Cisco Systems and EMC-owned RSA Security last week announced plans to jointly develop security technology that will provide encryption keys for archived data first on tape drives and eventually for other types of networked storage media, reported in Techworld here.
Executives said the two firms plan to integrate Cisco’s MDS 9000 Storage Media Encryption and RSA’s Key Manager technologies to provide centralized data encryption, key management and key provisioning capabilities to storage devices on Cisco networks.
The encryption technology will be added to Cisco-based storage-area networks (SAN) by inserting a jointly-developed line card into a Cisco SAN switch chassis. The first card, for tape drives, will ship later this year. (Note that LTO4 tape drives have encryption facilities in the drive itself. So too do tape drives from IBM and Sun/StorageTek.)
Rajeev Bhardwaj, Cisco product management director, contended that the tool will be easier to implement and use than encryption and key management appliances. He was referring to such products as the DataFort from EMC competitor NetApp's Decru line of business, and others.
Such appliances, from vendors such as NeoScale Systems, Vormetric and Decru require IT personnel to rewire and reconfigure networks, he said. “From our perspective, you install the line card, and with the flip of a switch you say, ‘This backup server encrypts this tape,’” Bhardwaj said.
The added work isn’t a liability for some IT managers, who still prefer using appliances to protect data.
“The reason I like the appliance is because it’s absolutely non-obtrusive to my main system,” said Sean Azhadi, SVP technology at San Diego County Credit Union. “That is a huge advantage because I don’t have to work with IBM or any of my other vendors to try to create some sort of environment to support this stuff.”
The credit union, which has $3.9 billion in assets, 800 employees and 25 branch locations across San Diego and Riverside counties in California, tested NeoScale’s CryptoStor appliance for nine months before implementing it company-wide three weeks ago, Azhadi said.
Because the NeoScale appliance is working as needed, the credit union has no plans to evaluate the new Cisco-RSA offering, Azhadi noted.
Cisco and RSA announced the joint effort here last week at a press conference at EMC World, the user conference of RSA’s parent company, EMC. Bhardwaj said the new line card will provide 10 gigabits of encryption throughput and an application programming interface for adding key management to drives on Cisco networks.
The background to this is a continuing struggle by SAN switch vendors to provide storage management facilities on their SAN fabric switches and directors. Encrypting data is seen by them, that s Cisco and Brocade, as a storage data management service. There are now three alternative approaches to encrypting data:-
1. Insert appliances between servers and storage devices - Decru, NeoScale and Vormetric.
2. Insert line cards into SAN switch/director products - Cisco (and maybe Brocade in the future).
3. Insert encryption technology into storage device controllers - LTO4, IBM and StorageTek tape drives and some Seagate hard drives.
EMC and Cisco officials acknowledged that the agreement is non-exclusive, thus opening the way for EMC's RSA unit to talk to Cisco rival Brocade, and also to virtualised and clustered file storage vendors such as Acopia, Isilon, Ibrix and others.
NetApp may consider offering Decru technology at the line card level to Brocade.
Bhardwaj would not disclose a schedule for shipping future releases of the Cisco line card.
Original reporting by Brian Fonseca, Computerworld,.