2. The management server
3. The management client residing in the managed storage entity It is important to evaluate the security of management data while in store or in transit among the above three components. There are multiple ways in which management data may be transported. It may be over a browser-based exchange, a client-server protocol, a command-line based exchange over TCP/IP or over SNMP. Any browser-server-based exchange must use traditional security protocols such as SSL (Secure Sockets Layer) or TLS (Transport Layer Security). For a client-server model, the two endpoints should deploy a security scheme using access controls and encryption schemes. Alternatively, an SSL toolkit may be implemented that will present APIs to secure the traffic between the endpoints. For traffic using TCP/IP, SSH (Secure Shell) is a commonly available technology. SNMP was originally designed with little or no security. SNMP version 2 provides security, but has not been widely deployed by major vendors. More importantly, it is critical that you implement appropriate policies and practices for your storage management network. For example, a storage management network should not be connected to other corporate LANs or management LANs. Any such access may compromise the security of your stored data. Storage networks may be managed by implementing either in-band or out-of-band scheme. Finally, there is significant work underway at SNIA on an extensible interface for storage management. SNIA is working on SMI (Storage Management Initiative) is the storage piece of the CIM (Common Information Model). SMI security is being developed by SNIA.