High Reliability

One of the key features of SAN storage systems is high security. As these systems are connected to local or global networks, their security is of decisive importance.

How the security of data storage systems is defined?

Security refers to all policies and methods preventing unauthorized data access in a data storage system. In a data storage system, assuring a high level of security is very important.

Methods of increasing security in data storage systems

Due to their connection to internet, data storage systems are prone to a variety of security threats. Hence, a variety of security methods are applied in different system abstraction levels. A data storage system can have a suitable security condition when its security mechanisms have four following characteristics:

Countable security
Capability of registering all storage events in a document called 0020.
Confidentiality Service
This service defines the type and level of access to services for each user, including the access control for the data of archives, backups, and cables. To this end, this service performs many tasks such as data encryption, traffic restriction, and hiding send/receive address, frequency, and capacity.
Integrity Service
Defines the rules of data modification and delete.
Availability Service
Provides dependable access of users to data, computer systems, programs, and connections.
Accessibility
Stands for the methods of true access to information and desired services.
Security threats in data storage systems

The following table summarizes the most important security threats of SAN storage systems:

Risks Assets Information, hardware, software, etc.
Breaches Access channels to a resource unintentionally left open
Threats Disasters Earthquakes, floods, fires, terrorist attacks
Technology Viruses, blasters, etc.
Human Hackers, burglars, maladroit users, malicious users
HPDS Corp. approaches for increasing security

HPDS Corporation employs a variety of high-security mechanisms in storage systems design to offer an enterprise class security alongside high performance. The security approaches employed in different design abstraction levels include:

A- Device Level
Disk Level
  • Disk data cryptography at no performance loss using FDE protocol
  • Capability of data recovery with no data loss
  • Implementation of Error Correction Codes (ECCs) at the disk level
  • Implementation of different RAID configurations for highest availability
Hardware Level
  • Employing redundancy in different hardware levels including processor, memory, controller, power supply, and disks.
  • AES cryptography using processor facilities
  • Hardware level ECC
  • High availability by multiple paths between controller and disks.
  • High availability by multiple paths between storage system and Initiators.
  • Capability of Mirroring between two storage systems.
B- Security Parameters

To attain five important features of Availability, Accessibility, Integrity, Confidentiality, and countable service, several approaches are employed as follows:

Availability and Accessibility
  • Access to storage system via User Interface (UI)
  • Access to storage system via Command Line Interface (CLI)
  • Multiple paths from hosts to storage system
  • Multiple paths from controllers to disks
  • Redundancy in all hardware devices including processor, memories, controllers, power supplies, and disks
  • Dependability mechanisms and redundancies in software design including operating system and storage management software
  • Disk Scrubbing for removing Latent Sector Errors (LSEs)
  • Error Correction Codes
  • Spare disks (to be replaced by the failed disk)
Countable service
  • Registering the system events and incidences
  • Storing all storage incidences in different documents
Confidentiality
  • Using secure communications such as iSCSI and FC
  • Controlling data access using IPsec and Zoning approaches
  • Defining access levels using UI and CLI
  • Two level authentication when connecting hosts to storage system
  • Disk data cryptography using FDE protocol
  • AES cryptography using processor facilities
Integrity
  • Disabling 8080 port
  • Using the secure HTTPS protocol
  • Active/Active IO connection between controller and disks
  • Instant Copy capability
  • Remote Instant Copy capability
Contact Info
Unit 11,Eastern Part 1,Fatemi Dead End,Habibzadegan St.,Teymouri Square,Tehran,Iran
+98 (21) 66029164
info@hpds.ir

Support