Santa Clara, Calif.-based Sun Microsystems made a special trip to New York Sept. 13 to introduce a spate of new products, including new device-level tape encryption with key management for its Sun StorageTek T10000 tape drive. It also unveiled the first virtual tape library to run on the Solaris 10 operating system.
The rollout came one day after IBM introduced what it called the data security markets "first comprehensive tape encryption solution" with its new Encryption Key Manager, which stores and encrypts data-and the keys that open the data-on high-density tape cassettes.
Both companies clearly understand the fast-growing nature of the data storage market in all its forms: disk drives, storage software, storage services, flash memory and especially tape storage, which is perceived by many data storage customers to be the most cost-effective hardware of them all.
Tape needs zero power and cooling when not being used and is easier to physically store and transport than disk drives. Random access has always been the Achilles heel of tape storage, but, hey, nothing is perfect; even the great Babe Ruth struck out a lot.
In this fresh flare-up between the two companies, the software pits Big Blues Encryption Key Manager against Suns StorageTek Crypto Key Management Station. On the hardware side, its IBM's System Storage TS1120 tape drives facing off against Sun's StorageTek T10000 tape drive.
Both methodologies enable users to encrypt data from the storage servers directly onto the tapes, whether they are using mainframes or Unix, Windows, AIX or Linux tape storage systems. (IBM's doesn't run on Solaris, however; Sun's, of course, does.)
IBM uses public-key while Sun uses symmetric key encryption (AES-256), which uses the same key to both write and read data. Public key encryption is more computationally intensive and requires a much longer key than a symmetric key algorithm to achieve the same level of security.
The "key" difference between the two? IBM's keys are also individually encrypted and attached directly to each storage tape cassette.
"Imagine having an apartment complex with 100,000 units. This is like leaving a key taped to each door, instead of having them spread all over the place-on key rings, under the mat and so on," said Andy Monshaw, general manager for IBM System Storage, based in Armonk, N.Y.
"However, you have to unencrypt the key first before you can go inside, where all the contents are also encrypted. So there are two pretty substantial layers of protection. We believe the algorithm used [developed by RSA Security] is computationally unfeasible to break into ... using brute force," or hacking, Monshaw said.
Sun is nonplussed by this innovation, however.
"Sun's device-level encryption on the T10000 is clearly a bigger threat than IBM anticipated," Nigel Dessau, Sun's vice president of storage marketing, told eWEEK.
"We are delivering tape encryption and a key management approach that speaks to two key customer requirements-simplicity and security. The reality is we're addressing mainframes and open systems with a single key management approach without having to change your applications or operating environment."
Sun management has made sure to leverage the company's considerable network infrastructure assets-including its newly upgraded Sun Fire servers, Sun Ultra Workstations and the open-source Solaris 10 operating system-to provide enhanced tape security and virtualization capabilities beyond what the old StorageTek product line was able to deliver by itself.
Sun's acquisition of StorageTek a year ago for $4.1 billion was proof that it was serious about becoming a key player in the storage market. When it bought the Colorado-based company, it immediately became No. 4 in the world storage services market behind IBM, Hewlett-Packard and EMC. Sun fully intends to improve that standing; CEO Jonathan Schwartz has said so in no uncertain terms several times.
And all four of these companies continue to invest in a technology that has often been written off as antiquated many times during the last couple of generations.
"To address the need of protecting data at multiple points in the life cycle, Sun is also enabling customers to protect data at the virtualization layer," Dessau said.
"Today's announcement is the latest demonstration of the power delivered by the integration of Sun and StorageTek."
Here are brief descriptions of Sun's new tape products:
- Sun StorageTek Crypto-Ready T10000 tape drive reduces the risk of exposing data to unauthorized parties, protecting against both off-site and on-premises data loss and enabling secure shipment of data. The tape drive uses the AES-256 encryption algorithm as it is written to the drive, regardless of the application, operating platform or primary storage device, and without impacting backup or restore times.
- Sun StorageTek Crypto KMS (Key Management Station) manages keys used to encrypt and decrypt data on the StorageTek T10000 tape drive. It comprises a Sun Ultra 20 Workstation-based appliance running the Solaris 10 OS and Key Management Software. It utilizes AES-256 encryption and is designed for compliance with the Federal Information Processing Standard 140-2 certification.
- StorageTek VTL Plus appliance is built on the Sun Fire server platform and the Solaris OS. The appliance delivers a 30 percent performance increase that results in faster backups in smaller backup windows with fewer failures, a Sun spokesperson said.
Sun also provides Sun StorageTek Encryption Consulting Services, which include security risk analysis, vendor selection, vendor interoperability and proof-of-concept, and solution implementation.
Pricing and availability
The StorageTek T10000 tape drive starts at $37,000. The encryption option on the StorageTek Crypto Ready T10000 tape drive is priced at $5,000 per drive. The StorageTek KMS with KMS implementation services is $45,000 and will be available in late October. The StorageTek VTL Plus appliance starts at $140,000 and will be available in December.