Minimizing the Impact of Storage on Your Network

1
Minimizing the Impact of Storage on Your Network

• W. Curtis Preston
• President
• The Storage Group

2
Networked Storage vs. Network Administrators

• Increased Traffic
• Network-based backups
• NFS CIFS shares from NAS filers
• Management difficulties
• Proprietary networks being managed by non-network
  personnel
• Proprietary networks being managed by network
  personnel

3
Networked Storage vs. Network Administrators

• Security implications
• One servers data can be accessed via other
  servers
• New connections can be made remotely
• Bad information and little security training

4
Storage for Network Admins

• Fibre Channel Serial implementation of SCSI
  that can be networked via FC equipment
• iSCSI Serial implementation of SCSI that can be
  networked via IP/Ethernet equipment
• SAN Storage connected via Fibre Channel or
  iSCSI network (blocks)
• NAS Storage connected via IP and NFS or CIFS
  (file sharing)

5
Storage for Network Admins

• HBA NIC
• WWN MAC Address
• Zoning VLANS
• Soft zoning Server w/o firewall
• Hard zoning Server behind firewall
• WWN-based zoning Zone members specified by WWN
• Port-based zoning Zone members specified by port

6
Good news LAN-free, Client-free and Server-free
backup

• LAN-free backups (blue)
• Shared tape library
• Backup traffic off the LAN
• Client-free backups (red)
• Shared disk array
• Backs up one clients data through another
• Server-free backups (green)
• Direct disk-to-tape data transfer

7
Good news Disk-to-Disk Backups

• Really inexpensive disk arrays based on ATA/IDE
• Addressable via Fibre Channel, SCSI, NFS, or CIFS
• JBOD and RAID configurations (Use their RAID
  controller or a software volume manager)
• As low as 3,000/TB for off-shelf units!

8
What to do with them?

• Connect array to backup servers via Fibre Channel
  SANs, or GbE NFS/CIFS
• Back up to disk first using backup or replication
  software
• If backups, Duplicate disk backups to tape
• If replication, make second backup to tape
• Except in disaster, restores come from disk

9
Why would you do that?

• Increase ease and integrity of backups,
  especially incremental backups
• Can reduce backup traffic by reducing frequency
  of full backups
• Can reduce backup traffic even more using
  synthetic full backups
• Can also be used as target for HSM, again
  reducing network traffic

10
Mixed News What about iSCSI

• What is iSCSI?
• Ethernet NIC with iSCSI drivers (Hopefully TOE)
• Standard Ethernet switch
• SCSI over IP
• iSCSI is here.
• A number of disk vendors releasing products
• Theres a lot of interest for middle-tier storage
  apps

11
Mixed News What about iSCSI?

• Storage devices everywhere and anywhere?!?!
• Should implement via dedicated LANs, just as with
  NAS
• Must consider security implications of plain text
  blocks
• Consider encryption

12
Scary News Storage Security

• SCSI/FC not built for security
• Little authentication
• Storage people often not security conscious or
  security trained
• Soft/hard zoning misunderstood

13
Scary News Storage Security

• WWN used for auth., but WWN can be changed
• Soft zoning allows non-members to communicate
• Management interfaces open to backbone and use
  plain text protocols
• NAS filers on backbone

14
Security Questions for your Storage Administrator

• Are we using port-based zoning?
• Are we using hard zoning?
• Are our NAS or iSCSI systems on a separate,
  firewalled, non-routable LAN?
• Can I reach the storage device management
  interfaces from my desktop without going through
  a firewall?

15
Summary

• LAN/Client/Server-free backups can reduce traffic
• Disk-to-disk backups can reduce traffic
• iSCSI is coming, but should be on a separate LAN
• Learn all you can about storage security and use
  it

16
Resources
17
Resources

• A free directory of all things Storage
• Storage Mountain
• http//www.storagemountain.com

18
Resources

• The Storage Group specializes in assessing,
  designing and implementing storage systems.
• http//www.thestoragegroup.com
• Send questions to
• curtis_at_thestoragegroup.com

19
Thank you!W. Curtis Preston