November 03, 2009

The Importance of Being Open

EMC and Cisco announced their Virtual Computing Environment Coalition today with the goal of accelerating the move to virtualization and private clouds.   This has been one of the industry's worst kept secret for several months, with wild rumors circulating about what it would and would not be.

Like most of these multi-company alliances, the reality has not lived up to the hype.  The Joint Venture that was supposed to compete with HP or IBM to sell full stack solutions of servers, networks, storage, virtualization, and services has devolved into a reference architecture called V-block (that you build by buying the components separately from the three companies), some high profile marketing, cooperative support (who doesn't cooperate with their partners to support customers?), and a scaled-back JV that will build and operate a v-block based solution for you as long as they get to transfer it somewhere pretty quickly.  I am sure everyone involved was disappointed.

This is good for Cisco because they get ushered in to EMC's installed base to sell UCS.   It is not clear that EMC gets much from this since UCS has no installed base at this point, and nothing about this announcement increases EMC's competitiveness in storage for virtual servers.    VMware is part of this because EMC needed their brand presence to give the solution credibility, but VMware is keeping a low profile to avoid angering their two largest customers - HP and IBM.  

I just can't figure out if it is a good thing for any particular class of customer.    For someone who wants to turn over decisions about the technologies they use and how they put it together, this might be a fit.   But those customers most likely already have a trusted integrator or else they are well on their way to eliminating the bulk of the infrastructure and moving to IT as a Service anyway.   For customers who are interested in best-of-breed technology choices and want someone to help them integrate them, this is a non-starter.   The v-block architecture v-blocks you from any choices that are not UCS servers, Nexus Switches, EMC storage, and VMware.   Even if you do like that combination of technologies, you don't need this coalition to acquire them and deploy them.   Perhaps the Acadia Services JV might bring something that your integrator can't do, but they appear to have a very short-term BOT focus - build, operate, transfer.   Where's the commitment to your success in that?

NetApp has been working with VMware for over 2 years to deploy Virtualize Data Center and private cloud infrastructure at companies like Telstra, BT, Spring, Intuit, T-Systems and others.    More recently, we have been working with Cisco and VMware on Virtualized Data Centers that include the UCS and NetApp storage at companies such as Terremark.   Various integrators have been involved in these programs to bring the expertise and the customer knowledge to bear to build what is not only transformative, but also efficient.  None of this required a formal coalition - it was simply vendors cooperating to transform a customer's datacenter.

In all likelyhood, this initiative probably just won't matter (anyone remember the ACE initiative in 1992?).  All of the partners involved remain free to work with other companies that compete with another coalition partner.   NetApp will continue to work with VMware and Cisco as well as Microsoft, IBM, Fujitsu and a host of other technology and integration partners.   An open approach is the best one right now.  

September 28, 2009

AND

Over the past two years, it has felt like every conversation with a customer was completely centered on how they can save costs. Not “do more for less.”  It was “do the same, or less, for much less cost.” In many places there was an absolute sense of doom from an ”either/or” perspective – either spend less or do less to support business needs.

 

In the past several months, it has felt like things are changing. The reality has set in that IT may never go back to “normal” as defined by how we did things in 2006 and 2007.  But we also can’t live forever in the mode of spend nothing and hold your breath. Investments must be made, but with the dual focus of being more efficient today AND delivering business improvements in the short and long term. Virtualized infrastructure, storage efficiency, and IT as a Service – these are all the new norms because they are proving to deliver savings today AND accelerating business performance.

 

NetApp rolled out a new advertising campaign today – AND. We believe the time is right to be thinking about new approaches that will deliver both improvements in value, speed and efficiency AND result in improvements to business operations that go beyond IT. Many of the legacy approaches to IT forced you to choose between cost efficiency OR improved business capabilities. You should not have to choose, and today you don’t have to. Demand more from your suppliers. Demand more from us. AND. It’s the new OR.

August 25, 2009

You Really Do Know Clouds

NetApp made a number of significant product announcements today as part of our Cloud strategy. 

When I talk with customers about Cloud, I find they are of two minds.   There are those that think Cloud is the next wave of IT and the future of everything, and there are those that think it is just a repackaging of things they already use.    I believe they are both right.

Whenever a new trend like Cloud hits the IT scene, there is the temptation to believe that there must be a revolutionary new technology behind it that will enable the bright new future, and by the way, render everything you have now obsolete over time.   In reality, the trends that actually do survive are the opposite.   They are not built on revolutionary new technologies, they are built on using proven technologies in new ways.   They don't render everything obsolete,  they build on it and enable a graceful adoption of the trend alongside existing solutions.   Brand new technologies make small markets.  Small markets prove out technologies.  Big markets are made from proven technologies used in new ways, and they get big simply because late adopters are more plentiful than early adopters.

For many enterprise customers, Cloud is the same journey they have been on to deliver more efficient, more agile IT.  What is new is the manner in which they may deliver it.   Some have built this infrastructure themselves and deliver IT as a Service within their companies.   Others will opt to purchase it from those who have already built it and decide to offer it as a service.   Like most discussions these days, it comes down to the economics.  

We have been working with a number of customers such as Telstra, Sprint, Transplace, T-Systems and others over the past several years to build out very flexible storage infrastructure to speed up the provisioning of new applications.  These companies had a vision of offering IT-as-as-Service and sought the best technologies to build their infrastructure. NetApp offered the most flexible and most efficient (in terms of utilization and operational cost) storage.   VMware offered the most mature server virtualization technologies.  Combined, they could build "Clouds" that were cost effective and highly responsive to changes in workload.  

We developed expertise in how to optimally design, build, and run these IT-as-as-Service infrastructures.   With each engagement, we refined the best practices we had learned and have now codified that into a solution called NetApp Dynamic Data center Solution (NDDC). The first step is to engage in a "Fast Start" workshop to help enterprise customers get started in building their own internal cloud, as well as a full service offering to help them do it.   For those customers who then use this infrastructure to offer an IT service to external clients, we can help the end users they work with understand the benefits of their architecture.  

Compared to our larger storage system competitors, our Cloud strategy is unique - we will be the technology partner of choice for storage and data management rather than competing with our customers by offering a branded Cloud service.    Our customers and partners have responded very well to this cooperative approach, especially those who are using NetApp to build their own service offerings.

We are proud of the technology we offer to enable IT-as-a-Service, and we are proud to be announcing some new products that extend our offering.   We offer the ability to build secure, multi-tenant storage systems where multiple clients can share and even manage storage infrastructure with assurance that no other client can interfere with their data - essential a virtual storage controller.   We are extending that with a product called Data Motionthat enables all of the data volumes a set of applications use to be migrated between controllers without disruption to the application.   We are also extending our Flash strategy with an add-in Performance Acceleration Module that uses flash memory as cache in the NetApp controllers, and can accelerate disk-bound applications far more cost effectively than adding racks of mostly empty disks.  

We are also announcing Data ONTAP 8.   This is the next major version of Data ONTAP and will be the technology foundation for all versions going forward.   ONTAP 8 combines ONTAP 7G and ONTAP GX into a single code base, which enables us to focus our development resources more sharply.   We have put a tremendous focus on compatibility with ONTAP 7G, so that existing ONTAP 7G customers can non disruptively upgrade to ONTAP 8 and operate in exactly the same way with no retraining of staff.   Many will see better performance and all will be able to build bigger aggregates and use larger disks.  Over time, they will then be able to take advantage of the scale-out capabilities of ONTAP 8, but  they will do that at their pace without facing a major upheaval in their infrastructure.

IT-as-a-Service, or Cloud if you like to call it that, is here to stay.   But this is true because it has already been here for some time in slightly different forms.   Economic downturns tend to give rise to new approaches based on technologies that are proven, but not yet widely accepted.   Virtual server technology shows compelling cost savings.   Storage efficiency technologies like deduplication, cloning, and thin provisioning show compelling cost savings.  And these technologies are now being used in place of the legacy choices to build infrastructure that is more flexible and more cost effective, which in turn is  enabling the rise of large scale service-based IT offerings that were simply not economically feasible before.  

The Clouds may be new, but they are made from technology you probably know and love.   

June 14, 2009

Deduplicating Customer Choice

On May 20th, NetApp announced a friendly agreement to acquire Data Domain.  NetApp would gain a very strong product line with incremental revenue and growth.  In addition, NetApp, with its established distribution presence in EMEA, APAC and many top enterprise accounts, could open new doors around the world for Data Domain, accelerating its growth.  Put simply, this deal is a win-win for all parties involved.

 

On June 3, EMC weighed in, panzer style, (loved the YouTube video) with a hostile tender offer for Data Domain at $30/share, upping our offer of $25 a share in cash and stock.  Clearly we touched a nerve because, in about a week’s time, Data Domain became something so precious to EMC that they were willing to spend $1.8B on it.  NetApp revised our offer to match the EMC price and the Data Domain board accepted our revised offer and maintained our agreement.  

 

So what is this all about?  Why does NetApp want Data Domain?  Why does EMC so badly want us not to have it?

 

First, a little background.  Data Domain builds backup storage appliances that provide a disc-based alternative to tape for backup.  They have pioneered the use of data deduplication for backup data, allowing them to store 20x the amount of data as non-deduplicated storage.  This makes their appliance more cost effective than tape for a wide range of backup applications.  Mostly, Data Domain competes for the budget that would have been spent on tape infrastructure, but they also compete with Virtual Tape Libraries or a limited set of other disk-based backup appliances.

 

So why is this interesting to NetApp and our current and future customers?  We have built data protection into the very soul of Data ONTAP, so customers using NetApp for primary storage can easily add a second controller set to keep a secondary copy of the data either through mirroring or vaulting of snapshot copies.  This is a great solution for data protection, but only for NetApp primary storage.  In cases where NetApp is not the primary storage, we offer a strong VTL product that does an excellent job of augmenting tape-based backup solutions – but we do not have a product that truly replaces or minimizes tape when backing up data from EMC, HP or other storage systems.  Data Domain has a great solution for this specific problem – and we liked the idea of being able to offer that solution to a wider set of non-NetApp customers.

 

Clearly, EMC did not like this idea at all.  This is understandable.  EMC and NetApp are fierce competitors and it is natural for EMC to take action to try to slow us down.  But this move did, frankly, seem to make less sense.  After all, EMC already has so many other competing products in the backup appliance market.  They have an Open System Virtual Tape Library product called EDL based on technology from Falconstor.  They have another EDL product based on deduplication technology from Quantum (in which they have recently invested $100m).  And they purchased Avamar, which builds a deduplicating backup product that is now both standalone and integrated with Legato.  This is “Big Love” for backup products with deduplication. 

 

When you own or distribute so many of the products in the market, you tend to acquire high market share.  According to IDC, the worldwide market for open systems VTL was $630.6M in 2008.  EMC has about 42% of this market, based on NetApp share calculations and in the deduplicating backup appliance (non-VTL) market, their Avamar solutions has about 19% share.  By themselves, these share numbers are not a great concern.  But Data Domain has 17% share in the deduplicating VTL market and about 52% share in the deduplicating backup appliance market (based on NetApp share estimates and Taneja Group market size of $270M).1 So the combination of EMC and Data Domain would have 59% share in deduplicating VTLs and 71% share in deduplicating backup appliances.  

 

Beyond the overwhelming market share that EMC would gain with Data Domain, EMC also would gain control over more than half of the patents that are vital to these fast growing markets.

 

Deduplicating data is good for the customer.  Deduplicating customer's choice of vendors is not.

 

Joe Tucci wrote a very sincere and heartfelt letter to the employees of Data Domain pleading with them to believe they have a future with EMC.  I wonder what letter he wrote to the employees of Avamar.  Or those who work at Quantum and Falconstor?  EMC already has made financial commitments to three other deduplication-enabled backup systems – but if EMC plans to keep Data Domain employees and products, what does that say about EMC’s existing commitments?  My guess is that the letters to the employees of the existing businesses would start with “Dear John.”

 

I would love to hear from customers who purchased Data Domain, EMC Disk Library or EMC Avamar solutions.  What products did you consider?  Who was in the final bake-off?  Did having two alternatives give you some pricing leverage?  How would you feel about EMC owning nearly all of the products and technology in this emerging market? 

 

I bet the government would like to hear from you as well.

 

 

1 "Next Generation Data Protection Market Forecast 2007 - 2011", Sept 2008

March 16, 2009

Cisco's Unified Computing System - A Whole New Ballgame

Last month, I blogged about the potential impact of the new Unified Computing Vision from Cisco and how a compute infrastructure designed from the ground up to integrate with a virtualized, unified fabric would deliver a whole new level of agility to data center deployments.

Well, it’s here. And it’s big. The combination of Unified Computing Systems (UCS) and technology like VMotion fills in the gaps in the vision of bladed servers – flexible, pooled compute resources that applications can use dynamically without constant human intervention. Virtual machines (VMs) are now really free to move about the network without being constrained to the same VLAN or subnet or other addressing constraint. In an era where staff is short and everyone is looking to get a more agile infrastructure with less management effort, this is a home run.

Cisco’s UCS is perfectly aligned with NetApp’s storage solutions.

First, the level of virtualization in the UCS is a perfect match for the NetApp Unified Storage platform we have been shipping since 2003. Just as UCS brings simplified scale-out compute to the datacenter, NetApp has been shipping scale-out storage for 3 years now, and will take this even further with our Data ONTAP 8 release later this year.

Second, UCS uses 10G Ethernet as the unified wire to network and storage. NetApp is the clear leader in Ethernet attached storage with strong support for FCoE, iSCSI, NFS, CIFS on the entire product line. Both platforms also fully support connection to existing Fibre Channel fabrics so there are no hard tradeoffs to make when it comes to connectivity.

Finally, this announcement builds on the strategic partnership between Cisco and NetApp. We partnered along with VMware last fall to announce Fibre Channel over Ethernet products. NetApp is using the Cisco Nexus products in our 1500-node KiloClient lab. And we have a number of very strong channel partners capable of building a “Data Center of the Future” based on Cisco UCS and NetApp storage.

Today’s economy sucks, and customers are actively looking for new approaches that materially reduce their operating costs. I was out over the last two weeks talking to customers about NetApp’s advantages in Storage Efficiency and it is clear that people’s minds are open to new ideas and new vendors to change the game in their infrastructure.

Cisco and NetApp. It’s a new game.

February 07, 2009

Cisco and Unified Computing

The buzz about Cisco and their new approach of Unified Computing is building. As far as I’m concerned, it can’t arrive soon enough. The exact details are still pretty closely held, but from looking at Cisco Blog Post (Introducing Unified Computing to the Data Center) it is clear that Cisco is looking to make a big step in virtualizing the data center network.

This could be huge, in that it could fill in the last piece of the virtualization trinity. Server virtualization is now mainstream in the data center. The consolidation benefits are unquestioned and the ability to dynamically move workloads between compute resources is compelling if still a bit complicated. Storage is virtualized at some level on a wide scale, especially in the more modern architectures like Data ONTAP.

But the network has been a barrier to true dynamic mobility of applications and data since the VM typically has to make some assumption about a physical network address. On the storage side, volumes on iSCSI or file systems on NFS or CIFS are more dynamically addressed but they generally tend to stay in one place. This could change with a unified computing approach and systems like NetApp Data ONTAP 8 where volumes will move dynamically between nodes in a storage cluster but still be accessible at the same address.

Virtualizing the network with a unified computing approach frees up the last bond that had to be managed that tied applications and data together. In some ways, it is like the transition from a home phone number (tied to your house) to a cell phone number (always with you). Most people now are more easily accessible by cell since their “address” (phone number) moves with them. This kind of freedom of motion with continuity of access has transformed our day-day lives.

In future network-based unified computing environments, VMware’s VMotion and NetApp’s Data ONTAP will bring a level of dynamic agility to the modern data center. When apps and data are not tied to physical systems, yet the network still finds them, is a situation that simplifies maintenance and change management dramatically. This approach could be a great partner to NetApp Unified Storage. Both focus on lowering the cost of operation of the data center and increasing the ability of the infrastructure to rapidly adapt to new business requirements.

It could get interesting...

February 03, 2009

Flash and Cache Dash

Last fall, I wrote about our plans to incorporate Flash technology into our offering, as well as our expandable memory cache offering, the Performance Acceleration Module.

We made some announcements today moving forward on this strategy that produce some pretty cool results.

We announced that the Texas Memory Systems RamSan-500 product can be used with the NetApp V-Series, effectively creating the industry’s only Enterprise Flash storage system that supports thin provisioning, fast snapshots, remote mirroring, and data deduplication (very important for Flash since this stuff is not cheap). These systems offer a much higher IOP rate on much less storage capacity, and therefore less power, space, and in many cases, price.

NetApp SAN systems are already fast – our SPC benchmarks have us faster than EMC by 20%+ but there are always customers who want more IOPS than any rational amount of 15,000 RPM disk drives can muster. The only solution today to get this level of IOPs is to string more and more drives together. Soon, you have 40TB of 300GB disks not because you need the capacity, but because you need that many disks to deliver the IOPs. This is like having a heard of mice pull a heavy load - at some point you need a different type of storage animal.

V-Series is a well proven solution for bringing the unique NetApp data management capabilities to other storage capacity solutions. Texas Memory Systems builds a screaming IOPs box. Tastes great, less filling.

Faster File Serving at Lower Cost

We also announced a set of new industry-standard benchmark results (SPECsfs2008_nfs.v3 results) on a dual-controller FAS3140 NetApp system using our cache expanding Performance Acceleration Module (PAM) and the results are stunning.

On the baseline system with no PAM cards, we saw throughput of 40,109 ops/sec and an overall response time of 2.59ms. Good results by themselves. We added a 16GB PAM PCIe card to each controller and were able to achieve the same throughput, with a 35% improvement in overall response time (down to 1.69ms) but more importantly, with 50% less Fibre Channel 15,000 RPM disks! This takes 27% out of the cost of this configuration.

But wait, there’s more!

We also ran the benchmark with SATA drives. We have seen a steady increase in use of SATA for enterprise applications as customers realize how fast they can be when used in a NetApp system. In this test, we swapped the 112 FC drives for SATA, kept the PAM cards in place, and got almost the same throughput (40,011 ops/sec) and overall response time (2.75ms) as the baseline, but with 75% more capacity. Also, at a 27% lower cost than the original.

The ability to expand cache via a simple PCIe plug-in board is creating some great results in our customers’ applications. We are still on track to offer a Flash-based version of the PAM this year, and will also be bringing Flash disks (SSDs) in a shelf slot as well.   So this is just the beginning.

We have been talking a great deal about Storage Efficiency – how to store more data in less spindles. We have a broad set of technologies that reduce the amount of capacity you need to store the data. These Flash and cache solutions bring a new dimension to this story by reducing the cost of disks purchased mainly for IOPs rather than capacity. Either way, it costs less, stores more, and goes faster.

February 01, 2009

A Great Place to Work

We had some big news last week – NetApp was ranked #1 on the "Best Companies to Work For" by Fortune Magazine. This is great recognition for a company that has carefully built and sustained a culture that is truly unique.

It has been interesting in the past week how customers who were unaware of NetApp now seem more interested. Even friends of mine who would start making mental shopping lists when I described what NetApp does are now more curious. And oh, the resumes, LinkedIn requests, calls from Bobby who I shared a candy bar with in 1st grade, etc. It is all pretty cool.

While being #1 is a surprise, it is not a shock. NetApp is truly a great place to work. The unique benefits like paid time off to volunteer or autism and adoption benefits are unique in themselves, but they speak to a culture that cares very deeply about more than just the numbers.

We have a piece of collateral called "Create a Model Company" which is a set of cultural principles that was laid out very early in the company’s history. The principles there find their way into many other documents we produce but they also come up every day in thousands of conversations.

I have been at NetApp a little over 3 years, and my history with Dan Warmenhoven and many of the management team goes back further than that. I had always heard that NetApp had a unique culture, but it was not until I joined did I really understand what made it different. I attended an executive planning session just before I started and heard a presenter being very critical of engineering. He was the engineering guy. Sales leadership was critical of sales. They were also both complimentary about their functions as well as others. Everyone who spoke, was as objective and open about their own problems and successes as they were about those of others. It was really "One Team." At the end of this meeting, Dan asked everyone in the room to comment on the content, pace, and candor of the meeting. The “honesty check” at the end made sure that we had talked about what needed to be discussed and were not hiding something from ourselves or each other. It is a major force is keeping the leadership of the company aligned.

This integrity is widespread in the company. It is always safe to tell "truth to power" at NetApp. I have come to realize this was a missing element in many other places I have worked. It does keep us on track and focused on what really matters – delivering value to our customers.

No company is perfect and we certainly have our faults. But we are not afraid to confront them and change where we need to. Some people may not like honesty and a propensity to change. For them, NetApp is not a great place to work and they usually don’t last. But for me, and the many friends I have made working here, it is a great place to work, and worth the work to keep it great.

November 03, 2008

The Future of Fibre Channel is Ethernet

I worked for Brocade, a Fibre Channel switch company, from 2000 to 2005. About my third week on the job, Nishan ran full-page ads in the Wall Street Journal announcing Storage over IP (SoIP) and the imminent death of Fibre Channel. I suspect the ads cost Nishan more than the entire lifetime revenue of the company, but it did kick off a war that lasted 6 years - the iSCSI vs. Fibre Channel war.

In the beginning, the debate was like CNN Hardball - lots of dogmatic arguments and very little listening. When iSCSI products came to market and matured, it became clear that iSCSI would dominate the market for low-cost block network storage, and Fibre Channel would remain king in the high end. The problem with this for customers is that it forced them to make a major choice in storage switching infrastructure based on some pretty subtle differences. Lots of money was wasted putting low-end application servers on expensive Fibre Channel networks.

Never bet against Ethernet in the long run (remember token ring?). The Fibre Channel community - including Brocade, Emulex, Qlogic, and Cisco - has come together with the Ethernet community and defined two new standards that will allow a graceful migration of Fibre Channel networks to 10G Ethernet over the next several years. Data Center Bridging (DCB) is a set of extensions to 10G Ethernet that add the flow control and traffic prioritization that made Fibre Channel well suited to storage traffic. Fibre Channel over Ethernet (FCoE) makes the Fibre Channel framing and management protocols work over layer 2 Ethernet. It can't be directly routed over WANs since it does not use the IP layer, but then neither could Fibre Channel. FCoE also leverages much of the management tools and host-side driver work in the new Converged Network Adaptors (CNAs) that attach to the DCB 10GE network.

DCB is not just for FCoE. The “lossless” characteristics will also help other services such as NFS, CIFS, and iSCSI. All of these can run alongside each other on the same physical network. This is the real win for end users.

It will take a little while for all the standards to settle out. FCoE should be final by the middle of 2009 and DCB by the end of 2009, but there are first generation products out now. NetApp will ship FCoE target connectivity in our FAS systems around the end of 2008.

The net effect is twofold:   Customers looking at building new Data Centers in the 2010 and after timeframe can choose to use a unified fabric technology - 10GE with DCB - for all of their server-server and server-storage needs. This kind of volume adoption will drive cost and prices down - something which the duoplistic nature of the Fibre Channel industry could never achieve.

In the near term, Fibre Channel customers can extend their fabrics using switches that bridge 10GE to Fibre Channel like the Cisco Nexus systems. New servers can be attached to 10GE using CNAs and access the Fibre Channel attached storage already in place. So customer can migrate gradually, or do it all at once with a new facility.   

So does this mean the death of Fibre Channel? Not any time soon since there is so much of it out there. But I would bet that the generation beyond 8G FC will never see much adoption. By the time it might be available, 10GE adoption will be well along and 40Gbit Ethernet will be on the horizon.

I have also been asked if this means the death of iSCSI? Absolutely not. First, customers can run iSCSI and FCoE over the same 10G Ethernet DCB fabric.  Some servers using iSCSI, some using FCoE depending on their needs and past. The physical network - the real investment - is the same. iSCSI also will continue to be the only block data protocol running over 1G Ethernet which will be around in Data Center for a decade or more.  

The future is set. The only question is how fast it gets here. I believe that half the applications using Fibre Channel attachment today will be migrated to Ethernet within 5 years - the end of 2013. Virtualization will lower the absolute number of servers and ports, but by that time the trend will be unstoppable.   

So what should IT managers do? If you are not planning a new storage fabric, there is no rush. If you are adding to your Fibre Channel fabric a few ports at a time, keep doing that since it works. Let the early adopters get some experience with the FCoE adaptors and DCB switches over the next year. If you are building a new Data Center or storage fabric for deployment in 2010 or later, you need to understand the 10GE option. It will most likely save you money. It is definitely the way the industry will go in the long run.  I would hate to be the guy who put in the LAST new Fibre Channel network.  

September 22, 2008

NetApp and Brocade's Encryption Partnership

Back in June, I had the fortune of attending Game 4 of the NBA finals between the Lakers and the Celtics courtesy of a good NetApp partner, Insight Investments. I also had the misfortune that night of having my briefcase stolen from the rental car in the parking lot.   

That night gave me a personal glimpse into the importance and complexity of key management.

If your laptop is like mine, you have all kinds of website passwords stored on it for the convenience of not having to remember them when you travel.  As I flew home, my level of panic grew as I calculated the financial havoc the thief could inflict if they broke through the top-line login. I got home at midnight and spent the next few hours changing logins and passwords on dozens of financial, storefront, and other sites. in doing this, I realized I had used the same two or three passwords for everything because it was easy for me.  Which made it easy for the thief. This prompted me to develop a more secure method of creating, using, and remembering personal passwords for the diversity of digital domains in which I dwell. My "system" is separate from my laptop or desktop so I can use it with either device, and avoid the problem of someone stealing it along with my data. I put my "system" in more than one place to protect against physical loss.  I also thought about what a pain it was and how it would not scale if I added more than the few dozen sites I use now.

I'll get back to this in a minute.

NetApp and Brocade announced a data security partnership today. Brocade has new blindingly fast Fibre Channel switches and director blades that integrate almost 100 GB/s of encrypting bandwidth. We worked with Brocade to ensure that the encryption/decryption capability of this switch is compatible with the NetApp DataFort, and NetApp will resell the Brocade products as our next generation FC DataFort. We always expected that encryption would become a feature of storage devices, tape drives, and fabric switches and this was our strategic intent when we acquired Decru 3 years ago.

This kind of interchangeability of encryption devices depends on centralized, strong key management. NetApp’s Lifetime Key Manager was designed to support multiple encrypting devices. It supports DataForts, Oracle Advanced Security Option, (come see this at Oracle Open World in San Francisco this week) and now Brocade.  It also enables millions of keys to be shared between multiple locations.  Keys can be automatically restored to a device that has been replaced, and are protected in a FIPS-140-2 Level 3 standard strongly secured system.   

Encrypting data solves a broad class of risks of unauthorized access.  Encryption requires keys. Unless a company decides to use the same key for all data they encrypt, (which has about as much security as Sarah Palin's email) they need to manage those keys.  And change them.  And be able to move them to DR sites.  And be able to recover them.  It is not a trivial task.      

Unlike my little system for keeping track of passwords, it is certainly not something that you can do manually.  The NetApp Lifetime Key Management (LKM) system will do all of this for you across a range of encryption devices.

There are several thousand DataFort systems installed now at companies like Iron Mountain, Qualcomm, CNL Financial, and Regulus Group.   There are hundreds of thousands of disk volumes and tapes encrypted with DataForts using keys stored in LKMs. The combination of Brocade's new fabric-based encryption with NetApp Lifetime Key Management will advance the state of the industry in making data in enterprise datacenters more secure.    

© NetApp, Inc.  |  "Safe Harbor" Statement  |  Privacy Policy