System Storage SAN32B-E4 Encryption Switch
Highlights
- Enforce data confidentiality and privacy requirements using high-performance, scalable fabric-based encryption.
- Centralize administration of data-at-rest encryption services to ensure data protection on both disk and tape
- Reduce operational costs and simplify management through the IBM Tivoli Key Lifecycle Manager solution
- Meet regulatory mandates for securing data while maintaining application performance with on-demand encryption and compression processing power
- Industry-standard AES-256 encryption algorithms for both disk and tape in a centralized security platform for SAN environments
- High-performance encryption processing at up to 96 Gbps to support heterogeneous enterprise data centers
- Plug-in encryption services available to all host servers, including virtual machines, attached to data center fabrics
- Frame Redirection technology to enable easy, nonintrusive deployment of fabric-based security services
The IBM System Storage SAN32B-E4 Encryption Switch is a high-performance stand-alone device designed for protecting data-at-rest in mission-critical environments. In addition to helping IT organizations achieve compliance with regulatory mandates and meeting industry standards for data confidentiality, the SAN32B-E4 Encryption Switch also protects them against potential litigation and liability following a reported breach.
Data is one of the most highly valued resources in a competitive business environment. Protecting that data, controlling access to it, and verifying its authenticity while maintaining its availability are priorities in our security-conscious world. Increasing regulatory requirements are also helping to drive the need for the adequate security of data. Encryption is a powerful and widely used technology that helps protect data from loss and inadvertent or deliberate compromise.
In the context of data center fabric security, IBM provides advanced encryption services for Storage Area Networks (SANs) with the IBM System Storage SAN32B-E4 Encryption Switch. The switch is a high-speed, highly reliable hardware device that delivers fabric-based encryption services to protect data assets either selectively or on a comprehensive basis. The 8 Gbps SAN32B-E4 Fibre Channel Encryption Switch scales nondisruptively, providing from 48 up to 96 Gbps of encryption processing power to meet the needs of the most demanding environments with flexible, on-demand performance. It also provides compression services at speeds up to 48 Gbps for tape storage systems. Moreover, it is tightly integrated with one of the industry-leading, enterprise-class key management systems, the IBM Tivoli Key Lifecycle Manager (TKLM), which can scale to support key life-cycle services across distributed environments.
Product features
- Average configuration includes 32 Fibre Channel active ports and capability to attach to hosts, storage devices and other nodes in a SAN fabric
- Fabric-based encryption services to secure data for both disk and tape.
- Scales nondisruptively, providing from 48 up to 96 Gbps of encryption processing power to meet the needs of the most demanding environments with flexible, on-demand performance.
- Supports heterogeneous storage and tape systems
- Forward and backward compatibility with b-type and m-type fabrics to help organizations protect their previous SAN technology investments
- Up to 64 Gbps throughput per ISL trunk
- Centralized administration of data-at-rest encryption services with IBM System Storage DCFM
- Supports IBM Power Systems, IBM System x, IBM System p and other non-IBM servers.
Hardware summary
- 2U 19" packaging designed for rack-mount or table-top
- Designed for high performance with 8 Gigabit per second (Gbps) Fibre Channel ports
- Shortwave and longwave SFPs with different speeds can be intermixed in the same switch to meet unique requirements
- Universal ports self-configure as E, F, FL or M_Ports. Optional integrated routing allows EX_Ports to be activated on a per-port basis.
- Speed auto-sensing capabilities provide backward compatibility with 8, 4, 2 and 1 Gbps Fibre Channel links.
- One USB port for system log file downloads or firmware upgrades
- Smart Card reader for ignition key protection
- Dual Ethernet for re-keying/HA synchronization
- Full-fabric architecture of 239 switches
- FIPS 140-2 Level 3 validated cryptographic module
- Frame-based trunking with up to eight 8 Gb ports per ISL trunk
- Two redundant 1000BaseT Ethernet ports for clustering and I/O synchronization during rekeying operation
- Online or offline conversion of data from cleartext to ciphertext; manual or automated rekeying sessions
- Up to 256 target devices; 1024 host ports per encryption engine