Click on the advert above to visit the company web site

Product category: Training Aids and eCommunication
News Release from: Storage Expo | Subject: Storage Expo 2006
Edited by the Manufacturingtalk Editorial Team on 18 September 2006

Securing Storage Networks

The community of enterprises running sophisticated storage networking services has grown significantly more diverse over the last four years.

The community of enterprises running sophisticated storage networking services has grown significantly more diverse over the last four years Government regulations and competitive pressures have made implementing capabilities such as disaster recovery, business continuity and, now, even continuous data protection (CDP) more of a business imperative

Innovations in Wavelength Division Multiplexing (WDM) and optical networking have made it more cost-effective.

Now the security of this storage network traffic is subject to enhanced scrutiny.

Again, regulatory and competitive pressures are coming to bear, and, again, technological innovations in WDM-enhanced optical networks are delivering critical capabilities.

Enterprises are adopting multi-layered security strategies that rely on powerful new mechanisms such as physical-layer intrusion detection and in-flight data encryption.

Storage networking has come a long way in a very short time.

Until recently, storage area networks (SANs) were limited to single corporate sites, but today SAN extension is hot, with as many as 70 percent of the world's Fortune 1000 companies relying on distributed data-centre and storage connectivity.

WDM-enhanced fibre-optic networks now serve as the standard medium for interconnecting primary and recovery data centres across distances of between 50 and 200 kilometers, especially for synchronous backup and restore applications.

Optical networking delivers service reliability and robust connectivity; WDM expands the value of the fibre plant by multiplying the amount and types of traffic that can be carried on a given glass strand.

The technologies have matured, gradually enabling a wider and wider array of enterprises to deploy increasingly sophisticated services.

Disaster recovery and business continuity are strongly entrenched as essential capabilities in enterprise storage strategies.

CDP represents the newest dimension in remote storage management.

CDP relies on disk technology to continuously capture data updates in real time.

As data is written to disk, it is simultaneously written in a second location and time-stamped.

CDP's most important innovation is in the area of data restore.

As opposed to being limited to reverting to a prescribed data snapshot - recorded on a preset interval of, say, every four hours - an enterprise is able to access data from any point in time with CDP.

Enterprises appear to be most interested in deploying CDP for mission-critical applications in which data changes frequently and logical data issues such as corruption are common.

On the pure transport level, innovations such as Dense WDM (DWDM), Coarse WDM (CWDM) and hybrid CWDM/DWDM networking have allowed enterprises to cost-effectively implement only the amount of capabilities they require to meet their Recovery Time and Recovery Point Objectives (RTOs and RPOs) today and easily grow capabilities as needs evolve.

Enhancements such as built-in Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/SDH) framing and Generalized Framing Procedure (GFP), meanwhile, have increased enterprises' flexibility in providing high-bandwidth storage connectivity to corporate sites.

The enterprise that implements sophisticated, high-bandwidth storage services across WDM-enhanced optical networks realises benefits of unprecedented value:.

* Reducing its business vulnerability to catastrophic failure at any one of its corporate locations.

* Avoiding the stiff revenue losses associated with network downtime.

* Coming into compliance with legislation that stipulates data-backup and disaster-recovery capabilities.

* Establishing investment protection for its range of information assets.

* Enabling cost-effective resource sharing and distribution among its metropolitan-area sites.

* Positioning for future technology adoption by putting in place a high-capacity, protocol-agnostic infrastructure.

The result of this trend toward the adoption of more sophisticated storage capabilities is that more sensitive data than ever is being carried across distributed networks.

That fact begs an important question: Just how secure is all of this storage traffic?.

Certainly government regulators are asking that question.

With so much personal, financial and medical information being networked, governments have rolled out a series of regulations - the Sarbanes-Oxley Act, Graham-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), California's Information Privacy Act, etc - that are pressuring enterprise Information Technology (IT) managers and other executives to do as much as they can to shore up infrastructure security and disclose compromises to information assets.

Even the individual executives (in addition to the enterprise itself) can be penalized stiffly for violations, according to some of the new laws.

The pressure on IT managers and chief information officers (CIOs) is considerable to demonstrate reasonable and acceptable due diligence that data is protected from rogue access in the data centre or while in transit for mirroring from one site to another.

In addition to the threat of government penalty, enterprises risk a severe blow to customer confidence and loyalty if the vulnerability of its network infrastructure is exposed by an incidence of information theft.

Fortunately, another wave of optical-networking innovations is providing these executives with the protection and peace of mind they require.

Ensuring secure SAN extension for real-time storage protocols such as ESCON, FICON, Fibre Channel (1, 2 and 4G), Coupling Link, Sysplex Timer and Infiniband demands a multi-layered strategy.

The foundation layer of this defence is occupied by physical, access and zoning controls.

Beyond that, enterprises are finding physical-layer intrusion detection and in-flight data encryption to be valuable optical-network protection mechanisms.

Physical-layer intrusion detection has proven especially appealing in industries such as finance, where sometimes thousands of transactions are processed per second across an enterprise's metropolitan network infrastructure.

Today, the technology is expanding into other vertical markets where legal mandates are forcing a more conscientious awareness of data security among enterprises.

The goal is to identify, short-circuit and mitigate the damage of an infrastructure breach.

To achieve that goal, some WDM-enhanced optical networking platforms can be configured to execute various pre-programmed actions in automated fashion as various thresholds of signal degradation are crossed.

For example, service could be completely shut down to and from a particular data centre or rerouted to another computing location without intervention by the IT staff, so that other data centres and information assets along the network are not compromised.

In-flight data encryption, meanwhile, is emerging as a critical last line of defence.

In this process, storage data is encoded for secure transit across the SAN.

Recently released SAN virtual private network (VPN) appliances execute wire-speed native SAN encryption via 3DES or AES (Data or Advanced Encryption Standard, respectively) at wire speed.

This process might remind the enterprise IT manager of IPSec Tunnel Mode, as an entire Fibre Channel frame is encapsulated and encrypted as it enters or leaves the SAN.

No latency delay is incurred because there is no conversion to Internet Protocol (IP).

That's no small point because security measures must not hurt the performance of the storage services and traffic they are designed to protect.

Enterprises must take care to ensure that the pains they take to ensure compliance to security regulations and ensure data privacy do not undercut the benefits that disaster recovery, business continuity and CDP services are deployed to deliver.

Multi-layered strategies for securing storage traffic have thus far been adopted most pervasively in financial services, government, healthcare and manufacturing.

Enterprises in other industries including airlines, education, life sciences and pharmaceuticals appear poised to follow suit.

The trend is understandable.

As innovations in WDM-enabled optical networking have allowed more and more enterprises to adopt disaster recovery, business continuity and CDP services, another wave of innovations is helping these enterprises cost-effectively secure the storage traffic carried across their metropolitan networks.

New capabilities such as physical-layer intrusion detection and in-flight data encryption are helping enterprises respond to government and competitive pressures to assure their information assets.

ADVA Optical Networking is exhibiting at Storage Expo 2006 the UK's largest and most important event dedicated to data storage, now in its 6th year, the show features a comprehensive FREE education programme, and over 90 exhibitors at the National Hall, Olympia, London from 18 - 19 October 2006.

• Storage Expo: contact details and other news
• Email this article to a colleague
• Register for the free Manufacturingtalk email newsletter
• Manufacturingtalk Home Page

Search the Pro-Talk network of sites

Put your news on Manufacturingtalk  |   Advertise  |   Get the free Manufacturingtalk newsletter  |   Manufacturingtalk Home
About Manufacturingtalk  |   Copyright © 2000-2008 Pro-Talk Ltd, UK