Follow us:
 
 

Applications

Modules
Enigma 1
Enigma 2
Accessory
Enova® Secure PCI Adapter
Enova® Secure Mobile Rack
Hardware TDES 192-bit
  Encrypted 1" 8GB USB Drive
Partner Platform
New Secure Ruggedized   Notebook
Secure 3.5" desktop drive bay
Secure SCSI-1 punch-out or PCI   bracket
Secure rack-mount/kiosk
Addonics Diamond Cipher Hard   Drive
Biometric Encryption System -   Secure USB2.0 Storage
Enova® Secure USB2.0/SATA to   IDE/SATA
Enova® SecureIDE RAID

PR Contact:

Company Contact:
Address:
1st Floor, No. 11, Research & Development 2nd Road, Science-based Industrial Park, Hsin-Chu City Taiwan 30076, Republic of China
TEL: +886 3 577 2767
FAX: +886 3 577 2770

Sales & Marketing,
please contact:
[email protected]
Others, please contact:
[email protected]

Applications
Font size:

Introducing SecureNAS T1

SecureNAS T1 is now FIPS 140-2 compliant

The Enova SecureNAS T1 is a secure Network Attached Storage (NAS) system that integrates Enova's latest FIPS 140-2 certified X-Wall MX-256 and X-Wall MX-256C crypto modules that are responsible for en/decrypting all connected disk drive array real-time. The AES secret keys that operate the X-Wall MX crypto modules are delivered securely via a remote Key Server which runs under the Administrator's Windows PC/Laptop. The entire disk array is hardware encrypted by the X-Wall MX real time crypto module (full disk encryption) thus the overall disk IO throughput is unaffected. As the AES secret keys that operate the entire SATA disk array are not stored permanently inside the system, attempts to remove each individual drive to get to the data will be proven futile. Furthermore, stolen of the entire system presents absolutely no harm to the encrypted data stored inside the disk drives as the AES secret keys are delivered via a remote Key Server upon power on authentication for which a proven Public Key Infrastructure (PKI) has been deployed.

Please reference above Enova SecureNAS T1 hardware architecture to which X-Wall MX sits at the backplane of the disk array and the AES secret keys that operate the disk array are securely delivered via the LAN port through a remote Key Server upon authentication (certificate exchange).

The Enova SecureNAS T1 comes with a minimum of 16 drive bays that are capable of housing 16 SATA disk drives. A 42 bays version will soon become available. The RAID configurations are 0, 1, 5, 6, and 10. Two full duplex Gigabit Ethernet ports, which can be trunked together through software settings that offers twice the bandwidth a standard Gigabit Ethernet could offer, are provided for TCP/IP connection.

Enova SecureNAS T1 secures your networked storage. Guaranteed.

FIPS 140-2 Certified Data-At-Rest (DAR) Security. The Enova SecureNAS T1 equips FIPS 140-2 certified X-Wall MX crypto modules that are responsible for en/decrypting the entire disk array 1 2 3. It combines secure authentication through certificate exchange, real-time full disk encryption to each individually connected SATA disk drive, and secure logging to provide unprecedented protection for sensitive data-at-rest. All addressable sectors of a SATA disk drive are hardware encrypted. The AES secret KEYS are never stored inside the system which guarantees absolutely harmless situation should an Enova SecureNAS T1 system ever get stolen. Attempts to remove a number of disk drives to get to the data stored are proven futile as each connected SATA disk drive is real-time encrypted whereas the AES secret KEYS are only available through secure authentication from a remote Key Server.

Advanced Security Architecture. The security system consists of five primary security sub-systems:

- The Enova SecureNAS T1 system. It consists of a Secure Authentication Channel that is responsible for the AES secret keys delivery;
- A Key Server operating over any Administrator's PC/laptop that authenticates each connected SecureNAS T1 system;
- An optional Backup Key Server operating over any Administrator's PC/Laptop that performs back functions to the Key Server in the event of Key Server failure;
- The Enova SecureNAS T1 system. It consists of a Secure Authentication Channel that is responsible for the AES secret keys delivery;
- A Key Server operating over any Administrator's PC/laptop that authenticates each connected SecureNAS T1 system;
- An optional Backup Key Server operating over any Administrator's PC/Laptop that performs back functions to the Key Server in the event of Key Server failure;
- A License Server operating remotely, whose purpose is to create licenses files for each connected Enova SecureNAS T1 system; and
- An Administrator on a client PC that runs Windows or Linux and can manage the SecureNAS T1 .

No Performance Degradation. The Enova X-Wall MX transparently and automatically encrypts each individually connected SATA disk drive of a RAID storage, offering a sustained AES ECB/CBC 256-bit cryptographic strength at over than 120MB/sec throughput sustained. The RAID storage is engineered for SCSI 320 performance and as the entire encrypted/decrypted Input/Output are real-time performed at the backplane. There isn't noticeable performance degradation due to heavy cryptographic operation.

Automated Key Management. The SecureNAS T1 system contains a set of patented X-Wall MX FIPS 140-2 certified crypto modules sitting at the backplane of the RAID controller. The AES secret keys (AES 256-bit length) that operate the entire disk array are generated and securely stored on the remote Key Server. At the power on reset, the encrypted secret AES keys are delivered via a secure authenticated channel (SAC) to the SecureNAS T1 system where the AES secret keys are decrypted and delivered across the backplane of a RAID controller to enable each connected disk drive. In order to establish the SAC, the SecureNAS T1 system and Key Server must be able to authenticate one another. This process is facilitated by a one-time setup operation initiated by the system administrator during which time the SecureNAS T1 and Key Server exchange certificates.

Real-time Full Disk Encryption Capability. All the data stored on the RAID disk array are real-time encrypted. There is absolutely no clear text left unprotected in the SecureNAS T1 system.

Authentication and Access Control. The SecureNAS T1 system provides an automatic and secure authentication architecture for client access and storage management. As the data-at-rest en/decryption occurs at the backplane of a RAID controller, support for client access control of directory servers such as Active Directory and LDAP is automatic thus doesn't complicate your existing network access control infrastructure.

Keys Recovery & Deletion. All important AES secret keys, Certificates, Public and Private Keys are stored inside the Key Server encrypted and only the system Administrator has the right key to decrypt and to export. It can be transported to other Key Server to give you peace of mind. As all credentials are delivered to the SecureNAS T1 system from a remote Key Server via a Secure Authentication Channel (SAC), the SecureNAS T1 does not contain any credentials that could have harmed the sensitive data-at-rest, not even with the stolen of the entire SecureNAS T1 system.

Remote Secure Files Backup (Optional). All encrypted files contained inside the SecureNAS T1 can be exported encrypted to another designated SecureNAS T1 through its powerful Remote Secure Files Backup utility. The encrypted data-at-rest is firstly decrypted from the X-Wall MX , re-encrypted then send through another SecureNAS T1 encrypted using the same AES secret keys of the designated SecureNAS T1 . The operation is totally transparent and does not involve any user intervention.

Deployment Made Easy with Enova SecureNAS T1 System

The SecureNAS T1 system can be deployed just like a standard NAS without technical complication. It can fit seamlessly into the existing networked storage infrastructure while providing advanced real-time data-at-rest security without complications. There is no software to be installed on the client side other than the Key Server. The implementation does not require users to alter their regular computing behavior.

Transparent Operation. Upon setting up the SecureNAS T1 in a matter of minutes, ongoing system management is simple and straight forward via a web-based interface and common tools such as SNMP.

No System Complications. As the data-at-rest security is done through the backplane of a RAID controller, the SecureNAS T1 behaves just like a regular NAS for regular data read/write. Unlike other product that encrypts the TCP/IP payload, which causes lots of system complications, the SecureNAS T1 can do the job better and secure. Support of user access control such as Active Directory Service and LDAP is automatic and transparent. The SecureNAS T1 natively supports CIFS and NFS as a default standard. iSCSI supports require additional license.

Easy to Expand Capacity. The SecureNAS T1 equips with 16 hot-pluggable SATA drive bays. Capacity can be easily added with additional purchase of a SATA1.0a and SATA2.0 compliant disk drive.

Reliable and Durable. The SecureNAS T1 is built for robust data-at-rest encryption. There are more advanced features such as redundant power supply and heat dissipation that would sustain a durable life of operation. The hot-pluggable SATA disk drive design enables quick data recovery and repair, making the maintenance job much less challenged.

1 For complete Enova X-Wall MX real-time cryptographic processor information, please review below web link: http://www.enovatech.net/products/mx_info.htm for more information.
2 To review Enova's AES ECB and/or CBC NIST/CSE certificates, please review below web link: http://www.enovatech.net/Resources/aes_no250.htm#a for more information.
3 FIPS 140-2 certification numbers can be obtained through our website or contact [email protected] ;

 

© Copyright 2012 Enova Technology Corporation. All Rights Reserved.