HP Encryption SAN Specifications

Managing operational risk by protecting valuable digital assets has become increasingly critical in today's enterprise IT environments.
In addition to achieving compliance with regulatory mandates and meeting industry standards for data confidentiality, IT organizations
must also protect against potential litigation and liability following a reported breach.

The HP Encryption SAN Switch scales non-disruptively, providing 48 Gbit/sec of encryption processing power to meet the needs of the
most demanding environments with flexible, on-demand performance. It also is tightly integrated with HP Secure Key Manager and HP
Enterprise Secure Key Manager which provide centralized enterprise-class key management systems across distributed environments.
The HP Secure Key Manager and HP Enterprise Secure Key Manager enable simple yet secure key sharing between multiple sites for a
variety of uses. The capabilities of the HP Secure Key Manager and the HP Enterprise Secure Key Manager and their integration with the
Encryption SAN Switch enable secure and automated key sharing between multiple sites ensuring transparent access to encrypted
data.

The storage fabric enables centralized management to support nearly every aspect of the data center, from server environments and
workstations to edge computing and backup environments. As a result, it is an ideal place to standardize and consolidate a holistic
data-at-rest security strategy. Organizations can also implement this type of best-practice methodology in other parts of the data
center, helping to protect data throughout the enterprise.

The Encryption SAN Switch is based on industry standards for data-at-rest encryption to provide centralized, scalable encryption
services that seamlessly integrate into existing B-Series Fabric OS® (FOS) environments.

The B-Series fabric-based approach to data encryption scales to meet performance requirements and provides a centralized point of
management for storage security and key management. Deployment of the Encryption SAN switch is non-disruptive: Organizations can
encrypt data from any switch port without reconfiguring the fabric.

HP Encryption San Switch

1.

Status Led

5.

RJ-45 GE management port

2.

Power led

6.

RJ-45 serial console port

3.

RJ-45 GE ports (for clustering and re-keying)

7.

USB port

4.

Smart Card reader

8.

Fibre Channel ports (0-31)

What's New

New RoHS compliant HP SAN switches

NOTE:

Restriction of Hazardous Substances Directive or RoHS is a directive adopted by the European Union that restricts the use of
certain hazardous materials in the manufacture of various types of electronic and electrical equipment. The RoHS compliant products
with new part numbers listed in this document are functionally equivalent to the corresponding products with old part numbers and are
fully interchangeable.

QuickSpecs

HP Encryption SAN Switch

Overview

DA - 13219 Worldwide — Version 21 — December 9, 2013

Page 1

Key Features and Benefits

High-performance, scalable fabric-based encryption to enforce data confidentiality and privacy requirements
Encryption processing at up to 48 Gbit/sec to support heterogeneous enterprise data centers
Integration with HP Secure Key Manager or HP Enterprise Secure Key Manager enables secure and automated key sharing
between multiple sites ensuring transparent access to encrypted data
Industry-standard AES-256 encryption algorithms for disk and tape on a single security platform for SAN environments
Frame Redirection technology that enables easy, non-intrusive deployment of fabric-based security services
Plug-in encryption services available to all heterogeneous servers, including virtual machines, in data center fabrics
Scalable performance with on-demand encryption processing power to meet regulatory mandates for protecting data

NOTE:

Encryption with the HP Encryption SAN Switch and the HP Encryption FC Blade is not fully supported with Thin Provisioned LUNs
in storage arrays. HP recommends LUNs to be encrypted are fully provisioned. For LUNs that are already thin provisioned and then
encryption enabled, be aware that enabling First Time Encryption (FTE) or Re-Key will make the LUN fully provisioned. This is applicable
to any array in general.

QuickSpecs

HP Encryption SAN Switch

Features and Benefits

DA - 13219 Worldwide — Version 21 — December 9, 2013

Page 2

HP Encryption SAN Switch
Model

HP Encryption SAN Switch

AR944B

QuickSpecs

HP Encryption SAN Switch

Models

DA - 13219 Worldwide — Version 21 — December 9, 2013

Page 3

HP Encryption SAN Switch

High-performance, scalable fabric-based encryption to enforce data confidentiality and privacy
requirements
Simplifies enterprise SAN deployment by combining higher edge switch port density with
exceptional scalability, performance and reliability
Delivers 32-ports in a 2U enclosure
Meets enterprise level availability requirements with redundant, hot pluggable components, no­single-points-of-failure within the switch
Provides 1 Gb, 2 Gb, 4Gb, 8Gb/s* performance
Employs optional Inter-Switch Link (ISL) Trunking to provide a high-speed data path between
switches which enables a high speed data path between 8Gb/s switches up to 64 Gbit/sec

* Full 8Gb/s end to end storage performance requires 8 Gb/s HBAs, 8Gb/s controllers, and 8Gb/s switches.
8Gb/s ISL performance can be obtained between two 8Gb/s switches.

NOTE:

1Gb/s performance can be achieved only when a 4Gb SFP is configured with the Encryption SAN

switch

Configuration Support

http://h18000.www1.hp.com/products/storageworks/san/documentation.html

Smart Cards

Smart Cards are optional credit card-sized cards that contain a CPU and persistent memory. Smart cards
can be used as security devices. With the Encryption SAN Switch, smart cards can be used to do the
following:

Control user access to the Management application security administrator roles.
Control activation of encryption engines.
Securely store backup copies of master keys.

The use of smart cards provides the highest level of security. When smart cards are used, the master key is
split and written on up to five cards, and the cards may be kept and stored by up to five individuals, and all
are needed to restore the master key.

High-availability features

Integrated redundant, hot swappable cooling fans and power supplies
Enhanced Fault Detection Logic
Parity protection on all data paths and system memory

Advanced Fabric Services

Data-at-rest encryption
Hardware and Software Enforced Zoning
Frame Filtering
Built-in Web browser management tools

Cabinet Support

22U, 36U, and 42U; 5000, 9,000 and 10,000 and 10,000 G2 series Cabinets and Intelligent Series
racks are supported

NOTE:

To order factory integration, add 0D1 after the part number on your sales order.

QuickSpecs

HP Encryption SAN Switch

Product Highlights

DA - 13219 Worldwide — Version 21 — December 9, 2013

Page 4

Software Components, Standard, Base Models

Encryption

Provides 48 Gbit/sec of data at rest encryption processing power to meet the needs of the most
demanding environments with flexible, on-demand performance.

Frame Filtering

An ASIC based capability that enables new applications and features. The switch has the ability to "view"
the first 64 bytes of the Fibre Channel frame. At this time, Frame Filtering enables advanced capabilities
such as Advanced Zoning and Advanced Performance Monitoring.

Advanced Zoning

WWN Zoning and Access Control are enforced by hardware that provides the same simple administration
previously enforced only with software. Administrators can organize a physical fabric into logical groups
and prevent unauthorized access by devices outside the Zone.

Web Tools

Web Tools is an intuitive and easy-to-use graphical interface that enables organizations to monitor and
manage SAN fabrics. Tasks can be performed through a Java-capable Web browser from a standard laptop,
desktop PC or workstation from any location within the enterprise.

EGM

Enhanced Group Management (EGM) is a FOS license that is included with all B-Series switches and enables
multi-switch operations. It helps automate operations across multiple switches to save time and
streamline repetitive operations, which are typically prone to error. EGM drives consistency across fabrics,
while minimizing the risk associated with potential downtime due to configuration mismatches. EGM
provides streamlined troubleshooting for more effective fabric monitoring and diagnosis. SAN Network
Advisor Enterprise enables EGM functionality.

Adaptive Networking

Adaptive Networking (AN) is an optional family of technologies which allow flexible control of traffic
movement within the fabric which deliver application aware management of fabric resources. Applications
may be used with multiple protocols and multiple classes of service. It includes the following features:

Ingress Rate Limiting:

Allows the ingress bandwidth of a port to be throttled to a rate lower than negotiated with the SAN node.
This could be very useful for enterprises offering stepped levels of service and enforcing SLAs.

Quality of Service (QoS):

Enables zones with high, medium, and low priorities within a fabric on a zone by zone basis. This can be
very useful for prioritizing array replication over MANs and WANs over less critical traffic.

Traffic Isolation Zones:

Defines paths through a fabric for some or all nodes. Failover allows a non-preferred path to be used if the
preferred fails. TIZs use failover by default but it can be disabled if traffic should stop if a preferred path
fails. TIZ can be used to manually map out traffic flows within a fabric based on application, priority, and
topology.

QuickSpecs

HP Encryption SAN Switch

Product Highlights

DA - 13219 Worldwide — Version 21 — December 9, 2013

Page 5