|
||||||||||||||||||||
PR Contact:
Company Contact: |
Applications
Introducing SecureNAS T1 SecureNAS T1 is now FIPS 140-2 compliant The Enova SecureNAS T1 is a secure Network Attached Storage (NAS) system that integrates Enova's latest FIPS 140-2 certified X-Wall MX-256 and X-Wall MX-256C crypto modules that are responsible for en/decrypting all connected disk drive array real-time. The AES secret keys that operate the X-Wall MX crypto modules are delivered securely via a remote Key Server which runs under the Administrator's Windows PC/Laptop. The entire disk array is hardware encrypted by the X-Wall MX real time crypto module (full disk encryption) thus the overall disk IO throughput is unaffected. As the AES secret keys that operate the entire SATA disk array are not stored permanently inside the system, attempts to remove each individual drive to get to the data will be proven futile. Furthermore, stolen of the entire system presents absolutely no harm to the encrypted data stored inside the disk drives as the AES secret keys are delivered via a remote Key Server upon power on authentication for which a proven Public Key Infrastructure (PKI) has been deployed.
Please reference above Enova SecureNAS T1 hardware architecture to which X-Wall MX sits at the backplane of the disk array and the AES secret keys that operate the disk array are securely delivered via the LAN port through a remote Key Server upon authentication (certificate exchange). The Enova SecureNAS T1 comes with a minimum of 16 drive bays that are capable of housing 16 SATA disk drives. A 42 bays version will soon become available. The RAID configurations are 0, 1, 5, 6, and 10. Two full duplex Gigabit Ethernet ports, which can be trunked together through software settings that offers twice the bandwidth a standard Gigabit Ethernet could offer, are provided for TCP/IP connection. Enova SecureNAS T1 secures your networked storage. Guaranteed. FIPS 140-2 Certified Data-At-Rest (DAR) Security. The Enova SecureNAS T1 equips FIPS 140-2 certified X-Wall MX crypto modules that are responsible for en/decrypting the entire disk array 1 2 3. It combines secure authentication through certificate exchange, real-time full disk encryption to each individually connected SATA disk drive, and secure logging to provide unprecedented protection for sensitive data-at-rest. All addressable sectors of a SATA disk drive are hardware encrypted. The AES secret KEYS are never stored inside the system which guarantees absolutely harmless situation should an Enova SecureNAS T1 system ever get stolen. Attempts to remove a number of disk drives to get to the data stored are proven futile as each connected SATA disk drive is real-time encrypted whereas the AES secret KEYS are only available through secure authentication from a remote Key Server. Advanced Security Architecture. The security system consists of five primary security sub-systems:
No Performance Degradation. The Enova X-Wall MX transparently and automatically encrypts each individually connected SATA disk drive of a RAID storage, offering a sustained AES ECB/CBC 256-bit cryptographic strength at over than 120MB/sec throughput sustained. The RAID storage is engineered for SCSI 320 performance and as the entire encrypted/decrypted Input/Output are real-time performed at the backplane. There isn't noticeable performance degradation due to heavy cryptographic operation. Automated Key Management. The SecureNAS T1 system contains a set of patented X-Wall MX FIPS 140-2 certified crypto modules sitting at the backplane of the RAID controller. The AES secret keys (AES 256-bit length) that operate the entire disk array are generated and securely stored on the remote Key Server. At the power on reset, the encrypted secret AES keys are delivered via a secure authenticated channel (SAC) to the SecureNAS T1 system where the AES secret keys are decrypted and delivered across the backplane of a RAID controller to enable each connected disk drive. In order to establish the SAC, the SecureNAS T1 system and Key Server must be able to authenticate one another. This process is facilitated by a one-time setup operation initiated by the system administrator during which time the SecureNAS T1 and Key Server exchange certificates. Real-time Full Disk Encryption Capability. All the data stored on the RAID disk array are real-time encrypted. There is absolutely no clear text left unprotected in the SecureNAS T1 system. Authentication and Access Control. The SecureNAS T1 system provides an automatic and secure authentication architecture for client access and storage management. As the data-at-rest en/decryption occurs at the backplane of a RAID controller, support for client access control of directory servers such as Active Directory and LDAP is automatic thus doesn't complicate your existing network access control infrastructure. Keys Recovery & Deletion. All important AES secret keys, Certificates, Public and Private Keys are stored inside the Key Server encrypted and only the system Administrator has the right key to decrypt and to export. It can be transported to other Key Server to give you peace of mind. As all credentials are delivered to the SecureNAS T1 system from a remote Key Server via a Secure Authentication Channel (SAC), the SecureNAS T1 does not contain any credentials that could have harmed the sensitive data-at-rest, not even with the stolen of the entire SecureNAS T1 system. Remote Secure Files Backup (Optional). All encrypted files contained inside the SecureNAS T1 can be exported encrypted to another designated SecureNAS T1 through its powerful Remote Secure Files Backup utility. The encrypted data-at-rest is firstly decrypted from the X-Wall MX , re-encrypted then send through another SecureNAS T1 encrypted using the same AES secret keys of the designated SecureNAS T1 . The operation is totally transparent and does not involve any user intervention. Deployment Made Easy with Enova SecureNAS T1 System The SecureNAS T1 system can be deployed just like a standard NAS without technical complication. It can fit seamlessly into the existing networked storage infrastructure while providing advanced real-time data-at-rest security without complications. There is no software to be installed on the client side other than the Key Server. The implementation does not require users to alter their regular computing behavior. Transparent Operation. Upon setting up the SecureNAS T1 in a matter of minutes, ongoing system management is simple and straight forward via a web-based interface and common tools such as SNMP. No System Complications. As the data-at-rest security is done through the backplane of a RAID controller, the SecureNAS T1 behaves just like a regular NAS for regular data read/write. Unlike other product that encrypts the TCP/IP payload, which causes lots of system complications, the SecureNAS T1 can do the job better and secure. Support of user access control such as Active Directory Service and LDAP is automatic and transparent. The SecureNAS T1 natively supports CIFS and NFS as a default standard. iSCSI supports require additional license. Easy to Expand Capacity. The SecureNAS T1 equips with 16 hot-pluggable SATA drive bays. Capacity can be easily added with additional purchase of a SATA1.0a and SATA2.0 compliant disk drive. Reliable and Durable. The SecureNAS T1 is built for robust data-at-rest encryption. There are more advanced features such as redundant power supply and heat dissipation that would sustain a durable life of operation. The hot-pluggable SATA disk drive design enables quick data recovery and repair, making the maintenance job much less challenged. 1 For complete Enova X-Wall MX real-time cryptographic processor information, please review below web link:
http://www.enovatech.net/products/mx_info.htm for more information.
|
