone NetVault in future releases.
According to Carreon, Brocade's storage vendor partners, including NetApp, will resell the encryption switch and blade. In an email to SearchStorage.com, Chris Cumming, senior director of data protection solutions for NetApp, wrote that Brocade's encryption switch will complement the company's Fibre Channel-series DataFort appliances. "Marrying key management with switch-based encryption adds to the NetApp security portfolio," he wrote.
Enterprise Strategy Group analyst Jon Oltsik said that Brocade's encryption products scale better and require fewer devices than the earlier encryption appliances. "Before you had to add a box to your Fibre Channel network, and you don't have to do that with this method," he said. "What you used to need lots of boxes to do, you can now do with a blade and Fibre Channel director."
Adoption was slow for DataFort and similar products, and they were eclipsed by other types of encryption, according to Oltsik. "I saw a fair amount of adoption of Decru and NeoScale with tape, but it took a while," he said. "At first, the only people buying that were in defense, intelligence and law enforcement, and by time it gained critical mass, other technologies came along -- encryption tape drives, for instance."
Brocade rival Cisco last week launched encryption for data in flight between Fibre Channel switches, to go with a Storage Media Encryption (SME) module that it released last year for data in flight through a partnership with RSA.
Encryption for data in flight
Brocade's devices do not encrypt data in flight, which is data moving across the network or the Internet. Carreon said that the priority for Brocade customers now is encrypting data at rest for backed up data, but Brocade intends to enable encryption in its HBAs to offer end-to-end encryption, and customers will be able to turn on encryption for data in flight through a software key. Brocade also intends to add tape encryption in its next release, planned for late this year.
"We have the first generation of encryption for data at rest in a switch and blade now," Careon said. "In the next 12 months, our server division will release an HBA to enable encryption that's compatible with what we've implemented in the switch and blade. That will enable us to complete our end-to-end story from host to target."