A Case of Security Encryption Storage System Based on SAN Environments

SAN (storage area network) is a dedicated network that provides access to consolidated data storage and offers major advantages as simplified administration, high speed, and flexibility. This chapter proposes a security encryption storage system named ANGLE, which contains two major parts – the key management system (KMS) and the encryption engine (E-Engine). E-Engine is in charge to encrypt/decrypt storage disks under AES128 and SHA256 cryptographic algorithms, according to keys provided by KMS. These two parts communicate by IPsec protocols, and a well-defined UI (User Interface) for applications is provided. The proposed ANGLE system is implemented in both FC SAN and IP SAN, and performance tests show that the bottleneck of ANGLE’s reading and writing throughput relies on data transmission speed of the storage network.