For a company whose bread and butter is producing crude oil, Newfield Exploration’s storage environment was fast running out of gas.
Saddled with a mix of disparate systems, platforms and applications, the US$1.7-billion Houston company’s storage environment was “a mess,” according to Mark Spicer, Newfield’s vice-president of IT. Servers had to be rebooted twice a day to ensure availability, and keeping tabs on an overburdened architecture was draining scarce IT resources. With a workforce growing at an annual rate of 20 per cent, Newfield Exploration was in desperate need of greater storage capacity.
“We were just starting to reach critical mass, so we really needed to overhaul the whole storage system to plan for growth,” says Spicer.
Newfield Exploration could have opted for age-old fibre channel (FC) technology. Instead, in early 2003 the company turned to NetApp for its iSCSI-based storage area network (SAN).
Unlike with traditional network storage protocols such as fibre channel, operating iSCSI (Internet Small Computer System Interface) requires only an Ethernet interface or any other TCP/IP-capable network. Gone is the pricey equipment and specialized hardware knowledge often demanded of a fibre channel SAN deployment. With iSCSI, the promise is that companies can achieve a low-cost and easy-to-maintain centralization of storage.
While it was risky to take a chance on a relatively new storage solution such as iSCSI, Spicer says the decision has paid off. By implementing NetApp iSCSI connectivity to store Windows application data such as Exchange stores, Web stores and SQL Server databases, Newfield Exploration has improved performance by 20 per cent, leveraged its existing Ethernet infrastructure and greatly expanded storage capacity without having to add personnel — a cost savings of at least US$85,000 a year.
Newfield Exploration is just one of many midsize companies gradually making the move to iSCSI. Businesses have long relied on FC-SANs to offer rapid data transfer rates, enormous bandwidth and highly predictable performance for mission-critical applications. Such peak performance is especially critical to companies that depend on applications for processing sensitive financial information and confidential customer data.
But the arrival of iSCSI has heralded a user-friendly — and considerably cheaper — alternative for midsize and cash-strapped businesses. And vendors such as EMC, EqualLogic, Hewlett-Packard and NetApp are fast catching on to the trend, making iSCSI a key part of their storage solution portfolios.
iSCSI PROS AND CONS
The allure of iSCSI is easy to understand. Whereas an FC-SAN deployment calls for the installation of a high-priced host bus adapter and drivers, all it takes to connect a server to an iSCSI network is a gigabit Ethernet network interface card. Such ease-of-use is particularly attractive to today’s midsize businesses with limited IT resources and tight budgets.
And where FC-SANs often demand a hefty investment in storage administrators, most IT professionals already possess a considerable knowledge of Ethernet technology.
“iSCSI has emerged as a completely legitimate mainstream alternative to fibre channel,” says John Sloan, a senior research analyst for Info-Tech Research Group. According to a recent Info-Tech study, while spending on FC-SANs is virtually non-existent among enterprises with fewer than 100 employees, in enterprises with 100 to 500 employees, FC and iSCSI are receiving equal customer attention.
Despite this increasing popularity, iSCSI has been surrounded by its fair share of controversy. For starters, promises of immediate cost savings have often not been realized, according to Robert Passmore, vice-president of research at Gartner. “CIOs need to understand that the savings [of iSCSI] have been exaggerated,” he says. “Therefore, it’s important to look at the trade-offs and understand the positives as well as the negatives.”
Chief among these negatives is the security risk iSCSI can introduce to the enterprise. In the case of FC-SANs, the cables are inside a data centre that only employees can access. And even an ill-intentioned employee would have a tough time finding the tools he would need to hack into fibre channel. But iSCSI is another story.
“Anybody with a PC made in the last 10 years and some shareware can tap in and see exactly what’s going on over that network,” Passmore warns.
THE FIBRES THAT BIND
The need for a reliably secure storage system drove Capital Region Orthopaedic Group to select fibre channel. Members of the 24-physician practice based in Albany, N.Y., handle nearly 90,000 office visits each year and upward of 5,000 surgical cases. In early 2002, Capital Region Orthopaedic opted to move from paper charts and film-based X-rays to an all-electronic health records system and a digital picture archiving and communications system, or PACS.
While the transition was intended to help Capital’s physicians electronically access everything from exam notes to digital X-ray images, the size of the required database posed a problem. Each digital X-ray comprises several megabytes of data, and Capital Region Orthopaedic produces thousands of X-rays each year.
“Once we looked at the level of needs and projections for storage necessities, we knew that we needed to move to a SAN,” says Raymond DeCrescente, Capital Region Orthopaedic’s CTO.
To support the PACS application, Capital Region Orthopaedic traded in its single-server storage system for an FC-SAN from HP. This FC-SAN can be scaled up to 12 terabytes, providing instantaneous access to the past year’s images.
It took three weeks to deploy the new storage system, which represents a US$480,000 financial investment, including servers, storage and fibre channel. Although far from cheap, it’s an expenditure that DeCrescente says guarantees the growing practice will have a secure solution and the HIPAA-required protection of confidential medical records.
“While [fibre channel] is more expensive, it’s much more robust, more secure and less susceptible to some of the problems that you can have with iSCSI,” says DeCrescente.
In fact, for all the strides made by iSCSI vendors, fibre channel isn’t likely to be displaced by its more cost-effective counterpart anytime soon. According to Gartner, worldwide revenue for iSCSI-based solutions is expected to grow from less than US$300 million in 2006 to nearly US$1.6 billion in 2009. But while combined iSCSI and fibre channel sales are projected to reach US$20 billion in 2009, fibre channel will represent a whopping 79 per cent of that.
What’s more, although iSCSI has typically been cheaper to acquire, fibre channel vendors are now driving down their costs with easy-to-install, out-of-the-box offerings.
“Everybody is pushing to extend SAN technology into the midsize and smaller [market] so vendors are being more cost-conscious. You just can’t get away with charging six figures for storage anymore,” says Info-Tech’s Sloan.
WHY YOU DON’T HAVE TO CHOOSE
The rising costs of iSCSI is why analysts recommend looking beyond the bottom line when selecting a storage solution. While it’s easy to be seduced by a vendor’s promise of instant savings, companies need to recognize the respective limitations of both fibre channel and iSCSI. For example, an iSCSI deployment may cost a fraction of the price of a fibre channel installation, but those savings can easily be offset by the need for additional security measures.
As it turns out, some companies are refusing to pick sides and instead are opting for combining both in a hybrid storage model. Growing midsize companies with an iSCSI solution already in place can easily add fibre channel onto the infrastructure as the need for additional capacity arises. In turn, enterprises with large investments in fibre channel can opt to connect remote servers into the networks using iSCSI.
“The key thing is that for many storage applications in the small to midsize enterprise space, iSCSI versus fibre channel is irrelevant,” says Sloan. “What matters is that you get the best storage utilization and management features for your dollar.”
How to secure an iSCSI SAN
For all its promises of user-friendliness and low-cost storage, a storage area network (SAN) based on Internet Small Computer System Interface (iSCSI) can present some daunting security risks to today’s mid-market companies. After all, iSCSI is essentially a combination of two protocols — TCP/IP and SCSI — neither of which possesses built-in security features.
Vendors have taken steps to deliver CIOs greater peace of mind by introducing password authorization provisions and optional protection mechanisms such as IPSec that act as a network layer, promising the safe transmission of data over unprotected networks (such as the Internet). But when it comes to guaranteed safety, Gartner analyst Robert Passmore says, “The answer is isolation.”
By unplugging an iSCSI-based SAN’s Internet cable, a company can isolate iSCSI traffic on a separate network and prevent unauthorized users from accessing sensitive information. After all, says Passmore, “There’s no fundamental reason to connect iSCSI to a public network.”
The biggest storage array in the world, which is currently under construction, will have capacity equivalent to a stack of iPods three times the height of the Empire State Building.
Interestingly, it will be managed with common Ethernet networking tools. The SAN will support a project called the Human Speechome Project — for the MIT Media Lab — which is expected to archive and search 1.4 petabytes of data over three years. The SAN is being built from commodity hardware and uses a 10GbE IP network for data transfer between the backend SAN and hundreds of servers.
Computing infrastructure is expected to be composed of more than 300 Hammer Z-Rack storage enclosures from Bell Microproducts, about 3000 SATA (Serial Advanced Technology Attachment) hard disk drives from Seagate Technology, and more than 100 10GbE switches and 400 blade processors from Marvell Technology Group.
The high-throughput switches are needed for the storage I/O anticipated by researchers who believe they’ll be processing 700TB of data during every 12-hour analytical run. To achieve the desired performance requirements, 150-drive stripes (aggregated virtual volumes) will be created using the native virtualization capabilities of Bell’s Z-SAN.
Protection against data loss will be delivered through RAID 10 mirrors (duplicate copies) of the raw video data, transform data and metadata files.