Secured data at rest (SDAR) is a new Department of Defense requirement, but delivering SDAR to users operating at the tactical edge comes with several challenges, including how to maintain the security of the data stored on the servers and, when required, how to access the data quickly and easily.Traditionally, SDAR capabilities depend on a centralized Key Management Server (KMS) that provides keys to access secure data stored on field-deployed servers. Accessing the centralized KMS to obtain decryption keys for data in the field requires additional communications equipment such as satellite antennas, modems, and specialist resources to establish a connection to the central KMS. The additional equipment and resource requirements to access the KMS increase the total deployment weight and the logistical costs of the mission.
In a first-to-market, Cubic has partnered with MEMKOR to develop a new innovative solution for SDAR users operating at the tactical edge. The M3-SE-VSVR5-P combined with MEMKOR self-encrypting drives (SEDS) removes the need to communicate with the centralized KMS as keys are safely secured on the server. Data stored on the MEMKOR drives mounted in the M3-SE-VSVR5-P is protected from unauthorized access or modification resulting from theft, loss, or repurposing of the drives. The data is useless if the disks are stolen and accessed on a different computer.
When access to the information stored on the server is requested, there is no need for a key to be requested from the central KMS as the keys are stored locally on the M3-SE-VSVR5-P. Having the keys stored locally means users can access the data stored quickly and with little or no RF footprint, helping to reduce detection from enemy forces.
M3-SE-VSRVR5-P SDAR BENEFITS
-
No link to the remote certificate server increases the speed of accessing encrypted data while maintaining enterprise data security standards at the tactical edge.
-
Reduced RF footprint due to zero uplink requirements to access encrypted data.
-
Lower data traffic costs by removing the need to connect to a remote certificate server.
-
Data on disk is not accessible if drives are removed from the original server.
-
Full support for hyper-converged environments, including VMware’s VSAN, supporting up to 10 disks with a combined storage of over 40 TB* in a single server
*Storage size can vary depending on the operating system and disk configuration
MEET THE M3-SE-VSVR5-P
The M3-SE-VSVR5-P is a high-powered computer module with 16 physical cores and up to 128 GB of RAM designed to support multiple virtual machines in a single small form factor module.
Integrated enterprise-grade RAID controller servicing 10 bays of solid-state disc (SSD) drives means the M3-SE-VSVR5-P is compatible with commercially available hypervisors and hyper-converged solutions such as VMware ESXi and VSAN applications, as well as Redhat Linux.
Benefiting from the popular M3-SE design, the M3-SE-VSVR5-P shares the same form factor and pass-through power connectors as other M3-SE modules, allowing users to create interchangeable configurations to meet their mission requirements.
