Bletchley
35
Bletchley: dealing with HSM’s so you don’t have to @diogomonica • Square Security
-
Upload
diogo-monica -
Category
Technology
-
view
1.668 -
download
0
description
Bletchley is a home-grown decryption service that we built @square
Transcript of Bletchley
Bletchley: dealing with HSM’s so you don’t have to
@diogomonica • Square Security
Roadmap
‣ Square’s Service-Oriented Architecture‣ Why do we need a decryption service?‣ Our decryption service: Bletchley‣ Bletchley’s architecture‣ Use cases for Bletchley‣ Conclusion
Square
‣ Mobile Payments Company.‣ 1 Security Team.‣ Infra: Java & Ruby, some Go.‣ Moving > $15 billion annually.
ServiceOriented
Architecture
‣ Move fast!‣ Loose component coupling.‣ Independent scaling.‣ Multiple languages.
‣ Front ends‣ User data‣ Payments service‣ Reader fulfillment‣ TokenizationExample
Architecture
SOASecurity Goals
Establish Trust at Layer 7‣ Authenticate and authorize every request
Protect Secrets‣ Application secrets and customer data
Separate Concerns‣ Principle of least privilege
Provide Common Security Infrastructure‣ Get it right once, other services benefit
SecurityServices
‣ Login Service: verify user creds, create client cookies
‣ Token Service: associates stable identifier with secret data
‣ Certificate Signing: manages CAs
‣ Secret Management: delivers secrets to other services
‣ Crypto Service: offloaded crypto, manages keys
The Problem(s)
‣ Managing keys is hard.‣ Infrastructure persists data aggressively.‣ Crypto is hard ™
‣ Crypto can be expensive (CPU cycles && time && $$).
Why do we need a decryption
service?
‣ Private Key centralization.‣ Guaranteed key deletion.‣ Get the code right, once.‣ Crypto offloading.‣ Database compromise requires an online attack.‣ Hide the HSM complexity.
Bletchley
Assumptions‣ We have a magic way to:
• Distribute secrets (e.g. private keys)• Do strong S2S authentication
Our Solution:Bletchley
‣ Very simple API.‣ Issues public keys, decrypts with private keys.‣ Supports strong key deletion.‣ Backed by HSMs (nCipher).
• Hides the complexity/pain of dealing with these things.
Bletchley API
‣ (publicKey, keyId) = createKey()
Bletchley Host
Service
createKey()
Bletchley Host
Service
(publicKey, keyId)
1
2
Bletchley API
‣ data = decrypt(keyId, blob)
Bletchley Host
Service
decrypt(keyId,blob)
Bletchley Host
Service
data
1
2
Bletchley API
‣ success = deleteKey(keyId)
Bletchley Host
Service
deleteKey(KeyId)
Bletchley Host
Service
success2
1
Use Case 1: External Pa!ner
Square External Partner
{message}KprivBletchley Cluster
Money Moving App
Visa
{message}
1
23
4
KpubKpriv
BletchleyArchitecture
‣ Several servers running the bletchley w/ access to HSMs
‣ Backed by a PG database
Bletchley Cluster
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Re
ader
s Ch
oice
” aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
Key Generation‣ Each individual bletchley host generates keys
on it’s local HSM.‣ The HSM uses files on disk to represent the
keys.
Bletchley Cluster
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Rea
ders
Cho
ice”
aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
Key Replication
‣ New keys are registered in the database‣ Other bletchley hosts go to the original host
and retrieve it
Bletchley Cluster
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Rea
ders
Cho
ice”
aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
Bletchley Cluster
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Rea
ders
Cho
ice”
aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
Decryption Authorization
‣ ACL could be stored in the Database
‣ On decryption request, verify if service matches ACL
Service
DATA
SHEE
TSA
Nbox
9000
Ser
ies
SANb
ox®
Prod
uct F
amily
The n
ew lo
ok fo
r pow
erfu
l, eas
y to m
anag
e fab
rics
The S
ANbo
x 900
0 is t
he fla
gship
in th
e SAN
box l
ine of
fabr
ic sw
itche
s, int
ellige
nt sto
rage
route
rs, an
d stor
age s
er-
vices
platf
orms.
As in
dividu
al co
mpon
ents,
ever
y QLo
gic SA
Nbox
deliv
ers th
e adv
antag
es of
a be
st-in-
class
prod
uct.
Worki
ng to
gethe
r as a
n inte
lligen
t netw
ork so
lution
, they
are e
asy t
o dep
loy an
d adm
inistr
ator a
nd th
ey m
ake y
our
SAN
perfo
rm be
tter, t
oo. T
hat’s
why
the e
ntire
QLog
ic SA
Nbox
line w
on th
e Wind
ows I
T Pro
“Rea
ders
Choic
e” aw
ard.
For y
our s
witch
ed fa
bric,
you
can
coun
t on
QLog
ic for
exac
tly th
e righ
t swi
tch…
from
the co
re, to
the d
istrib
ution
layer,
to th
e edg
e. Fo
r low
-cos
t loca
l and
remo
te se
rver c
onne
ctivit
y, QL
ogic
Intell
igent
Stora
ge R
outer
s boo
st uti
li-
zatio
n whil
e driv
ing do
wn co
st an
d com
plexit
y. An
d for
stora
ge vi
rtuali
zatio
n, the
QLo
gic St
orage
Ser
vices
Platf
orm
offers
netw
ork-b
ased
comm
and a
nd co
ntrol
of yo
ur he
terog
eneo
us st
orage
. By v
irtua
lizing
stora
ge fr
om w
ithin
the
fabric
, you
grea
tly si
mplify
man
agem
ent. M
ore im
porta
ntly,
you e
nsur
e an o
pen e
nviro
nmen
t that
can a
ccom
moda
te
multip
le ve
ndors
, new
solut
ions a
nd fu
ture fl
exibi
lity.
SANb
ox®
The n
ew lo
ok fo
r pow
erful,
easy
to m
anag
e fab
rics
• SAN
box 9
000 S
tacka
ble Ch
assis
Switc
h
• SAN
box 8
000 S
torag
e Serv
ices P
latfor
m
• SAN
box 6
000 I
ntellig
ent S
torag
e Rou
ter
• SAN
box 5
000 S
tacka
ble Sw
itch
• SAN
box 1
000 F
ixed P
ort Sw
itch
database
Bletchley
createKey() addPerm(keyId, service)
Service
DATA
SHEE
TSA
Nbox
9000
Ser
ies
SANb
ox®
Prod
uct F
amily
The n
ew lo
ok fo
r pow
erfu
l, eas
y to m
anag
e fab
rics
The S
ANbo
x 900
0 is t
he fla
gship
in th
e SAN
box l
ine of
fabr
ic sw
itche
s, int
ellige
nt sto
rage
route
rs, an
d stor
age s
er-
vices
platf
orms.
As in
dividu
al co
mpon
ents,
ever
y QLo
gic SA
Nbox
deliv
ers th
e adv
antag
es of
a be
st-in-
class
prod
uct.
Worki
ng to
gethe
r as a
n inte
lligen
t netw
ork so
lution
, they
are e
asy t
o dep
loy an
d adm
inistr
ator a
nd th
ey m
ake y
our
SAN
perfo
rm be
tter, t
oo. T
hat’s
why
the e
ntire
QLog
ic SA
Nbox
line w
on th
e Wind
ows I
T Pro
“Rea
ders
Choic
e” aw
ard.
For y
our s
witch
ed fa
bric,
you
can
coun
t on
QLog
ic for
exac
tly th
e righ
t swi
tch…
from
the co
re, to
the d
istrib
ution
layer,
to th
e edg
e. Fo
r low
-cos
t loca
l and
remo
te se
rver c
onne
ctivit
y, QL
ogic
Intell
igent
Stora
ge R
outer
s boo
st uti
li-
zatio
n whil
e driv
ing do
wn co
st an
d com
plexit
y. An
d for
stora
ge vi
rtuali
zatio
n, the
QLo
gic St
orage
Ser
vices
Platf
orm
offers
netw
ork-b
ased
comm
and a
nd co
ntrol
of yo
ur he
terog
eneo
us st
orage
. By v
irtua
lizing
stora
ge fr
om w
ithin
the
fabric
, you
grea
tly si
mplify
man
agem
ent. M
ore im
porta
ntly,
you e
nsur
e an o
pen e
nviro
nmen
t that
can a
ccom
moda
te
multip
le ve
ndors
, new
solut
ions a
nd fu
ture fl
exibi
lity.
SANb
ox®
The n
ew lo
ok fo
r pow
erful,
easy
to m
anag
e fab
rics
• SAN
box 9
000 S
tacka
ble Ch
assis
Switc
h
• SAN
box 8
000 S
torag
e Serv
ices P
latfor
m
• SAN
box 6
000 I
ntellig
ent S
torag
e Rou
ter
• SAN
box 5
000 S
tacka
ble Sw
itch
• SAN
box 1
000 F
ixed P
ort Sw
itch
database
Bletchley
decrypt(keyId, blob) checkPerm(keyId, service)
1
2
Database Failure
‣ Decryptions become dependent on the database for authorization
Bletchley Cluster
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Rea
ders
Cho
ice”
aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
keyID to the rescue
‣ keyId = base64(key_alias|service1| HMAC(key_alias, service1)
Bletchley Host
Service
decrypt(keyId,blob)
Bletchley Host
Service
data
1
2
Decryption Authorization
‣ Decryption authorization independent from database
Service Bletchley
createKey(services)
1
newKeyId(services)
Service Bletchley
decrypt(keyId, blob)
2
decrypt(blob) iff keyId.include?(service)
Key Deletion
‣ The key is marked for deletion in the DB‣ All bletchley hosts securely delete it from disk
Service
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Rea
ders
Cho
ice”
aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
Bletchley
deleteKey(KeyId) markDelete(keyId)
Bletchley Cluster
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Rea
ders
Cho
ice”
aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
Key Rotation
‣ Service requests for new key‣ Starts encrypting all new requests with new
key. Tries to decrypt all requests with both.
Service Bletchley
createKey(services)
1
keyId2 = newKeyId(services)
Service
addKey(keyId)
2
[ keyId1, keyId2 ]
Scaling
‣ Just add more hosts
Bletchley Cluster
DA
TAS
HE
ET
SANb
ox 9
000
Serie
s
SANb
ox®
Pro
duct
Fam
ilyTh
e ne
w lo
ok fo
r pow
erfu
l, ea
sy to
man
age
fabr
ics
The
SANb
ox 9
000
is th
e fla
gshi
p in
the
SANb
ox li
ne o
f fab
ric s
witc
hes,
inte
llige
nt s
tora
ge ro
uter
s, a
nd s
tora
ge s
er-
vice
s pl
atfo
rms.
As
indi
vidu
al c
ompo
nent
s, e
very
QLo
gic
SANb
ox d
eliv
ers
the
adva
ntag
es o
f a b
est-
in-c
lass
pro
duct
.
Wor
king
toge
ther
as
an in
telli
gent
net
wor
k so
lutio
n, th
ey a
re e
asy
to d
eplo
y an
d ad
min
istra
tor a
nd th
ey m
ake
your
SAN
perfo
rm b
ette
r, to
o. T
hat’s
why
the
entir
e QL
ogic
SAN
box
line
won
the
Win
dow
s IT
Pro
“Rea
ders
Cho
ice”
aw
ard.
For
your
sw
itche
d fa
bric
, you
can
cou
nt o
n QL
ogic
for
exac
tly th
e rig
ht s
witc
h…fro
m th
e co
re, t
o th
e di
strib
utio
n
laye
r, to
the
edge
. For
low
-cos
t loc
al a
nd re
mot
e se
rver
con
nect
ivity
, QLo
gic
Inte
llige
nt S
tora
ge R
oute
rs b
oost
util
i-
zatio
n w
hile
driv
ing
dow
n co
st a
nd c
ompl
exity
. And
for s
tora
ge v
irtua
lizat
ion,
the
QLog
ic S
tora
ge S
ervi
ces
Plat
form
offe
rs n
etw
ork-
base
d co
mm
and
and
cont
rol o
f you
r het
erog
eneo
us s
tora
ge. B
y vi
rtual
izin
g st
orag
e fro
m w
ithin
the
fabr
ic, y
ou g
reat
ly s
impl
ify m
anag
emen
t. M
ore
impo
rtant
ly, y
ou e
nsur
e an
ope
n en
viro
nmen
t tha
t can
acc
omm
odat
e
mul
tiple
ven
dors
, new
sol
utio
ns a
nd fu
ture
flex
ibili
ty.
SANb
ox®
The
new
look
for p
ower
ful,
easy
to m
anag
e fa
bric
s
• SA
Nbox
900
0 St
acka
ble
Chas
sis S
witc
h
• SA
Nbox
800
0 St
orag
e Se
rvic
es P
latfo
rm
• SA
Nbox
600
0 In
tellig
ent S
tora
ge R
oute
r
• SA
Nbox
500
0 St
acka
ble
Switc
h
• SA
Nbox
100
0 Fi
xed
Port
Switc
h
database
Use Case 2:Internal File
Transfer
Square External Partner
{blob}Bletchley Cluster
File Transfer App
1
23
Kpriv
service1
{blob} Kpub
4
5
createKey(service1)
Use Case 2:Internal File
Transfer
Square External Partner
Bletchley Cluster
File Transfer App
1
Kpriv
service1
{blob} Kpub
2
decrypt(keyID, {blob})Kpub
Use Case 2:Internal File
Transfer
Square External Partner
Bletchley Cluster
File Transfer App
1
Kpriv
service1
{blob} Kpub
decrypt(keyID, service1)
Use Case 3: Downstream
Outage
SquareCustomer
Bletchley Cluster
Money Moving App
Visa
1
2
{message}{message}
Kpub
DATASHEETSANbox 9000 Series
SANbox® Product FamilyThe new look for powerful, easy to manage fabrics
The SANbox 9000 is the flagship in the SANbox line of fabric switches, intelligent storage routers, and storage ser-
vices platforms. As individual components, every QLogic SANbox delivers the advantages of a best-in-class product.
Working together as an intelligent network solution, they are easy to deploy and administrator and they make your
SAN perform better, too. That’s why the entire QLogic SANbox line won the Windows IT Pro “Readers Choice” award.
For your switched fabric, you can count on QLogic for exactly the right switch…from the core, to the distribution
layer, to the edge. For low-cost local and remote server connectivity, QLogic Intelligent Storage Routers boost utili-
zation while driving down cost and complexity. And for storage virtualization, the QLogic Storage Services Platform
offers network-based command and control of your heterogeneous storage. By virtualizing storage from within the
fabric, you greatly simplify management. More importantly, you ensure an open environment that can accommodate
multiple vendors, new solutions and future flexibility.
SANbox®
The new look for powerful, easy to manage fabrics
• SANbox 9000 Stackable Chassis Switch
• SANbox 8000 Storage Services Platform
• SANbox 6000 Intelligent Storage Router
• SANbox 5000 Stackable Switch
• SANbox 1000 Fixed Port Switch
Database
{message} Kpub 5
34
Kpriv
Use Case 3: Downstream
Outage
Database
SquareCustomer
Bletchley Cluster
Money Moving App
VisaKpub
12
3
{message}
DATASHEETSANbox 9000 Series
SANbox® Product FamilyThe new look for powerful, easy to manage fabrics
The SANbox 9000 is the flagship in the SANbox line of fabric switches, intelligent storage routers, and storage ser-
vices platforms. As individual components, every QLogic SANbox delivers the advantages of a best-in-class product.
Working together as an intelligent network solution, they are easy to deploy and administrator and they make your
SAN perform better, too. That’s why the entire QLogic SANbox line won the Windows IT Pro “Readers Choice” award.
For your switched fabric, you can count on QLogic for exactly the right switch…from the core, to the distribution
layer, to the edge. For low-cost local and remote server connectivity, QLogic Intelligent Storage Routers boost utili-
zation while driving down cost and complexity. And for storage virtualization, the QLogic Storage Services Platform
offers network-based command and control of your heterogeneous storage. By virtualizing storage from within the
fabric, you greatly simplify management. More importantly, you ensure an open environment that can accommodate
multiple vendors, new solutions and future flexibility.
SANbox®
The new look for powerful, easy to manage fabrics
• SANbox 9000 Stackable Chassis Switch
• SANbox 8000 Storage Services Platform
• SANbox 6000 Intelligent Storage Router
• SANbox 5000 Stackable Switch
• SANbox 1000 Fixed Port Switch
4
Kpriv
Disadvantages‣ Cross-DC story is sad‣ Tied to one vendor‣ HSMs are hard to debug and support is bad.
Conclusions
‣ You should have a crypto service!‣ Solves a lot of architectural problems.‣ Get it right once.‣ Save money by sharing HSM resources with multiple
applications.‣ Not that hard to make HA
Thanks
@justincummins
@ebolten
