Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Protect data at rest with negligible impact on NVMe disk performance metrics - Infographic

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige

Hier ansehen

1 von 1 Anzeige

Protect data at rest with negligible impact on NVMe disk performance metrics - Infographic

Herunterladen, um offline zu lesen

by enabling Secure Enterprise Key Manager on Dell PowerEdge servers

Our results show that, after incorporating the extra layer of data security afforded by the Secure Enterprise Key Manager solution on an HCI cluster of Dell PowerEdge R7525 servers configured with 2- or 3-NVMe disk groups, the HCIBench benchmark recorded IOPS-based performance metrics that were comparable to our baseline test results. We also found that incorporating the extra layer of hardware-based data security on a Dell PowerEdge R750xs server required minimal transition effort.

by enabling Secure Enterprise Key Manager on Dell PowerEdge servers

Our results show that, after incorporating the extra layer of data security afforded by the Secure Enterprise Key Manager solution on an HCI cluster of Dell PowerEdge R7525 servers configured with 2- or 3-NVMe disk groups, the HCIBench benchmark recorded IOPS-based performance metrics that were comparable to our baseline test results. We also found that incorporating the extra layer of hardware-based data security on a Dell PowerEdge R750xs server required minimal transition effort.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Weitere von Principled Technologies (20)

Aktuellste (20)

Anzeige

Protect data at rest with negligible impact on NVMe disk performance metrics - Infographic

  1. 1. by enabling Secure Enterprise Key Manager on Dell PowerEdge servers LKM, iLKM, and SEKM Protect data at rest with negligible impact on NVMe disk performance metrics A key advantage to Dell™ Secure Enterprise Key Manager (SEKM) hardware-based encryption is that it protects the data stored on drives in PowerEdge™ servers against multiple threat vectors, including physical removal. You can also use it in conjunction with software-based encryption. Encryption keys are often targeted by cybercriminals, which makes the proper management of those keys a primary concern for organizations.1 SEKM, by storing the keys away from the local storage, is the most robust of the three solutions. Local key management (LKM) • Standard PERC feature • No additional licensing or hardware • Stores the key in the PERC RAID Controller • Uses pass-phrases to manage access While disk encryption and effective key management are cornerstones to any comprehensive data protection strategy, some IT admins may assume that server storage performance is an associated casualty. In a hyper-converged infrastructure (HCI) cluster containing three Dell PowerEdge R7525 servers in 2- and 3- NVMe® disk group configurations, we found that enabling the SEKM feature had a minimal performance impact on baseline IOPS, latency, and throughput. Additionally, HCI cluster performance scaled linearly when we added storage. Integrated LKM (iLKM) • Stores the key in the iDRAC • Enables key exchange locally • Requires SEKM license SEKM • KMIP compliant iDRAC element • Centralized key management • Data at rest is inaccessible in compromised drives • Requires SEKM license and a Key Management Server (KMS) Learn more at https://facts.pt/jGg1rsF Read tests Read/write tests Real-world benefits of SEKM security* Throughput – MB/s 2,566.17 3,567.80 3,579.89 2,580.61 Latency – Milliseconds 0.59 0.42 0.42 0.58 IOPS 656,939 913,346 2-disk groups 916,451 660,638 3-disk groups 2-disk groups 3-disk groups 2-disk groups 3-disk groups ad tests Throughput – MB/s 852.17 1,160.90 1,191.46 873.29 Latency – Milliseconds 1.76 1.30 1.26 1.72 IOPS 218,156 297,198 305,016 223,558 2-disk groups 3-disk groups 2-disk groups 3-disk groups 2-disk groups 3-disk groups Random read/write tests We used the IDRAC to manage both direct-attached NVMe and PERC‑attached SAS SEDs. We configured SEKM direct-attach encryption in under 2.5 minutes. We switched from iDRAC LKM to SEKM in under 3 minutes. We enabled firmware updates with no downtime. *These real-world benefits reflect our hands-on evaluation of the SEKM feature on a Dell PowerEdge R750xs server. Simultaneously secure NVMe and SAS SED drives. Quickly enable SEKM direct-attached encryption. Seamlessly change security types. Rebootlessly update drive firmware through the iDRAC. Dell PowerEdge server cluster with SEKM enabled Dell PowerEdge server cluster without SEKM iDRAC PERC PERC stores the key Disk 1 Disk 2 Disk n PERC PERC reads key from iDRAC Direct-attached (DA) disks read key from iDRAC iDRAC stores the key iDRAC with SEKM DA disk 1 DA disk n DA disk 2 Disk 1 Disk 2 Disk n iDRAC with SEKM KMS PERC reads key from iDRAC iDRAC reads from KMS KMS stores the key DA disks read key from iDRAC PERC DA disk 1 DA disk n DA disk 2 Disk 1 Disk 2 Disk n 1 Techopedia, “10 Best Practices for Encryption Key Management,” accessed October 19, 2022, https://www.techopedia.com/2/30767/security/10-best-practices-for-encryption-key-management-and-data-security. Copyright 2022 Principled Technologies, Inc. Based on “Protect data at rest with minimal impact on NVMe disk performance metrics,” a Principled Technologies report, November 2022. Principled Technologies® is a registered trademark of Principled Technologies, Inc. All other product names are the trademarks of their respective owners. Principled Technologies®

×