Sun, IBM Butt Heads On Tape Encryption


Sun on Wednesday unveiled the Sun StorageTek Crypto-Ready T10000 tape drive which enables the encryption of data as it is written to a cartridge, said David Kenyon, Sun's Storage Group senior director of data product management.

Sun first discussed the encrypted version of the T10000 tape drive last November at the company's annual users conference.

The drive is based on the enterprise-class Sun StorageTek T10000 drive, which features 500 Gbytes of native capacity and a native transfer rate of up to 120 Mbytes per second.

Along with the new drive, Sun also unveiled the Sun StorageTek Crypto Key Management Station, which is a Sun Ultra 20-based workstation appliance running Solaris 10 that allows users to use the encryption technology without changes to their operating system, backup software, or tape libraries, Kenyon said.

Sponsored post

IBM on Tuesday unveiled the addition of encryption technology to its IBM System Storage TS1120 tape drives. That technology will be included free-of-charge to all newly-ordered TS1120 drives, while existing drives can be upgraded for encryption for a fee.

The enterprise-class TS1120 drives have a native capacity of up to 500 Gbytes, with a native transfer rate of 104 Mbytes per second.

The two vendors were quick to point out the difference between each other's offerings and to point to those differences as shortcomings of their competitor's products.

Both accused the other of using proprietary technology. Kenyon said that IBM's encryption technology is based mainframe technology, compared to Sun's, which uses the same encryption key management system for open systems and mainframes.

Andy Monshaw, general manager for IBM System Storage, on the other hand, called Sun's solution proprietary because it is based on the Solaris operating system. Instead, Monshaw said, basing encryption on IBM's mainframe technology is important because of the built-in security mainframes have had for decades.

While Sun's solution manages the encryption keys in a separate appliance, IBM encrypts the encryption key directly onto the tape.

Monshaw said that encrypting the keys onto the tape allows them to be passed and traded as needed and to be easily run on different platforms. "The market doesn't want data encrypted so only you can use it," he said. "Or 10 years later, you don't want to have to find the appliance that was used to encrypt the data." Kenyon said that by encrypting the key on the tape, IBM is adding unnecessary risk. "We don't put the keys on the tape, but IBM does," he said. "Sun's keys are managed in the tape library independent of the tape drive. Ultimately, if the customer loses the keys, they can't read the tape. But we don't pass the key in the data path, so there's less chance for the keys to be captured."

Encrypting the keys onto the tape is quite safe, said Monshaw, as the encryption used depends on the public key that the customer keeps. "And the keys can be changed if they are compromised," he said.

IBM's TS1120 drives support three different encryption management methods, including application-based, system-based, or library-managed. The system and library versions use the IBM Encryption Key Manager for the Java platform.

As a result, the encryption capability is supported in the TS3500 tape library, the TS1120 tape controller, the TotalStorage 3592 tape controller, the TotalStorage 3494 tape libraries, the TotalStorage C20 Silo Attach frame, and stand-alone environments.

On the application side, the TS1120 encryption is supported by IBM Tivoli Storage Manager.

Kenyon said that IBM's multiple management methods actually add complexity. "We're application independent, and work with any third-party software," he said. "IBM has three different ways to do it instead of one. Ours is simple to integrate in an existing infrastructure while IBM's depends on which approach the customer takes."

Sun is starting to ship pre-revenue Crypto-Ready T10000 tape drives this week, with general availability scheduled for next month, Kenyon said. IBM's TS1120 with encryption technology is now available with a list price of $35,500.

Sun on Wednesday also enhanced its StorageTek VTL virtual tape library appliance by basing it on the company's V40z Opteron-based server for a 30-percent increase in performance, Kenyon said. The library now also uses the Solaris operating system.

Also new from Sun on Wednesday are two new servers based on the company's Niagra SPARC architecture.

They include the Netra T2000, a NEBS (National Equipment Building System) Level 3-compliant version of the company's current T2000 server for use in the telecom industry, said Warren Mootrey, senior director of volume SPARC systems.

Sun also unveiled the CP 3060 ATCA (Advanced Telecom Computing Architecture) blade server for the telco space. It is available in four-core, six-core, and eight-core versions. Up to 12 can fit in a single chassis, with up to three chassis fitting on a rack to save up to 1,600 watts of power per rack compared to some Intel systems, Mootrey said.

Sun also introduced a new entry-level SPARC workstation, the Ultra 25, with a single UltraSPARC 3i processor and PCI-X and PCI Express connectors. "It lets customers go to PCI Express graphics cards," said Brian Healy, group marketing manager for workstations.