December 03, 2007, 11:19 AM — What seems to be the problem? Storage arrays have long had the capability to
communicate information of the array from the physical site where the arrays
are located to a remote location. The first instantiation of this was the "call
home" capability where an array could be accessed over a telephone line
by a third party -- typically an employee of the storage vendor that provided
the array. Now, of course, messages can be sent over the Internet or through
wireless capabilities, such as to a cell phone or a Blackberry. Is it safe to
do?
What you need to know: The ability of a storage array to communicate remotely
has evolved over the years. The first reason was to monitor the health of the
array. If a disk failed, a storage vendor would know it immediately and could
dispatch a repair person to replace the failed disk. This reduced the time of
exposure to a possible second disk failure before a single parity RAID group
could be rebuilt. The ability to communicate health information evolved into
the ability to send information over an Ethernet connection, such as an e-mail
message.
While the ability to use different communication channels has evolved, so has
the ability to gather different types of information. Configuration information
is one type, but so is capacity utilization information as well as information
on the behavior of applications, such as a backup application.
This information is not only for monitoring purposes (i.e. read-only information),
but also control-oriented purposes (i.e. write actions to change things). So,
if an unauthorized user can read information, it is a breach of confidentiality,
but if an unauthorized person can make unauthorized changes, it could create
serious problems.
Therefore, while having the ability to act remotely may be highly desirable,
it must be done safely.
What you can do about it: There are a number of choices that will enable you
to have remote management capabilities, and make sure that you have the necessary
security. Among the options that you can consider include:
* If possible, don't provide always on service (24x7) if the service can
be restricted to certain times, on a scheduled basis, or an on request basis.
(That may not be possible for read-only monitoring, but may be possible in some
cases where write actions need to be performed.)
* Encrypt in transit communications to prevent interception of confidential
information by an unauthorized third party.
* Make sure that information is available only to those on a need-to-know
basis so that only people who really must be authorized are authorized.
* Make sure that the proper access controls are in place so that only authorized
users can access the information.
* Make sure that all write actions are logged in an auditable fashion.
Your business can benefit from remote management, but take the necessary actions,
such as those above, to ensure security.
