Data-at-rest and data-in-flight security with full life-cycle key management in a single solution. Sensitive departmental information interchange and storage data of government security organization are encrypted using Bloombase Spitfire Storage Encryption Solution Running on Sun Microsystems x-Series Servers achieving end-to-end data in-flight and data at-rest security.

1. Sun and Bloombase R
SpitfireTM StoreSafe End-to-end Storage
Security Solution
Data-at-rest and data-in-flight security with full life-cycle key management in a
single solution. Sensitive departmental information interchange and storage
data of government security organization are encrypted using Bloombase R
SpitfireTM Storage Encryption Solution Running on Sun Microsystems x-Series
Servers achieving end-to-end data in-flight and data at-rest security.
About The Customer Implementation Highlights
> Government security control organization First customer to practice both data-in-flight and
> Employees: More than 10,000 data-at-rest protection for end-to-end security of
Objective highly available sensitive business data
To protect privacy of sensitive data interchange interchange and persistence.
information submitted from various trusted data
Features
providers. Secure contents in storage sub-
A municipal security control organization
systems and backup tapes from secret data dynamically allocates their task forces and
Highlights exposure to unauthorized parties caused by automatically reacts to potential incidents based
> No client user training is required physical or electronic theft. on a self-developed intelligence information
for third party data providers Key Challenges- system. Hundreds or even thousands of
> Support heterogeneous host operating information feeds including weather forecast and
> Application transparency reports, local news, foreign news, traffic reports,
systems including Microsoft R Windows R,
> High encryption performance IBM AIX, etc border and coastal data, calendar events, etc are
> No change to end user, administrator and collected from hundreds of data sources every
> Highly available and fault-tolerant operator workflow minute. These real-time information, structured
> No coding or second development is required and/or unstructured, in form of flat files, are
> Tamper proof and tamper resistant parsed, extracted and aggregated before they are
> Sensitive information are physically stored-
key protection yet-encrypted at all times and no physical loaded into a centralized data warehouse.
plain originals and copies are allowed Based on various pre-defined data mining rules,
> Interoperable with IBM WebSphere R real-time security data are analyzed to generate
Application Server and IBM DB2 Universal reports, milestones and alerts to proactively
Database (UDB) Server monitor potential hazards and risks. With
> Encrypted archives on backup tapes response to these possible outcomes closely
> High performance encryption and decryption monitored and tracked by the 24x7 operation
Project Objectives unit, the bureau dynamically reacts and allocates
resources and task forces to combat such
> Protect in-flight data submitted from third
potential incidents, better control the worsening
parties by HTTP form posts
situation, if any, or even suppress outbreak of the
> Safeguard file system objects, relational
incidents.
databases and backup media
> Encrypt dynamic database data stored in Among these incoming information feeds, data
storage area network (SAN) warehouse and reports repository are extremely
sensitive and are under airtight political and
Why Bloombase R Solutions security privacy regulatory. In application's
> All-in-one solution to achieve data in- perspective, security measures limit access to the
flight and at-rest security system to authorized personnel only, protecting
> Platform independence
from unauth-orized access.
> NIST FIPS-140-2 level-3 tamper proof and
tamper resistant key protection
> Full lifecycle key management

2. 2 Sun and Bloombase www.hk.sun.com
Network communications of these controlled An active self-executing component is deployed
information are secured by secure socket layer at every data providers' internal network to poll Learn More
(SSL) powered by Advanced Encryption Standard for latest news and information. These sensitive For more information, visit
(AES) 256-bit strong encryption with industry- information feeds are encrypted automatically as www.hk.sun.com
proven secure key exchange, thus, sensitive data they are uploaded to the intelligence system by www.bloombase.com
exposure due to eavesdropping is eliminated. SpitfireTM StoreSafe Lite Storage Security API with or contact your local Sun Sales
Physical access to the computing hardware, channel further protected by SSL. The ciphered representative.
whether at primary data center or disaster information feed is temporarily stored at a
recovery (DR) site, are securely isolated and staging area physically located at IBM
under strict physical access control, blocking TotalStorage R DS4100 SAN in form of flat file. A
possible physical tampering and data/hardware
job is scheduled to run every other minute at an Sun FireTM X4240
IBM WebSphere R Application Server to scan for
theft. With all these security measures in place
latest information feeds, access of ciphered
which are generally considered border or
incoming files via SpitfireTM StoreSafe Security
perimeter protection, the data system is Server provides a virtual plain view of sensitive
vulnerable to core attacks, unknown attacks and contents to be extracted and bulk imported into
outbound threats such as operator/insider a data warehouse powered by IBM DB2 UDB.
attacks, spyware attacks and viral outbreaks, etc.
Read/write access of DB2 UDB is made via a Sun FireTM X4150 provides the best combination
The Mission Critical Encryption highly available SpitfireTM StoreSafe Server cluster of performance, expandability, and power
To cope with these challenges and meet national operating on Sun Microsystems x-Series Servers. efficiency and is the best 1RU 2-socket server.
data privacy requirements, end customer needs Thus, during bulk import of information, The Sun FireTM X4150 server gives you much more
to implement effective data encryption to secure sensitive information are first encrypted on-the- throughput, growth options, and power savings
information exchange with various data fly by SpitfireTM StoreSafe before they are than any other 1RU 2-socket x64 system. It's an
providers, protect data repository storage, data persisted onto SAN, vice versa, on execution of excellent example of Sun's innovative
warehouse and backup archives at both primary data-mining procedures, ciphered data are engineering delivering one of the most
and disaster recovery systems. Implementing deciphered at real-time on-demand prior to compelling x64 solutions in the market.
encryption on this mission critical system is full actual query reads.
Dual-Core and Quad-Core Intel R Xeon R processors
of constraints, baseline requirements being data Analysis results in form of data records and large power the Sun FireTM X4150 server to deliver
in-flight and at-rest are securely encrypted by AES binary objects are stored in another DB2 UDB world-class 32-bit and 64-bit performance in a
256-bit cryptographic cipher, high availability instance which is also protected by SpitfireTM rack-mountable 1RU form factor - fully backed by
ready and fault-tolerant, tamper proof and StoreSafe Storage Encryption Servers running on Sun's rock-solid, enterprise-class capabilities and
tamper resistant key protection and Sun Microsystems x-Series Systems. Again, only quality.
management. On the other hand, the encryption when these sensitive milestones are accessed
solution has to fit perfectly into end customer's and presented to authorized personnel will the Sun FireTM X4450 is industry's smallest enterprise-
three-tier architecture at zero change, no private information be deciphered at wire-speed class 4-socket x64 server and now comes with
application change, no database object change by SpitfireTM StoreSafe. Ciphered block based SAN the Intel R Xeon R processor 7400 series with 6
and last but not least, to be fully transparent to storage updates are automatically synchronized processing cores. In fact, it's the first and only 4-
applications, administrators, operators and users. from primary site to DR site via a virtual private socket, 24-way, 2RU server - half the size of the
lease line to be further reconstructed and applied other servers in its class.
After a three-months evaluation process, end to the DR SAN sub-system. The Sun FireTM X4240, powered by the Quad-Core
customer selected Bloombase R SpitfireTM
or enhanced Quad-Core AMD OpteronTM
Enterprise Security Solution over rivals taking processor, gives you up to twice the memory and
kernel-based, database column-based, and storage capacity of any system in its class. It's
hardware appliance-based encryption the first and only two-socket AMD OpteronTM
approaches.
Sun FireTM X4450
system with *16 hard drive* slots in a 2RU form
factor.
Deployment of Bloombase R SpitfireTM KeyCastle
Key Management Servers and SpitfireTM Store-
Safe Storage Security Servers completed within 3
days whereas initial data migration of incoming
information feed repository, IBM DB2 UDB data
files and report storage area took merely another Reference Architecture
surprisingly 2 days. Sun x64 servers are the fastest, energy-efficient and
reliable Intel R or AMD servers. These servers can
run virtually any operating systems, including
SolarisTM OS, Linux, Windows R or VMware.
Sun Microsystems of California Limited 66/F Centre Plaza, 18 Harbour Road, Wanchai, Hong Kong Phone 852-2202-6200 Web www.hk.sun.com
@2008 Sun Microsystems of California Limited. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, J2EE, J2SE, Solaris, the Solaris logo, StarOffice, Sun Enterprise Authentication Mechanism, and SunPCi are
trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Mozilla is a trademark of Netscape Communications Corporation in the United States and other countries. UNIX
is a registered trademark in the United States, exclusively licensed through X/Open Company, Ltd. Information subject to change without notice.