It won't run over the Internet because of latencies inherent on the
public network.
at least for some storage applications, latency is not as important
as bandwidth. e.g. you can do backups over a high-latency medium
as long as your bandwidth is adequate (though recovery from write
errors gets a bit tricky).
Backups could go through VPNs, I suppose.
except that you can't assume the presence of a VPN either. you need
authenticity and privacy specified as part of the storage access protocol.
I suppose infrequently used and low
priority files could also be accessed over the 'net.
yes, but file access protocols are better for this purpose.
I don't see wanting to mount a raw disk drive
across the public Internet very often.
(except perhaps read-only... virtual cdrom, anyone?)
It will run over incredibly fast Packet over SONET Wide Area
Networks--behind firewalls.
...it's
inappropriate to assume that it will always be used behind firewalls...
If the larger network that is employing this technology doesn't hire a
decent consultant, you might be right. If they do, it will ALWAYS
be behind a firewall :-)
any consultant who pretends that firewalls provide security cannot
be described as 'decent'.
Firewalls don't help with the majority of security threats...
True, but whether the server accesses the disks via SCSI over TCP or SCSI
over Fibre Channel, the SERVER is still the weak link.
un, no. SCSI has some inherent length/delay/number-of-stations
limitations. but if the disk is accessible using TCP, there is a
significant probability that it will be accessible from the global
Internet and/or from local threats who have physical access to the
transmission medium, and the storage access protocol needs to assume
that this is the case.
The transport protocol doesn't create any inherent weaknesses of
the type you are refering to--e-mail borne viruses, internal hackers, etc.
you're assuming a different threat model than I am. I am indeed
assuming that storage devices will be targed, in addition to servers.
The server would still be the attack point. Why goodness,
the server and storage devices could be in a VLAN or something to deny
direct hack attempts against the storage device
yes, they *could* be. but you cannot assume that they *will* be.
but the chink in the armor is how hardened is your OS?
there's more than one chink in the armor.
IP-based protocols need to be able to work in the global Internet.
Keith