CryptoStor for Tape FC
Price: Starts at $20,000
Encrypting secondary storage media adds a layer of protection when physical security alone doesn't meet your requirements. NeoScale's CryptoStor for Tape FC encrypts and digitally signs data as it flows to tape systems, protecting your offsite storage against unauthorized access. The CryptoStor appliance sits in front of a fiber channel SAN to protect both pooled and distributed tape libraries (a SCSI model is also available). In our test, we set CryptoStor between a Brocade switch and a FC bridge. A user ID, password and smart card with an SSL certificate control administrative access to CryptoStor. The connection is secured with SSH.
CryptoStor supports a variety of backup applications, including those from VERITAS, Legato Systems and IBM Tivoli. We tested it using VERITAS NetBackup Enterprise Server 5.0, assigned an IP address and generated our SSL certificate via a command-line session. This allowed us to switch to a Web browser to configure additional options.
Configuration is a simple process of assigning encryption keys and rules. We generated the 256-bit AES system key, which acts as a seed number that's fed into a random number generator to produce symmetric tape library pool keys and individual tape keys for encrypting the tapes themselves. Pool keys can encrypt two forms of tape keys: dynamic, which uses a separate key per tape, and static, which
Users can define rules to assign 128-bit AES or TripleDES encryption keys based on application, media pool/tape label or host source. We specified the backup application's name and defined rules according to the tape label's media ID numbers (also referred to as a volume name) to target tapes for encryption. The media IDs were read by a scanner for the tape-handling robotic arm, and the data was transparently encrypted to tape during backup. Because many jobs require multiple tapes, you can define a label prefix with a wild card to specify a pool of tapes for a single key -- such as all tapes with media ID numbers that start with E01 -- to simplify both encryption and decryption.
Backup applications and the tape drives aren't intelligent enough to distinguish encrypted, garbage or good data. And CryptoStor doesn't provide a feedback loop or host agent to communicate between the tape drive, appliance and backup utility. Without a host agent to check and compare the media IDs, it's possible that you could specify a tape's media ID via CryptoStor's interface but have entered the wrong media ID number in the backup software. The backup app would send the data; CryptoStor would check the tape's media ID. When it didn't find the specific ID number -- the data would pass without getting encrypted.
However, NeoScale says the issue hasn't surfaced, and its support for wild cards in the media label reference should address this, as most customers don't go the tedious route of using single labels when configuring multiple backup jobs. Further, with the variety of backup applications, OSes and app versions, each has a set of APIs and hooks, which would make NeoScale's uniform maintenance of host agents an enormous challenge.
CryptoStor's layered security is comprehensive. A high-availability setup enables CryptoStor to exchange key pairs with another unit over an IPsec tunnel; as a mirror image, it can encrypt/decrypt tapes. Integrity of the backup data is ensured using SHA-1 or SHA-512 message signatures, along with a Hashed Message Authentication Code (HMAC) key for each tape block. Tape keys are secured via the system key and can be stored within the appliance, on a smart card that gets inserted into the appliance or directly onto the backup tapes. Storing on the backup tapes ensures that the keys and the data are never separated. This isn't as risky as it sounds; tape keys can't be decrypted until they are read and decrypted with the pool key.
CryptoStor is well-positioned as disk drive prices continue to plummet and backup moves toward virtual tape images on disk. The solution does a superior job of protecting tape libraries with scalable wire-speed encryption that doesn't require infrastructure changes.
-- SCOTT SIDEL
This Hot Pick review originally appeared in the May 2004 issue of Information Security magazine.
This was first published in May 2004