General

ISPCON Storage Services Power Panel

The ISPCON storage services power panel tried to look into the future of storage and of storage service providers (SSPs) but was accused of being wedded to the past.

by Alex Goldman ISP-Planet Associate Editor [October 18, 2001]

The ISPCON storage services power panel was moderated by Dr. Vijay Ahuja, Cipher Solutions president and founder. Dr. Ahuja spoke about storage service provider (SSP) trends and security. Before founding his own company, Dr. Ahuja was most recently the chief technology officer of Arsenal Digital Solutions, a pioneer in storage services. Panelists joining Dr. Ahuja included:

• Clint Jurgens: Cisco Systems, Inc. business development manager, who spoke about Cisco's storage area network (SAN) initiatives and managing storage networks resource systems.
• Jon Toor: Maxtor Corp. senior director of product marketing, who talked about (Network Area Storage) NAS and Maxtor's latest products.
• Jeff Hornung: Spinnaker Networks vice president of marketing, answered questions about business startups in the storage sector.

Cipher Solutions' Dr. Ahuja divulged his take on the state of SSP sector today. He said service providers look to storage services to deliver:

• Increase revenue per square foot or per GB
• Diversify revenue streams
• Deliver higher margin services
• Explore provision of backup and restore services

Combined with Managed Security Services (MSS) and other services, storing data can provide value synergism. Service providers are able to perform security functions that many companies would not do themselves. For example, Dr. Ahuja addressed the deployment of so-called "honey pot systems," which are servers designed to appear to have valuable information to an intruder, but contain no relevant data. Since these servers are not actually used, any activity on them will reveal the presence of an intruder. Designing and maintaining a "honey pot system" takes time and skill that corporations usually lack. SSPs can deploy services that address security needs in several ways:

1. Delivered through independent data centers (IDCs) using IDC equipment and re-branded or sold under the name of the IDC. Exodus, for example, had several SSPs among its fold.
   
   
2. Manage clients collocated equipment or provide data storage via remote access. In this business model, the customer owns the actual storage resources and the SSP maintains a presence at the client's office or at the data center where the client's equipment is collocated
   
   
3. SSPs can own the network equipment and manages storage services from a Global Network Operating Center (GNOC). In this case, traffic between the client and the GNOC must traverse secure access lines.

Matter of trust
Of the various challenges facing SSPs, three different issues loom particularly large. The first is a lack of capital and funding. SSPs are under pressure to deliver sales revenues and also cut costs while differentiating storage services. Dr. Ahuja argues that it is not possible for SSPs to simultaneously reduce costs while moving up-market.

The second problem is more theoretical. The SSP business model is maligned by a lack of trust—customers want control and access to their own data.

Finally, there is a problem that dramatically impacts the lack of trust of SSPs. A problem faced by SSPs—and ASPs as well—is that when there is a service disruption, customer's want to deal with only one vendor. They do not want to call a data center, then a telecom, and a backbone provider. SSPs need to be able to work for the customer, and protect the customer from the errors of the other companies involved in the service.

According to Dr. Ahuja, it will be some time before SSPs enjoy the level of trust that banks have. Shared environments generate genuine security concerns—and when companies put health data on a storage network, their entire business is at risk.

Today, customers demanding absolute security guarantees get their own separate SAN, but providing this means that an SSP cannot generate any economy of scale. A separate SAN for each customer is not a profit proposition for SSPs. Instead, SSPs will need to be able to guarantee a level of security that makes them a vanguard of corporate data—protecting, while serving.

(Back to Top)

Clint Jurgens of Cisco on SANs
Clint Jurgens said that the purpose of a SAN is to decrease the Total Cost of Ownership (TCO) which is the purchase price of storage plus the money spent to manage the storage. The price of storage is declining rapidly, but the cost of managing the equipment is not going down fast enough for many enterprises.

The solution is the SAN or NAS. He said that people tend to use a NAS for file access, and a SAN for block access. A NAS will therefore deal with front office applications (such as word processing documents) while a SAN will handle the back office database.

Cisco uses iSCSI to create a storage pool that users can access. Over the Internet, iSCSI is not totally secure, although VPNs can be used (but they add encryption data to the data being sent over the storage network, and even VPNs are not entirely secure).

Jurgens presented a case study of a medical research firm. Using fiber only required dedicated links from each workstation to the storage pool. A Gigabit Ethernet-based iSCSI network allowed the company to use the IP cloud to provide one-to-many links between workstations and storage. Using the IP cloud rather than running dedicated lines reduced setup costs by $600,000, and lowered network management costs too.

When backing up to remote sites, iSCSI can go to tape or can work with Fiber Channel drives through a protocol known as FCIP (Fiber Channel over IP) which translates FC frames into TCP/IP frames.

Jurgens recommend that anyone seeking additional information about Cisco storage should utilize its Web site.

(Back to Top)

Jon Toor on Maxtor's ATA-based NAS
Jon Toor said that although the SANs that Mr. Jurgens had spoken about would be good in certain situations such as back office databases, for basic desktop applications, the Advanced Technology Attachment (ATA) -based NAS would be useful. It is designed to offer devices priced at about $15 per GB (a 5.7 TB device would therefore cost $85,500) fully configured with a Microsoft Windows Powered license (sold per-server, not per-client).

The product offers browser-based management and promises no network downtime during setup. Because ATA drives are being built in massive consumer volume, the pricing of ATA products reflects economies of scale. In comparison with ATA's $15 per GB, iSCSI is currently at $60 to $250 per GB, and mainframes cost $300 to $600 per GB.

Tape is at a similar price point to the ATA drive, but data on a tape takes time to locate, and loading a tape onto a spool also takes time.

The ATA-based NAS allows enterprises to backup to disk instead of tape, enabling rapid restore during a crisis. And for small, important pieces of data, such as e-mails, backing up to disk should make much more sense than backing up to tape.

(Back to Top)

Q&A Session With Spinnaker's Jeff Hornung
Q: What is the impact of nine-eleven on SSPs?

Hornung: CTOs and CEOs are less likely to question the cost of data backup and recovery, and are more likely to understand that it's important to backup to a remote location.

Toor: In the new cost-conscious economy, customers will examine the price of storage more closely and not just go out and, say, buy the most expensive EMC storage with startup capital.

Ahuja: Security is more important. It is now a requirement, not just a "feature" especially with talk of a possible "cyber Pearl Harbor."

Q: How important is Quality of Service and is it possible to define and guarantee QoS?

Jurgens: It depends on the content being delivered. You cannot deliver movies if latency and bandwidth are problems. Different customers with different data types will need different QoS. It is up to the SSPs to design different contracts for different customers.

Hornung: QoS is not possible today, but the technology is being designed today so that in the future it will be easier to implement a QoS offering.

Jon: People will always want tape because tape makes data portable, but because it takes time to load, it will be affected by the definition of a QoS. In certain situations, it will take too long and will therefore be ruled out.

Q: Which technologies will drive storage services in the future?

Jurgens: Security will drive services. Watch out for encryption algorithms that operate at gigabit speeds.

Hornung: I acknowledge, for Clint, that iSCSI will gain momentum, but he should also keep in mind that NAS is getting faster.

Toor: SSPs need to have the expertise in using many types of solution that their clients will lack but will be willing to pay for.

Ahuja: As storage systems, especially iSCSI, utilize the IP cloud for corporate data, security needs will rise because IP is inherently not secure.

A member of the audience rose and challenged the establishment:

"Why do we have to buy 'solutions?' Are the major companies held back from offering a "NAS/SAN in a box" because they are tied to particular technologies? Startups such as Andiamo (Clint, I guess Andiamo is partly funded by Cisco so you cannot talk about it) and Pirus doing what the majors cannot? What about Brocade? Is their approach different? What about 3PARdata? Will we ever see a blended SAN/NAS solution? Why do we have to choose between them?"

Hornung: You may see some different approaches from the startups—and in this area, they are getting funding. 3PAR seems to be building carrier class solutions, whereas Pirus and Andiamo may build solutions for smaller companies.

—End