Ian Clatworthy

Hitachi Flash Module with embedded Encryption (FMD HDE)

Blog Post created by Ian Clatworthy Employee on Jul 17, 2018

Lightning fast flash with the loving hug of data protection


When we have seen what Flash has done to change our businesses in such a short space of time, it is no wonder all the talk around high performance and data reduction takes all the air time. After all it’s an exciting proposition! What becomes somewhat diluted in the conversation is the need for a modern approach to data protection for business workflows. In recent times we have seen regulation change, with the likes of the General Data Protection Regulation (GDPR), that cannot be ignored by customers. I mean with a penalty of 4% of annual turnover this is not to be sniffed at.


Hitachi Vantara has an exciting and modern approach to data protection, please see this interesting read from Rich Vining with his blog on Overcoming the risk that redundant personal data bring under GDPR. What additional innovations can we bring to the table, especially to help our large customers who have mission critical applications on our solutions?


With that I am joined by Ken Kawada who is responsible for our Virtual Storage Platform (VSP) G/F1500 Enterprise storage solutions to talk about our new Flash Moduel Drive (FMD).




Ian: Thanks for Joining me Ken! So could you give me some more insights into the data protection innovations you are bringing to market for the VSP G/F1500?


Ken: No problem Ian. Sure thing, as you know our engineering team in Japan has over 350 unique flash patents for our FMD technology. Today, July 16th2018 we GA the new FMD with embedded encryption for data at rest. This allows customers to offload data compression but now also encryption to the microprocessors on the FMD HDE, freeing up the storage controllers and having no impact on performance. This allows customers to turn on compression and encryption and just forget about it!



Ian: So what exactly does it mean for an FMD to have embedded-encryption?


Ken: Think of FMD HDE as a bank vault. When you write blocks of data the array it stores it like depositing money into a bank. The bank vault is completely impenetrable and the only way for money to get in or out is through the vault door. No matter how secure it is, the vault door is rendered totally useless unless someone remembers to lock it. The controller on the FMD HDE is arguably the most critical component, it acts as the key master, without it and the key the array cannot open the bank vault door. Authentication is like locking and unlocking the vault door.



Ian: Sounds rather snazzy, but would customers find it easier to encrypt further up the stack at the application layer rather than in a storage solution?


Ken: That is always an option for some, the risk for true business critical workloads is adding unwanted latency into an application at the top of the stack. The beauty of the FMD HDE is that customers can leave this to us, we are offering a FIPS ready solution with support for multiple KMIP 3rdparty tools and vendors. At the same time still delivering customers 2:1 data compression savings that they are used to on FMD with no performance impact. How many other vendors can offer 4.8M IOPS without any impact on compression and encryption?



Ian: Talk to me more about that, what do I need to support these new wonder drives?


Ken: From our analysis of our customer base 34% of all FMD capacity shipped on our VSP G1000 and G/F1500 are sitting behind encrypted BED controllers, so high end customers are our priority. This coincides with the launch of SVOS RF for the G/F1500 which allows full use of the features of the FMD HDE. Customers have a choice to use ourselves for key management or utilize a 3rdparty vendor, so they are not locked into a vendor. Customers just need a one time frame license to support the FMD HDE on their arrays, and that’s it!



Ian: The 3rdParty key management sounds like it gives customers a lot of choice. What vendors do we support for the FMD HDE?


Ken: The idea is to really give customers choice, most of our customers may already be investing in a key management solution so we wanted to make sure we could integrate with those vendors and make our customers lives easier. Obviously customers can choose Hitachi, but we also support Gemalto SafeNet, Thales keyAuthority, HPE Enterprise Secure Key Manager and also IBM. Customer may also be using encrypted SSDs or applying encryption on FMD using the back end controllers. These will happily coexist together in a solution so customers do not need to throwaway their investment.



Ian: So what sort of investment are customers going to have to make to support this technology?


Ken: That’s a good question, we have worked hard to make sure there is not a large cost penalty for customers wanting to adopt this technology.  Today there are 2 costs associated to the FMD HDE solution; first is the price of the drive itself, which is comparable to the regular FMD HD drives. Second is a one off license for the array itself to enable the technology. This is not based on capacity, so customers can grow without additional licensing costs to use encryption.



Ian: So let’s close out, what other technological advancements can we expect to see in our storage platforms in the coming 12 months?


Ken: Hahaa no comment, but it starts with N and ends with VMe!




Of course there was more info… every time we have an interview there is stuff that just doesn’t make it. In this case we dived deep into the Virtual Storage Platform (VSP) world, full socks and sandals spec, even for me!


The key take away for all Hitachi customers from this blog has to be the ongoing investment in storage technology, especially FMD. I am always excited to see new features and functions rolling out of engineering, especially when they are so focused on helping our customers.


I have to extend a big thanks to Ken for his time today and great insight into the ongoing investment into flash storage technology from Hitachi for our customers. Dilly Dilly my friend!



Keep moving forward!