Fibre channel seems to be losing its popularity and more people are turning to iSCSI as the block storage protocol of choice. If you don’t already have an FC fabric then why introduce that into your design now. So when choosing to use iSCSI for storage connectivity or any other storage protocol then you’ll have to take security into consideration when performing an implementation.
Security is a pillar of infrastructure design qualities in which every system should be properly designed from its inception. Depending on the data or system you’re trying to protect then the protection mechanism should be proportion to the criticality or importance to the organization. To secure your SAN you should:
- Assess configurations
- Test secure mechanism effectiveness
- Identify holes
- Quantify risks
- Implement practical security solutions for high risk exposures
The EMC article titled “Building Secure SANs” has a nice table illustrating the different security categories and the mechanism to protect it. I’ll just should the IP SAN section:
|Security Category||IP SAN Mechanisms||VMware Supported|
|Availability||QoS||Yes, also SIOC and NIOC|
Security should be used in a multi prong approach with protection at multiple levels. By enforcing good security standards and principles you can have a network that can help in mitigating your risks to vulnerabilities in your iSCSI storage.
- Building Secure SANs: https://www.emc.com/collateral/hardware/technical-documentation/h8082-building-secure-sans-tb.pdf
- VMware Documentation: Protecting an iSCSI SAN: https://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vcli.examples.doc/cli_manage_iscsi_storage.7.3.html
- VMware Best Practices for Running VMware vSphere on iSCSI: http://www.vmware.com/files/pdf/iSCSI_design_deploy.pdf