Pacific West’s Engineers have been implementing Storage Area Networking (SAN) solutions at our client locations in North America and all around the world. The explosion of data created by the businesses of today and the need to effectively manage this data and the secured access to the same is making SAN a strategic investment priority for companies of all sizes. Some of our Fortune 1000 clients responding to a survey ranked SAN solutions as their # 2 project priority in 2008 and also emphasized that this will continue to grow in the coming years. Our own research predicts that the average data growth rate for companies will increase more than 600 percent between 2008 and 2010.
What is SAN?
SAN can be described as a special-purpose high speed network on fiber optic cables that is used to
- Interconnect Disk and or Tape storage devices with Servers to store and to retrieve data
- Move the data between the Servers and the Storage devices
SAN solutions are increasingly complex. Larger SAN configurations
are becoming more and more common. While SAN certainly provides many benefits
over direct attach storage, the big issue is how to manage this complexity.
Well, it can be managed by Zoning.
^Top
Zoning
A storage fabric can have many devices and hosts attached
to it. With all of the data stored in a single, ubiquitous cloud of storage,
controlling which hosts have access to what data is extremely important. It is
also important that the security mechanism be an end-to-end solution so that badly
behaved devices or hosts cannot circumvent security and access unauthorized
data.
Zoning is a mechanism, implemented at the switch level,
which provides an isolation boundary. A port (either host adapters or storage
controller ports) can be configured as part of a zone. Only ports in a given
zone can communicate with other ports in that zone. The zoning is configured
and access control is implemented by the switches in the fabric, so a host
adapter cannot spoof the zones that it is in and gain access to data for which
it has not been configured.
In Figure above, hosts A and B can access data from
storage controller S1, while host C cannot, as it is not in Zone A. Host C can
access data from storage S2.
Many switches today allow overlapping zones. This enables
a storage controller to reside in more than one zone, thus enabling the devices
in that controller to be shared amongst different servers in different zones,
as shown in Figure 14 below. Finer granularity access controls are required to
protect individual disks against access from unauthorized servers in this
environment.
Zoning can be implemented in either hardware or software.
Hardware zoning is done by the ASIC in the switch ports themselves. Every
packet is checked at line speed to ensure that it is authorized. Software
zoning is done by the name server or other fabric access software. When a host
tries to open a connection to a device, access controls can be checked at that
time.
^Top
Storage controller in multiple zones
Zoning is an extremely important concept. Not only is it a
security feature, but it also limits the traffic flow within a given SAN
environment. Traffic (I/O requests and other storage requests) between ports is
only routed to those pieces of the fabric that are in the same zone. Typically
with modern switches, as new switches are added to an existing fabric, the new
switches are automatically updated with the current zoning information.
I/Os (either read/write or such things as device reset or
LIP) from hosts or devices in a fabric cannot "leak" out and affect other zones
in the fabric causing "noise" or "cross-talk" between zones. As we shall see,
this is fundamental to deploying Server clusters on a SAN.
^Top
Fine-Grain Security and Access Control
While zoning provides a high-level security infrastructure
in the storage fabric, it does not provide the fine-grain level of access
control needed for large storage devices. In a typical environment, a storage
controller may have many gigabytes or terabytes of storage to be shared amongst
a set of servers.
Storage controllers typically provide LUN-level access
controls that enable an administrator to restrict access to a given LUN to one
or more hosts. By providing this access control at the storage controller, the
controller itself can enforce access policies to the data.
LUN masking is a host-based mechanism that .hides.
specific LUNs from applications. Although the host bus adapter and the lower
layers of the operating system have access to and could communicate with a set
of devices, LUN masking prevents the higher layers from knowing that the device
exists and therefore applications cannot
use those devices. LUN masking is a policy-driven software security and access
control mechanism enforced at the host. For this policy to be successful, the
administrator has to trust the drivers and the operating systems to adhere to
the policies.
^Top
Why SAN?
Some of the reasons for the rise of SAN solutions:
- SAN
addresses the bandwidth bottlenecks associated with traditional LAN based
server storage and the scalability limitations found with SCSI bus based
implementations
- SAN
provides modular scalability, high-availability, increased fault tolerance and
centralized storage management essential for an effective Disaster Recovery and
Business Continuity plan
- SAN
provides serverless backup or 3rd Party Copying, allowing a disk storage device
to copy data directly to a backup device across the high-speed links of the SAN
without any intervention from a server. Data is kept on the SAN, which means
the transfer does not pollute the LAN, and the server processing resources are
still available to client systems
^Top
Who is investing in SAN?
Banking & Financial Services:
- With ongoing global consolidation and a stringent regulatory environment, financial services will continue to push storage capacities to the limit, investing in disaster recovery and data-storage solutions to remain competitive and compliant
Health Care:
- Health Care organizations have an identified need for SAN solutions to manage their huge data storage needs - electronic patient records, medical imaging, and to maintain compliance with HIPPA regulations
- US federal government has mandated that the full transition to universal electronic health records be completed by 2014 necessitating the necessary compliant infrastructure provided by a robust SAN configuration
^Top
What is the Future of SAN?
- On the emerging storage technologies front, as the price drops for solid state hard drives, we expect to see more storage systems that take advantage of the greater speed and Input/Output operations Per Second (IOPS) of such hard drives
- Companies are beginning to offer storage as a service that rivals an organization.s own internal data-storage capabilities
- Many organizations are, in turn, beginning to outsource their data-storage needs. This trend, we are hoping, will gain momentum, along with the adoption of increased bandwidth
^Top
|
