data-at-rest encryption scenarios

DATA CENTER FABRIC

Data-at-Rest Encryption Scenarios

Brocade encryption solutions are being deployed in a wide variety of applications to encrypt data in existing disk and tape drive products. This paper describes several scenarios where encryption is deployed and provides a high level overview of configuration steps.

Data Center Fabric Technical Brief

CONTENTS Introduction........................................................................................................................................................................................................................................3

General Concepts ..........................................................................................................................................................3 Testing Encryption .........................................................................................................................................................4 High Availability Clusters ...............................................................................................................................................9 DEK Cluster in Dual Fabrics ........................................................................................................................................11 Remote Data Facilities ................................................................................................................................................12

Conclusion........................................................................................................................................................................................................................................14

Data-at-Rest Encryption Scenarios 2 of 14


INTRODUCTION This paper details several scenarios used for deploying data-at-rest encryption solutions from Brocade®. From simple test scenarios to redundant data center implementations, this paper shows the high-level steps for deploying the fabric-based encryption solutions. Brocade encryption solutions are based on the Brocade Encryption Switch and the FS8-18 Encryption Blade for the Brocade DCX™ Backbone, which are collectively known as “Brocade encryption devices” or simply “encryption devices.” These solutions enable up to 96 gigabits per second (Gbps) of encryption throughput per device and scale easily to meet the needs of the most data-intensive applications.

Discussing the technical aspects of deploying the encryption solution, this paper assumes a basic understanding of data at rest encryption and Brocade encryption devices. A white paper that discusses the basics of encryption and key aspects of Brocade encryption products can be found at www.brocade.com. Go to Resources > Documentation and then to either Data Sheets & Solution Briefs or White Papers.

From configuring the encryption devices to the logical unit numbers (LUNs), a high-level overview of the encryption configuration is provided to give an understanding of the encryption process. The scenarios in this paper cover the vast majority of encryption deployments at a high level and include:

• A simple test scenario and key vault to introduce the basic components of the encryption solution.

• A configuration involving clusters of encryption devices within the same fabric to increase the availability of the system.

• A third scenario showing clusters of encryption devices in different fabrics.

• A fourth scenario with encryption across remote data facilities so that even a catastrophic event that takes down a site does not stop access to encrypted data.

General Concepts Brocade encryption devices should be considered as a storage security service in the data center fabric. The encryption device can encrypt data between any two ports in the fabric and end devices do not need to be directly attached to the encryption devices to use the resource. Depending on the bandwidth requirements of the applications and how many encryption devices are deployed, the encryption resource can service tens or even hundreds of servers and storage devices. Each encryption device provides 96 Gbps of encryption bandwidth. Brocade recommends deploying encryption devices in redundant pairs for high availability. Thus, Brocade encryption devices can be deployed as a highly-available, fabric-based product that interoperates with existing storage and servers.

The performance requirements for Brocade encryption solutions fall under two categories: data rekeying and continuous encryption operations. Rekeying is the process of rotating or changing the keys for a given data set or first-time migration of existing cleartext to ciphertext. First-time encryption of an archive or data volume is a special case of rekeying where no key exists at the beginning of the encryption process. Rekeying is similar to a data migration because a large amount of data is read, decrypted, re-encrypted and written back to storage in a short amount of time. Depending on key management policies and business practices, data is rekeyed when keys are compromised or their planned, active lifetime expires. Continuous encryption refers to encrypting data as changes or new data come in from the application. Compared to rekeying data, continuous encryption is a relatively sporadic task with bursts and slow periods based on application requirements.


http://www.brocade.com/


The rekeying process is different for disk- and tape-based encryption. For rekeying disk drives, Brocade encryption devices do in-place encryption, which means that the data is read and written back to the disk without the involvement of an external server. Servers accessing and reading the disk-based storage can even read and write data during the rekeying process. For tape drives, a backup server and application reads the cleartext data to disk and then writes it back to the tape through the encryption device. Tape drives cannot do in-place encryption because of the nature of these streaming devices. Rekeying is a powerful feature that enables encryption of large amounts of data in a short amount of time.

Brocade encryption devices are utilized in a wide variety of data centers and Table 1 summarizes how a representative enterprise, Company B, plans to encrypt data from multiple applications. Company B has done extensive testing and plans to begin encrypting data for its financial applications first and work its way down the list. The rekeying of the first application is completed before a new set of applications begin encrypting data. In this scenario, two pairs of encryption devices are deployed to easily handle the encryption in a highly available manner. The top four applications are deployed on one redundant pair of encryption devices and the backup and e-mail applications are deployed on a second pair of devices. The first pair of devices has a maximum throughput of 192 Gbps, but since the encryption devices are deployed redundantly, the 80+ Gbps of input from the applications is balanced between the pair of encryption devices.

Table 1. Encrypted applications and data

Applications Number of Servers

Data Store (TB) Accumulative Peak Data Rate (Gbps)

Capacity Growth Rate (GB/Day)

Financials 20 280 15 0.12

Customer Related 60 700 72 0.6

Human Resources 5 5 0.1 0.001

Manufacturing 8 25 0.4 0.02

Backup 20 1,800 65 2

E-mail 40 1,700 4 1.7

Total 153 4510 157 5

The latency of the encryption process must be negligible to maintain high performance. With tight backup windows, any extension of the backup window can cause a cascading effect of problems that interrupt other backups. To avoid breaking the backup window, Brocade encryption devices add negligible latency of less than 20 microseconds (μs) for encryption and less than 40 μs for compression. At well under 0.1 μ of latency, Brocade encryption devices keep processes rolling while making them secure.

Testing Encryption Brocade recommends testing encryption products before deploying them in production environments so that users can become familiar with the equipment and processes involved in encryption. As shown in Figure 1, the basic components of this test scenario include an initiator, target, encryption device, Ethernet switch, key management system, and Brocade Data Center Fabric Manager (DCFM™) management station. The end devices are attached directly to the Brocade Encryption Switch for simplicity, but they could be attached to any switch port in the fabric. The key vault or key management system can be a software application or a hardware appliance and is needed to back up and manage the data encryption keys (DEKs). A management station configures the fabric and the targets to be encrypted. An Ethernet switch is also required to carry the management traffic. Together, these devices comprise the basic test scenario.



Figure 1. Encryption test scenario

The test setup should be initialized similar to any other Fibre Channel (FC) fabric with zoning and LUN management established between the initiator and target. The Encryption Group, which consists of the single Brocade Encryption Switch in this scenario, is established through Brocade DCFM. Brocade recommends using redundant encryption devices in deployments and redundant pairs is discussed in the next scenario. The Encryption Group, consisting of the single Brocade Encryption Switch, needs to establish a connection to one of the two supported key managers. If the key manager is NetApp Lifetime Key Manager (LKM) a trusted link is established by configuring the IP address of the vault and the certificate file. If the key manager is the RSA Key Manager (RKM), then certificates need to be exchanged and a master key is generated and backed up to RKM. Figure 2 shows multiple DCFM screen captures of how the Encryption Group is configured. A few simple commands or wizard windows establish the Encryption Group and its connection to the key vault.



Figure 2. Configuring Encryption Groups

After the key manager and encryption device have established a trusted link, the CryptoTarget Container (CTC) needs to be configured. The CTC defines which LUNs that will be encrypted and relevant information about the encrypted data such as the key expiration policy. The CTC can be seen as a combination of the techniques used in LUN management and Zoning, as shown in Figure 3. While zoning is a connection between FC initiators and FC targets and LUN management is a combination of Fibre Channel initiators and LUNs, the CTC associates the initiator, target, and LUN. The CTC establishes the physical and logical associations and parameters for encryption.



Fibre Channel Initiators

Fibre Channel Targets

Logical Units

Fibre Channel Zoning

LUN Management

CTC Configuration

Figure 3. Management associations

In the first step of configuring the CTC, the Fibre Channel host and target are associated in a manner similar to zoning. The second major step in CTC configuration is to define which LUNs to encrypt per host. A screen capture from DCFM in Figure 4 is helpful in understanding what type of information needs to be configured during CTC configuration. The user specifies which LUNs to encrypt into ciphertext and which LUNs to remain in cleartext. LUNs are associated with storage on redundant arrays of independent disks (RAIDs), tape drives, or tape pools.

Figure 4. Encryption target configuration in Brocade DCFM



When this configuration is finished and the CTC committed, the encryption processes begin. The steps in the process include:

1) The encryption device creates a redirection zone that includes four members: the physical host, physical target, virtual host, and virtual target. Figure 5 shows how the initiator communicated with the target before the CTC was configured and how it communicates via virtual targets and virtual initiators after the CTC is committed.

2) The LUN is added to the CTC, and validated, and the encryption device generates the DEK for the LUN.

3) The DEK is encrypted or wrapped and sent to the key manager, where receipt of the DEK is confirmed. Figure 1 also shows how unencrypted traffic is sent to the virtual target and encrypted traffic is sent from the virtual initiator that is presented by the encryption device.

This three-step process activates the encryption.

Initiator Target

Encryption Device

Virtual Initiator

Before CTC Committed

After CTC Committed

Virtual Target

Target

Initiator

Figure 5. Communication before and after the CTC commitment

If the disk was previously unencrypted, the encryption device systematically rekeys the data on a per-LUN basis as fast as the storage device can send the data to the encryption device. At encryption rates up to 100 Gbps, the encryption device is rarely the weakest link in the chain and is usually waiting for the storage device to deliver cleartext data. The encryption device reads the LUN in unencrypted 256-kilobyte chunks and encrypts the data 128 bits at a time before writing the encrypted 256 kilobytes back to the LUN in accordance with XTS-AES256 encryption algorithm defined in the IEEE 1619 standard1. The LUN can quickly be rekeyed and any writes to the LUN during the encryption process are incorporated on the fly.

This simple test scenario shows the basic components of the encryption system, which are the encryption device, initiator, target, management station, and key vault. Each of these components is essential for the deployment, but they are not sufficient for keeping data safe and accessible in a redundant fashion. The next scenario shows how encryption devices can be clustered to offer high availability to ensure access to encrypted data.

1 IEEE 1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices, www.ieee.org/web/standards/home/index.



High Availability Clusters Brocade recommends deploying encryption products in a redundant fashion to ensure data access. Since the data that is being encrypted is very valuable or sensitive, the accessibility of the data is essential. A redundant encryption device configuration is shown in Figure 6, with an FS8-18 Encryption Blade installed in redundant Brocade DCX Backbones so that a single failure does not stop traffic between the host and target. If one of the encryption devices fails, then the host will redirect the traffic through the second Brocade DCX with the backup encryption blade.

Figure 6. Redundant directors with FS8-18 Encryption Blades



To configure the encryption devices in a redundant, failover fashion, the administrator needs to configure the High Availability (HA) cluster. After the second FS8-18 blade is initialized, it will need to be added to the Encryption Group established by the first encryption device. Within the Encryption Group, the two encryption devices will need to be grouped into the HA Cluster, shown in Figure 7. With this HA cluster configuration complete, the encryption devices work in an active/standby mode

Figure 7. Configure Switch Encryption wizard

If one encryption device fails, the virtual targets and initiators from the failed encryption device are instantiated on the other encryption device. The Brocade DCX sends out Registered State Change Notifications (RSCNs) for the virtual hosts and targets as they come online (VT2’ and VI2’ in Figure 7, which are not present until failover). After querying the Name Server, the physical host and target send data traffic through new virtual initiators and target with new N_Port_IDs and the same port World Wide Name. When the second encryption device comes back online, the virtual initiators and targets fail back in an automatic or manual fashion, depending on the configuration. With HA clusters, the encryption process can continue with the failure of a single encryption device.

CTC configuration of tape in this scenario involves a different set of wizard windows than disk-based storage. Figure 8 shows a tape pool configuration screen capture from Brocade DCFM and how the encryption is configured for the tape pool. Brocade encryption devices compress the data for tape devices before it is encrypted when the compression is enabled. Each encryption device provides up to 48 Gbps of compression bandwidth. Without compression, the tapes could be encrypted at up to 96 Gbps.



Figure 8. Tape pool configuration

DEK Cluster in Dual Fabrics With many Storage Area Networks (SANs) deployed with redundant fabrics, Brocade designed DEK clusters to let encryption solutions span redundant fabric configurations. DEK Clusters span fabrics and synchronize DEKs across encryption devices via the cluster network, shown in Figure 9. The DEK cluster is dynamically detected by the Encryption Group and is not user-configurable, but the CTC for the LUN needs to be placed in CTC in each fabric. The DEK cluster ensures that data sent to the LUN is encrypted and decrypted with the same DEK, regardless of which fabric carries the traffic.

This redundant configuration also features redundant key management systems. The backup key vault is configured in exactly the same way as the primary key vault, shown in the bottom half of Figure 2. Primary and backup key vaults increase the resiliency of the implementation by eliminating a single point of failure from the system.



Figure 9. DEK group

Remote Data Facilities With pervasive regulatory and business continuance requirements for multiple data centers in a corporation, Brocade developed encryption solutions to meet the needs of remote data facility deployments such as EMC Symmetrix Remote Data Facility (SRDF). Figure 10 shows a scenario in which two sites are connected over an Internet Protocol (IP) network. The IP network needs to connect three separate networks: the management network, the cluster network, and the Fibre Channel network. In this example, each network has its own Virtual Local Area Network (VLAN) to separate the traffic for each application. The user could also use Wavelength Division Multiplexing (WDM) equipment instead of FCIP equipment, as seen in Figure 11. The WDM equipment would probably have separate channels (wavelengths of light) for each network. There are multiple options for how to connect the two sites. The interesting aspect of this solution is the data mirroring with redundant encryption devices.



Figure 10. Encryption spanning two sites

Target 1 at the primary site is using mirroring technology to replicate the data from the primary to the secondary site. Data that is sent from a host in Fabric 1 is encrypted when it is written to the disk subsystem. When the data is mirrored between Target 1 and Target 2, the data remains encrypted as it passes through the encryption devices. Any authorized host on Fabric 1 must be configured within a CTC so that it can access the cleartext data through the onsite encryption device. If either site has problems or the IP network goes down, each site will be able to access the data independently because each site has a complete set of equipment to maintain operations.

Note that Fabric 1 spans the sites because FCIP and WDM are types of link extension equipment that unite the two sites into one fabric. Fibre Channel Routing could also be used to connect the two sites so that the fabrics would not be merged into one.

Encryption Device 1 is the group leader in the Encryption Group and will handle all encryption configuration information. When a user configures and commits the LUN for encryption in DCFM, Encryption Device 1 will generate the DEK and send it to Encryption Device 2 and both key vaults. As data is written to Target 1, Encryption Device 1 encrypts the data and sends it to Target 1. Target 1 synchronizes the data with Target 2 at the remote site, and since Target 1 and Target 2 have not been configured with CTCs, the data is not decrypted during transit. If a host at the secondary site requests data from Target 2, the encryption device sends the cleartext data to the host in a seamless fashion.



Several other scenarios are supported to encrypt data between fabrics and even other protocols. Brocade encryption devices support Fibre Channel Routing (FCR) and can have virtual devices in multiple fabrics. The encryption devices can also encrypt iSCSI traffic that has entered the fabric through the Brocade iSCSI Gateway. Brocade encryption products are designed to work with the wide variety of Brocade products and services.

Figure 11. WDM configuration

CONCLUSION This paper has shown how Brocade encryption solutions are applicable to a wide range of deployments. From small sensitive applications to large deployments across multiple sites, Brocade encryption solutions have the performance, manageability, and scalability to satisfy a wide variety of customer requirements. Individual encryption devices provide 96 Gbps of encryption throughput and multiple devices deliver hundreds of gigabits per second of throughput. Brocade has partnered with leaders in key management solutions to work with a growing installed base of encryption users. In addition to superior products, Brocade offers services to help users deploy the technology successfully.

Successfully securing data is the goal of Brocade and that is why Brocade encryption solutions meet rigorous industry standards for our products. At the encryption level, Brocade complies with Institute of Electrical and Electronic Engineering 1619 (IEEE 1619) standard for disk drive encryption and IEEE 1619.1 for tape encryption. At the product level, Brocade encryption devices are designed to meet Federal Information Processing 140-2 (FIPS140-2) Level 3 standards and Common Criteria Evaluation Assurance Level 3 (EAL-3). Brocade encryption devices are built on Brocade’s leading Fibre Channel technology to ensure that the solutions work with the largest installed base of Fibre Channel networks.

© 2008 Brocade Communications Systems, Inc. All Rights Reserved. 09/08 GA-TB-100-01

Brocade, the B-wing symbol, DCX, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks, and DCFM and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.


data-at-rest encryption scenarios

Documents