Inside System Storage -- by Tony Pearson

Tony Pearson Tony Pearson is a Master Inventor and Senior IT Specialist for the IBM System Storage product line at the IBM Executive Briefing Center in Tucson Arizona, and featured contributor to IBM's developerWorks. In 2011, Tony celebrated his 25th year anniversary with IBM Storage on the same day as the IBM's Centennial. He is author of the Inside System Storage series of books. This blog is for the open exchange of ideas relating to storage and storage networking hardware, software and services. You can also follow him on Twitter @az990tony.
(Short URL for this blog: )
  • Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (4)

1 StorageWonk commented Permalink

Tony- <div>&nbsp;</div> A nice posting, and one that reminded me of an interesting challenge that those of us involved in protecting data often have. <div>&nbsp;</div> <div>&nbsp;</div> A few years ago I was at a project planning meeting with several senior members at another major storage vendor. The company had sent teams from both their storage and security groups, most of whom were as unfamiliar with one another as many of them were with me. I remember early-on getting a sense that the meeting was not very productive -- not a good feeling as I was chairing the meeting. <div>&nbsp;</div> <div>&nbsp;</div> About 10 minutes into the session I began to figure out what was wrong. It all had to do with the topic you discuss here -- just what does it mean to "protect" data. Both sides certainly recognized the importance of what the other group had to offer, but to the storage guys protection was all about data availability and business continuance, and for the security people the term had everything to do with preempting unauthorized/inappropriate access. <div>&nbsp;</div> <div>&nbsp;</div> Both groups used the same terminology, but the definitions were wildly different and so, of course, were the thought processes of each of the groups. The issue was not one of terminology, but of ontology. <div>&nbsp;</div> <div>&nbsp;</div> Eventually we all got on the same page, but it had to be a physical page that we could all refer to (a whiteboard would have sufficed) and a lot of time was invested in doing metawork needed to get us to a common starting point for the project we had originally gathered to work on. I think the time was well spent, but I also think it illustrated an important problem: crossing between traditional "knowledge domains", such as security and storage, is a challenge. <div>&nbsp;</div> <div>&nbsp;</div> I like the fact that your blog brings in both sides of the question, but I wonder how many senior people out there, trained to be deep in a particular IT discipline, can easily bridge the gap between their discipline and another without having been prepared for it first. The trick of course is not to see security and storage as separate but equal, but rather to understand how the two domains interoperate as a single system. In this context, I wonder how many security people read storage blogs and how many storage people have the inclination (or perhaps, the time) to keep up-to-date on security issues. <div>&nbsp;</div> <div>&nbsp;</div> I think what you have done here is quite useful. I hope you keep focusing on this. <div>&nbsp;</div> <div>&nbsp;</div> Sorry I missed your presentation at Pulse. I'm sure we would've had an interesting and lively discussion. <div>&nbsp;</div>

2 thestorageanarchist commented Permalink

FWIW, I'm not anybody's Rottweiler, and I'm not here defending Chuck. I'm here on my own, to keep you honest and to respond to the intelligence-insulting and baseless FUD you enjoy slinging so much. <div>&nbsp;</div> Second - we'll stand SRDF up against IBM's replication any day, on efficiency, bandwidth, RPO and RTO. Fact is, single round trip has virtually zero value in large packets because the response is infinitesimal as compared to the packet size. Granted, you probably don't know much more than what your marketing materials tell you, but in real life, your little diatribe about round trips is abjectly meaningless in terms of bandwidth utilization and cost. <div>&nbsp;</div> As for FDE, just to set things straight, please answer the following fairly simple questions. I'd appreaciate if you avoided trying to twist the words and meaning of the questions - each has a very finite and simple answer: <div>&nbsp;</div> 1) Which IBM disk storage subsystems provide data encryption on the drives? <br /> 2) Do all members of the DS8000 series provide data encryption, including the DS8700? <br /> 3) Does the XIV platform provide data encryption? <br /> 4) Does IBM offer data encryption for ALL drive types (10K, 15K, SATA and Flash) and all drive sizes available for each disk storage subsystem? <br /> 5) Do FDE drives cost more than non-FDE drives? How much more? <div>&nbsp;</div> Finally, if someone can walk up to a disk subsystem and steal a disk drive and get away with it undetected, doesn't that represent a failure of site security? Won't the array instantly raise an alarm? And surely, if anyone can get into the data center, I sincerely doubt that they would want to steal wouldn't be a single disk drive...more likely they would want to plant a back-door via server console, or perhaps even try to damage/destroy something. But snag a single disk drive? <div>&nbsp;</div> Hardly realistic. More IBM FUD. <div>&nbsp;</div> But heck, if it is really such a probable event, how come your answer to question #1 isn't "every single IBM storage platform IBM sells encrypts all data stored on its disk/flash drives?" <div>&nbsp;</div> And while I'm at it: <div>&nbsp;</div> 6) Why does the latest-greated DS8700 not support a superset of functionality provided by the earlier generation DS8300/8300 Turbo? Specifically, why are Thin Provisioning and LPARs available on the earlier systems and not the latest model. Has IBM decided to start abandoning functionality on its flagship product line? <div>&nbsp;</div> Oh, and if you have any more of those intelligence-insulting IBM funded competitive attack white papers, let me know. That last one was especially useful in winning business away from IBM - customers came to us asking for an honest perspective instead of IBM's made-up cruft.

3 TonyPearson commented Permalink

Mike (StorageWonk), <br /> Thanks for the kind words. Yes, I liked your post on this topic: <div>&nbsp;</div> <div>&nbsp;</div> Looks like we have started a "meme" on this thought! <div>&nbsp;</div> --- Tony <div>&nbsp;</div>

4 TonyPearson commented Permalink

BarryB, <br /> Fortunately, ALL of IBM's storage devices support the storing of encrypting data at rest, whether by host-based, array-based or drive-based approach. I guess one could just as easily ask why the V-Max did not initially have all the function it was supposed to have on its introduction, on why EMC would announce FAST v2, but then only deliver FAST v1 in such manner as to be a let-down to the rest of the industry. <div>&nbsp;</div> If you have contacts at Seagate, you can ask them about the awesome FDE drives that IBM offers in their disk systems, relative costs, and so on. You do have contacts at Seagate, don't you? <div>&nbsp;</div> -- Tony

Add a Comment Add a Comment