How Some Vendors Are Tackling SAN Security

Brocade Communications Systems Inc.'s Secure Fabric OS uses "trusted" switches to manage the configuration and security parameters of all other switches in the fabric. The Secure Fabric OS allows customers to do the following:

  • Restrict management rights to IP addresses, device ports or World Wide Names.
  • Bind specific World Wide Names to specific ports to prevent spoofing.
  • Restrict fabric connections to a specific set of switches.
  • Encrypt some management communications.

Secure Fabric OS is available only through OEMs, at an estimated cost upward of $2,000 to 3,000 per switch.

FalconStor Software Inc.'s IPStor is a dedicated storage server sitting between a switch on a storage network and other storage switches or storage devices. IPStor uses public-key infrastructure technology to authenticate managers, users and storage devices such as host-based adapters. Estimated cost: $20,000 to $100,000.

Cisco Systems Inc. plans to ship next year a software upgrade to its recently announced MDS 9000 storage switches that will use the Fibre Channel security protocol to create "trusted" switches that must authenticate themselves before sharing data with other switches. The MDS 9000s will also allow the creation of virtual SANs, which are hardware-based isolated environments within a SAN.

Cisco also plans support for Version 3 of the Simple Network Management Protocol (SNMP), which supports authentication and encryption and will allow administrators to use SNMP to create rules governing who can manage what on a SAN. The switches are expected to ship in the fourth quarter, with prices starting at $29,995.

Mississauga, Ontario-based Kasten Chase Applied Research Inc. last month announced its Assurency Secure Networked Storage platform (see story). The agent-based software, available later this year, will provide authentication and encryption for networked storage devices. Pricing hasn't been determined.

Start-up appliance vendor Decru Inc. has focused its first product on encrypting data on storage arrays. The Redwood City, Calif.-based company recently announced its DataFort security appliances, which are wire-speed encryption devices for both storage-area networks and network-attached storage.

Scheier is a freelance writer in Boylston, Mass. He can be reached at

Copyright © 2002 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon