Citrix or VPN?

This is a quick thought on the Citrix/VPN comparison question…
plugs
I would use a product such as Citrix in which an end user would use a secured browser session using SSL. VPN clients are still in use for remote encrypted access to the organization, but Citrix-type solutions are becoming more popular: this is because there is not a need to install a VPN client on the remote machine – this can reduce risk of vulnerability due to a mis-configuration of the VPN software on the client end. Besides ssl, digital certificates are also to be used with browser-based access to ensure authenticity of the target site.

In addition to the Citrix-type http/ssh technology, the remote devices would have encryption enabled on storage devices to protect data that is to be stored or transferred. A portable encryption device such as a handheld USB device that encrypts data and communications would be ideal.

If only VPN were to be used, the VPN clients would have split tunneling disabled to prevent any communications other than the encrypted connection to the organization’s intranet. If split tunneling were enabled, vulnerability would manifest, as a second channel would be opened to the outside internet. This would produce an “open hole” to the secure encrypted channel. In addition to the VPN solution, SecID token authentication would bring another layer of security to remote access.

Advertisements

IP as a viable transport for storage networks

netwrokIP is a viable transport method within SAN’s, as this is a great method for attaching additional client nodes to the SAN without the need of purchasing and installing additional (and expensive) HBA’s for the nodes. iSCSI is one of the tools that enables this to happen. With the use of a software iSCSI initiator, the node can view an assigned iSCSI file system on the storage end and attach to it as a local disk.

Another advantage of IP within a storage network is the utilization of the spanning tree protocol within TCP. Spanning tree monitors redundant links and assigns alternative network paths on demand in the event of a port failure. It also prevents any packet stream from accessing more than one path at a time, preventing packet or broadcast flooding in the network. Think of it as a traffic cop. Spanning Tree is valuable for SAN traffic, as it will keep the data going in the event of a link failure. This is known as transparent bridging in the text (p.81). With Fiber Channel, there is usually a second fiber switch that will enable continuity of the connection if the other goes down. It seems to me that IP can provide more links to the target.

Spanning Tree is being replaced presently in a few organizations by the new Flex Link protocol:

“Flex Link is a Layer 2 availability feature that can co-exist with spanning tree. This enhancement allows a convergence time of less than 50 milliseconds. In addition, this convergence time remains consistent regardless of the number of VLANs or MAC addresses configured on switch uplink ports. It is a pair of a Layer 2 interfaces, either switchports or port channels, that are configured to act as a backup to another Layer 2 interface. The feature provides an alternative solution to the spanning tree protocol (STP), and it allows users to turn off STP and still provide basic link redundancy”

Reference:

Cisco. (2009). How to configure a Flex Link for link-level redundancy in Cisco Catalyst switches that run Cisco IOS. Retrieved July 16, 2009 from http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_a_Flex_Link_for_link-level_redundancy_in_Cisco_Catalyst_switches_that_run_Cisco_IOS

The Historical Development of Storage Networks

IBM7094In the 1960’s, computing was in the hands of government and scientific organizations, with a few large business enterprises using rudimentary data processing technology. In these early days of the computing establishment of organizational computing, storage was utilized centrally with the mainframe computers that used it. This was a very secure way of data storage and administration of that data was more streamlined than the way it was about to become with departmentalization, as we will see shortly. In the mainframe era, an application would consume all resources when it was used and site idle when there were no processes assigned. This developed the need for timesharing in which the idle system time was spent on other tasks – a tiered and more efficient approach to data processing, as this improved ROI and production numbers.

As with any organization, it is segmented into numerous departments, such as finance, development and research, technology, marketing, etc: and in the ’70s we saw the departmentalization of data in which each department would store its own data. This developed with the installation of microcomputers within the various departments, in place of the traditional terminal, which would access the back-end mainframe directly. While terminals were (and still are) in use, the microcomputer had started to create the segregated storage architecture with the organization.

Later in time, file sharing began to consolidate data for departments, and that data resided on departmental small or midrange servers. This was the first step in storage consolidation under a storage network. Server farms developed from this approach, but data was still departmentalized and that data still often resided on separate servers, which required more administration. With the advancements in data networking, applications were being developed now that incorporated use of data from numerous locations. Software was now developing to support the wide-area-network, which would transfer data across vast distances, thereby spreading data storage over a wider footprint – making administration of that data more complex.

Client-server computing, already in use as this time within the aforementioned departmentalized computing, was another significant step towards the present storage network; however this still included department data residing on separate hosting servers each with its own DAS – Direct Attached Storage. This method includes separate backup tape drives for each department and administration of it: enhancing administrative overhead.

With the proliferation of globalized data, the need for a centralized data store was once again being realized. This would ease the administration of data storage, backups, and especially streamline disaster recovery planning and execution. The SAN was the answer to an organization’s data storage consolidation and streamlined administration. Failure-tolerant external storage subsystems made it possible to share access to storage devices (Barker & Massiglia, 2002).From the SAN, administrators could backup and restore data quicker because of a less complex and segregated architecture, and applications access databases from a centralized repository.

Reference:
Barker, R., Massiglia, P. (2002). External Storage Subsystems: Software. Storage Area Network Essentials. John Wiley & Sons

iSCSI vrs Fiber Channel

From SearchSMBStorage: Data storage management is a multifaceted process that is always changing. In this tutorial on SMB storage management, learn about iSCSI versus Fibre Channel storage area networks (SANs), managing your data backups, and the biggest SAN storage management trends for the year ahead. Read this article at SearchSMBStorage:
http://searchsmbstorage.techtarget.com/generic/0,295582,sid188_gci1346117,00.html#

DWDM: Dense Wave Divisional Multiplexing

fiberopticDense wave divisional multiplexing is used to split one fiber into numerous channels (lambdas), or networks. This enhances value and utilization of dark fiber by producing multiple channels on this fiber. Within Fiber Channel communications, weather WAN or MAN, DWDM can provide some benefits such as increased performance and capacity, enable the support of numerous interfaces, improve the ROI, usage of a protocol-independent physical interface, and enable the client administrative organization that leases the fiber more control and security (Massiglia & Marcus, 2002). DWDM increases the amount of available channels through this virtual provisioning of channels produced from one dark fiber, giving the client sixteen to 64 ports (Massiglia & Marcus, 2002). Another advantage of DWDM in fiber channel is that DWDM can be configured to operate in a ring, point to point, or multi-drop topology and operate at least 2Gbs up to 10Gbs.

References:
Massiglia, P., Marcus, E. (2002). Enterprise Resiliency. The Resilient Enterprise. P.332, 396. Veritas.

Backup and restore a Brocade 4900 series fiber switch

brocadeCreating a back up of a configuration file
Keep a backup copy of the configuration file in case the configuration
is lost or unintentional changes are made. You should keep
individual backup files for all switches in the fabric. You should
avoid copying configurations from one switch to another.
To back up a configuration file
1. Open the Switch Administration window as described on
page 59.
2. Click the Configure tab.
3. Click the Upload/Download subtab (see Figure 28 on page 102).
4. Click the Config Upload radio button.
5. Choose whether the download source is located on the network
or a USB device.
• If you select the USB radio button, you can specify a firmware
path. The USB radio button is available if the USB is present
on the switch.
• If you selected the network as the configuration file source,
type the host IP, user name, file name, and password.
You can enter the IP address in either IPv4 or IPv6 format.
6. Type the configuration file with a fully qualified path.
7. Select a protocol to use to transfer the file.
8. Click Apply.
You can monitor the progress by looking at the
Upload/Download progress bar.

Restoring a configuration
Restoring a configuration involves overwriting the configuration on
the switch by downloading a previously saved backup configuration
file. Perform this procedure during a planned downtime.
Make sure that the configuration file you are downloading is
compatible with your switch model, because configuration files from
other model switches might cause your switch to fail.
Maintaining configurations 105
Maintaining Configurations and Firmware
To download a configuration to the switch
1. Open the Switch Administration window as described on
page 59.
2. Disable the switch, as described in “Enabling and disabling a
switch” on page 71.
You can download configurations only to a disabled (offline)
switch. You will only be able to disable the switch if you the
Admin Domain you are logged into owns the switch.
3. Click the Configure tab.
4. Click the Upload/Download subtab (see Figure 28 on page 102).
5. Click the Config Download to Switch radio button.
6. Choose whether the download source is located on the network
or a USB device.
• If you select the USB radio button, you can specify a firmware
path. The USB radio button is available if the USB is present
on the switch.
• If you selected the network as the configuration file source,
type the host IP, user name, file name, and password.
You can enter the IP address in either IPv4 or IPv6 format.
7. Type the configuration file with a fully qualified path.
8. Select a protocol to use to transfer the file.
9. Click Apply.
You can monitor the progress by looking at the
Upload/Download progress bar.

Zoning a Brocade DS_4900B fiber switch

brocadeCreating and populating zone aliases
Use the following procedure to create a zone alias.
To create a zone alias
1. Open the Zone Administration window as described on
page 163.
2. Select a format to display zoning members in the Member
Selection List as described in “Selecting a zoning views” on
page 171.
3. Click the Alias tab and click New Alias.
The Create New Alias dialog box displays.
4. On Create New Alias, type a name for the new alias and click
OK.
The new alias is displayed in the Name drop-down list.
5. Expand the Member Selection List to view the nested elements.
The choices available in the Member Selection List depend on
the selection in the View menu.
6. Click elements in the Member Selection List that you want to
include in the alias.
The Add Member button becomes active.
7. Click Add Member to add alias members.
Selected members move to the Alias Members window.
Managing zone aliases 173
Administering Zoning
8. Optional: Repeat steps Step 6 and Step 7 to add more elements to
the alias.
9. Optional: Click Add Other to include a WWN or port that is not
currently a part of the fabric.
10. Click Actions> Save Config Only to save the configuration
Adding and removing members of a zone alias
Use the following procedure to add or remove zone alias members.
To modify the members of an alias
1. Open the Zone Administration window as described on
page 163.
2. Click the Alias tab.
3. Select the alias you want to modify from the Name drop-down
list.
4. Select an element in the Member Selection List that you want to
add to the alias, or select an element in the Alias Members list
that you want to remove.
5. Click Add Member to add the selected alias member, or click
Remove Member to remove the selected alias member.
The alias is modified in the Zone Admin buffer. At this point you
can either save your changes or save and enable your changes.
6. Click Zoning Actions> Save Config Only to save the
configuration changes.
Renaming zone aliases
Use the following procedure to change the name of a zone alias.
To rename a zone alias
1. Open the Zone Administration window as described on
page 163.
2. Click the Alias tab and select the alias you want to rename from
the Name drop-down list.
3. Click Rename.
The Rename an Alias dialog box appears.
4. Type a new alias name and click OK.
The alias is renamed in the Zone Admin buffer. At this point you
can either save your changes or save and enable your changes.
5. Click Zoning Actions> Save Config Only to save the
configuration changes.
Deleting zone aliases
You can remove a zone alias from the Zone Admin buffer. When a
zone alias is deleted, it is no longer a member of the zones of which it
was once a member.
Note: If you delete the only member zone alias, an error message is issued
when you attempt to save the configuration.
To delete a zone alias
1. Open the Zone Administration window as described on
page 163.
2. Click the Alias tab.
3. Select the alias you want to delete from the Name drop-down list.
4. Click Delete.
The Confirm Deleting Alias dialog box displays.
5. Click Yes.
Managing zone aliases 175
Administering Zoning
The selected alias is deleted from the Zone Admin buffer. At this
point you can either save your changes or save and enable your
changes.
6. Click Zoning Actions> Save Config Only to save the
configuration changes.
Creating and populating zones
Use the following procedure to create a zone.
To create a zone
1. Open the Zone Administration window as described on
page 163.
2. Select a format to display zoning members in the Member
Selection List as described in “Selecting a zoning views” on
page 171.
3. Click the Zone tab.
4. Click New Zone.
The Create New Zone dialog box displays.
5. On Create New Zone, enter a name for the new zone, and click
OK.
If you are creating an LSAN zone, the zone name must begin with
“LSAN_”.
The new zone appears in the Name drop-down list.
6. Expand the Member Selection List to view the nested elements.
The choices available in the list depend on the selection made in
the View menu.
7. Select an element in the Member Selection List that you want to
include in your zone. Note that LSAN zones should contain only
port WWN members.
The Add Member button becomes active.
Managing zones 177
Administering Zoning
8. Click Add Member to add the zone member.
The selected member is moved to the Zone Members window.
9. Optional: Repeat Step 7 and Step 8 to add more elements to your
zone.
10. Optional: Click Add Other to include a WWN or port that is not
currently a part of the fabric.
At this point you can either save your changes or save and enable
your changes.
11. Click Zoning Actions> Save Config Only to save the
configuration changes.
Adding and removing members of a zone
Use the following procedure to add or remove zone members.
To modify the members of a zone
1. Open the Zone Administration window as described on
page 163.
2. Click the Zone tab.
3. Select the zone you want to modify from the Name drop-down
list.
The zone members for the selected zone are listed in the Zone
Members list.
4. Highlight an element in the Member Selection List that you want
to include in your zone, or highlight an element in the Zone
Members list that you want to delete.
5. Click Add Member to add a zone member, or click Remove
Member to remove a zone member.
The zone is modified in the Zone Admin buffer. At this point you
can either save your changes or save and enable your changes.
6. Click Zoning Actions> Save Config Only to save the
configuration changes.
Renaming zones Use the following procedure to change the name of a zone.
To rename a zone
1. Open the Zone Administration window as described on
page 163.
2. Click the Zone tab.
3. Select the zone you want to rename from the Name drop-down
list.
4. Click Rename.
5. On Rename a Zone, type a new zone name and click OK.
The zone is renamed in the Zone Admin buffer. At this point you
can either save your changes or save and enable your changes.
6. Click Zoning Actions> Save Config Only to save the
configuration changes.
Copying zones Use the following procedure to copy a zone configuration.
To copy a zone
1. Open the Zone Administration window as described on
page 163.
2. Click the Zone tab.
3. Select the zone you want to delete from the Name drop-down list.
4. Click Copy.
5. On Copy an Existing Zone, enter a name for the copied zone.
6. Click OK.
The selected zone is copied from the Zone Admin buffer.
7. Click Zoning Actions> Save Config Only to save the
configuration changes.
Deleting zones Use the following procedure to delete a zone.
To delete a zone
1. Open the Zone Administration window as described on
page 163.
2. Click the Zone tab.
3. Select the zone you want to delete from the Name drop-down
menu and click Delete.
4. On the Confirmation dialog box, click Yes.
The selected zone is deleted from the Zone Admin buffer. At this
point you can either save your changes or save and enable your
changes.
5. Click Zoning Actions> Save Config Only to save the
configuration changes.