Vendors Encircle Radius

SAN equipment vendors -- with the clear support of Microsoft Corp. (Nasdaq: MSFT) -- are rallying around the Remote Authentication Dial-In User Service (Radius) authentication protocol as a standard that promises to seal up a potential security hole in Fibre Channel fabrics.

The latest development on this front is QLogic Corp.'s (Nasdaq: QLGC) announcement today that it has implemented Microsoft's version of the Radius protocol on its SANbox2 line of switches.

Radius, an Internet Engineering Task Force (IETF) protocol, is used to authenticate, authorize, and audit users and devices in a network according to previously defined permissions, based on existing enterprise policy. While most storage companies offer proprietary ways of ensuring that only authorized people and machines have access to different servers and data, Radius -- which has long been the standard authentication protocol on the IP networking side -- is rapidly becoming the industry standard for storage as well.

Fibre Channel storage devices are not actually required to run Radius, but are required to run the Challenge Handshake Access Protocol (CHAP), which is compliant with Radius. Industry observers say Radius offers many additional benefits: Instead of having to configure every individual server with individual access policies and the associated usernames and passwords, Radius provides centralized management for all server authentication and authorization. This not only removes complexity; it is also safer, since all the passwords are stored on the Radius server.

"You can go to a single point to give access or take access away," says Brandon Hoff, McData Corp.'s (Nasdaq: MCDTA) senior manager of advanced development.