Array controller based encryption

Array controller based encryption

Within a storage network, encryption of data may occur at different hardware levels. Array controller based encryption describes the encryption of data occurring at the disk array controller before being sent to the disk drives. This article will provide an overview of different implementation techniques to array controller based encryption. For cryptographic and encryption theory, see disk encryption theory.

Possible Points of Encryption in SAN

The encryption of data can take place in many points in a storage network. The point of encryption may occur on the host computer, in the SAN infrastructure, the array controller or on each of the hard disks as shown on the diagram above. Each point of encryption has different merits and costs. Within the diagram, the key server components are also shown for each configuration of encryption. Designers of SANs and SAN components must take into consideration factors such as performance, deployment complexity, key server interoperability, strength of security, and cost when choosing where to implement encryption. But since the array controller is a natural central point of all data therefore encryption at this level is inherent and also reduces deployment complexity.

Array Controller Based Encryption

With different configurations of a hardware or software array controller, there are different types of solutions for this type of encryption. Each of these solutions can be built into existing infrastructures by replacing or upgrading certain components. Basic components include an encryption key server, key management client, and commonly an encryption unit which are all implemented into a storage network.

Internal Array Controller Encryption

For an internal array controller configuration, the array controller is generally a PCI bus card situated inside the host computer. As shown in the diagram, the PCI array controller would contain an encryption unit where plaintext data is encrypted into ciphertext. This separate encryption unit is utilized to prevent and minimize performance reduction and maintain data throughput. Furthermore, the Key Management Client will generally be an additional service within the host computer applications where it will authenticate all keys retrieved from the Key Server. A major disadvantage to this type of implementation would be that encryption components are required to be integrated within each host computer and therefore is redudant on large networks with many host devices.


External Array Controller Encryption

In the case of an external array controller setup, the array controller would be an independent hardware module connected to the network. Within the hardware array controller would be an Encryption unit for data encryption as well as a Key Management Client for authentication. Generally, there are few hardware array controllers to many host devices and storage disks. Therefore it reduces deployment complexity to implement into fewer hardware components. Moreover, the lifecycle of an array controller is generally much longer than host computers and storage disks, therefore the encryption implementation will not need to be reimplemented as often as if encryption was done at another point in the storage network.

Encryption at the Front-End or Back-End Side Array Controller

In an external array controller, the encryption unit can either be placed either on the front-end sideor the back-end side of the array controller. There are different advantages and disadvantages in placing the encryption unit either on the front-end side or the back-end side:

The placement of the encryption unit may highly impact the secureness of your controller based encryption implementation. Therefore this issue must be taken account for when designing your implementation to mitigate all security risks.

Software Array Controller Encryption

For the software array controller encryption, a software array controller driver directs data into individual host bus adapters. In the diagram on the right, there are multiple host bus adapters with hardware encryption units used for better performance requirements. In contrast, this type of encryption can be implemented with only 1 host bus adapter connected to a network of multiple hard drives and would still function. Performance will definitely be reduced since there will only be one encryption unit processing data. Key management will be done much like the internal array controller encryption mentioned before with the Key Management Client implemented as a service within the Host Computer.


External links

* [http://www.pmc-sierra.com/products/details/pm8031/ PM8031 Encryption Enabled IC]
* [http://www.pmc-sierra.com/products/details/pm8032/ PM8032 Encryption Enabled IC]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • x86 — This article is about Intel microprocessor architecture in general. For the 32 bit generation of this architecture which is also called x86 , see IA 32. x86 Designer Intel, AMD Bits 16 bit, 32 bit, and/or 64 bit Introduced 1978 Design …   Wikipedia

  • Abkürzungen/Computer — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. A [nach oben] AA Antialiasing AAA authentication, authorization and accounting, siehe Triple A System AAC Advanced Audio Coding AACS …   Deutsch Wikipedia

  • Liste der Abkürzungen (Computer) — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. A [nach oben] AA Antialiasing AAA authentication, authorization and accounting, siehe Triple A System AAC Advanced Audio Coding AACS …   Deutsch Wikipedia

  • Liste von Abkürzungen (Computer) — Dies ist eine Liste technischer Abkürzungen, die im IT Bereich verwendet werden. Inhaltsverzeichnis A B C D E F G H I J K L M N O P Q R S T U V W X Y Z siehe auch: Liste von Dateiendu …   Deutsch Wikipedia

  • Dynamic random-access memory — DRAM redirects here. For other uses, see Dram (disambiguation). Computer memory types Volatile RAM DRAM (e.g., DDR SDRAM) SRAM In development T RAM Z RAM TTRAM Historical Delay line memory Selectron tube Williams tube …   Wikipedia

  • List of computing and IT abbreviations — This is a list of computing and IT acronyms and abbreviations. Contents: 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y …   Wikipedia

  • List of Intel microprocessors — For a list of Intel s microcontrollers, see List of common microcontrollers#Intel. This generational and chronological list of Intel microprocessors attempts to present all of Intel s processors from the pioneering 4 bit 4004 (1971) to the… …   Wikipedia

  • List of computer technology code names — Following is a list of code names that have been used to identify computer hardware and software products while in development. In some cases, the code name became the completed product s name, but most of these code names are no longer used once …   Wikipedia

  • Dynamic random access memory — (DRAM) is a type of random access memory that stores each bit of data in a separate capacitor within an integrated circuit. Since real capacitors leak charge, the information eventually fades unless the capacitor charge is refreshed periodically …   Wikipedia

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”