B-Series Encryption Switch And Encryption Fc Blade Security - HP StorageWorks 4000/6000/8000 - Enterprise Virtual Arrays Reference Manual

Data confidentiality—Packets are encrypted by the sending device before transmitting them over
the network.
Data integrity—Packets are authenticated by the receiving device to ensure that data has not been
altered during transmission.
Data-origin authentication—The packet source can be authenticated by the receiving device.
Anti-replay protection—Replayed packets can be detected and rejected by the IPsec receiver.
CHAP authentication
C-series IP modules support CHAP, which uses a three-way handshake to ensure that validity of remote
clients. C-series CHAP requires that you configure a password. which the switch presents to the iSCSI
initiator. This password is used to calculate a CHAP response to a CHAP challenge sent to the IP port
by the initiator.

B-series Encryption Switch and Encryption FC Blade security

This section describes the security features for the B-series Encryption Switch and Encryption FC Blade.
For switch models and fabric rules, see
The B-series Encryption Switch is a high-performance, 32-port autosensing 8 Gb/s Fibre Channel
switch with data encryption/decryption and data compression capabilities. The switch is a
network-based solution that secures data-at-rest for disk array LUNs using IEEE standard AES 256-bit
algorithms. Encryption and decryption engines provide in-line encryption services with up to 96 Gb/s
throughput for disk I/O (mix of ciphertext and cleartext traffic).
For details on the B-series Encryption Switch, including deployment scenarios, see the Fabric OS
Encryption Administrator's Guide available at
saninfrastructure/switches/encrypt_sanswitch.html.
NOTE:
HP does not currently support the tape encryption features of the B-series Encryption Switch and
Encryption FC Blade.
Features
High-performance, scalable fabric-based encryption to enforce data confidentiality and privacy
requirements
Unparalleled encryption processing at up to 96 Gb/s to support heterogeneous enterprise data
centers
Integration with HP Secure Key Manager, providing secure and automated key sharing between
multiple sites to ensure transparent access to encrypted data
Industry-standard AES 256-bit encryption algorithms for disk arrays on a single security platform
for SAN environments
Frame Redirection technology that enables easy, nonintrusive deployment of fabric-based security
services
Plug-in encryption services available to all heterogeneous servers, including virtual machines, in
data center fabrics
Scalable performance with on-demand encryption processing power to meet regulatory mandates
for protecting data
410 Storage security
"B-series switches and fabric
http://h18006.www1.hp.com/storage/
rules" on page 93.