Overview of SAN Operations

Organizations are producing ever-increasing amounts of data. A storage-area network (SAN) is an effective means to allow them to store and access this data in a secure fashion This section examines the fundamentals of SAN operation and describes the technology behind these focused networks. It also examines attacks focused on SANs and discusses their defense.

Fundamentals of SANs

With ever-increasing storage needs, many organizations are moving away from traditional file servers to more sophisticated SAN solutions that are made up of a specialized network that enables fast, reliable access among servers and external storage resources. No longer is the storage device the exclusive property of a given server; instead, in a SAN solution, storage devices are shared among all networked servers as peer resources. In much the same way that a LAN is used to connect clients to servers, a SAN may be used to connect servers to storage, servers to each other, and storage to storage. Figure 8-1 shows a SAN in a basic network topology.

Figure 8-1 Storage-Area Network (SAN)

Figure 8-1 Storage-Area Network (SAN)

a. a. a a

A SAN doesn't need to be a physically separate network. The SAN can be implemented on a dedicated subnet built to carry only business-critical I/O traffic between servers and storage devices. The subnet where the SAN resides would not be burdened with general-purpose traffic such as e-mail or database access. Instead, it would be limited to I/ O traffic, such as reading a file from a disk or writing a file to a disk.

Traditional LANs with file servers suffer performance hits as they share the network with general network traffic. Taking the approach described here allows you to increase efficiency and drive down access time for clients. These areas are compromised when you use a single network for all applications.

Organizational Benefits of SAN Usage

Whenever a network or server is unavailable, companies suffer a loss both in terms of productivity and potentially in revenue. This makes it critical that data storage be highly available. At the same time, the amount of data that needs to be managed and stored is increasing significantly each year.

Compared to traditional file server solutions, SANs offer an effective means to deal with this ever-increasing amount of data, while helping ensure its ongoing availability. An added benefit of implementing a SAN is that you can offload storage-related data traffic from your daily network operations. By establishing a direct connection between your storage media and servers, you see an increase in performance as well.

For many organizations, incorporating SANs in their enterprise infrastructure allows them to meet three primary business requirements:

■ Effectively meet changing business priorities, application requirements, and revenue

■ Increase performance of long-distance replication, backup, and recovery to meet regulatory requirements as well as industry best practices

■ Decrease both capital and operating expenses associated with data storage

Cisco offers an enterprise-wide approach to deploying scalable, highly available, and more easily administered SANs to meet these requirements for the enterprise. Figure 8-2 shows SAN usage in the enterprise.

Figure 8-2 SAN in the Enterprise

Figure 8-2 SAN in the Enterprise

Network Attached Storage Devices

Cisco offers solutions for intelligent SANs that are designed to be an integral part of an enterprise data center architecture. This provides a better way to access, manage, and protect growing information resources. The Cisco SAN solution provides access across a consolidated Fibre Channel, Fibre Channel over IP (FCIP), Internet Small Computer Systems Interface (iSCSI), Gigabit Ethernet, or optical network for improved performance and access.

Understanding SAN Basics

The Small Computer Systems Interface (SCSI) communications model serves as the basis for all the major SAN transport technologies. In fact, many might say that a SAN can best be described as the merging of SCSI and networking. This combination makes for the fast, reliable data access and storage that today's enterprise networks need. Table 8-2 describes the three major SAN transport technologies.

Table 8-2 SAN Transport Technologies

SAN Transport Technology


Fibre Channel

Represents the primary SAN transport used for host-to-SAN connectivity.


A host-to-SAN connectivity model generally employed in the LAN to map SCSI over TCP/IP.


Represents a SAN-to-SAN connectivity model frequently used in WAN or metropolitan-area network (MAN) implementations.

Fundamentals of SAN Security

With more and more critical data created each business day, and that data now residing on a SAN, security is a top concern. Securing your SAN solution calls on the processes and solution features that protect the integrity and availability of data stored on storage networks. Providing a comprehensive SAN security solution involves four key aspects:

■ Centralized authentication, authorization, and logging of all changes via secure roles- ,-

1 1 " " i Key based management i Topic

■ Centralized authentication of devices connected to the network, ensuring that only authorized devices may be connected

■ Secure transmission and receipt of data through traffic isolation and access controls, which ensure protection from activities of other devices in the network

■ Full encryption of all data leaving the storage network for business continuance, remote vaulting, and backup. Figure 8-3 shows aspects of SAN security.

Figure 8-3 Securing the SAN

Securing a Storage Area Network

0 0

Post a comment