Conventional storage systems have a directly coupled relationship between the various Storage Area Network (SAN) entities. A SAN initiator can be a host trying to access a storage subsystem. A target storage array subsystem device and an intermittent switch are other types of SAN utilities. Typical SAN identity attributes such as a node World Wide Name (WWN) and a port WWN are hardcoded onto these entities and are difficult, if not impossible, to be imitated.
Other conventional systems are implemented in form of virtual entities. Identity attributes are flexibly applied and re-applied to such entities. Such approaches bring a greater need for end-to-end trusted relationship between an initiator and a target in a SAN.
Some of the common attacks on a Fibre Channel Protocol (FCP) based SAN include (i) node name or port name spoofing during a port login, (ii) source port ID spoofing on dataless FCP commands, and (iii) denial of service attacks made in user mode. A typical fibre channel SAN defines a handshake mechanism using challenge phrases to perform protected communication to protect data in transit. Such a handshake mechanism is not immune to identity attacks and/or brute force attacks. A node with an imitated identity could still login into a target and perform service denials or protocol congestion even if the node is unable to exchange data.
Other conventional approaches implement virtual machines in a SAN configuration. A server farm implemented using Virtual Machines (VMs) can log into a SAN fabric. In a virtual machine environment, the VM would be running with virtual Host Bus Adapter (HBAS) applied with a virtual WWN using the configuration files. If the VM configuration database is compromised, a VM could re-login with a stolen identity of a different VM and still obey the fabric rules (i.e., soft zoning, hard zoning, etc.) while gaining access to the target device. In a worst case scenario, a clone of a VM could re-login to the fabric using the VM clone with duplicate identities. This is highly difficult to achieve in a physical environment, since cloning the physical HBAs to imitate the WWN of a different host would be needed.
Other conventional approaches use a blade server behind a Fabric Module. A conventional blade server environment uses a Fibre Channel (FC) fabric module that routes traffic between multiple blade servers and the SAN fabric through a high speed uplink. The fabric module also applies shared connection profiles to the blades (i.e., MAC addresses, WWNs, etc.) that overrides the original settings of the servers. This is done mostly to achieve blade server failover. When a server is brought down, a different blade server takes over the application load and gains control of the underlying data across the SAN using the common connection profiles. With the blade server managed across the networks, hacking into the configuration database to create erroneous mappings of the connection profiles to the blade servers is made easier. The SAN fabric could allow routing based on the WWNs and the target could allow the login process though ultimately the target is communicating with the wrong host.
It would be desirable to implement a system and method to establish and/or manage a trusted relationship between a host to storage array controller and/or a storage array to storage array controller.