S 2.362 Selection of a suitable storage system

Initiation responsibility: IT Security Officer, Top Management

Implementation responsibility: Head of IT, IT Security Officer

In order to make a sound decision on which storage technology is appropriate for the particular application, the technical foundations of the NAS and SAN technologies must be illustrated in detail, and their effects on use in the organisation must be checked. The basis for the decision must be documented as well.

Network Attached Storage

NAS systems are special servers that provide storage space in the form of a ready-to-use file system. Windows (SMB/CIFS) or Unix (NFS) file systems are usually offered for selection in this case. NAS systems are very easy to integrate into an existing network infrastructure. They can be connected to the network of the organisation like clients or servers. Accordingly, NAS systems are often designed as "appliances". They are delivered ready-to-operate and can be put into operation after entering just a few basic settings, for example the network settings. The base software of a NAS system is usually a minimal version of a standard operating system (often Unix or Linux, possibly Windows as well) which has been optimised for this type of application.

NAS - Network Attached Storage
Figure: NAS - Network Attached Storage

At the same time, the simple connection to the network is a disadvantage of NAS since Network Attached Storage systems are connected to the servers and/or clients via Ethernet technology. The underlying TCP/IP protocols have a relatively low throughput and a relatively high protocol overhead. They are not generally designed for quick access to mass storage systems. The use of NAS systems can result in a high load on the LAN. In many application cases, though, it has been found that in real operations, a Gigabit Ethernet connection is fast enough, and bottlenecks in the LAN are in fact not detected when the LAN architecture is designed appropriately.

Due to the use of standard networks and standard protocols, NAS systems have the same weaknesses that also affect Unix or Windows servers.

Standard NAS solutions are less suitable for use as storage systems for applications that are not file-based. These types of applications include all large databases and, for example, the Microsoft Exchange Server as well. If such an application will be operated on a NAS system, then it must be determined if there are products already available on the market which have been optimised specifically for the operation of the product in the corresponding application scenario.

A NAS system can often replace a series of servers. Although the hardware costs alone are usually much higher than the cost of adding more and/or larger hard disks to each server, a NAS system can provide a significant improvement in availability. A major advantage is the frequently available ability to fulfil capacity requirements for running operations without disruptions just by configuring the device or expanding the hardware accordingly. Improvements in data backups can also be made. When equipped with directly connected data backup devices (tape drives, "jukeboxes" for archiving), the backing up of data resources distributed over a server landscape that has grown over time can be simplified, accelerated and stabilised.

One disadvantage of simple NAS systems is that a failure often has more extensive consequences than the failure of a single server, and that a failure cannot be compensated for by a replacement system quickly made available in the organisation.

Storage Area Networks

SANs consist of disk subsystems, data backup systems, and their own network infrastructure. Disk subsystems internally combine a set of hard disks. They can be combined in two different ways, either in a common housing and with a common power supply (JBOD = Just a Bunch of Disks) or using a special switching device, referred to as a RAID controller, that combine the physical hard disks to form virtual hard disks using RAID technology (RAID = Redundant Array of Independent Disks). In addition, there are also intelligent RAID controllers available that can provide additional services.

By combining several physical hard disks into virtual units, also referred to as "storage virtualisation through RAID", clever combination of physical hard disks can increase the reliability and/or performance of the overall system. To the outside, the RAID controller only shows the combined hard disk (virtual hard disk or "logical volume") and distributes the data the controller writes to such a hard disk between the individual physical hard disks.

This functionality can also be implemented in a server with the help of a special application, the Volume Manager, in which case the load placed on the server increases.

There are various systems used to regulate the distribution of data that are referred to as RAID levels. If the RAID level supports redundant storage of information, then the information stored is still intact and can be reconstructed even if one of the hard disks fails. Individual hard disks in the disk subsystem can often be exchanged during live operation ("hot swap").

Disk subsystems offer the ability to redundantly design all subcomponents and therefore can be used to increase the availability. Another advantage is that the storage space assigned to an application can be adapted to its storage requirements through appropriate configuration mechanisms.

A disk subsystem only makes storage available for the applications. The data still needs to be backed up even when the data is stored redundantly since, for example, logical defects in the data cannot be corrected by redundant storage in the storage system. Systems that can be used for backing up data include tape drives and optical media, but also special hard disk systems. These devices are also integrated directly into the storage network.

SANs use their own separate network hardware and their own fast network protocols suited to the particular application. Fibre optic cables are usually used (system name: Fibre Channel, FC). A simple storage area network consists of a fibre channel switch or director (larger switches equipped with more functionality are often referred to as directors), one or more disk subsystems and the servers connected to the fibre channel switch using host bus adapters (HBAs).

Fibre channel networks use a special protocol designed to meet the requirements of mass storage usage that permits high transfer rates and is therefore very suitable for use in storage systems. It is also possible to use iSCSI devices. iSCSI "packages" storage protocols, i.e. the control commands for the mass storage system and the corresponding data, in IP packets. iSCSI is used to allow servers to access the storage network using iSCSI host bus adapters over a virtual end-to-end-connection without having to operate a separate storage network. Existing network components (LAN switches) can still be used; no new network technology or network hardware differing from the existing network technology needs to be used to establish connections between servers and storage devices. The term SAN is used in the following for both technologies. If differentiation between the two types is necessary, then "Fibre Channel SAN" or FC-SAN, or correspondingly iSCSI-SAN or IP-SAN, is used to refer to the respective type.

A great advantage of SANs is their disaster tolerance. The concept of multi-pathing, which is applied consistently in a SAN, plays an important role in this regard: If it is possible for a server to reach a disk subsystem over more than one host bus adapter and over different network connections, then the data transfer can be distributed between both systems using multiple data paths. Through the use of multiple host bus adapters in the servers and the availability of virtual hard disks on multiple interfaces of a disk subsystem, the possible transfer rates and availability of the storage system can be effectively increased. If two or more host bus adapters are used in a server, then the load is transferred to the remaining HBAs when one of the adapters fails. This "failover", which proceeds unnoticed by the operating system and applications, therefore improves the availability of the server. Correspondingly, redundancy of all subcomponents in a SAN can be used to attain a very high level of reliability. Safeguard S 2.354 Use of a high availability SAN configuration describes this subject in more detail.

For example, in a small storage area network there are two identical disk subsystems located at two separate sites located as far away from each other as possible on the company grounds, whereby each of these disk subsystems is connected to one of two switches installed at separate locations. To ensure the availability of a redundant connection to the SAN, the servers are equipped with at least two host bus adapters so that each host bus adapter is connected to one of the two SAN switches.

SAN - Storage Area Network
Figure: SAN - Storage Area Network

This means that an individual line, switch, or even disk subsystem can fail without adversely affecting the performance of the overall system.

When designing a SAN, it is easy to create redundancies so that failure of individual components such as communication lines, switches, or even of a disk subsystem will not adversely affect the performance of the overall system.

When the highest possible requirements are placed on the availability, these requirements can be met by extending the design to include two or more technically independent computer centres that are physically located far away from each other (up to 100 km) by creating redundant SANs in all components. In extreme cases, the failure of an entire computer centre can be compensated for without disrupting operations and without a loss of capacity for the users.

Additional redundancy can be achieved using "cluster" servers that distribute a single logical machine among two or more physical servers. In this case, the application is installed on two or more servers. These servers work with the same application data. If one of the servers suffers from a malfunction, the second server automatically takes over for the server that has failed.

The positive features of a SAN solution come in conjunction with a higher price and more complexity. The same amount of storage is many times more expensive when implemented by a SAN than when implemented as Direct Attached Storage.

In addition, the planning and construction of a SAN is so complex that it is highly recommended that the organisation obtains external support.

Summary

In short, NAS systems are storage systems with file-based access, SAN systems are storage systems with block-based access. A SAN is thus more "deeply" integrated and offers all technical capabilities currently available for storing data. NAS is an extension of the organisation's server landscape.

Combined devices

Nowadays, storage systems representing a combination of NAS and SAN are also available. The internal construction of such a system fulfils all criteria of a SAN. To the outside, though, they are operated just like a NAS system. By adding equipment and configuring it accordingly, such storage systems can also be used in mixed operation. For example, a single device may present itself to some applications over an Ethernet connection as a "filer", meaning as an intelligent network node providing file services, but which may serve other servers as "pure storage" via Fibre Channel or iSCSI.

Review questions:

© Federal Office for Information Security. All rights reserved.