Network and Storage Protocols

NETAPP Security Solutions

BHARATHYP
3,128 Views

I am looking at some netapp security features before I consider on getting one.

These are the security concerns that i need to verify

  1.      Support director/switch based soft security zoning(director/switch + HBA/WWN) or switch based vlan segregation, IPSec, CHAP protocol (i know netapp has IPSec and CHAP, but what about vlan segregation?)
  2.      Support disk controller based LUN masking at storage sub-system level (LUN + HBA/WWN) or iSCSI Qualified Name (IQN). ( I am guessing there is iQN)
  3.      Support storage (hardware level) encryption ( this is yes)
  4.      In-band storage configurations and management within SAN, preferred
  5.      Unique key for every chassis or unique master key for a group of chassis

    

Please provide a simple yes or no and a link to support will be helpful... to backup my argument tks.

1 ACCEPTED SOLUTION

aborzenkov
3,128 Views

1. Not sure what do you mean. All these features are external to storage as far as I can say.

2. Yes

3. There is at rest encryption. (information on hard disks is encrypted)

4. No in band FCP management, you need IP. It can share interfaces with NFS/iSCSI/CIFS though.

5. Not sure what do you mean. Of course you have unique serial number and some other unique identification. You also have unique SSH keys/SSL certificates. Could you give usage example?

View solution in original post

2 REPLIES 2

aborzenkov
3,129 Views

1. Not sure what do you mean. All these features are external to storage as far as I can say.

2. Yes

3. There is at rest encryption. (information on hard disks is encrypted)

4. No in band FCP management, you need IP. It can share interfaces with NFS/iSCSI/CIFS though.

5. Not sure what do you mean. Of course you have unique serial number and some other unique identification. You also have unique SSH keys/SSL certificates. Could you give usage example?

BHARATHYP
3,128 Views

Point 5 is talking about physical Chasis itself nothing to do with ssh.. Sorry for misleading

Public