Strategies for Data Protection - Brocade

More documents

Recommendations

Info

Chapter 1: Building the FoundationFigure 13. Establishing zones between groups of initiators and targetsto segregate trafficPort-based zoning is fairly secure, since it cannot be spoofed by manipulatingframe headers. If a device is moved from port to port, however,the zone stays with the port, not the device. This makes hard or portbasedzoning more difficult to manage as adds, moves, and changesare made to the fabric. Soft zoning based on WWN provides the flexibilityto have zones follow the device itself, but can be spoofed ifsomeone inserts a valid WWN into a frame to redirect storage data.Zoning alone provides no means to monitor these sorts of intrusionsand has no integrated data encryption support.Port BindingPort binding established a fixed connection between a switch port andthe attached server or storage device. With port binding, only designateddevices are allowed on specified ports and a substitution ofdevices on a port results in port blocking of communications from thesubstituted end device, as shown in Figure 14.26 Strategies for Data Protection
SAN SecurityFigure 14. Creating secure device connectivity via port bindingPort binding thus locks in the authorized connection between the fabricand the device, ensuring that the link between the device and thefabric is secure. This mechanism prevents both deliberate and inadvertentchanges in connectivity that might allow an unauthorizedserver or workstation to gain access to storage data.Fabric BindingAt a higher level, it may also be desirable to secure connectionsbetween multiple fabric switches. Fibre Channel fabric switches aredesigned to automatically extend the fabric as new switches are introduced.When two fabric switches are connected via ISLs, theyautomatically exchange fabric-building protocols, zoning information,and routing tables. While this is acceptable in some environments, itcreates a security concern. Someone wishing to probe the fabric couldsimply attach an additional switch and use it to gain entrance into theSAN.Strategies for Data Protection 27
Page 1 and 2: STRATEGIESFOR DATAPROTECTIONFIRST E
Page 3: This book is dedicated to the memor
Page 6 and 7: About the AuthorTom Clark is a resi
Page 8 and 9: ContentsChapter 3: Disaster Recover
Page 10 and 11: ContentsChapter 12: Advanced Fabric
Page 12 and 13: FiguresFigure 23. Combining disk-to
Page 14 and 15: FiguresxivStrategies for Data Prote
Page 16 and 17: IntroductionIn this book we will ex
Page 18 and 19: Introductionthe already altered dat
Page 20 and 21: IntroductionviStrategies for Data P
Page 22 and 23: 2 Strategies for Data Protection
Page 24 and 25: Chapter 1: Building the FoundationS
Page 26 and 27: Chapter 1: Building the FoundationF
Page 28 and 29: Chapter 1: Building the FoundationI
Page 30 and 31: Chapter 1: Building the Foundatione
Page 32 and 33: Chapter 1: Building the FoundationE
Page 36 and 37: Chapter 1: Building the FoundationH
Page 40 and 41: Chapter 1: Building the FoundationW
Page 42 and 43: Chapter 1: Building the FoundationA
Page 44 and 45: Chapter 1: Building the Foundatione
Page 50 and 51: Chapter 1: Building the FoundationI
Page 54 and 55: Chapter 1: Building the FoundationS
Page 58 and 59: Chapter 2: Backup StrategiesTape ba
Page 60 and 61: Chapter 2: Backup StrategiesIn addi
Page 62 and 63: Chapter 2: Backup Strategiesbackup
Page 64 and 65: Chapter 2: Backup StrategiesBecause
Page 66 and 67: Chapter 2: Backup StrategiesFigure
Page 68 and 69: Chapter 2: Backup StrategiesTape Pi
Page 70 and 71: Chapter 2: Backup Strategies50 Stra
Page 72 and 73: Chapter 3: Disaster RecoveryDefinin
Page 74 and 75: Chapter 3: Disaster RecoveryTier 4.
Page 76 and 77: Chapter 3: Disaster RecoveryFigure
Page 78 and 79: Chapter 3: Disaster RecoveryLeverag
Page 80 and 81: Chapter 3: Disaster Recoveryto serv
Page 84 and 85: Chapter 3: Disaster RecoveryJumbo F
Page 86 and 87: Chapter 3: Disaster RecoveryFastWri
Page 90 and 91: Chapter 3: Disaster RecoveryDisaste
Page 92 and 93: Chapter 3: Disaster Recoverygeograp
Page 94 and 95: Chapter 3: Disaster RecoveryDisaste
Page 96 and 97:
Chapter 4: Continuous Data Protecti
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Chapter 5: Information Lifecycle Ma
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Chapter 6: Infrastructure Lifecycle
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Chapter 7: Extending Data Protectio
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
114 Strategies for Data Protection
Page 136 and 137:
Chapter 8: Foundation ProductsBroca
Page 138 and 139:
Chapter 8: Foundation ProductsTable
Page 140 and 141:
Chapter 8: Foundation ProductsUtili
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Chapter 8: Foundation ProductsBy ut
Page 154 and 155:
Chapter 9: Distance ProductsThe Bro
Page 156 and 157:
Chapter 9: Distance ProductsBrocade
Page 158 and 159:
Chapter 10: Backup and Data Protect
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Chapter 11: Branch Office and File
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Chapter 12: Advanced Fabric Service
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Chapter 13: Solutions Productsmany
Page 186 and 187:
Chapter 13: Solutions Products166 S
Page 188 and 189:
Appendix A: The Storage Networking
Page 190 and 191:
Page 192 and 193:
Page 194:
STRATEGIES FORDATA PROTECTIONFIRST
show all

Strategies for Data Protection - Brocade

Create successful ePaper yourself

Delete template?

Save as template?