NetApp SafeNet StorageSecure Technical Specifications

NetApp SafeNet StorageSecure appliance delivers high-performance, nondisruptive encryption for Ethernet NAS.

 
HARDWARE
Rack Mountable Standard 19" EIA rack (2U height)
Size 17.4" W x 19" D x 3.5" H (44.2cm W x 48.3cm D x 8.9cm H)
Weight 20.0 lbs (9.1 kg)
Universal AC input 100-240V ~47-63 Hz, 5A
Hardware Security NIST FIPS 140-2 level 3 compliant (in process)
  • Anti-probing baffles prevent access to device internals.
  • Tamper-evident seals indicate if tampering has occurred.
  • Tamper switches automatically zeroize key material if activated.
  • ZEROIZE button manually zeroizes key material.
Rear Ports s220: 1GbE interfaces using SFP connectors, one for the client-side network and the other for the storage-side network
  • 1000BASE-T ROHS RJ-45 connector
  • 1000BASE-SX LC connector multi-mode fiber 850nm
  • 1000BASE-LX LC connector single-mode fiber 1310nm
s280: 10GbE interfaces using SFP+ connectors, one for the client-side network and the other for the storage-side network
  • 10G Base-SR 300m multi-mode fiber 850nm
  • 10G Base-LR 1000m single-mode fiber 1310nm
Front LCD Power, secure traffic/management port, client-side network, storage-side network, unit alarm, power alarm, environmental alarm, smart card reader
Smart Card 1 smart card reader
Hardware Redundancy 2 redundant/hot-swappable power supplies, 2 variable-speed fans
Clustering and Failover

Clustering for full redundancy and automatic failover

Clustered StorageSecure appliances share critical configuration information to provide failover and load balancing support for the network.


Security
Encryption

FIPS-PUB 186: AES-256 (Advanced Encryption Standard with 256-bit keys)

PRNG implemented using FIPS 186-2: (general-purpose; x-change notice; SHA-1). Uses the SafeXcel 1746 crypto-device TRNG for providing entropy to seeding the PRNG.

Operating System Highly customized, hardened OS
Configurable Security Policy Fully customizable security settings
Crypto-shredding A single command will zeroize all keys, effectively making access to encrypted data impossible

Authentication
Administrator User name/password for device management. An additional hardware authentication token is required for access to functions such as key and data recovery, key sharing, and clustering operations. Multi-person quorum-based authentication for sensitive security operations such as recovery, initialization, and establishing trusted relationships may also be implemented.

Management
Management Interfaces
Management Platform Manage all StorageSecure and KeySecure appliances from a single management console.
Management console uses optional two-factor authentication with role-based administration.
Supported Protocols
  • CIFS
  • NFS
Supported Directory Services
  • Microsoft Active Directory
  • LDAP
  • NIS
  • RADIUS
StorageSecure Management Console Graphical user interface (GUI) available via web browser that is capable of high-grade 128-bit encryption. JavaScript must be enabled to access all functionality available through the management console.
Command Line Interface (CLI) Command line interface (CLI) available over SSH or directly through the serial console port.
SNMP SNMP v1, v2c, and v3
Logging and Audit Cryptographically signed tracking of key events. Configurable audit trail with local and remote (syslog) logging.

Environment
Operating Temperature 32°F-104°F (0°C to 40°C)
Operating Humidity 20% to 80% RH @ 40°C operating temperature
Operating Altitude 0 to 1650m AMSL

Safety and Compliance
Safety
Canada CSA 60950 - 1
United States UL 60950 - 1
Japan IEC 60950 -1
European Community EN60950, TUV R 2845
Electromagnetic Compatibility (EMC)
Canada ICES-003 Class B
United States FCC Class B
Japan VCCI Class B
Korea RRL Class B
European Community European Community CE (EN55022 Class B, EN55024, EN61000-3-2 Class A, and EN61000-3-3)
Australia/New Zealand AS/NZS 3548 Class B
International IEC 6095 0-1