Howard Marks

Network Computing Blogger


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Encrypt SAN Data At The Host? Emulex Says Yes

Whether it's fear of losing valuable or embarrassing data or just playing it safe, the security folks in your organization are probably encouraging you to encrypt as much of your data as possible both in flight and at rest.  Emulex's newest encrypting Fibre Channel HBAs (Host Bus Adapters) adds another arrow to storage admin's quiver for encrypting your data and tracking the all important keys.

A few years ago the college I worked at  received a directive from the state CIO strongly encouraging the use of full disk encryption on all servers.  We took a look at the available options and decided that we'd encrypt our tape data. The data at rest on server drives in a secure data center was at much bigger risk from network hacking than from someone breaking into the data center and stealing the disk drives. If someone stole the drives, they would also have to steal the keys that are stored on the servers to access the data.

Encrypting your data at rest has the added benefit of eliminating the risk of data breaches at disposal time.  If the data on a disk or array is encrypted, and the keys are stored separately, you can return failed drives to Seagate, or EMC, or even get a small percentage of your investment in that CX-500 or DL380 back by selling it on eBay complete with disk drives.  

Without encryption you're limited to more time consuming options like degaussing, shredding or my personal favorite melting into a pool of liquid metal with thermite.  The problem with all these methods is you have to keep track of "retired" drives and their ultimate disposition.  In a big company there's always the risk of some junior IT guy selling drives on eBay he listed as destroyed.

In the past I've been somewhat more skeptical of the need to encrypt SAN traffic in flight.  In general encrypting data in flight is a protection against snooping attacks where someone intercepts the data stream and reads it. When Fibre Channel SANs were contained in the data center the proverbial attacker would need to be in my data center to get access to the data.  Since an un-trusted person in the data center is by itself a problem I wasn't worried about that un-trusted person plugging into the SAN.


Page:  1 | 2  | Next Page »


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

WAN Security Reports

Research and Reports

Network Computing: April 2013



TechWeb Careers