By Henry Baltazar  |  Posted 2004-05-17 Print this article Print

NeoScale Systems Inc.s CryptoStor for Tape 502 appliance can help IT managers ensure that the data they back up to tape is secure, even when it is stored off-site.

As a removable media format, tape has physical security risks that make it an appealing target for data thieves. The CryptoStor for Tape 502 appliance encrypts data before it is backed up to tape, so someone can steal the tape but wont be able to read the data stored on it.

Using Triple DES (Data Encryption Standard) or AES (Advanced Encryption Standard), the CryptoStor appliance encrypts data before it is written to tape and seamlessly decrypts the data when an authorized user makes a request for it. In eWEEK Labs tests, the appliance was simple to use and integrated easily into existing backup processes.

The CryptoStor for Tape 502, which began shipping last month for $20,000, works with commonly used backup products from vendors including Hewlett-Packard Co., Veritas Software Corp. and Computer Associates International Inc. It also works with the tar archiving utility, which should be useful for Unix administrators who create their own backup scripts. No agents or additional software need to be added to servers or clients to deploy CryptoStor appliances.

We tested the CryptoStor for Tape 502 with two 2G-bps Fibre Channel ports; a $17,000 version of the appliance is also available with two LVD (Low Voltage Differential) SCSI ports for companies that dont have a backup SAN (storage area network) and want to attach the CryptoStor appliance directly to their tape libraries.

Both the Fibre Channel and the SCSI versions of the appliance sit between the hosts and the tape drive (or libraries), encrypting data without affecting the backup applications. Neither version works with the hardware-based compression typically found on tape drives, but the appliance automatically turns off tape-drive compression according to specified backup jobs going through CryptoStor.

The CryptoStor appliances do have built-in, hardware-based LZS Compression (technology from Hifn Inc.), which compresses data before it is encrypted.

The CryptoStor for Tape 502 can handle as much as 100MB per second of throughput, which should be sufficient for most small libraries. For larger backup networks, as many as eight CryptoStor appliances can be clustered.

Keys for the CryptoStor appliances can be stored on the tape itself or in a central repository located on the appliances. (When a key is written to media, you still need a system key to decrypt and use it.)

The CryptoStor appliances use multilayered security, starting with two-factor authentication for user access (smart card and log-in/password). The appliances also run a hardened operating system and store local keys in an encrypted format. If a CryptoStor appliance is physically compromised, the security data is automatically destroyed by the appliance.

Click here to read a review of another storage appliance—Decrus DataFort E515. Senior Analyst Henry Baltazar can be reached at henry_baltazar@ziffdavis.com.

Check out eWEEK.coms Storage Center at http://storage.eweek.com for the latest news, views and analysis on enterprise and business storage hardware and software.
Be sure to add our eWEEK.com storage news feed to your RSS newsreader or My Yahoo page:  


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel