节点文献
IP SAN备份技术及安全机制的研究
A Research in IP SAN Backup Technology and Security Mechanism
【作者】 何玲娜;
【作者基本信息】 浙江大学 , 计算机应用技术, 2005, 硕士
【摘要】 目前,数据存储领域的很多技术还处于研究阶段,从最初的DAS(Direct Attached Storage,DAS)模式发展到现今的网络存储模式,数据存储逐渐成为人们的研究热点。传统的存储结构采用SCSI总线直接将服务器与若干存储设备相连,存储设备被看作是服务器不可分割的一部分,这是一种离散式的存储结构模式。然而,随着分布式计算环境的不断改善,数据需要在更大的范围內实现共享,为多个用户提供高可用性的数据成为存储技术的关键。因此,网络存储技术成为主流。 网络存储技术主要有网络附属存储(Network Attached Storage,NAS)和存储区域网(Storage Area Network,SAN)两种架构,NAS存储模式提供文件级的存储访问,而SAN模式则基于数据块实现存储。显然,相比较而言,SAN技术更具有灵活性和可扩展性。但是,早期SAN大多基于光纤通道(Fibre channel,FC)实现,价格昂贵,多用于高端市场,难以在存储领域普及。随着TCP/IP网络技术的不断发展,人们开始考虑将数据存储基于IP网络实现,IP SAN应运而生,它使得NAS与SAN这两种用于不同领域的存储技术,呈现出融合的趋势。 然而,由于IP SAN发展时间较短,目前在许多关键的技术上还有待研究解决。本文通过对iSCSI协议的分析,设计并实现了一个基于iSCSI协议的IP SAN存储系统,采用零拷贝技术及7CP/IP优化机制,有效地提高了iSCSI协议的效率,进而提升了系统的性能。由于IP SAN存储系统是一个庞大的研究领域,本文着重探讨了备份/恢复技术在IP SAN中的应用,比较了多种不同的备份技术和安全机制,构建了一种新型的完全+累积备份的备份模型,并结合具体的实现.采用磁盘RAID技术实现了虚拟化存储,将相互独立的物理磁盘虚拟成连续的逻辑磁盘,有效地优化了IP SAN备份/恢复系统的性能。同时,基于安全性的考虑,本文进一步分析了IP SAN的安全认证机制,提出了一种IP SAN认证模型,并结合具体的实现,比较了SRP和CHAP两种认证机制的不同,从而很好地解决了如何保证SCSI命令/数据在传输、存储时的安全性问题,尽可能地确保数据的完整性和一致性。 本文通过对IP SAN备份/恢复技术及安全认证机制的深入研究,提出了相应的解决方案,在系统的具体实现中充分地运用了这些方案。通过对系统性能的测试和分析,证明系统可以达到预想的目标。
【Abstract】 At present, some technologies in data storage have been researched. From early DAS mode to current network storage mode, the data storage gradually becomes research hotspot. The traditional storage structure directly connect server and storage devices using SCSI BUS, the storage devices are as an indiscerptible segment of server, so it is a discrete storage mode. However, along with improving of distributing compute environment, data must realize share among more range, and providing high useful data for multi-user becomes the key of storage technology. Thus, network storage technology turns into main technology.Network storage technology mostly has two frames: Network Attached Storage (NAS) and Storage Area Network (SAN). NAS mode provides storage access based on file, and SAN mode realizes storage based on data block. Apparently, SAN technology is more flexible and extensible. But early SANs always realize over fibre channel (FC), the price is very costly and the technology is diffcult to prevalence in storage domain. Along with the development of TCP/IP network technology, people consider designing data storage over IP network, then IP SAN emerge as the times require. It should integrate the NAS and SAN technology.Whereas, because the IP SAN is a new domain, so some pivotal technology need farther research and solve. This paper analyses iSCSI protocol, designs and realizes an IP SAN storage system based on iSCSI. Moreover, utilizing zero-copy technology and TCP/IP prtimizing mechanism, the efficiency of iSCSI protocol is effectively advanced, and the capability of system is also improved. IP SAN storage system is vere huge research domain. This paper emphasize backup&recovery technology of IP SAN, compare many different backup technology and security mechanism, and construct a newly full+accumulative backup mode. Through actual realization, this paper realizes virtual storage using RAID technology; undependent physical disks are became consecutive logical disks, and then the performance of IP SAN backup&recovery system is improved. Furthermore, considering the security of system, this paper also analyses the security authentication mechanism of IP SAN, and brings forward an authentication model of IP SAN. Through actual realization, this paper compares the difference between SRP and CHAP authentication mechanism, solves the security issue of SCSI command/data, and can insure the integrality and consistency of data.Through lucubrating the backup&recovery and security authentication technology of IP SAN, this paper puts forward corresponding resolve projects, and applys them in actual realization. By test and analysis of the system, it is proved that the system can achieve expect goal.
【Key words】 IP SAN storage system; iSCSI protocol; backup&recovery technology; security authentication mechanism;
- 【网络出版投稿人】 浙江大学 【网络出版年期】2005年 02期
- 【分类号】TP333
- 【被引频次】12
- 【下载频次】293