Strategies for Data Protection - Brocade

More documents

Recommendations

Info

Chapter 1: Building the FoundationFigure 15. Securing the fabric with fabric ISL bindingAs shown in Figure 15, fabric binding establishes fixed relationshipsbetween multiple switches in the network. Only authorized ISLs areallowed to communicate as a single fabric and any arbitrary attemptsto create new ISLs to new switches are blocked. Fabric bindingensures that established switch-to-switch connections are locked intoplace and that any changes to the SAN can occur only through secureadministrative control.Use of Inter-Fabric Routing to Secure the Storage NetworkAn additional layer for securing storage operations is provided by Inter-Fabric Routing technology. As discussed in “Inter-Fabric Routing” onpage 11, Inter-Fabric Routing can be applied in the data center to buildlarge, stable storage networks, or used for storage over distance applicationssuch as disaster recovery. In addition, Inter-Fabric Routing is ameans to block denial of service attacks if someone were to deliberatelyinitiate faults to cause disruptive fabric reconfigurations.SAN Routing technology prevents SAN-wide disruptions and reconfigurationsby providing fault isolation between fabric switches. Acting as arouter between SAN segments, the SAN router passes only authorizedstorage traffic between each attached SAN. Each SAN segment maintainsits autonomy from the others, and a disruption in one segment isnot allowed to propagate to other switches. Faults are therefore con-28 Strategies for Data Protection
SAN Securitytained at the segment level, and other fabric switches continue normaloperations. Denial of service attempts are restricted and not allowedto impact the entire storage network.SAN Routing products may support multi-vendor interoperability andbe extensible over any distance. For mission-critical data applicationssuch as disaster recovery, SAN Routing ensures that the underlyingtransport aligns with the customer's requirement for continuous, nondisruptivestorage operation.Virtual FabricsLarge data centers often support a wide variety of storage applicationsfor different business units such as manufacturing, sales, marketing,engineering, and human resources. While it is possible to deploy aseparate physical fabric for each business unit, this solution adds significantcosts, reduces storage utilization and adds ongoingadministrative overhead. Storage administrators may thereforeattempt to reduce costs by running multiple storage applicationsacross a larger unified SAN.In order to segregate storage traffic over a single large fabric and prevent,for example, sales applications from disrupting engineeringapplications, some means is needed to isolate the fabric resourcessupporting each application. For Fibre Channel SANs, this functionalityis provided by virtual fabric protocols. Frames for a specific applicationare tagged with identifiers that enable that application data to traverseits own path through the fabric. Consequently a large SAN switch withhundreds of ports can host multiple virtual fabrics (or virtual SANs).Similar to inter-fabric routing, disruptions or broadcast storms in onevirtual fabric are not allowed to propagate to other virtual fabrics.Security for IP SAN Transport via IEEE StandardsFor iSCSI and other IP-based storage protocols, conventional Ethernetstandards can be implemented to safeguard storage data transport.IEEE 802.1Q virtual LAN (VLAN) tagging, for example, can be used tocreate over 4,000 virtual LANs to separate traffic flows and ensurethat only members of the same VLAN can communicate. Like virtualfabrics in Fibre Channel, this mechanism enables multiple storageapplications to share the same infrastructure while gaining the protectionof segregated data streams. Access control lists (ACLs) commonlysupported in gigabit Ethernet switches and IP routers can be used torestrict access to only designated network devices.Strategies for Data Protection 29
Page 1 and 2: STRATEGIESFOR DATAPROTECTIONFIRST E
Page 3: This book is dedicated to the memor
Page 6 and 7: About the AuthorTom Clark is a resi
Page 8 and 9: ContentsChapter 3: Disaster Recover
Page 10 and 11: ContentsChapter 12: Advanced Fabric
Page 12 and 13: FiguresFigure 23. Combining disk-to
Page 14 and 15: FiguresxivStrategies for Data Prote
Page 16 and 17: IntroductionIn this book we will ex
Page 18 and 19: Introductionthe already altered dat
Page 20 and 21: IntroductionviStrategies for Data P
Page 22 and 23: 2 Strategies for Data Protection
Page 24 and 25: Chapter 1: Building the FoundationS
Page 26 and 27: Chapter 1: Building the FoundationF
Page 28 and 29: Chapter 1: Building the FoundationI
Page 30 and 31: Chapter 1: Building the Foundatione
Page 32 and 33: Chapter 1: Building the FoundationE
Page 36 and 37: Chapter 1: Building the FoundationH
Page 40 and 41: Chapter 1: Building the FoundationW
Page 42 and 43: Chapter 1: Building the FoundationA
Page 44 and 45: Chapter 1: Building the Foundatione
Page 50 and 51: Chapter 1: Building the FoundationI
Page 54 and 55: Chapter 1: Building the FoundationS
Page 58 and 59: Chapter 2: Backup StrategiesTape ba
Page 60 and 61: Chapter 2: Backup StrategiesIn addi
Page 62 and 63: Chapter 2: Backup Strategiesbackup
Page 64 and 65: Chapter 2: Backup StrategiesBecause
Page 66 and 67: Chapter 2: Backup StrategiesFigure
Page 68 and 69: Chapter 2: Backup StrategiesTape Pi
Page 70 and 71: Chapter 2: Backup Strategies50 Stra
Page 72 and 73: Chapter 3: Disaster RecoveryDefinin
Page 74 and 75: Chapter 3: Disaster RecoveryTier 4.
Page 76 and 77: Chapter 3: Disaster RecoveryFigure
Page 78 and 79: Chapter 3: Disaster RecoveryLeverag
Page 80 and 81: Chapter 3: Disaster Recoveryto serv
Page 84 and 85: Chapter 3: Disaster RecoveryJumbo F
Page 86 and 87: Chapter 3: Disaster RecoveryFastWri
Page 90 and 91: Chapter 3: Disaster RecoveryDisaste
Page 92 and 93: Chapter 3: Disaster Recoverygeograp
Page 94 and 95: Chapter 3: Disaster RecoveryDisaste
Page 96 and 97: Chapter 4: Continuous Data Protecti
Page 98 and 99:
Chapter 4: Continuous Data Protecti
Page 100 and 101:
Chapter 4: Continuous Data Protecti
Page 102 and 103:
Chapter 5: Information Lifecycle Ma
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Chapter 6: Infrastructure Lifecycle
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Chapter 7: Extending Data Protectio
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
114 Strategies for Data Protection
Page 136 and 137:
Chapter 8: Foundation ProductsBroca
Page 138 and 139:
Chapter 8: Foundation ProductsTable
Page 140 and 141:
Chapter 8: Foundation ProductsUtili
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Chapter 8: Foundation ProductsBy ut
Page 154 and 155:
Chapter 9: Distance ProductsThe Bro
Page 156 and 157:
Chapter 9: Distance ProductsBrocade
Page 158 and 159:
Chapter 10: Backup and Data Protect
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Chapter 11: Branch Office and File
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Chapter 12: Advanced Fabric Service
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Chapter 13: Solutions Productsmany
Page 186 and 187:
Chapter 13: Solutions Products166 S
Page 188 and 189:
Appendix A: The Storage Networking
Page 190 and 191:
Page 192 and 193:
Page 194:
STRATEGIES FORDATA PROTECTIONFIRST
show all

Strategies for Data Protection - Brocade

Create successful ePaper yourself

Delete template?

Save as template?