Broadcom introduced what it said is the industry’s first end-to-end post-quantum-cryptography-safe in-flight network encryption solution for Fibre Channel storage networks, pairing its Emulex SecureHBA with support in Everpure’s latest FlashArray systems. Announced on March 19, 2026, the offering is designed to secure data moving between application servers and storage arrays and to address concerns about “harvest now, decrypt later” attacks as enterprise AI deployments move into production.
Broadcom said more than 120,000 Emulex SecureHBAs have shipped on OEM server platforms over the past year. With Everpure embedding the adapter into its FlashArray family, Broadcom positions the combination as a full server-to-storage encryption architecture. The company also introduced Emulex SAN Manager 3.0, a Podman-based software package that adds encrypted-port visibility and compliance reporting for CNSA 2.0, NIS2, and DORA across Fibre Channel environments.
At the technical level, Broadcom said the platform uses AES-GCM-256 for in-flight encryption, with keys negotiated using ML-DSA-87 and ML-KEM-1024, and includes support for SPDM 1.4. The company said the architecture avoids external key managers and long-lived keys, while remaining transparent to operating systems, storage fabrics, and applications. Broadcom also said hardware offload eliminates the CPU burden typically associated with IPsec-style encryption. StorageReview, cited in the release, said its evaluation of the Everpure FlashArray//XL130 R5 with Emulex SecureHBAs found no measurable performance penalty and no CPU overhead, while encryption was negotiated automatically during the standard Fibre Channel login process without switch changes or fabric reconfiguration.
- Broadcom said Emulex SecureHBA is now available in Everpure’s latest FlashArray systems
- Broadcom said more than 120,000 Emulex SecureHBAs have shipped on OEM server platforms over the past year
- The platform targets end-to-end in-flight encryption across Fibre Channel SANs
- Broadcom cited AES-GCM-256 for encryption and ML-DSA-87 plus ML-KEM-1024 for key negotiation
- Emulex SAN Manager 3.0 adds compliance reporting for CNSA 2.0, NIS2, and DORA
- Broadcom said the architecture requires no external key managers, long-lived keys, switch changes, or fabric reconfiguration
- StorageReview said its testing found no measurable performance penalty or host/array CPU overhead
- Broadcom said VMware vSAN Storage Clusters and Microsoft Azure Local plan to support native Fibre Channel with related SecureHBA benefits
“As enterprise customers recognize that HNDL attacks present an ever-increasing threat, closing an infrastructure’s security vulnerabilities becomes a corporate imperative,” said Jeff Hoogenboom, vice president and general manager, Emulex Connectivity Division, Broadcom.
🌐 Analysis: Broadcom is using Fibre Channel to advance a broader message that post-quantum readiness must extend beyond data-at-rest controls to include protection for data in motion. The emphasis on standards-based, autonomous encryption also aligns with enterprise demand for security controls that can be deployed below the application layer without disrupting storage services such as compression, deduplication, and recovery workflows.
🌐 Analysis: The announcement also broadens Broadcom’s infrastructure positioning beyond switching and interconnect silicon into storage security and compliance management. By linking Emulex adapters, SAN management software, and OEM storage integration, Broadcom is building a more complete platform narrative around enterprise infrastructure modernization.
