HPDS | Security

One of the key features of SAN storage systems is high security. As these systems are connected to local or global networks, their security is of decisive importance.

Security refers to all policies and methods preventing unauthorized data access in a data storage system. In a data storage system, assuring a high level of security is very important.

Due to their connection to internet, data storage systems are prone to a variety of security threats. Hence, a variety of security methods are applied in different system abstraction levels. A data storage system can have a suitable security condition when its security mechanisms have four following characteristics:

Capability of registering all storage events in a document called 0020.

This service defines the type and level of access to services for each user, including the access control for the data of archives, backups, and cables. To this end, this service performs many tasks such as data encryption, traffic restriction, and hiding send/receive address, frequency, and capacity.

Defines the rules of data modification and delete.

Provides dependable access of users to data, computer systems, programs, and connections.

Stands for the methods of true access to information and desired services.

The following table summarizes the most important security threats of SAN storage systems:

Risks	Assets	Information, hardware, software, etc.
	Breaches	Access channels to a resource unintentionally left open
	Threats	Disasters	Earthquakes, floods, fires, terrorist attacks
		Technology	Viruses, blasters, etc.
		Human	Hackers, burglars, maladroit users, malicious users

HPDS Corporation employs a variety of high-security mechanisms in storage systems design to offer an enterprise class security alongside high performance. The security approaches employed in different design abstraction levels include:

Disk data cryptography at no performance loss using FDE protocol
Capability of data recovery with no data loss
Implementation of Error Correction Codes (ECCs) at the disk level
Implementation of different RAID configurations for highest availability

Employing redundancy in different hardware levels including processor, memory, controller, power supply, and disks.
AES cryptography using processor facilities
Hardware level ECC
High availability by multiple paths between controller and disks.
High availability by multiple paths between storage system and Initiators.
Capability of Mirroring between two storage systems.

To attain five important features of Availability, Accessibility, Integrity, Confidentiality, and countable service, several approaches are employed as follows:

Access to storage system via User Interface (UI)
Access to storage system via Command Line Interface (CLI)
Multiple paths from hosts to storage system
Multiple paths from controllers to disks
Redundancy in all hardware devices including processor, memories, controllers, power supplies, and disks
Dependability mechanisms and redundancies in software design including operating system and storage management software
Disk Scrubbing for removing Latent Sector Errors (LSEs)
Error Correction Codes
Spare disks (to be replaced by the failed disk)

Registering the system events and incidences
Storing all storage incidences in different documents

Using secure communications such as iSCSI and FC
Controlling data access using IPsec and Zoning approaches
Defining access levels using UI and CLI
Two level authentication when connecting hosts to storage system
Disk data cryptography using FDE protocol
AES cryptography using processor facilities

Disabling 8080 port
Using the secure HTTPS protocol
Active/Active IO connection between controller and disks
Instant Copy capability
Remote Instant Copy capability

Specifications

High Reliability

Support