United States
Site Map Contacts Hitachi Global Community
Hu's Blog - Data Storage and Virtualization Thought Leader Hitachi - Inspire the Next

Hu Yoshida's Blog - Vice President | Chief Technology Officer

Home > Corporate > HDS Blogs > HDS Bloggers > Hu's Blog
Products, Solutions and more

Hu's Blog

Encryption of Data at Rest

by Hu Yoshida on Feb 12, 2010

Late last night I got an email from  Christopher Kusek asking about FICON Encryption of data at rest.

“Hey Hu, I was reading a post from 2008 whereby it was stated that there was a solution for data at rest encryption over FICON?


Can you provide a little insight into this, and whether this story is true and there infact is a FICON DAR encryption solution?”

Thank you!


I thought I would answer it in this blog since others may have a similar question.

Since V04  of the microcode on the USP V, we have the ability to install or field replace backend directors with encrypting backend directors. They have to be installed in pairs for redundancy. Our theory is that data at rest encryption should be done where it comes to rest, and that is behind the backend directors. With this approach we can encrypt any kind of disk, Flash, FC, or SATA and we can encrypt data from any supported front end director whether it is FC or FICON.  So yes we can provide DAR encryption for FICON.

Hitachi does this with hardware so there is no performance impact. The power consumption is only 1.6 Watt hour per encrypting director and the heat dissipation is negligible.  Unlike other encryption solutions like appliances or switch blades, there is no impact to the SAN and no additional rack space or cabling required. Since Key management or mis- management can be a major exposure for encrypted data, Hitachi has implement this feature such that very little human intervention is required.

To read more about this feature, you can link here to an Application Brief written by Eric Hibbard

Related Posts Plugin for WordPress, Blogger...

Comments (1)

Stephen Knight on 06 Oct 2010 at 8:58 am

Hu, my company has a client who’s quite concerned about protection of the keys in the hardware and potential access to those keys by HDS engineers support staff. What thoughts can you share on how I can assure the customer, that HDS engineers will not access the cryptographic keys, within the hardware during maintenance activities?

Thank you.

Hu Yoshida - Storage Virtualization Thought LeaderMust-read IT Blog

Hu Yoshida
Vice President and Chief Technology Officer

Connect with Us


Switch to our mobile site