Boost PC performance: How more available memory can improve productivity
Bloombase Turnkey Data At-Rest Security Compliance Solution for EMC Celerra
1. BLOOMBASE TURNKEY DATA-AT-REST
SECURITY COMPLIANCE SOLUTION
FOR EMC CELERRA
EMC CELERRA WITH BLOOMBASE SPITFIRE STORESAFE
ESSENTIALS
Electronic business data represents an invaluable core asset of today’s enterprises and
organizations. Enterprise customers are concerned about being able to manage and use
• Bloombase Spitfire StoreSafe is an sensitive information to optimize day-to-day business operations, while protecting it and
industry-proven solution for immediate
satisfying information privacy compliance needs—without the expense of drastic system
security compliance of various standards
including HIPAA, PCI DSS, SB 1386, SOX, change and performance degradation.
and more The Bloombase Spitfire data-at-rest solution offers advanced security capabilities for a reliable,
• Bundled Spitfire KeyCastle enables application-transparent, cipher-text information storage infrastructure. Its tamper-proof
automated initial migration of EMC Celerra hardware encryption key security module ensures confidentiality and integrity throughout
contents, rekey, and full lifecycle
its whole lifecycle. Bloombase Spitfire Cryptographic Module is NIST FIPS 140-2 certified
management of cryptographic keys
providing FIPS-approved RSA and AES cryptographic algorithms, together with non-FIPS
• A web-based management console,
ciphers including Camellia, SEED, 3DES, Twofish, Blowfish, etc.
command line interface console, and
SNMP offer total, simplified management Sensitive persistent data is stored as cipher-text securely stored in EMC® Celerra®. The
• Unlike proprietary dedicated hardware encryption and un-encryption processes are automated by re-routing storage paths via
with a high entry price, Bloombase Spitfire Bloombase Spitfire StoreSafe Security Server cluster providing virtual plain contents to
assumes a pay-as-you-go licensing model
authorized hosts and applications.
to help reduce your initial investment
• To maximize ROI, a single Bloombase EMC Celerra storage targets are accessed by iSCSI, CIFS, and/or NFS storage protocols via
Spitfire StoreSafe product: Bloombase Spitfire StoreSafe Security Servers. Ciphered sensitive information is stored in
– Enables multiple storage hosts and the EMC Celerra storage system for centralized management. Only authorized access of
applications to produce and consume virtual-plain information, by trusted applications and systems, per access rules and security
secured at-rest data profiles governed by Bloombase Spitfire StoreSafe encryptors is permitted. Application data
– Supports multiple EMC Celerra LUNs, file files, directories, and storage volumes are protected by strong encryption offered by
servers, and shares Bloombase Spitfire StoreSafe virtual storages, enabling application servers to achieve
– Supports both file- and block-based various information privacy compliance standards immediately and effectively.
protection for CIFS, NFS, and/or iSCSI
EMC Celerra storage resources
SOLUTION ARCHITECTURE
The Bloombase Spitfire data-at-rest encryption solution offers wire-speed, on-the-fly
encryption and un-encryption of storage data in an EMC Celerra network-attached storage
(NAS) system. It requires minimum change in the application tier by dropping-in Spitfire
StoreSafe security servers in the storage paths.
The Bloombase Spitfire High Availability Suite brings together dual Spitfire security servers
as a cluster so when active node fails, backup node picks up and maintains non-stop,
mission-critical service at complete storage and host transparency, requiring minimal
operator attention. Extending to the disaster recovery infrastructure, storage cipher-texts at
the primary site are replicated in their natural encrypted form over a private network to a
backup storage system at a secondary site, and secured by a replica of Bloombase Spitfire
SOLUTION OVERVIEW
2. StoreSafe and KeyCastle servers. As storage contents reside on EMC Celerra in their native
ciphered form, data backup done over the physical storage resources is inherently
encrypted, immediately satisfying secure archival needs.
The easy-to-manage Bloombase Spitfire storage security solution helps organizational cus-
tomers enforce data confidentiality for storage, which improves overall system security,
enables fast key rotation, reduces user workflows, segregates data ownership from adminis-
tration and operation, and enhances efficiency and internal controls.
Figure 1.
RESULTS
• A TPC-C-based database benchmarking test is carried out on a sample database stored in
an EMC Celerra secured by a Bloombase Spitfire StoreSafe storage security solution.
• TPC-C-like queries (with EMC Celerra read, Bloombase Spitfire unencryption) and updates
(with Celerra write, Bloombase Spitfire encryption) are generated and applied to simulate
workload on the EMC Celerra/Bloombase Spitfire setup.
Figure 2. TPC-C queries
• For TPC-C queries, Bloombase Spitfire StoreSafe encrypted database server stored in EMC
Celerra recorded a nine percent drop in throughput, compared to 31 percent for host-based
and 64 percent for column-based.