Cisco, EMC Partner On Data Encryption
The two companies unveiled the technology partnership at the EMC World conference, held this week in Orlando, Fla.
By bringing encryption with RSA key management to the Cisco SAN switch, Cisco and its solution providers can deliver encryption as a service, said Rajeev Bhardwaj, director of product management in Cisco's Data Center Business Unit.
There are various places to add encryption to data, including encryption appliances and tape drives with native encryption technology, Bhardwaj said. However, those methods typically decrease backup speed, require customers to manage yet another device in the data center, and force them to reconfigure their data center infrastructure, he said.
"We will deliver encryption as a fabric service," Bhardwaj said. "To enable encryption on a SAN, customers just get a line card, insert it into the SAN switch and that's it. No infrastructure change."
The Cisco Storage Media Encryption technology, due out in the second half, will initially be aimed at encrypting data as it goes to tape, Bhardwaj said. Encryption of data at rest on hard drives or virtual tape libraries will be available afterward, he said.
Solution providers said encryption is starting to become important to larger customers, and it's good for vendors to seek new ways to address the issue. Yet they disagree on whether the SAN fabric is the right place to add encryption.
Cisco's move to add encryption and RSA key management to the SAN fabric reflects the vendor's plan to add intelligence to storage networks, said Jamie Shepard, vice president of technology solutions at International Computerware, a Marlborough, Mass.-based solution provider.
"The encryption piece is part of the next generation of what Cisco is trying to do in putting intelligence in the SAN fabric, including adding replication via EMC's Kashya, and Fibre Channel over IP," he said.
The encryption will make it easier to take Cisco SAN infrastructure to customers that previously hadn't considered it, according to Shepard. "It's great for customers," he said. "They don't need to hire different guys to run this piece and this piece and that piece."
Jason Forrest, national practice director at FusionStorm, a San Francisco-based solution provider that has been encrypting data using appliances from NeoScale, said combining the encryption, RSA key management and replication on the MDS 9000 is a good fit.
"There's value in completely consolidating with Cisco," Forrest said. "If you look at a Brocade switch with Fibre Channel and iSCSI, you'll have a stack of boxes, all with different management."
The new Cisco/EMC technology will simplify things, said Keith Norbie, director of the storage division at Nexus Information Systems, a Plymouth, Minn.-based solution provider. "It's a simple integration and should be easy to sell," he said.
However, customer acceptance depends on pricing, Norbie added. "With Cisco, if you need more Gigabit Ethernet ports, the cost per port on a blade for the MDS 9000 is much higher than buying another smaller Cisco Catalyst switch for a stand-alone workgroup," he said. "The law of economics will rule."
Bhardwaj said the Cisco SME, when used for encrypting data to tape, will compete well with tape drives with embedded encryption technology.
"Cisco is looking at operational efficiencies," he said. "There's a huge number of legacy tapes that aren't encrypted. Also, do you want one way to encrypt, or three? One way of key management, or three?"
Though Cisco is the first to integrate a SAN switch with EMC's encryption with RSA key management, the technology alliance isn't an exclusive arrangement, said Dennis Hoffman, vice president and general manager for data security and chief strategy officer at RSA.
"The technology is available to all," Hoffman said. "Cisco doesn't expect RSA to be the only technology on the market. And Cisco realizes that, despite having a growing market, it's not the only technology available on the market."