Dell EMC Isilon: SMB 3 Encryption in Healthcare

[Pages:13]Technical White Paper

Dell EMC Isilon: SMB 3 Encryption in Healthcare

Abstract

This document evaluates the performance of SMB 3 encryption and networkattached Dell EMCTM IsilonTM storage in healthcare environments. July 2019

H17856

Revisions

Revisions

Date July 2019

Description Initial release

Acknowledgements

Author: James Fleming

The information in this publication is provided "as is." Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.

Use, copying, and distribution of any software described in this publication requires an applicable software license.

Copyright ? 2019 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [7/11/2019] [Technical White Paper] [H17856]

2

Dell EMC Isilon: SMB 3 Encryption in Healthcare | H17856

Table of contents

Table of contents

Revisions............................................................................................................................................................................. 2 Acknowledgements .............................................................................................................................................................2 Table of contents ................................................................................................................................................................3 Executive summary.............................................................................................................................................................4 1 Solution overview .........................................................................................................................................................5 2 Encryption configuration ...............................................................................................................................................7

2.1.1 Encryption of all shares ......................................................................................................................................7 2.1.2 Encryption a single share ...................................................................................................................................8 2.1.3 Validate encryption .............................................................................................................................................9 3 Testing........................................................................................................................................................................10 4 Results........................................................................................................................................................................12 A Technical support and resources ...............................................................................................................................13

3

Dell EMC Isilon: SMB 3 Encryption in Healthcare | H17856

Executive summary

Executive summary

Securing patient information is a top requirement for every healthcare entity. Most healthcare technology solution vendors seek to leverage secure, reliable methods of transferring data from server-to-server or server-to-client. SMB 3.0 provides a solution which encrypts data between devices to directly address this concern.

This document evaluates the performance of SMB 3 encryption and network-attached Dell EMCTM IsilonTM storage. It validates that encryption on shared storage has minimal impact on performance and availability. It also includes test results with SMB 3.0 technology and a discussion of the increased overhead it can add to data transfers.

The comprehensive testing of the SMB 3 encryption and Isilon configuration shows that this solution is ready and future-proofed for high-volume production environments operated by healthcare providers. The tests show acceptable performance and utilization results for the additional security that SMB 3 encryption offers.

With the results of these tests, healthcare technology partners can recognize the enhanced security of clinical content that moves through Dell EMC solutions.

4

Dell EMC Isilon: SMB 3 Encryption in Healthcare | H17856

Solution overview

1 Solution overview

In this document, SMB 3.0 testing was performed on a single host running VMware? ESXiTM 6.5. The host is a 4-socket server using Intel? Xeon? E7 4870, 2.40GHz, 10-core CPUs with 150 GB of RAM. This server is connected to the network through a single 10 GB link.

Two servers were created on the host with the same specifications. One server hosted Microsoft? Windows Server? 2012 and the other hosted Windows Server 2016. Both servers were configured with 8 vCPUs and 32 GB of RAM. Both OS versions were loaded on the same datastore using 300 GB of capacity.

The dataset was designed to represent a normal image load for a healthcare environment. The dataset was a single directory with 100,000 files, with a file size of 127 K. This testing was not used to measure the performance of each Isilon system, but tested the additional time required when using SMB 3 encryption.

H400

Microsoft Windows Server 2012

8 vCPU/32 GB

Microsoft Windows Server 2016 8vCPU/32 GB

VMware v6.5/E7-4870@2.40 GHz

10Gb

H500 A200

A2000

Details for the Isilon systems are as follows:

? H500: 4U-Single-128GB-1x1GE-2x10GE SFP+-30TB-1638GB SSD

- 4 nodes - OneFS v8.1.2

5

Dell EMC Isilon: SMB 3 Encryption in Healthcare | H17856

Solution overview

? H400: 4U-Single-64GB-1x1GE-2x10GE SFP+-30TB-1638GB SSD

- 4 nodes - OneFS v8.1.2

? A200: 4U-Single-16GB-2x1GE-2x10GE SFP+-30TB-400GB SSD

- 4 Nodes - OneFS v8.1.2

? A2000: 4U-Single-16GB-2x1GE-2x10GE SFP+-200TB-800GB SSD

- 4 Nodes - OneFS v8.1.2

Each Isilon system was configured with two SMB shares for each server. One share was for encrypted data and the other share was for unencrypted data. Each share was then shared between the Isilon cluster and the server, and the encrypted share was configured on the Isilon system. Isilon clusters were left in their default configurations; there were no modifications done to the Isilon clusters for this testing.

6

Dell EMC Isilon: SMB 3 Encryption in Healthcare | H17856

Encryption configuration

2 Encryption configuration

Isilon storage supports encryption of all SMB shares or a single SMB share. For the testing performed, encryption of a single share was used. This section covers configuration steps for both types of encryption.

2.1.1

Encryption of all shares

To apply encryption to all shares, perform the following:

isi smb settings shares modify --smb3-encryption-enabled=yes

To check that encryption is set to all shares, use the following command:

isi smb settings shares view

Verify SMB3 encryption enabled is set to Yes. When you set encryption at a single share, this will remain a No output:

ilab-isilon05-1# isi smb settings shares view Access Based Enumeration: No Access Based Enumeration Root Only: No Allow Delete Readonly: No Allow Execute Always: No Ca Timeout: 120 Strict Ca Lockout: Yes Ca Write Integrity: write-read-coherent Change Notify: norecurse Create Permissions: default acl Directory Create Mask: 0700 Directory Create Mode: 0000 File Create Mask: 0700 File Create Mode: 0100 File Filtering Enabled: No File Filter Extensions: File Filter Type: deny Hide Dot Files: No Host ACL: Impersonate Guest: never Impersonate User: Mangle Byte Start: 0XED00 Mangle Map: 0x01-0x1F:-1, 0x22:-1, 0x2A:-1, 0x3A:-1, 0x3C:-1, 0x3E:-1, 0x3F:-1, 0x5C:-1 Ntfs ACL Support: Yes Oplocks: Yes Smb3 Encryption Enabled: Yes Strict Flush: Yes Strict Locking: No

7

Dell EMC Isilon: SMB 3 Encryption in Healthcare | H17856

Encryption configuration

2.1.2

Encryption a single share

Under Protocols in OneFS, create an SMB share by performing the following command. In this example, the share name is smb.

isi smb shares modify smb --smb3-encryption-enabled=true

To confirm, use the following command:

isi smb shares view smb

Verify SMB3 encryption enabled is set to Yes. The output is as follows:

ilab-isilon05-1# isi smb shares view smb

Share Name: smb

Path: /ifs/data/smb

Description:

Client-side Caching Policy: manual

Automatically expand user names or domain names: False

Automatically create home directories for users: False

Browsable: True

Permissions:

Account Type Run as Root Permission Type Permission

----------------------------------------------------------------

jim user

False allow

full

Everyone wellknown False allow

read

----------------------------------------------------------------

Total: 2

Access Based Enumeration: No Access Based Enumeration Root Only: No Allow Delete Readonly: No Allow Execute Always: No Ca Timeout: 120 Continuously Available: No Strict Ca Lockout: Yes Ca Write Integrity: write-read-coherent Change Notify: norecurse Create Permissions: default acl Directory Create Mask: 0700 Directory Create Mode: 0000 File Create Mask: 0700 File Create Mode: 0100 File Filtering Enabled: No File Filter Extensions: File Filter Type: deny Hide Dot Files: No Host ACL: Impersonate Guest: never Impersonate User: Mangle Byte Start: 0XED00 Mangle Map: 0x01-0x1F:-1, 0x22:-1, 0x2A:-1, 0x3A:-1, 0x3C:-1, 0x3E:-1, 0x3F:-1, 0x5C:-1 Ntfs ACL Support: Yes Oplocks: Yes Smb3 Encryption Enabled: Yes Strict Flush: Yes Strict Locking: No

8

Dell EMC Isilon: SMB 3 Encryption in Healthcare | H17856

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download