The Basics of SAN Security, Part II Page 3
Where possible, it is always desirable to have data management controlled by a hardware device as opposed to a software component. Rather than have storage devices maintain data availability, software layers result in higher CPU utilization and increase reliance on servers. Mapping logical disks to the SAN is a natural extension of RAID controllers. Since the controllers do the mapping, a RAID based mapping strategy does not impose overhead on nodes. In addition, since it eliminates a software component (which may be a potential security risk and hacked into), having the controller manage the masking feature is the most secure location for this function to take place. Also, since the controllers have to open every packet anyway in contrast with software components or additional hardware routers, I/O latency remains unchanged. By opening the packet to determine destination prior to sending the packet to the hardware RAID controller, these tools create an overhead layer. By using a controller, IT can allocate sensitive data to authorized users at the most secure, foundational level.
WWN Privileged Access
The controller's mapping table is a simple data structure that uniquely identifies users by their worldwide names (WWNs). IT simply selects which data it does and does not want each user to access when designing the SAN. Users are then granted access privileges to only the LUNs containing data, which they have been authorized via a mapping table. All other data is not only unavailable to the user it is invisible to the user. Essentially, what the user does not know exists will not even pose as a temptation. The mapping table operates under the following requirements:
- A locking protocol insures that simultaneous updates from different initiators to the table or to different copies of the table will not occur.
- Mirrored copies must be maintained in multiple devices to avoid losing the entire SAN should a failure occur.
- The mapping table is accessible only through the controller's management interface that provides a consistent view of all node-to-logical disk relationships.
The controller allows for enabling LUN Masking in Active/ Passive and Active/ Active Mode. If a controller fails while in Active/ Active mode, its partner emulates its loop address and services I/Os directed to both its native address and its failed partner's address. In the case of failover, this feature along with redundancy at the switch and HBA level, will ensure that there is no loss in data accessibility anywhere along the I/O path.
Finally, the ability to grow dynamically, is a vital characteristic of a healthy SAN. The controller can easily modify mapping to accommodate new WWNs, as nodes and new applications are added to the SAN. While remaining virtually transparent to users, IT can easily define and enforce storage access policies that are fully secure. The controller's LUN Masking capabilities allow organizations to more fully realize cost savings, while remaining true to the concept of server independent storage in the following areas:
- Bandwidth and capacity scaling.
- Centralized Storage Management.
- Flexible, Modular Storage Expansion.
- Increased Fault Tolerance.
- Shared Storage among different users groups.
Summary and Conclusions
Part II of this introduction to SAN security has centered around how the switched Fibre Channel infrastructure of a SAN must provide the tools to enforce security policies established by systems administrators. When planning and implementing SANs, security must be considered. Finally, in order to maintain the integrity of the fabric, the following security techniques have been developed:
- Configuration security methods can be employed to completely restrict devices within a fabric (switch port binding), restrict only switches (fabric membership authorization), or control the attachment of device types (port type configuration).
- Security must ensure only authorized access between SAN devices. Zoning provides a SAN access security technique using the name server (soft zoning), strict routing control (hard zoning), and HBA port binding.
- With the increased server functionality provided by switches and directors in a switched SAN, ANSI defined authentication and authorization techniques. These security methods control client's access to fabric services.
About the Author :John Vacca is an information technology consultant and author. Since 1982, John has authored 36 technical books including The Essential Guide To Storage Area Networks, published by Prentice Hall. John was the computer security official for NASA's space station program (Freedom) and the International Space Station Program, from 1988 until his early retirement from NASA in 1995. John can be reached at email@example.com.