Storage School II

Building your storage network

Storage School II:Building your storage network

Presented by Stephen Foskett

Director of the Data Practice

Contoural

sfoskett@contoural.com

www.contoural.com

Even if you have a firm grasp on the basics, some more advanced storage terms and concepts can be

confusing.

We will discuss the various SAN topologies, including the emerging concept of virtualization.

Next we’ll talk about ways to overcome the risks of consolidating storage. We’ll finish off with a

discussion of SAN and data management.

Throughout the session, the focus is on building a comprehension of storage concepts rather than the

technicalities of specific products.

What I Assume You Know

• A bit of history and context

• Five Important Concepts:• Storage outside the computer

• Blocks and files

• The importance of SCSI

• What RAID is and why it’s important

• The three kinds of storage arrays

BY THE END OF THE SESSION, YOU’LL KNOW THE FOLLOWING:

• Evolution of SAN topologies• SAN islands, cascade, ring, mesh, core-edge, collapsed• Collocated and virtualized

• Mitigating consolidation risks• Designing for high availability• Segmenting the SAN• Security concepts

• Managing the SAN• Device management• Data management

Fibre Channel Started the SAN Revolution

• Fibre Channel replaced SCSI in open systems enterprise storage in the mid 1990s, allowing many-to-many networks of block storage…

• …But the first SANs were small and served merely to “fan out” from one storage array to multiple servers

• The resulting “SAN islands” remain common today

Interconnected SAN Islands Came Next

• Organic evolution of SAN was made possible by inter-switch links (ISLs)• Cascades became rings; both scaled badly• All switches were of equal importance –

servers and storage systems were connected to any switch with free ports

• Architects became concerned about “hops”

• Meshed fabric reduced hops but still failed to scale to desired fabric sizes• ISLs began to take up a significant portion

of the available ports

Core-Edge SANs Deliver the Goods

• In this decade, SANs finally adopted core-edge topology for scalability• True core-edge SANs guarantee the

number of hops with servers on one edge and storage on another

• Large “director-class” switches enable massive port counts and truly scalable SANs with thousands of ports

• Large SANs allow more flexibility• Standardized “utility” service offerings• Greater access to storage leads to

better utilization, lower average cost, and access to features like replication

…But Not Everyone Needs a Massive SAN

• Storage devices can also be moved to the core - a “collapsed core” SAN• This reduces the number of hops and

switches

• “Collocation” mixes storage and servers at the edge• Best effort is made to keep storage

close to servers for low hop counts• Can prove difficult to maintain as

devices are added and removed

Mixing Fibre Channel, iSCSI, and NAS

• Selecting equipment is not an either/or proposition• Most storage arrays support two or three of the main

protocols: Fibre Channel, iSCSI, and NAS

• You can also add a protocol to an existing SAN• Heads, gateways, and routers are available to translate FC,

SCSI, and iSCSI storage into iSCSI or NAS

• The choice: buy an integrated system or add on? • Purchasing a single type of disk gives flexibility and

discounts that part of the total cost• An integrated array is less complex and expensive overall

than adding another layer to the storage environment

Virtualization Is the Next SAN Revolution

• We’ve been talking about storage virtualization for 15 years!

• Virtualization exists for both block and file storage networks

• Can be located in server-based software, on network-based appliances, SAN switches, or integrated with the storage array

• Can sit in-band or out of the data path

Software

SwitchAppliance

Array

The Verdict on Virtualization

• Virtualization promises flexibility…• New storage can be added to a common “pool”• Data can be migrated without impacting server access

• …But it’s not common yet!• Users are concerned about performance and scalability

and vendor or product lock-in• Mostly used for data migration today

• Recommendation: Wait for virtualization to mature and catch up to your infrastructure• This technology will soon be integrated everywhere – you’ll

be using it in 5 years whether or not you choose to

Increased Consolidation Leads to Fear of Risk

• As SANs become larger, the impact of outages becomes more widespread• Not just an academic concern – hardware failures,

configuration mistakes, and other accidents do happen• Not just a storage problem: “consolidation risk” is

inevitable as distributed systems become centralized

• Storage is at the bottom of the stack• Outages are not tolerated by server, OS, or application

• Risk mitigation involves design, technology, management practices, and security

Failover

Designing For High Availability

• Connect all production servers to dual redundant SANs• This is so common for production

systems that we sometimes forget to mention it…

• Multipathing software is provided by storage and OS vendors

• Software gives servers multiple paths to their storage• Failover allows continuous access• Load balancing increases performance

Dual redundant SAN

Load balancing

Segmenting the SAN

• SANs are commonly segmented to prevent access conflicts…• Fibre Channel zoning restricts traffic across switch ports• Modern switches allow greater segmentation, creating

“virtual SANs” (FC VSAN/LSAN and Ethernet VLAN)• Array target or LUN masking restricts access by server or

HBA for both Fibre Channel and iSCSI

• …But segmentation isn’t totally secure• Administrators still have complete access• One segment’s traffic can use resources needed by another

Masks and Zones

• Zoning restricts access in a Fibre Channel switch• Port zoning: “this port can talk to that port”• WWN zoning: “the HBA with this name can talk to the port

with that name”• Soft zoning restricts visibility; hard zoning restricts traffic

• Masking restricts access in a storage array• Fibre Channel LUN masking restricts access by WWN or

advanced FCPAP authentication• Masking in iSCSI can use initiator name, MAC address, IP

address, or advanced CHAP authentication

Securing the SAN

• Three security topics to consider: Confidentiality, integrity, accessibility

• Storage security is problematic• Reliance on eggshell model and security through obscurity• Access control and encryption are rarely used• Management interfaces are often overlooked

• Take these minimal steps when designing a SAN• Don’t assume the bad guys can’t get in• Use authentication for LUN access especially with iSCSI• Secure your management LAN with firewalls and VPNs

Managing the SAN

• A wide variety of tools are available for SAN and device management• Array and switch management software typically comes

from the vendor• Many options are available for operations and alerting

• Find software that supports your management processes, not the other way around• Ask who will use it, what their job function is, and what

they need from management software• Don’t get distracted by functions and features – the

software has to help you get your job done

Managing Data• Storage managers need to start focusing on

content rather than infrastructure• Modern hardware and software creates storage

infrastructure that works – but what can you do to better support the business?

• Data accumulation is reaching a crisis point

• IT must reach out to the business• Develop retention policies and defined data classes• Develop a data identification and classification system• Investigate the next wave of SRM software with data

classification features

• Data management is the next big storage topic

Questions?

• Audience Q&A: 10-15 minutes

• Contact me at sfoskett@contoural.com

• Come talk to me after the session or at lunch

• I'll be available at the Ask-the-Expert booth today and tomorrow from 5 PM to 6 PM

For More Information

• Contact me:• Stephen Foskett – sfoskett@contoural.com

• Visit SearchStorage.com and read Storage magazine

• Get SNIA’s "Network Storage Terms and Acronyms" book

• Ask others here at the show or at user groups• Storage Networking User Group (SNUG)

• http://storagenetworking.org• Association of Storage Networking Professionals (ASNP)

• http://asnp.org

• Ask the vendors (really!)