! | Notice: Peer review complete.
The conclusions in this note were challenged and the article was subjected to peer review. The discussion history has been preserved on the talk page. Please see the 'discussion' tab at the top of the page to review community comments. |
Originating Author: David Floyer
IBM has been active with tape announcements in the past several months. With Quantum stuck in neutral and the acquisition of STK by Sun (aka the demise of the last independent tape innovator-- see Is tape dead?), IBM appears poised to become the lone innovator in the tape market. The significance of this announcement is it underscores the need for simplification in the SMB space. IBM seems to have addressed affordability of the hardware but there's more to the story...
Opinion
The most interesting feature of IBM's TS3400 announcement is that it provides encryption in the tape head, and provides an encryption management system to support it. It is aimed at addressing a strong need to simplify and reduce the cost of securing data in transit in the SMB and remote data center markets.
However, the original software architecture of the encryption management system was built for large data centers, where service contracts to implement and integrate the software are the norm. In this author's opinion IBM’s service-led structure often means that an overall product solution does not get simplified over time, as this would reduce service revenues.
The TS3400 hardware looks affordable, but the cost of implementing a total encryption solution is likely to be many times the cost of the hardware, depending on a customer skill set. This will mean that SMB customers and resellers that don't have a big services budget should consider other solutions that have simpler software implementations. IBM's announcement is a good fit for distributed data centers of large organizations that already have the software infrastructure in place and are sensitized to heightened security and compliance pressures.
IBM indicates this is an "out-of-the-box" solution however it appears that while the hardware can deliver on this promise organizations will still require key management integration services to adopt the technology in its entirety. It is the opinion of this writer that IBM would be well served by ensuring the encryption software solution is installable by a simple wizard for specific environments, even if the scope of solution is somewhat reduced.
The Product
IBM System Storage™ TS3400 Tape Library
- Very small form factor, optionally rack mounted
- 1 or 2 TS1120 tape drives, with 2 removable cartridge magazine holding up to 9 IBM 3952 tape cartridges each
- “In the tape head” Cryptographic support
- There is WORM support for the TS1120 tape drives with the 3952 WORM tape cartridge.
Unique Features
Integrated cryptographic support with end-to-end cryptographic key management. Java encryption key manager is a no charge software component and facilitates implementation across several platforms (see below).
The Price point
The TS3400 is entry-level priced at $30,000. TS1120 tape drives are priced separately. The IBM Encryption Key Manager component of Java is a no charge software item. Other components of the end-to-end encryption management system (such as Tivoli) are separately priced. IBM consulting and support services are priced separately.
Primary Market served
The primary market served is the SMB marketplace and small distributed data centers in larger organizations. Organizations such as banking and finance organizations that handle and transport sensitive data or exchange tape data with partners/customers will be attracted to the low entry cost, small form factor, encryption key management software support and the avoidance of very high software overheads for software-based encryption.
Important Considerations
Although the hardware is likely to be easy to install, the total solution cannot be installed “out-of-the-box.” Implementation and usage of encryption key management will in most cases require consulting expertise and/or services to implement and integrate the software components into the data center.
Platforms supported
- IBM System p, System i, IBM System z Linux, IBM AIX®, IBM i5/OS®1 and IBM OS/400®1,
- SUSE Enterprise Server Enterprise Server,
- Hewlett-Packard HP-UX,
- Sun Microsystems with Solaris,
- Servers with Intel® or AMD processors:- SUSE Linux®, Red Hat, Microsoft® Windows® 2000, Windows NT®, Windows Server™ 2003
- Encryption support z/OS, z/VM, i5/OS, AIX, HP, Sun, Linux and Windows
Software support
- Java Encryption Key Manager
- Tivoli Storage Manager
- Both provide encryption key management and Key Store functions for the TS1120 Tape drive within the Tape Library
Implementation Advice
These days, encryption, security and compliance are high stakes games that transcend the IT department. As always, key management is vital in the tape encryption game. If you don't have deep experience in this area outsource to services people who do.
Related Research
"Write Once"
The properties of WORM are conducive to ensuring compliance and giving constituents a sense of greater security that data have not been tampered with. WORM support is increasingly common in long-term archiving environments such as email archiving.
Action Item:
Footnotes: