Professional Documents
Culture Documents
Solution
RSA Solution
Brief Brief
PowerPath
with of
RSA
ManagingEncryption
the Lifecycle
Encryption
Keys
with
The
EMC Solution for
Securing
Data in
Enterprise
Storage
RSA Key
Manager
PowerPath Encryption with RSA is a powerful tool for ensuring the confidentiality of
critical information in the enterprise. Leveraging the unique position that
PowerPath has in the I/O stack below the application level, database level and
file system level but above the HBA and I/O drivers PowerPath Encryption with
RSA enhances the scalability and heterogeneous support of storage arrays that
PowerPath provides with security capabilities that are unique in the industry.
Remote employees
Partners
Internet
Leak via
print/copy
Network leak
IM, HTTP, FTP,
etc.
File servers
Enterprise apps
Production databases
Business analytics
Collaboration &
content mgmt..
Privileged user
breach/hack
Privileged user
breach
Disk arrays
Backup tapes
Theft/loss
e-Mail leak or
packets sniffed
in transit
App., database
or encryption
key hack
eRoom/
SharePoint
hack
Discarded
disk
exploited
IP
forwarded to
untrusted user
Unintentional
distribution
(semi) Trusted
user misuse
End point
Network
Apps /
database
Storage
EMC storage
Name: XYZ
SSN:123456789
Amount:$123,456
Status: Gold
$%^&&#$^*((($
^$$##@#))))(^**
!!**##%%%$@&
+_)(**^^%$$%*
%%$&*())_%#$@
Encrypted data
Host
interconnect
Storage
interconnect
EMC PowerPath
encryption
User space
Key cache
Lockbox
Config.
file
Lockbox
Kernel
space
Applications /
database
File server
/ CMS
Storage
1. Generate keys
3. Vault keys
Policy-based interface
RSA Key Manager for
the Datacenter
Name: XYZ
SSN:123456789
Amount:$123,456
Status: Gold
Management utilities
File system
Logical volume
manager
Applications
DBMS
User space
Daemon
(service)
Key cache
RSA Key
New
extensions
RSA BSAFE
Crypto Kernel
Kernel space
10
Server
Figure 8: PowerPath
Multi-channel Support
Host bus
adapters
Symmetrix/ CLARiiON
Storage
Applications
Interconnect topology
Management
utilities
EMC PowerPath
File system
(Windows, Linux,
Solaris, AIX)
Logical volume
manager
DBMS
EMC PowerPath
encryption
PRIMARY SITE
Key replication
Key replication
SECONDARY SITE
11
Name: XYZ
SSN:123456789
Amount:$123,456
Status: Gold
Host
$%^&&#$^*((($
^$$##@#))))(^**
!!**##%%%$@&
+_)(**^^%$$%*
%%$&*())_%#$@
Network
Device
Cyphertext downstream
Reduced data
12
Reduced
backup data
Name: XYZ
SSN:123456789
Amount:$123,456
Status: Gold
Source
$%^&&#$^*((($
^$$##@#))))(^**
!!**##%%%$@&
+_)(**^^%$$%*
%%$&*())_%#$@
Replica
Target
Name: XYZ
SSN:123456789
Amount:$123,456
Status: Gold
13
Name: XYZ
SSN:123456789
Amount:$123,456
Status: Gold
Application
Network
Storage
$%^&&#$^*((($
^$$##@#))))(^**
!!**##%%%$@&
+_)(**^^%$$%*
%%$&*())_%#$@
14
PowerPath
encryption
Cyphertext downstream
Server
Symmetrix/ CLARiiON
Storage
Host bus
adapters
Name: XYZ
SSN:123456789
Amount:$123,456
Status: Gold
Applications
Interconnect topology
Management
utilities
EMC PowerPath
File system
(Windows, Linux,
Solaris, AIX)
Logical volume
manager
$%^&&#$^*((($
^$$##@#))))(^**
!!**##%%%$@&
+_)(**^^%$$%*
%%$&*())_%#$@
DBMS
Conclusion
EMC PowerPath Encryption with RSA combines two
best-in-class technologies, EMC PowerPath and the
RSA Key Manager for the Datacenter, to deliver the
industry-leading solution for encrypting data-at-rest in
enterprise storage. With straightforward and nondisruptive deployment, including support for
replication and backup, PowerPath Encryption with
RSA is an excellent choice for addressing threats
related to discarded, stolen and re-purposed storage
media.
15
RKMPP SB 0808