CMR USN

INSTITUTE OF
TECHNOLOGY
Improvement Assessment Test – NOV.2015

Sub: Storage Area Networks Code: 10IS765

14/ 11/ 90 Max
Sem: VIIA&B Branch: ISE
Date: 15 Duration: mins Marks: 50

Scheme and Solution

1. Define Single point failure. How to resolve single point failure?
Single point failure – 5marks, Fault tolerance-5 marks

Single Point of Failure

 A single point of failure refers to the failure of a component that can terminate the
availability of the entire system or IT service.
 The possibility of a single point of failure in a system with various components:
server, network, switch, and storage array.
 The figure depicts a system setup in which an application running on the server
provides an interface to the client and performs I/O operations.
 The client is connected to the server through an IP network, the server is
connected to the storage array through a FC connection, an HBA installed at the
server sends or receives data to and from a storage array, and an FC switch
connects the HBA to the storage port.

Fault Tolerance
 To mitigate a single point of failure, systems are designed with redundancy, such that
the system will fail only if all the components in the redundancy group fail.
 This ensures that the failure of a single component does not affect data availability.
 Data centers follow stringent guidelines to implement fault tolerance.
 Careful analysis is performed to eliminate every single point of failure.
 All enhancements in the infrastructure to mitigate single points of failures are
emphasized:
 Configuration of multiple HBAs to mitigate single HBA failure.
 Configuration of multiple fabrics to account for a switch failure.
 Configuration of multiple storage array ports to enhance the storage array’s availability.
 o RAID configuration to ensure continuous operation in the event of disk failure.
o Implementing a storage array at a remote site to mitigate local site failure.

2. Explain the concept of Backup using NAS Environments.

Diagram- 3 marks, Explaination-6 marks
Backup in NAS Environments
 The use of NAS heads imposes a new set of considerations on the backup and
recovery strategy in NAS environments.
 NAS heads use a proprietary operating system and file system structure
supporting multiple file-sharing protocols.
 In the NAS environment, backups can be implemented in four different ways:
server based, server less, or using Network Data Management Protocol
(NDMP) in either NDMP 2-way or NDMP 3-way.
 In application server-based backup, the NAS head retrieves data from storage
over the network and transfers it to the backup client running on the
application server.
 The backup client sends this data to a storage node, which in turn writes the
data to the backup device.
 This results in overloading the network with the backup data and the use of
production (application) server resources to move backup data.
 In server less backup, the network share is mounted directly on the storage
node.
 This avoids overloading the network during the backup process and eliminates
the need to use resources on the production server.
 In NDMP, backup data is sent directly from the NAS head to the backup
device, while metadata is sent to the backup server In this model, network
traffic is minimized by isolating data movement from the NAS head to the
locally attached tape library.
 Only metadata is transported on the network.
 This backup solution meets the strategic need to centrally manage and control
distributed data while minimizing network traffic.
 Figure: Server-based backup in NAS environment

3. Explain the process of Object Storage and Retrieval in CAS.

Steps- 6 marks, Example -4 marks
 Application programming interface (API):
 Access profile
 Virtual pools.
 Binary large object (BLOB
 Content address (CA)
 A unique number is calculated from the sequence of bits that constitutes file
content. If even a single character changes in the file, the resulting CA is different.
A hash output, also called a digest, is a type of fingerprint for a variable-length
data file. This output represents the file contents and is used to locate the file in a
CAS system. The digest can be used to verify whether the data is authentic or has
changed because of equipment failure or human intervention. When a user tries to
retrieve or open a file, the server sends the CA to the CAS system with the
appropriate function to read the file. The CAS system uses the CA to locate the
file and passes it back to the application server.
 C-Clip
 C-Clip Descriptor File (CDF)
 4. Explain the storage array based local replication.
Full-Volume Mirroring-3 marks, Pointer-Based, Full-Volume Replication -4 marks, Pointer-
Based Virtual Replication -4marks

Storage Array–Based Replication

 In storage array-based local replication, the array operating environment
performs the local replication process.
 The host resources such as CPU and memory are not used in the replication
process.
 Consequently, the host is not burdened by the replication operations.
 The replica can be accessed by an alternate host for any business operations.
 In this replication, the required number of replica devices should be selected on
the same array and then data is replicated between source-replica pairs.
 A database could be laid out over multiple physical volumes and in that case all
the devices must be replicated for a consistent PIT copy of the database.

Full-Volume Mirroring
 In full-volume mirroring, the target is attached to the source and established as a
mirror of the source.
 Existing data on the source is copied to the target. New updates to the source are
also updated on the target.
 After all the data is copied and both the source and the target contain identical
data, the target can be considered a mirror of the source.
 While the target is attached to the source and the synchronization is taking place,
the target remains unavailable to any other host. However, the production host can
access the source.
 After synchronization is complete, the target can be detached from the source and
is made available for BC operations.

Pointer-Based, Full-Volume Replication

 An alternative to full-volume mirroring is pointer-based full-volume replication.
 Like full-volume mirroring, this technology can provide full copies of the source
data on the targets.
  Unlike full-volume mirroring, the target is made immediately available at the
activation of the replication session.
 Hence, one need not wait for data synchronization to, and detachment of, the
target in order to access it.

Pointer-Based Virtual Replication

 In pointer-based virtual replication, at the time of session activation, the target
contains pointers to the location of data on the source.
 The target does not contain data, at any time.
 Hence, the target is known as a virtual replica.
 Similar to pointer-based full-volume replication, a protection bitmap is created for
all data on the source device, and the target is immediately accessible.
 Granularity can range from 512 byte blocks to 64 KB blocks or greater.
 When a write is issued to the source for the first time after session activation,
original data at that address is copied to a predefined area in the array.

5. Explain the storage array based remote replication with any three modes.
Synchronous Replication Mode-3 marks, Asynchronous Replication Mode-3 marks
Disk-Buffered Replication Mode-4 marks

 In storage array-based remote replication, the array operating environment and

resources perform and manage data replication.
 This relieves the burden on the host CPUs, which can be better utilized for
running an application.
 A source and its replica device reside on different storage arrays.
 In other implementations, the storage controller is used for both the host and
replication workload.
 Data can be transmitted from the source storage array to the target storage array
over a shared or a dedicated network.
 Replication between arrays may be performed in synchronous, asynchronous, or
disk-buffered modes.
 Three-site remote replication can be implemented using a combination of
synchronous mode and asynchronous mode, as well as a combination of
synchronous mode and disk-buffered mode.

Synchronous Replication Mode

 In array based synchronous remote replication, writes must be committed to the
source and the target prior to acknowledging “write complete” to the host.
 Additional writes on that source cannot occur until each preceding write has been
completed and acknowledged.
Asynchronous Replication Mode
 In array-based asynchronous remote replication mode, a write is committed to the
source and immediately acknowledged to the host.
 Data is buffered at the source and transmitted to the remote site later.
 The source and the target devices do not contain identical data at all times.
 The data on the target device is behind that of the source, so the RPO in this case
is not zero. Similar to synchronous replication, asynchronous replication writes
are placed in cache on the two arrays and are later de-staged to the appropriate
disks.

Disk-Buffered Replication Mode

 Disk-buffered replication is a combination of local and remote replication
technologies.
 A consistent PIT local replica of the source device is first created.
 This is then replicated to a remote replica on the target array.
 At the beginning of the cycle, the network links between the two arrays are
suspended and there is no transmission of data.
 6. Describe the network infrastructure used remote replication.
DWDM-5marks, SONET-5 Marks

For remote replication over extended distances, optical network technologies such as
dense wavelength division multiplexing (DWDM), coarse wavelength division
multiplexing (CWDM), and synchronous optical network (SONET) are deployed.
DWDM
 DWDM is an optical technology by which data from different channels are carried
at different wavelengths over a fiber-optic link.
 It is a fiber-optic transmission technique that uses light waves to transmit data
parallel by bit or serial by character.
 It integrates multiple light waves with different wavelengths in a group and directs
them through a single optical fiber.
 The multiplexing of data from several channels into a multicolored light stream
transmitted on a single optical fiber has opened up the conventional optical fiber
bandwidth by breaking it into many channels, each at a different optical
wavelength.
 Each wavelength can carry a signal at a bit rate less than the upper limit defined
by the electronics; typically up to several gigabits per second.

SONET
 SONET (synchronous optical network) is a network technology that involves
transferring a large payload through an optical fiber over long distances time within
the optical fiber.
 SONET multiplexes data streams of different speeds into a frame and sends them
across the network.
 The European variation of SONET is called synchronous digital hierarchy (SDH).
 SONET/SDH uses generic framing procedure (GFP) and supports the transport of
both packet-oriented (Ethernet, IP) and character-oriented (FC) data.
 7. a) List and explain the attributes of Storage security frame work.
List- 1 marks, Explanation -5 marks
 Accountability service: Refers to accounting for all the events and operations that
takes place in data center infrastructure
 Confidentiality service: Provides the required secrecy of information and ensures
that only authorized users have access to data. Data in transit and at rest can be
encrypted to maintain its confidentiality. In addition to restricting unauthorized users
from accessing information, confidentiality services also implement traffic flow
protection measures as part of the security protocol..
 Integrity service: Ensures that the information is unaltered. The objective of the
service is to detect and protect against unauthorized alteration or deletion of
information.
 Availability service: This ensures that authorized users have reliable and timely
access to data.. Availability services are also implemented on communication systems
used to transmit information among computers that may reside at different locations.

b) List and explain the key elements of Risk Triad.

List- 1 mark, Explanation-4 marks

Assets
 Information is one of the most important assets for any organization.
 Other assets include hardware, software, and the network infrastructure required to
access this information.

Threats
 Threats are the potential attacks that can be carried out on an IT infrastructure.
 These attacks can be classified as active or passive.
 Passive attacks are attempts to gain unauthorized access into the system.

Vulnerability
 The paths that provide access to information are the most vulnerable to potential
attacks. Each of these paths may contain various access points, each of which
provides different levels of access to the storage resources.
 It is very important to implement adequate security controls at all the access points on
an access path.
 8. Explain the SAN security architecture and SAN security mechanisms.
Architecture -3 marks, Security Mechanism- 3 marks, Zoning -$ marks
Storage networking environments are a potential target for unauthorized access, theft, and
misuse because of the vastness and complexity of these environments. Therefore, security
strategies are based on the defense in depth concept, which recommends multiple
integrated layers of security.

LUN Masking and Zoning

Switch-wide and Fabric-wide Access Control
Logical Partitioning of a Fabric: Virtual SAN

Zone A (Authentication at the Management Console)

Zone B (Firewall)
Zone C (Access Control
Switch)
Zone D (ACL and Zoning
Zone E (Switch to Switch/
Zone F (Distance Extension
Zone G (Switch-Storage)