So much of what we discuss in SNIA is the latest emerging technologies in storage. While it’s good to know all about the latest and greatest technologies, it’s also important to understand those technologies being sunsetted. In this SNIA Networking Storage Forum (NSF) webcast series “Storage Technologies & Practices Ripe for Refresh” we cover technologies that are at (or close to) being past their useful life. On June 22, 2021, we’ll host the second installment of this series, Storage Technologies & Practices Ripe for Refresh – Part 2 where we’ll discuss obsolete hardware, protocols, interfaces and other aspects of storage. We’ll offer advice on how to replace these older technologies in production environments as well as why these changes are recommended. We’ll also cover protocols that you should consider removing from your networks, either older versions of protocols where only newer versions should be used, or protocols that have been supplanted by superior options and should be discontinued entirely. Finally, we will look at physical networking interfaces and cabling that are popular today but face an uncertain future as networking speeds grow ever faster. Join us on June 22^nd to learn if there is anything ripe for refresh in your data center.  And if you missed the first webcast in this series, you can view it on demand here.

With ever increasing threat vectors both inside and outside the data center, a compromised customer dataset can quickly result in a torrent of lost business data, eroded trust, significant penalties, and potential lawsuits. Potential vulnerabilities exist at every point when scaling out NVMe® storage, which requires data to be secured every time it leaves a server or the storage media, not just when leaving the data center. NVMe over Fabrics is poised to be the one of the most dominant storage transports of the future and securing and validating the vast amounts of data that will traverse this fabric is not just prudent, but paramount.

Ensuring the security of that data will be the topic of our SNIA Networking Storage Forum (NSF) webcast “Security of Data on NVMe over Fabrics, the Armored Truck Way” on May 12, 2021. Join the webcast to hear industry experts discuss current and future strategies to secure and protect mission critical data.

You will learn:

• Industry trends and regulations around data security
• Potential threats and vulnerabilities
• Existing security mechanisms and best practices
• How to secure NVMe data in flight and at rest
• Ecosystem and market dynamics
• Upcoming standards

For those of you who follow the many educational webcasts that the NSF hosts, you may have noticed that we are discussing the important topic of data security a lot. In fact, there is an entire Storage Networking Security Webcast Series that dives into protecting data at rest, protecting data in flight, encryption, key management, and more. You might find it useful to check out some of the sessions before our May 12^th presentation.

Register today! We hope you will join us on May 12^th. And please bring your questions. Our experts will be ready to answer them.

With ever increasing threat vectors both inside and outside the data center, a compromised customer dataset can quickly result in a torrent of lost business data, eroded trust, significant penalties, and potential lawsuits. Potential vulnerabilities exist at every point when scaling out NVMe® storage, which requires data to be secured every time it leaves a server or the storage media, not just when leaving the data center. NVMe over Fabrics is poised to be the one of the most dominant storage transports of the future and securing and validating the vast amounts of data that will traverse this fabric is not just prudent, but paramount. Ensuring the security of that data will be the topic of our SNIA Networking Storage Forum (NSF) webcast “Security of Data on NVMe over Fabrics, the Armored Truck Way” on May 12, 2021. Join the webcast to hear industry experts discuss current and future strategies to secure and protect mission critical data. You will learn:

• Industry trends and regulations around data security
• Potential threats and vulnerabilities
• Existing security mechanisms and best practices
• How to secure NVMe data in flight and at rest
• Ecosystem and market dynamics
• Upcoming standards

For those of you who follow the many educational webcasts that the NSF hosts, you may have noticed that we are discussing the important topic of data security a lot. In fact, there is an entire Storage Networking Security Webcast Series that dives into protecting data at rest, protecting data in flight, encryption, key management, and more. You might find it useful to check out some of the sessions before our May 12^th presentation. Register today! We hope you will join us on May 12^th. And please bring your questions. Our experts will be ready to answer them.

The SNIA Networking Storage Forum’s “Great Storage Debate” webcast series is back! This time, SNIA experts will be discussing the ongoing evolution of the data center, in particular how storage is allocated and managed. There are three competing visions about how storage should be done: Hyperconverged Infrastructure (HCI), Disaggregated Storage, and Centralized Storage. Join us on May 4, 2021 for our live webcast Great Storage Debate: Hyperconverged vs. Disaggregated vs. Centralized.

IT architects, storage vendors, and industry analysts argue constantly over which is the best approach and even the exact definition of each. Isn’t Hyperconverged constrained? Is Disaggregated designed only for large cloud service providers? Is Centralized storage only for legacy applications?

Tune in to debate these questions and more:  

• What is the difference between centralized, hyperconverged, and disaggregated infrastructure, when it comes to storage?
• Where does the storage controller or storage intelligence live in each?

• How and where can the storage capacity and intelligence be distributed?
• What is the difference between distributing the compute or application and distributing the storage?
• What is the role of a JBOF or EBOF (Just a Bunch of Flash or Ethernet Bunch of Flash) in these storage models?
• What are the implications for data center, cloud, and edge?  

Register today as leading storage minds converge to argue the definitions and merits of where to put the storage and storage intelligence.

For anyone not familiar with the Great Storage Debates it is very important to note that this series isn’t about winners and losers; it’s about providing essential compare and contrast information between similar technologies. We won’t settle any arguments as to which is better – but we will debate the arguments, point out advantages and disadvantages, and make the case for specific use cases.  

To date, the SNIA NSF has hosted several great storage debates, including: File vs. Block vs. Object Storage, Fibre Channel vs. iSCSI, FCoE vs. iSCSI vs. iSER, RoCE vs. iWARP, and Centralized vs. Distributed. You can view them all on our SNIAVideo YouTube Channel.

The SNIA Networking Storage Forum’s “Great Storage Debate” webcast series is back! This time, SNIA experts will be discussing the ongoing evolution of the data center, in particular how storage is allocated and managed. There are three competing visions about how storage should be done: Hyperconverged Infrastructure (HCI), Disaggregated Storage, and Centralized Storage. Join us on May 4, 2021 for our live webcast Great Storage Debate: Hyperconverged vs. Disaggregated vs. Centralized. IT architects, storage vendors, and industry analysts argue constantly over which is the best approach and even the exact definition of each. Isn’t Hyperconverged constrained? Is Disaggregated designed only for large cloud service providers? Is Centralized storage only for legacy applications? Tune in to debate these questions and more:

• What is the difference between centralized, hyperconverged, and disaggregated infrastructure, when it comes to storage?
• Where does the storage controller or storage intelligence live in each?

• How and where can the storage capacity and intelligence be distributed?
• What is the difference between distributing the compute or application and distributing the storage?
• What is the role of a JBOF or EBOF (Just a Bunch of Flash or Ethernet Bunch of Flash) in these storage models?
• What are the implications for data center, cloud, and edge?

Register today as leading storage minds converge to argue the definitions and merits of where to put the storage and storage intelligence. For anyone not familiar with the Great Storage Debates it is very important to note that this series isn’t about winners and losers; it’s about providing essential compare and contrast information between similar technologies. We won’t settle any arguments as to which is better – but we will debate the arguments, point out advantages and disadvantages, and make the case for specific use cases. To date, the SNIA NSF has hosted several great storage debates, including: File vs. Block vs. Object Storage, Fibre Channel vs. iSCSI, FCoE vs. iSCSI vs. iSER, RoCE vs. iWARP, and Centralized vs. Distributed. You can view them all on our SNIAVideo YouTube Channel.

Last month, the SNIA Networking Storage Forum (NSF) took a different perspective on the storage networking technologies we cover by discussing technologies and practices that you may want to reconsider. The webcast was called “Storage Technologies & Practices Ripe for Refresh.”  I encourage you to watch it on-demand.  It was an interesting session where my colleagues Eric Hibbard, John Kim, and Alex McDonald explored security problems, aging network protocols, and NAS protocols. It was quite popular. In fact, we’re planning more in this series, so stay tuned.

The audience asked us some great questions during the live event and as promised, here are our answers: 

Q. How can I tell if my SSH connections are secure?

A. Short of doing a security scan of a server’s SSH port (typically TCP/IP port 22) it can be difficult to know if your connection is secure. In general, the following are recommended: 

1. Use SSH version 2 or later
2. Disable server SSH root logins
3. Authenticate clients to servers by using SSH key pairs (don’t use the same keys on multiple systems)
4. Change the default SSH port
5. Filter connections using TCP wrappers or similar network filtering
6. Set idle timeouts that close SSH connections. If you don’t need SSH on a server, make sure it is disabled.

Q.  How can customers determine if they are using updated security technologies? 

A. Security technologies can be both security features/capabilities as well as elements that address the security posture of a system at any given point in time. From a feature perspective, it is often difficult to change or add them, so it is important to consider requirements for things like encryption, key management, access controls, etc. up front; assume that what you start with is probably all that you will get going forward. Security posture, on the other hand, can be very different. It typically involves configuration changes (e.g., enabling/disabling a security feature), applying patches to operating systems and applications, and updating software to newer versions when security patches are no longer available or are inadequate. Performing regular security scans of systems is also an important element because they will help verify the system is being maintained properly as well as to provide alerts for new problems as the threat landscape changes.

Q. This is not really a question, but rather a comment on NAS protocols, their security is only as good as the authorization on the files. e.g. 777 or everyone type ACLs.    

A. The NFSv4 and SMB3 protocols are as secure as you want to make them. Assigning inappropriate authorization is a user error, not a protocol problem.

Q. Can most modern storage systems and operating systems support NFSv4 and SMBv3?         

A. The majority of NAS systems from most vendors can support NFSv4 and SMB3, and many will allow access to the same files with either protocol. (But see the caveats below.) There’s the open source Samba (see here  for a protocol that’s SMB3 for Linux and Unix), and Microsoft Windows Server supports NFS v2 v3 and v4.1. 

Q. Do obsolete protocols have an impact on multi-protocol (NFS + SMB) access to data? 

A. Yes, in several areas; the two biggies are security and locking. On security, NFS and SMB share in common the same terminology (ACLs or access control lists) to describe the security on objects like files and directories; but the underlying security models are different. See this NFS4 ACL overview for more details. Locking is a complex area, and the general rule is; don’t share files between SMB and NFS unless you’re fully aware of how locking works. Obsolete protocols definitely don’t help here, so best avoided. Even with up-to-date protocol stacks there are lots of other gotchas. If you must share between NFS and SMB, involve the vendor of the system that is providing you with this capability, and adhere to their best practices. 

From a security perspective, multi-protocol access to data is fraught with access control problems because the access privilege models can vary significantly. This can lead to a situation where an escalation of privileges can occur, granting someone access to data that they should not be allowed to access. Adding obsolete protocols to this mix can further expose data because of the granularity of the access privilege model or complete lack of one.

Q: Could we use robust log system and real-time analysis and real-time configuration, in the transport layer?

A: The network transport layer is Layer 4 in the 7-layer OSI model, most commonly using the TCP or UDP protocols. Both packet logging and filtering tools can be used to monitor Layer 4 traffic, and real-time analysis can be done by a packet analyzer, firewall, intrusion detection/prevention system (IDS/IPS). These tools typically allow capture or filtering of packets based on a combination of their source and destination IP addresses, source and destination ports, and the protocol type (TCP/UDP). More sophisticated networking equipment might also track connections and use deep packet inspection to identify applications at OSI layers 5-7 in the network traffic. Doing such analysis can identify the use of obsolete protocols or applications or detect malware or suspicious activity. Real-time configuration could be used to turn off obsolete or unneeded protocols on servers that no longer need them or to block their traffic from using the network.

Last month, the SNIA Networking Storage Forum (NSF) took a different perspective on the storage networking technologies we cover by discussing technologies and practices that you may want to reconsider. The webcast was called “Storage Technologies & Practices Ripe for Refresh.”  I encourage you to watch it on-demand.  It was an interesting session where my colleagues Eric Hibbard, John Kim, and Alex McDonald explored security problems, aging network protocols, and NAS protocols. It was quite popular. In fact, we’re planning more in this series, so stay tuned. The audience asked us some great questions during the live event and as promised, here are our answers: Q. How can I tell if my SSH connections are secure? A. Short of doing a security scan of a server’s SSH port (typically TCP/IP port 22) it can be difficult to know if your connection is secure. In general, the following are recommended:

1. Use SSH version 2 or later
2. Disable server SSH root logins
3. Authenticate clients to servers by using SSH key pairs (don’t use the same keys on multiple systems)
4. Change the default SSH port
5. Filter connections using TCP wrappers or similar network filtering
6. Set idle timeouts that close SSH connections. If you don’t need SSH on a server, make sure it is disabled.

Q.  How can customers determine if they are using updated security technologies?  A. Security technologies can be both security features/capabilities as well as elements that address the security posture of a system at any given point in time. From a feature perspective, it is often difficult to change or add them, so it is important to consider requirements for things like encryption, key management, access controls, etc. up front; assume that what you start with is probably all that you will get going forward. Security posture, on the other hand, can be very different. It typically involves configuration changes (e.g., enabling/disabling a security feature), applying patches to operating systems and applications, and updating software to newer versions when security patches are no longer available or are inadequate. Performing regular security scans of systems is also an important element because they will help verify the system is being maintained properly as well as to provide alerts for new problems as the threat landscape changes. Q. This is not really a question, but rather a comment on NAS protocols, their security is only as good as the authorization on the files. e.g. 777 or everyone type ACLs.     A. The NFSv4 and SMB3 protocols are as secure as you want to make them. Assigning inappropriate authorization is a user error, not a protocol problem. Q. Can most modern storage systems and operating systems support NFSv4 and SMBv3? A. The majority of NAS systems from most vendors can support NFSv4 and SMB3, and many will allow access to the same files with either protocol. (But see the caveats below.) There’s the open source Samba (see here  for a protocol that’s SMB3 for Linux and Unix), and Microsoft Windows Server supports NFS v2 v3 and v4.1. Q. Do obsolete protocols have an impact on multi-protocol (NFS + SMB) access to data?  A. Yes, in several areas; the two biggies are security and locking. On security, NFS and SMB share in common the same terminology (ACLs or access control lists) to describe the security on objects like files and directories; but the underlying security models are different. See this NFS4 ACL overview for more details. Locking is a complex area, and the general rule is; don’t share files between SMB and NFS unless you’re fully aware of how locking works. Obsolete protocols definitely don’t help here, so best avoided. Even with up-to-date protocol stacks there are lots of other gotchas. If you must share between NFS and SMB, involve the vendor of the system that is providing you with this capability, and adhere to their best practices. From a security perspective, multi-protocol access to data is fraught with access control problems because the access privilege models can vary significantly. This can lead to a situation where an escalation of privileges can occur, granting someone access to data that they should not be allowed to access. Adding obsolete protocols to this mix can further expose data because of the granularity of the access privilege model or complete lack of one. Q: Could we use robust log system and real-time analysis and real-time configuration, in the transport layer? A: The network transport layer is Layer 4 in the 7-layer OSI model, most commonly using the TCP or UDP protocols. Both packet logging and filtering tools can be used to monitor Layer 4 traffic, and real-time analysis can be done by a packet analyzer, firewall, intrusion detection/prevention system (IDS/IPS). These tools typically allow capture or filtering of packets based on a combination of their source and destination IP addresses, source and destination ports, and the protocol type (TCP/UDP). More sophisticated networking equipment might also track connections and use deep packet inspection to identify applications at OSI layers 5-7 in the network traffic. Doing such analysis can identify the use of obsolete protocols or applications or detect malware or suspicious activity. Real-time configuration could be used to turn off obsolete or unneeded protocols on servers that no longer need them or to block their traffic from using the network.

When it comes to selecting the right NVMe over Fabrics™ (NVMe-oF™) solution, one should look beyond test results that demonstrate NVMe-oF’s dramatic reduction in latency and consider the other, more important, questions such as “How does the transport really impact application performance?” and “How does the transport holistically fit into my environment?”

To date, the focus has been on specialized fabrics like RDMA (e.g., RoCE) because it provides the lowest possible latency, as well as Fibre Channel because it is generally considered to be the most reliable.  However, with the introduction of NVMe-oF/TCP this conversation must be expanded to also include considerations regarding scale, cost, and operations. That’s why the SNIA Networking Storage Forum (NSF) is hosting a webcast series that will dive into answering these questions beyond the standard answer “it depends.”

The first in this series will be on March 25, 2021 “NVMe-oF: Looking Beyond Performance Hero Numbers” where SNIA experts with deep NVMe and fabric technology expertise will discuss the thought process you can use to determine pros and cons of a fabric for your environment, including:

• Use cases driving fabric choices  
• NVMe transports and their strengths
• Industry dynamics driving adoption
• Considerations for scale, security, and efficiency

Future webcasts will dive deeper and cover operating and managing NVMe-oF, discovery automation, and securing NVMe-oF. I hope you will register today. Our expert panel will be available on March 25^th to answer your questions.

When it comes to selecting the right NVMe over Fabrics™ (NVMe-oF™) solution, one should look beyond test results that demonstrate NVMe-oF’s dramatic reduction in latency and consider the other, more important, questions such as “How does the transport really impact application performance?” and “How does the transport holistically fit into my environment?” To date, the focus has been on specialized fabrics like RDMA (e.g., RoCE) because it provides the lowest possible latency, as well as Fibre Channel because it is generally considered to be the most reliable. However, with the introduction of NVMe-oF/TCP this conversation must be expanded to also include considerations regarding scale, cost, and operations. That’s why the SNIA Networking Storage Forum (NSF) is hosting a webcast series that will dive into answering these questions beyond the standard answer “it depends.” The first in this series will be on March 25, 2021 “NVMe-oF: Looking Beyond Performance Hero Numbers” where SNIA experts with deep NVMe and fabric technology expertise will discuss the thought process you can use to determine pros and cons of a fabric for your environment, including:

• Use cases driving fabric choices
• NVMe transports and their strengths
• Industry dynamics driving adoption
• Considerations for scale, security, and efficiency

Future webcasts will dive deeper and cover operating and managing NVMe-oF, discovery automation, and securing NVMe-oF. I hope you will register today. Our expert panel will be available on March 25^th to answer your questions.

So much of what we discuss within SNIA is the latest emerging technologies in storage. While it’s good to know about what technology is coming, it’s also important to understand the technologies that should be sunsetted.

It’s the topic of our next SNIA Networking Storage Forum (NSF) webcast on February 3, 2021, “Storage Technologies & Practices Ripe for Refresh.”  In this webcast, you’ll learn about storage technologies and practices in your data center that are ready for refresh or possibly retirement. Find out why some long-standing technologies and practices should be re-evaluated. We’ll discuss:

• Obsolete hardware, protocols, interfaces and other aspects of storage
• Why certain technologies are no longer in general use
• Technologies on their way out and why
• Drivers for change
• Justifications for obsoleting proven technologies
• Trade-offs risks: new faster/better vs. proven/working tech

Register today and bring your questions for our panel of experts.