Today, these same enterprises are fortifying the security of their SANs. A multi-layered approach to SAN security – taking advantage of innovations in the most demanding Recovery Time and Recovery Point objectives (RTO and RPO) will seek an advanced scenario in which business operations can shift to backup servers at a different location, with users never noticing failure of the primary data center. For this type of business-continuity service (such as Mainframe Geoplex Clustering and Open Systems Clustering), distributed central processing units are interlinked and in a single logical server performing non-stop, redundant synchronization. Runtime-sensitive protocols such as Geographically Dispersed Parallel Sysplex, Fiber Connection (FICON), ESCON, Coupling Link, Sysplex Timer and others have high bandwidth (several terabits per second) and low latency requirements, and only protocol-agnostic, WDM-enabled optical networks are up to the job.
An enterprise with a less-demanding RTO (the amount of time an enterprise deems it can afford to go without access to its information resources) might instead deploy a disaster-recovery solution in which ESCON, FICON and Fibre Channel applications perform disk mirroring between data centers separated by up to several hundred miles. Depending on the RTO, the enterprise could choose to perform mirroring over fiber or legacy Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) links; or, when RTO can be measured in hours or days, sites could be connected in point-to-point or ring networks spanning considerable distances in a remote-backup service.
With the bandwidth power and protocol flexibility of WDM-enabled optical networks, today’s state-of-the-art SAN connectivity solutions deliver unprecedented capabilities. Where, for example, executing a 60-terabyte data recovery across a single STM-1/OC-3 connection once might have required 45 days or more, the same exercise can be undertaken in 15 minutes with a 64-channel, carrier-class Dense WDM (DWDM) platform supporting 10Gbit/s Fibre Channel transmission.
Eliminating the Risks
Because of the business value of these services, the volume of sensitive data that is networked and distributed has never been greater. Now the security of this SAN traffic is coming under heightened scrutiny.
Here again, government regulations are influencing the priorities of enterprises considering infrastructure decisions. Government concern about the security of networked personal, financial and medical information has spawned the Sarbanes-Oxley Act, Graham-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), California’s Information Privacy Act and other regulations. In some cases, the threatened penalties of regulations are stiff for both a violating enterprise and even individual executives within that organization, so the pressure is intense to demonstrate reasonable and acceptable due diligence that data is protected from rogue access in the data center or while in transit for mirroring from one site to another.
Enterprises are achieving the high degree of security they require by employing layer defense. Physical, access and zoning controls form an important foundation. Additional mechanisms must be utilized to achieve truly secure SAN extension for real-time storage applications.