In an age of increasing regulatory compliance and e-discovery demands, stringent requirements for data confidentiality, integrity and availability have made enterprise data controls a critical concern for all organizations. The question on the minds of many C-level executives is: How much is enough?
For Saddleback Memorial Medical Center (SMMC) in Laguna Hills, Calif., one of six not-for-profit medical facilities under the MemorialCare Medical Center umbrella, the answer is: Whatever it takes.
“We’re looking at taking an extra step — securing our devices at a more physical level,” said Mark Nicolas, network engineer at SMMC.
More specifically, he’s talking about encrypting storage volumes. A user of StoneFly’s Integrated Storage Concentrator line of high-availability IP SANs, Nicolas is looking at the vendor’s recently introduced SAN-based encryption capability.
“If we encrypt the volumes, the data can’t be reconstructed if someone pulls out the drives,” said Nicolas.
Both SMMC-Laguna Hills and SMMC-San Clemente serve as the third tier of storage for MemorialCare Medical Centers. There’s a total of 11 terabytes of data storage at the two locations, with the majority of the data located at Laguna Hills, according to Nicolas.
However, at San Clemente, the smaller data center site, critical information such as departmental shared folders, personal folders, databases and virtual machines (VMs) is asynchronously copied onto SATA drives.
“We’re looking at encryption for our San Clemente site,” said Nicolas.
Today, encryption is offered as an integrated part of the StoneFly ISC IP SANs. The new SAN-based encryption will be available with other StoneFly IP SANs soon, according to the company.
StoneFly’s strategy is to help organizations eliminate security vulnerabilities across the enterprise by paying as much attention to insider threats as to external ones.
The vendor promotes its ISC as a cost-effective IP SAN designed for small offices, remote sites, branch offices and first-time IP SAN deployments.
Saving on Fibre Channel Costs
Two years ago, SMMC had direct-attached storage (DAS). Working with a solution provider, the organization began replacing the SCSI DAS with Xyratex (NASDAQ: XRTX) PAC storage. Xyratex combines Fibre Channel connectivity with serial attached SCSI (SAS) and serial ATA (SATA) drive technology.
With the organization moving to virtualization, Nicolas was looking to leverage or scale the existing storage to make sure it was available on the network.
“Six months later, we brought in a StoneFusion iSCSI target that utilizes our existing Ethernet network infrastructure, turning it into an Ethernet-based SAN,” said Nicolas.
By not having to be a strictly Fibre Channel shop, Nicolas said SMMC saves money. “We can avoid having to buy Fibre Channel HBAs, Fibre Channel switches and instead leverage our Ethernet backbone.”
Another feature of StoneFly’s StoneFusion operating system that was important to SMMC was built-in support for VMware’s (NYSE: VMW) iSCSI initiator, for quick integration of networked storage with virtual servers.
Before purchasing the StoneFly storage product, Nicolas looked at Dell’s (NASDAQ: DELL) lowest-tier iSCSI offering. However, the solution seemed unwieldy. “It was cheaper per megabyte than StoneFly, but it didn’t seem as scalable or as easy to use,” he said.
Cost, ease-of-use and scalability were the bottom line criteria for SMMC as it moved to iSCSI storage. “We just wanted a cost-effective replacement to the DAS,” said Nicolas. Going to iSCSI was a way to leverage the storage to other servers, the virtualized servers in particular.
Whether or not SMMC uses StoneFly’s encryption capability depends on the outcome of the pilot that’s currently getting underway. The company’s concerns are performance degradation and the effect on scalability.
“Once we encrypt the volumes, we need to look at how it will affect adding volumes,” said Nicolas.
The organization has one chassis with SATA in San Clemente and three chassis in Laguna Hills comprised of two SATA and one SAS. ” If there’s a twenty percent performance hit, that would be okay and we’d consider encryption at Laguna Hills,” he said.
Beyond using the encryption feature at the two data center sites, Nicolas believes there’s a good chance that it may be used more widely within the enterprise.