AnsweredAssumed Answered

Secure Environment within Shared SAN

Question asked by Rahul Bhat on Aug 7, 2014
Latest reply on Aug 14, 2014 by Rahul Bhat

Hi Colleagues,

I would like to understand if someone has been able to create a secure environment for a particular client which has access to shared SAN where we might have multiple customers but specific resources like cache,ports, raid-groups specially assigned for the secure environment. But at the same time, any other non-secure server/admin/application is not able to modify any of the secure client environment. Zoning/Mapping is already a standard but seems that is not enough

 

I guess the “main” scenario we have in mind is a root administrator doing (accidentally or intentionally)

  • WWN spoofing (e.g. via virtual WWN’s)
  • a “denial of service” attack (e.g. overloading the DWDM by simple “dd”)
  • a direct login on the switches/storage boxes

Also we might have situation where we have in a shared environment a CMD device without protection due to VMware Site Recovery Manager configuration , which requires unrestricted access to cmd. This means anyone who has this device can manage the entire array causing a security loop hole.

 

I think we have to look at multiple layer of security not only on Storage but also on Server infrastructure and switch/dwdm level. But currently I am thinking , is there a way to build something like this purely on SAN level access security.  .

 

Any ideas would be welcome !!

 

Regards

Rahul Bhat

Outcomes