HP & Brocade $ecure $ANs

Hewlett-Packard Co. (NYSE: HPQ) today is rolling out new security options for Brocade Communications Systems Inc. (Nasdaq: BRCD) switches that will let customers lock down their Fibre Channel fabrics.

But HP is pricing the security option -- which prevents unauthorized users from making configuration changes to the SAN infrastructure -- at high entry points: Licensing fees for the Brocade Secure Fabric OS software range from $4,400 for an eight-port switch up to $35,000 for two 64-port SilkWorm 12000s. That works out to between $270 and $550 per port.

HP will deliver the Secure Fabric OS through its professional services, adding even more to the cost of the solution.

Why not just make the security features a standard part of the switch, instead of charging an arm and a leg for it? Because Brocade, for one, relies on such software upgrades to help boost its overall margins. In addition, Brocade and its partners can get away with charging extra for it because the feature is unique in the market today: No other switch vendor provides the same level of strong user and device authentication (see Brocade Upgrades Fabric OS).

Roger Archibald, VP of the infrastructure and NAS division of HP's storage networking group, says the price of the security options must be put into the context of the cost of the overall switch. "You're talking about a $35,000 option for a switch that can be $300,000," he says. [Ed. note: Well, then, it's a marvelous bargain!]That said, HP admits it's unsure how well the Secure Fabric OS option will actually sell. The company says it's seen initial interest in the financial and government sectors, although it does not have any beta sites testing the security features.

"We think a lot of customers will be interested in this," Archibald says, "but it's another question how quickly they'll adopt it."

To use Secure Fabric OS, a SAN must use only Brocade switches, which all must be upgraded to firmware version 2.6.1 or later. The software uses 1,024-bit digital signatures to authenticate Fibre Channel devices so their World Wide Name (WWN) addresses can't be spoofed, and it provides multiple levels of password protection. (The Secure Fabric OS does not encrypt the data that's traversing the SAN.)

"It takes security to that whole next level of hardening the SAN from not just operator errors but from someone who's trying to penetrate the SAN," says Archibald. Yet he concedes that HP has never once encountered a customer that has had its SAN hacked.

Nevertheless, HP claims enterprises are starting to realize that they need to approach securing their SANs in the same way they protect their LANs today. Whether they're willing to hand over thousands of dollars for that protection, as if they were paying off a local Mafia boss, is still unclear.Separately today, HP is announcing that -- combined with the pre-merger Compaq Computer -- it has shipped more than 1 million Brocade Fibre Channel switch ports to date. [Ed. note: The 1 millionth port reportedly was installed somewhere in Duluth, Minn.]

Todd Spangler, US Editor, Byte and Switch