Securing Internet Protocol (IP) Storage: A Case Study

Storage networking technology has enjoyed strong growth in recent years, but security concerns and threats facing networked data have grown equally fast. Today, there are many potential threats that are targeted at storage networks, including data modification, destruction and theft, DoS attacks, malware, hardware theft and unauthorized access, among others. In order for a Storage Area Network (SAN) to be secure, each of these threats must be individually addressed. In this paper, we present a comparative study by implementing different security methods in IP Storage network.Comment: 10 Pages, IJNGN Journa

Performance Implications For the Use of Virtual Machines Versus Shielded Virtual Machines in High-Availability Virtualized Infrastructures

Use of virtualization in datacenter or service providers or even in cloud computing environments brings many benefits. Virtualization, whether it is for services, applications or servers, is no longer a trend to be a reality in many industries and areas, whether in or outside the technology area. Therefore, with this emergent use of virtualization companies have been asking a lot about the performance and security of using virtual machines in a highly availability infrastructures. Controlling the access to Virtual Machines is a security issues that all the hypervisors haves, such as, VMware vSphere, Hyper-V or KVM. To make virtual machines more secure Microsoft has introduced the concept of Shielded virtual machines. Taking this into account, this dissertation presents a study on key concepts behind virtual machines, Guarded Fabric, Host Guardian Service, Guarded Hosts and shielded virtual machines. A Shielded VM is a Generation 2 feature (supported on Windows Server 2012 and later) that comes with a virtual Trusted Platform Module (TPM), which can only run on healthy and approved hosts in the fabric and is encrypted using BitLocker. In order to support our study an experimental bed test has been setup, involving a failover cluster with native virtualization at the hardware level with Windows Server 2016 Hyper-V. In the test environment, a failover clustering, FreeNAS Storage, ISCSI Target, VMs, Guarded Fabric and Shielded virtual machines have been implemented and configured. After the implementation of the bed test, a set of tests and experiments haves been made in order to study the performance implications for the use of virtual machines versus shielded virtual machine in High Availability Virtualized Infrastructures. Finally, an analysis at the results worked through the tests has been made, according to the Background made in the first part and the bed test deployed. A set of experiments has been made in virtual machines and shielded virtual machines in order to evaluate its performance in terms of CPU, RAM and writing speed. The results show that the use of shielded virtual machines leads to a small degradation of performance compared to the use of regular virtual machines, but, on the other hand, it has also been shown that the shielded virtual machines allows to restrict access to the virtual machines only for run on trusted hosts, and prevent unauthorized administrators and malwares from compromising the virtual machine.O uso da virtualização em centro de dados ou provedores de serviços ou mesmo em ambientes de computação em nuvem traz muitos benefícios. A virtualização, seja para serviços, aplicações ou servidores, não é mais uma tendência a ser uma realidade em muitos setores e áreas, seja dentro ou fora da área de tecnologia. Portanto, com esse uso emergente de virtualização, as empresas têm vindo a questionar muito sobre o desempenho e a segurança do uso de máquinas virtuais em infraestruturas de alta disponibilidade. Controlar o acesso às máquinas virtuais é um problema de segurança que todos os hypervisors possuem, como VmWare vSphere, Hyper-V ou KVM. Para tornar as máquinas virtuais mais seguras, a Microsoft introduziu as máquinas virtuais blindadas. Neste sentido, esta dissertação apresenta um estudo sobre conceitos-chave por trás de máquinas virtuais, Guarded Fabric, Host Guardian Service, Guarded Hosts e máquinas virtuais Blindadas. Uma Máquina Virtual Blindada é um recurso da Geração 2 (com suporte no Windows Server 2012 e posterior) que vem com um Trusted Platform Module (TPM) virtual, e que apenas pode ser executada em hospedeiros protegidos e aprovados na fabric e é criptografada usando o BitLocker. Para dar suporte ao nosso estudo foi configurado um ambiente de teste experimental, envolvendo um failover cluster com virtualização nativa ao nível de hardware com o Windows Server 2016 Hyper-V. No ambiente de teste, foi implementado e configurado um failover cluster, FreeNAS Storage, iSCSI Target, Máquinas Virtuais, Guarded Fabric e Máquinas Virtuais Blindadas. Após a implementação do ambiente de teste, um conjunto de testes e experiências foram realizados para estudar as implicações dos desempenhos das máquinas virtuais versus máquinas virtuais Blindadas em Infraestruturas Virtualizadas de Alta Disponibilidade. Por fim, fizemos a análise nos resultados trabalhados através dos testes, de acordo com os conceitos definidos no segundo capítulo da dissertação e com o ambiente de teste implementado. Um conjunto de experiencias foram realizadas em máquinas virtuais regulares e máquinas virtuais blindadas para avaliar o desempenho em termos de CPU, RAM e velocidade de escrita no disco. Os resultados mostram que o uso de máquinas virtuais blindadas conduz a uma pequena degradação do desempenho em comparação com o uso de máquinas virtuais regulares, mas, por outro lado, também se verificou que as máquinas virtuais blindadas permitem restringir o acesso às máquinas virtuais apenas para correrem em hosts confiáveis, além de impedirem que administradores não autorizados e malwares comprometam a máquina virtual

Hyperscsi : Design and development of a new protocol for storage networking

Ph.DDOCTOR OF PHILOSOPH

Storage Area Networks

This tutorial compares Storage area Network (SAN) technology with previous storage management solutions with particular attention to promised benefits of scalability, interoperability, and high-speed LAN-free backups. The paper provides an overview of what SANs are, why invest in them, and how SANs can be managed. The paper also discusses a primary management concern, the interoperability of vendor-specific SAN solutions. Bluefin, a storage management interface and interoperability solution is also explained. The paper concludes with discussion of SAN-related trends and implications for practice and research

Study of TCP Issues over Wireless and Implementation of iSCSI over Wireless for Storage Area Networks

The Transmission Control Protocol (TCP) has proved to be proficient in classical wired networks, presenting an ability to acclimatize to modern, high-speed networks and present new scenarios for which it was not formerly designed. Wireless access to the Internet requires that information reliability be reserved while data is transmitted over the radio channel. Automatic repeat request (ARQ) schemes and TCP techniques are often used for error-control at the link layer and at the transport layer, respectively. TCP/IP is becoming a communication standard [1]. Initially it was designed to present reliable transmission over IP protocol operating principally in wired networks. Wireless networks are becoming more ubiquitous and we have witnessed an exceptional growth in heterogeneous networks. This report considers the problem of supporting TCP, the Internet data transport protocol, over a lossy wireless link whose features vary over time. Experimental results from a wireless test bed in a research laboratory are reported

BAG : Managing GPU as buffer cache in operating systems

This paper presents the design, implementation and evaluation of BAG, a system that manages GPU as the buffer cache in operating systems. Unlike previous uses of GPUs, which have focused on the computational capabilities of GPUs, BAG is designed to explore a new dimension in managing GPUs in heterogeneous systems where the GPU memory is an exploitable but always ignored resource. With the carefully designed data structures and algorithms, such as concurrent hashtable, log-structured data store for the management of GPU memory, and highly-parallel GPU kernels for garbage collection, BAG achieves good performance under various workloads. In addition, leveraging the existing abstraction of the operating system not only makes the implementation of BAG non-intrusive, but also facilitates the system deployment

Fiber Channel Vs. Internet Scsi On Storage Area Networks For Disaster Recovery Operations

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2006Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2006Bu tez çalışmasında iSCSI tabanlı veri depolama ağlarının performansının iyileştirilmesi için iSCSI ve TCP katmalarının birbiriyle etkileşimi incelenmektedir. Bu inceleme neticesinde en uygun iSCSI ve TCP parametre değerleri belirlenmeye çalışılmıştır. Uygun parametre değerleri kullanılarak optimize edilmiş bir iSCSI veri depolama çözümünün Fiber Kanal tabanlı veri depolama çözümlerine alternatif olabileceği gösterilmeye çalışılmıştır.This thesis examines the interactions between the iSCSI and TCP layer in order to improve the performance of iSCSI-based storage system. As a result of this study, the most proper iSCSI and TCP parameter values were supposed to be determined. By using these proper parameter values, it was tried to be shown that an optimized iSCSI-based storage solution with suitable parameters can be an alternative to FC-based storage solutions.Yüksek LisansM.Sc

Performance analysis of an iSCSI block device in virtualized environment

Virtualization is new to telecom but it has been already implemented in IT sectors. Thus its benefits are already proven, which drags other sectors attention towards it. Now the telecom organizations are also focusing on virtualization to reap the full benefits of it. The main focus of this thesis is to conduct a performance analysis of a block storage device in a virtualization environment. Storage performance plays vital role in telecom sector. The performance and the reliability of the storage device is more important factor to fulfill the client request with minimum latency. This thesis is comprised of three main areas. The first literature part is to study the different storage networking possibilities and the different storage protocol practice to establish communication between server and the storage in the storage area network. The study indicated that Internet Small Computer System Interface (iSCSI) has more advantages than other practices in the storage area network. The second part covers the design of storage area network (SAN) solution. The storage is offered by an iSCSI storage server. It offers a block level storage device access to the compute server. Different iSCSI targets are available in market, performance of those were compared. Linux-IO Target was concluded as better iSCSI target with better performance and reliability. The Storage server was implemented as a virtual machine for better resource utilization, thus there was a study about the hypervisor and the different networking options for the virtual machines were compared. The final part is to optimize the SAN solution. Multipathing, different caching options and different driver options provided by the kernel virtual machine (KVM)/ Quick emulators (QEMU) were considered for optimization

準パススルー型仮想マシンモニタを用いたコンピュータシステム管理に関する研究

筑波大学 (University of Tsukuba)201