• Data confidentiality—Packets are encrypted by the sending device before transmitting them over
the network.
• Data integrity—Packets are authenticated by the receiving device to ensure that data has not been
altered during transmission.
• Data-origin authentication—The packet source can be authenticated by the receiving device.
• Anti-replay protection—Replayed packets can be detected and rejected by the IPsec receiver.
CHAP authentication
C-series IP modules support CHAP, which uses a three-way handshake to ensure that validity of remote
clients. C-series CHAP requires that you configure a password. which the switch presents to the iSCSI
initiator. This password is used to calculate a CHAP response to a CHAP challenge sent to the IP port
by the initiator.
B-series Encryption Switch and Encryption FC Blade security
This section describes the security features for the B-series Encryption Switch and Encryption FC Blade.
For switch models and fabric rules, see “B-series switches and fabric rules” on page 93.
The B-series Encryption Switch is a high-performance, 32-port autosensing 8 Gb/s Fibre Channel
switch with data encryption/decryption and data compression capabilities. The switch is a
network-based solution that secures data-at-rest for disk array LUNs using IEEE standard AES 256-bit
algorithms. Encryption and decryption engines provide in-line encryption services with up to 96 Gb/s
throughput for disk I/O (mix of ciphertext and cleartext traffic).
For details on the B-series Encryption Switch, including deployment scenarios, see the Fabric OS
Encryption Administrator's Guide available at http://h18006.www1.hp.com/storage/
saninfrastructure/switches/encrypt_sanswitch.html.
NOTE:
HP does not currently support the tape encryption features of the B-series Encryption Switch and
Encryption FC Blade.
Features
• High-performance, scalable fabric-based encryption to enforce data confidentiality and privacy
requirements
• Unparalleled encryption processing at up to 96 Gb/s to support heterogeneous enterprise data
centers
• Integration with HP Secure Key Manager, providing secure and automated key sharing between
multiple sites to ensure transparent access to encrypted data
• Industry-standard AES 256-bit encryption algorithms for disk arrays on a single security platform
for SAN environments
• Frame Redirection technology that enables easy, nonintrusive deployment of fabric-based security
services
• Plug-in encryption services available to all heterogeneous servers, including virtual machines, in
data center fabrics
• Scalable performance with on-demand encryption processing power to meet regulatory mandates
for protecting data
Storage security410
To Next Page
Loading...
