Wednesday, October 8, 2008

Seeking SAN

I've written in the past about iSCSI. I'm now nearing a position, a convergence of 2 situations that has me searching for a solution. My current iSCSI server, a linux based system with 3ware controllers with the iSCSI Enterprise Target software, is nearing its end of warranty with no extension option available. This system provides storage for file services, as well as space for a SQL database used for email archiving and up until recent, space for vm images. The second part of the play is my corporation's move to virtualization. Utimately the plan is to move all enterprise services currently in-house to a multi ESXi server environment.

Keys to this type of environment are shared storage and strong IO capacity. Shared storage, namely SAN storage allows ESXi to perform all of its neat tricks with its vmfs cluster filesystem, not to mention it is the best tuned selection for VM performance. NFS is also an option, but removes access to a few of ESXi's great features, and carries processing overhead. IO capacity is critical - all the space in the world can be quickly lost to complaints of lag and slowness if that space does not have IO capacity to perform(Exchange/SQL).

So I've began the adventure of looking for a solution. A solution to handle VM images, SQL, Exchange, and file serving; a lot of different IO profiles. Thus far I've looked into following iSCSI solutions: Dell/Equallogic PS5000 series, Netapp S / FAS lines, and Compellant. They each offer their different strengths and less desirable aspects. Before any decision is made, there will be demo units put through the ringer, but I'd also like to hear from anyone out there with experience in this arena. For my size organization this solution will be a reasonable sized invenstment and it needs to be right the first time.

Stumble Upon Toolbar

Thursday, October 2, 2008

Data Security: Encryption with TrueCrypt

The onion analogy is used by security people to describe the many different aspects of a complete technology security program. Application security, network security, operating system security, physical security, people(social) security, etc. A business' technology environment is made up of many components that must each be addressed and analyzed.

The core reasons for comprehensive security can be distilled down to a few items: 1) Availability - keeping business systems running, 2) Integrity - not allowing data to be corrupted/poisoned, 3) Privacy - not allowing data to become public. I'm sure others can chime in other reasons as well, but I use these 3 as my core values with any security considerations. I will however throw in one collateral value that comes from these 3 but is paramount in today's world - corporate image / trust. A company that has lost consumer trust / confidence due to a security breach, even though they have minimized / mitigated any of the 3 core values, will experience severe hardship (and likely legal penalty).

Doom and gloom aside - there is one tool out there that offers some piece of mind for some layers of the technology security onion - TrueCrypt. TrueCrypt is a freely available tool for encrypting data, including entire operating system hard drives. It is a multiplatform tool that runs on OSX, Windows(2000,XP, Vista), Linux and can be ran directly off of removeable media(USB stick, etc). A file / disk encrypted with TrueCrypt can be accessed by any other computer that can run TrueCrypt if the password is known. TrueCrypt can even create 'hidden' encrypted drives that are only detectable by someone who is aware of its existance.

Here are a few common business situations that TrueCrypt can help out with. A lost/stolen laptop who's hard drive has been encrypted with TrueCrypt. A lost / stolen usb drive that has been encrypted. Server(s) stolen from the office / co-location. Securely sending sensative information on a CD/DVDs.

In my office all USB drives are required to be encrypted and catalogued. The next image developed for mobile computers will feature full hard drive encryption as well.

Stumble Upon Toolbar