Hi all -- for those of you doing encryption (on NetApp or another platform):
What are you using for Key Management? SafeNet? IBM's KMS? Something else?
Do you find yourselves purchasing self-encrypting drives *only* for datasets you're sure need it vs. creating a catch-all location where mixed data lives but at lesat you can say that it's "all encrypted at rest"? The approach here can obviously impact costs...
Thanks, Ray
Ray -
The majority of my customers use the SafeNet appliance(s) -- cluster always in these situations obviously -- they are relatively inexpensive and very easy to use, even for the most casual of admins. The integration with the self-encrypted drives is very well done in my opinion too.
Hope that helps.
Anthony Bar | Director of Engineering 650.207.5368tel:650.207.5368 | tbar@berkcom.commailto:tbar@berkcom.com
Berkeley Communications | www.berkcom.comhttp://www.berkcom.com/ NetApp | Cisco | VMware | SuperMicro | Big Data & Analytics | HPC
On Apr 16, 2015, at 12:18 AM, Ray Van Dolson <rvandolson@esri.commailto:rvandolson@esri.com> wrote:
Hi all -- for those of you doing encryption (on NetApp or another platform):
What are you using for Key Management? SafeNet? IBM's KMS? Something else?
Do you find yourselves purchasing self-encrypting drives *only* for datasets you're sure need it vs. creating a catch-all location where mixed data lives but at lesat you can say that it's "all encrypted at rest"? The approach here can obviously impact costs...
Thanks, Ray _______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Thanks, Tony.
What about the datasets you *tend* to encrypt. Do you take an encrypt by default approach or an encrypt as needed approach[1]?
Thanks, Ray
[1] Am looking at IBM-based KMS' to support some tape libraries as well (LTFS). Perhaps SafeNet would work for those as well, but there's a steep enough premium on five year TCO vs. the non-encrypted setup that it's making me re-think my approach.
On Thu, Apr 16, 2015 at 07:30:17AM +0000, Tony Bar wrote:
Ray -
The majority of my customers use the SafeNet appliance(s) -- cluster always in these situations obviously -- they are relatively inexpensive and very easy to use, even for the most casual of admins. The integration with the self-encrypted drives is very well done in my opinion too.
Hope that helps.
Anthony Bar | Director of Engineering 650.207.5368 | tbar@berkcom.com
Berkeley Communications | www.berkcom.com NetApp | Cisco | VMware | SuperMicro | Big Data & Analytics | HPC
On Apr 16, 2015, at 12:18 AM, Ray Van Dolson rvandolson@esri.com wrote:
Hi all -- for those of you doing encryption (on NetApp or another platform): What are you using for Key Management? SafeNet? IBM's KMS? Something else? Do you find yourselves purchasing self-encrypting drives *only* for datasets you're sure need it vs. creating a catch-all location where mixed data lives but at lesat you can say that it's "all encrypted at rest"? The approach here can obviously impact costs... Thanks, Ray
Hi Anthony,
I'm a part of Ray's team. Am curious whether your customers' licensing of SafeNet involves just the appliances or also involves CAL licenses for the drives as well? Have you found the physical implementations to work out better than the virtual appliances, or not much difference between the two?
Thanks,
Eric Peng | Systems Administrator Esri | 380 New York St. | Redlands, CA 92373 | USA T 909 793 2853 x3567 epeng@esri.commailto:epeng@esri.com | esri.comhttp://esri.com/
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Tony Bar Sent: Thursday, April 16, 2015 12:30 AM To: Ray Van Dolson Cc: toasters@teaparty.net Subject: Re: Encryption Questions
Ray -
The majority of my customers use the SafeNet appliance(s) -- cluster always in these situations obviously -- they are relatively inexpensive and very easy to use, even for the most casual of admins. The integration with the self-encrypted drives is very well done in my opinion too. Hope that helps.
Anthony Bar | Director of Engineering 650.207.5368tel:650.207.5368 | tbar@berkcom.commailto:tbar@berkcom.com
Berkeley Communications | www.berkcom.comhttp://www.berkcom.com/ NetApp | Cisco | VMware | SuperMicro | Big Data & Analytics | HPC
On Apr 16, 2015, at 12:18 AM, Ray Van Dolson <rvandolson@esri.commailto:rvandolson@esri.com> wrote: Hi all -- for those of you doing encryption (on NetApp or another platform):
What are you using for Key Management? SafeNet? IBM's KMS? Something else?
Do you find yourselves purchasing self-encrypting drives *only* for datasets you're sure need it vs. creating a catch-all location where mixed data lives but at lesat you can say that it's "all encrypted at rest"? The approach here can obviously impact costs...
Thanks, Ray _______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Eric -
To be quite honest I don't care for virtual appliances where mission critical infrastructure is needed. What happens if the appliance(s) go down or become corrupted and they are located on the NSE drives? It could even be a mistake where a junior admin moves something where it shouldn't be and then you are in serious trouble. There are just too many variables in my opinion with a VM, so my preference is definitely towards a hardware based implementation. The worst thing that can happen in that case is that you need to replace the physical appliance and move your encryption key card over and your problem is solved. Worst case scenario with a virtualized appliance is complete loss of data and bricked disks.
With regards to the appliance license model, everything is included. The SafeNet appliance is just a line item on an NSE shelf quote.
Hope this helps.
Thanks, Anthony Bar | Director of Engineering 650.207.5368tel:650.207.5368 | tbar@berkcom.commailto:tbar@berkcom.com
Berkeley Communications | www.berkcom.comhttp://www.berkcom.com/ NetApp | Cisco | VMware | SuperMicro | Big Data & Analytics | HPC
From: Eric Peng [mailto:epeng@esri.com] Sent: Friday, April 17, 2015 11:42 AM To: Tony Bar; Ray Van Dolson Cc: toasters@teaparty.net Subject: RE: Encryption Questions
Hi Anthony,
I'm a part of Ray's team. Am curious whether your customers' licensing of SafeNet involves just the appliances or also involves CAL licenses for the drives as well? Have you found the physical implementations to work out better than the virtual appliances, or not much difference between the two?
Thanks,
Eric Peng | Systems Administrator Esri | 380 New York St. | Redlands, CA 92373 | USA T 909 793 2853 x3567 epeng@esri.commailto:epeng@esri.com | esri.comhttp://esri.com/
From: toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Tony Bar Sent: Thursday, April 16, 2015 12:30 AM To: Ray Van Dolson Cc: toasters@teaparty.netmailto:toasters@teaparty.net Subject: Re: Encryption Questions
Ray -
The majority of my customers use the SafeNet appliance(s) -- cluster always in these situations obviously -- they are relatively inexpensive and very easy to use, even for the most casual of admins. The integration with the self-encrypted drives is very well done in my opinion too. Hope that helps.
Anthony Bar | Director of Engineering 650.207.5368tel:650.207.5368 | tbar@berkcom.commailto:tbar@berkcom.com
Berkeley Communications | www.berkcom.comhttp://www.berkcom.com/ NetApp | Cisco | VMware | SuperMicro | Big Data & Analytics | HPC
On Apr 16, 2015, at 12:18 AM, Ray Van Dolson <rvandolson@esri.commailto:rvandolson@esri.com> wrote: Hi all -- for those of you doing encryption (on NetApp or another platform):
What are you using for Key Management? SafeNet? IBM's KMS? Something else?
Do you find yourselves purchasing self-encrypting drives *only* for datasets you're sure need it vs. creating a catch-all location where mixed data lives but at lesat you can say that it's "all encrypted at rest"? The approach here can obviously impact costs...
Thanks, Ray _______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
-
Eric Peng -
Ray Van Dolson -
Tony Bar