Sunday, March 9, 2008

PMC-Sierra Introduces Controller-Based Encryption Chip Family

PMC-Sierra announced a new family of Tachyon storage protocol controllers featuring its "StorClad" encryption technology and capable of delivering 400,000 IOPS performance per channel. The new protocol controllers with integrated data encryption, the PM8031 QE8e+ for Fibre Channel and PM8002 SPCe 8x6G for SAS/SATA, enable storage OEMs to deliver high-performance secure storage solutions without introducing costly new components or equipment into the data center. The devices could be used in a controller-based encryption architecture that enables full encryption for data at rest at fraction of the cost of exiting encryption appliances.

PMC-Sierra's StorClad architecture supports the IEEE 1619.3 Key Management standard, is compatible with Key Management Servers (KMS) and works seamlessly with key management technologies from partners, such as RSA, to manage the keys and encrypt/decrypt the data through an advanced key management interface.

PMC-Sierra's StorClad storage architecture includes Tachyon controller-based encryption, protocol controller software and an advanced key management and programming interface, supported through PMC-Sierra's Tachyon Software Development Kit (TSDK). The StorClad encryption architecture is scalable to thousands of HDDs and enables the flexibility to encrypt at the Logical Unit Number (LUN), Application or I/O level. It supports multiple servers and encryption zones, and greater than one million keys in a single controller to deliver high-performance controller-based encryption system solutions at a fraction of the cost of using specialty storage appliances or deployment of encrypted HDDs.

StorClad encryption and data security features include:

  • Multiple IEEE 1619 compliant XTS-AES encryption engines;

  • FIPS / NIST certified ECB-AES encryption mode;

  • NIST recommended AES Key Wrap engines for each port;

  • Data parity protection across cryptographic boundaries;

  • Internal Data Encryption Key (DEK) cache;

  • 256-bit encryption keys;

  • Write-only encryption key registers;

  • Support for 520 block sizes;

  • External Key Management Interface and API; and

  • I/O protocol independent APIs.

See also