HP Overhauls Storage Security

By James Rogers, April 4, 2008, 6:00 PM

HP will overhaul its storage security offerings next week with a souped-up fabric switch, enhanced key management, and an encryption kit for tape libraries and autoloaders.

First up is the C-Series MDS 9222i Storage Media Encryption (SME) switch. “That allows you to encrypt data through any port on the switch,” says Adam Thew, HP’s director of products for nearline products. “It’s basically targeted at legacy tape. This is really for places where they have older environments than LTO 4, where they want to encrypt the data going to virtual tape." He explains that, whereas LTO 4 has native encryption, earlier versions of the technology do not.

”Up until now, if customers had been looking to go to tape level encryption, they have had to upgrade their tape to LTO 4, but this is a solution to avoid that,” says Thew.

HP is not the first vendor to focus its energy on switch fabric encryption. Last year, for example, Cisco teamed up with EMC's RSA division to encrypt data traveling across the network on its family of switches, although users were reluctant to abandon more traditional encryption methods.

HP’s C-Series MDS 9222i is actually OEM’d from Cisco, although Thew told Byte and Switch that the technology can be deployed either as a dedicated switch, the MDS 9222i, or as a blade for HP’s 9000 series switches.

The MDS 9222i encryption switch, plus its software license, is available now, priced at $83,500. The 18/4 encryption blade is also available now, priced at around $50,0000, plus a $27,995 software license.

With HP CEO Mark Hurd looking to boost the vendor’s storage sales, it is hardly surprising that the company is using security to breathe life into this part of its business. As a result, the vendor will also turn its attention to key management and compliance next week.

”We have integrated our Secure Key Manager [device] with our Compliance Log Warehouse [device],” says Thew, referring to the Secure Key Manager device that manages LTO encryption keys and the vendor’s log monitoring appliance. “It’s an API-level integration that we have done that is invisible to the IT administrator.”

With users increasingly looking for better log management, the exec says that it made sense to tie the two products more closely together.

”You can export the logs and the activity information such as when keys are generated, and who authorized them, into the Compliance Log Warehouse,” he says. “This compiles and compresses the information and generates reports in compliance with likes of HIPAA, Sarbanes Oxley, and the EU Data Retention Act.”

Pricing for the Secure Key Manager starts at $100,000, and the Compliance Log Warehouse has a list price of $225,000. Both devices are currently available, although HP says that there is no additional cost for the software client used to open their APIs.

The vendor will also take aim at the smaller environments with a single tape library or autoloader next week with the launch of its StorageWorks Encryption Kit, a memory-stick sized device for storing keys. “It plugs into a USB port on the back of the autoloader or MSL library, and it generates and manages the keys for the encryption process,” says Thew.

The Encryption Kit, which is available in June, priced at $2,500, can handle up to 100 keys, compared to the Secure Key Manager’s 100,000.

”Rule number one of key management is always have two copies,” says Thew, but he admits that the products launched next week will only work with HP kit.

”Today, there is no standard for key management, but we’re actively working on that with other vendors and the Storage Networking Industry Association. I expect that we will have standards to announce in early 2009, and then I think we will see products implementing that standard some time later.”

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.