Broadcom Emulex Secure Fibre Channel Host Bus Adapters Encrypt Data End-to-End

6
Emulex Secure Fibre Channel Host Bus Adapters Cover
Emulex Secure Fibre Channel Host Bus Adapters Cover

This week, Broadcom announced a new fiber channel HBA line. The Emulex Secure Fiber Channel host bus adapters are designed to bring encryption between endpoints in storage networks. The new 32G and 64G adapters are designed to offload the encryption functions for storage arrays and comply with new security standards.

Broadcom Emulex Secure Fibre Channel Host Bus Adapters Encrypt Data End-to-End

Here is Broadcom’s slide on the Emulex Secure Fibre Channel HBA. The idea is that this is a high-performance offload solution that is quantum resistant.

Broadcom Emulex Secure Fibre Channel Host Bus Adapters Overview
Broadcom Emulex Secure Fibre Channel Host Bus Adapters Overview

By encrypting data in flight between endpoints, one is no longer trusting that a firewall in front of the data center is keeping threats out.

Broadcom Emulex Secure Fibre Channel Host Bus Adapters Zero Trust
Broadcom Emulex Secure Fibre Channel Host Bus Adapters Zero Trust

This is not just an IPSec VPN between endpoints. Instead, it is a full offload of encrypted sessions that ties back to the adapters.

Broadcom Emulex Secure Fibre Channel Host Bus Adapters Authentication
Broadcom Emulex Secure Fibre Channel Host Bus Adapters Authentication

Broadcom’s suggestion is that simply using the Emulex FC HBAs allows for OS and applicaiton independent encryption and as such, it can be more efficient.

Broadcom Emulex Secure Fibre Channel Host Bus Adapters Versus Software And OS
Broadcom Emulex Secure Fibre Channel Host Bus Adapters Versus Software And OS

A big part of the justification for this today is in ransomware detection and prevention.

Broadcom Emulex Secure Fibre Channel Host Bus Adapters Ransomware
Broadcom Emulex Secure Fibre Channel Host Bus Adapters Ransomware

Also driving this are a number of new standards and regulations requiring updated security. In many markets, these regulations drive update cycles.

Broadcom Emulex Secure Fibre Channel Host Bus Adapters Encryption Needs
Broadcom Emulex Secure Fibre Channel Host Bus Adapters Encryption Needs

This is one of those technologies that we expect to be more commonplace over time as these regulations come into effect.

Final Words

Fiber channel is one of those really interesting technologies because it has a massive installed base. At the same time, we have Broadcom 400GbE NICs and DPUs running at 400Gbps that are designed to not just offload encryption, but do that on a dynamic basis and even using custom networking protocols.

6 COMMENTS

  1. I’m curious how the authentication and key exchange will work in practice. Using manufacturing certificates baked into the cards and ‘does not require a complex external key management application’ certainly sounds convenient; but it also sounds like a situation that has been set up to be willing to talk to just anyone who has another HBA with vendor certs, which will not be hard to get.

    Hopefully there is a mechanism for establishing what certs you are expecting to see and rejecting the rest, or doing your own PKI, or the barrier to walking right in to the fancy new security system will boil down to possession of the HBA that you’d need to do fibre channel at those speeds anyway.

  2. Ok, STH Javascript AGAIN automatically wiped my comment.
    Not gonna waste most time here. Enjoy living the in the world ignorance.

    In short: FC, today, natively supports 256 Gb/host in the standard/basic two-fabrics arrangement. I.e. 128 Gb per HBA.

    Nough said. May come back again in a year to see if the STH gods stopped auto-deleting comments by then.

  3. Pro Tip @minosi: it’s annoying, but always type anything substantial in an external text editor. Copy + paste for the win. :-)

  4. @michaelp
    Thanks, I believe I have discovered the keys for that sometime around 1991 or 1992.

    It is STH who directly (financially) benefits from the knowledge shared in comments, not me/us posting here. If STH wants to enjoy these benefits, they better start respecting the commenters.

    As it is, I suspect most people who do have some valuable comments to share will not bother. No reason to stick around places one is pissed on. Is for more than a year by now, so no accident.

  5. The biggest advantage that FC has over Ethernet is that it is lossless by design. Lossless Ethernet does exist and works quite well (I’ve used it in my DC since 2018) but at the time (not sure if this is still true) it was only lossless for one jump. FC on the other hand is lossless across multiple jumps. That said FC is losing market share to HCI and Ethernet based protocols like VMware vSAN. Sadly there are still DBs out there that require FC for their storage arrays, unless you have something like a Dell VXRail vSAN setup.

  6. While Fibre Channel maintains a clear advantage in environments that demand guaranteed, multi-hop losslessness, the industry is gradually embracing Ethernet-based solutions due to their versatility and cost benefits. For organizations with legacy applications or storage arrays that depend on FC’s reliability, the transition might be slower.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.