Storage King for a Day: Dreaming of Storage Page 3
Most local file systems provide standard security such as ACL (access control lists), UNIX groups, and permissions. Some file systems support encryption such as Microsoft NTFS on a file or folder basis, but encryption is very CPU intensive, and key management gets more difficult as we all get older and forget our many passwords more and more often. The issue of end-to-end local file system security has not been efficiently solved from the host to the RAID either. (Please review this article for a closer look at this issue.)
Now, add to this the requirements for multi-level security, or MLS, that many vendors are moving toward for authentication and tracking file access. The U.S. Government has some new requirements in this area that are interesting for both operating system security and encryption, but even with these requirements, true end-to-end security still comes up short.
In addition, as you may have read from past articles, I have been involved with shared file systems for a long time, and security policy between multiple vendors' operating systems with shared file systems is virtually impossible. Some of the problems in this area are that file systems distributed across heterogeneous operating systems have no common and often no public interface for security, and issues like HBA, switch, RAID, tape, and SAN/WAN encryption have not been adequately addressed either.
Wouldn’t it be nice to have a tool that:
- Manages your shared file system(s) on multiple platforms
- Manages and tracks security policies for the file system, HBAs, switches, RAIDs, tapes, and libraries
- Allows replication of data for use by others and for disaster planning and recovery
- Manages all of your storage infrastructure, including configuration, performance analysis, and error reporting
- Conducts performance analysis of data through the file system, to the HBA, to the switch, to the RAID, to the HSM, and/or to backup software, and out to the SAN/WAN
I’m sure I’m missing a few things, but even all of the above would be the Holy Grail for management. Unfortunately, though, we’re nowhere close to having a tool that does all of this. A number of vendors are working on tools — VERITAS, McDATA, and EMC, just to name a few — that will help somewhat, but we won’t be arriving at the Holy Grail anytime soon, I’m afraid.