Meta trend: As networked storage (such as SAN and NAS) matures by 2004/05, larger and more sophisticated implementations will drive the need for storage applications to become application and DBMS aware, which will expose immature storage-related security procedures. Through 2004, the value proposition and price emphasis will shift from hardware components to software and services, further separating and forming a storage operations discipline independent of DBMS, systems, and application network management.

[an error occurred while processing this directive]

No homeowner would consider leaving valuables in plain sight, even with a deadbolt on the front door. Although no security mechanism is foolproof for either homes or computer systems, the most effective schemes involve layers of security, coordinated to make each layer a progressive new challenge that will deter all but the most professional attackers while improving the odds of detection. Only about 25 percent of enterprise storage is currently connected to a Fibre Channel (FC) switched fabric, but we believe 70 percent of it will be fabric attached by 2007/08. Whereas most existing SAN deployments are "islands" and of limited breadth, the rate of FC SAN deployments will increase through 2005/06, supporting fully mainstream applications. Although server, firewall, and back-end storage security methods (for example, logical unit number [LUN] masking and Kerberos) are well-understood sciences, FC fabric security products and standards are only beginning to emerge.

In mid-2001, the Storage Networking Industry Association (SNIA) loudly announced FC switch interoperability standards as supported by major vendors (such as Brocade and McData). However, these standards did not include security, leaving each vendor to develop its own device-specific solutions (Brocade's Secure Fabric OS and McData's SANtegrity Security Suite, for example).

Although such solutions are valuable to an IT organization (ITO), vendors have no incentive to share them with competitors. Indeed, interoperability barriers are to the vendor's advantage, because they inhibit the ITO's ability to switch brands and drive down prices. Moreover, we believe these barriers will remain a significant obstacle to heterogeneous FC fabric deployments through 2005/06. The major benefactors will be the market share leaders (such as Brocade and McData) that can effectively keep challenging vendors (Inrange, QLogic, Vixel, and Gadzoox, for example) at bay, because the challengers will not be able to meet the minimum technological requirements to participate in the ITO's fabric.

On the surface, these FC fabric interoperability problems would seem to help accelerate iSCSI fabric adoption. Although it is true that IP security standards are well established and will likely transfer to IP storage networks, iSCSI itself will remain immature through 2004/05 and achieve only limited adoption, primarily for long-haul data replication. Between now and then, FC fabrics will become firmly entrenched in the data center. Because FC and IP security methods, standards, and tools are entirely different, it will be inadvisable to intermix the two technologies in the same fabric. Through 2006/07, we believe this will provide yet another barrier to iSCSI adoption in the data center.

1 2	| Next page

Newsletters
	Tech Update Today eBusiness Update	Tech Update Weekly		All newsletters FAQ Manage my newsletters

[an error occurred while processing this directive]

[an error occurred while processing this directive]