1 / 34

Introduction to Storage Systems Architectures

Introduction to Storage Systems Architectures . Module 1: Lesson 2 SafeNet StorageSecure Storage Security Course. Agenda. Storage Types Storage Systems Architectures: Direct-attached storage (DAS) Network-attached storage (NAS) Storage Area Network (SAN)

alda
Download Presentation

Introduction to Storage Systems Architectures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Storage Systems Architectures Module 1: Lesson 2 SafeNet StorageSecure Storage Security Course

  2. Agenda • Storage Types • Storage Systems Architectures: • Direct-attached storage (DAS) • Network-attached storage (NAS) • Storage Area Network (SAN) • The Need for Storage Security

  3. Storage Types

  4. Hard Drives

  5. Servers

  6. NetApp Storage

  7. Tapes (LTO4, LTO5)

  8. Tape Library • Tape Library is a storage device which contains one or more tape drives, a number of slots to hold tape cartridges, a barcode reader to identify tape cartridges and an automated method for loading tapes (a robot). Quantum Tape Library

  9. Gartner Magic Quadrant for Disk Arrays

  10. Storage Systems Architecture

  11. Clients LAN Application Servers Win Win Linux Unix Linux Unix SCSI FC FC Tape Direct Attached Storage Direct-Attached Storage (DAS) Architecture

  12. Network-Attached Storage (NAS) Architecture

  13. Features of NAS • NAS - Network Attached Storage • File access. • Network Drives e.g. MyShare on ‘FreeNAS’ Server (192.168.200.250) (N:) • Network share e.g. \\fileserver\share\myfiles • File Systems • Client/server protocols to allow users or programs to perform file services over a network. • NFS - Network File System • Developed by Sun Microsystems for file sharing among Unix hosts. • CIFS - Common Internet File System • Also known as Server Message Block (SMB) protocol • Most commonly used on Microsoft Windows computers

  14. Storage Area Network (SAN) Architecture

  15. Features of SAN • SAN - Storage Area Network • Block access • Storage device appears as being physically attached. • Appear as Hard Disk Drives e.g. C:, D:, E:. • The storage area network (SAN) is a dedicated storage network which provides access to consolidated, block level storage. • A SAN alone does not provide the "file" abstraction, only block-level operations. The file systems built on top of SANs do provide this abstraction, and are known as SAN file systems or shared disk file systems.

  16. SAN Different Technologies • Multiple technologies can be used when building a SAN; Most common today are Fiber Channel and IP based solutions. • The concept of SAN is also independent from the devices that are attached to it. Can be disks, tapes, RAIDs, file servers, or others. • A SAN typically has its own network of storage devices that are generally not accessible through the regular network by regular devices. • FC-SAN • IP-SAN With IP-SANs, such as iSCSI the volume manager resides on the storage

  17. SAN Interconnections • iSCSI - Internet Small Computer System Interface • SCSI – set of standards for connecting and transferring data, typically between computer and hard disks/tape drives (short distances). • iSCSI carries SCSI commands over IP networks facilitating remote storage. • iSCSI clients referred to as ‘Initiators’. • iSCSI storage devices referred to as ‘Targets’. • iSCSInetwork is an extension of the internal SCSI bus, used for short distances due to its parallel architecture. • Fibre Channel (orFC) - Fiber Channel is a dedicated channel based high performance and highly available network based on Fiber Channel Protocols • LUN – Logical Unit Number • Address for an individual disk drive. May not be the entire disk drive, rather a virtual partition.

  18. iSCSI SAN • IP based storage networking standard • Carrying SCSI commands over IP networks • LAN, WAN or the Internet • Uses TCP/IP Ports 860, 3260 • Advantages • Does not need special cabling • Can run on regular IP networks - for high performance it should work on its own LAN or at least its own VLAN • Objectives • Storage consolidation • Disaster recovery

  19. iSCSI SAN • Initiator • Software Initiator - in the OS usually as a kernel driver • Hardware Initiator • Typically with firmware • Better Performance • Optional • Target • Storage array • Storage Array • Software target iSCSI Host Based Adaptor

  20. iSCSI SAN – Initiator Properties

  21. Fiber-Channel SAN • FibreChannel, or FC, is a network technology primarily used for storage networking. • Fibre Channel Protocol (FCP) is a transport protocol (similar to TCP used in IP networks) which predominantly transports SCSI commands over Fibre Channel networks. • Requires dedicated hardware

  22. Fibre Channel over Ethernet (FCoE) • FibreChannel over Ethernet (FCoE) is an encapsulation of Fibre Channel frames over Ethernet networks. • This allows Fibre Channel to use 10 Gigabit Ethernet networks (or higher speeds) while preserving the Fibre Channel protocol. • The specification, supported by a large number of network and storage vendors, is part of the International Committee for Information Technology Standards T11 FC-BB-5 standard.

  23. Compression Techniques and Storage High Availability

  24. De-Duplication • Data de-duplication is a specialized data compression technique for eliminating chunks of redundant data. • Storage Systems use this technique in order to improve storage utilization. • In the de-duplication process, unique chunks of data, or byte patterns, are identified and stored during a process of analysis. • As the analysis continues, other chunks are compared to the stored copy and whenever a match occurs, the redundant chunk is replaced with a small reference that points to the stored chunk • Given that the same byte pattern may occur dozens, hundreds, or even thousands of times (the match frequency is a factor of the chunk size), the amount of data that must be stored or transferred can be greatly reduced.

  25. De-Duplication and Storage Encryption Systems • Encryption removes duplicate data, so no savings are expected from de-duplication. • Because encryption can be run at the share level, it is possible to create a flexible volume where only part of the data on the volume is encrypted. • If de-duplication is run on such a volume, negligible capacity savings are expected on the encrypted data, but it is still possible to achieve savings on the rest of the volume effectively.

  26. Disk Arrays: JBOD and RAID • JBOD is a group of disks packaged in an enclosure and connected via a FC loop. • The Jbod hard disks are not configured to increase fault tolerance and improve data access performance (as according to the RAID systems) • RAID (Redundant Array of Independent Disks) is a more sophisticated device, that may improve performance and/or reliability of the storage device. • RAID is improving performances reading/writing information from a set of disks at the same time, and reliability adding parity and/or mirroring information on multiple disks of the array • RAID can be performed in HW via a controller embedded in the enclosure or software on the host

  27. RAID Array Types • RAID 0 (striping) – • Data split onto different disks for performance increase. • No redundancy added • Cost is limited (no additional hardware) • RAID 1 (mirroring) - • Data are replicated on multiple disks for redundancy • Increase of cost proportional to the amount of redundancy • More complex algorithm to manage multiple copies • RAID 5 (added parity) • Data protection with ECC, parity is spread on the array • Good redundancy • Same speed reads, slower writes • Added cost - One disk per array

  28. The Need for Storage Security

  29. The Need for Storage Security • “Data at rest,” or stored data that is accessible on your network, is increasingly vulnerable to unlawful use or penetration, as evidenced by the skyrocketing rate of identity theft (the unlawful use of nonpublic personal information). • As a result, a market has emerged for security products that distinctly address the need to protect data at rest. • Companies are realizing that the cost of losing your customers’ personal data is in terms of: • Penalties notification costs, • Damage to reputation, • Potential lawsuits • Lost customers • Lost goodwill • The above averages in the millions of dollars. • Moreover, the theft of intellectual property can be devastating to the company’s ability to compete.

  30. Who Has Access to Sensitive Data?

  31. Value of Encryption • As back-end IT complexity increases (for example, replication, networking, sharing, and so on), the “attack surface” dramatically increases • Data encryption reduces attack surface • Everything behind encryption is opaque • By narrowing the number of people and devices that can see data, encryption simplifies overall system security

  32. Encryption Methods • Data-in-Flight Encryption (link encryption) • The data is encrypted at some point before it traverses a communications link (for example, VPN) • Data decrypted at the other end of the link • Data is vulnerable when stored or retransmitted unless another encryption solution is in place

  33. Encryption Methods • Data-at-Rest Encryption • The data is encrypted at some point between the source and storage media. • Data remains encrypted until accessed and decrypted. • After initial encryption, data can be moved, copied, replicated, or archived in its secure form without requiring any additional encryption solutions.

  34. Thank You

More Related