Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

  1. Home
  2. Networking
  3. Encrypt-san-data-host-emulex-says-yes
  4. Page
  5. Encrypt SAN Data At The Host? Emulex Says Yes: Page 2 of 2
Networking

Encrypt SAN Data At The Host? Emulex Says Yes: Page 2 of 2

Whether it's fear of losing valuable or embarrassing data or just playing it safe, the security folks in your organization are probably encouraging you to encrypt as much of your data as possible both in flight and at rest. Emulex's newest encrypting Fibre Channel HBAs (Host Bus Adapters) adds another arrow to storage admin's quiver for encrypting your data and tracking the all important keys.
Howard Marks
October 27, 2010

Now that we're able to move virtual servers, and their storage, from data center to data center across a WAN, the storage traffic is more exposed and encrypting in flight makes more sense.

So if you're going to encrypt at least some of your LUNs Emulex's host based solution seems like a better solution to me than buying expensive encrypting blades for your Brocade DCX or Decru SAN appliances.  After all you need a pair of encryption devices at your primary site and at least one at your DR site which will add up to well into six figures even if you just want to encrypt a few LUNs. Emulex supports hardware encrypting HBAs or encryption in software, which might make sense at the DR site, and uses a KMIP standard key management server, which they OEM from IBM/Tivoli.  I'll be happier when they support other HBAs and iSCSI but the host may be the right place for encryption.

On the down side encrypting data will make it much harder, if not impossible, to get good data reduction via compression and/or data deduplication as it will hide similarities between data sets especially if they're encrypted with different keys.  

Tags:

Commentary
Networking