Brian.Rubarts@born.com: RE: Storage over Ethernet/IP

To: ips@ece.cmu.edu
Subject: Brian.Rubarts@born.com: RE: Storage over Ethernet/IP
From: Dave Nagle <bassoon@yogi.ece.cmu.edu>
Date: Fri, 26 May 2000 12:51:35 -0400

------- Forwarded Message

Date:    Fri, 26 May 2000 10:14:03 -0500
From:    Brian.Rubarts@born.com
To:      moore@cs.utk.edu
cc:      ietf@ietf.org
Subject: RE: Storage over Ethernet/IP 

>> Encryption will be offloaded to the network interface.  ASICs on the NICs
>> will greatly improve encryption and authentication performance.

>all well and good, provided that this encryption and authentication
>are actually compatible with that specified by higher level protocols
>and the authentication actually meets the needs of users.  
>(if your network interface needs to use and verify users' credentials,
>as opposed to the host's credentials, it might be a stretch.)

A network server will still authenticate user requests.  Only the host
needs to be authenticated with the disk/disks.

>> It won't run over the Internet because of latencies inherent on the 
>> public network.

>at least for some storage applications, latency is not as important
>as bandwidth.  e.g. you can do backups over a high-latency medium
>as long as your bandwidth is adequate (though recovery from write 
>errors gets a bit tricky).

Backups could go through VPNs, I suppose.  Good point.  That would free your

WAN of the backup jobs.  I wasn't thinking of backups when I ruled out
the Internet as a disk I/O medium.  I suppose infrequently used and low
priority files could also be accessed over the 'net.

>> It will run over incredibly fast Packet over SONET Wide Area
>> Networks--behind firewalls.

>...it's 
>inappropriate to assume that it will always be used behind firewalls...

If the larger network that is employing this technology doesn't hire a
decent
consultant, you might be right.  If they do, it will ALWAYS be behind a
firewall :-)

>Firewalls don't help with the majority of security threats...

True, but whether the server accesses the disks via SCSI over TCP or SCSI
over 
Fibre Channel, the SERVER is still the weak link.  The transport protocol
doesn't
create any inherent weaknesses of the type you are refering to--e-mail borne
viruses, 
internal hackers, etc.  The server would still be the attack point.  Why
goodness, 
the server and storage devices could be in a VLAN or something to deny
direct hack 
attempts against the storage device, but the chink in the armor is how
hardened is
your OS?

Brian

------- End of Forwarded Message

Prev by Date: Keith Moore: Re: Storage over Ethernet/IP
Next by Date: Brian.Rubarts@born.com: RE: Storage over Ethernet/IP
Prev by thread: Brian.Rubarts@born.com: RE: Storage over Ethernet/IP
Next by thread: Brian.Rubarts@born.com: RE: Storage over Ethernet/IP
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:08:15 2001
6315 messages in chronological order