Manualshelf

.Part 5 Storage Security Best Practices and Support Information HP SAN Design Reference Guide 785355-001

ManualsBrandsHP ManualsStorageHP B-Series Remote Replication Solutions
12345678910
Storage network—Consists of switches, appliances, and cables. Switches and appliances
come with support to protect themselves. The storage network components support key
management, encryption services, and authentication of server and storage arrays.
Servers—Consists of hardware, operating systems, interface cards (NICs and HBAs), and
applications (also known as hosts). Each component comes with support for protecting itself.
The interfaces cards support authentication and secure tunnel.
Storage arrays—Consists of groups of disks or tapes that use a management application,
which protects the resources through authentication. Storage arrays will support native
encryption in the future.
HP storage security solutions
This section describes HP storage security solutions for the following products:
“C-series Storage Media Encryption (page 375)
“C-series SAN-OS security” (page 376)
“C-series IP SAN security” (page 377)
“B-series Encryption Switch and Encryption FC Blade security” (page 377)
“B-series Fabric OS security” (page 378)
“Key management” (page 381)
C-series Storage Media Encryption
SME is a standards-based encryption solution for heterogeneous and virtual tape libraries. SME
is managed with the Cisco Fabric Manager web client and a command-line interface, which
supports unified SAN management and security provisioning. SME is a comprehensive
network-integrated encryption service with key management that works transparently with new and
existing SANs. This solution has advantages over competitive solutions, such as:
Supports nondisruptive installation and provisioning. You do not need to rewire or reconfigure
your SAN.
Encryption engines are integrated on the MDS 9000 18/4-port Multiservice Module
(MSM-18/4) and the MDS 9222i Multiservice Fabric Switch. You do not need to purchase
and manage additional switch ports, cables, and applications.
All VSAN traffic can be encrypted. This enables automated load balancing through network
traffic management across multiple SANs.
No additional software is required for key and user management or provisioning. SME is
integrated with the Cisco Fabric Manager, which reduces operating expenses.
Features
Management features of the Cisco Fabric Manager are as follows:
Transparent fabric service
Encryption
Security roles
Key management
Clustering
Fibre Channel redirect
Host-based discovery for provisioning tapes
HP storage security solutions 375