HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 410

• Data confidentiality-Packets are encrypted by the sending device before transmitting them over the network. • Data integrity-Packets are authenticated by the receiving device to ensure that data has not been altered during transmission. • Data-origin authentication-The packet source can be authenticated by the receiving device. • Anti-replay protection-Replayed packets can be detected and rejected by the IPsec receiver. CHAP authentication C-series IP modules support CHAP, which uses a three-way handshake to ensure that validity of remote clients. C-series CHAP requires that you configure a password. which the switch presents to the iSCSI initiator. This password is used to calculate a CHAP response to a CHAP challenge sent to the IP port by the initiator. B-series Encryption Switch and Encryption FC Blade security This section describes the security features for the B-series Encryption Switch and Encryption FC Blade. For switch models and fabric rules, see "B-series switches and fabric rules" on page 93. The B-series Encryption Switch is a high-performance, 32-port autosensing 8 Gb/s Fibre Channel switch with data encryption/decryption and data compression capabilities. The switch is a network-based solution that secures data-at-rest for disk array LUNs using IEEE standard AES 256-bit algorithms. Encryption and decryption engines provide in-line encryption services with up to 96 Gb/s throughput for disk I/O (mix of ciphertext and cleartext traffic). For details on the B-series Encryption Switch, including deployment scenarios, see the Fabric OS Encryption Administrator's Guide available at http://h18006.www1.hp.com/storage/ saninfrastructure/switches/encrypt_sanswitch.html. NOTE: HP does not currently support the tape encryption features of the B-series Encryption Switch and Encryption FC Blade. Features • High-performance, scalable fabric-based encryption to enforce data confidentiality and privacy requirements • Unparalleled encryption processing at up to 96 Gb/s to support heterogeneous enterprise data centers • Integration with HP Secure Key Manager, providing secure and automated key sharing between multiple sites to ensure transparent access to encrypted data • Industry-standard AES 256-bit encryption algorithms for disk arrays on a single security platform for SAN environments • Frame Redirection technology that enables easy, nonintrusive deployment of fabric-based security services • Plug-in encryption services available to all heterogeneous servers, including virtual machines, in data center fabrics • Scalable performance with on-demand encryption processing power to meet regulatory mandates for protecting data 410 Storage security