Cutting the Encryption and Hypervisor Taxes for the Edge and Small Data Centers
Edge data centers are quickly becoming important hubs where mission-critical data is processed. Hyperconverged infrastructure (HCI) poses an attractive architecture to serve these environments, but there are a number of potential hidden costs for IT professionals to be mindful of. One is the cost of encryption key management. In some instances, it can outpace the cost of the infrastructure itself, ranging from $7,000 per site to tens or even hundreds of thousands of dollars. Another cost to be mindful of is the cost of the hypervisor software itself. This will typically comprise the majority of the cost of the HCI solution. Additionally, the environment that the HCI infrastructure is serving might not need the hypervisor’s full feature set. The same can be said for smaller-scale organizations that are relying on HCI for mission-critical workloads, as well.
For its part, HCI vendor StorMagic focuses on serving edge and smaller-scale data centers with low-cost and simple-to-manage infrastructure. To help this customer base further reduce the cost of HCI, StorMagic has introduced a new encryption key management solution as well as support for open-source KVM hypervisors.
Introducing StorMagic StorSecure Encryption Key Management
Encryption is important in the HCI market, especially at the edge. The HCI system is generating and processing an ever-growing volume of business-critical data. At the same time, that data is frequently traversing between multiple physical systems depending on where it is at in its lifecycle and how it is being used. It is important that data be encrypted, both at rest and in flight, to minimize vulnerabilities. Additionally, edge data centers typically have limited IT staff, and little or no physical security, making them more vulnerable to data breaches as well as theft and unwanted intruders.
StorMagic has integrated encryption and key management into its SvSAN HCI platform to simplify, reduce the cost, and to increase the flexibility of encryption key management. Customers pay per site for the new solution, which is branded StorSecure. Also, according to StorMagic, StorSecure enables encryption and management of an unlimited number of keys for $2,000 for a two node, highly available cluster.
StorSecure is designed to be low-cost and lightweight, in terms of its design and how it is licensed and bundled. StorSecure is deployed as a virtual machine and can run on any hardware. This eliminates the need for expensive and complex self-encrypting drives, RAID implementations and hardware acceleration cards. Also, operating system (OS) or hypervisor-level encryption is not required. The solution integrates with commonly-used single sign-on (SSO) services, minimizing the amount of security expertise required to deploy and manage the solution. According to StorMagic, it can be up and running in 15 minutes. Additionally, data destruction, for example in the form of disk scrubbing, is not required on failed drives before they are discarded.
For its low cost and simplicity, StorSecure still offers military-grade FIPS 140-2 compliant encryption that meets HIPAA, PCI DSS and SOX requirements. It also retains important features such as secure erase and rekey. To avoid an impact to performance, the solution leverages CPU offload engines.
StorSecure enables keys to be stored on site, in a separate data center, or in the cloud. The on-site option may be less secure than storing keys off-premises, but it is still a viable option for some organizations looking to introduce encryption into their environment at a very attractive price point. For organizations that choose to store keys on-site, strong password controls and running the key manager on a separate server lowers the risk of a breach. When storing keys in a different data center or in the public cloud, keys will typically run across a highly available cluster of three virtual machines that are deployed across three separate locations. Data is mirrored synchronously across a secure wide area network (WAN). This implementation is scalable, and it can grow to implementations of five or more clusters – which are more than sufficient for the environments that StorMagic typically serves.
StorMagic Adds KVM Support
Whereas previously StorMagic supported only VMware and Microsoft hypervisors, it now also supports KVM. StorMagic’s key differentiation is its avoidance of requiring proprietary tools to manage KVM, to truly minimize the cost of the hypervisor. Most HCI vendors that leverage KVM also require the purchase of their storage software and HCI hardware. StorMagic’s KVM support runs on any server and integrates with oVIRT, a free KVM hypervisor GUI, as well as the options for a command line interface and support for RHV-M for Red Hat Enterprise Linux.
Encryption is no longer a “nice-to-have.” Smaller-scale and edge data center environments are vulnerable, and they require a more cost-effective path to encryption and key management. StorMagic’s approach of building robust key manager capabilities natively into its HCI platform is a differentiator that complements its focus on high availability, cost efficiency and simplicity. Along a similar vein, the full bells and whistles of mainstream hypervisor platforms may be overkill for these environments, and they add significant cost to the HCI implementation. While not the first to add KVM support, StorMagic has clearly done so with an eye to keeping KVM open and minimizing HCI cost as much as possible.