SCSI switchbox ?

Hi,

I have 2 computers with 1 backup tape and I want they will share the same casset on the same tape but
network connection is not an option.

do you know hardware like scsi switchbox so I could switch between the two computers but they won't be relly connected each other?

(actually, a backup robot do that but it is out of badget)

Thanks, Tom
LVL 1
TomDromiAsked:
Who is Participating?
 
magarityCommented:
OK, lengthy replies follow.  Please read CAREFULLY, because if you skim the word 'compromise' and panic then you haven't read it properly:

"1. is your controller-tape-controller is 110% network-saparation?"

Yes, it is 100% separated for run-time.  If machine 1 is compromised it can only write something to the tape.  There is no way to send operating system executable commands over the SCSI bus to machine 2.  

You would need to crack machine 2, read from the tape and then execute whatever you saved from previously cracked machine #1.  If you can crack machine 2 in the first place, saving something on the tape is a not the threat.  As long as machine #2 does not restore and execute an infected file that compromised machine #1 saved, you're all set.  This is NOT a fault of the shared SCSI setup.  You would have to watch out for this even if you manually carried the disconnected tape drive between the two machines.

<MOST IMPORTANT POINT>

This is so important I'll repeat it:

The ONLY potential for compromise is an infected file saved to tape by cracked machine #1 is restored on machine #2 and executed.  This requires the person doing the restore to machine #2 to be the responsible party, NOT the shared SCSI setup!  There is NO WAY for an intruder to execute anything on machine #2 without the help of an irresponsible tape-restorer.

</ most important point>

"2. also, I need solution so the sync will be automatically with an interval"

This is important because with two controllers they must not write to the tape at the same time.  With a SCSI hard drive this is possible, but a tape drive's linear nature makes two concurrent access problematic.  As long as you are careful to time the access so that one machine goes at a time, you're all set.

Just remember to set the SCSI IDs of all the devices on the chain, including the two controllers, to unique numbers.  Assuming:
1.  there is no other devices
2. the tape drive has two SCSI connectors or is not terminated
Then the layout would be:

termination of internal chain or card
     |
SCSI card in machine 1, ID#0
     |
tape drive, ID#1
     |
SCSI card in machine 2, ID#2
    |
termination of internal chain or card

Note the concerns from highstart about slowing down high speed LVD devices.  Since tape is fairly slow, consider dedicating a pair of cheaper basic SCSI cards to this setup rather than the server's RAID capable controller's external port.  Besides, you can't put a linear device like a tape on the same controller that is running a disk RAID.
0
 
Ryan RowleyCommented:
Yes, there are SCSI manual Switchboxes for sell.
They work just like a printer or video switch.
Make sure you terminate your chain and you might have to
power down before you switch on some. Depends on your
particular situation.
0
 
Ryan RowleyCommented:
I see them at my local electronics/surplus store.
Are you using any deferential or LVD devices on your
external chain?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
magarityCommented:
I'm very curious:  how is networking not an option?

However, a switchbox is not needed (and I wonder how that works; never seen one before).  As long as the SCSI cards can be set to different IDs (usually default to ID 7) then you can just chain from one SCSI card to the tape to the other SCSI card.  Terminate only the internal chain on each card.  Then just make sure to never try to use the device from both computers at the same time.

regards,
magarity
0
 
magarityCommented:
Well, here is a SCSI switch for two computers to share one device:

http://www.ramelectronics.net/apcon/2x1.htm

regards,
magarity
PS - I wondered why I hadn't seen them before; now I know why.
0
 
Ryan RowleyCommented:
Magarity,
Expensive powered switch. You can find manual ones for
around $30-$50. You have to be careful with termination
and you can't use it like a KVM switch. Both computers can
not use it at the same time. It just makes it easier to
share a low use device between multiple systems. Saves you
from having to disconnect and reconnecting the device.
0
 
magarityCommented:
You don't need to disconnect it using the method I've described, you need one less SCSI cable, and no switchbox.
0
 
Ryan RowleyCommented:
To use the daisy chain method we would have to know more
about the equipment being used. Types of SCSI Host cards.
If there are any external SCSI devices and what type of
SCSI devices. Also I have seen tape drives that have only
a SCSI in connector and are terminated. Designed to be the
last device on the chain. If you are chaining a SCSI 1 to
another SCSI 1 with only the tape in between, then there would be no problems.
0
 
magarityCommented:
The tape drive with only one SCSI connection would be the one showstopper for my idea.  We need to hear back from tomdromi about that one.

Otherwise, you don't need to know any more about the SCSI cards than would be needed to hook up the tape drive in the first place.  Well, you need to go into their setup and change the ID on one of them to something that isn't already taken, but that's it.

As for chaining between different types, that's no more problem than using a switch box between different types.

Well, either will work.  I just personally find manual switchboxes to be kludgy solutions.  Let's hear from the questioner.
0
 
Ryan RowleyCommented:
If your running LVD or other highspeed devices the Host
card will drop to the lowest common denominator. So if
the tape is a SCSI 1 50 pin device it could hurt the performance of other devices. This is not a problem if the
SCSI 1 tape is only used part of the time. Then you have
various cable connections. ie 50 pin, 68 pin, 80 pin
Centronic adapters, HD pin adapters, SCA adapters.
So the overall system has to be considered.
0
 
Ryan RowleyCommented:
Personally I wouldn't use a SCSI Switch box. I would use
other methods.
0
 
TomDromiAuthor Commented:
Hello,

highstar1 and magarity - thanks for your comment.

1. I need this option to sync between 2 DBs - one on web server and the other on the main DB. because of security reasons I don't want (and forbidden by my boses) to connect between the two. so I need a way to be sure in 110% that hakers won't be able jump between the networks.
I need an hardware solution that make this network saparate.
is your controller-tape-controller is 110% network-saparation?

2. also, I need solution so the sync will be automatically with an interval (so menual switch isn't possible)

3. I prefer not to buy auto-switch in 1000$.

what do you think now?
Thanks, TomDromi
0
 
TomDromiAuthor Commented:
Hello,

highstar1 and magarity - thanks for your comment.

1. I need this option to sync between 2 DBs - one on web server and the other on the main DB. because of security reasons I don't want (and forbidden by my boses) to connect between the two. so I need a way to be sure in 110% that hakers won't be able jump between the networks.
I need an hardware solution that make this network saparate.
is your controller-tape-controller is 110% network-saparation?

2. also, I need solution so the sync will be automatically with an interval (so menual switch isn't possible)

3. I prefer not to buy auto-switch in 1000$.

what do you think now?
Thanks, TomDromi
0
 
Ryan RowleyCommented:
I deal alot with DoD security issues. I'll give your
situation some thought.
0
 
Ryan RowleyCommented:
Sounds like your budget is a big limiting factor here.
You could use your parallel, serial or USB ports to
do this as well. If your systems have high performance
SCSI hosts, I would buy two cheap SCSI 1 cards ($25) and
try magarity's plan. It might be the cheapest way to reach your goals. From a security point of view, there would be other choices. They would be more expensive to implement. Magarity's plan wouldn't fly in the secure environments that I work with.  I don't think the hackers have the resources to attack Magarity's setup.
0
 
Ryan RowleyCommented:
You will need some scheduling software to insure that the drive is not accessed by both systems at the same time.
0
 
TomDromiAuthor Commented:
Hi,

highstar1, why "From a security point of view,
there would be other choices" ?
TomDromi
0
 
magarityCommented:
Because human error, or an inside operative, could load and execute on the 'inside' computer a malicious file saved to the tape by a cracker on the compromised 'outside' computer.  If you were so worried about this, you would find the budget to get another unit or better screen your employees with access to the 'inside' computer.  Government intelligence agencies (NRO, et al) and corporate research facilities (Watson Labs, et al) could justify this concern.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.