Title: Minimizing the Impact of Storage on Your Network
1Minimizing the Impact of Storage on Your Network
- W. Curtis Preston
- President
- The Storage Group
2Networked Storage vs. Network Administrators
- Increased Traffic
- Network-based backups
- NFS CIFS shares from NAS filers
- Management difficulties
- Proprietary networks being managed by non-network
personnel - Proprietary networks being managed by network
personnel
3Networked Storage vs. Network Administrators
- Security implications
- One servers data can be accessed via other
servers - New connections can be made remotely
- Bad information and little security training
4Storage for Network Admins
- Fibre Channel Serial implementation of SCSI
that can be networked via FC equipment - iSCSI Serial implementation of SCSI that can be
networked via IP/Ethernet equipment - SAN Storage connected via Fibre Channel or
iSCSI network (blocks) - NAS Storage connected via IP and NFS or CIFS
(file sharing)
5Storage for Network Admins
- HBA NIC
- WWN MAC Address
- Zoning VLANS
- Soft zoning Server w/o firewall
- Hard zoning Server behind firewall
- WWN-based zoning Zone members specified by WWN
- Port-based zoning Zone members specified by port
6Good news LAN-free, Client-free and Server-free
backup
- LAN-free backups (blue)
- Shared tape library
- Backup traffic off the LAN
- Client-free backups (red)
- Shared disk array
- Backs up one clients data through another
- Server-free backups (green)
- Direct disk-to-tape data transfer
7Good news Disk-to-Disk Backups
- Really inexpensive disk arrays based on ATA/IDE
- Addressable via Fibre Channel, SCSI, NFS, or CIFS
- JBOD and RAID configurations (Use their RAID
controller or a software volume manager) - As low as 3,000/TB for off-shelf units!
8What to do with them?
- Connect array to backup servers via Fibre Channel
SANs, or GbE NFS/CIFS - Back up to disk first using backup or replication
software - If backups, Duplicate disk backups to tape
- If replication, make second backup to tape
- Except in disaster, restores come from disk
9Why would you do that?
- Increase ease and integrity of backups,
especially incremental backups - Can reduce backup traffic by reducing frequency
of full backups - Can reduce backup traffic even more using
synthetic full backups - Can also be used as target for HSM, again
reducing network traffic
10Mixed News What about iSCSI
- What is iSCSI?
- Ethernet NIC with iSCSI drivers (Hopefully TOE)
- Standard Ethernet switch
- SCSI over IP
- iSCSI is here.
- A number of disk vendors releasing products
- Theres a lot of interest for middle-tier storage
apps
11Mixed News What about iSCSI?
- Storage devices everywhere and anywhere?!?!
- Should implement via dedicated LANs, just as with
NAS - Must consider security implications of plain text
blocks - Consider encryption
12Scary News Storage Security
- SCSI/FC not built for security
- Little authentication
- Storage people often not security conscious or
security trained - Soft/hard zoning misunderstood
13Scary News Storage Security
- WWN used for auth., but WWN can be changed
- Soft zoning allows non-members to communicate
- Management interfaces open to backbone and use
plain text protocols - NAS filers on backbone
14Security Questions for your Storage Administrator
- Are we using port-based zoning?
- Are we using hard zoning?
- Are our NAS or iSCSI systems on a separate,
firewalled, non-routable LAN? - Can I reach the storage device management
interfaces from my desktop without going through
a firewall?
15Summary
- LAN/Client/Server-free backups can reduce traffic
- Disk-to-disk backups can reduce traffic
- iSCSI is coming, but should be on a separate LAN
- Learn all you can about storage security and use
it
16Resources
17Resources
- A free directory of all things Storage
- Storage Mountain
- http//www.storagemountain.com
18Resources
- The Storage Group specializes in assessing,
designing and implementing storage systems. - http//www.thestoragegroup.com
- Send questions to
- curtis_at_thestoragegroup.com
19Thank you!W. Curtis Preston