HigHligHts•High-performance,scalablefabric-basedencryptiontoenforcedataconfidentialityandprivacyrequirements

•Unparalleledencryptionprocessingatupto96Gbit/sectosupportheterogeneousenterprisedatacenters

•Choiceofintegrationwithindustry-leadingkeymanagementsolutions,reducingoperationalcostsandsimplifyingdeploymentandmanagement

•Industry-standardAES-256encryptionalgorithmsforbothdiskandtapeinacentralizedsecurityplatformforSANenvironments

•FrameRedirectiontechnologythatenableseasy,non-intrusivedeploymentoffabric-basedsecurityservices

•Plug-inencryptionservicesavailabletoallheterogeneousservers,includingvirtualmachines,indatacenterfabrics

•Scalableperformancewithon-demandencryptionandcompressionprocessingpowertomeetregulatorymandatesforprotectingdata

High-Performance Encryption for Data-at-Rest

Managingoperationalriskbyprotectingvaluabledigitalassetshasbecomeincreasinglycriticalintoday’senterpriseITenvironments.Inadditiontoachievingcompliancewithregulatorymandatesandmeetingindustrystandardsfordataconfidentiality,ITorganizationsmustalsoprotectagainstpotentiallitigationandliabilityfollowingareportedbreach.

Inthecontextofdatacenterfabricsecurity,Brocade®providesadvancedfabricservicesforStorageAreaNetworks(SANs)withtheBrocadeEncryptionSwitch.Theswitchisahigh-speed,highlyreliablehardwaredevicethatdeliversfabric-basedencryptionservicestosecuredataassetseitherselectivelyoronacomprehensivebasis.

TheBrocadeEncryptionSwitchscalesnon-disruptively,providingfrom48upto96Gbit/secofencryptionprocessing

BRoCAdEENCRYPTIoNSWITCH

DATA CENTER

dATASHEET

powertomeettheneedsofthemostdemandingenvironmentswithflexible,on-demandperformance.Italsoprovidescompressionservicesatspeedsupto48Gbit/secfortapestoragesystems.Moreover,itistightlyintegratedwithindustry-leading,enterprise-classkeymanagementsystemsthatcanscaletosupportkeylifecycleservicesacrossdistributedenvironments.

FABRiC-BAsED ENCRYPtiONMostsensitivecorporatedataisstoredinthedatacenter,andthevastmajorityofdatafromcriticalapplicationsresidesinaSAN—enablingorganizationstoleveragetheexistingintelligencelayerinthestoragefabric.Thislayerprovidesacentralizedframeworkinwhichtodeploy,manage,andscalefabric-baseddatasecuritysolutions.

Figure 1. TheBrocadeEncryptionSwitchplaysa

vitalroleintheBrocadedCFarchitecture.

TheBrocadefabric-basedapproachtodataencryptionscalestomeetperformancerequirements,providesacentralizedpointofmanagementforstoragesecurityandkeymanagement,andsupportsheterogeneousstorageenvironments.deploymentissimpleandnon-disruptive:organizationscanencryptdatafromanyswitchportwithoutreconfiguringthefabric.

Inaddition,organizationscanimplementprovisioningwithoutshuttingdownapplicationsorchangingtheLogicalUnitNumber(LUN)mappingandLUNmaskingconfigurationsonthetargetstoragearrays.TheBrocadeEncryptionSwitchismanagedandconfiguredusingfamiliarBrocadedataCenterFabricManager(dCFM™)EnterpriseandCLImanagementtools,andiseasilyintegratedintoexistingnetworkinfrastructures.

KeyadvantagesoftheBrocadeEncryptionSwitchinclude:

•Theabilitytoencryptdataatwirespeed

•Centralmanagementofstorageandfabric-basedsecurityresources

•Transparent,onlineencryptionof“cleartext”LUNsandrekeyingofencryptedLUNswithoutdisruption

•datacompressionandintegrityauthenticationfortapebackup

•Simplified,non-disruptiveinstallationandconfiguration

HigH-VAlUE APPliCAtiONs AND sOlUtiON AREAsTwoofthegreatestbusinessbenefitsoftheBrocadeEncryptionSwitchareincreasedproductivityandreducedriskofdataexposure.otherkeybenefitsincludeimprovedbackupperformancewhiledeployingencryption/compressionandinvestmentprotectionforexistingresources.

TheBrocadeEncryptionSwitchisidealforapplicationssuchas:

•HighlysensitiveITapplicationswithsecuredata-at-restrequirements

•Securedatabackupsforoffsitediskandtapestorageandlong-termarchiving

•Supportforheterogeneousdiskandtapestorageenvironmentsfromacentralizedpointofmanagement

•decommissioningofdiskarraysthatrequirelegalvalidationofthelogicaldestructionanddatashreddingofdevices(theBrocadeEncryptionSwitchhelpsdecommissiondevicesbyencryptinganentireLUNanddestroyingthedataencryptionkey)

•SecurereplicationofVirtualTapeLibrary(VTL)backupstoremotefacilities

SAN

Client/Server

Emerging Protocols

(FCoE)

Brocade Data Center Fabric

Extended Data Center Fabric

Disaster Recovery Site

Continuous Remote

Replication

Key Management

Brocade Encryption

Switch

Branch Office

Virtual and Standalone

Servers

Virtual and Standalone

Servers

Storage

Brocade Encryption

Switch

Brocade DCX Backbone

Encryption

DirectorsSwitches

1 Brocade M-EOS fabrics are McDATA switches and directors running McDATA Enterprise OS in McDATA Fabric mode or McDATA Open Fabric mode.

Thestoragefabricenablescentralizedmanagementtosupportnearlyeveryaspectofthedatacenter,fromserverenvironmentsandworkstationstoedgecomputingandbackupenvironments.Asaresult,itisanidealplacetostandardizeandconsolidateaholisticdata-at-restsecuritystrategy.organizationscanalsoimplementthistypeofbest-practicemethodologyinotherpartsofthedatacenter,helpingtoprotectdatathroughouttheenterprise.

Mostcurrentindustrysolutionsincludeeitherhost-basedsoftwareencryption,device-embeddedencryption,oredgeencryption—allofwhichprovideisolatedservicestospecificapplicationsbuttypicallycannotscaleacrossextendedenterprisestorageenvironments.Incontrast,Brocadedeliversfabric-basedencryptionaspartoftheindustry-leadingBrocadedataCenterFabric(dCF)architectureandinnovativeBrocadeAdaptiveNetworkingservices(seeFigure1).

Basedonindustrystandards,Brocadeencryptionfordata-at-restprovidescentralized,scalableencryptionandcompressionservicesthatseamlesslyintegrateintoexistingBrocadeFabricoS®(FoS)andBrocadeM-EnterpriseoS(M-EoS)environments1.

TheBrocadeEncryptionSwitchisdesignedforuseinthefollowingSANenvironments:

•Large-scaleencryptioninnewdatacenterdeployments

•Plug-instoragesecurityservicesforexistingSANfabrics

•Heterogeneousdiskandtapestorageenvironments

•Standaloneswitcheswithencryptionandcompression

•SingleanddualFoSandM-EoSfabrics

•Securefabric-basedenvironmentsthatintegratewithexistingenterprisekeymanagementsystems

•Expandingencryptionenvironmentsthatrequireprotectionforcurrentdatasecurityandkeymanagementinvestments

iNVEstMENt PROtECtiON AND EFFiCiENCYTheBrocadeEncryptionSwitchistheindustry’smosteffectiveencryptionplatformintermsofpowerefficiencyandsystemperformance.Infact,itprovidesseveraltimestheencryptionandcompressionprocessingpowerofcompetitiveofferingswhiledeliveringasignificantadvantageinrackspaceutilization.

Tohelporganizationsprotecttheirtechnologyinvestments,theBrocadeEncryptionSwitchfeaturesforwardandbackwardcompatibilitywithBrocadeB-SeriesandM-Seriesfabrics.Byadoptinganevolutionarystrategyratherthana“rip-and-replace”approach,organizationscansavesignificanttime,money,andeffortwhileminimizingdisruptionandrisk.

Moreover,strategicrelationshipswithBrocadePartnersprovidethebroadestchoiceofintegrated,best-in-classkeymanagementandsecuritysolutions.Thisintegrationenablesorganizationstoleverageexistingkeymanagementinfrastructureinvestmentsandmaintaincurrentpolicies,procedures,andtrainingefficiencies.

BROCADE ENCRYPtiON PROFEssiONAl sERViCEsBrocadeProfessionalServiceshelporganizationsdeployandaddresstheirmanagement,encryption,andsecurityprocessesinaholisticapproachtomeetcomplianceandregulatoryrequirementsforencryptionofdata-at-rest.Auniqueend-to-endapproachconsidersthesolutiondesignfromanarchitectural,policy,andoperationalperspective.

Followingthedesignphase,Brocadeexpertswillinstallandconfigurethehardwareintoaneworexistingfabricinahighlyeffectiveandtimelymanneraccordingtobestpractices.Uponcompletionoftheengagement,organizationsreceivefulldocumentationofthesolution.ThistransferofinformationeducatesITstaffsotheycanbetterunderstandandassumeresponsibilityforthesolution.

MAXiMiZiNg iNVEstMENtsTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeeducation,support,andservices.Formoreinformation,contactaBrocadesalespartnerorvisitwww.brocade.com.

systems ArchitectureFibreChannelports 32ports,universal(F/FL/E/EX/M)Ethernetports Tworedundant1000BaseEthernetportsforclustering

andI/osynchronizationduringrekeyingoperationSmartcards MasterkeyrecoverycardsCompressionfortape Hardware-baseddatacompressionpriorto

encryptionCompatibility IEEE1619standard-basedmode(diskandtape)

dataFort-compatiblemode(diskandtape)datarekeying onlineorofflineconversionofdatafromcleartextto

ciphertext;manualorautomatedrekeyingsessionsCryptoscalability Upto256targetdevices;1024hostportsper

encryptionengineCryptoengine Maximum96Gbit/sechardwareprocessingfordisk*

Maximum48Gbit/sechardwareprocessorfortapewith2:1compression*

FibreChannelperformance

1.063Gbit/seclinespeed,fullduplex;2.125Gbit/seclinespeed,fullduplex;4.25Gbit/seclinespeed,fullduplex;8.5Gbit/seclinespeed,fullduplex;auto-sensingof1,2,4,and8Gbportspeeds;optionallyprogrammabletofixedportspeed;speedmatchingbetween1,2,4,and8Gbports

FibreChannelscalability

Full-fabricarchitectureof239switches

Certifiedmaximum SingleBrocadeFoSfabric:56domains,19hops

SingleBrocadeM-EoSfabric:31domains,3hops

Largerfabricscertifiedasrequired;consultBrocadeoroEMSANdesigndocumentsforconfigurationdetails

ISLTrunking Frame-basedtrunkingwithuptoeight8GbportsperISLtrunk;upto64Gbit/secthroughputperISLtrunk

Maximumframesize 2112-bytepayloadforFibreChannelClassesofservice Class2(unencryptedtraffic),Class3(encrypted

andunencrypted),andClassF(inter-switchframes)datatraffictypes Fabricswitchessupportingunicast,multicast

(255groups),andbroadcastUSB oneUSBportforsystemlogfiledownloadsor

firmwareupgrades

BROCADE ENCRYPtiON switCH sPECiFiCAtiONs

dATASHEET

©2009BrocadeCommunicationsSystems,Inc.AllRightsReserved.01/09GA-dS-1223-01

Brocade,theB-wingsymbol,dCX,FabricoS,FileLifecycleManager,MyView,andStorageXareregisteredtrademarks,anddCFMandSANHealtharetrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Allotherbrands,products,orservicenamesareormaybetrademarksorservicemarksof,andareusedtoidentify,productsorservicesoftheirrespectiveowners.

Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.

Corporate Headquarters SanJose,CAUSAT:+1-408-333-8000info@brocade.com

European Headquarters Geneva,SwitzerlandT:+41-22-799-56-40emea-info@brocade.com

Asia Pacific Headquarters SingaporeT:+65-6538-4700apac-info@brocade.com

ForinformationaboutsupportedSANstandards,visitwww.brocade.com/sanstandardsForinformationaboutswitchanddeviceinteroperability,visitwww.brocade.com/interoperabilityForinformationabouthardwareregulatorycompliance,visitwww.brocade.com/regulatorycompliance

* Actualencryptionperformancelevelsvarybaseduponuserconfigurationandenvironment.

Mediatypes 8Gb:UtilizesBrocadehot-pluggableSFP+,LCconnector;Short-WavelengthLaser(SWL);distancedependsonfiber-opticcableandportspeed

Fabricservices SimpleNameServer(SNS),RegisteredStateChangeNotification(RSCN),NTPv3,ReliableCommitService(RCS),dynamicPathSelection(dPS),BrocadeAdvancedZoning(defaultzoning,port/WWNzoning,broadcastzoning),N_PortIdVirtualization(NPIV),FdMI,ManagementServer,FSPF,EnhancedGroupManagement,IPFC,FrameRedirection,PortFencing,BBcreditrecovery

optionalfabricservices:FabricWatch,ExtendedFabrics,ISLTrunking,AdvancedPerformanceMonitoring,AdaptiveNetworking(per-dataflowQoS,IngressRateLimiting,TrafficIsolation,FabricdynamicsProfiling,andIntegratedRouting)

FIPScertification FIPS140-2Level-3CompliantCryptographicModule

ManagementAdministratorroles Administrator,fabricadministrator,security

administrator,recoveryofficerManagement Telnet,HTTP,LdAP,Syslog,SCP,auditing,IPfiltering;

SNMPv1/v3(FEMIB,FibreChannelManagementMIB);BrocadeAdvancedWebTools;BrocadedataCenterFabricManager(dCFM)Enterprise;SMI-Scompliant,SMI-Sscriptingtoolkit,Administrativedomains

Managementprotocolsandaccesscontrols

SSL,SSHv2,HTTPS,RAdIUS,Role-BasedAccessControl(RBAC)

SANsecurity dH-CHAP(betweenswitchesandenddevices),portbinding,switchbinding,secureRPC,trustedswitch,changetracking

Managementaccess 10/100/1000Ethernet(RJ-45);in-bandoverFibreChannel;serialport(RJ-45);USB;call-homeintegrationenabledthroughBrocadedCFM

diagnosticsandsupportability

PoSTandembeddedonline/offlinediagnostics,includingRAStracelogging,environmentalmonitoring,non-disruptivedaemonrestart,FCpingandPathinfo(FCtraceroute),PortMirroring(SPANport)

Keymanagement NetAppLKM4.0orlater;RSAKeyManager2.1.3orlater;HPSKM1.1

MechanicalsEnclosure Non-porttoportsideairflow;2U,19-inch

EIA-compliant,powerfromnon-portsideSize Width:42.9cm(16.9in)

Height:8.7cm(3.4in)

depth:64.8cm(25.5in)Systemweight 22.4kg(49.4lbs)withtwopowersupplyFRUs,

withoutSFP/SFP+transceivers

EnvironmentalsTemperature operating:0to40°C(32to104°F)

Non-operating:–25to70°C(–13to158°F)Altitude operating:Upto3,000meters(9,842feet)

Storage:Upto12kilometers(39,370feet)Shock operating:20g,6mshalf-sine

Non-operating:halfsine,33g11ms,3/egAxisHeatdissipation Maximum80ports:1183BTU/hrCo2emissions 1048.57kgperyear(witheightports)Airflow Maximum76CFM(cu.ft./min);nominal53CFM

PowerPowerinlet C13ACinputrange 85to264VACFrequencyrange 47to63HzPowerconsumption 347wattswith328Gbports

ConfigurationsBasecryptomodel BrocadeEncryptionSwitch,32FibreChannel

ports,48Gbit/sec*maximumhardwareencryptionprocessing

Advancedcryptomodel BrocadeEncryptionSwitch,32FibreChannelports,96Gbit/sec*maximumhardwarediskencryptionprocessing

BROCADE ENCRYPtiON switCH sPECiFiCAtiONs (CONtiNUED)