Those of you who have built and managed a Fibre Channel SAN (storage area network) know from experience that SANs are much like children. SANs are temperamental, they need a lot of attention, they grow right before your eyes, and they require a certain degree of preparation before they can be left alone.
No wonder so many SAN administrators cringe at thethought of connecting their Fibre Channel SANs directly to an IP network. The very idea of exposingyour precious, sheltered SAN to the anything-goes playground that is the Internet threatens to subvertall your SAN parenting, right?
Not so, says Cisco, who just rolled out a new storagerouter, model SN-5428, that provides isolated, direct,or networked storage a pathway to scale out onto an IP storage network. Unlike less sophisticated Fibre-to-IPbridges, Cisco's newest mix master is a full-blown switch.
But Cisco is underplaying the security threat presented by the 5428, claiming IP security technology exceeds that of Fibre. Well, maybe so, but that's a little unfair, because Fibre Channel typically finds its security through isolation.
Fibre networks are closed environments with normally only one or two secure gateways to the outside world.
By contrast, IP is potentially an open highway to the rest of the world. Although invaluable for sendingdata to a remote site, IP opens the door to all mannerof crooks, and most of us are aware that malicious pranks such as DoS (denial of service) or spoofingattacks can be disastrous.
Even more threatening is the possibility of unwanted disclosures made using an IP pathway to your storage.
Anybody capable of using a protocol analyzer and motivated enough to do so, can tap anywhere in thenetwork and steal information without leaving a trace.
So of course IP needs a truckload of well-developed security tools such as VPNs and authentication systems such as RADIUS to keep sinister minds away fromcorporate databases. Sound advice recommends encryption as the first line of defense against IP attacks, deployed as a mandatory shield for data moving outside, or even within, the local IP network.
But the truth is, even the toughest IP defense can be broken. However, it's important to remember that in most cases those break-ins happen because of lax security settings. You can throw every security feature in with the Lexus, but if you forget to lockthe doors, that's your problem, buster.
Adding another dose of sanity is the fact that storage over IP does not have to be as ubiquitously accessible as, say, a Web page. No one is going to find your payroll information using Google.
Compared to Fibre, IP is cheap and easy. But think about those two words before introducing IP to your beloved SAN.
Do you trust IP with your storage? E-mail us firstname.lastname@example.org and email@example.com.