Storage Area Networks: The New Challenge After Networking

 

26 June 2009

Storage networks provide information storage over long periods of time. This means storage networks make a large contribution to knowledge management, but the challenges are enormous: the quantities of data increase, as do the threats in cyberspace. Connections between and within storage networks must be protected accordingly.

Take any project: the transfer of knowledge between decentralised project officers and central storage systems plays an important role in a lean, effective and efficiently run organisation. All those working on the project can have rapid access to all project information on their knowledge platform.

Frequently used applications are integrated on a portal, for example on the intranet. The user only needs to be authenticated once and, thanks to this "single sign-on" function, can then work with the programs and databases that are needed every day. The main aim is to provide structured information, documents and tools across departments and authorities to make information and experience available quickly and simply to all those working on the project.

No distinction between public and sensitive information

But what about information security en route to the storage network? There is a round-the-clock gigabyte throughput of data into the storage network. Sooner or later, sensitive information will arrive at the destination for storage, wittingly or unwittingly. The administrator no longer has the information off-site completely under control, especially in the case of connections to the central storage network over great distances and also recently with transfer using Internet Protocol (IP).

The familiar threats of cyberspace apply. Even the huge data streams of 10GB per second do not provide any protection against data analysis. The information can be filtered out precisely and with bit-level accuracy using freely available sniffers.

In SAN infrastructures, the Fibre Channel (FC) protocol is common as a transport protocol in larger systems. It is distinguished by a simple structure (no instruction set of its own), is robust in operation and guarantees a high data throughput (common levels are 2Gbit/s, 4Gbit/s, 8Gbit/s).

Physical separation from the normal ICT infrastructure provides a certain amount of protection but, in general, attacks on data links on transport routes outside protected zones cannot be prevented – encryption is essential here. FC components tend to be expensive because of the small quantity.

For small- and medium-sized organisations with low data traffic, other common data protocols such as IP and Ethernet can always be used for cost-effective storage systems.

10Gbit/s Ethernet and multiplexers open up new dimensions

More recent developments in the sphere of network technology now enable SAN fabrics to be conceptually simplified and the costs reduced. Two important elements in connection with this are:

  • The increase in transport efficiency using an Ethernet protocol (and SDH protocol) at the level of 10Gbit/s or more.
  • The availability of high-performance hardware components that enable very simple conversion of protocols ("FCoE host bus adapters, HBA" as components of a server or "multiplexers" as separate units).

This enables hybrid parts of the network to be developed in which external links run using different protocols from those in the storage centres.

Above a bandwidth of 10Gbit/s, the previous performance advantage of FC is practically cancelled. A time-critical (external) SAN route can be operated just as well on an Ethernet basis or as part of the normal LAN and WAN network structures (often already Ethernet). In addition to the technological simplification and unification, there is also a cost advantage because Ethernet WAN networks and components are available very cheaply.

10Gbit/s Ethernet encryption solution from Crypto AG

Crypto AG can offer an ideal encryption solution for this transmission performance: the Ethernet Encryption HC-8555 10G.

The successful approach of encrypting the data on OSI layer one with 100% data throughput and security is again put to use here. This means the customer gets a powerful Ethernet encryption solution with a performance of 10Gbit/s per second, which guarantees the highest confidentiality with complete transparency for all applications and services.

A great deal of attention has been given to high fault tolerance for the new solution. Maximum fault tolerance is guaranteed with the redundant power supply and cooling of the unit, plus the option of exchanging these modules during operation.

Besides the simple "bump-in-the-wire" installation, i.e. inserting the unit in the optical connection, operation of the equipment is also supported in numerous practical ways. This includes operation using a browser-based user interface that can be used either on site or from the head office. Integrated test functions make it possible to ensure the communication connection is functioning in unprotected and encrypted mode, independently of the remaining infrastructure.

The unit can be easily integrated in an existing network management environment using SNMP. This allows the use of established monitoring mechanisms.

The following applies to Ethernet encryption products, and to all equipment from Crypto AG:

  • Customised hardware-based symmetric algorithms
  • Comprehensive security architecture
  • Sophisticated, secure process for agreeing on the encryption key between two units
  • User-specific access protection with passwords
  • Tamper-proof housing design
  • Emergency clear function

Return to Profile


Post to:
Delicious  
Digg  
reddit  
Facebook  
StumbleUpon  


Home
New On This Site
Products & Services
Company A-Z
Industry Projects
Features
Videos
White Papers
Industry News
Events & Exhibitions
Newsletter Sign-Up
Advertise With Us
About Us
Client Area


RSS What is RSS
The website for the defence industries - army