Features - Storage Innovations:

HIFN ANNOUNCES INDUSTRY'S 1st SECURITY PROCESSORS FOR SANs

Network security and flow classification market leader Hifn has announced the HIPP III 4300 and 4350 Storage Security Processors; the first security processors designed to meet the specific requirements of IP Storage applications, including iSCSI, FCIP and NAS.

The HIPP III 4300 and 4350 are based on Hifn's unique FlowThrough security architecture. The FlowThrough architecture handles the entire IPSec protocol -- the mandatory security protocol in the IETF iSCSI standard -- in a single chip. Both the IPSec encryption data path functions and the IKE public/private key exchange are handled completely on-chip and in-line, thereby greatly reducing the heavy processing load on the Storage Processor or CPU used in an IP Storage system.

"Hifn's HIPP III 4300 and 4350 Storage Security Processors are the first in-line security processors completely dedicated to the storage market," said Doug Makishima, Hifn's vice president of marketing. "These products provide transparent security processing required for reliable, cost-effective, secure and standards-compliant iSCSI SANs."

"As networked storage environments break out of the historic, trusted environment inside the data center, mission critical information becomes significantly more vulnerable to unauthorized access, theft or misuse," said Robert Gray, Research vice president of Storage Systems at IDC. "Hifn's line of storage security processors offloads the additional security layers needed to protect an organization's most important asset -- information."

The HIPP III 4300 and 4350 combine inbound and outbound policy processing, SA (Security Association) lookup, SA context handling, packet formatting and encryption/authentication within a single chip. They support all the cryptographic algorithms and modes required and recommended in the IETF Storage Security document: DES: DES/3DES-CBC (Data Encryption Standard-Cipher Block Chaining), AES-CBC (Advanced Encryption Standard), AES-CTR (AES-Counter Mode), MD5 (Message Digest, Version 5), SHA-1 (Secure Hash Algorithm), and AES-XCBC-MAC (Message Authentication Code). To enable the IKE protocol, these devices also support RSA, DSA and Diffie-Hellman public key processing. The two products are backed with comprehensive available software suites, including an on-chip IKE implementation and integrated browser-based configuration utility. Custom configuration methods can also be supported through a flexible management API.

The HIPP III 4300 and 4350 use industry-standard GMII/TBI interfaces, supported by numerous GigE TOE (TCP Offload Engine) and Storage Processor vendors. They are typically interfaced between the GMII port on a GigE TOE or Storage Processor and the Ethernet PHY. The 4300 supports a single full-duplex GigE port and offers a failover port on the Network side to provide recovery if the primary data link goes down. The 4350 supports two full-duplex GigE ports.

The control interface to the HIPP III 4300 and 4350 is achieved using in-band Ethernet frames. An additional 100Mbps Ethernet MII port allows optional out-of-band control, or it may be used to establish an inter-chip link for multi-chip designs. The processors also include an SDRAM memory interface for program and data storage for the embedded Session Control (eSC) processor. A single low-cost SDRAM is the only external part needed to work with the 4300 and 4350. (For designs that don't require on-chip IKE, this RAM can be omitted.) These standard interfaces enable easy integration into a variety of systems.

IPSec processing is performed by the 4300 at two Gigabits per second (1Gbps link, full-duplex). The 4350 can sustain to four Gigabits per second packet processing, with one million packets per second back-to-back SA variations. Both chips are manufactured using the .13 micron process and utilize 324 LBGA packaging. Samples will be available in the third quarter of 2003.