S 2.359 Monitoring and administration of storage systems
Initiation responsibility: IT Security Officer, Head of IT
Implementation responsibility: Administrator
In order to be able to detect and eliminate error situations and security problems quickly, it is necessary to monitor the actual operation of the storage systems. When monitoring a server, only the server itself must be monitored, but when a storage system is used, both the server and the storage system must be monitored.
In order to make evaluation of data from various sources possible, synchronisation of the time and date should be enforced on all devices using an NTP server.
A storage system itself may also consist of numerous components. The data providing the status of the hardware in the storage system, the load placed on the storage system, and the transportation path must be monitored.
This data can only be analysed automatically and efficiently using programs. A large amount of data must be collected and evaluated for this purpose. Important messages can be filtered out using message filters, allowing them to be quickly recognised.
The following components must be monitored in this context:
- the applications processing the data in a storage system data or serving auxiliary functions. This includes the backup software as well as anti-virus software.
- the user data processed by the applications and then transported from the server to storage systems using the storage network.
- the network hardware required to transport the data.
- the storage hardware (disk systems, tape drives) required to store the data.
- the network. In a NAS system, the TCP/IP network must be monitored; and in a SAN, the internal storage network as well as the local network used for control and administration purposes must be monitored.
In addition to monitoring the resources, the administration of individual components and of the overall system should be possible from a central location. Systems that can be used to operate and control storage systems are often referred to as storage management systems.
NAS Management
It is often particularly easy to monitor pure NAS systems. Even when the system is apparently "maintenance-free", it is necessary to establish technical and/or organisational monitoring measures. If possible, the NAS system should be integrated in a simple network management system so that it can at least be checked whether the NAS system is available and currently has enough storage capacity.
SAN Management
When monitoring SAN systems, the in-band management and the out-band management schemes are available for use.
In-band management takes place on the interfaces and networks used to transport data between the SAN devices. The configuration and monitoring capabilities are often more extensive and more comfortable for in-band management, since the software it is based on is close to the product, and manufacturers try to implement software features that set them apart from the competition.
Out-band management uses additional interfaces, usually TCP/IP network connections. SNMP is widely used as the protocol for obtaining information. Out-band management also offers the usual standards and makes it easier to combine products from different manufacturers.
Since the less secure SNMP Version 1 is still often used as the protocol for out-band management, a separate management LAN should be operated (see S 2.357 Setting up an administration network for storage systems).
When the availability demands are higher, a combination of products should be selected. If both in-band as well as out-band management and monitoring are used, the additional network connection will facilitate and accelerate the monitoring and diagnosis of problems.
Central control
In large-scale installations, and especially for SANs with components installed at different locations, there should be one central location to which all information important to the operation of the system will be sent. It is advisable to use programs that display the events clearly in a graphic.
Management systems represent the interface to a complex system. They can only be used efficiently by personnel with adequate training.
Review questions:
- Is an NTP server used in order to ensure uniform date and time on all devices?
- Are the user data, the network hardware, the storage hardware, and the applications processing data of the storage system monitored?
- Is it possible to monitor and administer the storage system from a central location?
- NAS system: Has the system been integrated into network management in order to guarantee that the storage capacity is monitored?