By Henry Baltazar  |  Posted 2006-03-06 Print this article Print

With its ability to push 10g bps of data through a single appliance, Network Appliances Decru DataFort FC1020 packs a ridiculous amount of encryption processing power into a neat 2U chassis.

The biggest thing stopping many IT managers from implementing encryption has been the latency and complexity that encryption can add to data protection procedures. With its incredible throughput and improved management capabilities, however, the Decru DataFort FC1020 should slip into backup infrastructures without major complications.

The DataFort FC1020 chassis has 10 2G-bps ports, but the form factor is nearly identical to that of the FC1020s predecessor, the two-port DataFort FC520.

Encryption and backup go hand in hand. Read more here. At first glance, the only noticeable difference between the 10- and two-port units is the unpleasant whine of the additional cooling fans in the DataFort FC1020.

But a single DataFort FC1020 can replace five of the older appliances, and, with a starting price of $100,000, the DataFort FC1020 is actually 40 percent less expensive than purchasing five two-port DataForts. (We recommend that IT managers purchase DataFort units in pairs, however, for redundancy.)

The encryption horsepower in the DataFort FC1020 comes from PCI cards equipped with FPGAs (field-programmable gate arrays). By adding PCI cards and making some minor changes to the DataFort FC520 chassis for extra cooling power, Decru was able to boost performance without increasing the DataFort familys form factor.

Another benefit to using FPGAs is that it gives Decru the ability to update encryption as existing technologies become obsolete. Decru currently uses AES (Advanced Encryption Standard) 256 in its DataFort appliances.

The DataFort FC1020 functions as a pass-through appliance, encrypting data in-stream as it travels from the backup servers onto tapes. Five of its ports are configured for inbound traffic, while the other five ports fire outbound data to the tape drives.

One thing we like about the in-stream nature of the DataFort FC1020 is that it allows the appliance to be deployed without adding agent software.

Improved management

Perhaps even more important than the DataForts stellar performance are the tools Decru has created to cluster DataFort units.

IT managers can cluster up to four 10-port DataFort FC1020s and up to four two-port DataFort FC520s. Combined, these devices can encrypt as much as 48G bps of data throughput and will allow IT staff to manage the encryption of dozens of tape drives from a single console.

While the FC1020 does not support disk encryption, the other Fibre Channel DataFort appliances do. This is a useful capability because it will allow the secure partitioning of SAN (storage area network) resources among department groups with confidential data. With secure partitions in place, IT managers can cash in on the benefits of consolidated storage without worrying about interdepartmental data theft.

Key management is still a major strength for Decru: LKM (Lifetime Key Management) allows IT administrators to manage the keys used by DataFort appliances throughout an organization. In the event of a disaster, LKM can move keys stored on incapacitated DataFort units onto new DataFort appliances at a disaster-recovery site.

We also like the administrative granularity built into its security appliances. Decru DataForts have eight administrative roles that can be assigned to specific staff members.

Next page: Evaluation Shortlist: Related Products.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel