V7.6 Technical Update Byron Grossnickle Consulting IT Specialist byrongro@us.ibm.com Bill Wiegand Consulting IT Specialist wiegandb@us.ibm.com Denis Frank Spectrum Virtualize Performance Architect © Copyright IBM Corporation 2015 IBM Spectrum Virtualize Software Version 7.6 Functionality delivered in IBM SVC, Storwize family, FlashSystem V9000, VersaStack • Improve data security and reduce capital and operating expense – Single point of control for encrypting data on heterogeneous storage simplifies management – Eliminates need to buy new storage systems to enable encryption • Improve data protection and performance with lower cost storage – Distributed RAID improves drive rebuild time 5-10x: enables use of large drives with more confidence – All drives are active, which improves performance especially with flash drives • Reduce cost and complexity for high availability configurations – New GUI makes HyperSwap easier to configure and use – IP quorum support eliminates need for extra storage and fibre channel networking to third site • Reduce cost of storage: store up to 5x as much data in same space – Quicker, easier view of potential compression benefits with integrated Comprestimator • Simplify storage management in virtualized environments – vVol support delivers tighter integration with VMware vSphere – Provided in conjunction with IBM Spectrum Control Base Edition © Copyright IBM Corporation 2015 2 Agenda • • • • • • • Software based encryption IP based quorum Integrated CLI based Comprestimator VMware vVols Distributed RAID HyperSwap updates Miscellaneous enhancements © Copyright IBM Corporation 2015 3 V7.6 Technical Update Byron Grossnickle Consulting IT Specialist byrongro@us.ibm.com © Copyright IBM Corporation 2015 Software Encryption for Data at Rest Adds the ability to Encrypt externally virtualized storage (MDisks): Encryption performed by software in the node/canister SVC DH8, Storwize V7000 Gen2 and FlashSystem V9000 For external encryption all I/O groups must be external encryption capable Uses AES_NI CPU instruction set and engines 8 cores on the 1 CPU are used for encryption Each core capable of 1GB/sec (8GB/sec/node, 16GB/sec/iogrp) AES 256-XTS Encryption, which is a FIPS 140-2 compliant algorithm •Any other statement is a misnomer •Not FIPS 140-2 certified or “compliant” Encryption enabled at the storage pool level A pool is therefore encrypting or not All volumes created in an encrypted pool are automatically encrypted MDisks now have an 'encrypted' or not attribute Can mix external and internal encryption in same pool If an MDisk is self-encrypting (and identified), then per-pool encryption will not encrypt any data to be sent to that MDisk Child pools can also have keys, which are different to the parent pool USB key management support External key manager support being planned for 1H16 © Copyright IBM Corporation 2015 5 When is Data Encrypted/Decrypted Data is encrypted/decrypted when it is written to/read from external storage •Encryption/decryption performed in software using Intel AES-NI instructions Data is stored encrypted in storage systems Data is encrypted when transferred across SAN between IBM Spectrum Virtualize system and external storage (back end) Data is not encrypted when transferred on SAN interfaces in other circumstances (front end/remote system/inter node) •Intra-system communication for clustered systems •Remote mirror •Server connections If appropriate, consider alternative encryption for “on the fly” data © Copyright IBM Corporation 2015 6 Implementing Encryption Two methods •Create new encrypted pool •Move volumes from existing pool to new pool •Create an encrypted child pool in the parent pool •Migrate or volume mirror appropriate volumes, expand the child pool as required and continue moving existing data •Downside to this method is that you cannot create more child pools if 1 child pool consumes all the space No “convert in place” function to encrypt existing pools May require additional capacity Unencrypted Pool © Copyright IBM Corporation 2015 Encrypted Pool 7 Mixed Encryption in a Pool Data in this example is encrypted with 3 different keys MDisk is created as an internal encrypted RAID array. SAS Chip Encrypts on Storwize or DH8 SAS card in 24F MDisk is external with the -encrypt option set Back end storage array encrypts. Security characteristics could be different MDisk is external without the -enrypt option set External encryption is used to encrypt with the pool key © Copyright IBM Corporation 2015 8 Encryption Key Management IBM Spectrum Virtualize has built-in key management Two types of keys •Master key (one per system/cluster) •Data encryption key (one per encrypted pool) Master key is created when encryption enabled •Stored on USB devices •Required to use a system with encryption enabled •Required on boot or re-key process, stored in volatile memory on system •May be changed Data encryption key is used to encrypt data and is created automatically when an encrypted pool is created •Stored encrypted with the master key •No way to view data encryption key •Cannot be changed •Discarded when an array is deleted (secure erase) © Copyright IBM Corporation 2015 9 CLI Changes for External Encryption •View changes • Add new encryption attributes for lsmdiskgrp • Use of encryption attribute for external MDisks in lsmdisk for self-encrypting MDisks • Adding an encryption attribute for lsvdisk •New command options • mkmdiskgrp adds -encrypt parameter • chmdisk adds -encrypt parameter to show an MDisk is self-encrypting • Additional policing of migrate commands • Additional policing of image mode volumes • Additional policing of addnode/addcontrolenclosure © Copyright IBM Corporation 2015 10 Resources Designated for External Encryption •DH8/V9000 •8 CPU cores on first CPU •Each core capable of @ 1GB/sec •Encrypting everything will decrease I/O group throughput by @ 25% •13 GB read unencrypted, 10 GB read encrypted with a mixed block size •No delta if compression is enabled •V7000 •No compression enabled – 7 of 8 cores •Compression enabled – 4 of 8 cores © Copyright IBM Corporation 2015 11 Ordering Encryption FlashSystem V9000 •Order feature AF14 on Model AE2 (flash enclosure). Includes USB devices and enablement Storwize V7000 Gen2: Order for each control enclosure •Feature ACE1: Encryption Enablement •Feature ACEA: Encryption USB Flash Drives (Four Pack) •Ordering Encryption Includes Internal AND External Encryption SVC: Order for each DH8 engine •Feature ACE2: Encryption Enablement •Feature ACEB: Encryption USB Flash Drives (Pair) •Once license of IBM Spectrum Virtualize Software for SVC Encryption 5641-B01 (AAS) or •This is the first hard license feature to go on SVC •All nodes in the cluster must be DH8 5725-Y35 (PPA) Features are available for plant or field installation © Copyright IBM Corporation 2015 12 Encryption Recommendations •If you can encrypt on the back end storage with no performance penalty or encrypt with data in place, take that option •For example, an XIV can encrypt it's data without the need to move it •The DS8K, XIV and V7K Internal encryption can be done with no performance penalty •If you need more granular key management or single methodology use external encryption •i.e. key per child pool •Single methodology for entire environment (i.e. encryption is done the same way for everything) •Be careful when mixing types of encryption in the same pool, as different forms of encryption may have different security characteristics © Copyright IBM Corporation 2015 13 IP Quorum Devices •The user will use either the CLI or the GUI to generate a Java-based quorum application which is run on a host located at a third site. •The user must also regenerate and redeploy this application when certain aspects of the cluster configuration change, e.g. a node is added. •The need for a regeneration will be indicated via a RAS event. •The maximum number of applications that can be deployed is five (5). •The IP topology must allow the quorum application to connect to the service IP addresses of all nodes. •The IP network and host must fulfill certain constraints: Requirement Constraint Comment Round-trip latency < 80ms No exceptions Port forwarding 1260 Owned by IBM Storage (IANA) – must be open on all hosts and nodes Suggested JRE IBM Java 7 (Others should work) © Copyright IBM Corporation 2015 14 Creating a Quorum Application •Use the mkquorumapp command to generate the quorum application •Make sure the cluster is in its final configuration before doing this •Download and extract the quorum app from the /dumps directory on to the hosting device •Start the quorum application with Java © Copyright IBM Corporation 2015 15 Creating a Quorum Application - Continued Start the Application https://docs.oracle.com/javase/tutorial/deployment/jar/basicsindex.html © Copyright IBM Corporation 2015 16 Comprestimator Integration •With R7.6, deployed as part of SVC/Storwize via CLI command vs separate host installable •Does not require compression license •Does not start RACE (RtC compression engine) •Same algorithm as host based tool so same results are expected •Schedule a volume or all volumes for estimation •Volumes are estimated in VDisk-id order •One volume per node at a given time within a given I/O group •Each I/O group processes its own volumes •Starts immediately (unless otherwise engaged) •Schedule all volumes in system •Display estimation results include thin provisioning, compression and overall results •All volumes output •Single volume output •Fast and accurate results •Rule of Thumb is <1 minute per volume (divided across nodes) with <5% error margin (same as CLI) © Copyright IBM Corporation 2015 17 CLI Commands for Comprestimator analyzevdisk - analyzes a specific volume lsvdiskanalysisprogress - Gives you the progress of the analysis. Helpful if doing the analysis on the entire system © Copyright IBM Corporation 2015 18 CLI Commands for Comprestimator (cont’d) analyzevdiskbysystem – Analyzes all volumes on system lsvdiskanalysis - lists the output. Can be listed for a single volume or if no volume identified, lists output for all volumes © Copyright IBM Corporation 2015 19 Examples - lsvdiskanalysis © Copyright IBM Corporation 2015 20 Examples – lsvdiskanalysis (cont) © Copyright IBM Corporation 2015 21 lsvdiskanalysis States •Estimated – Compression ratio has been determined. Give date and time of last •Active – Volume is currently being estimated •Scheduled – Volume is waiting to be estimated •Idle – Volume has never been estimated and is not scheduled to be estimated © Copyright IBM Corporation 2015 run 22 VMware / IBM Storage Integration Capabilities vCenter Management of IBM Storage •Provisioning, mapping and monitoring IBM storage in vSphere vStorage APIs for Array Integration (VAAI) •Host server offload capability Storage vStorage APIs for Storage Awareness (VASA) •IBM Storage Overview •Profile driven storage direction Site Recovery Manager (SRM) Integration •Replication simplification vRealize Suite (vCloud Suite) •Includes VMware vCenter Orchestrator (vCO), VMware vCenter Operations Manager (vCOPS) and VMware vCloud Automation Center (vCAC) IBM Spectrum Control Base •Central Storage Control Plane for Cloud vSphere Virtual Volumes (VVOLs) •XIV Storage abstraction delivers easy automated provisioning with tenant domains, policy-compliant service, snapshot and cloning offloading, and instant space reclamation •Technology Demo available at https://www.youtube.com/watch?v=HZtf5CaJx_Y&feature=youtu.be vStorage APIs for Data Protection (VADP) •Spectrum Protect Snapshot and Spectrum Protect for Virtual Environments © Copyright IBM Corporation 2015 23 Overview of IBM Storage VMware Integration Disaster Recovery Discovery Provisioning Optimization Cloud Operation (vRealize Suite for vSphere6) SRM SRA For XIV SRA For DS8000 SRA For Storwize vRA / vCAC vRO / vCO Backup Snapshot Management Automation Operations Management Self-service Server Virtualization vROPS / vCOPS vCenter VASA VWC Spectrum Control Base Spectrum Virtualize, Storwize, V9000, XIV, Spectrum Accelerate, DS8000 © Copyright IBM Corporation 2015 VADP Spectrum Protect VAAI support (data path integration) 24 Spectrum Control Base Edition A centralized server system that consolidates a range of IBM storage provisioning, automation, and monitoring solutions through a unified server platform Supported by VMware High Availability Groups for VASA provider redundancy •Active/passive mode IBM Spectrum Control Base Edition Target Environment Future Storage Arrays VASA XIV Mgmt Web Client Common Services DS8000 Mgmt (Authentication, High availability, Configuration storage, Etc) SVC Mgmt vROPs vRO <future plugin> Storage FlashSystem Mgmt 3rd Party Mgmt http://www-01.ibm.com/support/knowledgecenter/STWMS9/landing/IBM_Spectrum_Control_Base_Edition_welcome_page.html © Copyright IBM Corporation 2015 25 VMware / Spectrum Control Base Edition Integration © Copyright IBM Corporation 2015 26 New VM Virtual Volumes - compare the paradigms Current VDisks VM Volumes VDisks VMFS datastore VM Volume Volume Storage array XIV/SVC support for VMware vSphere Virtual Volumes (VVOL) – – – – Easy automated provisioning including multi-tenant Policy-compliant service levels Snapshot/cloning offloading, and instant space reclamation Hotspot-free predictability and ultra-efficient utilization © Copyright IBM Corporation 2015 VM Volume Storage array IBM was a Virtual Volumes design partner – +3 years working together! Delivers an excellent level of storage abstraction through VVOL 27 vSphere 6.0 Support - vVols Requirements vSphere 6.0 installation •Including vCenter and ESXi Servers VASA Provider for SVC/Storwize •Requires IBM Spectrum Control Base v2.2 SVC/Storwize running 7.6.x software •Will not be ported to 7.5 code base Key Benefits 1-to-1 mapping of VM’s drives to SVC Volumes No shared storage = No IO contention Granularity - More granular visibility, isolation and adjustment of VM storage Profile Based Storage Management – to aid storage provisioning Considerations Spectrum Control Base utilizes IP connectivity to SVC config node HyperSwap, Remote Copy, MSCS, DRS not currently supported © Copyright IBM Corporation 2015 28 VMware admin view of Child Pools Child pool can be same as a volume providing a VMFS datastore •Capacity is dedicated to VMware admin •Taken from a parent storage pool of a specific defined class VM admin sees ‘datastore’ that maps to Storwize child pool that the storage admin has given to VMware © Copyright IBM Corporation 2015 29 SVC Graphical User Interface changes Enable VVOL functionality in SVC: - Utility Volume is created - 2TB Space Efficient - Mirrored for redundancy Change Host Type to VVOL: Uses Protocol Endpoints (PE) for IO Allows automated map/unmap of SVC Volumes Existing hostmaps still work New User Role: - VASA runs with special privileges - Superuser cannot modify VVOLs © Copyright IBM Corporation 2015 30 V7.6 Technical Update Bill Wiegand Consulting IT Specialist wiegandb@us.ibm.com © Copyright IBM Corporation 2015 Traditional RAID 6 • Double parity improves data availability by protecting against single or double drive failure in an array However … • Spare drives are idle and cannot contribute to performance – Particularly an issue with flash drives • Rebuild limited by throughput of single drive ✗ – Longer rebuild time with larger drives – Potentially exposes data to risk of dual failure © Copyright IBM Corporation 2015 32 Traditional RAID 6 Active Drives Stripe Spares D1 D1 D2 D2 D3 D3 PP Q Q D1 D2 D3 D3 PP Q D1 D1 D2 D3 PP Q D1 D1 D2 D2 D3 P Q D1 D1 D2 D2 D3 D3 P Q D1 D1 D2 D2 D3 D3 P Q Each stripe is made up of data strips (represented by D1, D2 and D3 in this example) and two parity strips (P and Q) A strip is either 128K or 256K with 256K being the default Two parity strips means the ability to cope with two simultaneous drive failures Extent size is irrelevant Read from all drives © Copyright IBM Corporation 2015 Write to 1 drive 33 Problems with Traditional RAID With Traditional RAID (TRAID), reading from a single drive or multiple drives and writing to a single spare drive, the rebuild time is extended due to the spare drive’s performance. In addition the spares, when not being used, sit idle wasting resources. © Copyright IBM Corporation 2015 34 Distributed RAID • Improved RAID implementation – Faster drive rebuild improves availability and enables use of lower cost larger drives with confidence – All drives are active, which improves performance especially with flash drives • Spare capacity, not spare drives • Rotating spare capacity position distributes rebuild load across all drives • More drives participate in rebuild – Bottleneck of one drive is removed • More drives means faster rebuild – 5-10x faster than traditional RAID – Especially important when using large drives • No “idle” spare drives – All drives contribute to performance – Especially important when using flash drives © Copyright IBM Corporation 2015 35 Distributed RAID 6 Distribute 3+P+Q over 10 drives with 2 distributed spares Drive In this instance these 5 rows make up a pack We allocate the spare space depending on the pack number D1 D1 P D2 D2 Q D3 D3 D2 D2 Q D3 D3 D1 D1 P D3 D1 P D2 Q PP D2 D2 Q D3 D3 D1 Q D3 D3 D1 PP D2 D1 PP D2 Q D3 D2 Q D3 D1 D1 P D3 D1 D1 P D2 D2 Q D3 D1 P D2 Q Row The number of rows in a pack depends on the number of strips in a stripe, this means the pack size is constant for an array Extent size is irrelevant © Copyright IBM Corporation 2015 36 Problems with Traditional RAID With Distributed RAID (DRAID), more drives participate in the rebuild and the bottleneck of one drive is removed as more drives means faster rebuild and there are no “idle” drives as all drives contribute to performance © Copyright IBM Corporation 2015 37 DRAID Performance Goals • A 4TB drive can be rebuilt within 90 minutes for an array width of 128 drives with no host I/O • With host I/O, if drives are being utilized up to 50%, the rebuild time will be 50% slower – Approximately 3 hours, but still that is much faster then TRAID time of 24 hours for a 4TB drive • Main goal of DRAID is to significantly lower the probability of a second drive failing during the rebuild process compared to traditional RAID © Copyright IBM Corporation 2015 38 Distributed RAID • V7.6 supports Distributed RAID 5 & 6 – Distributed RAID 10 is a 2016 roadmap item • Up to 10 arrays/MDisks in an I/O Group and a maximum of 32 arrays in a system • Array/MDisk can only contain drives from the same or a superior drive class – E.g. 400GB SSDs available to build array, so only superior drives are SSDs > 400GB – E.g. 450GB 10K SAS available to build array, so only superior drives are 10/15K/SSDs >450GB – Recommendation is to use same drive class for array/MDisk • Traditional RAID is still supported – New arrays/MDisks will inherit properties of existing pool you are trying to add it to – New array width default for RAID5 is 8+P o If existing MDisks in pool are RAID5 7+P and/or 6+P then GUI will propose 6+P to match lowest width in pool • Conversion from traditional to distributed RAID is not supported • Ability to expand an array/MDisk is a 2016 roadmap item © Copyright IBM Corporation 2015 39 Distributed RAID • Minimum Drive Count in one array/MDisk – Distributed RAID5: 4 (2+P+S) – Distributed RAID6: 6 (3+P+S) • Maximum Drive Count in one array/MDisk is 128 – If there are 128 disks of same drive class the system will recommend two 64 drive or three 42 drive arrays/MDisks (not sure exactly until we get beta code to test with) – Goal is 48-60 per array/MDisk – 1 to 4 spares worth of rebuild capacity allowed per array/MDisk no matter how many drives in the array o Default rebuild areas: – – – – Up to 36 drives: 1 spare 37-72 drives: 2 spares 73 to 100 drives: 3 spares 101 to 128 drives: 4 spares • Recommended stripe width – RAID5: 9 (8+P) o Note that this is now the default width for TRAID in the GUI – RAID6: 12 (10+P+Q) © Copyright IBM Corporation 2015 40 © Copyright IBM Corporation 2015 41 Drive classes available Amount of usable storage that will be added to the pool How many drives selected out of total candidates New capacity of the pool The actual arrays that will be created © Copyright IBM Corporation 2015 42 Raid type © Copyright IBM Corporation 2015 Number of spares Array Width 43 What’s new in HyperSwap V7.6 • Read I/O optimization • New Volume CLIs • GUI support for HyperSwap © Copyright IBM Corporation 2015 44 Read I/O in V7.5 Host Server Host Server Site 1 Site 2 Vol_1P Node 1 I/O Group 1 Vol_1S Node 2 Node 3 Site 1 © Copyright IBM Corporation 2015 I/O Group 2 Site 2 Site 1 Storage Pool 1 Node 4 Site 2 Quorum Site 3 Storage Pool 2 Reads are always forwarded to the primary volume, even if the secondary is up to date 45 Read I/O in V7.6 – Optimized Host Server Host Server Site 1 Site 2 Vol_1P Vol_1S Node 1 I/O Group 1 Node 2 Node 3 Site 1 © Copyright IBM Corporation 2015 I/O Group 2 Site 2 Site 1 Storage Pool 1 Node 4 Site 2 Quorum Site 3 Reads are performed locally, as long as the local copy is up to date Storage Pool 2 46 What makes up a HyperSwap volume? © Copyright IBM Corporation 2015 47 New Volume Commands Creating a HyperSwap volume in V7.5 Creating a HyperSwap volume in V7.6 1) 2) 3) 4) 5) 6) 7) 8) 1) mkvolume my_volume mkvdisk master_vdisk mkvdisk aux_vdisk mkvdisk master_change_volume mkvdisk aux_change_volume mkrcrelationship –activeactive chrcrelationship -masterchange chrcrelationship -auxchange addvdiskacces © Copyright IBM Corporation 2015 48 New Volume Commands 5 new CLI commands for administering Volumes: • • • • • mkvolume mkimagevolume addvolumecopy rmvolumecopy rmvolume Also: • lsvdisk now includes “volume_id”, “volume_name” and “function” fields to easily identify the individual volumes that make up a HyperSwap volume © Copyright IBM Corporation 2015 49 New Volume CLIs • mkvolume – Create a new empty volume using storage from existing storage pools – Volume is always formatted (zeroed) – Can be used to create: o o o o Basic volume Mirrored volume Stretched volume HyperSwap volume - any topology - standard topology - stretched topology - hyperswap topology – The type of volume created is determined by the system topology and the number of storage pools specified • mkimagevolume – Create a new image mode volume – Can be used to import a volume, preserving existing data – Implemented as a separate command to provide greater differentiation between the action of creating a new empty volume and creating a volume by importing data on an existing MDisk © Copyright IBM Corporation 2015 50 New Volume CLIs • addvolumecopy – Add a new copy to an existing volume – The new copy will always be synchronized from the existing copy – For stretched and hyperswap topology systems this creates a highly available volume – Can be used to create: o Mirrored volume o Stretched volume o HyperSwap volume - standard topology - stretched topology - hyperswap topology • rmvolumecopy – Remove a copy of a volume but leaves the actual volume intact – Converts a Mirrored, Stretched or HyperSwap volume into a basic volume – For a HyperSwap volume this includes deleting the active-active relationship and the change volumes – Allows a copy to be identified simply by its site – The -force parameter from ‘rmvdiskcopy’ is replaced by individual override parameters, making it clearer to the user exactly what protection they are bypassing © Copyright IBM Corporation 2015 51 New Volume CLIs • rmvolume – Remove a volume – For a HyperSwap volume this includes deleting the active-active relationship and the change volumes – The -force parameter from ‘rmvdisk’ is replaced by individual override parameters, making it clearer to the user exactly what protection they are bypassing © Copyright IBM Corporation 2015 52 GUI Support for HyperSwap – Configuring system topology Add Nodes ----------------------------------------Rename System Rename Sites Modify System Topology Turn Off All Identify LEDs Flip Layout Update> ----------------------------------------Power Off ----------------------------------------Properties © Copyright IBM Corporation 2015 53 GUI Support for HyperSwap – Configuring system topology Configure Multi-site Set Multi-Site Site 1: London Site 2: Hursley Site 3 (quorum): Manchester Back © Copyright IBM Corporation 2015 Next Cancel 54 GUI Support for HyperSwap – Configuring system topology Topology: © Copyright IBM Corporation 2015 55 GUI Support for HyperSwap – Configuring system topology Topology: © Copyright IBM Corporation 2015 56 GUI Support for HyperSwap – Creating a HyperSwap volume Create Volumes Quick Volume Creation Advanced Basic Quantity: 1 HyperSwap Capacity: 24 Consistency group: London Pool: I/O group: GiB Capacity savings: Compressed Custom Name: My_hs_volume + None Hursley Pool1 Pool: Auto select I/O group: Pool2 Auto select Summary 1 volume 1 copy in Hursley 1 copy in London 1 active-active relationship 2 change volumes Create © Copyright IBM Corporation 2015 Create and Map to Host Cancel 57 GUI Support for HyperSwap – Viewing volumes © Copyright IBM Corporation 2015 58 GUI Support for HyperSwap – Creating a HyperSwap volume © Copyright IBM Corporation 2015 59 GUI Support for HyperSwap – Viewing volumes Volume copy status roll-up - change volumes are hidden © Copyright IBM Corporation 2015 60 SVC HyperSwap Cluster Layer Configuration SITE-1 SVC (iogrp0) Layer = replication SITE-2 SVC (iogrp1) Layer = replication V7K / V7K-U / V5K V7K / V7k-U / V5K (external storage) (external storage) Layer = storage Layer = storage SITE-3 V3700 (Quorum) Layer = storage © Copyright IBM Corporation 2015 61 Storwize HyperSwap Cluster Layer Configuration SITE-1 V7K/V5K (iogrp0) Layer = replication SITE-2 V7K/V5K (iogrp1) Layer = replication V7K / V7K-U / V5K V7K / V7K-U / V5K (external storage) (external storage) Layer = storage Layer = storage SITE-3 V3700 (Quorum) Layer = storage © Copyright IBM Corporation 2015 62 Miscellaneous changes • • • • • • • • 16Gb 4-port adapter Increase max number of iSCSI host attach sessions Remove 8G4 and 8A4 support V7.6 with V3500/V3700 User configurable max single IO time for RC Email setting allows '+' Enhance ETv3 DPA log Customizable login banner SSL certificates © Copyright IBM Corporation 2015 63 16Gb 4-port Adapter • This is a new 16Gb FC card – Supported on SVC DH8 nodes and V7000 Gen2 – Can’t activate the 2 ports unused in existing 16Gb HBA – MES available to swap 2 port card for this 4 port card • Support up to four 4-port 16 or 8Gb FC ports per DH8 node – Only one 10GbE adapter per node supported PCIe slot Cards supported by V7.6 PCIe slot Cards supported by V7.6 4 Empty or Compression Accelerator 2 Fibre Channel 4x8, 2x16, 4x16 or 10Gbps Ethernet 5 Fibre Channel 4x8, 2x16, 4x16 or 10Gbps Ethernet 3 Fibre Channel 4x8, 2x16, 4x16 or 12Gbps SAS 6 Empty or Compression Accelerator Fibre Channel 4x8, 2x16, 4x16 1 • Using any of slots 4-6 requires second CPU and 32GB cache upgrade © Copyright IBM Corporation 2015 64 16Gb 4-port Adapter • Storwize V7000 Gen2 (2076-524) PCIe slot Cards supported by V7.6 1 Compression Accelerator 2 Fibre Channel 4x8, 2x16, 4x16 or 10Gbps Ethernet 3 Fibre Channel 4x8, 2x16, 4x16 or 10Gbps Ethernet • Each one of the 4-port 16Gb ports will have 2 LEDs (amber and green) – LED behaviour is exactly the same as on the 2port 16Gb FC card • Supports maximum cable length of up to 5KM with single mode fibre and LW SFP – For certain use cases, cable length of more than 5KM can be used with DWDM/CWDM technology • Card supports 16G and 8G FC switches (minimum functional speed auto-negotiated) – When connected in direct attach mode, we support host HBAs running at 16G and 8G port speed • Only one 10GbE adapter per node canister supported © Copyright IBM Corporation 2015 65 Increase the max number of iSCSI host sessions per node • Hosts will continue to have a maximum of 4 iSCSI sessions per SVC node – Maximum of 8 paths to an I/O group • Administrators can now configure up to a maximum of 512 iSCSI Host IQNs per I/O group – Maximum of 2048 iSCSI Host IQNs for a 4 I/O group system © Copyright IBM Corporation 2015 66 Withdraw 8G4 and 8A4 support • SVC node models 2145-8G4 and 2145-8A4 will not support V7.6 – Customers will need to upgrade hardware to upgrade beyond V7.5 • Running the ‘upgradetestutility’ (aka CCU checker) will call out the non-support of 8xx nodes and any attempt to upgrade to V7.6 will fail © Copyright IBM Corporation 2015 67 Support of V7.6 with Storwize V3x00 • Storwize V3x00 systems with 8GB of memory per node canister support installation of V7.6 – If the node canisters only have 4GB of memory per canister the upgrade will fail • Solution is to order MES upgrade to 8GB of memory per node canister © Copyright IBM Corporation 2015 68 User configurable max single I/O time for Remote Copy • Problem – The current 1920 mechanism doesn't give the user fine granularity to prevent problems at secondary site from causing I/O delays on primary site – Applies to MM and GM • Solution – Instead of slandering the link, we want to allow the customer to set a system-wide timeout value – If a particular I/O takes more than that specified amount of time to complete, we will look at the stream the volume in question belongs to and do a version of a 1920 on it • CLI additions – Adding to chsystem o chsystem -maxreplicationdelay <value> o Sets a maximum replication delay in seconds: allows 0-360 (increments of 1) o If set to 0, feature is disabled – Adding view of this setting to ‘lssystem’ and ‘lspartnership’ © Copyright IBM Corporation 2015 69 Email setting wont accept “+” • Fix the problem whereby the email settings field does currently not support “+”, and therefore does not meet the Internet Message Format RFC 2822 © Copyright IBM Corporation 2015 70 Enhance the DPA log • With V7.6, Easy Tier DPA log is enabled by default • Customers will see log files named like dpa_log*.xml.gz under the /dumps/easytier folder • Easy Tier heat files are also moved into this new folder © Copyright IBM Corporation 2015 71 Customizable Login Message-of-the-Day • With V7.6 a user-configurable message can be displayed on CLI and GUI login panels • Configurable in GUI and CLI • CLI commands: – chbanner -file /tmp/loginmessage – chbanner -enable / disable – chbanner -clear © Copyright IBM Corporation 2015 72 SSL Certificates Currently, all SVC/Storwize systems use self-signed certificates – This causes security warnings in browsers, and breaks security guidelines Now we will allow the system to generate SSL certificates which the customer can then sign and re-upload to the system Also we increased the strength of SSL certificates generated – Both self-signed and customer-signed One certificate will be used for all uses of SSL on the system – – – – Cluster GUI Service GUI Keyserver Future enhancements © Copyright IBM Corporation 2015 73 New CLI Certificate Commands svcinfo lssystemcert – Displays the information about the installed certificate svctask chsystemcert – – – – mkselfsigned: This will generate a self-signed certificate, similar to how it currently works mkrequest: This generates an unsigned certificate, to be signed by an external authority install: Install a certificate signed by an external authority export: Export the current installed certificate in a format suitable for external use o E.g. a web browser • Self-signed certificates have optional parameters with defaults provided by the system • Unsigned certificates must have all parameters included in the CLI command © Copyright IBM Corporation 2015 74 New Error Messages New errors will be logged if the certificate is about to expire or has expired There will be a new DMP for these events, which will create a new certificate The same error/DMP will be used for self-signed and customer-signed certificates Certificate storage Certificates will be stored encrypted on nodes The key used to encrypt the certificate with will be sealed by the TPM if it exists, otherwise stored plain text on the node HDD The key used to encrypt the certificate will not be in cluster data The key used to encrypt the certificate will be transferred between nodes by secure key manager transfer When a node is removed from the cluster, it will delete the key A T3 may not be able to restore the existing certificate, depending on circumstances A T4 will not try to restore the existing certificate. It will generate a new self-signed certificate © Copyright IBM Corporation 2015 75 Worldwide Support Change • Improvement in worldwide support processes, 24 hours a day, seven days a week: – Enhanced support includes the addition of 24-hour support response to severity 2 calls, seven days a week, for SVC, V7000, V7K Unified, and V9000 customers on November 27, 2015 • For additional details, consult your IBM Software Support Handbook: – http://www.ibm.com/support/handbook • Announcement letters: – IBM FlashSystem 900 and V9000 deliver enhanced worldwide support – IBM Spectrum Virtualize Software V7.6 delivers a flexible, responsive, available, scalable, and efficient storage environment © Copyright IBM Corporation 2015 76 V7.6 Technical Update Denis Frank Spectrum Virtualize Performance Architect © Copyright IBM Corporation 2015 Performance relevant features in V7.6 • Distributed RAID (DRAID) • Software Encryption • 4 port 16Gb Fibre Channel adapter © Copyright IBM Corporation 2015 78 DRAID - Overview • Traditional RAID (TRAID) has a very rigid layout: – RAID-10: N data drives + N mirrors, spares – RAID-5/6: N data drives + P checksum drive (RAID-6: P+Q), spares • DRAID distributes blocks over any number of drives such that: – Spares are virtualised and distributed across drives – Host IO is balanced across drives – Rebuilding a failed drive balances IO across all other drives • DRAID keeps the same failure protection guarantees – (N data blocks plus P (+Q) checksum) balanced over more physical drives • DRAID recommendation is 40-80 physical drives (up to 128) – 8+P (RAID-5) and 10+P+Q (RAID-6) striping © Copyright IBM Corporation 2015 79 DRAID – Performance targets • Similar performance on recommended configurations to the same number of drives as in traditional arrays • CPU limited workloads (e.g. SSDs, short I/O, few arrays): – 1 DRAID similar to 1 TRAID – why: 1 CPU core used per array, V7000 Gen2 CPU has 8 cores – Future (2016): will provide better load balancing per stride • Drive limited workloads (e.g. Nearline): – 1 DRAID (N drives) similar to M TRAIDs with N/M drives each – Example: 1 DRAID (10 drives) similar to 2 TRAID (2x5 drives) (neglecting spares) © Copyright IBM Corporation 2015 80 DRAID – Rebuild performance targets • DRAID rebuild up to 10 times faster than TRAID • Without host I/O: A 4TB drive can be rebuilt within 90 minutes for an array width of 128 drives • With host I/O: if drives are being utilized up to 50%, the rebuild time will be 50% slower • Benefit: Lower probability of second drive failing during rebuild on recommended configurations compared to Traditional RAID. • Planned (2016): will only rebuild actual used capacity on a drive © Copyright IBM Corporation 2015 81 Software Encryption - Overview • Encrypt data on external storage controllers with no encryption capability • Will not double encrypt – use external / hardware encryption on – – – – Virtualized FlashSystems Storage controllers reporting encrypted disks in SCSI Inquiry page C2 SAS hardware encryption on internal storage (drives) on V7k v2, DH8 External MDisks manually defined as encrypted • Industry Standard XTS-AES256 with AES_NI CPU instruction set • Per-Pool encryption • Software Performance impact 10 – 20% worst case on systems under maximum load • Note: DRAID encryption delayed to V7.6 PTF release © Copyright IBM Corporation 2015 82 Software Encryption – Performance measured SVC DH8 over FlashSystem (SW encryption), 1 I/O group, 8Gb FC, cache miss encrypted unencrypted % performance 4k random read (IOPs) 520k 600k 86% 4k random write (IOPs) 168k 185k 90% 256k random read (MB/s) 10700 13000 82% 256k random write (MB/s) 2900 3100 93% Storwize V7000 Gen2 over 50% FlashSystem (SW encrytion) / 50% SSD RAID5 (HW encryption), 1 I/O group, 8Gb FC, cache miss encrypted unencrypted 4k random read (IOPs) 270k 316k 85% 4k random write (IOPs) 74k 83k 89% 256k random read (MB/s) 7200 9200 78% 256k random write (MB/s) 2600 3100 83% © Copyright IBM Corporation 2015 % performance 83 16Gb Fibre Channel Adapter Support for 4-port 16Gb/s Emulex G6 Lancer cards SVC DH8: Up to 4 cards per node E.g. 8 cards (32 ports) per I/O group V7000 Gen2: Up to 4 cards (16 ports) per control enclosure Performance: Early measurements with 32 ports (DH8) / 16 ports (V7000 Gen2) show 16Gb FC performance over similar 8G FC configuration below (Cache hit maximum throughput) Short 4k read/write (IOPs) similar to existing 8Gb FC Bandwidth 256k read (MB/s) plus 75% improvement Bandwidth 256k write (MB/s) similar to existing 8Gb FC © Copyright IBM Corporation 2015 84 Questions? © Copyright IBM Corporation 2015 Legal Notices Copyright © 2015 by International Business Machines Corporation. All rights reserved. No part of this document may be reproduced or transmitted in any form without written permission from IBM Corporation. Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. This document could include technical inaccuracies or typographical errors. IBM may make improvements and/or changes in the product(s) and/or program(s) described herein at any time without notice. Any statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Any reference to an IBM Program Product in this document is not intended to state or imply that only that program product may be used. Any functionally equivalent program, that does not infringe IBM's intellectually property rights, may be used instead. THE INFORMATION PROVIDED IN THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER OR IMPLIED. IBM LY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IBM shall have no responsibility to update this information. IBM products are warranted, if at all, according to the terms and conditions of the agreements (e.g., IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. IBM makes no representations or warranties, ed or implied, regarding non-IBM products and services. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents or copyrights. Inquiries regarding patent or copyright licenses should be made, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 1 0504- 785 U.S.A. © Copyright IBM Corporation 2015 86 Information and Trademarks IBM, the IBM logo, ibm.com, IBM System Storage, IBM Spectrum Storage, IBM Spectrum Control, IBM Spectrum Protect, IBM Spectrum Archive, IBM Spectrum Virtualize, IBM Spectrum Scale, IBM Spectrum Accelerate, Softlayer, and XIV are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at http://www.ibm.com/legal/copytrade.shtml The following are trademarks or registered trademarks of other companies. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. IT Infrastructure Library is a Registered Trade Mark of AXELOS Limited. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. ITIL is a Registered Trade Mark of AXELOS Limited. UNIX is a registered trademark of The Open Group in the United States and other countries. * All other products may be trademarks or registered trademarks of their respective companies. Notes: Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography. This presentation and the claims outlined in it were reviewed for compliance with US law. Adaptations of these claims for use in other geographies must be reviewed by the local country counsel for compliance with local laws. © Copyright IBM Corporation 2015 87 Special notices This document was developed for IBM offerings in the United States as of the date of publication. IBM may not make these offerings available in other countries, and the information is subject to change without notice. Consult your local IBM business contact for information on the IBM offerings available in your area. Information in this document concerning non-IBM products was obtained from the suppliers of these products or other public sources. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. Send license inquires, in writing, to IBM Director of Licensing, IBM Corporation, New Castle Drive, Armonk, NY 10504-1785 USA. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. The information contained in this document has not been submitted to any formal IBM test and is provided "AS IS" with no warranties or guarantees either expressed or implied. All examples cited or described in this document are presented as illustrations of the manner in which some IBM products can be used and the results that may be achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. IBM Global Financing offerings are provided through IBM Credit Corporation in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and government clients. Rates are based on a client's credit rating, financing terms, offering type, equipment type and options, and may vary by country. Other restrictions may apply. Rates and offerings are subject to change, extension or withdrawal without notice. IBM is not responsible for printing errors in this document that result in pricing or information inaccuracies. All prices shown are IBM's United States suggested list prices and are subject to change without notice; reseller prices may vary. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. Any performance data contained in this document was determined in a controlled environment. Actual results may vary significantly and are dependent on many factors including system hardware configuration and software design and configuration. Some measurements quoted in this document may have been made on development-level systems. There is no guarantee these measurements will be the same on generally-available systems. Some measurements quoted in this document may have been estimated through extrapolation. Users of this document should verify the applicable data for their specific environment. © Copyright IBM Corporation 2015 88