All enterprises are experiencing data growth. IDC reports that enterprise data stores will grow an average of 40 to 60 percent annually over the next 5 years. IDC also reports that data storage accounts for as much as 15 to 20 percent of IT capital spending in large enterprises. The increase in enterprise data storage needs coupled with longer data retention periods (mandated by legislation and compliance regulations) is leading to large growth in storage infrastructure: more backup, archive and disaster recovery complexity and increased requirements for resources such as space, power, cooling, storage, and personnel. One way to address this challenge is with an off-site storage model. To move to this model, some changes to the backup mechanism may be required by the enterprise customer.
At a high-level, cloud storage can be as simple as a place to store and retrieve files. Cloud storage uses off-site storage based on resources owned by the enterprise, and the primary benefit is cost savings through the sharing of archive and backup infrastructure (Figure 1). This efficient management of enterprise data storage results in reduced capital expenditures (CapEx) and operating expenses (OpEx). The Cisco® MDS 9000 Family provides a cloud storage solution. This off-site storage model deploys both private and public cloud storage to enable customers to manage backup and archival as their data continues to grow.
A cloud environment creates a pool of resources behind a company's firewall and includes resource management and dynamic allocation. A large enterprise may have multiple data centers, so it is beneficial to back up data to one central off-site storage site, which is what cloud storage does.
• Backup and archival make up 30 percent of data center expenses
• Backup and archival represent the largest opportunity for savings
Cloud storage involves a tiered storage setup, remote tape vaulting facility, and data backup infrastructure at the off-site storage site. The backup infrastructure can be shared by multiple data centers, leading to higher utilization and lower costs. In this shared infrastructure model, cost savings accrue from higher utilization; power, cooling, and space savings; and fewer personnel resources at one central location (Figure 2).
According to Gartner,2 the typical savings achieved by moving to a third-party managed storage location is about 30 percent (Table 1). The savings and benefits for an off-site model owned and managed by the enterprise are similar.
Table 1. Typical Savings from Third-Party Managed Storage
Off-Site Storage (Internal or Public Cloud)
Average cost per GB per year
US$2 per GB
US$1.4 per GB
Savings provided by off-site storage (cloud storage)
Figure 2. Cloud Storage for a Large Enterprise
Considerations for Deploying Cloud Storage
When deploying cloud storage, you need to consider several main factors (Figure 3):
Figure 3. Challenges for Cloud Deployment
• Security: A holistic view of security is needed. To meet compliance and regulatory requirements, data needs to be secure both in flight and at rest. In addition, data needs to be retained for longer periods of time. In the cloud storage model, data transits the WAN to the remote cloud. Data will need to be encrypted while in motion and also encrypted at rest whether it is stored on a tape, disk, or virtual tape library (VTL). A management solution for encryption is mandatory, as is secure management access.
• Performance: Ensuring performance of storage protocols is essential as data travels over extended distance to cloud storage, and the effect of latency needs to be mitigated for disk and tape I/O. The performance enhancement must keep the costs low, so adding bandwidth is not an option.
• Management: Management software should scale with fabrics and devices across multiple geographic locations. The management solution needs to be able to enforce access controls as well as monitor performance and perform capacity planning.
Cisco MDS 9000 Family Solution to Enable Cloud Storage
Cisco MDS 9000 Family solutions are being deployed today to enable cloud storage. As discussed here, the Cisco MDS 9000 Family addresses all the challenges of a cloud storage deployment model.
Security for Data in Motion
Cisco TrustSec enables link-level encryption for Fibre Channel traffic to help ensure that data is secure while in motion. This capability exists on all the 8-Gbps line cards for the Cisco MDS 9000 Family. The IP Security (IPsec) feature of Fibre Channel over IP (FCIP) provides a secure data connection for FCIP traffic. This feature has been available since the initial FCIP deployments on Cisco MDS 9000 Family switches (Figure 4).
Figure 4. Security for Data in Motion
Security for Data at Rest
Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives and VTLs in a SAN environment using secure IEEE Advanced Encryption Standard (AES) algorithms. Cisco SME hardware and software are fully integrated with the Cisco MDS 9000 Family. Encryption is performed as a transparent Fibre Channel fabric service, which greatly simplifies deployment and management of sensitive data on SAN-attached storage devices. Cisco SME employs clustering technology to enhance reliability and availability, enable automated load balancing and failover capabilities, and simplify provisioning. To simplify management, this encryption service is provisioned as a single, logical SAN fabric feature rather than as individual switches or modules (Figure 5).
Figure 5. Security for Data at Rest
Performance over Distance
Storage protocols are time sensitive, and the Cisco MDS 9000 Family mitigates the effects of latency using the I/O Accelerator (IOA) feature. Since data transits extended distances to cloud storage, latency challenges need to be resolved to offer SAN-like performance and resiliency over the WAN or metropolitan area network (MAN). Cisco MDS 9000 Family IOA accelerates tape read and write I/O between the backup applications and virtual or physical tape libraries, which not only reduces the backup windows but also enables remote tape vaulting over extended distances without degrading application performance. Remote tape vaulting gives customers the flexibility to locate their tape backup to cloud storage remotely and to back up and restore data in real time without having to manually ship tapes to remote locations (Figure 6).
Figure 6. Performance over Distance
Cisco MDS 9000 Family line cards enable compression with a compression ratio of 4:1 for application data, thereby reducing the traffic on WAN links. This compression leads to higher utilization and thus faster transmission on low-speed links.
Cisco Fabric Manager Server (FMS) offers the features required to manage a cloud storage solution: scalable performance through server federation for a multiplicity of large fabrics with many end-devices across different geographic data centers (Figure 7). Cisco FMS also provides visibility into performance, utilization, topology, and configuration details for more efficient capacity planning and provisioning (Figure 8). In addition, it offers health monitoring and diagnostic tools. The Cisco implementation of role-based access control (RBAC) is the leader in the storage industry, with 64 user-definable roles, allowing the creation of parallel groups of administrators with very specific focus and varying access levels. Role-based authorization limits access to switch operations by assigning users to roles. Secure Shell (SSH) provides secure remote access through authentication and encryption of traffic between the client and the switch.
Figure 7. Cloud Management with Cisco FMS
Figure 8. Cisco Fabric Manager Generates Reports Across Fabrics Discovered on Different Cisco FMSs in a Federation
Case Study: A Large Financial Company's Deployment of a Cisco MDS 9000 Family Cloud Storage Solution
A leading global financial services company with assets of US$2 trillion and operations in more than 60 countries implemented a private cloud storage model based on the Cisco MDS 9000 family and reaped the business benefits.
The customer needed to address the following two challenges:
• Constant need to back up large amounts of data from branch offices to a central business-continuance and disaster-recovery (BC/DR) tape backup facility while keeping the backup windows small enough to reduce the effect on business
• Need to reduce operational complexity to scale tape backup environments while using current MAN infrastructure
The customer deployed a Cisco cloud storage solution based on the Cisco MDS 9000 Family and its IOA feature because the IOA feature is transport and speed agnostic, so it works with any transport (Fibre Channel, FCIP, and Fibre Channel over Ethernet [FCoE]) and any speed (1/2/4/8/16-Gbps Fibre Channel and Gigabit Ethernet). IOA is highly scalable and available because it supports PortChannels, multiple paths, engine clustering, and a TCP-like transport protocol to protect against physical link failures.
The customer benefits can be summed up as follows: Risk mitigation using tape backup is an integral part of the company's BC/DR strategy. The Cisco MDS 9000 Family's next-generation cloud storage solution using IOA has reduced the company's backup window by 85 percent, and it has reduced operating costs by providing the flexibility to use the existing Fibre Channel MAN infrastructure and simplifying deployment and management of the solution
The Cisco MDS 9000 Family provides an excellent solution for a cloud storage deployment. The attributes of the Cisco MDS 9000 Family address the challenges of the cloud storage model. The unique architecture of the Cisco MDS 9000 Family is well suited for scalable and distributed data centers. The SAN extension features of the Cisco MDS 9000 Family, such as Fibre Channel transport over an IP network in a secure way and encryption of data at rest, actively address the challenges of cloud storage. Cisco Fabric Manager provides comprehensive visibility for improved management and control of Cisco storage networks. Cisco Fabric Manager helps reduce overall total cost of ownership (TCO) and complexity through unified discovery of all Cisco Data Center 3.0 devices and through task automation and detailed reporting.