EMC VNX/VNXe WITH BLOOMBASE STORESAFE

Electronic business data represents an invaluable core asset of today’s enterprises and organi-zations. Enterprise customers are concerned about being able to manage and use sensitive infor-mation to optimize day-to-day business operations, while protecting it and fulfilling information privacy compliance needs—with the expense of drastic infrastructure change and performance degradation. Bloombase StoreSafe data at-rest security solution offers advanced security capabilities for a reliable, application-transparent, cipher-text data storage infrastructure. Its tamper-proof hard-ware encryption key security module ensures confidentiality and integrity throughout its whole lifecycle. Bloombase Cryptographic Module is NIST FIPS 140-2 certified providing FIPS-approved RSA and AES cryptographic algorithms, along with non-FIPS ciphers including Camellia, SEED, ARIA, Twofish, Blowfish, etc. Sensitive persistent data is stored as cipher-text securely stored in EMC VNX. The encryption and un-encryption processes are automated by re-routing storage paths via Bloombase StoreSafe software appliance delivering virtual plain contents to authorized hosts and applications. EMC VNX storage targets are accessed by FCP, iSCSI, CIFS and/or NFS storage protocols via Bloombase StoreSafe. Ciphered sensitive information is stored in EMC VNX storage system for centralized management. Only authorized access of virtual-plain information, by trusted applica-tions and systems, per access rules and security profiles secured by Bloombase StoreSafe is

ESSENTIALS

Bloombase StoreSafe is an industry-proven solution for immediate security compliance of various standards in-cluding HIPAA, PCI DSS, SB 1386, SOX, and more

Bundled Bloombase KeyCastle enables automated initial migration of EMC VNX contents, rekey, and full lifecycle management of cryptographic keys

Web-based management console, command line interface console, and SNMP offer total, simplified manage-ment

Unlike proprietary hardware with high entry price, Bloombase StoreSafe of-fers a pay-as-you-go licensing model to help reduce your initial investment

To maximize ROI, Bloombase StoreSafe:

Enables multiple storage hosts and applications to produce and consume secured data at-rest

Supports multiple EMC VNX LUNs, file service resources, and shares

Supports both file– and block-based protection for CIFS, NFS, iSCSI, FCP EMC VNX storage resources

BLOOMBASE TURNKEY DATA-AT-REST SECURITY COMPLIANCE SOLUTION FOR EMC VNX/VNXe

Ethernet Network

Storage Network

Bloombase KeyCastle

operator smart-token

EMC VNX storing

Microsoft SQLServer database and

application data files

Switch (standby)

Switch (active)

Active cluster

Standby cluster

VTL

Primary site

VPN

Secondary site

Microsoft SQL Server on

Microsoft Windows Server 2003

On i386 appliance

Microsoft Exchange on

Microsoft Windows Server 2003

On i386 appliance

Microsoft SQL Server on

Microsoft Windows Server 2003

On i386 appliance

Microsoft Exchange on

Microsoft Windows Server 2003

On i386 appliance

Microsoft SQL Server on

Microsoft Windows Server 2003

On i386 appliance

Microsoft Exchange on

Microsoft Windows Server 2003

On i386 appliance

EMC VNX storing

Microsoft SQLServer database and

application data files

X&*^2

3#$(+

X&*^2

3#$(+

X&*^2

3#$(+

Bloombase KeyCastle

operator smart-token

Bloombase StoreSafe

Security Server Cluster

Bloombase StoreSafe

Security Server Cluster

Bloombase KeyCastle

Key Management

Server Cluster

Bloombase KeyCastle

Key Management

Server Cluster

S O L U T I O N O V E R V I E W

permitted. Application data files, shares, and storage volumes are protected by strong encryption offered by Bloombase StoreSafe virtu-al storages, enabling application servers to achieve various infor-mation privacy compliance standards immediately and cost-effectively.

SOLUTION ARCHITECTURE Bloombase StoreSafe data at-rest encryption solution offers wire-speed, on-the-fly encryption and un-encryption of storage data in EMC VNX network-attached storage (NAS) system. It requires minimum change in application tier by dropping-in Bloombase StoreSafe soft-ware appliances in the storage paths. Bloombase High Availability brings together multiple nodes of Bloom-base software appliances as a cluster so when master node fails, slave nodes pick up and maintain non-stop, mission-critical service at complete storage host transparency, requiring minimal operator at-tention. Extending to disaster recovery infrastructure, storage cipher-texts at the primary site are replicated in their natural encryption form over private network to backup storage system at secondary site, and secured by a replica of Bloombase StoreSafe and KeyCastle clusters. As storage contents reside on EMC VNX in their native ciphered form, data backup done over physical storage resources is inherently en-crypted, satisfying secure archival needs immediately. The easy-to-manage Bloombase StoreSafe storage encryption solu-tion helps organizational customers enforce data confidentiality for storage, which improves overall system security, enables fast key rotation, reduces user workflows, segregates data ownership from administration and operation, and enhances efficiency and internal controls.

RESULTS

A TPC-C-based database benchmark test is carried out on a sample database stored in an EMC VNX secured by Bloombase StoreSafe storage encryption software appliance

TPC-C-like queries (with EMC VNX read, Bloombase StoreSafe un-

encryption) and updates (with VNX write, Bloombase StoreSafe encryption) are generated and applied to simulate workload on EMC VNX/Bloombase StoreSafe setup

For TPC-C queries, Bloombase StoreSafe-encrypted database serv-er stored in EMC VNX recorded a 9 percent drop in throughput, compared to 31 percent for host-based and 64 percent for data column-level

For TPC-C inserts and updates, Bloombase StoreSafe encrypted database stored in EMC VNX recorded a 12 percent drop in throughput, compared to 53 percent for host-based and 59 percent for column-level

CONCLUSION

Write-speed encryption performance with least degradation in storage I/O and throughput

Turnkey and proven solution for immediate compliance to stringent information confidentiality regulatory compliance requirements

No application change or second development needed Fast deployment and automated migration versus alternatives’

manual script-based migration approach FCP/iSCSI block-based and NFS/CIFS file-based encryption in a

single solution Highly secure NIST FIPS 140-2 and IEEE 1619 standard

High availability and fault-tolerant Low total cost of ownership (TCO)

ABOUT BLOOMBASE Bloombase is a worldwide provider and leading innovator in Next Generation Data Security from Physical/Virtual Datacenter, through Big Data and to the Cloud. Bloombase provides turnkey, non-disruptive, defense in-depth data protection against dynamic cyber threats while simplifying the IT security infrastructure. Bloombase is the trusted standard for Global 500-scale organizations that have zero tolerance policy for security breaches. For more information, visit www.bloombase.com.

ABOUT EMC EMC Corporation is the world’s leading developer and provider of information infrastructure technology and solutions that enable or-ganizations of all sizes to transform the way they compete and create value from their information. Information about EMC’s products and services can be found at www.EMC.com.

EMC, VNX, the EMC logo, and where information lives are registered trademarks or trademakrs of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Copyright 2011 EMC Corporation. All rights reserved. Published in the USA. 01/11 Solution Overview H8568

EMC Corporation Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.EMC.com