请输入商品名称:
联系我们 公司简介
    屏风卡位高隔断系列
  办公屏风卡位      
  办公室高隔断      
    前台办公家具系列
  前台      
    班台办公家具系列
  实木大班台      
  洽谈台      
  职员办公台      
  主管办公班台      
  培训台及课桌      
    会议台办公家具系列
  板式办公会议台      
  实木会议台      
    办公椅系列
  大班椅      
  职员办公椅      
  会议椅      
  吧椅      
  培训椅,餐椅及排椅      
    沙发办公家具系列
  皮质办公沙发      
  钢制沙发      
    文件柜系列
  实木文件柜      
  板式办公文件柜      
  钢制文件柜      
    高档网椅系列
  高级网椅      
    茶几茶水柜系列
  茶几      
  茶水柜      

深圳市南山区西丽镇大磡村深鹏工业区3栋
0755-86330609
13925235929

szhwd2012@163.com
客服:

首页>整案例

HP StorageWorks sets the bar for iSCSI SAN server security

Our testing of iSCSI SAN servers show they all handle basic functions as advertised. But we had to dig deeper into other enterprise features offered — such as security, high availability, and expandability -- to find bigger differentiations between the products.

We looked for the same level of security management and secure design in iSCSI storage systems as we would for any other critical network component. But we were sorely disappointed.

Don't Miss!Download the latest Network World Executive Guide - Executive Guide: Data Center Decisions

Something as simple as having a strict separation between management and data planes would be basic to these products, we thought, but less than half of the products tested – D-Link's DSN-3200-10, HP's StorageWorks 2012i, NetApp's FAS2050, NexSan's SATABeast and StoneSly's Storage Concentrator – have the ability to completely separate data and management.

How about encrypted management traffic? Most products supported that, although with some, enabling SSL was optional while with others it was very difficult to enable at all. Kano's NetCOR 7500 and Nexsan's SATABeast simply don't support SSL. The SATABeast was even more frightening: it runs, by default, without any username or password required for management.

And in another security faux pas, we found many products listening on Telnet ports that couldn't be disabled.

Our general conclusion is that the storage industry somehow thinks that because its products are sitting inside the corporate firewall that they're safe. They should rethink that point very carefully.

We did run into a few occasional security high points, though, such as delegated levels of system management offered in the Compellent StorageCenter and the NetApp FAS2050. But the only product in our test that easily met basic requirements for control security — a separate control plane, ability to enable/disable management services and encrypted management — was the HP StorageWorks 2012i. Next up was the NetApp FAS2050, which had many of the same features, but made them so difficult to use, that many managing this system would not bother to use them correctly. For example, controlling SSL and Secure Shell access — something HP facilitated with two check boxes within its Network Management GUI screen — takes NetApp 20 pages of documentation to describe.

On the data security side, we — thankfully — had a better experience in spite of the fact that the iSCSI protocol is a particularly dangerous one for most enterprises because of its "discovery" mechanism. This mechanism is a way for an iSCSI initiator to discover all of the virtual disks that an iSCSI target is advertising. Discovery makes it easy for an inattentive administrator to accidentally — or purposefully — attach a server to a virtual disk that they shouldn't, potentially causing data corruption or information leakage. An iSCSI storage system must have a clear security model that makes it easy for the storage administrator to unambiguously apply controls on which systems can connect to which virtual disks.


<< Back


地址:深圳市南山区西丽镇大磡村深鹏工业区3栋
电话:0755-86330609     13925235929
邮箱:szhwd2012@163.com