A storage server is a computer that provides storage services relating to the organization of information on mass storage devices, such as flash memories, tapes or disks. The storage server is commonly deployed within a storage area network (SAN) or a network attached storage (NAS) environment. When used within a NAS environment, the storage server may be embodied as a file server including an operating system that implements a file system to logically organize the information as a hierarchical structure of data containers, such as files on, e.g., the disks. Each “on-disk” file may be implemented as a set of data structures, e.g., disk blocks, configured to store information, such as the actual data (i.e., file data) for the file.
The file server may be further configured to operate according to a client/server model of information delivery to thereby allow many client systems (clients) to access shared resources, such as files, stored on the file server. Storage of information on a NAS system is typically deployed over a computer network comprising a geographically distributed collection of interconnected communication links, such as Ethernet, that allow clients to remotely access the information (files) on the file server. The clients typically communicate with the file server by exchanging discrete frames or packets of data according to pre-defined protocols, such as the Transmission Control Protocol/Internet Protocol (TCP/IP).
In the client/server model, the client may comprise an application executing on a computer that “connects” to the storage server over a computer network, such as a point-to-point link, shared local area network, wide area network or virtual private network implemented over a public network, such as the Internet. NAS systems generally utilize file-based access protocols; therefore, each client may request the services of the storage server by issuing file system protocol messages (in the form of packets) to the file system over the network identifying one or more files to be accessed without regard to specific locations, e.g., blocks, in which the data are stored on disk.
A network environment may further be configured wherein information (data) is encrypted in storage served by one or more storage servers using one or more security devices. Each security device is configured to transform unencrypted data (cleartext) supplied by clients into encrypted data (ciphertext) destined for storage by the storage server. Storage having encrypted data may thus be referred to as “secure storage” since data is not stored in its native form but rather in encrypted form.
Secure storage may be logically divided into one or more portions with which each is associated with its own encryption key for performing cryptographic operations (i.e. encrypt and decrypt). An encryption key (key and encryption key are used interchangeable herein) is a code or number which, when taken together with an encryption algorithm, defines a unique transformation used to encrypt or decrypt data. Data remains encrypted while stored in secure storage until requested by an authorized client. Upon such a request, the security device uses the appropriate key for performing the requested cryptographic operations. For instance, data may be encrypted prior to storage by the storage server or decrypted prior to supplying data to the requesting client.
In many practical security systems there exist several portions of secure storage managed by the storage server. A key manager such as the Lifetime Key Management™ Appliance developed by NetApp, Inc. of Sunnyvale, Calif., may thus be operative with the storage server and security devices for managing the keys used thereby. Management of keys includes maintaining permissions, governing key access, providing key backup, carrying out key archival procedures, performing client management procedures, monitoring security devices, updating keys, performing disaster recovery, and other management functions. When an authorized client requests data from a particular portion of secure storage, the key manager retrieves the proper key and supplies it to the security device for performing the required cryptographic operation.
A primary concern with the central management of keys involves ensuring the continued accessibility of data in secure storage when the key manager fails. A second key manager (remote key manager) may therefore be available to manage a copy (mirror) of the keys. The remote key manager is operative with a remote security device and a remote storage server storing a mirror of the primary storage server data for performing cryptographic operations on the mirrored data upon a failure of the primary key manager.
To facilitate the handling of keys between key managers, security devices, and storage servers, such keys are conventionally operative in software-based encryption systems on each device. Software-based systems typically use keys of shorter lengths for use in computations to convert ciphertext to plaintext which may be easily implemented by a variety of devices without requiring specialized hardware. However, a key having a shorter length is referred to as a “weak key” since the key may be subject to unauthorized access by virtue of its shared processing resources with other software and/or the relative ease in which a key may be “guessed” by an unauthorized user.
In contrast, hardware-based encryption systems use dedicated hardware and keys of longer lengths (referred to as “strong keys”) for providing a greater level of protection against unauthorized access. To that end, the greater level of protection results in more complexity and difficulty in sharing keys among several devices. One conventional approach for sharing hardware keys and avoiding such complexities involves a security administrator manually supplying keys between devices. Such manual efforts are impractical and inefficient, however, due to the volume of keys generated for various portions of secure storage.
An alternative approach for ensuring the availability of keys involves storing a copy of the keys in a less secure location (i.e. external storage) such as a location of the storage server. If the key manager fails, the storage server may provide the appropriate key for performing the desired cryptographic operations on data of the storage server. However, while the manual efforts required by the prior technique are alleviated in the alternative approach, the keys under the latter approach are instead exposed to potential unauthorized access by other system applications and/or programs operative within the storage server. Accordingly, a tradeoff exists between the ease of key handling in a storage system configured for disaster recovery and protecting a key from unauthorized access.