Constructing Secure Storage Area Networks
by Todd Bundy - Director of Business Development and Alliances, ADVA Optical Networking - Wednesday, 13 September 2006.
Increasingly concerned about the availability of their business data, many enterprises over the last five years have implemented sophisticated storage area networks (SANs). With metro optical networks cost-effectively satisfying the huge bandwidth requirements, services such as business continuity and disaster recovery have helped enterprises avoid costly network downtime, improve corporate resource utilization and efficiently manage growing amounts of data.

Today, these same enterprises are fortifying the security of their SANs. A multi-layered approach to SAN security Ė taking advantage of innovations in the most demanding Recovery Time and Recovery Point objectives (RTO and RPO) will seek an advanced scenario in which business operations can shift to backup servers at a different location, with users never noticing failure of the primary data center. For this type of business-continuity service (such as Mainframe Geoplex Clustering and Open Systems Clustering), distributed central processing units are interlinked and in a single logical server performing non-stop, redundant synchronization. Runtime-sensitive protocols such as Geographically Dispersed Parallel Sysplex, Fiber Connection (FICON), ESCON, Coupling Link, Sysplex Timer and others have high bandwidth (several terabits per second) and low latency requirements, and only protocol-agnostic, WDM-enabled optical networks are up to the job.

An enterprise with a less-demanding RTO (the amount of time an enterprise deems it can afford to go without access to its information resources) might instead deploy a disaster-recovery solution in which ESCON, FICON and Fibre Channel applications perform disk mirroring between data centers separated by up to several hundred miles. Depending on the RTO, the enterprise could choose to perform mirroring over fiber or legacy Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) links; or, when RTO can be measured in hours or days, sites could be connected in point-to-point or ring networks spanning considerable distances in a remote-backup service.

With the bandwidth power and protocol flexibility of WDM-enabled optical networks, todayís state-of-the-art SAN connectivity solutions deliver unprecedented capabilities. Where, for example, executing a 60-terabyte data recovery across a single STM-1/OC-3 connection once might have required 45 days or more, the same exercise can be undertaken in 15 minutes with a 64-channel, carrier-class Dense WDM (DWDM) platform supporting 10Gbit/s Fibre Channel transmission.

Eliminating the Risks

Because of the business value of these services, the volume of sensitive data that is networked and distributed has never been greater. Now the security of this SAN traffic is coming under heightened scrutiny.

Here again, government regulations are influencing the priorities of enterprises considering infrastructure decisions. Government concern about the security of networked personal, financial and medical information has spawned the Sarbanes-Oxley Act, Graham-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), Californiaís Information Privacy Act and other regulations. In some cases, the threatened penalties of regulations are stiff for both a violating enterprise and even individual executives within that organization, so the pressure is intense to demonstrate reasonable and acceptable due diligence that data is protected from rogue access in the data center or while in transit for mirroring from one site to another.

Enterprises are achieving the high degree of security they require by employing layer defense. Physical, access and zoning controls form an important foundation. Additional mechanisms must be utilized to achieve truly secure SAN extension for real-time storage applications.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th