Green Encryption for Storage
by Hu Yoshida on Oct 24, 2008
With all that was happening at SNW, you may not have noticed our announcement of data at rest encryption for the USP V and USP VM. This encryption can be used to encrypt all internal disk drives, using AES-256, with no throughput or performance impact. In addition this implementation allows a very simple but safe key management scheme.
We call it Green Encryption since it is implemented on the back end RAID Directors of the USP V or VM. This approach enables the introduction of encryption into a storage ecosystem with little or no disruption to existing applications or infrastructure. It is data center friendly since it uses very little additional power (about 2 watt per encrypting director), produces very small amounts of additional heat ( about 3%), and requires no additional rack space or cable plant changes. It can be a non disruptive upgrade to and existing USP V or VM.
Since it sits on the back end, a redundant pair of encryption RAID directors can encrypt data that comes through any or all of the FC or ESCON/FICON front end port directors. If you were to use switch port encryption or an encryption appliance like Decru, you would have to have this appliance or switch port on every path that you want to encrypt. This would be much more expensive and generate a lot more heat and power consumption. You would also have to find a solution for key management if there are alternate paths, or access by server clusters. With FC switches and appliances you would not be able to address mainframe ESCON and FICON paths. This is a simple, low impact, green way to provide “at rest” encryption for mainframe and FC data.
At rest encryption may be used to satisfy PCI (Personal Credit Information) requirements and can be used as a way to protect data on disks that have to be spared out or repurposed for another application without the expense of “scrubbing” the disks. For more information see our website
Comments (5 )
Hello Hu…The Hitachi approach looks to be extremely efficient – much more so than alternatives. Seems like your premise- that the Hitachi approach is greener- applies if a customer is using switch port encryption or encryption appliances to narrowly solve the problem of protecting data at rest. But if a customer is doing switch port encryption or using an appliance to encrypt data across the network then the premise would not apply– is that fair?
Hello Dave, yes you are correct, our solution is for data at rest. This is not data in flight encryption. If inflight encryption is required, there are solutions available from network and appliance vendors. If the compliance requirement is for protecting data at rest and scrubbing of disks when they are reused or spared out, this is a very cost effective and “Green” solution.
We will be looking to use your Wikibon “Conserve IT” service to help qualify this for PG&E rebates for our customers. Thanks for your work in this area. http://www.reuters.com/article/pressRelease/idUS120616+04-Aug-2008+BW20080804
Hi Hu… the encryption is only for the internal USP V storage I assume?If so, any plans to extend the encryption to the external storage as well since the USP V is very much positioned to be the Virtualization layer for other storage subsystems?
Hello Zee, I can not comment on unannounced features. Stand by.