Strategies for Data Protection - Brocade

More documents

Recommendations

Info

Chapter 1: Building the Foundationenterprise-wide regulatory compliance goals and reducing the cost ofIT support for remote locations. Implementing remote office data consolidationhas been contingent on the arrival of new technologies foraccelerating data transactions over fairly low-speed WANs and innovativemeans to reduce protocol overhead and to efficiently monitor datachanges.SAN SecuritySecurity for storage area networks incorporates three primary aspects:• Secure data transport• Secure data placement• Secure management interfacesSecuring the data transport requires multiple levels of protection,including authorization of access, segregation of storage trafficstreams, maintaining the integrity of network (fabric) connectivity, andencryption/decryption of the data in flight across the SAN.Securing data placement must ensure that application data is writtento the appropriate storage area (LUN) in a specified storage system,that data copies are maintained via mirroring or point in time copy,and that sensitive data is encrypted as it is written to disk or tape.Securing the management interface must include means to validateauthorized access to SAN hardware, such as SAN switches and storagesystems, to prevent an intruder from reconfiguring networkconnections.These three components are interdependent and a failure to secureone may render the others inoperable. Safeguards can be implementedfor data transport and placement, for example, but anexposed management interface can allow an intruder to redirect thestorage transport or deny access to data assets.24 Strategies for Data Protection
SAN SecuritySecuring the SAN Data TransportThe fact that the majority of SANs are based on Fibre Channel insteadof TCP/IP has created a false sense of security for data center storagenetworks. Hacking Fibre Channel data streams would require veryexpensive equipment and a high degree of expertise. In addition, thephysical security of data center environments is often assumed to providesufficient protection against malfeasance. As SAN technology hasbecome ubiquitous in data centers, however, no one should assumethat the SANs are inherently secure. Simply reconfiguring a server so itnow has access to designated storage assets could enable unauthorizedaccess to valuable corporate information.Although Fibre Channel has relied on the physical separation of communicationnetworks and storage networks to provide a rudimentarysecurity barrier, modern business practices require a much higherassurance of data defense. Physical isolation alone does not providesecurity against internal attacks or inadvertent configuration errors.The storage industry has therefore responded with a spectrum ofsecurity capabilities to provide a high degree of data protection, whilestill maintaining the performance required for storage applications.ZoningAt a low level, zoning of resources in the SAN provides authorizedaccess between servers and storage ports through the Fibre Channelnetwork or fabric as illustrated in Figure 13. Zoning can be port based,restricting access by authorizing only designated Fibre Channel switchports and attached devices to communicate to each other. Alternately,zoning can be based on a 64-bit Fibre Channel World Wide Name(WWN). Since each Fibre Channel device has a unique WWN, it is possibleto authorize connections based on the unique identity of eachdevice.Strategies for Data Protection 25
Page 1 and 2: STRATEGIESFOR DATAPROTECTIONFIRST E
Page 3: This book is dedicated to the memor
Page 6 and 7: About the AuthorTom Clark is a resi
Page 8 and 9: ContentsChapter 3: Disaster Recover
Page 10 and 11: ContentsChapter 12: Advanced Fabric
Page 12 and 13: FiguresFigure 23. Combining disk-to
Page 14 and 15: FiguresxivStrategies for Data Prote
Page 16 and 17: IntroductionIn this book we will ex
Page 18 and 19: Introductionthe already altered dat
Page 20 and 21: IntroductionviStrategies for Data P
Page 22 and 23: 2 Strategies for Data Protection
Page 24 and 25: Chapter 1: Building the FoundationS
Page 26 and 27: Chapter 1: Building the FoundationF
Page 28 and 29: Chapter 1: Building the FoundationI
Page 30 and 31: Chapter 1: Building the Foundatione
Page 32 and 33: Chapter 1: Building the FoundationE
Page 36 and 37: Chapter 1: Building the FoundationH
Page 40 and 41: Chapter 1: Building the FoundationW
Page 42 and 43: Chapter 1: Building the FoundationA
Page 50 and 51: Chapter 1: Building the FoundationI
Page 54 and 55: Chapter 1: Building the FoundationS
Page 58 and 59: Chapter 2: Backup StrategiesTape ba
Page 60 and 61: Chapter 2: Backup StrategiesIn addi
Page 62 and 63: Chapter 2: Backup Strategiesbackup
Page 64 and 65: Chapter 2: Backup StrategiesBecause
Page 66 and 67: Chapter 2: Backup StrategiesFigure
Page 68 and 69: Chapter 2: Backup StrategiesTape Pi
Page 70 and 71: Chapter 2: Backup Strategies50 Stra
Page 72 and 73: Chapter 3: Disaster RecoveryDefinin
Page 74 and 75: Chapter 3: Disaster RecoveryTier 4.
Page 76 and 77: Chapter 3: Disaster RecoveryFigure
Page 78 and 79: Chapter 3: Disaster RecoveryLeverag
Page 80 and 81: Chapter 3: Disaster Recoveryto serv
Page 84 and 85: Chapter 3: Disaster RecoveryJumbo F
Page 86 and 87: Chapter 3: Disaster RecoveryFastWri
Page 90 and 91: Chapter 3: Disaster RecoveryDisaste
Page 92 and 93: Chapter 3: Disaster Recoverygeograp
Page 94 and 95:
Chapter 3: Disaster RecoveryDisaste
Page 96 and 97:
Chapter 4: Continuous Data Protecti
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Chapter 5: Information Lifecycle Ma
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Chapter 6: Infrastructure Lifecycle
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Chapter 7: Extending Data Protectio
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
114 Strategies for Data Protection
Page 136 and 137:
Chapter 8: Foundation ProductsBroca
Page 138 and 139:
Chapter 8: Foundation ProductsTable
Page 140 and 141:
Chapter 8: Foundation ProductsUtili
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Chapter 8: Foundation ProductsBy ut
Page 154 and 155:
Chapter 9: Distance ProductsThe Bro
Page 156 and 157:
Chapter 9: Distance ProductsBrocade
Page 158 and 159:
Chapter 10: Backup and Data Protect
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Chapter 11: Branch Office and File
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Chapter 12: Advanced Fabric Service
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Chapter 13: Solutions Productsmany
Page 186 and 187:
Chapter 13: Solutions Products166 S
Page 188 and 189:
Appendix A: The Storage Networking
Page 190 and 191:
Page 192 and 193:
Page 194:
STRATEGIES FORDATA PROTECTIONFIRST
show all

Strategies for Data Protection - Brocade

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?