• Home
• Articles Archive
• Features List

• Media Pack
• Contact Us
• Subscribe

DISUK Paranoia2

From STORAGE Magazine Vol 6, Issue 7 - September 2006

In the quest for total security, many businesses only worry about data whilst it is in-house and fail to spot its vulnerability when it leaves the premises. Backup is a classic example, as secure off-site storage is an essential part of a data protection strategy - and yet, if a tape is lost or stolen whilst in transit, the data can be easily restored.

The Paranoia2 appliance aims to plug this gap, as it provides in-line encryption capabilities, allowing data to be secured as it is being backed up. It is implemented as a 1U rack mount appliance and comes with either LVD or HVD SCSI interfaces. The appliance is designed to look after one tape drive, but can be easily cabled up to handle a tape library as well.

The Paranoia2 offers plenty of encryption options, as it supports dual interlaced DES and 3DES. There's more security behind the scenes, as each appliance is shipped with a unique encryption chip. Combine this with the key entered by the user and you have a system that stops tapes being placed on another appliance and decrypted.

Disasters are covered, as the appliance is always sent out accompanied by a spare identical encryption chip, which needs to be stored along with the user keys in a secure off-site location. If the appliance is destroyed, a new one is shipped out immediately and the spare chip placed in it to allow operations to continue unabated.
Physical installation is quite simple, made easier by the fact the appliance is designed to be transparent to the server and backup software application. To configure the appliance, you use a serial port connection and the bundled Parasoft utility. On loading, it checks the appliance and, if all is well, loads a simple interface, which provides access to all security settings.

You can start by password-protecting administrative access and then move on to selecting an encryption method from the drop-down list. You then provide a pair of keys, whose length will depend on the mode selected. Usefully, the appliance can only be modified if the tape in the drive is positioned at its BOT marker. There's good reason for this, as it stops the encryption scheme being changed midway down a tape.

During testing, we found the Paranoia2 very easy to configure and use. The appliance has a handy status screen in its front panel, which displays all the action occurring with the tape drive. It'll show read and write operations being carried out and provides a running commentary on the dataflow in MB/sec, as well as the total number of MB that are being written to the tape. From the Parasoft tool, you can also add a 20-character message to be displayed in the panel.

To test the appliance's impact on backup operations, we placed it between an HP LTO-2 tape drive and a Windows Server 2003 system running Computer Associates’ ARCserve r11.5. With a direct connection to the server, the drive returned an average of 25.4MB/sec, whilst backing up 7.5GB of test data. With the appliance placed in-line, but with encryption disabled, speed increased to 30.4MB/sec, showing the Paranoia's internal buffering coming into play. Encryption takes its toll, as DES reduced this to 21MB/sec, whilst the tougher 3DES pushed it down to 12.7MB/sec. We were advised by DISUK that most businesses opt for DES encryption.

The Paranoia2 is a neat solution for a security problem that many companies may not even be aware exists. It is extremely easy to deploy and use, and its comparatively low price makes it highly suited to a wide range of businesses looking to secure their off-site data. ST

Product: Paranoia2
Supplier: DISUK Ltd
Tel: 01327 856070
Web site: www.disuk.com
Price: £8,000