The Study Of The ISCSI Storage System's Safety Performance

Along with the fast development of internet,iSCSI storage system is widely used because of the virtues of great capacity,high performance and good expandability。Through the introduction of iSCSI technology,this paper fully commend the hidden advantage of iSCSI storage system and put forward a great deal of problems in it,especially the security performance in iSCSI network。As the iSCSI storage system is designed to use in a distrustful wan area,the security of data is obviously important。So the emphasize of this paper is to study how to resolve the hidden troubles lying in iSCSI protocol and put forward the method to resolve it。This paper researches iSCSI safety protection from three sides:user identity login authentication,IPsec and high performance long-distance data replicating。As iSCSI communication mainly depends on initiator,target and ip communication node,so authentication mechanism should be introduced to distract storage area firstly。After the introduction of normal CHAP identity authentication protocol,it is found that hidden troubles lies in CHAP protocol including password filched easily,server to client unilateral authentication and channel attacked easily through study。It is put forward to use Kerberos to substitute for CHAP protocol。In order to improve the security performance,two revisd method aiming at Kerberos protocol is put forward using RSA。At the same time,USBkey hardware unit is introduced to establish the first barrier of iSCSI network to prevent unauthorized user invading。After the user logging in ,the system enters the full function phase。It is concerned about data encryption。For this sake,this paper study the IPsec technology。It includes the IPsec working mode,IPsec SA and IKE。On this basis,the revising method is put forward not only concerning about the I/O rate but also regarding about the level security。At last,in order to ensure the security and coherence of data transfers in iSCSI network,this paper studies and discusses the long-distance data replicating。It discusses the implement level,which synchronization mode,how to implement long-distance data replication and the key part of long-distance data replication-iSCSI RAID。The realizable long-distance system is put forward concerning about system reliability,efficiency and cost。After this paper's introduction,you can find how to establish each kind of safety protection for their level。Establishing compatible safety iSCSI storage system is one of the purposes of this paper。...