Best Current Practices and Implementing the FC Security Protocol(FC-SP)

Author(s)/Presenter(s):
Library Content Type:
Publish Date: 
Monday, April 16, 2007
Event Name: 
Focus Areas:
Abstract: 

The variety of environments in which Fibre Channel fabrics are deployedmakes it difficult to rely on physical security. Different users may accessstorage subsystems over Fabrics that may span several sites. Securityservices are extremely important to prevent misconfigurations or access todata by non-authorized entities.

A new standard, the Fibre Channel Security Protocol (FC-SP) can improvefabric security, reduce the total cost of ownership (FCO) and improveavailability. These benefits are the result of simplified management andmitigated threats, both accidental and malicious.

This mostly technical tutorial identifies the best current practices forstorage security and shows how they are supported by FC-SP and identifiessome choices that vendors may make that are outside the standard. We developan in-depth understanding of the new security architecture for FibreChannel. Then, we identify key steps to help you implement the FC-SPframework. Within this framework, a Fibre Channel device can verify theidentity of another Fibre Channel device. A device may also use a sharedsecret and a key exchange protocol to establish security associationsapplied to Fibre Channel frames and information units. This framework alsoallows for the distribution of fabric-enforced policies within a FibreChannel fabric. Some of these features are quickly becoming available from avendor near you.

Learning Objectives

Understand underpinning concepts and best practices supported by FC technology, including device to device (hosts, disk, switches) authentication, data origin authentication, integrity, anti-replay protection, confidentiality, the role of IKEv2 protocol for Fibre Channel entities authentication and/or setup of security associations, and security policy distribution.
Manage and establish secrets and security associations.
Prepare to implement FC-SP functionality, including planning decisions, implementation process and changes in storage administrator practices