Nexsan combines CAS and encryption

By Ann Silverthorn

—Nexsan Technologies today introduced Assureon, a storage appliance with built-in encryption, authentication, compliance capabilities, content-addressed storage (CAS), information life-cycle management (ILM), continuous data protection (CDP), and high-availability clustering. The Assureon appliance and software addresses data management for fixed content and is based on Nexsan's Serial ATA (SATA)-based RAID subsystems.

"Assureon is a full-security appliance, using AES 256 encryption, which is the highest level recommended by the NSA and CIA," says Diamond Lauffin, executive vice president at Nexsan. "We also do individual file shredding with crypto key, which destroys the encryption key of individual files. Crypto key ensures that the related archival files stored off-site will also be shredded."

Lauffin defines some of the compliance capabilities of Assureon as "a pre-ordained set of hardened rules within the application that follow laws and do not allow for interpretation by administrators." Whether the appliance has been configured to follow HIPAA, Sarbanes-Oxley, or SEC-17 guidelines, administrators cannot make choices regarding disposition or deletion of files. The feature is built-in and hardened with all relevant security mechanisms and monitoring capabilities.

The CAS feature performs single-instance store, storing metadata on duplicate files rather than storing entire replications of the original file.

Nexsan's March 2005 acquisition of Evertrust and its AEStore software enabled Assureon's ILM feature, allowing life-cycle management for fixed content such as contracts, employee information, e-mail, check images, and recording and broadcast content.

Assureon also offers CDP, with time-, rules-, and event-based replication and version control. It provides off-site disaster recovery, or what Nexsan calls "disaster prevention," because the data is fully accessible in a native file format. Data is encrypted, but the appliance allows permissions to pass through so applications or users can access the files as long as they have authorization to do so. The data resides in a non-compressed, fully accessible file, without a need to restore.

The appliance can scale from a single server with a small storage device to a multi-write, multi-instance, active-active, enterprise-class configuration. Storage and processing power can be scaled independently.

Assureon will compete with systems such as EMC's Centera CAS platform (which doesn't provide encryption).

Targeting fixed content, Assureon writes to any media, including tape or optical, to protect customers' existing investments. However, Lauffin emphasizes the advantages of disk archival over tape. "There's no guaranteed readability of tape for 20 years."

Assureon features at a glance

--SATA-based RAID storage system
--High-availability clustered architecture
--Information integrity checking using both MD5 and SHA1 fingerprinting
--Single (or double) instance storage via CAS
--Asset serialization
--Continuous integrity checking
--Automatic asset audit with audit log
--Automatic versioning for files that change
--Hardened time-stamping provides proof of time of creation
--Full support for tape and optical, including off-site file delete through crypto-key shredding
--End-user pricing: $12,500 per terabyte

This article was originally published on August 22, 2005