Hosted by

Minimizing the Impact of Storage on Your Network

W. Curtis PrestonPresidentThe Storage Group

Hosted by

Networked Storage vs. Network Administrators

Increased Traffic

• Network-based backups

• NFS & CIFS shares from NAS filers

Management difficulties

• Proprietary networks being managed by non-network personnel

• Proprietary networks being managed by network personnel

Server

BackupServer

NASFiler

Server Server

NASFiler

Hosted by

Networked Storage vs. Network Administrators

Security implications

• One server’s data can

be accessed via other

servers

• New connections can

be made remotely

• Bad information and

little security training

Server

SANArray

Server Server

NASFiler

LAN SAN

SANArray

Server

NASFiler

Hacker’sSystem

Hosted by

Storage for Network Admins

Fibre Channel = Serial implementation of SCSI

that can be networked via FC equipment

iSCSI = Serial implementation of SCSI that can

be networked via IP/Ethernet equipment

SAN = Storage connected via Fibre Channel or

iSCSI network (blocks)

NAS = Storage connected via IP and NFS or

CIFS (file sharing)

Hosted by

Storage for Network Admins

HBA =~ NIC

WWN =~ MAC Address

Zoning =~ VLANS

Soft zoning =~ Server w/o firewall

Hard zoning =~ Server behind firewall

WWN-based zoning = Zone members specified by WWN

Port-based zoning = Zone members specified by port

Hosted by

Good news: LAN-free, Client-free and Server-free backup

Router

Library

Data General

BackupServer

IBM

Server

IBM

Server

Com3

Switch/HUB

Com3

Switch/HUB

Router

Library

Disk Array

LAN-free backups (blue)

• Shared tape library

• Backup traffic off the LAN

Client-free backups (red)

• Shared disk array

• Backs up one client’s data

through another

Server-free backups (green)

• Direct disk-to-tape data

transfer

Hosted by

Good news: Disk-to-Disk Backups

Really inexpensive disk arrays based on

ATA/IDE

Addressable via Fibre Channel, SCSI, NFS, or

CIFS

JBOD and RAID configurations (Use their RAID

controller or a software volume manager)

As low as $3,000/TB for off-shelf units!

Hosted by

What to do with them?

Connect array to backup servers via Fibre Channel & SANs, or GbE & NFS/CIFS

Back up to disk first using backup or replication software

If backups, Duplicate disk backups to tapeIf replication, make second backup to tapeExcept in disaster, restores come from

disk

BackupClient

BackupServer

ATA DiskArray

Tape

Copy or secondbackup

NFS/CIFS/SAN

Hosted by

Why would you do that?

Increase ease and integrity of backups, especially incremental backups

Can reduce backup traffic by reducing frequency of full backups

Can reduce backup traffic even more using synthetic full backups

Can also be used as target for HSM, again reducing network traffic

BackupClient

BackupServer

ATA DiskArray

Tape

Copy or secondbackup

NFS/CIFS/SAN

Hosted by

Mixed News: What about iSCSI What is iSCSI?

• Ethernet NIC with iSCSI

drivers (Hopefully TOE)

• Standard Ethernet switch

• SCSI over IP

iSCSI is here.

• A number of disk vendors

releasing products

• There’s a lot of interest for

middle-tier storage apps

Server

SANArray

iSCSILAN/SAN

Server

SANArray

SANArray

Server Server

FCSAN

SANArray

Hosted by

Mixed News: What about iSCSI?Server

SANArray

iSCSILAN/SAN

Server

SANArray

SANArray

Server Server

FCSAN

SANArray

Storage devices

everywhere and

anywhere?!?!

Should implement via

dedicated LANs, just as

with NAS

Must consider security

implications of plain text

blocks

Consider encryption

Hosted by

Scary News: Storage Security

Server

SANArray

Server Server

NASFiler

LAN SAN

SANArray

Server

NASFiler

Hacker’sSystem

SCSI/FC not built for

security

Little authentication

Storage people often

not security conscious

or security trained

Soft/hard zoning

misunderstood

Hosted by

Scary News: Storage Security

Server

SANArray

Server Server

NASFiler

LAN SAN

SANArray

Server

NASFiler

Hacker’sSystem

WWN used for auth., but

WWN can be changed

Soft zoning allows non-

members to communicate

Management interfaces

open to backbone and

use plain text protocols

NAS filers on backbone

Hosted by

Security Questions for your Storage Administrator

Are we using port-based zoning?

Are we using hard zoning?

Are our NAS or iSCSI systems on a separate, firewalled, non-routable LAN?

Can I reach the storage device management interfaces from my desktop without going through a firewall?

Hosted by

Summary

LAN/Client/Server-free backups can reduce traffic

Disk-to-disk backups can reduce traffic

iSCSI is coming, but should be on a separate LAN

Learn all you can about storage security and use it

Hosted by

Resources

Hosted by

Resources

A free directory of all things Storage

Storage Mountainhttp://www.storagemountain.com

Hosted by

Resources

The Storage Group specializes in

assessing, designing and implementing

storage systems.

http://www.thestoragegroup.com

Send questions to:

curtis@thestoragegroup.com

Hosted by

Thank you!

W. Curtis Preston