Network Appliance is having a tough time keeping still these days. The storage company is proving in 2006 that it is not afraid to spread its wings in new technology areas, evidenced by the expected release next week of its new VTL (virtual tape library) technology and enhanced Decru DataFort storage security appliance.
Recently, NetApp CEO Dan Warmenhoven sat down with eWEEK Senior Writer Brian Fonseca to discuss NetApps roadmap approach, the relationship of storage and encryption, and how virtualization will be featured prominently for NetApps customers very soon.
Backed by your new [NearStore] VTL technology and storage encryption capabilities, NetApp is expanding its product roadmap and focus into several new areas. How does security fit into that paradigm?
As we look forward, we see us expanding beyond this space of storage systems, thats what led us to the acquisition of Decru and certain others like Alacritus with its virtual tape library.
We also have a big push going on for our own virtualization solutions which dont carry any disks either. Our vision is that a lot of functionality will be deployed inside the storage network that is between the servers and the storage systems. And it will provide a variety of different services, and data security is one of those services that goes in there.
Now I view security as being one of these multifaceted topics. Theres network security, but there is a type of security which protects the data on the storage device—we call it data at rest. So whether data is sitting on a disk or sitting on tape, its protected. Its very different than the kind of thing that Symantec is focusing on.
What role does encryption have to play with locking down storage environments?
The notion of this, deploying [encryption] technology inside the storage network whether it be Ethernet or a SAN, is really not new. There are all different styles of things that might go in there, like a virtualization solution. You see one from IBM, one from EMC, one from ourselves, obviously one from Hitachi. Security encryption solutions logically fit right there.
You could even envision some time in the future having a DNS-type service. DNS on the Web does a mapping of the name of a URL to an address.
It gives you a level of transportation destination, and you can do the same for data. Give the name server if you will the name of data youre trying to locate and it returns back to the location. So there is data management services I think will evolve into the network and thats kind of our view to where the future is going.
What factors have stalled storage encryption efforts? Are customers ready to adopt this model with NetApp as a provider through Decru?
Theres been two significant problems with encryption. DES encryption has been around for a long time, but it is not widely deployed. First, it always impacted application performance and data access performance.
If you look at major backup solutions like Tivoli Storage Manager, almost all of them have an encryption option. As you write to the tape you can encrypt. The only problem is it slows down backup by a factor of four or five, so its not very practical. The other issue is the management of the keys is very complex. Putting a policy together around personnel practices and policies and then translating that to a technical solution in terms of key management has always been a very difficult problem.
Decru I think aptly addresses both of those issues. It does encryption at wire speeds with custom semiconductors. One of the issues on key management for encryption is if you write to a backup tape and send it off to a repository and bring it back to a different location—thats assuming your strategy for business continuity relies on a portion of tape. So the primary source got destroyed, and you bring it back to secondary data center. Now how did the key get there? That could be several years later.
Key management policies have really been one of obstacles and Decru has really flattened that issue, taken it right away.
Next Page: Integrating Decru technology.
Integrating Decru Technology
Are there any plans to integrate Decru and NetApp technology or will the company continue to operate as a stand-alone business unit? What becomes of Decrus storage partners?
[Decru is] running more like a division than a subsidiary. They share our human resources practices and policies; weve consolidated financial reporting, and manufacturing will be consolidated at well. The independence comes from both the engineering, product management and sales and marketing side of things.
Before we acquired Decru we had almost completed an agreement for an OEM model. We would OEM and resell Decru technology. We did not execute that. We turned it into an acquisition instead, but essentially that is the model were working on now.
So Decru internally OEMs their product into the NetApp sales force and they partner with other storage vendors as well like EMC and so on, through a non-NetApp sales force which really is Decru-specific. I dont see that aspect changing. We like to see our storage competitors comfortable partnering with Decru.
Youll notice that EMC has this reseller capability. When an EMC salesperson wants to partner with Decru, we dont want them to feel inhibited. Thats by design. We want to keep them separate and theres really good business reasons for that.
On the technology front, theres already good decisions underway between engineering teams should part of the functionality flow to the storage systems and so on. And my view is that will evolve naturally over a period of years. You may want to do key management in the network but do the actual encrypting right at the storage unit.
If EMC would like to incorporate the semiconductors that Decru developed to do encryption at wire speeds into one of their products, Id be open to the discussion.
What can customers expect to see in terms of virtualization technology resulting from NetApps acquisition of Spinnaker? Why the delay?
It has been a big job and Im very pleased. The technical strategy here was to take our current operating system which is now about roughly 12 or 13 years old called Data ONTAP and integrate that with the Spinnaker operating system, Spin OS.
Its the fusion of the two that will essentially create a new generation of operating system for us. That is a big challenge. Think about taking the Macintosh OS and Windows and putting that together. That is a big challenge. Its a lot of code—its millions and millions of lines of code. I have confidence it will be ready to go to market early [this] year.
How will the “next-generation” NetApp OS/Spinnaker technology being developed be able to benefit storage systems?
The first major component for the Spinnaker architecture was the ability to scale out. That is to have more machines, more processors, scale horizontally and still retain the notion of a single system.
You can start with one machine, coupled to another, coupled up to a third, coupled up to a fourth, and you get all that computer power parallel. Its actually I/O power in parallel, so you can build a storage infrastructure that can scale as broad as your compute infrastructure.
Thats what we think is the next stage in storage architecture. The other thing it does in the first release is it provides what we call a unified namespace, which is the way a single system image is achieved. Normally, to access a piece of data you have to know which volume or which disk its on, be it either disk B or disk C, or volume on the network.
The idea here, analogous to URL naming convention, by having a standardized naming scheme, the system will resolve the names of the location in a transparent manner. What that means is that you can migrate data from one unit to another, transparently to end users or applications, so data management becomes independent of whats going on in server and end-user sides of the equation.
What pitfalls must NetApp avoid as it remakes its brand from strong NAS-based roots into a storage provider with much more under the hood?
I really dont endorse the strategy EMC has with moving into applications space with things like Documentum. To us, thats an inappropriate expansion at least from our perspective. Were going to do everything a customer needs in the area of storage infrastructure. Storage infrastructure to me includes all data management services that go with it, like managing all content in [an enterprise].
You can conjecture where that might go, [such as] embedding search and indexing into a storage infrastructure so you can more easily find information, things of that nature.