|
contents | business | |||||||
| Optimizing Remote Data Protection and Security with iSCSI Storage When it comes to securing remote data, iSCSI appliances offer the most flexible, affordable and secure technology, according to Hifn. The importance of simple, effective and affordable data protection for companies with remote offices takes on added significance when considering that the Enterprise Strategy Group (ESG) estimates that as much as 70 percent of corporate data is located outside of the data center, with only 30 to 40 percent of this offsite data successfully backed up. And for companies that are subject to regulatory requirements, such as Sarbanes-Oxley, remote data is subject to the same retention, privacy and security requirements so that without proper remote data management policies they are risking civil and, in some cases, criminal penalties. The bottom line: when it comes to remote data protection, "out of sight, out of mind" is no longer acceptable. Fortunately iSCSI is the perfect platform to eliminate these security concerns, and meets budgetary limits. The cornerstone of remote storage security is strong encryption of the disk appliance and this is an area where iSCSI provides tangible user benefits. Even with encryption, remote data can still be vulnerable to theft or corruption if the type of encryption used is insufficient. Block-based encryption, as enabled on iSCSI disk arrays such as Hifn's Swarm appliances, is ideal for secure storage. File-based encryption, as used on NAS devices, can allow perpetrators to still walk through the directory and examine file names, dates and times. Block-based replication is enabled at a lower level, eliminating such potential intrusions. iSCSI storage provides another major advantage: simplified management of multiple appliances. The best iSCSI appliances provide centralized administration from a single management interface, allowing the administrator to configure, monitor and manage multiple appliances deployed both locally and remotely. Since iSCSI is based on IP networking and Ethernet connectivity, administrators can leverage their familiarity and existing knowledge to easily manage their iSCSI storage rather than having to learn a completely new networking technology as required with Fibre Channel SANs. As the ideal remote replication platform, users should look for an iSCSI appliance with integrated hardware-based data encryption, which delivers the best combination of performance and affordability. Many vendors rely on backup software to encrypt the data and are suffering a significant performance hit given the CPU cycles required to process software-based encryption. The only other option is for users to combine an iSCSI storage array with an external encryption appliance. While this approach addresses the performance issue, many of the currently-available encryption appliances are targeted at the enterprise market and can cost more than the iSCSI storage appliance, making this an impractical option for remote replication at multiple sites. With the typical business having multiple remote sites, the cost of equipping each location can also become an issue, especially for smaller companies. iSCSI delivers outstanding customer cost benefits as well. Deploying iSCSI disk appliances with SATA-II drives at multiple locations is the lowest-cost alternative to create a secure remote storage environment with block-based data encryption. It allows organizations to install these appliances at a fraction of the cost and without the complexity of Fibre Channel storage arrays, the only other alternative to enable block-based encryption. Using iSCSI disk appliances for remote data replication also eliminates the issues related to long distance transport of Fibre Channel protocol data. The best method to optimize remote data protection combines point-in-time snapshots with block-based replication. Once the replication function is enabled on the remote appliance and the initial synch to the host site has been performed, it should operate in incremental mode, monitoring for changed blocks and record only those blocks that were changed to save both disk capacity and bandwidth during replication operations. During the pre-defined period a snapshot of the changed data should be taken and then replicated to the central site. To save bandwidth your solution should also include data compression. That is why you it is important for the iSCSI appliance you select be intelligent enough to handle the data properly when combining encryption with data compression. Because encryption causes data to become random, compression should take place before encryption, or, when encrypted, the data set might actually expand in size. So the most effective methodology is to compress the data first, then encrypt it before sending it over the wire to the main site. At the central site, the host iSCSI appliance will watch for incoming data. As replicated data comes in from the remote site, it will unencrypt data, decompress data, and then write data onto local storage. Data should then be re-encrypted in the central location to ensure that the data-at-rest is not vulnerable to any security risks that can be introduced via the corporate network. Once all the data has arrived from remote sites, it is safe to back up data. Just as important as strong encryption is the organization's data storage and management policies. Storage at the central site should utilize RAID-6, nearly mandatory for today's high-capacity SATA drives. Rebuild time is too precious today to risk an additional drive failure during a RAID-5 rebuild. Using volume management and expansion for remote site data allows the consolidation of many different sets of data on a single array, and once created, volume expansion allows a volume to grow along with the data sets. In addition to integrated encryption, compression and replication, customers considering iSCSI appliances should look for vendors that maximize the simplicity and ease of use of the iSCSI platform by providing complete, turnkey solutions that include a full complement of storage management capabilities, including storage consolidation, compression, centralized management, automation and data protection using snapshots and integrated backup rather than a base hardware configuration with each additional software feature delivered as an extra-cost option. iSCSI is one of the hottest technologies in what is generally predicted to be an otherwise modest year for the storage market. Both ComputerWorld and Network World magazines selected iSCSI SANs as one of the hot technologies to watch in 2008. International Data Corp. forecasts that iSCSI storage deployments will increase almost by a factor of seven over the next two years, reaching a 20 percent share of external disk storage by 2010. iSCSI arrays, such as Hifn's Swarm appliances, are specifically designed for small to mid-sized enterprise customers who share the same storage security needs as enterprise customers but lack budget and specialized storage staff knowledge and therefore need simpler, more affordable secure storage solutions. These iSCSI devices address that need and solve a big security and IT Infrastructure challenge for securing and replicating remote office/branch office (ROBO) data. write your comments about the article :: © 2008 Networking News :: home page |