Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Blbs sb-bloombase-turnkey-data-at-rest-security-compliance-solution-for-emc-vnx-vn xe-uslet-en-r2


Published on

Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC VNX/VNXe

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Blbs sb-bloombase-turnkey-data-at-rest-security-compliance-solution-for-emc-vnx-vn xe-uslet-en-r2

  1. 1. BLOOMBASE TURNKEY DATA-AT-REST SECURITY COMPLIANCE SOLUTION FOR EMC VNX/VNXe ESSENTIALS  Bloombase StoreSafe is an industryproven solution for immediate security compliance of various standards including HIPAA, PCI DSS, SB 1386, SOX, and more  Bundled Bloombase KeyCastle enables automated initial migration of EMC VNX contents, rekey, and full lifecycle management of cryptographic keys  Web-based management console, command line interface console, and SNMP offer total, simplified management  Unlike proprietary hardware with high entry price, Bloombase StoreSafe offers a pay-as-you-go licensing model to help reduce your initial investment  To maximize ROI, Bloombase StoreSafe:  Enables multiple storage hosts and applications to produce and consume secured data at-rest   EMC VNX/VNXe WITH BLOOMBASE STORESAFE Electronic business data represents an invaluable core asset of today’s enterprises and organizations. Enterprise customers are concerned about being able to manage and use sensitive information to optimize day-to-day business operations, while protecting it and fulfilling information privacy compliance needs—with the expense of drastic infrastructure change and performance degradation. Bloombase StoreSafe data at-rest security solution offers advanced security capabilities for a reliable, application-transparent, cipher-text data storage infrastructure. Its tamper-proof hardware encryption key security module ensures confidentiality and integrity throughout its whole lifecycle. Bloombase Cryptographic Module is NIST FIPS 140-2 certified providing FIPS-approved RSA and AES cryptographic algorithms, along with non-FIPS ciphers including Camellia, SEED, ARIA, Twofish, Blowfish, etc. Sensitive persistent data is stored as cipher-text securely stored in EMC VNX. The encryption and un-encryption processes are automated by re-routing storage paths via Bloombase StoreSafe software appliance delivering virtual plain contents to authorized hosts and applications. EMC VNX storage targets are accessed by FCP, iSCSI, CIFS and/or NFS storage protocols via Bloombase StoreSafe. Ciphered sensitive information is stored in EMC VNX storage system for centralized management. Only authorized access of virtual-plain information, by trusted applications and systems, per access rules and security profiles secured by Bloombase StoreSafe is Bloombase KeyCastle operator smart-token Active cluster Bloombase KeyCastle Key Management Server Cluster Supports multiple EMC VNX LUNs, file service resources, and shares Microsoft SQL Server on Microsoft Windows Server 2003 On i386 appliance Primary site Bloombase StoreSafe Security Server Cluster Supports both file– and block-based protection for CIFS, NFS, iSCSI, FCP EMC VNX storage resources Microsoft Exchange on Microsoft Windows Server 2003 On i386 appliance Switch (active) Standby cluster Microsoft SQL Server on Microsoft Windows Server 2003 On i386 appliance Microsoft Exchange on Microsoft Windows Server 2003 On i386 appliance X&*^2 3#$(+ EMC VNX storing Microsoft SQLServer database and application data files Switch (standby) X&*^2 3#$(+ VTL Secondary site VPN Microsoft SQL Server on Microsoft Windows Server 2003 On i386 appliance X&*^2 3#$(+ Microsoft Exchange on Microsoft Windows Server 2003 On i386 appliance EMC VNX storing Microsoft SQLServer database and application data files Bloombase KeyCastle operator smart-token Bloombase StoreSafe Security Server Cluster Ethernet Network Storage Network Bloombase KeyCastle Key Management Server Cluster SOLUTION OVERVIEW
  2. 2. permitted. Application data files, shares, and storage volumes are protected by strong encryption offered by Bloombase StoreSafe virtual storages, enabling application servers to achieve various information privacy compliance standards immediately and costeffectively. SOLUTION ARCHITECTURE Bloombase StoreSafe data at-rest encryption solution offers wirespeed, on-the-fly encryption and un-encryption of storage data in EMC VNX network-attached storage (NAS) system. It requires minimum change in application tier by dropping-in Bloombase StoreSafe software appliances in the storage paths. Bloombase High Availability brings together multiple nodes of Bloombase software appliances as a cluster so when master node fails, slave nodes pick up and maintain non-stop, mission-critical service at complete storage host transparency, requiring minimal operator attention. Extending to disaster recovery infrastructure, storage ciphertexts at the primary site are replicated in their natural encryption form over private network to backup storage system at secondary site, and secured by a replica of Bloombase StoreSafe and KeyCastle clusters. As storage contents reside on EMC VNX in their native ciphered form, data backup done over physical storage resources is inherently encrypted, satisfying secure archival needs immediately. The easy-to-manage Bloombase StoreSafe storage encryption solution helps organizational customers enforce data confidentiality for storage, which improves overall system security, enables fast key rotation, reduces user workflows, segregates data ownership from administration and operation, and enhances efficiency and internal controls. RESULTS  For TPC-C queries, Bloombase StoreSafe-encrypted database server stored in EMC VNX recorded a 9 percent drop in throughput, compared to 31 percent for host-based and 64 percent for data column-level  For TPC-C inserts and updates, Bloombase StoreSafe encrypted database stored in EMC VNX recorded a 12 percent drop in throughput, compared to 53 percent for host-based and 59 percent for column-level CONCLUSION  Write-speed encryption performance with least degradation in storage I/O and throughput  Turnkey and proven solution for immediate compliance to stringent information confidentiality regulatory compliance requirements  No application change or second development needed  Fast deployment and automated migration versus alternatives’ manual script-based migration approach  FCP/iSCSI block-based and NFS/CIFS file-based encryption in a single solution  Highly secure NIST FIPS 140-2 and IEEE 1619 standard  High availability and fault-tolerant  Low total cost of ownership (TCO) ABOUT BLOOMBASE Bloombase is a worldwide provider and leading innovator in Next Generation Data Security from Physical/Virtual Datacenter, through Big Data and to the Cloud. Bloombase provides turnkey, nondisruptive, defense in-depth data protection against dynamic cyber threats while simplifying the IT security infrastructure. Bloombase is the trusted standard for Global 500-scale organizations that have zero tolerance policy for security breaches. For more information, visit ABOUT EMC  A TPC-C-based database benchmark test is carried out on a sample database stored in an EMC VNX secured by Bloombase StoreSafe storage encryption software appliance  TPC-C-like queries (with EMC VNX read, Bloombase StoreSafe unencryption) and updates (with VNX write, Bloombase StoreSafe encryption) are generated and applied to simulate workload on EMC VNX/Bloombase StoreSafe setup EMC Corporation is the world’s leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC’s products and services can be found at EMC, VNX, the EMC logo, and where information lives are registered trademarks or trademakrs of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Copyright 2011 EMC Corporation. All rights reserved. Published in the USA. 01/11 Solution Overview H8568 EMC Corporation Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381