Storage Tip: Access storage arrays remotely, securely

December 3, 2007, 11:19 AM —  Mesabi Group — 

What seems to be the problem? Storage arrays have long had the capability to
communicate information of the array from the physical site where the arrays
are located to a remote location. The first instantiation of this was the "call
home" capability where an array could be accessed over a telephone line
by a third party -- typically an employee of the storage vendor that provided
the array. Now, of course, messages can be sent over the Internet or through
wireless capabilities, such as to a cell phone or a Blackberry. Is it safe to
do?

What you need to know: The ability of a storage array to communicate remotely
has evolved over the years. The first reason was to monitor the health of the
array. If a disk failed, a storage vendor would know it immediately and could
dispatch a repair person to replace the failed disk. This reduced the time of
exposure to a possible second disk failure before a single parity RAID group
could be rebuilt. The ability to communicate health information evolved into
the ability to send information over an Ethernet connection, such as an e-mail
message.

While the ability to use different communication channels has evolved, so has
the ability to gather different types of information. Configuration information
is one type, but so is capacity utilization information as well as information
on the behavior of applications, such as a backup application.

This information is not only for monitoring purposes (i.e. read-only information),
but also control-oriented purposes (i.e. write actions to change things). So,
if an unauthorized user can read information, it is a breach of confidentiality,
but if an unauthorized person can make unauthorized changes, it could create
serious problems.

Therefore, while having the ability to act remotely may be highly desirable,
it must be done safely.

What you can do about it: There are a number of choices that will enable you
to have remote management capabilities, and make sure that you have the necessary
security. Among the options that you can consider include:

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Featured Sponsor

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Marketplace