[svlug] iscsi

Karen Shaeffer shaeffer at got.net
Tue Jun 12 00:22:44 PDT 2001


On Mon, Jun 11, 2001 at 11:33:43AM -0700, Dagmar d'Surreal wrote:
> > 
> > Well, I went to the SAN conference last week. iscsi will emerge in the next
> > few months. That's really cool technology.
> > 
> > The thinking at SAN was that when 10GBE arrives, then iscsi will enjoy
> > global adoption. 1GBE iscsi will be available in the fall. many cards and
> > products are ready to go--they are apparently just waiting on the IETF to
> > bless the standard...
> 
> Just promise me you'll never argue with your security department about why
> the firewalls don't belong on the SAN.

Well, iscsi really isn't directly dependent on any SAN infrastructure, but most
SAN companies will be extending their systems to incorporate it.

Your comment is a good one though. iscsi is in fact a really big security
risk. Most vendors I talked with seem to be leaving security to the existing
authentication technologies already in place. I think this is really short
sighted myself. The iscsi standard will include IPsec, but deployment will
be optional. Intel and IBM both suggested most folks won't enable IPsec. Go
figure....

By the way, Fiber Channel is not noted for it's security features. iscsi will
in fact be potentially much more secure--because IPsec will be in the spec.

c,
-- 
 Karen Shaeffer
 Neuralscape; Santa Cruz, Ca. 95060
 shaeffer at neuralscape.com  http://www.neuralscape.com




More information about the svlug mailing list