By Henry Baltazar  |  Posted 2004-05-17 Print this article Print

Decru Inc.s DataFort E515 appliance allows IT managers to ensure that the valuable data they move across their networks is encrypted and secure at all times.

Released last month, the DataFort E515 costs $30,000 ($60,000 for a two-node cluster). The DataFort E515 works seamlessly with Common Internet File System servers, Network File System servers and network-attached storage devices.

During eWEEK Labs tests, we found that the DataFort appliance could be introduced into a network fairly easily.

Dartmouth Colleges Center for the Evaluative Clinical Sciences used DataFort appliances to secure its data. Click here to read eWEEK Labs case study. Using encryption and some interesting security management capabilities, the DataFort E515 could selectively encrypt specific shares on our test file servers while keeping track of access rights.

The DataFort E515 uses 256-bit Advanced Encryption Standard to encrypt data. Using Decrus Storage Encryption Processor, the DataFort E515 is able to encrypt/ decrypt data at gigabit speeds.

When implemented in a network, the DataFort E515 creates secured file shares, known as Cryptainers, where users with proper credentials can access unencrypted data. Once a Cryptainer is set up, any user who attempts to access data using the original share mount will find that all data in that share is encrypted. The only way for users to get to their data then is to authenticate and access data directly from the Cryptainer share.

The DataFort E515 uses IPSec (IP Security) to protect the data streams running between authenticated users and protected file servers. With a software update expected to be released this month, the DataFort E515 will have the ability to protect data streams using SSL (Secure Sockets Layer) and WebDAV (Web-based Distributed Authoring and Versioning).

The DataFort E515 integrates with directory services such as LDAP, Active Directory and NIS (Network Information Service), and smart cards are used to add a second authentication factor for operations such as recovery and key storage.

Administrators can also configure the DataFort E515 to require an additional password when updating domain passwords. This adds another layer of security, but it will require IT managers to maintain two sets of passwords.

The DataFort E515 has an interesting group management feature that is designed to protect against evildoers gaining access rights by adding an account to a group. For example, if a rogue employee or hacker were to add an account to a companys human resources group, he or she could gain access to that groups file shares (and lots of sensitive information). The DataFort E515 can be configured to prevent this gambit by blocking access to accounts until they have been verified as legitimate.

The biggest drawback to the DataFort E515 is its lack of a centralized management system. The products Web management interface, despite its ease of use, can manage only one DataFort cluster. (Clusters are limited to two nodes at this time.) While this shouldnt be a concern for small and midsize companies, large enterprises with hundreds of file servers and several locations would be challenged by this limitation.

Decru officials said they are working on a centralized management system, but they have not commented on when to expect this feature.

We also would have appreciated more (or, should we say, some) granularity in the DataForts administrative functions. Right now, theres just a general administrator account, although company officials said an upcoming release will include roles for managing security, storage, servers/ shares and backup.

One thing the Decru system does very well is key recovery, requiring the authentication of as many as five users (with smart cards) for a recovery operation.

Data expiration is a problem that many IT managers need to deal with to ensure data is destroyed after its required retention period is over. Decru ably addresses this issue with its CryptoShred feature, although the CryptoShred name is a bit misleading because the encryption key, not the data itself, is shredded during the process.

Click here to read a review of another storage appliance—NeoScale Systems CryptoStor for Tape 502. Senior Analyst Henry Baltazar can be reached at henry_baltazar@ziffdavis.com.

Check out eWEEK.coms Storage Center at http://storage.eweek.com for the latest news, views and analysis on enterprise and business storage hardware and software.
Be sure to add our eWEEK.com storage news feed to your RSS newsreader or My Yahoo page:  


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel