IT Pro Verdict
The Assureon appears expensive for what it is, but as a secure, manageable CAS solutions which will help meet the changing face of data compliance, it is a very good option.
The Nexsan Assureon is marketed as a storage security product and oddly enough, that's just what it is. Another way of looking at it, is as a Content Addressable Storage (CAS) disaster recovery solution. The Assureon uses multiple servers and storage devices and can be located in multiple sites for wide area replication.
The Assureon is not a piecemeal solution. Before it is shipped to site, it is built to order by Nexsan and requires a lot of pre-planning between both the customer and Nexsan field engineers. There are several versions, depending on the complexity and storage requirements of the customer but the basic components consist of servers, storage appliances, a 25u or 45u rack to hold everything and some software.
The servers in the Assureon are Dell PowerEdge 2950's. These are 1u servers with a pair of Intel Xeon 3.06GHz dual core processors; 2GB RAM and up to four local Serial Attached SCSI (SAS) hard disks. The number of servers that you have depends on your preferred configuration and this is determined by performance and resilience. In a typical evaluation system, Nexsan would ship just a single server. In a production environment the minimum recommended configuration becomes two servers, one for the front-end (user facing) one for the back-end (data-facing).
The storage units are normally Nexsan SATABoy devices, each holding up to 7TB of storage although you could use the Nexsan SATABeast which supports 21TB of storage in a single enclosure. Each Assureon contains two separate storage appliances although it can contain more as you build out your solution over time.
The Assureon comes in an APC rack. This is to enable factory configuration and ensure that the customer has a working solution when it arrives on site.
Nexsan ships two standard configurations, the SX and the GX plus. The SX is designed for a single site while the GX is intended for users needing to keep data at different sites.
Nexsan perform the pre-configuration of the Assureon based on information provided by the customer prior to delivery. The customer will then go through their own configuration work. Configuration is something that should not be taken lightly. Ideally, the issues and problems with configuration will have been dealt with during the pre-sales meetings.
The Assureon comes set as its own Windows 2003 domain. This is to keep it separate from existing systems and to reduce the security footprint. In order for it to work you need to create a trust between the Assureon domain and your existing systems. This is a one way trust from the Assureon to your domain and is only done after the Assureon has been delivered. If you have multiple Assureon solutions, each will be a separate domain. Once you add it to your systems, you will need to make DNS entries so that users from different sites can connect to it.
Administration is done through the Assureon Admin which is a standard web-based GUI. Here Nexsan have been smart and kept the same look and feel as their storage products - SATABoy and SATABeast.
The Assureon uses Microsoft Windows Server 2003 as its operating system and Microsoft SQL Server 2005 to maintain the indexes and other information. Although this is a hardened version of Windows Server (it conforms to Evaluation Assurance Level 4 (EAL-4)) there are still issues over security and other patches. Despite Microsoft efforts to remove the need for reboots when patches are applied to their software, this is not always possible, nor does Microsoft make it clear when you will need to reboot. Nexsan takes control of this for you and Nexsan Canada test all patches to see what does need a reboot. The Assureon is redirected to Nexsan Canada to pick up all patches and updates.
The Assureon has a full audit log which is stored in a read-only database. Like many devices today you can redirect any alerts to email, pagers and mobile phones. Unfortunately, Nexsan has yet to add a secure email option. Most organisations require their users to login before they can send mail. This prevents unauthorised email being sent through the corporate email servers. Nexsan are looking to address this soon.
At the heart of the Assureon is the classification and sub-classification groups. A classification is a tag applied to data and is used to control access and security. A sub-classification simply refines the tagging. This is a fairly broad approach to the use of meta-data but does provide a start point for Information Lifecycle Management (ILM).
Classifications can be time limited and can allow the retention time to be extended. They are very powerful and most of the preparation work is around planning the classification tree that you will use. Each classification creates its own group in Active Directory. To create control of data, classifications are linked to retention rules.
These rules create the minimum and initial retention periods which can be different. Once set, these rules cannot be changed for existing data only for data added after the rule is changed. The retention rule also determines if data is to be compressed, encrypted and the number of versions to be kept. With some financial legislation you need to keep all versions so this number should be kept high. The Assureon does not delete excess versions but there is a utility that the administrator can run to reclaim the space.
Encryption is done through the use of two separate keys, SHA-1 and MDA-5. The result is that every file has a unique fingerprint and prevents any mathematical chance of two files every getting the same key. When a file is destroyed, the index is shredded. This means that even if the file exists on a backup tape, you cannot restore and then access it.
Data is acquired by the Assureon through the use of File System Watchers (FSW). These are placed out where the data resides and collects it back into the Assureon when it changes or new files are added.
The Assureon requires its own management account in your general domain for administration but the administration tools can be installed on any workstation. There is a hidden Nexsan management account that can only be accessed by Nexsan from their support centre based in Canada. Nexsan does not provide the customer with the details or access to this account. This account has no access to files; it is used for maintenance by Nexsan. While Nexsan are sure that they meet all the requirements of any data legislation, they do stress that final checks are the responsibility of the customer. Outside access is one of those times when you will need to do checks.
Initial configuration can take time and it is likely that you will initially end up keeping more data than you want. One of the most important considerations is that of time. Get the retention time wrong and there is little you can do. Most organisations have no idea of how long they want to keep data for and this is where any planning to install an Assureon must include your Compliance team.
With careful planning at the start, ongoing maintenance of the Assureon is almost non-existent. Making backups of data, monitoring logs, adding new classifications and retention rules is not overly burdensome and this looks to be a light touch security solution.
The list price for the Assureon looks very high but shop around and the street price is generally around 25 per cent less.
Verdict
The Assureon appears expensive for what it is, but as a secure, manageable CAS solutions which will help meet the changing face of data compliance, it is a very good option.
Assureon SX Single Node, Single or Dual File Writes Includes (Next Business Day) Onsite and Phone Support SX-10(1) 4TB, includes (4) FSW agents£27,077.00 SX-20 (1) 7TB, includes (4) FSW agents£37,744.00 SX-30(1) 21TB, includes (4) FSW agents £86,616.00 Assureon GX Dual Node, Single or Dual File Writes Includes (Next Business Day) Onsite and Phone Support GX2-10 - 7TB, includes (8) FSW agents£46,872.00 GX2-20 - 14TB, includes (8) FSW agents£70,565.00 GX2-30 - 21TB, includes (8) FSW agents£94,103.00