Table of Contents
Advertisement
Chapter 1. Introducing the SAN32B-E4
The SAN32B-E4 Encryption Switch is a high performance 32-port auto-sensing 8
Gbps Fibre Channel switch with cryptography (encryption/decryption) and data
compression capabilities. It is designed to encrypt data for enterprises to secure
their data against theft or unauthorized use, and to compress tape data for
maximum utilization of tape media. The switch is a network-based solution that
secures data-at-rest for heterogeneous tape drives, disk array LUNs, and virtual
tape libraries using IEEE Advanced Encryption Standard (AES) 256-bit algorithms.
In addition to its 32 Fibre Channel ports, the switch has:
v One RJ45 1000/100/10 Ethernet management port
v Two RJ45 Gigabit Ethernet (GE) ports for clustering interconnection and re-key,
v One RJ45 serial console port
v One USB port for serviceability, error logging, and firmware upgrades
Deployment of encryption with the switch is non-disruptive. Data can be
encrypted without reconfiguration of the SAN, and provisioning can be
implemented without shutting-down applications. The switch can be configured
and managed with the Data Center Fabric Manager (DCFM) and CLI management
tools, and can be integrated with existing network infrastructure (FOS and M-EOS).
The encryption switch has these features
v 32 front-end 1, 2, 4, or 8 Gbps auto-sensing F, FL, E, EX, or M ports to connect
v Encryption and decryption engines to provide in-line crypto services with up to
v Integrated with industry leading key management systems, including Lifetime
v Full 1:1 subscription on all 32 ports at 8 Gbps
v HA cluster, Data Encryption Key (DEK) cluster, and Encryption Group (EG) to
v Support for automatic expiry or CLI manual based re-keying
v Compliance with encryption standards: AES256-XTS 1619.1 (for disk);
v Smart Card, available as a field-replaceable unit (FRU) from IBM, providing
v Hardware-based key management and generation
v Integrated Routing Fabric Service (optional) to enable encryption capabilities
v NPIV support
v Two hot-swappable, redundant power supply FRUs
v Three hot-swappable fan FRUs in the N+1 configuration to provide
v One RJ45 1000/100/10 Ethernet management port
© Copyright IBM Corp. 2010
and DEK synchronization within cluster
host servers, SAN disks, SAN tapes, edge switches, or core switches
96 Gbps throughput for disk I/O and up to 48 Gbps throughput for tape I/O
(mix of ciphertext and cleartext traffic)
Key Management (LKM) and RSA Key Manager (RKM)
enable transparent failover, host MPIO failover, and centralized management of
multiple encryption switches
AES256-GCM IEEE 1619.2 (for tape)
additional encryption security management
across multiple fabrics
hardware-redundant cooling
1
Advertisement
Table of Contents
