This article can also be found in the Premium Editorial Download "Storage magazine: Tips for lowering the cost of storage support contracts."
Download it now to read this article plus other related content.
So if iSCSI has so many security features, why do so many people ask about security? The reason is that iSCSI is much more accessible than previous storage protocols. Ethernet hardware and IP support have become ubiquitous, both inside and outside the data center. The technology uses common protocols and is supported by the majority of OSes available today. This means there are millions of people who could theoretically try their hand at breaking into an iSCSI SAN.
This accessibility is also a blessing for iSCSI. On the positive side, there's a lot more understanding and acceptance of its basic concepts vs. Fibre Channel (FC). There's also a legion of trained network engineers who have the skills to build a secure network for iSCSI to run on. Technologies like Challenge-Handshake Authentication Protocol (CHAP), Remote Authentication Dial-In User Service (RADIUS), VPN and IPsec have proven to be powerful and reliable over a decade of widespread use. This stands in contrast to the arcane security features, most of which are rarely used, offered by FC storage device vendors. "Our iSCSI SAN is definitely more secure because of our previous experience with IP and Ethernet," says Ron Braden, IT director for the Town of Vail, CO. "Building a secure IP network is second nature to us."
A secure system addresses data confidentiality, integrity and availability. Most people begin with confidentiality. But availability is equally important and probably accounts for more
This was first published in May 2007