Virtualized Storage
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> The third category of virtualization was storage.
00:00
This video we're going to talk
00:00
about storage area networks,
00:00
network attached storage, and
00:00
specifics of Cloud-based storage virtualization.
00:00
A storage area network,
00:00
or SAN provides a pool of
00:00
storage resources that can be
00:00
centrally managed and allocated.
00:00
This technology has been around well
00:00
before the public cloud.
00:00
The same consists of
00:00
a dedicated network of storage devices.
00:00
These are usually connected
00:00
using high-speed fiber-optic cables,
00:00
hardware and software managed block level storage.
00:00
If you aren't familiar with the term block level,
00:00
consider it usually takes
00:00
several blocks to create a file.
00:00
Block Storage is a level of detail above
00:00
the ones and zeros of binary on physical media,
00:00
but it is below a file system level of detail.
00:00
Block-level storage allows for fast,
00:00
efficient, and reliable data storage,
00:00
since the device can optimize the layout of blocks
00:00
for efficient retrieval across different hard drives.
00:00
SAN networks themselves are constructed in
00:00
three layers. You have the host layer.
00:00
This is where the servers take calls from
00:00
a local area network and enable
00:00
access to and from the underlying SAN fabric.
00:00
Beneath that is the fabric layer.
00:00
This is where all the networking components live.
00:00
SAN network devices include switches,
00:00
routers, bridges, gateways, and even cables.
00:00
Last but not least, is the storage layer.
00:00
This is where the actual storage devices
00:00
live and where the data blocks are persisted.
00:00
SAN and network attached storage or NAS,
00:00
are both network-based storage solutions.
00:00
A SAN typically uses
00:00
fiber optic connectivity between the host, switch,
00:00
and storage devices while NAS typically
00:00
ties into the network
00:00
through standard Ethernet connections.
00:00
As you now know the SAN stores data at the block level,
00:00
while NAS accesses data as files.
00:00
When an operating system is connected to a SAN,
00:00
it will typically appear as a local disk,
00:00
only seeable for that particular machine.
00:00
On the other hand, the NAS is visible to
00:00
multiple machines and it appears as a file server.
00:00
It is accessed using protocols like CIFS, NFS.
00:00
Providers often use both of
00:00
these approaches when building their storage,
00:00
but sometimes they use neither and they
00:00
have a more proprietary solution.
00:00
We will cover storage security
00:00
more in depth later in this training.
00:00
But let's touch on key points
00:00
particularly applicable to storage in the Cloud.
00:00
Multiple copies of data spread
00:00
across multiple storage locations.
00:00
This creates high levels of resiliency,
00:00
making it hard to lose data due to hardware failure.
00:00
If there's an outage, you may not
00:00
be able to access the data.
00:00
However, the hard drive gets fried,
00:00
you'll still have the data because it is being
00:00
replicated to multiple different hard drive disks.
00:00
Providers usually encrypt data at a physical level.
00:00
This addresses concerns if when providers
00:00
employee decides to help
00:00
themselves one of the physical drives,
00:00
or when the provider decides to
00:00
dispose off a physical drive.
00:00
Data can also be encrypted at
00:00
the virtual level on a client-side,
00:00
server-side, application layer,
00:00
database layer, and more.
00:00
All of which we will discuss in the future.
00:00
The control plane is used to
00:00
assemble the logical pools of
00:00
storage coming from the providers
00:00
physical pool of storage.
00:00
Policies are then defined in the control plane to
00:00
manage access to the data in these logical pools.
00:00
[NOISE] Another quiz, what are
00:00
the major benefits of having the provider
00:00
encrypt storage drives at the physical layer?
00:00
Multiple answers are correct here.
00:00
Prevent data from being compromised
00:00
as the result of drive theft.
00:00
Prevent data from being accessed by
00:00
virtual resources or exposed to the general Internet.
00:00
Prevents data from being
00:00
compromised when an old drive is discarded.
00:00
We were just talking about these.
00:00
A, prevented from compromised as
00:00
a result of theft. That's correct.
00:00
You take the physical drive,
00:00
you take a look at it, all the data
00:00
on that drive is encrypted.
00:00
Similarly, C,
00:00
it prevents the data from being
00:00
compromised when an old drive is discarded.
00:00
Somebody goes through the trash again,
00:00
it's like a form of theft.
00:00
You look at the data and it's all
00:00
>> encrypted on the drive.
00:00
>> B, prevents data from being accessed by
00:00
virtual resources are exposed to the general Internet.
00:00
That is not correct.
00:00
Only A and C are correct.
00:00
If you don't establish the appropriate controls on
00:00
the management plane and
00:00
associate them with your storage,
00:00
they could very well be exposed to virtual resources
00:00
that shouldn't have access
00:00
and even to the general Internet.
00:00
That physical layer encryption
00:00
gets decrypted when going to the virtual layers.
00:00
This is where you want to rely on policies and
00:00
other strategies we will discuss
00:00
in the storage module later.
00:00
But to recap, in this video,
00:00
we talked about storage area networks,
00:00
network attached storage, and storage virtualization.
Up Next
Similar Content
