Solving Storage Management Issues for Today's Open, Networked Computing Environment:
Security Standards Top the List
The 90's data explosion and open systems revolution have spread mission critical data across the enterprise in a heterogeneous, networked computer environment. As businesses increasingly rely on information as a competitive advantage, the storage demand for non-mainframe, secure, network-based systems is escalating, expected to grow more than 30 percent in '96 to a level now totaling $6.1 billion. These trends, combined with the emergence of data warehousing, data mining and the ubiquitous intranet and Internet-type networks have forced companies to consider how to provide reliable, fault tolerant and comprehensive protection from data loss.
This dilemma requires an economical network storage management solution, preferably network-attached rather than the traditional storage server. The device connects directly to the network and does not require a separate server or network operating system. As a result, the network-attached solution delivers:
- optimized performance with easy non-disruptive installation
- pre-configured and pre-tested components in one box supporting multiple environments
- simplified maintenance
The network-attached approach compares favorably to the storage server which must connect to the network through another general purpose server and share resources with other applications. The new configuration typically results in streamlined connectivity with fewer components to administer.
Network Storage Solution Essentials
According to a report from Strategic Research, network-attached storage will grow to $5 billion by the year 2000. As this trend continues to escalate, the industry must identify security requirements and standards regarding information control, access and liability.
At the minimum, network storage management solutions should address the following to protect a company's mission critical data.
- Logging on, passwords. Logging on should adhere to a secure network authentication system, which allows entities communicating over networks to provide their identity to each other while preventing eavesdropping or replay attacks. When someone logs on to his/her terminal, a dialog should take place in which the client is 'suspicious' of the server, and the server is 'suspicious' of the client. The client uses the password as part of a key and that password is never sent across the network during the log on process.
A secure system should provide for mutual authentication and secure communication between principals on an open network by manufacturing secret keys for any requester and provides a mechanism for these secret keys to be safely propagated through the network. However, this does not provide for authorization or accounting nor does it provide password validation for individual workstations. When the client or the administrator resets a password it is sent over the network encrypted. All password updates are encrypted with the session key so those transactions cannot be captured either. Administration streams are also encrypted so user registrations with passwords cannot be captured as well.
- Security of backed up data. Only the client that has backed up the data should be allowed to restore it. If client A wishes to allow client B to restore his data, then client A can explicitly grant access for client B to restore some or all of his backed (or archived) up files from the storage server. Unfortunately, granting access is not logged at this time, nor can an administrator query what a client has permitted.
- Administrator security. All administrator sessions should be encrypted. Usually administrator control can be centralized or decentralized and levels of authority vary according to need and company policy.
Beyond these security features, an effective network management solution should include the following:
- Open, multi-platform support. With distributed data across multiple platforms, companies need a complete, integrated solution for managing and protecting their data. Any legitimate storage management software packages must necessarily support all major computing platforms and avoid multiple, platform-specific user-dependent solutions. At a minimum, network storage management offerings should support all existing or foreseeable platforms and network computing environments for that network, probably including Sun, HP, IBM, Microsoft, Apple and SGI.
- Reliable, disaster recovery planning across multi-vendor platforms. To protect data running on desktop, midrange, UNIX and mainframe platforms, full network disaster recovery must back up both the distributed client data repository and the meta data (index or database) describing that information. Although most backup products protect against hardware/media failure or total disaster - the ability to recover to the most recent state - a true network management solution must also provide recovery from a logical error that causes data corruption or application contamination. And because continual access is a definite prerequisite, level 2 insurance must be non-disruptive (on-line), automated and centrally managed.
- Storage Hierarchy. Storage hierarchy rules govern the way data is managed within the storage environment. The hierarchy is a pyramid, with the most expensive, highest performing storage medium, disk drives, on the top. Each successive layer is a less expensive, slower performing media, like tape or optical. Server hierarchical storage management (HSM) migrates data automatically based on administrator-defined rules, to the most appropriate medium. HSM maximizes the trade-off between cost and availability.
- Reduced Administrative Costs. A network storage management solution which integrates reliable, scalable backup, recovery, HSM and disaster recovery of distributed multi-platform data will save time and money. Products which pre-configure and pre-test all components greatly reduce evaluation time. Plus, using a single, comprehensive solution to replace multiple-platform specific products reduces administrative time on installation and ongoing maintenance.
Backing up Data Over the Internet
To support so many emerging Internet and intranet applications, a network management solution should utilize familiar web-browser interfaces to integrate this functionality across multi-vendor platforms. When using a web-browser as an interface to back up data, it's critical to secure the server at the system and network levels. This involves implementing security procedures that protect the data, as well as passwords and administrator control.
With a fully integrated Java-enabled Web-Browser Interface, a true network storage solution can provide administrators and end users with an intuitive interface for automating storage management across the enterprise. By employing browsers such as Netscape Navigator or Microsoft Internet Explorer, users can back up and restore their own files and validate operations, thus freeing up the system administrator to perform other important tasks.
With a Web Browser Interface, telecommuters and remote offices can be linked to a company's main storage facility to backup data and query status without administrator assistance. Alternatively, systems administrators can download code and establish remote help desks to provide administrative assistance as required.
Future Technology, Applications in the Network Computing Environment
As the industry continues its move to the open, networked computing model, we can expect demand for storage management solutions to escalate further. New technologies such as intranet applications, the network computer, Windows NT 5.0, and server clustering will prevail, placing more demands on information control and protection.
Today many companies create restricted-access servers by using the secure socket layer protocol developed by Netscape. This enables end-to-end encryption between browser and server. New authentication and encryption developments will impose new standards and solutions for data protection and security. Vendors who can deliver self-contained, fully configured hardware and software products with browser interfaces for the automated backup, management and recovery of mission critical data, and respond to the forthcoming security standards, will be able to meet the storage management challenges of these pervasive networked computing environments.
Vicki Vollmar is product marketing manager of IBM's Storage Systems Division Software products and is responsible for IBM's distributed storage management.