3.5 Storage Policy Management

An effective storage management operation needs storage policies to control and enforce the use of resources. While SRM provides a view of storage devices and the ability to change specific device features, policy management takes a wider approach across the infrastructure to define, implement, and enforce a set of rules between users, applications, and storage.

This section focuses on the basic elements of storage policy management within the technical storage networking context. Chapter 11, "Managing the Storage Domain," takes a more global view of the corporate oversight of storage resources from an organizational perspective.

First and foremost, storage policies help administrators overcome the unending growth of storage resources within the organization. From the enterprise to departmental to personal storage, such as workstations and laptops, administrators need automated mechanisms to set usage rules and provide service levels required throughout the organization.

Basic storage policies (see Figure 3-8) can be broken into the following groups:

• Security and authentication policies ensure the proper access and manipulation of the data.

• Capacity and quota management policies ensure measured allocation across multiple users.

• Quality of service policies guarantee service levels for both the storage itself and the access to that storage.

3.5.1 Storage Policy Cycle

Storage policies have a continuous cycle with stages, outlined in Figure 3-9. The exact definition of stages may vary slightly among organizations, but the important common characteristic is the ongoing process improvement built into the cycle.

Assessment involves observing usage and performance patterns to determine areas for improvement. One example might be an application whose data set continues to grow exponentially, reducing the amount of available storage for other applications sharing the same storage. The definition stage requires identification of the anomaly's root cause and a method to solve it. Implementation comes through setting a rule or policy within the software infrastructure. Depending on the cause, effect, and desired results, setting a policy may occur in more than one component of storage software. Enforcement takes place when the desired actions are achieved through the rules. Careful monitoring provides data for evaluation of the set policy and the ability to begin the cycle again with any required modifications.

In many ways, an active storage infrastructure with a broad mix of users, applications, and resources is like an evolving ecosystem. Cause-and-effect relationships rarely remain isolated, and administrators must track implemented policies to watch for unintended effects. Appropriate monitoring through the use of SRM tools, will provide adequate notification for administrators to adjust accordingly .

3.5.2 Capacity, Content, and Quota Management

Every organization aims to maximize the use of resources, and SRM along with storage policies help accomplish that goal. Examples of policies in action include capacity, content, and quota management.

Capacity management involves optimization of storage space on a given device, such as a RAID array, or within a volume. In an ideal world, all devices would operate at or close to 100 percent capacity. However, the reality of our dynamic computing environments dictates otherwise . Unpredictable spikes in storage demand coupled with the need to have extra real-time capacity available means that 100 percent utilization can actually be counterproductive.

The optimal utilization percentage depends on device and storage cost, application needs, and costs of adding more physical capacity. For example, for a high-end RAID array with relatively expensive storage, the optimal utilization might be around 90 percent with 10 percent reserved for unanticipated peak demand. Less expensive storage might be set with utilization peaks of 60 percent, leaving administrators plenty of leeway for surges in capacity needs before new storage devices become necessary.

On the content side, visibility to the types of data and files can help dramatically reduce storage needs. By examining and categorizing content sources, power consumers in the form of applications or individuals can be identified and contained. For example, the rapid proliferation of MP3 music files might indicate improper use of corporate storage resources. Excessive numbers of large files (image, CAD design) with similar names and underlying data structures could be the result of saving inordinate copies, which might be satisfied with a less expensive storage mechanism, such as tape archiving.

Quota management, after identifying storage content by source and data type, allows administrators to pinpoint and curtail unnecessary consumption. This may apply to corporate users from engineering to administration, or to key applications. Of course, quota management requires a set of rules and guidelines that fit with organizational priorities in concert with IT priorities. A cap on engineering storage capacity that impacts development schedules might require adding to new storage purchase budgets . On the other hand, capping resources for email storage might compel individuals to be more conscious about their consumption without impacting productivity.

3.5.3 Security and Authentication

Security for storage (also see Chapter 9, Section 9.5, "Security for Storage Networking") begins by identifying threats and then implementing solutions to address them. Some of these threats and solutions are outlined in Table 3-1.

Table 3-1. Storage Security Threats and Solutions

Enforcement of these storage security solutions occur throughout the storage management chain, depending on the software in place. While the implementation of these solutions can vary, the objectives remain the same. For example, authentication can be set within the file system, identifying access at the user level, or this function can take place within lower layers of the infrastructure, such as the network fabric. Storage security therefore requires a multifaceted approach across the entire data management chain, from user access, to device access, to device management.

The most basic form of storage security is the physical isolation of the storage environment. Fibre Channel-based storage networks provide some physical security because the technology is separate from more common corporate IP networking. In the early days of Fibre Channel, storage administrators viewed this physical isolation as a feature ”the rest of their networking colleagues were unable to understand and meddle with their setups. More common availability of Fibre Channel equipment no longer guarantees such independence.

LUN masking determines which disk drives (or logical unit numbers) are seen by servers. LUN masking can be enforced by HBAs, switches, or storage array controllers. Modification of LUN masking requires password-protected access to the configuration utility. Zoning by port or WWN via SAN switches is one form of LUN masking.

The use of IP networking technologies for storage also delivers a set of well-defined security mechanisms. Virtual LANs (VLANs) and access control lists (ACLs), common in mainstream IP networking, can be used to segment and isolate traffic between end points or network areas of an IP storage network. Existing IPSec functions, such as authentication and data encryption, which are defined in IETF specifications, can be used with IP storage networking. For example, virtual private network equipment can be used between two IP storage switches or gateways to deliver encrypted IP storage traffic between two SANs.

3.5.4 Storage Encryption

While encryption has long been used as a security mechanism for IP networks, that capability has been largely absent from conventional SANs, partly based on the historical lack of support for Fibre Channel encryption. Recent product introductions now make possible Fibre Channel encryption along with the associated management tools required to administer encryption keys.

While security tools such as zoning, ACLs, and authentication address storage access security, they do not address the security of the data payload. In order for the payload to be protected, it must be encrypted with a key that locks (and unlocks) the original data structures. Encryption keys for 3DES (one of the most secure forms of encryption) are made up of 168 bits.

Encryption can be implemented in software and located within Fibre Channel equipment or specialized encryption hardware. Current implementations typically use hardware-based encryption to guarantee high throughput rates. A number of configurations can be deployed to guarantee data security at the payload level. Even if an unauthorized user were to access the data, it would be useless without the key. The basic configurations are shown in Figure 3-10. In addition to these solutions, users can encrypt data at the file-system level before entrusting it to the storage subsystem.

In a fabric attached deployment, storage encryption takes place within the storage network, allowing multiple storage devices to be protected. All storage that resides behind the encryption device requires key authentication for data access. Simpler configurations such as subsystem attached encryption allow data to be moved to third-party service providers or offsite vaulting with security guarantees. Data that ended up in the wrong hands while being moved offsite would still be protected. A gateway or tunnel implementation allows data to be encrypted at the payload level while traversing MANs or WANs. Application-attached encryption restricts the protection to those applications requiring the highest level of security.

Of course, in any implementation, key management determines the accessibility and recoverability of encrypted data. IT professionals considering payload-level encryption will need to keep keys in multiple secure locations, including legal offices and other venues that guarantee protected access. Loss of a key results in permanent data loss.

3.5.5 Quality of Service for Storage and Storage Area Networks

Quality of service applies to end-storage devices as well as the storage transport, and both must be considered for end-to-end service guarantees. For end-storage devices, quality of service refers to the availability of the storage media ”for example, the RAID level. Mission-critical applications require storage devices that have RAID levels set for maximum availability combined with remote mirroring for business continuity in the event of a disaster. Less critical storage may operate sufficiently with RAID levels that provide less availability in favor of increased performance and use tape archiving as a backup mechanism. This provides cost savings with more usable storage per RAID device, forgoing the remote mirror for recovery by using tape.

Storage professionals should assign storage quality of service requirements to individual applications. These service levels can be implemented through storage management software to create an enterprisewide policy. The exercise alone of matching applications to storage service levels will create a useful framework for balancing availability and cost factors. Carried through to the purchasing decisions of new storage devices, this type of framework clearly demarcates the need for high-end, midrange , or entry-level storage devices.

Quality of service also applies to the storage transport, or the storage network. In this case, the interconnect between storage end systems must be adequately provisioned for mission-critical applications. This can apply to allocated bandwidth, multipath availability, or even balancing the long-distance transport across multiple carriers .

Figure 3-11 shows an example of bandwidth prioritization through the use of VLANs and traffic prioritization. Here, the backup of an online transaction processing (OLTP) database needs priority over a less critical backup of corporate files. No matter when the database backup begins, it will be granted the appropriate bandwidth to complete its backup operation within a designated time window.

3.5.6 Storage Paths

Storage network administrators may also choose to guarantee dual, redundant paths for specific application to storage connections. This practice is often referred to as path management. New software packages with this feature use storage network topology information to create a map of available connections between servers, fabric switches, and storage devices. Criteria such as dual, redundant paths or 2Gb/s Fibre Channel links can be specified in order to meet availability and performance needs.

Attention to storage paths ensures that applications not only have the appropriate data capacity, but also the appropriate service-level transport for data access.

3.5.7 Departmental Segmentation and Accounting

Storage policy management translates to several organizational policies to help assign storage costs. For example, departments can be easily segmented to provide accounting charges based on storage use. Storage administrators can assign storage in terms of both capacity and quality of service, offering options to individual departments and their specific requirements.

Software automation carries this one step further by allowing dynamic changes with minimal manual reconfiguration. For example, capacity can be automatically added on the fly for specific users. Billing systems can then track allocation and keep department heads aware of their capacity usage and expected internal expenses. This focuses attention on storage capacity requirements of the departments through clear, bottom-line financial metrics, eliminating gray areas of infrastructure requirements and allocation.