The road to practical SAN security


This article can also be found in the Premium Editorial Download "Storage magazine: Managing data storage for remote employees."

Download it now to read this article plus other related content.

NetOctave, in Morrisville, NC, which has been developing SSL and IPsec security solutions for networking, is now working on specialized silicon to handle the processing of IPsec for IP storage protocols. According to NetOctave's marketing manager Dave Mountain, "Our ideal customer is someone who is building a host bus adapter or initiator or target device, that's an endpoint before it hits the public Internet." The company's focus is on low-cost IPsec silicon which can be incorporated into other companies' iSCSI hardware.

Similarly, security vendor Hifn and network processor firm Trebia, Acton, MA, have teamed up to create a security solution which the companies are also trying to sell to OEMs to support IPsec. Brendon Howe, Trebia's Product Marketing Manager, says, "Our storage processor products range from sub $100/port to over $200/port, depending on feature set and configuration."

Companies are also trying to develop appliances called storage firewalls that provide the security functionality to the network. Vormetric, San Jose, CA, is working on storage security appliances that encrypt data. According to Phil Grasso, co-founder and VP of Marketing at Vormetric, their device attaches to an IP network in front of an IP file server, encrypting storage data at wire-speed. Vormetric is targeting beta deployments to potential customers in Q3. Cylink, Santa Clara, CA, an existing provider of IPsec VPN solutions for IP networks, has recently qualified its standalone security

Requires Free Membership to View

appliance for encrypting data sent via FCIP, iFCP and iSCSI, and is targeted at securing long-distance links between SANs.

Waiting for the market
The biggest issue which faces companies in the security space is gauging how interested users really are in security and how much they're willing to pay for these solutions. GlaxoSmithKline's Hall says, "From a security standpoint, we need to isolate our FC-SAN from the rest of the LAN/WAN environment." He adds that "we're using security features that are built into our storage products, and are not currently looking at other layered security products for the FC-SANs."

Doug Ingraham, manager of product marketing for Cisco's Storage Router Business Unit, says that in the current data center networks, "Grand security requirements are not a product requirement," because those networks are adequately protected behind corporate firewalls. In fact, he says, "Our customers are happy with a subset of security features they already have."

Other vendors also echo this theme. Brocade's Kavianian reports that the company has had several beta sites for its Secure Fabric OS, and a few licenses have shipped already, but only expects volume deployment when they add security capabilities to their 2G hardware.

Trebia's Howe says, "Based on our customer experience to date, the biggest problem that needs to be solved is to somehow develop a system-level strategy to support a secure IP storage infrastructure. Customers are asking how security, as a policy, fits into the overall SAN infrastructure."

And in an era of tight budgets, customers are also concerned about the cost of adding additional security. NetOctave's Ardini says, "Providing IPSEC functionality in storage has very serious cost constraints. Storage security must be inexpensive and cost effective."

Cisco's Ingraham agrees, saying that in the short term, "putting IPsec in all of the [iSCSI] endpoints is going to make all the endpoints too expensive. Once IPsec is running in ASICs and doesn't substantially increase the product's cost, it will be great." However, he adds, "today, we must be careful not to put things into product that won't meet the needs of the marketplace."

Requirement for the future
Despite the hazy outlook for when the market for security will develop, vendors and users agree that security is becoming much more important. In particular, as storage networks grow out of the data center and into larger, global networks, security is sure to become a key part of the solution. Brocade's Kavianian says, "Users wouldn't put a LAN in place without a good security solution. They want security in place on their storage networks as well."

USinternetworking's Guethlein sums it up succinctly: "Security on our Ethernet network is controlled very tightly with VLANs, and more - managing security at the storage network level is next on our to-do list."

This was first published in September 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: