On December 23, I sat down with Bruce Gordon, vice president of Technical Marketing for StorageNetworks, a 2-year-old company that's a category leader in the Storage Service Provider (SSP) market—and growing fast. We discussed what security and backup mean to a company with StorageNetworks' super-enterprise requirements.
StorageNetworks serves largely UNIX (particularly Sun Solaris) and Windows 2000/Windows NT. The company's AIX and HP-UX clients comprise a minor part of the client base. (Linux doesn't really play well in this marketplace yet.) According to Gordon, StorageNetworks designs its storage security with the idea that "there are hostile end users out there," who might try to subvert another organization's storage assets.
On the Storage Area Network (SAN) side, StorageNetworks uses private network connections and fibre channel dedicated fabric for client connections, with a lot of EMC Symmetrix, some Hitachi, and a little IBM Shark. Dedicated fabrics are necessary because fibre channel worldwide IDs can be spoofed. StorageNetworks has found that port segregation is not enough to guarantee secure volumes on a SAN. StorageNetworks dedicates entire storage devices to one customer.
According to Gordon, "One hundred percent of all storage devices have holes in them." It's not just storage servers; the command consoles' underlying ability to copy data provides the capability to attach to and reallocate storage assets. Although a user might not be able to actually use a volume on a shared storage device, just getting access to it is enough to alter its availability to its owners. And although SSPs can secure the SAN side, they can't control what happens on remote servers.
On the IP side, where StorageNetworks provides file service backup, the company provides a mount point (a linked directory that stores an image of pointers to the real storage file system on the device) for users. For client companies to receive the service, StorageNetworks requires that they have a PDC on Windows or Network Information Service (NIS) on Solaris to plug into Network Attached Storage (NAS) services. The company also requires that clients run a time service so that time stamps match StorageNetworks' time stamps within a fraction of a second. StorageNetworks uses a lot of Network Appliance NAS storage for backup, and Gordon hopes that Direct Access File System (DAFS) will become an industry standard: "DAFS gets rid of the IP stack and gives the OS an externally accessible file system.
Backup was our other major topic. "Backup is the problem that won't go away," Gordon said. StorageNetworks uses about 50 percent each Legato Networker and Veritas Netbackup, both on Sun servers backed up to DLT 7000 tape libraries. Functionally, Gordon describes the two backup programs as "peas in a pod," but StorageNetworks modified both programs to reduce security risks. StorageNetworks' BackPaks backup service is a major company offering. Currently, the company is evaluating both Linear Tape 0pen (LTO) and SuperDLT, but Gordon didn't expect a decision for a couple of years. The reason is that the tape is used as a kind of interchange format, and until tape drives are widely available, moving to another tape format doesn't make sense.
I asked Gordon whether disk will ever be cheaper than tape (today, disk costs about 10 times more). He believes a time will come when disk doesn't continue to decrease in price and increase in volume as it has historically. He also pointed to the use of cheap IDE disks in very large disk arrays as an approach we should see within 2 to 3 years—used as archival storage.
Snapshots or mirrored backup? Both, according to Gordon. "The advantage of snapshots is that you can do them online and fast. But if the file system is corrupted, you lose them all. So snapshots are great for copies made to other media. Mirrors provide a second copy that's great for testing and staging. So it's ideal to have both."
Another trend that Gordon watches is IP speed: "IP raw bandwidth will outstrip fibre channel over the next couple of years, so we'll see more use of metropolitan IP networks. Although SCSI over IP works for small networks, it won't work for WANs. The latency that hops between routers on the Internet introduce into IT transport makes large-scale storage transfers impractical. It's a lot more efficient to transfer the transactions instead."
Corrections to this Article:
- In this column, all references to "IBM Shark" should instead be references to "Compaq StorageWorks." We regret any inconvenience this error might have caused.