Changes the Rules
storage compounds the flexibility,
scalability--and, to some extent, the
risk--of distributed SANs. High-speed
Ethernet (10 Gbps is now available, albeit
very expensive) is widely deployed to meet
the high bandwidth requirements of IP
storage traffic. Thanks to a spate of new
protocols, enterprises can create IP SANs in
all-Ethernet or mixed Ethernet/Fiber Channel
storage traffic is vulnerable to the same
security risks as traditional IP
networks--data theft/modification, peer
modification, denial of service, etc.
Although it's not mandated in the iSCSI
standard, IPSec should be implemented to
secure IP storage traffic.
encryption degrades performance. While this
may be acceptable for a VPN, supporting
less-demanding IP traffic, it won't meet the
performance requirements of IP storage. This
is being addressed by high-end processors
embedded in the new class of iSCSI-compliant
products. QLogic, for example, is marketing
a series of chips for iSCSI/IPSec
acceleration, as well as iSCSI HBAs powered
by powerful processors. NetOctave markets
IPSec accelerator boards it says will meet
the demands of IP storage traffic.
broad-based iSCSI protocol embeds SCSI
commands into TCP, so it's protocol-agnostic
as far as the incoming packet stream is
concerned. A number of vendors--including Cisco
Systems--have introduced iSCSI products.
alternative FCIP and iFCP protocols are
designed to connect FC storage networks over
IP by encapsulating FC in IP packets. FCIP
creates a tunnel that simply links FC SANs.
iFCP, which is primarily designed to
facilitate FC storage over the Internet,
maps the FC packets to native IP.
some challenges to address--in addition to
bandwidth--if you're considering IP storage.
Key management can become an even greater
headache over a widely distributed,
heterogeneous storage network. IPSec
authentication and access control must be
integrated into your existing authentication
mixing protocols is a messy business. From a
security perspective, using IP in
conjunction with FC introduces new
over IP opens Pandora's box," says
Yankee Group analyst Jamie Gruener. "I
think it's a huge problem that a lot of
vendors have not adequately prepared for.
Customers have to be very cautious until
they are assured that the use of IP for
storage is safe."