Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
STORAGE AREA NETWORK (SAN) & SECURITY Presented By Santhosh Kumar.M 07030242024
Agenda <ul><li>Introduction </li></ul><ul><li>SAN Architecture </li></ul><ul><li>Fibre Channel & IP SAN </li></ul><ul><li>...
Enterprise Data Storage Growth <ul><li>30% annual growth </li></ul><ul><ul><li>Last 3 years </li></ul></ul><ul><ul><li>$5....
Storage Models DAS  SAN NAS
What is a SAN? <ul><li>“A storage area network (SAN) is a network designed </li></ul><ul><li>to attach computer storage de...
Need for SAN in Business <ul><li>Storage Area Network’s  </li></ul><ul><ul><li>Provide High Availability </li></ul></ul><u...
Importance of SAN in Business <ul><li>Research shows that as much as 70% of storage was networked in 2006 </li></ul>McNama...
SAN Architecture <ul><li>Server Layer </li></ul><ul><ul><li>NT Server </li></ul></ul><ul><ul><li>Unix Server </li></ul></u...
Fibre Channel (FC) <ul><li>Fibre Channel is a technology standard for transferring data </li></ul><ul><li>At extremely hig...
Fibre Channel Topologies <ul><li>Fibre Channel based SAN support three types of topologies </li></ul><ul><ul><li>Point-to-...
Point-to-Point <ul><li>100MByte/s per connection </li></ul><ul><li>Just defines connection between storage system & host <...
Arbitrated Loop <ul><li>Each port arbitrates for access to the loop </li></ul><ul><li>Ports that lose the arbitration act ...
Arbitrated Loop with Hub Hubs make a loop look like a series of point to point connections. Addition and deletion of nodes...
Switched Fabric Fabrics  are composed of one or more switches.  They enable Fibre Channel networks to grow in size. 1 2 3 ...
IP SAN - iSCSI <ul><li>IP SAN is the Storage Area Network transmitting thro data  TCP / IP protocols </li></ul><ul><li>IP ...
iSCSI – IP SAN     Fibre Channel <ul><li>IP SAN offers slower throughput than a FC SAN </li></ul><ul><li>IP SAN is more ...
SAN Security Landscape <ul><li>SANs are evolving in parallel paths that LANs have evolved </li></ul><ul><li>Security was n...
Why SAN Security? <ul><li>SAN contains an organizations most critical data </li></ul><ul><li>Importance of this data is si...
Common Security Issues <ul><li>Poor administration of the storage network. </li></ul><ul><li>Lack of a comprehensive secur...
IP SAN - Security <ul><li>iSCSI is a internet protocol standards are officially Uses IP network security, particularly IPS...
Fibre Channel Security <ul><li>Fibre Channel Authentication Protocol (FCAP) </li></ul><ul><li>Zoning </li></ul><ul><ul><li...
Other Security Issues <ul><li>Locking Down E_Ports </li></ul><ul><li>Physical Access </li></ul><ul><li>Remote Access </li>...
SAN Security Vendors <ul><li>McData SANtegrity Security Suite Software </li></ul><ul><li>Brocade Secure Fabric OS </li></u...
SAN Standards & Organizations <ul><li>Storage Networking Industry Association </li></ul><ul><li>Fibre Channel Industry Ass...
SAN Best Practices <ul><li>“ Storage Security Best Current Practices developed by Storage Networking Industry Association ...
SAN Checklist
Conclusion <ul><li>Future of SAN </li></ul><ul><ul><li>Integration of SAN’s into Mainstream Networking </li></ul></ul><ul>...
References <ul><li>SAN Security </li></ul><ul><li>www.sansecurity.com </li></ul><ul><li>Storage Networking Industry Associ...
 
Upcoming SlideShare
Loading in …5
×

Storage Area Network (San)

27,918 views

Published on

A brief study on Storage Area Network (SAN), SAN architecture &amp; its importance. It focuses on the techniques and the technologies that have evolved around SAN &amp; its Security.

Published in: Technology

Storage Area Network (San)

  1. 1. STORAGE AREA NETWORK (SAN) & SECURITY Presented By Santhosh Kumar.M 07030242024
  2. 2. Agenda <ul><li>Introduction </li></ul><ul><li>SAN Architecture </li></ul><ul><li>Fibre Channel & IP SAN </li></ul><ul><li>SAN Security </li></ul><ul><li>IP SAN & Fibre Channel Security </li></ul><ul><li>SAN Standards & Organization </li></ul><ul><li>SAN Best Practices & Checklist </li></ul><ul><li>Conclusion </li></ul>
  3. 3. Enterprise Data Storage Growth <ul><li>30% annual growth </li></ul><ul><ul><li>Last 3 years </li></ul></ul><ul><ul><li>$5.3 billion market by 2005 </li></ul></ul><ul><li>Largest component of hardware budget </li></ul><ul><ul><li>18% of total I.T. budget </li></ul></ul><ul><ul><li>60% of hardware budget </li></ul></ul><ul><ul><ul><ul><ul><li>Separate LAN/SAN spending strategies </li></ul></ul></ul></ul></ul>
  4. 4. Storage Models DAS SAN NAS
  5. 5. What is a SAN? <ul><li>“A storage area network (SAN) is a network designed </li></ul><ul><li>to attach computer storage devices such as disk array </li></ul><ul><li>controllers and tape libraries to servers.” - Wikipedia, </li></ul><ul><li>the free encyclopedia (2005) </li></ul>
  6. 6. Need for SAN in Business <ul><li>Storage Area Network’s </li></ul><ul><ul><li>Provide High Availability </li></ul></ul><ul><ul><li>Improve Data Storage Management & Reduce Cost </li></ul></ul><ul><ul><li>Enable Efficient Hardware Deployment & Utilization </li></ul></ul><ul><ul><li>Enable Storage Virtualization </li></ul></ul><ul><ul><li>Improve Data Backup Efficiency & Availability </li></ul></ul>
  7. 7. Importance of SAN in Business <ul><li>Research shows that as much as 70% of storage was networked in 2006 </li></ul>McNamara (2005) reports, “SANs…have proven to reduce management costs as a percentage of overall storage costs.”
  8. 8. SAN Architecture <ul><li>Server Layer </li></ul><ul><ul><li>NT Server </li></ul></ul><ul><ul><li>Unix Server </li></ul></ul><ul><ul><li>Database Server </li></ul></ul><ul><li>Fabric Layer </li></ul><ul><ul><li>Fibre Channel Switch </li></ul></ul><ul><ul><li>Fibre Channel Bridges </li></ul></ul>
  9. 9. Fibre Channel (FC) <ul><li>Fibre Channel is a technology standard for transferring data </li></ul><ul><li>At extremely high speeds – upto 10 Gbps or even more </li></ul><ul><li>Fibre Channel is broken up into a series of five layers </li></ul>
  10. 10. Fibre Channel Topologies <ul><li>Fibre Channel based SAN support three types of topologies </li></ul><ul><ul><li>Point-to-Point </li></ul></ul><ul><ul><li>Arbitrated Loop </li></ul></ul><ul><ul><li>Switched Fabric </li></ul></ul><ul><li>These can be standalone or interconnected to form a fabric </li></ul>
  11. 11. Point-to-Point <ul><li>100MByte/s per connection </li></ul><ul><li>Just defines connection between storage system & host </li></ul>
  12. 12. Arbitrated Loop <ul><li>Each port arbitrates for access to the loop </li></ul><ul><li>Ports that lose the arbitration act as </li></ul><ul><li>repeaters </li></ul>Single Loop Data flows around the loop, passed from one device to another Dual Loop Some data flows through one loop while other data flows through the second loop
  13. 13. Arbitrated Loop with Hub Hubs make a loop look like a series of point to point connections. Addition and deletion of nodes is simple and non-disruptive to information flow. 1 2 3 4 HUB
  14. 14. Switched Fabric Fabrics are composed of one or more switches. They enable Fibre Channel networks to grow in size. 1 2 3 4 SWITCH Switches permit multiple devices to communicate at 100 MB/s, thereby multiplying bandwidth 1 2 3 4 SWITCH
  15. 15. IP SAN - iSCSI <ul><li>IP SAN is the Storage Area Network transmitting thro data TCP / IP protocols </li></ul><ul><li>IP SAN is the high-efficient and point-to-point storage solution </li></ul><ul><li>iSCSI is a internet protocol standards are officially ratified by Internet Engineering Task Force, IETF </li></ul>
  16. 16. iSCSI – IP SAN  Fibre Channel <ul><li>IP SAN offers slower throughput than a FC SAN </li></ul><ul><li>IP SAN is more cost – effective than FC SAN </li></ul><ul><li>IP SAN considered an alternative for costlier FC SAN </li></ul>
  17. 17. SAN Security Landscape <ul><li>SANs are evolving in parallel paths that LANs have evolved </li></ul><ul><li>Security was not an issue in the early days of LANs either until… </li></ul><ul><li>Historically, security administrators & storage administrators have not considered storage and SANs </li></ul>“ There is a gap between storage and security “
  18. 18. Why SAN Security? <ul><li>SAN contains an organizations most critical data </li></ul><ul><li>Importance of this data is simply too high to ignore security – even if the risk is perceived to be low </li></ul><ul><li>The biggest threats to a SAN are from insiders – malicious or otherwise </li></ul><ul><li>Also Legislation and compliances like HIPAA, PCI – DSS, Sarbanes – Oxley Act (SOX) and Data Protection ACT (DPA) drive an organization to address SAN security </li></ul>
  19. 19. Common Security Issues <ul><li>Poor administration of the storage network. </li></ul><ul><li>Lack of a comprehensive security policy. </li></ul><ul><li>Absence of vulnerability analysis during the design and construction phase of the SAN. </li></ul>
  20. 20. IP SAN - Security <ul><li>iSCSI is a internet protocol standards are officially Uses IP network security, particularly IPSec </li></ul><ul><li>Key standards in IPSec that iSCSI will take advantage of are </li></ul><ul><ul><li>Authentication Headers (AH) - authenticates the original connection </li></ul></ul><ul><ul><li>Internet Key Exchange (IKE) - mutual authentication process for duration of connection </li></ul></ul><ul><ul><li>Encapsulating Security Protocol (ESP) - encrypts layer 4 and above data </li></ul></ul><ul><ul><li>iSCSI transmission can take advantage of VPNs and firewalls also </li></ul></ul>
  21. 21. Fibre Channel Security <ul><li>Fibre Channel Authentication Protocol (FCAP) </li></ul><ul><li>Zoning </li></ul><ul><ul><li>Soft Zoning </li></ul></ul><ul><ul><li>Hard Zoning </li></ul></ul><ul><li>LUN Masking </li></ul><ul><li>Persistent & Port Binding </li></ul>
  22. 22. Other Security Issues <ul><li>Locking Down E_Ports </li></ul><ul><li>Physical Access </li></ul><ul><li>Remote Access </li></ul>
  23. 23. SAN Security Vendors <ul><li>McData SANtegrity Security Suite Software </li></ul><ul><li>Brocade Secure Fabric OS </li></ul><ul><li>Hifn 4300 HIPP III Storage Security Processor </li></ul><ul><li>HP StorageWorks Secure Fabric OS </li></ul><ul><li>Decru Dataform Security Appliances </li></ul><ul><li>Kasten Chase Assurency </li></ul>
  24. 24. SAN Standards & Organizations <ul><li>Storage Networking Industry Association </li></ul><ul><li>Fibre Channel Industry Association </li></ul><ul><li>SCSI Trade Association </li></ul><ul><li>International Committee for Information Technology Standards </li></ul><ul><li>INCITS Technical Committee T11 </li></ul><ul><li>Information Storage Industry Consortium </li></ul><ul><li>Storage Security Industry Forum (SSIF) </li></ul>
  25. 25. SAN Best Practices <ul><li>“ Storage Security Best Current Practices developed by Storage Networking Industry Association (SNIA)” </li></ul>
  26. 26. SAN Checklist
  27. 27. Conclusion <ul><li>Future of SAN </li></ul><ul><ul><li>Integration of SAN’s into Mainstream Networking </li></ul></ul><ul><ul><li>Virtualization </li></ul></ul><ul><ul><li>Human Factors </li></ul></ul>
  28. 28. References <ul><li>SAN Security </li></ul><ul><li>www.sansecurity.com </li></ul><ul><li>Storage Networking Industry Association </li></ul><ul><li>www.snia.org </li></ul><ul><li>Introduction to Storage Security - A SNIA Security White Paper, October 14, 2005 </li></ul><ul><li>SAN Security Whitepaper by Santhosh Kumar.M </li></ul><ul><li> http://www.whitepapers.org/docs/show/1739 </li></ul>

×