Slated to ship in the second half of the year, the cards will fit into Cisco’s MDS 9000 switches and directors, presenting an alternative to the use of bump-in-the-wire Decru or NeoScale appliances as means of encrypting data traffic.
Those devices can be inserted into storage networks and according to their suppliers provide full duplex, low latency data encryption, and feature integrated key management systems.
Cisco and EMC argue that the Cisco line cards will be a much more attractive option not so much because of any performance advantage, but because they say that the cards will be much simpler to deploy than encrypting appliances.
Appropriating the label usually applied to Decru and NeoScale’s boxes, EMC marketing vice president Dennis Hoffman said: It’s bump-in-the-wire [Cisco blades] versus break-in-the-wire.
According to Cisco, just one of the reasons why the cards will require less reconfiguration of storage networks is that they will automatically balance loads across their multiple ports. Cisco is not giving any details yet of how many ports the cards will have, although it did say that each card will offer 10Gbps throughput.
It’s too early to talk about prices, but we do realize that customers are very sensitive to pricing, said Cisco’s product director Rajiv Bhardwaj.
Communication between the cards and RSA’s key management system will have to made across a proprietary API, because there is not yet a industry standard for such an interface. But a standard is expected to emerge, probably next year from the IEEE as the P1619.3 standard.
Regardless of that, Cisco will be at liberty to link its card to the key management systems of any other vendors. On its side EMC will be free to resell the encrypting line cards that Brocade says it will offer early next year, for its next generation of 8GFC directors, and to link those cards to the RSA key manager.
Initially the Cisco cards will be sold for the purpose of encrypting data on its way to tape. Further qualification testing will be needed to support data streams targeted at disk.
Bhardwaj said that the huge majority of encryption currently being done is of data being written to tape, for the obvious purpose of protecting against data loss when tape cartridges fall off the back of a delivery truck.
Encrypting data on disk is not always so useful, and might well not provide any protection against hacking attacks. Instead all it would do would be to prevent thieves getting at the data by stealing the disk drives themselves. That is because of the way that data is served and de-crypted on request to all comers. You may not be able to determine whether a request for data is from a legitimate application or not, he said.
So to encrypt data on disk in order to protect against hacking attacks, the encryption must be done further up the stack in the application. The higher up the stack, the better the protection, but the slower the encryption, Hoffman said.
