productSHOWCASE
videoTECHNOTES
analogZONE
acquisitionZONE
audio/videoZONE
highpowerZONE
lowpowerZONE
rlcZONE
wirelessZONE
binaryZONE
dsp/mcuZONE
programmablelogicZONE
designDEN
connectorZONE
designDEN
toolsZONE
greenZONE
greenpowerZONE
greentechZONE
networkZONE
connectivityZONE
networkZONE
test&measurementZONE
engeniusBLOG
referenceZONES
productARCHIVE
technoteZONE
siteARCHIVES
bookREVIEWS
dennisARCHIVE
editorialARCHIVE
reportsARCHIVE

connectivityZONE Products for the week of March 10, 2008

PMC-Sierra Says…

Controller-Based Encryption Product Family For Secure Enterprise Storage
Tachyon Fibre Channel and SAS/SATA controllers with StorClad encryption architecture enable high performance, cost-effective data security for networked storage systems

PMC-Sierra, Inc. has announced a new family of Tachyon storage protocol controllers featuring its StorClad  encryption technology platform that significantly improves system performance, cost and manageability compared to currently available data security solutions. According to IDC, total spending on IT security hardware and software will reach $65 billion by 2010, while only a fraction of critical data is currently being secured due to the high cost and low performance of today’s software or appliance-based solutions. PMC-Sierra’s new protocol controllers with integrated data encryption, the PM8031 QE8e+ for Fibre Channel and PM8002 SPCe 8x6G for SAS/SATA, enable storage OEMs to deliver high-performance secure storage solutions without introducing costly new components or equipment into the data center. PMC-Sierra’s StorClad controllers are capable of delivering 400,000 IOPS performance per channel at a fraction of the cost of today’s encryption appliances.

PMC-Sierra’s controllers with StorClad technology can be deployed into existing storage system infrastructures, preserving years of IT investment by eliminating the need for new and expensive disk-drive technology or external security appliances. The StorClad architecture supports the IEEE 1619.3 Key Management standard, is compatible with Key Management Servers (KMS) and works seamlessly with KMS providers to manage the keys and encrypt/decrypt the data through an advanced key management interface.

“PMC-Sierra worked closely with leading storage OEMs and Key Management providers to develop these innovative Controller-Based Encryption solutions,” said Mark Stibitz, vice president and general manager for PMC-Sierra’s Enterprise Storage Division. “Integrating StorClad technology into our Tachyon Fibre Channel and SAS/SATA controller family enables our customers to offer advanced data security in a practical encrypted storage system solution, while maintaining their existing software and hardware infrastructure.”

Security Technology Innovation with Industry Standards

PMC-Sierra’s StorClad storage architecture includes Tachyon controller-based encryption, protocol controller software and an advanced key management and programming interface, supported through PMC-Sierra’s Tachyon Software Development Kit (TSDK). The StorClad encryption architecture is scalable to thousands of HDDs and enables the flexibility to encrypt at the Logical Unit Number (LUN), Application or I/O level. It supports multiple servers and encryption zones and greater than one million keys in a single controller to deliver high-performance controller-based encryption system solutions at a fraction of the cost of using specialty storage appliances or deployment of encrypted HDDs.

StorClad encryption and data security features include:
  • Multiple IEEE 1619 compliant XTS-AES encryption engines;
  • FIPS / NIST certified ECB-AES encryption mode;
  • NIST recommended AES Key Wrap engines for each port;
  • Data parity protection across cryptographic boundaries;
  • Internal Data Encryption Key (DEK) cache;
  • 256-bit encryption keys;
  • Write-only encryption key registers;
  • Support for 520 block sizes;
  • External Key Management Interface and API; and
  • I/O protocol independent APIs.



EN-Genius Says…

By providing the raw materials required to turn an inexpensive server or host bus adapter (HBA) into a high-performance encrypted storage controller, PMC has bridged the gap between low-cost, low-performance software-based storage encryption solutions and the costly ($20 k - $40 k) dedicated secure storage appliances that dominate the market today. By adding encryption and key management functionality elements to their well-proven SAS/SATA and FibreChannel controllers, they’ve enabled you to develop secure storage products using inexpensive generic discs and without the need for an external security engine such as Cavium’s OCTEON SSP processor family (reviewed here July 2007).

Both the PM8031 quad-channel FibreChannel SAN controller and PM8002 SAS/SATA attached storage controller build on the Tachyon controller technology that they acquired with the 2006 acquisition of Agilent’s storage products group. The PM8002, for example, is an upgrade of the PM8000, 8-lane 6G SAS/SATA protocol controller (reviewed here April 2007) which adds a data encryption acceleration core and the hooks to support encryption key management software from RSA, IBM, Decru, Sun, nCipher, HP and most other popular vendors. Its encryption accelerator core is primarily composed of multiple pipelined math engines running in parallel to support the huge number of AND/OR and Elliptic Curve operations required by AES. Offloading most encryption-related tasks allows the PM8301 and PM8002 to encrypt /decrypt data at wire speed without impacting I/O performance.

Besides accelerating the actual encrypt/decrypt process, the controllers also simplify the design of a secure storage product by providing a straightforward API for the encryption engine plus software support for most popular key management software packages. Thanks to the addition of dedicated hardware that accelerates the secure key exchange process, your storage system can handle large numbers of clients, all with different access privileges, without breaking a sweat.

For those involved with high-security applications, you’ll be pleased to know that the controllers are available in a FIPS-compliant exposed die package that discourages tampering and is designed to render itself non-functional if the packaging is breached.

To my knowledge, PMC is the first player to incorporate secure storage functionality into their merchant silicon at the 6 Gbit/s speed level. LSI’s family of SAS controllers supports only 3 Gbit/s and, at least in their standard product line, does not support encrypted data without an external processor. To be fair, they do offer complete HBA cards for both SAS/SATA and FibreChannel that run at PMC’s speeds but I believe that you still need an external processor to support encryption. Some of the SAS/SATA HBA offerings from Broadcom do offer encryption, but they support slower data rates and seem to be equipped to support SMB and smaller enterprise applications so they probably don’t lend themselves to scaling up for the larger data center products that PMC’s devices do with ease. I’d also infer from the lack of any new storage product announcements for well over a year that they are may not be actively pursuing this market anymore. Since Marvell has shown no interest in discussing any of its products with me for nearly two years and their web site contains only the barest information about their storage products I cannot offer any insights on whether they have anything that compares to either the PM8031 or PM8002.

The Tachyon controllers with StorClad technology are available now to select partners. Pricing is $400 in prototype quantities and PMC-Sierra says that more information, including datasheets and pricing, is available at the storage products area of their web site but, at the time this review goes to press, I could not locate any links to the products mentioned here. If this persists, you can contact PMC-Sierra here.
Send this page to a Colleague!

Click here for Product Archives

Return to the connectivityZONE
Saltshaker Rating: 2.5
Lee's Saltshaker Rating