Securing Data Across SANs, WANs, and Shared File Systems
The end-to-end security of corporate data is becoming an issue of increasing importance, yet the ideal of being able to secure data through every aspect of all systems within a heterogeneous environment remains years away. Henry Newman explores what currently works and what doesn't in the world of data security.
Data security for shared file systems is becoming an issue of increasing importance. As data is distributed over SANs, and now sometimes WANs, should the security of the data itself become an issue? I believe it is a critical issue, and I do not think I am alone.
In my “real” job, one of our customers started looking at the security issues surrounding a WAN connection to a shared file system. The systems included:
- Three different types of servers, each with different variants of UNIX
- A shared file system so that each Unix server would see the same file system
- Two different HBA vendors, with different firmware loads for one vendor
- Metadata communication over IP using three different Gigabit Ethernet NICs
- Dual redundant Fibre Channel switches
- HBA failover
- Terabytes of RAID storage
- High performance tape drives
- As part of the file system, hierarchical storage management (HSM) for controlling the tapes and migrating data to/from large tape robots
The customer wanted to know how they could connect the system to a WAN and what the resulting security issues would be. As there are all types of WAN connections, this became a interesting topic of discussion. Was the customer going to use:
- Dark fibre and run FC
- FC to Dense Wave Division Multiplexing (DWDM)
- FC to IP
- FC to SONET
- Something else
To add to the requirements, the customer said they also wanted a high level of data security and actually wanted to run MLS (Multi Level Security), which is often used by the government, banks, and other organizations that require a high level of security. So I thought it might be useful to review some of the security gaps for these types of environments when using shared file systems in a heterogeneous environment, as well as what happens when you want to share the file system over a WAN.
By Henry Newman
June 20, 2003
The process of modeling and simulating systems has been used in the development of large computer systems for years, and is a requirement in some environments as part of the architecture design process. Henry Newman explores the processes and reasons for systems modeling and simulation.