Blbs sb-bloombase-turnkey-data-at-rest-security-compliance-solution-for-emc-vnx-vn xe-uslet-en-r2
Click here to load reader
-
Upload
bloombase-inc -
Category
Technology
-
view
106 -
download
1
description
Transcript of Blbs sb-bloombase-turnkey-data-at-rest-security-compliance-solution-for-emc-vnx-vn xe-uslet-en-r2
![Page 1: Blbs sb-bloombase-turnkey-data-at-rest-security-compliance-solution-for-emc-vnx-vn xe-uslet-en-r2](https://reader037.fdocuments.us/reader037/viewer/2022100602/5589ce19d8b42a122e8b466a/html5/thumbnails/1.jpg)
EMC VNX/VNXe WITH BLOOMBASE STORESAFE
Electronic business data represents an invaluable core asset of today’s enterprises and organi-zations. Enterprise customers are concerned about being able to manage and use sensitive infor-mation to optimize day-to-day business operations, while protecting it and fulfilling information privacy compliance needs—with the expense of drastic infrastructure change and performance degradation. Bloombase StoreSafe data at-rest security solution offers advanced security capabilities for a reliable, application-transparent, cipher-text data storage infrastructure. Its tamper-proof hard-ware encryption key security module ensures confidentiality and integrity throughout its whole lifecycle. Bloombase Cryptographic Module is NIST FIPS 140-2 certified providing FIPS-approved RSA and AES cryptographic algorithms, along with non-FIPS ciphers including Camellia, SEED, ARIA, Twofish, Blowfish, etc. Sensitive persistent data is stored as cipher-text securely stored in EMC VNX. The encryption and un-encryption processes are automated by re-routing storage paths via Bloombase StoreSafe software appliance delivering virtual plain contents to authorized hosts and applications. EMC VNX storage targets are accessed by FCP, iSCSI, CIFS and/or NFS storage protocols via Bloombase StoreSafe. Ciphered sensitive information is stored in EMC VNX storage system for centralized management. Only authorized access of virtual-plain information, by trusted applica-tions and systems, per access rules and security profiles secured by Bloombase StoreSafe is
ESSENTIALS
Bloombase StoreSafe is an industry-proven solution for immediate security compliance of various standards in-cluding HIPAA, PCI DSS, SB 1386, SOX, and more
Bundled Bloombase KeyCastle enables automated initial migration of EMC VNX contents, rekey, and full lifecycle management of cryptographic keys
Web-based management console, command line interface console, and SNMP offer total, simplified manage-ment
Unlike proprietary hardware with high entry price, Bloombase StoreSafe of-fers a pay-as-you-go licensing model to help reduce your initial investment
To maximize ROI, Bloombase StoreSafe:
Enables multiple storage hosts and applications to produce and consume secured data at-rest
Supports multiple EMC VNX LUNs, file service resources, and shares
Supports both file– and block-based protection for CIFS, NFS, iSCSI, FCP EMC VNX storage resources
BLOOMBASE TURNKEY DATA-AT-REST SECURITY COMPLIANCE SOLUTION FOR EMC VNX/VNXe
Ethernet Network
Storage Network
Bloombase KeyCastle
operator smart-token
EMC VNX storing
Microsoft SQLServer database and
application data files
Switch (standby)
Switch (active)
Active cluster
Standby cluster
VTL
Primary site
VPN
Secondary site
Microsoft SQL Server on
Microsoft Windows Server 2003
On i386 appliance
Microsoft Exchange on
Microsoft Windows Server 2003
On i386 appliance
Microsoft SQL Server on
Microsoft Windows Server 2003
On i386 appliance
Microsoft Exchange on
Microsoft Windows Server 2003
On i386 appliance
Microsoft SQL Server on
Microsoft Windows Server 2003
On i386 appliance
Microsoft Exchange on
Microsoft Windows Server 2003
On i386 appliance
EMC VNX storing
Microsoft SQLServer database and
application data files
X&*^2
3#$(+
X&*^2
3#$(+
X&*^2
3#$(+
Bloombase KeyCastle
operator smart-token
Bloombase StoreSafe
Security Server Cluster
Bloombase StoreSafe
Security Server Cluster
Bloombase KeyCastle
Key Management
Server Cluster
Bloombase KeyCastle
Key Management
Server Cluster
S O L U T I O N O V E R V I E W
![Page 2: Blbs sb-bloombase-turnkey-data-at-rest-security-compliance-solution-for-emc-vnx-vn xe-uslet-en-r2](https://reader037.fdocuments.us/reader037/viewer/2022100602/5589ce19d8b42a122e8b466a/html5/thumbnails/2.jpg)
permitted. Application data files, shares, and storage volumes are protected by strong encryption offered by Bloombase StoreSafe virtu-al storages, enabling application servers to achieve various infor-mation privacy compliance standards immediately and cost-effectively.
SOLUTION ARCHITECTURE Bloombase StoreSafe data at-rest encryption solution offers wire-speed, on-the-fly encryption and un-encryption of storage data in EMC VNX network-attached storage (NAS) system. It requires minimum change in application tier by dropping-in Bloombase StoreSafe soft-ware appliances in the storage paths. Bloombase High Availability brings together multiple nodes of Bloom-base software appliances as a cluster so when master node fails, slave nodes pick up and maintain non-stop, mission-critical service at complete storage host transparency, requiring minimal operator at-tention. Extending to disaster recovery infrastructure, storage cipher-texts at the primary site are replicated in their natural encryption form over private network to backup storage system at secondary site, and secured by a replica of Bloombase StoreSafe and KeyCastle clusters. As storage contents reside on EMC VNX in their native ciphered form, data backup done over physical storage resources is inherently en-crypted, satisfying secure archival needs immediately. The easy-to-manage Bloombase StoreSafe storage encryption solu-tion helps organizational customers enforce data confidentiality for storage, which improves overall system security, enables fast key rotation, reduces user workflows, segregates data ownership from administration and operation, and enhances efficiency and internal controls.
RESULTS
A TPC-C-based database benchmark test is carried out on a sample database stored in an EMC VNX secured by Bloombase StoreSafe storage encryption software appliance
TPC-C-like queries (with EMC VNX read, Bloombase StoreSafe un-
encryption) and updates (with VNX write, Bloombase StoreSafe encryption) are generated and applied to simulate workload on EMC VNX/Bloombase StoreSafe setup
For TPC-C queries, Bloombase StoreSafe-encrypted database serv-er stored in EMC VNX recorded a 9 percent drop in throughput, compared to 31 percent for host-based and 64 percent for data column-level
For TPC-C inserts and updates, Bloombase StoreSafe encrypted database stored in EMC VNX recorded a 12 percent drop in throughput, compared to 53 percent for host-based and 59 percent for column-level
CONCLUSION
Write-speed encryption performance with least degradation in storage I/O and throughput
Turnkey and proven solution for immediate compliance to stringent information confidentiality regulatory compliance requirements
No application change or second development needed Fast deployment and automated migration versus alternatives’
manual script-based migration approach FCP/iSCSI block-based and NFS/CIFS file-based encryption in a
single solution Highly secure NIST FIPS 140-2 and IEEE 1619 standard
High availability and fault-tolerant Low total cost of ownership (TCO)
ABOUT BLOOMBASE Bloombase is a worldwide provider and leading innovator in Next Generation Data Security from Physical/Virtual Datacenter, through Big Data and to the Cloud. Bloombase provides turnkey, non-disruptive, defense in-depth data protection against dynamic cyber threats while simplifying the IT security infrastructure. Bloombase is the trusted standard for Global 500-scale organizations that have zero tolerance policy for security breaches. For more information, visit www.bloombase.com.
ABOUT EMC EMC Corporation is the world’s leading developer and provider of information infrastructure technology and solutions that enable or-ganizations of all sizes to transform the way they compete and create value from their information. Information about EMC’s products and services can be found at www.EMC.com.
EMC, VNX, the EMC logo, and where information lives are registered trademarks or trademakrs of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Copyright 2011 EMC Corporation. All rights reserved. Published in the USA. 01/11 Solution Overview H8568
EMC Corporation Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.EMC.com