Looking at advanced features is always a critical step when reviewing storage systems because of the value these features bring. There are a large number of storage system-based features, and variations exist between different vendor implementations. But taking a step back, it is interesting to examine where these features really belong. They were developed in storage systems to fill a need and each feature could be applied at a single point, regardless of the different hosts accessing the information.
To start a discussion about where the features really belong, let’s examine the more commonly used ones. This is not a call for change because change is unlikely. It is a discussion that may assist in some understanding of how these features can help.
Encryption. Encryption should be done at the time an application creates or modifies data and before the data is transmitted out of the application’s control. This means the data would be encrypted when it is transmitted over any network to a storage location. Access to data from another server would require the authentication and the encryption keys for decrypting the data. Encrypting data at the storage system is not the best location because applications can access the data without controls regarding encryption. Encryption at the storage system is protection from physical theft of devices.
Data protection through backup. Decisions about backup should be made by the application owner or business unit. In most environments, IT makes a broad-based decision about data protection as a standard policy and applies that to data – usually on a volume basis. The actual value of the data and the corresponding protection requirements may not be known (or as continued knowledge) by IT. Data protection should be controlled and initiated at the application level. The same holds true for restoration.
Data protection for Disaster Recovery and Business Continuance. Recovering from a disaster or continuing operations during a disaster or interruption is a complex process and requires coordination between applications and storage systems. Storage systems make replicated copies of data to other storage systems and the process to failover or recovery is orchestrated according to a set of rules. If the applications could make the copies (simultaneous writes to more than one location) without impact to operations (in performance, etc.) the storage system would still store the remote copy but the recovery process and coordination would be done by the application at a single point with knowledge of the information requirements.
Compliance management. This is a set of features that help meet different regulatory requirements. Each of those represents a challenge. Only a few storage systems do all of these:
- Retention controls – these protect data from being deleted until a certain time, event, and/or approval. These can be done in software if the software is the only method to access data. Because this may defeat the flexibility of how data is stored for archiving, the storage system may be the best location for this function with software controlling the operation.
- Immutability – protection from data alteration has been implemented in storage for some time. With many sources of access, immutability at the storage system would still seem to be the best location.
- Audit trail for access to data – requirements to track access to data can be done in the application if there is no way data could be accessed otherwise. Typically there may be other means, so having the storage system handle the audit trail is probably the best solution.
- Validation of integrity – this requirement is a typical feature of storage systems anyway so continuing this in the storage system would be expected.
- Secure deletion – this is implemented as a digital overwrite of the data on the storage device. Because of device characteristic knowledge, this should continue to be part of the storage system.
- Legal hold – this has the same issues as retention controls.
It’s unlikely that we’ll see any substantial change in the way things work regarding storage features in existing IT environments. New implementations for private clouds may do things differently, which means applications would have different requirements. It will be interesting to see what develops as private clouds are deployed within traditional IT environments.
(Randy Kerns is Senior Strategist at Evaluator Group, an IT analyst firm).