Sun and Bloombase R
                                           SpitfireTM StoreSafe End-to-end Storage
2 Sun and Bloombase                                                                                                       ...
Upcoming SlideShare
Loading in …5

Oracle/Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution


Published on

Data-at-rest and data-in-flight security with full life-cycle key management in a single solution. Sensitive departmental information interchange and storage data of government security organization are encrypted using Bloombase Spitfire Storage Encryption Solution Running on Sun Microsystems x-Series Servers achieving end-to-end data in-flight and data at-rest security.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Oracle/Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution

  1. 1. Sun and Bloombase R SpitfireTM StoreSafe End-to-end Storage Security Solution Data-at-rest and data-in-flight security with full life-cycle key management in a single solution. Sensitive departmental information interchange and storage data of government security organization are encrypted using Bloombase R SpitfireTM Storage Encryption Solution Running on Sun Microsystems x-Series Servers achieving end-to-end data in-flight and data at-rest security. About The Customer Implementation Highlights > Government security control organization First customer to practice both data-in-flight and > Employees: More than 10,000 data-at-rest protection for end-to-end security of Objective highly available sensitive business data To protect privacy of sensitive data interchange interchange and persistence. information submitted from various trusted data Features providers. Secure contents in storage sub- A municipal security control organization systems and backup tapes from secret data dynamically allocates their task forces and Highlights exposure to unauthorized parties caused by automatically reacts to potential incidents based > No client user training is required physical or electronic theft. on a self-developed intelligence information for third party data providers Key Challenges- system. Hundreds or even thousands of > Support heterogeneous host operating information feeds including weather forecast and > Application transparency reports, local news, foreign news, traffic reports, systems including Microsoft R Windows R, > High encryption performance IBM AIX, etc border and coastal data, calendar events, etc are > No change to end user, administrator and collected from hundreds of data sources every > Highly available and fault-tolerant operator workflow minute. These real-time information, structured > No coding or second development is required and/or unstructured, in form of flat files, are > Tamper proof and tamper resistant parsed, extracted and aggregated before they are > Sensitive information are physically stored- key protection yet-encrypted at all times and no physical loaded into a centralized data warehouse. plain originals and copies are allowed Based on various pre-defined data mining rules, > Interoperable with IBM WebSphere R real-time security data are analyzed to generate Application Server and IBM DB2 Universal reports, milestones and alerts to proactively Database (UDB) Server monitor potential hazards and risks. With > Encrypted archives on backup tapes response to these possible outcomes closely > High performance encryption and decryption monitored and tracked by the 24x7 operation Project Objectives unit, the bureau dynamically reacts and allocates resources and task forces to combat such > Protect in-flight data submitted from third potential incidents, better control the worsening parties by HTTP form posts situation, if any, or even suppress outbreak of the > Safeguard file system objects, relational incidents. databases and backup media > Encrypt dynamic database data stored in Among these incoming information feeds, data storage area network (SAN) warehouse and reports repository are extremely sensitive and are under airtight political and Why Bloombase R Solutions security privacy regulatory. In application's > All-in-one solution to achieve data in- perspective, security measures limit access to the flight and at-rest security system to authorized personnel only, protecting > Platform independence from unauth-orized access. > NIST FIPS-140-2 level-3 tamper proof and tamper resistant key protection > Full lifecycle key management
  2. 2. 2 Sun and Bloombase Network communications of these controlled An active self-executing component is deployed information are secured by secure socket layer at every data providers' internal network to poll Learn More (SSL) powered by Advanced Encryption Standard for latest news and information. These sensitive For more information, visit (AES) 256-bit strong encryption with industry- information feeds are encrypted automatically as proven secure key exchange, thus, sensitive data they are uploaded to the intelligence system by exposure due to eavesdropping is eliminated. SpitfireTM StoreSafe Lite Storage Security API with or contact your local Sun Sales Physical access to the computing hardware, channel further protected by SSL. The ciphered representative. whether at primary data center or disaster information feed is temporarily stored at a recovery (DR) site, are securely isolated and staging area physically located at IBM under strict physical access control, blocking TotalStorage R DS4100 SAN in form of flat file. A possible physical tampering and data/hardware job is scheduled to run every other minute at an Sun FireTM X4240 IBM WebSphere R Application Server to scan for theft. With all these security measures in place latest information feeds, access of ciphered which are generally considered border or incoming files via SpitfireTM StoreSafe Security perimeter protection, the data system is Server provides a virtual plain view of sensitive vulnerable to core attacks, unknown attacks and contents to be extracted and bulk imported into outbound threats such as operator/insider a data warehouse powered by IBM DB2 UDB. attacks, spyware attacks and viral outbreaks, etc. Read/write access of DB2 UDB is made via a Sun FireTM X4150 provides the best combination The Mission Critical Encryption highly available SpitfireTM StoreSafe Server cluster of performance, expandability, and power To cope with these challenges and meet national operating on Sun Microsystems x-Series Servers. efficiency and is the best 1RU 2-socket server. data privacy requirements, end customer needs Thus, during bulk import of information, The Sun FireTM X4150 server gives you much more to implement effective data encryption to secure sensitive information are first encrypted on-the- throughput, growth options, and power savings information exchange with various data fly by SpitfireTM StoreSafe before they are than any other 1RU 2-socket x64 system. It's an providers, protect data repository storage, data persisted onto SAN, vice versa, on execution of excellent example of Sun's innovative warehouse and backup archives at both primary data-mining procedures, ciphered data are engineering delivering one of the most and disaster recovery systems. Implementing deciphered at real-time on-demand prior to compelling x64 solutions in the market. encryption on this mission critical system is full actual query reads. Dual-Core and Quad-Core Intel R Xeon R processors of constraints, baseline requirements being data Analysis results in form of data records and large power the Sun FireTM X4150 server to deliver in-flight and at-rest are securely encrypted by AES binary objects are stored in another DB2 UDB world-class 32-bit and 64-bit performance in a 256-bit cryptographic cipher, high availability instance which is also protected by SpitfireTM rack-mountable 1RU form factor - fully backed by ready and fault-tolerant, tamper proof and StoreSafe Storage Encryption Servers running on Sun's rock-solid, enterprise-class capabilities and tamper resistant key protection and Sun Microsystems x-Series Systems. Again, only quality. management. On the other hand, the encryption when these sensitive milestones are accessed solution has to fit perfectly into end customer's and presented to authorized personnel will the Sun FireTM X4450 is industry's smallest enterprise- three-tier architecture at zero change, no private information be deciphered at wire-speed class 4-socket x64 server and now comes with application change, no database object change by SpitfireTM StoreSafe. Ciphered block based SAN the Intel R Xeon R processor 7400 series with 6 and last but not least, to be fully transparent to storage updates are automatically synchronized processing cores. In fact, it's the first and only 4- applications, administrators, operators and users. from primary site to DR site via a virtual private socket, 24-way, 2RU server - half the size of the lease line to be further reconstructed and applied other servers in its class. After a three-months evaluation process, end to the DR SAN sub-system. The Sun FireTM X4240, powered by the Quad-Core customer selected Bloombase R SpitfireTM or enhanced Quad-Core AMD OpteronTM Enterprise Security Solution over rivals taking processor, gives you up to twice the memory and kernel-based, database column-based, and storage capacity of any system in its class. It's hardware appliance-based encryption the first and only two-socket AMD OpteronTM approaches. Sun FireTM X4450 system with *16 hard drive* slots in a 2RU form factor. Deployment of Bloombase R SpitfireTM KeyCastle Key Management Servers and SpitfireTM Store- Safe Storage Security Servers completed within 3 days whereas initial data migration of incoming information feed repository, IBM DB2 UDB data files and report storage area took merely another Reference Architecture surprisingly 2 days. Sun x64 servers are the fastest, energy-efficient and reliable Intel R or AMD servers. These servers can run virtually any operating systems, including SolarisTM OS, Linux, Windows R or VMware. Sun Microsystems of California Limited 66/F Centre Plaza, 18 Harbour Road, Wanchai, Hong Kong Phone 852-2202-6200 Web @2008 Sun Microsystems of California Limited. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, J2EE, J2SE, Solaris, the Solaris logo, StarOffice, Sun Enterprise Authentication Mechanism, and SunPCi are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Mozilla is a trademark of Netscape Communications Corporation in the United States and other countries. UNIX is a registered trademark in the United States, exclusively licensed through X/Open Company, Ltd. Information subject to change without notice.