Transcript The SearchSAP.com Conference Europe

Hosted by
Minimizing the Impact of
Storage on Your Network
W. Curtis Preston
President
The Storage Group
Hosted by
Networked Storage
vs. Network Administrators
 Increased Traffic
•
•
Server
Server
Server
NAS
Filer
Backup
Server
NAS
Filer
Network-based backups
NFS & CIFS shares from
NAS filers
 Management difficulties
•
Proprietary networks
being managed by nonnetwork personnel
•
Proprietary networks
being managed by
network personnel
Hosted by
Networked Storage
vs. Network Administrators
Server
Server
Server
Server
 Security implications
•
be accessed via other
servers
SAN
LAN
Hacker’s
System
NAS
Filer
NAS
Filer
SAN
Array
One server’s data can
SAN
Array
•
New connections can
be made remotely
•
Bad information and
little security training
Hosted by
Storage for Network Admins
 Fibre Channel = Serial implementation of SCSI
that can be networked via FC equipment
 iSCSI = Serial implementation of SCSI that can
be networked via IP/Ethernet equipment
 SAN = Storage connected via Fibre Channel or
iSCSI network (blocks)
 NAS = Storage connected via IP and NFS or
CIFS (file sharing)
Hosted by
Storage for Network Admins
 HBA =~ NIC
 WWN =~ MAC Address
 Zoning =~ VLANS
 Soft zoning =~ Server w/o firewall
 Hard zoning =~ Server behind firewall
 WWN-based zoning = Zone members specified by
WWN
 Port-based zoning = Zone members specified by port
Hosted by
Good news: LAN-free, Client-free and
Server-free backup
Library
Data General
Backup
Server
Router
Switch/HUB
 LAN-free backups (blue)
•
•
Backup traffic off the LAN
 Client-free backups (red)
3Com
•
•
IBM
Disk Array
3Com
Server
Shared tape library
Switch/HUB
Shared disk array
Backs up one client’s data
through another
Router
 Server-free backups (green)
IBM
•
Server
Library
Direct disk-to-tape data
transfer
Hosted by
Good news: Disk-to-Disk Backups
 Really inexpensive disk arrays based on
ATA/IDE
 Addressable via Fibre Channel, SCSI,
NFS, or CIFS
 JBOD and RAID configurations (Use their
RAID controller or a software volume
manager)
 As low as $3,000/TB for off-shelf units!
Hosted by
What to do with them?
 Connect array to backup servers via Fibre
Channel & SANs, or GbE & NFS/CIFS
 Back up to disk first using backup or
replication software
 If backups, Duplicate disk backups to tape
 If replication, make second backup to tape
 Except in disaster, restores come from disk
Backup
Client
Backup
Server
NFS/CIFS/SAN
ATA Disk
Array
Copy or second
backup
Tape
Hosted by
Why would you do that?
 Increase ease and integrity of backups,
especially incremental backups
 Can reduce backup traffic by reducing
frequency of full backups
 Can reduce backup traffic even more
using synthetic full backups
 Can also be used as target for HSM, again
reducing network traffic
Backup
Client
Backup
Server
NFS/CIFS/SAN
ATA Disk
Array
Copy or second
backup
Tape
Hosted by
Mixed News: What about iSCSI
 What is iSCSI?
•
Ethernet NIC with iSCSI
drivers (Hopefully TOE)
•
•
Standard Ethernet switch
Server
Server
FC
SAN
SCSI over IP
Server
Server
iSCSI
LAN/SAN
 iSCSI is here.
•
•
A number of disk vendors
releasing products
There’s a lot of interest for
middle-tier storage apps
SAN
Array
SAN
Array
SAN
Array
SAN
Array
Hosted by
Mixed News: What about iSCSI?
Server
Server
FC
SAN
Server
Server
iSCSI
LAN/SAN
 Storage devices
everywhere and
anywhere?!?!
 Should implement via
dedicated LANs, just as
with NAS
SAN
Array
SAN
Array
SAN
Array
SAN
Array
 Must consider security
implications of plain text
blocks
 Consider encryption
Hosted by
Scary News: Storage Security
Server
Server
Server
 SCSI/FC not built for
security
Server
 Little authentication
SAN
LAN
Hacker’s
System
NAS
Filer
NAS
Filer
SAN
Array
SAN
Array
 Storage people often
not security conscious
or security trained
 Soft/hard zoning
misunderstood
Hosted by
Scary News: Storage Security
 WWN used for auth., but
WWN can be changed
Server
Server
 Soft zoning allows nonmembers to communicate
Server
Server
SAN
LAN
 Management interfaces
open to backbone and use
plain text protocols
 NAS filers on backbone
Hacker’s
System
NAS
Filer
NAS
Filer
SAN
Array
SAN
Array
Hosted by
Security Questions for your
Storage Administrator
 Are we using port-based zoning?
 Are we using hard zoning?
 Are our NAS or iSCSI systems on a
separate, firewalled, non-routable LAN?
 Can I reach the storage device
management interfaces from my desktop
without going through a firewall?
Hosted by
Summary
 LAN/Client/Server-free backups can
reduce traffic
 Disk-to-disk backups can reduce traffic
 iSCSI is coming, but should be on a
separate LAN
 Learn all you can about storage security
and use it
Hosted by
Resources
Hosted by
Resources
A free directory of all things Storage
 Storage Mountain
http://www.storagemountain.com
Hosted by
Resources
 The Storage Group specializes in
assessing, designing and implementing
storage systems.
http://www.thestoragegroup.com
 Send questions to:
[email protected]
Hosted by
Thank you!
W. Curtis Preston