Professional Documents
Culture Documents
Network
Technologies
March 2016
IMPORTANT: When referring to SCSI disks, you need to know specific details about the interface type and signaling method.
NOTICE: Ultra640 standard reached the limits of speed/cable lengths, that made it impractical for more than two devices.
Most manufacturers skipped over Ultra640 for Serial Attached SCSI instead.
– SAS uses the full-duplex architecture, effectively doubling the transfer speeds
– The current SAS standard provides speed of 12 Gb/s, with a maximum theoretical speed of 16 Gb/s
– The maximum number of attached devices is 128 (compared to 16 for Parallel SCSI)
– A single SAS domain can address up to 65,535 devices using a fanout expander
– The MTBF is increased to 1.6 million hours
Expander
Edge
Disk Drives
Expander
Expander
Edge
Edge
Disk Drives SAS
SATA SAS
Expander
Expander
Edge
Edge
Disk Drives
SAS SATA
Disk Drives
Value State
0 Programmed
1 Erased
Value State
00 Fully programmed
01 Partially programmed
10 Partially erased
11 Fully erased
– On high-end SSDs, it is possible to over-provision by 25% above the stated storage capacity
– Distributes the total number of reads and writes across a larger population of NAND blocks and pages
over time
– The SSD controller gets additional buffer space for managing page writes and NAND block erases
Allocated &
Data Volume B
Unused
Volume A
Data Data Volume A
Traditional Thin
Allocation Provisioning
Storage
HPE 3PAR
StoreServ 7000
FC-4
Fibre Channel
FC-3 Services
FC-2
FCoE
CEE
Ethernet
Physical
What is NPIV?
– N_Port ID Virtualization (NPIV) is an industry-standard Fibre Channel protocol that provides a means to
assign multiple Fibre Channel addresses on the same physical link.
– NPIV makes a single Fibre Channel port appear as multiple virtual ports, each having its own N_Port ID
and virtual WWN.
– HPE offers an NPIV-based Fibre Channel interconnect option for server blades called Virtual Connect.
NPIV allows a single HBA, called an “N_Port,” to register multiple World Wide Port Names (WWPNs) and
N_Port identification numbers.
Server 1
VC-FC
SAN Switch
FC SAN
Module Fabric
Server 2
Server 3
VC-FC
SAN Switch
Module
Server 16
N-ports
N-ports F-ports F-ports
with NPIV
– MPIO provides load balancing across all installed HBAs (ports) in a server
– There are various load-balancing policies, depending on the multipath software:
– Round robin
– Least I/O
– Least bandwidth
– Shortest queue (requests, bytes, service time)
– Uses redundant physical paths to eliminate single points of failure between servers and storage
– Increases data reliability and availability
– Reduces bottlenecks
– Provides fault tolerance and load balancing
– Two components:
– Drivers developed by Microsoft
– Device-specific modules (DSMs) developed by storage vendors to Microsoft standards
– 24-bit addresses are automatically assigned by the topology to remove the overhead of manual
administration
– Unlike the WWN addresses, port addresses are not built-in
– The switch is responsible for assigning and maintaining the port addresses
– The switch maintains the correlation between the port address and the WWN address of the device
on that port
– The Name server is a component of the fabric operating system running on the switch
Available addresses:
– The Name server stores information about all of the devices in the fabric
– An instance of the Name server runs on every Fibre Channel switch in a SAN
– A switch service that stores names, addresses, and attributes for up to 15 minutes and provides them as
required to other devices in the fabric
– The number of physical ports on the switch is limited to 256 by the number of bits in the Area part of the
Fibre Channel address.
– Director switches, such as Brocade DCX and DCX 4, support Virtual Fabric, where the number of required
ports might easily grow to more than 256.
– To support up to 1,024 ports in a Virtual Fabric, use the 10-bit addressing mode.
– The 10-bit addressing mode uses the 8-bit Area_ID and the borrowed upper 2 bits from the AL_PA portion
of the port ID.
8 bits 8 bits 2 bits 6 bits
– In an arbitrated loop, only one of the three bytes is used byte 0 byte 1 byte 2
– The least significant 8 bits
– Known as the AL_PA
23 16 15 8 7 0
N_Port identifier
– An Arbitrated Loop uses arbitration, and a switched fabric uses flow control to prevent data overruns at the
receiver side.
– Fibre Channel implements a credit-based flow-control mechanism to prevent frame dropping.
– The transmitter (Tx) can send frames in the amount of the buffer-to-buffer (B2B) credits reported by the
receiver (Rx).
– For each packet sent, the Rx port needs to send an R_Rdy (Receiver_Ready, Fibre Channel Primitive)
signal.
– Fibre Channel defines several classes of service (CoS), which can be used by applications to provide the
optimal type of delivery priority and flow control, depending on the type of application data.
– Each CoS uses a connection-oriented, packet-switched, or quality of service (QoS) communication
strategy.
Hard zoning
– A member is identified by its port number
– Known as “hard” zoning
– Enforced by a switch at a hard level
– Soft zoning
– A member is identified by its port WWN
– Known as “soft” zoning
– Enforced by the Name server, which returns filtered
responses to port queries
– The Name server service in the fabric masks the Name server entries that a host should not access.
– When the host logs in to the fabric, it discovers only the unmasked Name server entries.
– Software-enforced zoning has no mechanism that prevents a host from accessing storage.
– Hardware enforcement
– Frame-based
– Session-based
For customers:
– With disjointed storage pools across Fibre Fibre Channel 10GbE IP network
Channel and iSCSI networks (SAN/iQ OS/iSCSI)
Centralized network
– Leverages a single storage architecture for Management
all applications in the enterprise Console
iSCSI
– Standardizing on Ethernet-based technologies FC
clients
– Provides easier migration options when going clients
from Fibre Channel to iSCSI
Peer Motion
– Form factors
– Disk types 43
30
– Different generations 43
30
43
30
– Storage security is the act of protecting the data that resides in the SAN from unauthorized access.
– Security is an Internet Protocol (IP) issue, not a Fibre Channel issue.
– To provide proper protection, all aspects of data security must be addressed.
– On average, more resources are spent on protecting web servers than on protecting SANs.
– SAN security must not be treated separated from the security of other parts of IT infrastructure
such as networking.
– If there is a network security breach, SAN data becomes exposed even if the storage infrastructure
remains intact.
– Risk mitigation includes:
– Identification (authentication)
– Authorization (LUN and tape access permissions)
– Audit
– Encryption (data on disk and tape and data in transit)
Where? How?
Enable authentication for: To prevent unauthorized access:
– User – Use multilevel passwords.
– Management – Use Access Control Lists (ACLs).
– Server – Use centralized access control or Domain
authentication.
– Switch
– The FCS, DCC, and SCC policy members are specified by the device port WWN, the switch WWN,
domain IDs, or switch names, depending on the policy.
Policy name Device port WWN or Switch WWN Domain ID Switch name
Fabric port WWN
– The authentication of devices is an effort expended by a device to ensure the identity of another device
with which it is communicating.
– Levels of authentication:
– None
– Trusting the device address
– Challenging the device to prove its identity
– The Recovery Time Objective (RTO) is the goal for how quickly you need to have your information
available after downtime has occurred.
– The Recovery Point Objective (RPO) describes the point in time to which data must be restored to
successfully resume processing.
RPO RTO
Time
– Physical tapes
– Traditional destination for backup sets
– Shelf life of up to 30 years
– Requires tape library solutions to handle complex backup
environments
– Virtual Tapes
– Replication
– Local
– Remote
– Clustering
Direct backup
– A fast but expensive solution
– Data is backed up to locally attached tape drives
– Complex administration
– Supported transports:
– Fibre Channel
– Ethernet
– Fibre Channel over IP
– High performance
– Used for campus-distance solutions
– Offers low latency and high bandwidth
– Flexible
– Direct or Fibre Channel SANs are supported
– Extended-distance technologies
– Longwave links
– FCIP bridging or routing
2 4
Write request
Only the most
recent data is
Primary Storage copied over, Secondary or
3 “deltas” Backup Storage
Array
Array
Primary
acknowledges
the Host Scheduled or manual resynchronization
A
and Sync targets A’
– The same volume is protected on two arrays.
– One in synchronous mode
Metropolitan distance
– One in asynchronous mode B’ (Source – Sync site) B
– Customers need to replicate the delta changes from one
Source Sync Site,
of the disaster recovery sites in case of a failure
Target 1
– In the case of a failure, a full sync of a volume is not
required
A’
DR Site,
Target 2
Continental distance
(Source, Sync – DR Site)
2 4
Distance &
Geographic
Layout
Availability Performance
Management &
Security
NOTE: HPE SAN design rules are explored in the SAN Design
Guide available at: http://www.hp.com/go/sandesign .
Single-switch fabric
Cascaded fabric
Meshed fabric
Ring fabric
Core-edge fabric
– Local (one-to-one)
– Data access between a local server and a storage system connected to the same switch
– Centralized (many-to-one)
– Data access between multiple, dispersed servers and one centrally located storage system
– Distributed (many-to-many)
– Data access between multiple, dispersed servers and storage systems
– The maximum number of supported switches and ports for specific fabric topologies can vary.
– The number of switches and ports depends on:
– The number of hops in the fabric topology
– The number of ISLs
SAN topology Number of switches Total number of ports Number of user ports
Single-switch fabric 1 512 512
Cascaded fabric
56
Meshed fabric 2,300
Ring fabric 15
2,560
Ring fabric with satellite 1,212
switches 56
Core-edge fabric 2,300
SAN topology Number of switches Total number of ports Number of user ports
Single-switch fabric 1 528 528
Cascaded fabric 3,500
(cascaded with
60 12 Director switches and
10 Fabric switches)
Meshed fabric 4,000
(maximum of 12
Ring fabric 15 Director switches)
Ring fabric with satellite 3,500
switches 60
Core-edge fabric
SAN topology Number of switches Total number of ports Number of user ports
Single-switch fabric 1 20 20
Cascaded fabric 460
30 600
Meshed fabric 512
Ring fabric 15 300 264
Ring fabric with satellite
switches 30 600 462
Core-edge fabric
– The data availability level required for your SAN environment is based on:
– The administrative requirements
– Examples: Backup schedules, operating procedures, and staffing
– The protection level for applications or data
– The hardware redundancy
Level 1
– Maximum connectivity
– No fabric resiliency or redundancy
– Each switch has one path to other switch or fabric
– Each server or storage system has one path to the fabric
Level 2
– Provides fabric path redundancy by using multiple ISLs
between switches
– Each server and storage system has one path to the
fabric
– There is no interruption in I/O activity in the event of a
switch port or ISL failure
Level 3
– Provides multiple server and storage system paths to
the fabric to increase availability
– There is no interruption of I/O in the event of a switch,
server HBA, or storage system path failure
Level 4
– Provides multiple data paths between servers and
storage systems, but the paths connect to physically
separate fabrics
– Provides the highest availability and no single point of
failure (NSPOF) protection
– Minimizes the vulnerability to fabric failures
– Using two fabrics might increase the implementation
costs, but it also increases the total number of available
ports