Emulex's Encrypting Host Bus Adapter Secures Data

In a move that is expected to help EMC users improve data security without affecting their network performance, the company has announced that it will begin to use Emulex's OneSecure Adapter, an 8Gb/s Fibre Channel host bus adapter (HBA) with onboard processors to provide encryption functionality. EMC said it intends to integrate the HBA with its products, including its EMC PowerPath Encryption with RSA, EMC CLARiiON network storage and EMC Celerra unified storage systems. The HBAs will make use

May 17, 2010

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

In a move that is expected to help EMC users improve data security without affecting their network performance, the company has announced that it will begin to use Emulex's OneSecure Adapter, an 8Gb/s Fibre Channel host bus adapter (HBA) with onboard processors to provide encryption functionality. EMC said it intends to integrate the HBA with its products, including its EMC PowerPath Encryption with RSA, EMC CLARiiON network storage and EMC Celerra unified storage systems. The HBAs will make use of RSA Key Manager and store certificates directly on the card. EMC acquired RSA Security Inc. in 2006.

Performing the encryption at the source, on the HBA, helps organizations more easily comply with the many regulations around protecting data, according to  Shaun Walsh, vice president of corporate marketing for Emulex. If encryption is performed at the target device, then the data is not encrypted "in flight," or during transmission. Some locations, such as the state of Massachusetts, require that consumer data be protected while in flight as well as at rest. Similarly, if the encryption is performed in the storage fabric, it's not protected from the host to the device.

In addition, performing the encryption at the host is recommended as a best practice by organizations such as the Storage Networking Industry Association (SNIA) and the National Institute of Standards and Technology (NIST), Walsh says. The problem with that approach was that encrypting the data at the card affected network performance. Emulex solved this problem by placing additional processors on the card to offload the task and to perform the encryption without degrading network performance. The company also says that its encryption method is less expensive than alternatives, claiming that OneSecure adapters are 50 percent less expensive than encryption arrays and 70 percent less expensive than encryption switches.

The most interesting aspect of the announcement is that, with EMC pushing it, encryption on the HBA is becoming mainstream, says Frank Berry, an analyst with IT Brand Pulse. "If EMC can sell a large number of the adapters, users may see further such integration. Emulex said it was working on a similar product for 10GbE as well. While people have been talking about embedding encryption into other chips for years, basically it won't become pervasive unless users perceive themselves as getting it for free," Berry says.

The HBA is expected to cost $5050 and to be available sometime this summer. It was demonstrated last week at EMC World in Boston. Users manage the device using Emulex's OneCommand management software. It will support Windows and Linux at first release. It is a full-height, half-length card using PCIe Gen 2 technology. Supported encryption algorithms include 128- and 256-bit AES-CBC, and 2x128- and 2x256-bit AES-XTS. Emulex first announced the product in February 2009.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights