Securing Data Across SANs, WANs, and Shared File Systems


Want the latest storage insights?

Download the authoritative guide: Enterprise Data Storage 2018: Optimizing Your Storage Infrastructure

Data security for shared file systems is becoming an issue of increasing importance. As data is distributed over SANs, and now sometimes WANs, should the security of the data itself become an issue? I believe it is a critical issue, and I do not think I am alone.

In my “real” job, one of our customers started looking at the security issues surrounding a WAN connection to a shared file system. The systems included:

  • Three different types of servers, each with different variants of UNIX
  • A shared file system so that each Unix server would see the same file system
  • Two different HBA vendors, with different firmware loads for one vendor
  • Metadata communication over IP using three different Gigabit Ethernet NICs
  • Dual redundant Fibre Channel switches
  • HBA failover
  • Terabytes of RAID storage
  • High performance tape drives
  • As part of the file system, hierarchical storage management (HSM) for controlling the tapes and migrating data to/from large tape robots

The customer wanted to know how they could connect the system to a WAN and what the resulting security issues would be. As there are all types of WAN connections, this became a interesting topic of discussion. Was the customer going to use:

  • Dark fibre and run FC
  • FC to Dense Wave Division Multiplexing (DWDM)
  • FC to IP
  • FC to SONET
  • Something else

To add to the requirements, the customer said they also wanted a high level of data security and actually wanted to run MLS (Multi Level Security), which is often used by the government, banks, and other organizations that require a high level of security. So I thought it might be useful to review some of the security gaps for these types of environments when using shared file systems in a heterogeneous environment, as well as what happens when you want to share the file system over a WAN.

Page 2: What Works

Submit a Comment


People are discussing this article with 0 comment(s)