Feature

Bridging SAN islands

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Who owns storage in your organization?."

Download it now to read this article plus other related content.

QoS and security
David Stevens, CTO of Brocade's Transport Systems Group, says, "Quality of service in the network only matters when it costs money, otherwise users don't care." With 2Gb FC already commonplace, bandwidth plentiful in most environments and 4GB and 10Gb FC just around the corner, most storage managers place a low priority on the ability to route and manage traffic on their FC infrastructure. However, QoS becomes an important consideration when managers start to move data between geographically dispersed SANs. Users should view the ability to monitor and maintain QoS as absolutely essential on any storage routers they deploy.

Security is the other feature that often falls below users' radar. With one person managing the switches and storage in many environments and SANs deployed in physically secure environments, security often gets scant attention. But with the introduction of iSCSI SANs--along with consolidated servers and storage--the odds increase that the storage network will be compromised, either accidentally or intentionally.

To fortify against possible security intrusions, users can adopt a three-phase plan to protect their storage infrastructure. The first step is to develop and implement role-based user logins. Configuring the zoning, setting up VSANs, updating the code on the switches and managing VM functionality all may require different user permissions. Cisco offers

    Requires Free Membership to View

up to 64 different types of user roles on its OS to help ensure sufficient access security.

Authenticating servers as they log onto the FC fabric still receives little attention from users, but is on the road map of every switch vendor. Brocade and Cisco already support basic authentication methods like DHCHAP, but the next generation of security will expand to include RADIUS authentication. DHCHAP is a mandatory password-based, key-exchange authentication protocol that supports both switch-to-switch and host-to-switch authentication. RADIUS provides a higher level of security by maintaining a database of hosts authorized to log onto the SAN and what storage resources the hosts are authorized to access.

VSANs give users a glimpse into what their SAN infrastructures will transform into over the next couple of years. As different departments and even different companies look to share resources for purposes such as cost control and disaster recovery, this technology will gradually move up in importance. For now, users should keep abreast of this technology and look to incorporate it into their SAN infrastructure in 2005.

Storage routers
Researched by Robin Raulf-Sager.

This was first published in May 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: