Storage Area Network Technologies November 2014 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Course objectives After completing this course, you should be able to: • Explain disk connectivity options and disk technologies • Identify storage area network (SAN) host components and technologies, including the HP Virtual Connect FlexFabric • Discuss advanced Fibre Channel technologies such as Fibre Channel addressing, zoning, fabric segmentation, and quality of service (QoS) • Explain iSCSI SAN and technologies such as Net RAID • Discuss SAN security • Explain data protection terms and technologies • Discuss storage area network design 2 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Disk technologies © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Parallel SCSI • A SCSI standard established by ANSI in 1986, but still evolving • The Common Command Set (CCS) was developed in parallel with the ANSI SCSI-1, SCSI-2, SCSI-3, and SCSI-4 standards • The SCSI-1 standard was too permissive and allowed too many vendor-specific options • The result was incompatibility between products from different vendors, which made for confusion on: − Speed and feed: Fast, Ultra, Ultra2, narrow, and wide − Command sets: Common Command Set, Enhanced Command Set − Termination: Passive, Active, Forced Perfect Termination • Ultra320 and Ultra640 (AKA Fast-320) are the last offerings IMPORTANT: When referring to SCSI disks, you need to know specific details about the interface type and signaling method. NOTICE: Ultra640 standard reached the limits of speed/cable lengths, that made it impractical for more than two devices. Most manufacturers skipped over Ultra640 for Serial Attached SCSI instead. 4 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Serial ATA (SATA) • Hot-plug and Native Command Queuing (NCQ) support • Transfer rates up to 300 MB/s for SATA2 and 600 MB/s for SATA3, using half-duplex • SATA3.1 introduced support for Solid State Disks (SSD) and the Zero-Power Optical Disk Drive • SATA3.2 combines SATA commands with the PCI Express interface to achieve device speeds up to 16 Gb/s • Mean Time Before Failure (MTBF) is 1.2 million hours 5 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Serial Attached SCSI • SAS uses the full-duplex architecture, effectively doubling the transfer speeds • The current SAS standard provides speed of 12 Gb/s, with a maximum theoretical speed of 16 Gb/s • The maximum number of attached devices is 128 (compared to 16 for Parallel SCSI) • A single SAS domain can address up to 65,535 devices using a fanout expander • The MTBF is increased to 1.6 million hours 6 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Near-line SAS • Serial Attached SCSI provides backward compatibility with SATA • The near-line SAS drive is combination of a regular SATA drive with a SAS interface • The near-line SAS drives enable all of the enterprise features of SAS • Because near-line SAS uses SATA drives, performance and MTBF are limited by the SATA technology 7 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Native Command Queuing What is Native Command Queuing (NCQ)? • NCQ is a technology designed to increase the performance of SATA drives. • Disks are enabled to internally optimize the order in which read/write commands are executed. • NCQ is reducing the amount of unnecessary HDD head movement. • NCQ is supported on the HP Smart Array P400, P400i, E500, and P800 disk controllers. 8 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. NCQ performance gains 9 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SAS domains 10 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Solid State Drives • Based on Flash memory technology • Use the same communication protocols as magnetic disk drives • Based on two technologies − Single-Level Cell (SLC) − Multi-Level Cell (MLC) Solid State Drive functional diagram NOTE: Solid State Hybrid Drives (SSHDs) combine the large capacity of HDD with the speed of the SSD used for caching to improve performance and keep the price low. 11 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Single-level cell • As the name suggests, SLC Flash stores one bit value per cell, which basically is a voltage level − The bit value is interpreted as a “0” or a “1” • Because there are only two states, it represents only one bit value − Each bit can have a value of “programmed” or “erased” 12 Value State 0 Programmed 1 Erased © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Multi-level cell • An MLC cell can represent multiple values • These values can be interpreted as four distinct states: 00, 01, 10, or 11 Value State 00 Fully programmed 01 Partially programmed 10 Partially erased 11 Fully erased 13 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Comparing SLC and MLC Characteristic SLC MLC Density 16 Mb 32 Mb 64 Mb Read speed 100ns 120ns 150ns Block size 64 Kb 128 Kb Architecture x8 X8/x16 Endurance 100,000 cycles 10,000 cycles Industrial Commercial Operating temperature NOTE: MLC is less desirable for use in server storage. 14 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SSD wear leveling What is wear leveling? • Technology used to increase the overall endurance of NAND-based SSDs • Each NAND cell supports up to 100,000 read/write operations • Wear leveling continuously remaps logical SCSI blocks to different physical pages in the NAND array, ensuring that reads and writes remain equally distributed • Logical-to-physical mapping is maintained as a pointer array in the high-speed DRAM on the SSD controller − This index is then copied to a special region of NAND to enable rebuilding of the map in the case of a sudden power loss 15 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SSD over-provisioning • On high-end SSDs, it is possible to over-provision by 25% above the stated storage capacity • Distributes the total number of reads and writes across a larger population of NAND blocks and pages over time • The SSD controller gets additional buffer space for managing page writes and NAND block erases 16 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SmartSSD Wear Gauge NOTE: SmartSSD Wear Gauge is part of the Array Configuration Utility (ACU) in the HP Intelligent Provisioning that is embedded in HP ProLiant Gen8 and newer servers. 17 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Disk enclosures • A disk enclosure is a specialized casing designed to hold and power disk drives while providing a mechanism to allow them to communicate to one or more separate computers • In enterprise terms, “disk enclosure” refers to a larger physical disk chassis • Disk enclosures do not have RAID controllers • Disk enclosures can be connected directly to the hosts HP D2700 6Gb Drive Enclosure 18 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fault-tolerant cabling Fault-tolerant cabling allows any drive enclosure to fail or be removed while maintaining access to other enclosures • P2000 G3 Modular Storage Array (MSA) • Two D2700 6Gb enclosures • The I/O module As on the drive enclosures are shaded green • The I/O module Bs on the drive enclosures are shaded red 19 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Straight-through cabling Straight-through cabling can sometimes provide increased performance in the array, it also increases the risk of losing access to one or more enclosures in the event of an enclosure failure or removal • P2000 G3 Modular Storage Array (MSA) • Two D2700 6Gb enclosures • The I/O module As on the drive enclosures are shaded green • The I/O module Bs on the drive enclosures are shaded red 20 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. LUN masking • Enables host visibility of LUNs within the storage array • LUN granularity • Independent of zoning • Can be implemented at the host, fabric, or array level • Used for data security • Selective Storage Presentation on HP 3PAR and EVA Arrays 21 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Storage virtualization HP 3PAR Storage Virtualization Scheme 22 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fat (thick) or thin provisioning 23 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. HP Storage Arrays Consolidation and performance HP XP7 EVA P6000 Storage HP 3PAR StoreServ 10000 HP XP P9500 HP 3PAR StoreServ 7000 HP StoreVirtual 4000 Storage 1536 TB maximum 1/10 GbE iSCSI ports 8 Gb FC ports 4 PB maximum HP P2000 MSA Array System 1200TB maximum 384 TB maximum 8 Gb FC ports 1/8 Gb FC ports 720 TB maximum 10 Gb/sec iSCSI ports 8 Gb FC ports 6 Gb/sec SAS ports 1/10 GbE iSCSI ports (4) 3PAR 7000 6-core 1.8 GHz controller nodes 2 PB maximum 247 PB external storage 3.2 PB maximum 255 PB external maximum storage 8 Gb FC ports maximum 10 Gb/sec iSCSI ports 1/10 Gb/s iSCSI (8) 3PAR quad-core ports 2.8GHz P10000 controller nodes Business continuity and availability 24 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Storage area network hosts © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SAN hosts • Multiple HBAs to connect to different SAN fabrics • Need to be members of a zone in each fabric • Need to have visibility to the disk array ports within the zone to allow them to map storage presentations • Might have additional multipath drivers or software to enable failover and policy-based load balancing in a redundant fabric SAN design 26 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Hosts and Fibre Channel • To communicate with Fibre Channel infrastructure, the host requires a host bus adapter (HBA) • Each HBA port physically connects to the fabric and becomes visible to the SAN • Port behavior depends on the HBA driver configuration and type and on the configuration of the fabric port 27 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Converged network adapter • Converged network adapter (CNA) combines: − Traditional host bus adapters for Fibre Channel (FC-HBA) and Ethernet network interface cards (NICs) − Fibre Channel over Ethernet (FCoE) protocol − Converged Enhanced Ethernet (CEE) 28 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. N_Port ID virtualization What is NPIV? • N_Port ID Virtualization (NPIV) is an industry-standard Fibre Channel protocol that provides a means to assign multiple Fibre Channel addresses on the same physical link. • NPIV makes a single Fibre Channel port appear as multiple virtual ports, each having its own N_Port ID and virtual WWN. • HP offers an NPIV-based Fibre Channel interconnect option for server blades called Virtual Connect. 29 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. NPIV • NPIV allows a single HBA, called an “N_Port,” to register multiple World Wide Port Names (WWPNs) and N_Port identification numbers 30 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Server virtualization with NPIV 31 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. HP Virtual Connect Fibre Channel 32 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. HP Virtual Connect FlexFabric • Up to four physical functions for each server blade adapter network port • The physical function corresponds to the HBA • Four physical functions share the 10 Gb link • One of the four physical functions can be defined as the Fibre Channel HBA, and the remaining three will act as NICs • Each physical function has 100% hardware-level performance, but the bandwidth might be finetuned to quickly adapt to virtual server workload demands 33 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Boot from SAN What is boot from SAN? The process of booting a server using external storage devices over a SAN • Used for server and storage consolidation • Minimizes server maintenance and reduces backup time • Allows for rapid infrastructure changes 34 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Multipath concept • Multipath I/O (MPIO) provides automatic path failover between the server and the disk arrays • Some multipath solutions provide load balancing over multiple HBA paths 35 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Path failover • Failover is handled by MPIO, and it is supported via services, drivers, and agents • It is transparent to the applications • The administrator has to configure the primary and alternate paths 36 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Load balancing • MPIO provides load balancing across all installed HBAs (ports) in a server • There are various load-balancing policies, depending on the multipath software: − Round robin − Least I/O − Least bandwidth − Shortest queue (requests, bytes, service time) 37 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Microsoft Multi-Port IO • Uses redundant physical paths to eliminate single points of failure between servers and storage • Increases data reliability and availability • Reduces bottlenecks • Provides fault tolerance and load balancing • Two components: − Drivers developed by Microsoft − Device-specific modules (DSMs) developed by storage vendors to Microsoft standards NOTICE: Starting with Windows Server 2008, Microsoft provides native multipathing (Microsoft MPIO) software. 38 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fibre Channel advanced features © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fibre Channel addressing • Fibre Channel switch ports use a 24-bit address scheme − Allows for 16 million addresses 40 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fibre Channel name and address • 24-bit addresses are automatically assigned by the topology to remove the overhead of manual administration • Unlike the WWN addresses, port addresses are not built-in • The switch is responsible for assigning and maintaining the port addresses • The switch maintains the correlation between the port address and the WWN address of the device on that port • The Name server is a component of the fabric operating system running on the switch 41 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fibre Channel port address (1 of 2) • A 24-bit port address consist of three parts: − Domain—Bits from 23 to 16 − Area—Bits from 15 to 08 − Port or arbitrated loop physical address (AL_PA)—Bits from 07 to 00 42 8 bits 8 bits 8 bits Domain Area Port 239 addresses 256 addresses 256 addresses © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fibre Channel port address (2 of 2) Domain Area Port • The address of the switch itself • 256 possible addresses, but some bits are reserved • Only 239 addresses are actually available − This means that you can have up to 239 switches in your SAN environment • Provides 256 addresses • Identifies the individual FL_Ports supporting loops • Can be used as the identifier of a group of F_Ports • Provides 256 addresses • Identifies the attached N_ports and NL_Ports Available addresses: 239 x 256 x 256 = 15,663,104 43 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Simple Name Server • The Name server stores information about all of the devices in the fabric • An instance of the Name server runs on every Fibre Channel switch in a SAN • A switch service that stores names, addresses, and attributes for up to 15 minutes and provides them as required to other devices in the fabric 44 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. 10-bit addressing mode • The number of physical ports on the switch is limited to 256 by the number of bits in the Area part of the Fibre Channel address. • Director switches, such as Brocade DCX and DCX 4, support Virtual Fabric, where the number of required ports might easily grow to more than 256. • To support up to 1,024 ports in a Virtual Fabric, use the 10-bit addressing mode. • The 10-bit addressing mode uses the 8-bit Area_ID and the borrowed upper 2 bits from the AL_PA portion of the port ID. 8 bits 8 bits Domain Area 239 addresses 45 1024 addresses 2 bits 6 bits Port 64 addresses © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Arbitrated loop addressing • In an arbitrated loop, only one of the three bytes is used − The least significant 8 bits − Known as the AL_PA 46 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Arbitrated loop order sets • An ordered set is a group of four transmission characters. • An arbitrated loop has several order sets that are used in: − Loop arbitration − Opening of loop circuits − Closing of loop circuits • Loop arbitration is a complex process of transmitting signals (order sets). • The two types of order sets are: − Frame delimiters—Exists at the start or the end of the frame − Primitive—Order sets without frames Port Arbitration Activity Example 47 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fabric flow control • An Arbitrated Loop uses arbitration, and a switched fabric uses flow control to prevent data overruns at the receiver side. • Fibre Channel implements a credit-based flow-control mechanism to prevent frame dropping. • The transmitter (Tx) can send frames in the amount of the buffer-to-buffer (B2B) credits reported by the receiver (Rx). • For each packet sent, the Rx port needs to send an R_Rdy (Receiver_Ready, Fibre Channel Primitive) signal. 48 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Types of flow control • Fibre Channel defines two types of flow control: − Buffer-to-buffer (port to port) − End-to-end (source to destination) 49 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fibre Channel class of service • Fibre Channel defines several classes of service (CoS), which can be used by applications to provide the optimal type of delivery priority and flow control, depending on the type of application data. • Each CoS uses a connection-oriented, packet-switched, or quality of service (QoS) communication strategy. 50 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fabric zoning • A method of restricting server access to storage resources that are not allocated to that server • Similar to LUN masking • Implemented on the switch • Operates on the basis of port identification (WWPN) • Zoning types: − Software based—Restricts only the fabric name service to show only an allowed subset of devices − Hardware based—Restricts the actual communication across a fabric − Port based—Zoning applied to the switch port to which a device is connected − WWN based—Zoning that restricts access by a 51 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. device WWN Hard and soft zoning Hard zoning • A member is identified by its port number • Known as “hard” zoning • Enforced by a switch at a hard level Soft zoning • A member is identified by its port WWN • Known as “soft” zoning • Enforced by the Name server, which returns filtered responses to port queries 52 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Software zone enforcement • The Name server service in the fabric masks the Name server entries that a host should not access. • When the host logs in to the fabric, it discovers only the unmasked Name server entries. • Software-enforced zoning has no mechanism that prevents a host from accessing storage. 53 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Hardware zone enforcement • Hardware enforcement − Frame-based − Session-based • Performed by the Application-Specific Integrated Circuits (ASICs) in fabric switches • A proactive security mechanism • Every port has a filter that allows only the traffic defined by the zoning configuration to pass through 54 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Zoning decisions Zoning by HBA Zoning by OS Zoning by application • Each zone has one HBA (the initiator) • Each of the target devices is added to the zone • If the HBA also accesses tape devices, a separate zone is created for the HBA and the associated tape devices • Zoning by HBA limits disruptions and the number of fabric change notifications • The minimum required zoning method • Multiple HBAs with the same operating system are grouped with the accessed storage ports • Prevents the interaction of the HBAs with incompatible operating systems • Combines multiple operating systems in the same zone • Allows for potential disruptions • More susceptible to administrative errors 55 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Traffic isolation zones • Traffic isolation (TI) allows data paths to be specified • TI zoning has the following benefits: − Separates direct attached storage device (DASD) and tape traffic − Selects traffic for diverse Inter-Switch Link (ISL) routes − In conjunction with long-distance channel extension equipment, it guarantees bandwidth for certain mission-critical data 56 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Brocade QoS zones • A Quality of Service (QoS) zone adds trafficshaping capabilities to regular zones • The priority of a traffic flow is set to High or Low, based on the name of the zone − High-priority zone name: QoSH<id>_<zonename> − Low-priority zone name: QoSL<id>_<zonename> 57 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. LSAN zones • A Logical SAN provides device connectivity between fabrics without merging the fabrics • It consists of zones in two or more edge or backbone fabrics that contain the same devices • Members must be identified by their port WWN, because port IDs are not necessarily unique across fabrics 58 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fabric segmentation • Fabric segmentation occurs when two or more switches are joined together by ISLs but they do not communicate with each other • Possible causes for fabric segmentation are: − Zone type mismatch − Zone content mismatch − Zone configuration mismatch − Duplicate domain IDs 59 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. iSCSI storage area network © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. The value of an iSCSI SAN architecture • Built on top of a dedicated or existing Gigabit Ethernet infrastructure • Uses the familiar TCP/IP technology • The IP protocol is universal and it works seamlessly, regardless of the equipment vendor • Customers can leverage the 10Gb Ethernet • iSCSI components can be virtualized • Removes distance limitations 61 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Built for virtualization HP StoreVirtual Technology • Simple management for virtualized environments Simple • All-inclusive licensing with enterprise-class storage features • Virtualization platform integration for increased functionality and ease of use • Nondisruptively scale performance and capacity Scalable Highly available 62 • One homogenous storage pool with iSCSI and Fibre Channel connectivity • Proven five 9s high availability and reliability • Multisite disaster recovery with transparent failover • Online data mobility across systems, locations, and technology changes © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. HP StoreVirtual for iSCSI and Fibre Channel For customers: • With disjointed storage pools across Fibre Channel and iSCSI networks − Leverages a single storage architecture for all applications in the enterprise • Standardizing on Ethernet-based technologies − Provides easier migration options when going from Fibre Channel to iSCSI • Looking for an all-inclusive enterprise feature set Centralized managemen t console Fibre Channel 10GbE IP network (SAN/iQ OS/iSCSI) network iSCSI clients FC clients HP StoreVirtual 4330 or 4730 63 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. HP StoreVirtual storage clustering • HP StoreVirtual offers storage clustering as a way to: − Aggregate all components for performance − Load balance data across all nodes − Offer nondisruptive scalability − Create a tiered environment for different performance requirements − Offer online volume migration − Simplify management through a centralized management console 64 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Scale-out architecture Start with the current needs • Use storage nodes to build clusters • Leverage all critical resources Grow as needed • Scale performance and capacity linearly • Data remains online as you grow Build single or multiple tiers • SSD, SAS, and Nearline SAS clusters • Migrate data with Peer Motion 65 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Seamless and nondisruptive data mobility StoreVirtual Peer Motion • Systems • Tiers • Locations • Form factors • Disk types • Different generations • Physical and virtual platforms Peer Motion Seamlessly move volumes between: 43 30 43 30 43 30 43 30 In a matter of minutes—Swap out or swap in entire clusters and upgrade technology nondisruptively All data remains online and available 66 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Network RAID • Creates redundant copies of blocks that reside on different storage nodes • The mirroring level cannot exceed the number of nodes in the cluster • Supports 2-, 3-, and 4-way mirroring • Requires 2, 3, or 4 times as much storage 67 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Network RAID 0 • Every block of data will be written once. • Blocks are striped across the nodes. • The failure of one node means the loss of the whole volume because there is no redundancy. 68 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Network RAID 10 • Network RAID 10 data is striped and mirrored across two storage systems. • Network RAID 10 is the default data protection level assigned when creating a volume, as long as there are two or more storage systems in the cluster. • Data in a volume configured with Network RAID 10 is available and preserved in the event that one storage system becomes unavailable. 69 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Network RAID 10+1 • Network RAID 10+1 data is striped and mirrored across three or more storage systems. • Data is available and preserved in the event that any two storage systems become unavailable. 70 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Network RAID 10+2 • Network RAID 10+2 data is striped and mirrored across four or more storage systems. • Data is available and preserved in the event that any two storage systems become unavailable. • Network RAID 10+2 is designed for multisite SANs, to preserve data in the event of an entire site becoming unavailable. 71 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Network RAID 5 • Data is divided into stripes. • Each stripe is stored on three of the storage systems, and parity is stored on the fourth system. • Data is available and preserved in the event that any single storage system becomes unavailable. 72 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Network RAID 6 • Network RAID 6 divides the data into stripes. • Each stripe is stored on four of the storage systems in the cluster, and parity is stored on the fifth and sixth systems. • Data is preserved and available in the event that any two storage systems become unavailable. 73 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Storage area network security © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SAN security • Storage security is the act of protecting the data that resides in the SAN from unauthorized access. • Security is an Internet Protocol (IP) issue, not a Fibre Channel issue. • To provide proper protection, all aspects of data security must be addressed. • On average, more resources are spent on protecting web servers than on protecting SANs. 75 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Security model • The security of a computer system is responsibility of a security manager. • Three types of attacks, corresponding to the three aspects of information security: − Data can be made unavailable for access − Data can be deleted or modified without permission − Data can be examined without permission • Security can be implemented at three levels in the SAN: − Storage array level − Fabric level − Host level 76 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Elements of storage security 77 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Differentiating data security and data protection Data protection deals with information dependability • Reliability, availability, fault protection, performance, and so on Information security includes the following core principles: • Confidentiality • Integrity • Availability • Possession • Authenticity 78 • Utility • Privacy • Authorized use • Nonrepudiation © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Transitive trust problem • SAN security must not be treated separated from the security of other parts of IT infrastructure such as networking. • If there is a network security breach, SAN data becomes exposed even if the storage infrastructure remains intact. • Risk mitigation includes: − Identification (authentication) − Authorization (LUN and tape access permissions) − Audit − Encryption (data on disk and tape and data in transit) 79 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SAN security: Where and how to implement it Where? How? • Enable authentication for: − User − Management − Server − Switch • To prevent unauthorized access: − Use multilevel passwords. − Use Access Control Lists (ACLs). − Use centralized access control or Domain authentication. 80 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fabric Access Control Lists (ACLs) • The Brocade Fabric OS provides following policies: − Fabric configuration server (FCS) policy − Device connection control (DCC) policies − Switch connection control (SCC) policy • The FCS, DCC, and SCC policy members are specified by the device port WWN, the switch WWN, domain IDs, or switch names, depending on the policy Valid methods for specifying policy members: 81 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Device authentication • The authentication of devices is an effort expended by a device to ensure the identity of another device with which it is communicating. 82 • Levels of authentication − None − Trusting the device address − Challenging the device to prove its identity © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Device authorization • Authorization is used to perform the selective presentation of devices and LUNs 83 • Levels of authorization: − No authorization • Used on DAS − LUN masking and selective LUN presentation based on the WWN − iSCSI • By using ACLs at the device level or per LUN − NAS • Authorization using supported operating system methods © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data encryption • Data transferred across an untrusted connection must be secured. • Data encryption is necessary to prevent unauthorized access in the case of lost media − Lost CD, DVD, tape, or disk • In general, data can be encrypted: − In flight • Fibre Channel, Ethernet, WAN − At rest • On a disk or tape 84 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Management security • An important aspect of security that is applicable to SANs • Management security includes: − The authentication of administrators − Single sign-on technologies (Active Directory, LDAP, and so on) − Selective administration capability − Role-based access − Error tracking − A centralized management view 85 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data protection © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data protection overview • The primary goal of data protection is to maintain the availability of data. • RAID is designed to protect data against bit and byte errors. − RAID is not backup! 87 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Challenges in data protection • Long backup windows • Long recovery times • Protection gaps • Inconsistent recovery • Impacts on production applications • Disaster recovery • Compliance 88 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Recovery Time and Recovery Point Objectives • The Recovery Time Objective (RTO) is the goal for how quickly you need to have your information available after downtime has occurred. • The Recovery Point Objective (RPO) describes the point in time to which data must be restored to successfully resume processing. RPO RTO Time Last Backup 89 Event Data Restored © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data protection • Physical tapes − Traditional destination for backup sets − Shelf life of up to 30 years − Requires tape library solutions to handle complex backup environments • Virtual Tapes • Replication − Local − Remote • Clustering 90 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data protection topologies • Direct backup − A fast but expensive solution − Data is backed up to locally attached tape drives − Complex administration • Centralized server backup − Client-server architecture − One server has a tape library attached − Uses a LAN to transport data • The LAN might become a bottleneck 91 • Centralized SAN backup − A LAN is used only to initiate and control a data backup − Data is moved over the SAN − Tape libraries are connected to the SAN fabric © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Tape libraries • Dedicated SAN-based devices • High performance, capacity, and availability • Compatible with the latest tape technologies • Contain sophisticated robotics to automate tapechanging • Provide data encryption to comply with standards 92 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Virtual tape libraries • Emulate physical tapes and libraries to back up software • Capable of supporting parallel jobs • Reduce backup time • Granular recovery enables fast single-file restores • Fibre Channel and iSCSI connectivity HP StoreOnce Backup 93 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Remote Copy introduction • Array-based remote replication solution for an HP 3PAR Storage Array • Supported modes: − Synchronous − Asynchronous periodic − Asynchronous long distance • Supported transports: − Fibre Channel − Ethernet − Fibre Channel over IP 94 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Fibre Channel-based Remote Copy High performance • Used for campus-distance solutions • Offers low latency and high bandwidth Flexible • Direct or Fibre Channel SANs are supported • Extended-distance technologies − Longwave links − FCIP bridging or routing 95 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Native IP-based Remote Copy Native IP eliminates the need for expensive converters • Distance flexibility • Cost-effective Designed to be transport agnostic • Native Gigabit Ethernet TCP/IP today • Other protocols will be quickly assimilated 96 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Synchronous mode operation 4 2 Host server 3 1 Write request 6 Primary acknowledges the Host 97 Data is written to the cache on two nodes Data is written to cache on two nodes Write request is forwarded Primary Storage Array 5 Secondary or Backup Storage Array Secondary or Backup acknowledges the Primary © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Asynchronous periodic operation 2 Only the most recent data is written to the cache on the nodes Data is written to the cache on two nodes Host server 1 Write request 3 Primary acknowledges the Host 98 Primary Storage Array Only the most recent data is copied over, “deltas” Secondary or Backup Storage Array Scheduled or manual resynchronization © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Synchronous long distance Fibre Channel sync mode • The same volume is protected on two arrays. − One in synchronous mode − One in asynchronous mode • Customers need to replicate the delta changes from one of the disaster recovery sites in case of a failure • In the case of a failure, a full sync of a volume is not required A Bidirectional between Source and Sync targets A ’ B ’ Metropolitan distance (Source – Sync site) B Sync Site, Target 1 Source A ’ DR Site, Target 2 Continental distance (Source, Sync – DR Site) 99 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Deduplication 100 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Deduplication in remote and branch office setups 101 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Storage area network design © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SAN design considerations Distance & Geographic Layout Connectivity & Capacity Scalability Availability Performance Management & Security 103 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Planning considerations • Inventory of the current environment • Growth plan • Current storage configuration • LAN and SAN structure • Application uses • Traffic loads • Peak periods • Current performance • Current constraints • Use of the existing fiber cables • Use of the existing components 104 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. HP standard supported SAN topologies HP simplified design HP SAN design considerations Three approaches to designing a SAN • Based on the scope and requirements for a given business application, HP SAN topologies depend on the required: − Size − Availability − Performance − Extendibility • You can implement: − An HP standard SAN fabric topology design − A subset or variation of an HP standard SAN fabric topology design − A custom SAN fabric topology design TIP: HP SAN design rules are explored in the SAN Design Guide available at: http://www.hp.com/go/sandesign 105 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. HP SAN Design Reference Guide 106 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. SAN fabric topology overview Single-switch fabric Cascaded fabric Meshed fabric Ring fabric Core-edge fabric 107 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Single-switch fabric The smallest SAN, consists of: • A Fibre Channel switch • A storage system • A server The benefits of a single-switch fabric include: • Easy installation and configuration of servers and storage • Maximum fabric performance because all communicating devices connect to the same switch • Support for local, centralized, and distributed data access needs 108 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Cascaded fabric Cascading enables you to: • Achieve optimum I/O activity by connecting servers and storage to the same switch in a cascaded fabric • Easily scale the fabric over time by adding cascaded switches The benefits of a cascaded fabric include: • The ability to connect SANs in diverse geographic locations • Ease of scalability for increased server and storage connectivity • Shared backup and management support • Optimum local performance when communicating devices are connected to the same switch in the cascaded fabric • Cost efficiency resulting from the large number of available switch ports • Support for local data access and the occasional centralized data © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. 109access Meshed fabric Built on top of a group of switches, uses multiple ISLs for fabric resiliency • If one ISL fails, data is automatically rerouted through an alternate path in the fabric The benefits of a meshed fabric include: • The ability to meet multiple data access needs • Multiple paths for internal fabric resiliency • Ease of scalability • Shared backup and management support • Less impact on performance from intra-switch traffic 110 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. ISL connections in a meshed fabric 111 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Ring fabric A ring of interconnected switches that enables you to: • Scale the fabric in a modular fashion • Achieve optimum I/O performance by connecting a group of servers and storage to one switch The benefits of a ring fabric include: • Modular design and ease of scalability by adding a switch and other devices • Multiple paths for internal fabric resiliency • Support for a mix of local data access and the occasional centralized data access 112 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Ring fabric with satellite switches 113 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Core-edge fabric (1 of 2) HP recommends using a core-edge fabric wherever possible • A core-edge fabric has one or more Fibre Channel switches (called core switches) that connect to the edge switches in the fabric The core-edge fabric is optimal for: • Many-to-many connectivity environments that require high performance • Unknown or changing I/O traffic patterns • SAN-wide storage pooling Core-edge fabric (typical depiction) 114 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Core-edge fabric (2 of 2) Core-edge fabric topologies can be depicted hierarchically • The physical implementation is typically the same as in the depiction The benefits of a core-edge fabric include: • Typically, a maximum of two hops between switches • Equal, centralized access to the devices in the core Core-edge fabric (hierarchical depiction) • Increased fabric and switch redundancy with two or more switches in the core • Full many-to-many connectivity with evenly distributed bandwidth • Support for centralized and distributed data access • The ability to designate an optimally located core switch as the primary management switch, with direct connections to all switches 115 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Topology data access Local (one-to-one) • Data access between a local server and a storage system connected to the same switch Centralized (many-to-one) • Data access between multiple, dispersed servers and one centrally located storage system Distributed (many-to-many) • Data access between multiple, dispersed servers and storage systems 116 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data access performance by SAN fabric topology 117 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Topology maximums • The maximum number of supported switches and ports for specific fabric topologies can vary. • The number of switches and ports depends on: − The number of hops in the fabric topology − The number of ISLs • Consider the following: − User ports are for servers and storage. − It is assumed that you have the minimum number of ISLs. • If you require more ISLs, this reduces the number of user ports available for server and storage connections. − If you connect a Storage Management Appliance to the fabric, this further reduces the number of ports available for server and storage connections. 118 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. B-series switch and port topology maximums 119 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. C-series switch and port topology maximums 120 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. H-series switch and port topology maximums 121 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data availability The data availability level required for your SAN environment is based on: • The administrative requirements − Examples: Backup schedules, operating procedures, and staffing • The protection level for applications or data • The hardware redundancy Data availability is arranged in 4 levels: • Level 1: Single-connectivity fabric • Level 2: Single resilient fabric • Level 3: Single resilient fabric with multiple device paths • Level 4: Multiple fabrics and device paths (NSPOF) 122 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Single-connectivity fabric Level 1 • Maximum connectivity • No fabric resiliency or redundancy • Each switch has one path to other switch or fabric • Each server or storage system has one path to the fabric 123 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Single resilient fabric Level 2 • Provides fabric path redundancy by using multiple ISLs between switches • Each server and storage system has one path to the fabric • There is no interruption in I/O activity in the event of a switch port or ISL failure 124 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Single resilient fabric with multiple device paths Level 3 • Provides multiple server and storage system paths to the fabric to increase availability • There is no interruption of I/O in the event of a switch, server HBA, or storage system path failure IMPORTANT: HP recommends that each server HBA and each storage system has a path to a different switch to increase availability. 125 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Multiple fabrics and device paths (NSPOF) Level 4 • Provides multiple data paths between servers and storage systems, but the paths connect to physically separate fabrics • Provides the highest availability and no single point of failure (NSPOF) protection • Minimizes the vulnerability to fabric failures • Using two fabrics might increase the implementation costs, but it also increases the total number of available ports 126 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Data availability level considerations 127 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only. Thank you © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential – For training purposes only.