The SearchSAP.com Conference Europe
Download
Report
Transcript The SearchSAP.com Conference Europe
Hosted by
Minimizing the Impact of
Storage on Your Network
W. Curtis Preston
President
The Storage Group
Hosted by
Networked Storage
vs. Network Administrators
Increased Traffic
•
•
Server
Server
Server
NAS
Filer
Backup
Server
NAS
Filer
Network-based backups
NFS & CIFS shares from
NAS filers
Management difficulties
•
Proprietary networks
being managed by nonnetwork personnel
•
Proprietary networks
being managed by
network personnel
Hosted by
Networked Storage
vs. Network Administrators
Server
Server
Server
Server
Security implications
•
be accessed via other
servers
SAN
LAN
Hacker’s
System
NAS
Filer
NAS
Filer
SAN
Array
One server’s data can
SAN
Array
•
New connections can
be made remotely
•
Bad information and
little security training
Hosted by
Storage for Network Admins
Fibre Channel = Serial implementation of SCSI
that can be networked via FC equipment
iSCSI = Serial implementation of SCSI that can
be networked via IP/Ethernet equipment
SAN = Storage connected via Fibre Channel or
iSCSI network (blocks)
NAS = Storage connected via IP and NFS or
CIFS (file sharing)
Hosted by
Storage for Network Admins
HBA =~ NIC
WWN =~ MAC Address
Zoning =~ VLANS
Soft zoning =~ Server w/o firewall
Hard zoning =~ Server behind firewall
WWN-based zoning = Zone members specified by
WWN
Port-based zoning = Zone members specified by port
Hosted by
Good news: LAN-free, Client-free and
Server-free backup
Library
Data General
Backup
Server
Router
Switch/HUB
LAN-free backups (blue)
•
•
Backup traffic off the LAN
Client-free backups (red)
3Com
•
•
IBM
Disk Array
3Com
Server
Shared tape library
Switch/HUB
Shared disk array
Backs up one client’s data
through another
Router
Server-free backups (green)
IBM
•
Server
Library
Direct disk-to-tape data
transfer
Hosted by
Good news: Disk-to-Disk Backups
Really inexpensive disk arrays based on
ATA/IDE
Addressable via Fibre Channel, SCSI,
NFS, or CIFS
JBOD and RAID configurations (Use their
RAID controller or a software volume
manager)
As low as $3,000/TB for off-shelf units!
Hosted by
What to do with them?
Connect array to backup servers via Fibre
Channel & SANs, or GbE & NFS/CIFS
Back up to disk first using backup or
replication software
If backups, Duplicate disk backups to tape
If replication, make second backup to tape
Except in disaster, restores come from disk
Backup
Client
Backup
Server
NFS/CIFS/SAN
ATA Disk
Array
Copy or second
backup
Tape
Hosted by
Why would you do that?
Increase ease and integrity of backups,
especially incremental backups
Can reduce backup traffic by reducing
frequency of full backups
Can reduce backup traffic even more
using synthetic full backups
Can also be used as target for HSM, again
reducing network traffic
Backup
Client
Backup
Server
NFS/CIFS/SAN
ATA Disk
Array
Copy or second
backup
Tape
Hosted by
Mixed News: What about iSCSI
What is iSCSI?
•
Ethernet NIC with iSCSI
drivers (Hopefully TOE)
•
•
Standard Ethernet switch
Server
Server
FC
SAN
SCSI over IP
Server
Server
iSCSI
LAN/SAN
iSCSI is here.
•
•
A number of disk vendors
releasing products
There’s a lot of interest for
middle-tier storage apps
SAN
Array
SAN
Array
SAN
Array
SAN
Array
Hosted by
Mixed News: What about iSCSI?
Server
Server
FC
SAN
Server
Server
iSCSI
LAN/SAN
Storage devices
everywhere and
anywhere?!?!
Should implement via
dedicated LANs, just as
with NAS
SAN
Array
SAN
Array
SAN
Array
SAN
Array
Must consider security
implications of plain text
blocks
Consider encryption
Hosted by
Scary News: Storage Security
Server
Server
Server
SCSI/FC not built for
security
Server
Little authentication
SAN
LAN
Hacker’s
System
NAS
Filer
NAS
Filer
SAN
Array
SAN
Array
Storage people often
not security conscious
or security trained
Soft/hard zoning
misunderstood
Hosted by
Scary News: Storage Security
WWN used for auth., but
WWN can be changed
Server
Server
Soft zoning allows nonmembers to communicate
Server
Server
SAN
LAN
Management interfaces
open to backbone and use
plain text protocols
NAS filers on backbone
Hacker’s
System
NAS
Filer
NAS
Filer
SAN
Array
SAN
Array
Hosted by
Security Questions for your
Storage Administrator
Are we using port-based zoning?
Are we using hard zoning?
Are our NAS or iSCSI systems on a
separate, firewalled, non-routable LAN?
Can I reach the storage device
management interfaces from my desktop
without going through a firewall?
Hosted by
Summary
LAN/Client/Server-free backups can
reduce traffic
Disk-to-disk backups can reduce traffic
iSCSI is coming, but should be on a
separate LAN
Learn all you can about storage security
and use it
Hosted by
Resources
Hosted by
Resources
A free directory of all things Storage
Storage Mountain
http://www.storagemountain.com
Hosted by
Resources
The Storage Group specializes in
assessing, designing and implementing
storage systems.
http://www.thestoragegroup.com
Send questions to:
[email protected]
Hosted by
Thank you!
W. Curtis Preston