Brocade adds encryption to SAN fabric
New switch, new blade
Brocade has added an encryption switch and blade to its SAN fabric products. You can now encrypt the data in your Brocade SAN without having to use Brocade's own-brand HBAs.
The company has also added encryption support to a new version of its DCFM management software and announced that both RSA and NetApp key management software works with the encryption hardware.
Currently, Brocade's 415/425 and 815./825 host bus adapters (HBAs) offer AES-GCM hardware encryption for in-flight data, but that's no use in encrypting data on the SAN that comes in through Emulex or QLogic HBAs. The Brocade Encryption Switch and FS8-18 Encryption Blade remedy that defect and offer AES-256 encryption. (I tried to find out the practical difference between this and AES-GCM - Brocade not being immediately able to say - but my head started hurting and I gave up. Anyone know what it is?)
The Encryption Switch has 32 auto-sensing 8Gbit/s ports, carries out its work at 96Gbit/s, and is FIPS 140-2 Level 3-compliant, as is the 16-port FS8-18 blade , which plugs into Brocade's DCX backbone switch.
A NetApp statement says that the new switches incorporate NetApp technology and can be operated in "NetApp DataFort compatibility mode, serving as a next-generation NetApp DataFort security appliance." It goes on to say that both encryption products will provide "future support for virtual tape libraries and tape drives," implying that today they don't. Brocade was not immediately able to cast any light on this. We'll update this story as we find out more.
Cisco's MDS 9000 SAN fabric products support encryption of heterogeneous tape devices and virtual tape libraries with the Storage Media Encryption (SME) product, which works with the RSA key management product.
Brocade's DCFM software has been upgraded to v10.0 and supports encryption and can, Brocade says, monitor up to 24 multiprotocol fabrics at a time, support up to 9000 fabric ports and 20,000 device ports.