NeoScale Systems Inc.s CryptoStor SAN VPN is the first VPN on the market designed to protect Fibre Channel storage area network traffic over WAN links.
As with many other storage security products, the $40,000 CryptoStor SAN VPN appliance is designed to help companies achieve compliance with regulatory mandates and reduce liability. Its true that Fibre Channel networks are not targeted by hackers as often as IP networks are. However, as SANs become larger and more commonplace, Fibre Channel will become a bigger target, and products such as CryptoStor SAN VPN will be necessary.
CryptoStor SAN VPN, which started shipping at the end of last year, is geared primarily for high-end enterprises that must support synchronous mirroring between their data centers and their remote sites. The protection provided by the CryptoStor SAN VPN will allow IT managers to use public MANs (metropolitan area networks) without the threat of eavesdropping.
The CryptoStor SAN VPN protects Fibre Channel traffic in transit using the Fibre Channel Security protocol, which integrates IP Security into Fibre Channel. NeoScale Systems implementation of FCSec (there currently is no standard for the protocol) is used to create an encrypted tunnel between CryptoStor SAN VPN units without altering the FCSec protocol.
The CryptoStor SAN VPN uses AES (Advanced Encryption Standard)-256 and IKE (Internet Key Exchange) to rotate keys.
During tests, eWEEK Labs found it fairly easy to set up the CryptoStor SAN VPN. Two units (one on each side of the WAN) must be used to form the tunnel.
Once keys are synchronized between the two VPN units, the traffic that runs between the units is encrypted. The Fibre Channel traffic is decrypted at the second VPN, so its not apparent that information traveled over the WAN encrypted. The device is programmed to destroy the security keys if an attempt is made to break into the chassis.
The CryptoStor SAN VPN compresses data to optimize WAN performance. The device also has a large number of Fibre Channel cache buffers, which allow it to extend the range of SAN links—2G-bps throughput across 230 kilometers and 1G-bps throughput across 460km.