On the whole, we are storing more data than ever before and the numbers continue to increase. From a security perspective, this becomes extremely important because a lot of this data is being transferred across the network. When we talk about storage that’s across the network, we tend to use two terms almost interchangeably, but these two terms are actually very different.
One is Network Attached Storage, or NAS. The NAS storage is storage that is outside of our device. We’re connecting to across the network, but we access the data on that storage at a file level. If we need to change just part of a file, then we have to overwrite the entire file on that storage device. And likewise, if we need just a little bit of data out of a file, we have to retrieve the entire file from that device to be able to work with it.
Another common term you’ll hear for this remote storage device is a SAN, or a Storage Area Network. It is indeed a storage device that is located across the network. But under the surface, it works very differently. A SAN works on something called block-level access. This is very similar to how our local hard drives and storage devices work on our local computers, where if we need to change part of a file, we simply change the individual bytes within that file that we need to change and we leave the rest of the file untouched. Works exactly the same with a SAN, except we’re performing that communication across the network. And as it sounds, it’s much more efficient for reading and writing, because you’re only changing or you’re only reading the information that you need at that particular time.
One very common thing for both of these technologies is that they use a lot of bandwidth. You’re storing information across the network and every time you want to send a file or receive a file, you’re going to be using a lot of bandwidth on that network. It’s very common to engineer these types of networks so that they are on their own isolated network that has no effect on any of the other network traffic in your organization. And it’s not unusual to see very, very high speeds dedicated to this Storage Area Network or the network-attached storage.
The need for such high rates of speed across these storage networks has really driven the creation of a specialized topology called Fibre Channel. This Fibre Channel technology connects directly from a server with a Fibre Channel port to the storage, which is on a, also of course, a Fibre Channel port. And these are very high rates of speed. You can run from two gigabits per second all the way up to the modern versions of 16 gigabits per second over that Fibre Channel link.
Although the initial implementations of Fibre Channel ran over fiber optic technology, today’s modern version of Fibre Channel will run over both fiber and copper cables. Just as ethernet has switches that support the communication across the ethernet topology, Fibre Channel also has Fibre Channel switches that everybody connects to. So if you have a server that needs to connect to Fibre Channel storage, then you will need a Fibre Channel port somewhere on that server.
Often very high end servers will have a Fibre Channel interface already built into the motherboard. But you could, of course, add an adapter card to provide that interface as well. Servers are often referred to as initiators, and the storage devices themselves are referred to as the targets on a Fibre Channel topology. The communication between the initiator and the target is often over very well known technologies like SCSI, serial attached SCSI, or using SATA commands.
On a Fibre Channel storage network, you would ideally connect directly to the Fibre Channel switch. But if you do have devices that are outside the network or still need access to the Fibre Channel storage but don’t have a Fibre Channel interface, you can run Fibre Channel over Ethernet, or FCOE. This communicates and sends Fibre Channel messages over an ethernet network and it doesn’t require your workstation or your server to have a specialized Fibre Channel interface. This is usually something that is integrating to an existing Fibre Channel infrastructure. So there is usually an ethernet connection coming out of your fiber channel switches that provides this link between the Fibre Channel world and the ethernet world.
Fibre Channel over Ethernet is a non-routable protocol that’s using the ethernet frames as communication. So it’s something that you commonly see within a single subnet or a single local area. You don’t often run this type of technology over larger distances where all of that traffic would be routed.
Of course, there’s a solution for sending Fibre Channel information over these routable IP networks, and that’s called Fibre Channel over IP, or FCIP. Fibre Channel over IP is taking all the Fibre Channel information and encapsulating it within the TCP/IP packets themselves. This is sometimes referred to as Fibre Channel tunneling, because we’re putting all the Fibre Channel information and tunneling it through that IP network.
This allows us to have devices that are very geographically dispersed across multiple locations and multiple data centers, but still able to send information and use the storage network on the Fibre Channel infrastructure.
Another popular technology for connecting you to your data across the network is called iSCSI. iSCSI stands for internet small computer systems interface. If you’ve ever worked with SCSI drives on a local computer, this is a way to extend that technology across the network through a routed set of protocols. It’s a standard that was created by IBM and Cisco. And it’s one that, instead of being proprietary, is very open. There’s an RFC standard for iSCSI.
Just like Storage Area Networks and Fibre Channel, iSCSI allows you to use the storage across the network, but make that storage look like it is on your local computer. That block-level storage means you have very efficient reads and writes to that storage. And because it’s SCSI, it’s something that is very well known in the industry. SCSI’s been around for a very long time. And the commands used to access SCSI devices are ones that the developers are very comfortable with. Drivers are available for iSCSI across many different operating systems, and it’s quite easy to implement because you don’t need any proprietary hardware or software to make iSCSI work.
Category: CompTIA Security+ SY0-401