ONLY CONNECT …From STORAGE Magazine
Vol 7, Issue 2 - March/April 2007 As networks have grown, both in size and complexity, security problems have become more prevalent and the risks involved in using a network have soared. Network Attached Storage NAS) and Storage Area Network (SAN) technologies have had a similar effect on storage. Indeed, storage devices are experiencing many of the problems other network devices do. Servers can now access hundreds, or even thousands, of storage devices and corrupt data on a scale not previously witnessed. The potential harm is multiplied by the high degree of connectivity that a modern storage infrastructure demands. So what are the best strategies for avoiding a connectivity disaster? How should they be implemented? And how do you make sure they are observed across the business? It's a complex challenge, as Ian Bond, consulting systems architect, Cisco Systems, points out. "One of the fundamental shifts in IT departments over the past five years has been the increasing use of networked data storage systems. The emergence of a networked storage architecture has delivered many benefits, not least the greater flexibility now available in the allocation of storage to application servers, but it has also brought with it a problem of how to protect the data in this open environment. "Traditionally, storage systems were considered secure, because access to data was limited to the owning application through physical separation - the application server and associated storage were in their own isolated environment, even when a storage network was employed. Now it is not uncommon to find a storage network that physically connects all servers and all storage devices in a data centre, and even spans across multiple data centres." What is clear is that, in order to prevent the data held on the many storage
volumes being vulnerable to corruption by malicious or accidental action from
any of the servers attached to the storage network, some form of segmentation of
the connectivity environment - with associated resource access controls - has to
be applied. "Virtual networks also have the benefit of selectively locking down operator privileges, using role-based authentication and minimising the possibility of misconfigurations having network-wide effects.” Further securing data to protect against corruption or illegal use falls into two areas: data in transit - ie, storage networking security - and data at rest, which is storage data security. "Many features enabling security in both these areas, including encryption of data in transit on both fibre channel and IP networks as well as the encryption of data on storage media, are now being delivered by storage technology vendors and should be included in any security policy as an extra line of defence," Bond adds. "The segmentation of physical storage connectivity, using virtual storage networks, retains the flexibility, high utilisation rate and speed of service delivery that are characteristic of the latest storage networks. “However, it also delivers the control of access to data that is necessary in a secure data centre environment. This can be backed up by encryption of data in transit and at rest to secure information access further." Scott K. Cleland, director of marketing, AMCC Storage, spotlights the way in
which the deployment of NAS and SAN-based storage technologies (including Fibre
Channel, SAS, and iSCSI), combined with the Serial ATA interface, have greatly
enhanced scalability and increased connectivity options for IT infrastructures.
Redundant Array of Independent Disks (RAID) technology, deployed by a true hardware-based RAID controller, is the data protection lynchpin in serious storage implementations, he argues. Common RAID levels include 0, 1, 5, 6, 10, and 50, with each level offering unique data protection and performance attributes. Until recently, RAID 5, which protects data in the event of a single drive failure with a single parity calculation, was the bellwether for combining fault tolerance and performance in high-end systems. But now, states Cleland, "RAID technology pioneers like AMCC Storage have upped the ante with the introduction of RAID 6, the poster child for maximum data protection. RAID 6 eliminates the risk of data loss, if a second hard disk drive fails or an unrecoverable read error occurs while the RAID array is rebuilding. “In a RAID 6 enabled system, a second set of parity is calculated, written and distributed across all the drives. This second parity calculation provides significantly more robust fault tolerance, because two drives can fail without resulting in data loss. “AMCC's 3ware RAID controllers take RAID 6 performance to unmatched heights by uniquely making both parity calculations simultaneously." RAID 6 certainly represents a sea change in the RAID landscape. It provides the industry with higher levels of data protection, data availability and fault tolerance than RAID 5. "By assuring data availability following a second drive failure, users can rest assured that they are enjoying maximum data protection, both in normal and degraded modes," he adds. And, with RAID 6 enabled 3ware controll- ers, RAID 6 will not cripple performance. Yet it is also important to bear in mind that RAID 6 does not come without costs. RAID 6 requires the equivalent capacity of two drives in the array to be dedicated to storing only parity information. Furthermore, most RAID 6 systems carry a heavy write performance burden, due to the additional parity calculation and the additional memory interrupts. According to Cleland, "AMCC's simult- aneous parity calculations mitigate these performance impediments to provide the fasted RAID 6 solution available. Today's advanced hardware RAID capabilities allow applications requiring sophisticated connectivity expanded scalability and the highest levels of sustained performance, without being burdened by system IO overhead." ST |
|
The products referenced in this site are
provided by parties other than BTC. BTC makes no representations regarding
either the products or any information about the products. Any questions,
complaints, or claims regarding the products must be directed to the appropriate
manufacturer or vendor. Click here for usage terms
and conditions.
©2006 Business and Technical Communications Ltd. All rights
reserved. |