At the EMC World conference today, Emulex introduced its first hardware-based encryption HBAs, as well as its first design win for the adapters with EMC.
EMC is integrating Emulex’s OneSecure HBAs with EMC PowerPath Encryption with RSA, as well as Clariion and Celerra storage systems, and will resell the encryption HBAs. Users can leverage Emulex’s existing HBA management software to manage OneSecure adapters, as well as EMC’s RSA Key Manager for encryption key management.
The OneSecure HBAs are essentially the same as Emulex’s existing LightPulse 8Gbps Fibre Channel HBAs, except that they include a Crypto Module that offloads encryption processing from the host.
Brandon Hoff, director of product management in Emulex’s software group, claims that OneSecure HBAs utilize only about 1% of the CPU and do not negatively affect application performance.
Performing encryption on HBAs, or what Emulex refers to as Host-based Storage Security (HbSS), is an alternative to switch- and/or array-based encryption.
“SNIA best practice guidelines say that users should encrypt as close as possible to where data is created,” says Hoff. “With host-based encryption, the data is protected as it leaves the host, so there aren’t any vulnerabilities over the network, which could be particularly important when you go to converged IP networks.” In addition, adapter-based encryption protects data “in flight” (over the network) and “at rest” (on disk arrays).
Hoff also claims that an HBA-based approach to encryption can be “one-fifth to one-tenth the cost of switch-based encryption.” (Based on Emulex’s Cost of Encryption Calculator, OneSecure adapters are 50% less expensive than encryption arrays and 70% less expensive than encryption switches.)
Hoff says that, in addition to compliance, the key drivers behind increased end-user adoption of encryption include virtualization, convergence and internal clouds.