DATA SHEET BROCADE ENCRYPTION SWITCH ENCRYPTION... · 2013-11-03 · Smart cards Master key...

HIGHLIGHTS•High-performance,scalablefabric-basedencryptionenforcesdataconfidentialityandprivacyrequirements

•Unparalleledencryptionprocessingatupto96Gbpsusingindustry-standardAES-256encryptionalgorithms

•Choiceofindustry-leadingkeymanagementsolutionsthathelpreduceoperationalcostsandsimplifymanagement

•Asingle,centralizedsecurityplatformforbothdiskandtapeSANenvironmentssupportingheterogeneousenterprisedatacenters

•FrameRedirectiontechnologyenableseasy,non-intrusivedeploymentoffabric-basedsecurityservices

•Plug-inencryptionandcompressionservicesavailabletoallhostservers,includingVirtualMachines(VMs),attachedtodatacenterfabrics

•Scalableperformancewithon-demandencryptionandcompressionprocessingpowermeetsregulatorymandatesforsecuringdata

High-Performance Encryption for Data-at-Rest

Managingoperationalriskbyprotectingvaluabledigitalassetshasbecomeincreasinglycriticalintoday’senterpriseITenvironments.Inadditiontoachievingcompliancewithregulatorymandatesandmeetingindustrystandardsfordataconfidentiality,ITorganizationsmustalsoprotectagainstpotentiallitigationandliabilityfollowingareportedbreach.

Inthecontextofdatacenterfabricsecurity,BrocadeprovidesadvancedfabricservicesforStorageAreaNetworks(SANs)withtheBrocade®EncryptionSwitch.Theswitchisahigh-speed,highlyreliablehardwaredevicethatdeliversfabric-basedencryptionservicestosecuredataassetseitherselectivelyoronacomprehensivebasis.

TheBrocadeEncryptionSwitchscalesnon-disruptively,providingupto96Gbpsofencryptionprocessingpowertomeetthe

BROCADEENCRYPTIONSWITCH

DATA CENTER

DATASHEET

needsofthemostdemandingenvironmentswithflexible,on-demandperformance.Italsoprovidescompressionservicesatspeedsupto48Gbpsfortapestoragesystems.Moreover,itistightlyintegratedwithindustry-leading,enterprise-classkeymanagementsystemsthatcanscaletosupportkeylifecycleservicesacrossdistributedenvironments.

FABRIC-BASED ENCRYPTIONMostsensitivecorporatedataisstoredinthedatacenter,andthevastmajorityofdatafromcriticalapplicationsresidesinaSAN—enablingorganizationstoleveragetheexistingintelligencelayerinthestoragefabric.Thislayerprovidesacentralizedframeworkinwhichtodeploy,manage,andscalefabric-baseddatasecuritysolutions.

TheBrocadeOne™strategyhelpssimplifynetworkinginfrastructuresthroughinnovativetechnologiesandsolutions.TheBrocadeEncryptionSwitchsupportsthisstrategybyallowingorganizationstosecuretheirdatatomeetregulatoryandinternalcompliancerequirements.

www.brocade.com

Figure 1. TheBrocadeEncryptionSwitchplaysavitalroleintheBrocadeOnestrategy.

tapestoragesecurityaswellaskeymanagement,andsupportsheterogeneousstorageenvironments.Deploymentissimpleandnon-disruptive:Organizationscanencryptdatafromanyswitchportwithoutreconfiguringthefabric.

Inaddition,organizationscanimplementprovisioningwithoutshuttingdownapplicationsorchangingtheLogicalUnitNumber(LUN)mappingandLUNmaskingconfigurationsonthetargetstoragearrays.TheBrocadeEncryptionSwitchismanagedandconfiguredusingfamiliarBrocademanagementtools—includingBrocadeNetworkAdvisor,BrocadeDataCenterFabricManager(DCFM®),andCLImanagementtools—andiseasilyintegratedintoexistingnetworkinfrastructures.

KeyadvantagesoftheBrocadeEncryptionSwitchinclude:

•Theabilitytoencryptdataatwirespeed

•Centralmanagementofstorageandfabric-basedsecurityresources

•Concurrentsupportforbothdiskandtapeencryptionoperationsfromasingledevice

•Transparent,onlineencryptionof“cleartext”LUNsandrekeyingofencryptedLUNswithoutdisruption

•Datacompressionandintegrityauthenticationfortapebackup

•Simplified,non-disruptiveinstallationandconfiguration

HIGH-VALUE APPLICATIONS AND SOLUTION AREASTwoofthegreatestbusinessbenefitsoftheBrocadeEncryptionSwitchareincreasedproductivityandreducedriskofdataexposure.Otherkeybenefitsincludeimprovedbackupperformancewhiledeployingencryption/compressionandinvestmentprotectionforexistingresources.

TheBrocadeEncryptionSwitchisidealforapplicationssuchas:

•HighlysensitiveITapplicationswithsecuredata-at-restrequirements

•Securedatabackupsforoffsitediskandtapestorageandlong-termarchiving

•Supportforheterogeneousdiskandtapestorageenvironmentsfromasingledevicewithcentralizedmanagement

•Decommissioningofdiskarraysthatrequirelegalvalidationoftheirrecoverabledestructionofdata(TheBrocadeEncryptionSwitchenablessecuredecommissioningofstoragedevicesbyencryptinganentireLUNandpermittingdeletionofdataencryptionkeys.)

•SecurereplicationofVirtualTapeLibrary(VTL)backupstoremotefacilities

TheBrocadeEncryptionSwitchisdesignedforuseinthefollowingSANenvironments:

•Large-scaleencryptioninnewdatacenterdeployments

•Plug-instoragesecurityservicesforexistingSANfabrics

SAN

Client/Server

Emerging Protocols

(FCoE)

Brocade Data Center Fabric

Extended Data Center Fabric

Disaster Recovery Site

Continuous Remote

Replication

Key Management

Brocade Encryption

Switch

Branch Office

Virtual and Standalone

Servers

Virtual and Standalone

Servers

Storage

Brocade Encryption

Switch

Brocade DCX Backbone

Encryption

DirectorsSwitches

1 Brocade M-EOS fabrics are McDATA switches and directors running McDATA Enterprise OS in McDATA Fabric mode or McDATA Open Fabric mode.

Thestoragefabricenablescentralizedmanagementtosupportnearlyeveryaspectofthedatacenter,fromserverenvironmentsandworkstationstoedgecomputingandbackupenvironments.Asaresult,itisanidealplacetostandardizeandconsolidateaholisticdata-at-restsecuritystrategy.Organizationscanalsoimplementthistypeofbest-practicemethodologyinotherpartsofthedatacenter,helpingtoprotectdatathroughouttheenterprise.

Mostcurrentindustrysolutionsincludeeitherhost-basedsoftwareencryption,device-embeddedencryption,oredgeencryption—allofwhichprovideisolatedservicestospecificapplicationsbuttypicallycannotscaleacrossextendedenterprisestorageenvironments.Incontrast,Brocadedeliversfabric-basedencryptionforbothdisk-andtape-basedstoragedevicesaspartoftheindustry-leadingBrocadeOnestrategyandinnovativeBrocadeAdaptiveNetworkingservices(seeFigure1).

Basedonindustrystandards,Brocadeencryptionfordata-at-restprovidescentralized,scalableencryptionandcompressionservicesthatseamlesslyintegrateintoexistingBrocadeFabricOS®(FOS)andBrocadeM-EnterpriseOS(M-EOS)environments1.

TheBrocadefabric-basedapproachtodataencryptionscalestomeetperformancerequirements,providesacentralizedpointofmanagementforbothdiskand

•Heterogeneousdiskandtapestorageenvironments

•Standaloneswitcheswithencryptionandcompression

•SingleanddualSANfabrics

•Securefabric-basedenvironmentsthatintegratewithexistingenterprisekeymanagementsystems

•Expandingencryptionenvironmentsthatrequireprotectionforcurrentdatasecurityandkeymanagementinvestments

INVESTMENT PROTECTION AND EFFICIENCYTheBrocadeEncryptionSwitchistheindustry’smosteffectiveencryptionplatformintermsofpowerefficiencyandsystemperformance.Infact,itprovidesseveraltimestheencryptionandcompressionprocessingpowerofcompetitiveofferingswhiledeliveringasignificantadvantageinrackspaceutilization.

Tohelporganizationsprotecttheirtechnologyinvestments,theBrocadeEncryptionSwitchfeaturesforwardandbackwardcompatibilitywithBrocadeB-SeriesandM-Seriesfabrics.Byadopting

anevolutionarystrategyratherthana“rip-and-replace”approach,organizationscansavesignificanttime,money,andeffortwhileminimizingdisruptionandrisk.

Moreover,strategicrelationshipswithBrocadePartnersprovidethebroadestchoiceofintegrated,best-in-classkeymanagementandsecuritysolutions.Thisintegrationenablesorganizationstoleverageexistingkeymanagementinfrastructureinvestmentsandmaintaincurrentpolicies,procedures,andtrainingefficiencies.

BROCADE ENCRYPTION PROFESSIONAL SERVICESBrocadeProfessionalServiceshelpsorganizationsdeployandaddresstheirmanagement,encryption,andsecurityprocessesinaholisticapproachtomeetcomplianceandregulatoryrequirementsforencryptionofdata-at-rest.Auniqueend-to-endapproachconsidersthesolutiondesignfromanarchitectural,policy,andoperationalperspective.

Followingthedesignphase,Brocadeexpertswillinstallandconfigurethehardwareintoaneworexistingfabricinahighlyeffectiveandtimelymanneraccordingtobestpractices.

Uponcompletionoftheengagement,organizationsreceivefulldocumentationofthesolution.ThistransferofinformationeducatesITstaffsotheycanbetterunderstandandassumeresponsibilityforthesolution.

BROCADE GLOBAL SERVICES BrocadeGlobalServiceshastheexpertisetohelporganizationsbuildscalable,efficientcloudinfrastructures.Leveraging15yearsofexpertiseinstorage,networking,andvirtualization,BrocadeGlobalServicesdeliversworld-classprofessionalservices,technicalsupport,networkmonitoringservices,andeducation,enablingorganizationstomaximizetheirBrocadeinvestments,acceleratenewtechnologydeployments,andoptimizetheperformanceofnetworkinginfrastructures.

MAXIMIZING INVESTMENTSTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeprofessionalservices,technicalsupport,andeducation.Formoreinformation,contactaBrocadesalespartnerorvisitwww.brocade.com.

Systems ArchitectureFibreChannelports 32ports,universal(F/FL/E/EX/M)Ethernetports Tworedundant1000BaseTEthernetportsfor

clusteringandI/Osynchronizationduringrekeyingoperation

Smartcards Masterkeyrecovery,quorumauthorization,andsystemrecoveryoperations

Compressionfortape Hardware-baseddatacompressionpriortoencryption

Compatibility IEEE1619standard-basedmode(diskandtape)

DataFort-compatiblemode(diskandtape)Datarekeying Onlineorofflineconversionofdatafromcleartextto

ciphertext;manualorautomatedrekeyingsessionsCryptoscalability Upto256targetdevicesandinitiators;perengineCryptoengine Maximum96Gbpshardwareprocessingfordisk*

Maximum48Gbpshardwareprocessingfortapewithcompression*

FibreChannelperformance

1.063Gbpslinespeed,fullduplex;2.125Gbpslinespeed,fullduplex;4.25Gbpslinespeed,fullduplex;8.5Gbpslinespeed,fullduplex;auto-sensingof1,2,4,and8Gbpsportspeeds;optionallyprogrammabletofixedportspeed;speedmatchingbetween1,2,4,and8Gbpsports

FibreChannelscalability

Full-fabricarchitectureof239switches

Certifiedmaximum SingleBrocadeFOSfabric:56domains,19hops

SingleBrocadeM-EOSfabric:31domains,3hops

Largerfabricscertifiedasrequired;consultBrocadeorOEMSANdesigndocumentsforconfigurationdetails

ISLTrunking Frame-basedtrunkingwithuptoeight8GbpsportsperISLtrunk;upto64GbpsthroughputperISLtrunk

Maximumframesize 2112-bytepayloadforFibreChannelClassesofservice Class2(unencryptedtraffic),Class3(encrypted

andunencrypted),andClassF(inter-switchframes)Datatraffictypes Fabricswitchessupportingunicast,multicast

(255groups),andbroadcastUSB OneUSBportforsystemlogfiledownloadsor

firmwareupgrades

BROCADE ENCRYPTION SWITCH SPECIFICATIONS

DATASHEET

©2012BrocadeCommunicationsSystems,Inc.AllRightsReserved.03/12GA-DS-1223-05

Brocade,BrocadeAssurance,theB-wingsymbol,DCX,FabricOS,MLX,SANHealth,VCS,andVDXareregisteredtrademarks,andAnyIO,BrocadeOne,CloudPlex,EffortlessNetworking,ICX,NETHealth,OpenScript,andTheEffortlessNetworkaretrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Otherbrands,products,orservicenamesmentionedmaybetrademarksoftheirrespectiveowners.

Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.

Corporate Headquarters SanJose,CAUSAT:+1-408-333-8000info@brocade.com

European Headquarters Geneva,SwitzerlandT:+41-22-799-56-40emea-info@brocade.com

Asia Pacific Headquarters SingaporeT:+65-6538-4700apac-info@brocade.com

ForinformationaboutsupportedSANstandards,visitwww.brocade.com/sanstandards.Forinformationaboutswitchanddeviceinteroperability,visitwww.brocade.com/interoperability.Forinformationabouthardwareregulatorycompliance,visitwww.brocade.com/regulatorycompliance.

* Actualencryptionperformancelevelsvarybaseduponuserconfigurationandenvironment.

Mediatypes 8Gbps:UtilizesBrocadehot-pluggableSFP+,LCconnector;Short-WavelengthLaser(SWL);distancedependsonfiber-opticcableandportspeed

Fabricservices SimpleNameServer(SNS),RegisteredStateChangeNotification(RSCN),NTPv3,ReliableCommitService(RCS),DynamicPathSelection(DPS),BrocadeAdvancedZoning(defaultzoning,port/WWNzoning,broadcastzoning),N_PortIDVirtualization(NPIV),FDMI,ManagementServer,FSPF,EnhancedGroupManagement,IPFC,FrameRedirection,PortFencing,BBcreditrecovery

Optionalfabricservices:BrocadeFabricWatch,ExtendedFabrics,ISLTrunking,AdvancedPerformanceMonitoring,AdaptiveNetworking(per-dataflowQoS,IngressRateLimiting,TrafficIsolation,FabricDynamicsProfiling),andIntegratedRouting

FIPScertification FIPS140-2Level-3ValidatedCryptographicModule

ManagementAdministratorroles Administrator,fabricadministrator,security

administrator,recoveryofficerManagement Telnet,HTTP,LDAP,Syslog,SCP,auditing,IPfiltering;

SNMPv1/v3(FEMIB,FibreChannelManagementMIB);BrocadeAdvancedWebTools;BrocadeNetworkAdvisor;BrocadeDataCenterFabricManager(DCFM);SMI-Scompliant,SMI-Sscriptingtoolkit,AdministrativeDomains

Managementprotocolsandaccesscontrols

SSL,SSHv2,HTTPS,RADIUS,Role-BasedAccessControl(RBAC)

SANsecurity DH-CHAP(betweenswitchesandenddevices),portbinding,switchbinding,secureRPC,trustedswitch,changetracking

Managementaccess 10/100/1000Ethernet(RJ-45);in-bandoverFibreChannel;serialport(RJ-45);USB;call-homeintegrationenabledthroughBrocadeDCFM

Diagnosticsandsupportability

POSTandembeddedonline/offlinediagnostics,includingRAStracelogging,environmentalmonitoring,non-disruptivedaemonrestart,FCpingandPathinfo(FCtraceroute),PortMirroring(SPANport)

Keymanagement NetAppLifetimeKeyManager(LKM);SafeNetKeySecurek460;RSAKeyManager(RKM)Appliance;HPSecureKeyManager(SKM)/EnterpriseSecureKeyManager(ESKM);ThalesEncryptionManagerforStorage(TEMS);IBMTivoliKeyLifecycleManager(TKLM)

MechanicalsEnclosure Non-porttoportsideairflow;2U,19-inch

EIA-compliant,powerfromnon-portsideSize Width:42.9cm(16.9in)

Height:8.7cm(3.4in)

Depth:64.8cm(25.5in)Systemweight 22.4kg(49.4lb)withtwopowersupplyFRUs,

withoutSFP/SFP+transceivers

EnvironmentalsTemperature Operating:0°Cto40°C(32°Fto104°F)

Non-operating:–25°Cto70°C(–13°Fto158°F)Altitude Operating:Upto3000meters(9842feet)

Storage:Upto12kilometers(39,370feet)Shock Operating:20g,6mshalf-sine

Non-operating:33g11mshalf-sine,3/egAxisCO2emissions 1048.57kgperyear(witheightports)Airflow Maximum76CFM(cu.ft./min);nominal53CFM

PowerPowerinlet C13ACinputrange 85to264VACFrequencyrange 47to63HzPowerconsumption 285wattswith328Gbpsports

ConfigurationsBasecryptomodel BrocadeEncryptionSwitch,32FibreChannel

ports,48Gbps*maximumencryptionprocessing

Advancedcryptomodel BrocadeEncryptionSwitch,32FibreChannelports,96Gbps*maximumdiskencryptionprocessing

BROCADE ENCRYPTION SWITCH SPECIFICATIONS (CONTINUED)

www.brocade.com