HIGHLIGHTS•High-performance,scalablefabric-basedencryptionenforcesdataconfidentialityandprivacyrequirements

•Unparalleledencryptionprocessingatupto96Gbpsusingindustry-standardAES-256encryptionalgorithms

•Choiceofindustry-leadingkeymanagementsolutionsthathelpreduceoperationalcostsandsimplifymanagement

•Asingle,centralizedsecurityplatformforbothdiskandtapeSANenvironmentssupportingheterogeneousenterprisedatacenters

•FrameRedirectiontechnologyenableseasy,non-intrusivedeploymentoffabric-basedsecurityservices

•Plug-inencryptionandcompressionservicesavailabletoallhostservers,includingVirtualMachines(VMs),attachedtodatacenterfabrics

•Scalableperformancewithon-demandencryptionandcompressionprocessingpowermeetsregulatorymandatesforsecuringdata

A High-Performance Encryption Blade for the Brocade DCX Backbone FamilyManagingoperationalriskbyprotectingvaluabledigitalassetshasbecomeincreasinglycriticalintoday’senterpriseITenvironments.Inadditiontoachievingcompliancewithregulatorymandatesandmeetingindustrystandardsfordataconfidentiality,ITorganizationsmustalsoprotectagainstpotentiallitigationandliabilityfollowingareportedbreach.

Inthecontextofdatacenterfabricsecurity,BrocadeprovidesadvancedfabricservicesforStorageAreaNetworks(SANs)withtheBrocade®FS8-18EncryptionBladeforuseinBrocadeDCX®8510andBrocadeDCXBackbones.Thebladeisahigh-speed,highlyreliablehardwaredevicethatdeliversfabric-basedencryptionservicestosecuredataassetseitherselectivelyoronacomprehensivebasis.

TheBrocadeFS8-18scalesnon-disruptively,providingupto96Gbpsofencryptionprocessingpowertomeettheneedsofthemostdemandingenvironmentswithflexible,on-demandperformance.Italsoprovidescompressionservicesatspeedsupto48Gbpsfortapestoragesystems.Moreover,itistightlyintegratedwithindustry-leading,enterprise-classkeymanagementsystemsthatcanscaletosupportkeylifecycleservicesacrossdistributedenvironments.

BROCADEFS8-18ENCRYPTIONBLADE

DATA CENTER

DATASHEET

FABRIC-BASED ENCRYPTIONMostsensitivecorporatedataisstoredinthedatacenter,andthevastmajorityofdatafromcriticalapplicationsresidesinaSAN—enablingorganizationstoleveragetheexistingintelligencelayerinthestoragefabric.Thislayerprovidesacentralizedframeworkinwhichtodeploy,manage,andscalefabric-baseddatasecuritysolutions.

TheBrocadeOne™strategyhelpssimplifynetworkinginfrastructuresthroughinnovativetechnologiesandsolutions.TheBrocadeFS8-18EncryptionBladesupportsthisstrategybyallowingorganizationstosecuretheirdatatomeetregulatoryandinternalcompliancerequirements.

www.brocade.com

Figure 1. TheBrocadeFS8-18EncryptionBladeplays

avitalroleintheBrocadeOnestrategy.

pointofmanagementforbothdiskandtapestoragesecurityaswellaskeymanagement,andsupportsheterogeneousstorageenvironments.Deploymentissimpleandnon-disruptive:Organizationscanencryptdatafromanyswitchportwithoutreconfiguringthefabric.

Inaddition,organizationscanimplementprovisioningwithoutshuttingdownapplicationsorchangingtheLogicalUnitNumber(LUN)mappingandLUNmaskingconfigurationsonthetargetstoragearrays.TheBrocadeFS8-18ismanagedandconfiguredusingfamiliarBrocademanagementtools—includingBrocadeNetworkAdvisor,BrocadeDataCenterFabricManager(DCFM®),andCLImanagementtools—andiseasilyintegratedintoexistingnetworkinfrastructures.

KeyadvantagesoftheBrocadeFS8-18include:

•Theabilitytoencryptdataatwirespeed

•Centralmanagementofstorageandfabric-basedsecurityresources

•Concurrentsupportforbothdiskandtapeencryptionoperationsfromasingledevice

•Transparent,onlineencryptionof“cleartext”LUNsandrekeyingofencryptedLUNswithoutdisruption

•Datacompressionandintegrityauthenticationfortapebackupdata

•Simplified,non-disruptiveinstallationandconfiguration

HIGH-VALUE APPLICATIONS AND SOLUTION AREASTwoofthegreatestbusinessbenefitsoftheBrocadeFS8-18areincreasedproductivityandreducedriskofdataexposure.Otherkeybenefitsincludeimprovedbackupperformancewhiledeployingencryption/compressionandinvestmentprotectionforexistingresources.

TheBrocadeFS8-18isidealforapplicationssuchas:

•HighlysensitiveITapplicationswithsecuredata-at-restrequirements

•Securedatabackupsforoffsitetapestorageandlong-termarchiving

•Supportforheterogeneousdiskandtapestorageenvironmentsfromasingledevicewithcentralizedmanagement

•Decommissioningofdiskarraysthatrequirelegalvalidationoftheirrecoverabledestructionofdata(TheBrocadeFS8-18enablessecuredecommissioningofstoragedevicesbyencryptinganentireLUNandpermittingdeletionofdataencryptionkeys.)

•SecurereplicationofVirtualTapeLibrary(VTL)backupstoremotefacilities

•ScalingdatacenterencryptionservicesbyimplementinguptofourBrocadeFS8-18bladesinaBrocadeDCX8510orBrocadeDCXchassis

SAN

Client/Server

Emerging Protocols

(FCoE)

Brocade Data Center Fabric

Extended Data Center Fabric

Disaster Recovery Site

Continuous Remote

Replication

Key Management

Branch Office

Virtual and Standalone

Servers

Virtual and Standalone

Servers

Storage

Brocade FS8-18 Encryption Blade

Brocade DCX Backbone

Encryption

DirectorsSwitches

Thestoragefabricenablescentralizedmanagementtosupportnearlyeveryaspectofthedatacenter,fromserverenvironmentsandworkstationstoedgecomputingandbackupenvironments.Asaresult,itisanidealplacetostandardizeandconsolidateaholisticdata-at-restsecuritystrategy.Organizationscanalsoimplementthistypeofbest-practicemethodologyinotherpartsofthedatacenter,helpingtoprotectdatathroughouttheenterprise.

Mostcurrentindustrysolutionsincludeeitherhost-basedsoftwareencryption,device-embeddedencryption,oredgeencryption—allofwhichprovideisolatedservicestospecificapplicationsbuttypicallycannotscaleacrossextendedenterprisestorageenvironments.Incontrast,Brocadedeliversfabric-basedencryptionforbothdisk-andtape-basedstoragedevicesaspartoftheindustry-leadingBrocadeOnestrategyandinnovativeBrocadeAdaptiveNetworkingservices(seeFigure1).

Basedonindustrystandards,Brocadeencryptionfordata-at-restprovidescentralized,scalableencryptionandcompressionservicesthatseamlesslyintegrateintoexistingBrocadeFabricOS®(FOS)andBrocadeM-EnterpriseOS(M-EOS)environments1.

TheBrocadefabric-basedapproachtodataencryptionscalestomeetperformancerequirements,providesacentralized

1 Brocade M-EOS fabrics are McDATA switches and directors running McDATA Enterprise OS in McDATA Fabric mode or McDATA Open Fabric mode.

TheBrocadeFS8-18isdesignedforuseinthefollowingSANenvironments:

•Large-scaleencryptioninnewdatacenterdeployments

•Plug-instoragesecurityservicesforexistingSANfabrics

•Heterogeneousdiskandtapestorageenvironments

•StandalonedatacenterbackboneswithencryptionandcompressioninBrocadeFOSandBrocadeM-EOSfabrics

•Securefabric-basedenvironmentsthatintegratewithexistingenterprisekeymanagementsystems

•Expandingencryptionenvironmentsthatrequireprotectionforcurrentdatasecurityandkeymanagementinvestments

INVESTMENT PROTECTION AND EFFICIENCYTheBrocadeFS8-18istheindustry’smosteffectiveencryptionplatformintermsofpowerefficiencyandsystemperformance.Infact,itprovidesseveraltimestheencryptionandcompressionprocessingpowerofcompetitiveofferingswhiledeliveringasignificantadvantageinrackspaceutilization.

Tohelporganizationsprotecttheirtechnologyinvestments,theBrocadeFS8-18integratedintotheBrocadeDCXBackbonefamilychassisfeaturesforwardandbackwardcompatibilitywithBrocadeB-SeriesandM-Seriesfabrics.Byadoptinganevolutionarystrategyratherthana“rip-and-replace”approach,organizationscansavesignificanttime,money,andeffortwhileminimizingdisruptionandrisk.

Moreover,strategicrelationshipswithBrocadePartnersprovidethebroadestchoiceofintegrated,best-in-classkeymanagementandsecuritysolutions.Thisintegrationenablesorganizationstoleverageexistingkeymanagementinfrastructureinvestmentsandmaintaincurrentpolicies,procedures,andtrainingefficiencies.

BROCADE ENCRYPTION PROFESSIONAL SERVICESBrocadeProfessionalServiceshelpsorganizationsdeployandaddresstheirmanagement,encryption,andsecurityprocessesinaholisticapproachtomeetcomplianceandregulatoryrequirementsforencryptionofdata-at-rest.Auniqueend-to-endapproachconsidersthesolutiondesignfromanarchitectural,policy,andoperationalperspective.

Followingthedesignphase,Brocadeexpertswillinstallandconfigurethehardwareintoaneworexistingfabricinahighlyeffectiveandtimelymanneraccordingtobestpractices.Uponcompletionoftheengagement,organizationsreceivefulldocumentationofthesolution.ThistransferofinformationeducatesITstaffsotheycanbetterunderstandandassumeresponsibilityforthesolution.

BROCADE GLOBAL SERVICES BrocadeGlobalServiceshastheexpertisetohelporganizationsbuildscalable,efficientcloudinfrastructures.Leveraging15yearsofexpertiseinstorage,networking,andvirtualization,BrocadeGlobalServicesdeliversworld-classprofessionalservices,technicalsupport,networkmonitoringservices,andeducation,enablingorganizationstomaximizetheirBrocadeinvestments,acceleratenewtechnologydeployments,andoptimizetheperformanceofnetworkinginfrastructures.

MAXIMIZING INVESTMENTSTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeprofessionalservices,technicalsupport,andeducation.Formoreinformation,contactaBrocadesalespartnerorvisitwww.brocade.com.

Systems ArchitectureFibreChannelports 16ports,universal(F/FL/E/EX/M)Ethernetports Tworedundant1000BaseTEthernetportsfor

clusteringandI/Osynchronizationduringrekeyingoperation

Smartcards Masterkeyrecovery,quorumauthorization,andsystemrecoveryoperations

Compressionfortape Hardware-baseddatacompressionpriortoencryption

Compatibility IEEE1619standard-basedmode(diskandtape)

DataFort-compatiblemode(diskandtape)Datarekeying Onlineorofflineconversionofdatafromcleartextto

ciphertext;manualorautomatedrekeyingsessionsCryptoscalability Upto256targetdevicesandinitiatorsper

encryptionengineCryptoengine Maximum96Gbpshardwareprocessingfordisk*

Maximum48Gbpshardwareprocessingfortapewithcompression*

FibreChannelperformance

1.063Gbpslinespeed,fullduplex;2.125Gbpslinespeed,fullduplex;4.25Gbpslinespeed,fullduplex;8.5Gbpslinespeed,fullduplex;auto-sensingof1,2,4,and8Gbpsportspeeds;optionallyprogrammabletofixedportspeed;speedmatchingbetween1,2,4,and8Gbpsports

Systemscalability UptofourBrocadeFS8-18bladesperBrocadeDCXBackbonefamilychassis

ISLTrunking Frame-basedtrunkingwithuptoeight8GbpsportsperISLtrunk;upto64GbpsthroughputperISLtrunk

Maximumframesize 2112-bytepayloadforFibreChannel

Classesofservice Class2(unencryptedtraffic),Class3(encryptedandunencrypted),andClassF(inter-switchframes)

Datatraffictypes Fabricswitchessupportingunicast,multicast(255groups),andbroadcast

BROCADE FS8-18 ENCRYPTION BLADE SPECIFICATIONS

DATASHEET

©2012BrocadeCommunicationsSystems,Inc.AllRightsReserved.03/12GA-DS-1222-05

Brocade,BrocadeAssurance,theB-wingsymbol,DCX,FabricOS,MLX,SANHealth,VCS,andVDXareregisteredtrademarks,andAnyIO,BrocadeOne,CloudPlex,EffortlessNetworking,ICX,NETHealth,OpenScript,andTheEffortlessNetworkaretrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Otherbrands,products,orservicenamesmentionedmaybetrademarksoftheirrespectiveowners.

Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.

Corporate Headquarters SanJose,CAUSAT:+1-408-333-8000info@brocade.com

European Headquarters Geneva,SwitzerlandT:+41-22-799-56-40emea-info@brocade.com

Asia Pacific Headquarters SingaporeT:+65-6538-4700apac-info@brocade.com

Mediatypes 8Gbps:UtilizesBrocadehot-pluggableSFP+,LCconnector;Short-WavelengthLaser(SWL);distancedependsonfiber-opticcableandportspeed

Fabricservices SimpleNameServer(SNS),RegisteredStateChangeNotification(RSCN),NTPv3,ReliableCommitService(RCS),DynamicPathSelection(DPS),BrocadeAdvancedZoning(defaultzoning,port/WWNzoning,broadcastzoning),N_PortIDVirtualization(NPIV),FDMI,ManagementServer,FSPF,EnhancedGroupManagement,IPFC,FrameRedirection,PortFencing,BBcreditrecovery

Optionalfabricservices:BrocadeFabricWatch,ExtendedFabrics,ISLTrunking,AdvancedPerformanceMonitoring,AdaptiveNetworking(per-dataflowQoS,IngressRateLimiting,TrafficIsolation,FabricDynamicsProfiling,andIntegratedRouting)

FIPScertification FIPS140-2Level-3ValidatedCryptographicModule

ManagementAdministratorroles Administrator,fabricadministrator,security

administrator,recoveryofficerKeymanagement NetAppLifetimeKeyManager(LKM)4.0;SafeNet

KeySecurek460;RSAKeyManager(RKM)Appliance;HPSecureKeyManager(SKM)/EnterpriseSecureKeyManager(ESKM);ThalesEncryptionManagerforStorage(TEMS);IBMTivoliKeyLifecycleManager(TKLM)

MechanicalsSize Width:3.60cm(1.41in)

Height:41.11cm(16.19in)

Depth:27.98cm(11.02in)

OccupiesoneslotinaBrocadeDCXBackbonechassisSystemweight 5.5kg(12.0lb)withoutSFPs

EnvironmentalsTemperature Operating:0°Cto40°C(32°Fto104°F)

Non-operating:–25°Cto70°C(–13°Fto158°F)Altitude Operating:Upto3000meters(9842feet)

Storage:Upto12kilometers(39,370feet)Shock Operating:20g,6mshalf-sine

Non-operating:33g11mshalf-sine,3/egAxis

PowerACinputrange 40to50VACMaximumpower 235watts

ConfigurationsBasecryptomodel BrocadeFS8-18EncryptionBlade:16Fibre

Channelports,48Gbps*maximumencryptionprocessing

Cryptoengineperformanceupgrade

96Gbps*maximumdiskencryptionprocessingupgradeforallBrocadeFS8-18EncryptionBladesinaBrocadeDCXBackbonefamilychassis

BROCADE FS8-18 ENCRYPTION BLADE SPECIFICATIONS (CONTINUED)

ForinformationaboutsupportedSANstandards,visitwww.brocade.com/sanstandards.Forinformationaboutswitchanddeviceinteroperability,visitwww.brocade.com/interoperability.Forinformationabouthardwareregulatorycompliance,visitwww.brocade.com/regulatorycompliance.

* Actualencryptionperformancelevelsvarybaseduponuserconfigurationandenvironment.

www.brocade.com