S 2.351 Planning the use of storage systems

Initiation responsibility: Top Management, IT Security Officer

Implementation responsibility: IT Security Officer, Head of IT

The basic decision as to which type of storage system is appropriate for the organisation must be determined by a requirements analysis. It must first be determined which applications should be supported by the storage system and which existing hardware should be provided with support or replaced by a storage system.

The main parameters are the availability, performance, and capacity requirements. For normal availability requirements, the level of complexity that the organisation can bear must also be examined. The introduction of SAN systems means the introduction of a new base technology. Accordingly, corresponding time and expense for planning and implementing this technology must be calculated.

NAS systems are specifically designed for simple integration in established IT environments and for file-based access. Their use should then be planned when files and file-based applications will be consolidated on higher quality storage systems that are still easy to administer.

If storage space on servers is to be replaced by a central storage system in the short term, but higher availability requirements are expected in the long term, the use of a combination of SAN and NAS storage systems may also be considered. Such storage systems can be operated in the initial configuration stage as (very high-quality) NAS systems. They can then be expanded to form SAN systems for additional servers or, if necessary, to form redundant storage networks by installing additional internal components.

If the protection requirements determination determines that there are high or even very high availability requirements now or in the foreseeable future for one of the systems examined, which results in the need for redundant data storage at different locations, SAN technology should be used (the storage system should support SAN protocols). This is the only technology permitting the design of completely redundant and high-availability storage systems.

Selecting the hardware

The main criteria when selecting the storage system include:

When planning storage systems and storage networks, it must be determined which business processes and applications in the organisation will use the storage system immediately and in the future and which requirements in terms of the increase of the storage space needed, the performance, and the reliability result from these processes and applications. When projecting these figures, always make sure to include a very large margin of error in the estimation. Experience has shown that even estimations of the future storage capacity requirements with large margins of error are quickly exceeded by the actual requirements.

When planning storage systems, the necessary data backups must also be included in planning, since the estimate of the storage space requirements also determines the design of the data backup devices. It must be ensured in this case that even after expanding the storage system with the data backup devices connected sufficient data backup times, and backup restoration times can be achieved which meet the availability requirements of the corresponding organisational units.

Requirements of the applications

Storage systems are usually used to store the data from a number of servers, and therefore from numerous applications. This applies in particular to SAN systems. The requirements for the storage system in terms of availability, integrity, and confidentiality are defined by the application needing the highest level of protection.

When designing the internal technology of a SAN, the availability requirements the organisation places on the SAN should be examined to determine if a disaster tolerant design (S 2.354 Use of a highly available SAN configuration) should at least be considered in the planning phase.

If the organisation operates applications placing particularly high requirements on the confidentiality of the data, the planning must take into account the fact that the data must be protected by encryption during transmission to the SAN and to the storage media. A special security analysis must be performed for this purpose.

Selecting products / manufacturers / suppliers

The use of products from different generations or from different manufacturers generally increases the complexity of the overall system and may lead to problems under some circumstances. It may be advisable to strive for a homogeneous system. When selecting the contractual partners, keep in mind that problems arising during installation, testing, and operation may be generally eliminated faster and more effectively when only one supplier is involved.

On the other hand, a strong dependency on certain manufacturers or suppliers may also cause problems. Usually, economic aspects also play an important role when selecting products. All these factors should be taken into account when planning the purchase of new equipment. Another issue to consider is that manufacturers usually only guarantee the correct function of their solutions for certain combinations of hardware and software and only provide support for these combinations. It is therefore advisable to check the certifications of products in terms of their usage environment and for binding statements from the manufacturer in terms of the compatibility and interoperability of the products.

The use of a common management application for simple central monitoring and administration of resources simplifies the administration of storage systems. The use of a central administration system for efficient management of the storage available is unavoidable particularly for large-scale storage systems. The use of proprietary administration mechanisms with the various products has made it difficult nowadays to implement a central management system in heterogeneous storage environments. The approval of the SMI-S (Storage Management Initiative Specification) standards by the SNIA (Storage Network Industry Association) now enables manufacturers to design the connections of their products to central administration systems much more easily.

Planning the network connection

The SAN components are usually networked internally using a separate Fibre Channel network. Even if iSCSI is used internally, a separate network should be created for reasons of operational reliability.

If it is necessary to connect the NAS systems or SAN components (storage devices, SAN switches, etc.) to a LAN for administration and monitoring purposes, this LAN should be operated as a separate administration network. This also helps to meet the following protection goals:

Infrastructure

Before purchasing and installing a SAN, a variety of planning tasks must be performed.

The components of a SAN must be planned for installation in a server room or computer centre with access protection. Recommendations for the infrastructural security of server rooms can be found in module S 2.4 Server room, and the requirements for computer centres in module S 2.9 Computer centre.

In addition to the general requirement for installation in a protected location, the air conditioning system and power supply available at the selected location should be examined to see if they meet the technical requirements and are appropriate for the planned availability of the storage system. The stationing of the individual components of the SAN system must be planned carefully. For example, you should carefully check where backup devices requiring regular or occasional manual intervention (e.g. to remove or switch tape cassettes) can be best placed to suit their purpose while considering all security requirements.

Likewise, for distributed SAN configurations you must check if all devices can be supplied permanently with power. It may be necessary to install a SAN switch in a normal distribution room to connect servers stationed outside the room. This room as well as the servers must then be connected to the power supply via a UPS and an emergency power system.

Processes

The storage system is to be integrated into all IT control processes as a central IT component. The monitoring and escalation procedures in the existing operation procedures in particular are to be adapted for use in NAS or SAN operations. Services provided by the manufacturer for monitoring and operational reliability are to be integrated into the organisation's own procedures. In so doing, the specifications in the security policies and the execution regulations of the organisation must be followed.

Personnel

It must be determined how many employees are needed for the operation of the storage system and what qualifications they must possess. If there are not enough trained employees available, the necessary training measures must be initiated in due time.

Review questions:

© Federal Office for Information Security. All rights reserved.