Cryptographic Security |
|
|
- Industry-proven cryptographic processing engine
- NIST FIPS-197 AES 128, 192, 256-bit cipher
- IEEE 1619-compliant AES XTS block cipher
- Japan NTT/Mitsubishi Electric Camellia 128, 192, 256-bit cipher
- Korean Data Encryption Standard (SEED) and ARIA block ciphers
- Chinese National SCB2(SM1), SSF33, SSF28 encryption and decryption
- NIST FIPS-46-3 3DES and DES ciphers
- CAST5 and CAST6 cipher
- IDEA cipher
- RC2, RC5 and RC6 block ciphers
- RC4 stream cipher
- Blowfish and Twofish ciphers
- Serpent and Skipjack ciphers
- 128, 256, 512, 1024 and 2048 bit public key cryptography
- RSA and DSA public key cryptography
- SHA-1, MD5 and Chinese National SCH(SM3) hash generation
- Hardware ASIC cryptographic acceleration (optional)
- Obfuscation and data shuffling for simple data hiding
|
Storage Systems |
|
|
- Direct Attached Storage (DAS)
- Network Attached Storage (NAS)
- Storage Area Network (SAN)
- Tape library, tape drive and virtual tape library (VTL)
- Content Addressable Storage (CAS)
- Cloud Storage
- Object Store
|
Privacy Control |
|
|
- Automated file-based and block-based encryption on storage device and file write operations
- Automated decryption on storage device and file read operations on trusted hosts and clients
- Multiple key encryption
- Fix-sized file header regardless of actual file size for file-based protection
- No additional storage required for block-based protection
|
Access Control |
|
|
- Fine grain read/write/create/delete/list access control
- Time-window-based access control
- Zero alteration to actual storage contents
- Zero impact to performance
|
Integrity Control |
|
|
- Automated filesystem object digital signature generation
- File integrity verification
- Multiple key digital signature generation
- Fix-sized file header regardless of actual file size
|
Write-Once-Read-Many (WORM) |
|
|
- Write-once-read-many feature resembling non-rewritable optical media supporting secure archival of data
eliminating potential risks being overwritten by intention or accidental operation
- For storage archival, compliance, dynamic capacity management and information lifecycle management
(ILM)
- Policy based engine dynamically adapts to changing demands in data requirements, by moving files automatically
and transparently to appropriate tiered storage
- Rule based configuration for permanently delete and/or shred file contents
|
Authentication and authorization |
|
|
- User-based and role-based authentication and authorization
- Generic Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory (MSAD) authentication
and authorization
- Host-based authentication and authorization
- Microsoft NT Lan Manager (NTLM) authentication
- Challenge Handshake Authentication Protocol (CHAP) based discovery and authentication
|
Key Management |
|
|
- Multiple certificate authority (CA) support
- Hardware true random (optional) or software pseudo-random key generation, inquiry and deletion
- Built-in certificate request and revocation check (CRL/OCSP)
- X.509 and PKCS#12 DER and PEM key import and export
- Key Usage Profiling
- RDBMS and Generic LDAP Support and Integration
- Industry Standard PKCS#11
- NIST FIPS-140-1 level 2 cryptographic module support (optional)
- Automatic Certificate Retrieval via HTTP or LDAP
- Certificate Validity Check
- Certificate Revocation Check via HTTP or LDAP
- Certificate Revocation List (CRL)
- Certificate Revocation List Distribution Point (CRLDP)
- Online Certificate Status Protocal (OCSP)
- CRL scheduled download, caching and automatic retry
- OCSP scheduled request, caching and automatic retry
|
Hardware Security Module Support |
|
|
- AEP Networks Keyper
- Oracle Sun Crypto Accelerator
- Sophos Utimaco SafeGuard CryptoServer
- Thales nShield
- HP Atalla
- IBM 4758 Cryptographic CoProcessor
- IBM eServer Cryptographic Accelerator
- IBM Crypto Express2
- IBM CP Assist for Cryptographic Function
- Cavium NITROX XL
- Other PKCS#11 compliant hardware security modules
|
Standard Support and Certification |
|
|
- IEEE 1619 standard-based mode
- OASIS Key Management Interoperability Protocol (KMIP) support
- NIST FIPS 140-2 compliant Bloombase Cryptographic Module
|
Management |
|
|
- Web based management console
- Central administration and configuration
- User security
- Serial console
- SNMP v1, v2c, v3
- syslog, auto log rotation and auto archive
- Heartbeat and keep alive
|
Disaster Recovery |
|
|
- Configurations backup and restore
- FIPS-140 hardware security module recovery key or software recovery key vault for settings restoration
- Customer-defined recovery quorum (e.g. 2 of 5)
- FIPS-140 hardware security module operator key or operator pin for daily Bloombase KeyCastle operation
- High-availability option for active-active or active-standby operation
- Stateless active-standby failover
|
Platform Support |
|
|
- Bloombase OS
- Solaris
- HP-UX
- OpenVMS
- IBM AIX
- IBM z/OS
- IBM i5/OS
- Linux
- Microsoft Windows
- Mac OS X
|
Virtual Platform Support |
|
|
- VMware ESX/ESXi
- VMServer
- Red Hat KVM
- Citrix XenServer
- Microsoft Hyper-V
- IBM PowerVM
- Oracle VM
|
Hardware Support |
|
|
- i386-base architecture
- AMD 32 and 64 architecture
- Intel Itanium-2 architecture
- IBM Power6 architecture
- IBM PureFlex System
- PA-RISC architecture
- UltraSPARC architecture
|
