|
QoS and security
David Stevens, CTO of Brocade's Transport Systems Group, says, "Quality of service in the network only matters when it costs money, otherwise users don't care." With 2Gb FC already commonplace, bandwidth plentiful in most environments and 4GB and 10Gb FC just around the corner, most storage managers place a low priority on the ability to route and manage traffic on their FC infrastructure. However, QoS becomes an important consideration when managers start to move data between geographically dispersed SANs. Users should view the ability to monitor and maintain QoS as absolutely essential on any storage routers they deploy.
Security is the other feature that often falls below users' radar. With one person managing the switches and storage in many environments and SANs deployed in physically secure environments, security often gets scant attention. But with the introduction of iSCSI SANs--along with consolidated servers and storage--the odds increase that the storage network will be compromised, either accidentally or intentionally.
To fortify against possible security intrusions, users can adopt a three-phase plan to protect their storage infrastructure. The first step is to develop and implement role-based user logins. Configuring the zoning, setting up VSANs, updating the code on the switches and managing VM functionality all may require different user permissions. Cisco offers up to 64 different types of user roles on its OS to help ensure sufficient access security.
Authenticating servers as they log onto the FC fabric still receives little attention from users, but is on the road map of every switch vendor. Brocade and Cisco already support basic authentication methods like DHCHAP, but the next generation of security will expand to include RADIUS authentication. DHCHAP is a mandatory password-based, key-exchange authentication protocol that supports both switch-to-switch and host-to-switch authentication. RADIUS provides a higher level of security by maintaining a database of hosts authorized to log onto the SAN and what storage resources the hosts are authorized to access.
VSANs give users a glimpse into what their SAN infrastructures will transform into over the next couple of years. As different departments and even different companies look to share resources for purposes such as cost control and disaster recovery, this technology will gradually move up in importance. For now, users should keep abreast of this technology and look to incorporate it into their SAN infrastructure in 2005.
| Storage routers |
 |
| Researched by Robin Raulf-Sager. |
|
