Upload
stephen-foskett
View
1.129
Download
0
Tags:
Embed Size (px)
Citation preview
Storage School II
Building your storage network
Storage School II:Building your storage network
Presented by Stephen Foskett
Director of the Data Practice
Contoural
www.contoural.com
Even if you have a firm grasp on the basics, some more advanced storage terms and concepts can be
confusing.
We will discuss the various SAN topologies, including the emerging concept of virtualization.
Next we’ll talk about ways to overcome the risks of consolidating storage. We’ll finish off with a
discussion of SAN and data management.
Throughout the session, the focus is on building a comprehension of storage concepts rather than the
technicalities of specific products.
What I Assume You Know
• A bit of history and context
• Five Important Concepts:• Storage outside the computer
• Blocks and files
• The importance of SCSI
• What RAID is and why it’s important
• The three kinds of storage arrays
BY THE END OF THE SESSION, YOU’LL KNOW THE FOLLOWING:
• Evolution of SAN topologies• SAN islands, cascade, ring, mesh, core-edge, collapsed• Collocated and virtualized
• Mitigating consolidation risks• Designing for high availability• Segmenting the SAN• Security concepts
• Managing the SAN• Device management• Data management
Fibre Channel Started the SAN Revolution
• Fibre Channel replaced SCSI in open systems enterprise storage in the mid 1990s, allowing many-to-many networks of block storage…
• …But the first SANs were small and served merely to “fan out” from one storage array to multiple servers
• The resulting “SAN islands” remain common today
Interconnected SAN Islands Came Next
• Organic evolution of SAN was made possible by inter-switch links (ISLs)• Cascades became rings; both scaled badly• All switches were of equal importance –
servers and storage systems were connected to any switch with free ports
• Architects became concerned about “hops”
• Meshed fabric reduced hops but still failed to scale to desired fabric sizes• ISLs began to take up a significant portion
of the available ports
Core-Edge SANs Deliver the Goods
• In this decade, SANs finally adopted core-edge topology for scalability• True core-edge SANs guarantee the
number of hops with servers on one edge and storage on another
• Large “director-class” switches enable massive port counts and truly scalable SANs with thousands of ports
• Large SANs allow more flexibility• Standardized “utility” service offerings• Greater access to storage leads to
better utilization, lower average cost, and access to features like replication
…But Not Everyone Needs a Massive SAN
• Storage devices can also be moved to the core - a “collapsed core” SAN• This reduces the number of hops and
switches
• “Collocation” mixes storage and servers at the edge• Best effort is made to keep storage
close to servers for low hop counts• Can prove difficult to maintain as
devices are added and removed
Mixing Fibre Channel, iSCSI, and NAS
• Selecting equipment is not an either/or proposition• Most storage arrays support two or three of the main
protocols: Fibre Channel, iSCSI, and NAS
• You can also add a protocol to an existing SAN• Heads, gateways, and routers are available to translate FC,
SCSI, and iSCSI storage into iSCSI or NAS
• The choice: buy an integrated system or add on? • Purchasing a single type of disk gives flexibility and
discounts that part of the total cost• An integrated array is less complex and expensive overall
than adding another layer to the storage environment
Virtualization Is the Next SAN Revolution
• We’ve been talking about storage virtualization for 15 years!
• Virtualization exists for both block and file storage networks
• Can be located in server-based software, on network-based appliances, SAN switches, or integrated with the storage array
• Can sit in-band or out of the data path
Software
SwitchAppliance
Array
The Verdict on Virtualization
• Virtualization promises flexibility…• New storage can be added to a common “pool”• Data can be migrated without impacting server access
• …But it’s not common yet!• Users are concerned about performance and scalability
and vendor or product lock-in• Mostly used for data migration today
• Recommendation: Wait for virtualization to mature and catch up to your infrastructure• This technology will soon be integrated everywhere – you’ll
be using it in 5 years whether or not you choose to
Increased Consolidation Leads to Fear of Risk
• As SANs become larger, the impact of outages becomes more widespread• Not just an academic concern – hardware failures,
configuration mistakes, and other accidents do happen• Not just a storage problem: “consolidation risk” is
inevitable as distributed systems become centralized
• Storage is at the bottom of the stack• Outages are not tolerated by server, OS, or application
• Risk mitigation involves design, technology, management practices, and security
Failover
Designing For High Availability
• Connect all production servers to dual redundant SANs• This is so common for production
systems that we sometimes forget to mention it…
• Multipathing software is provided by storage and OS vendors
• Software gives servers multiple paths to their storage• Failover allows continuous access• Load balancing increases performance
Dual redundant SAN
Load balancing
Segmenting the SAN
• SANs are commonly segmented to prevent access conflicts…• Fibre Channel zoning restricts traffic across switch ports• Modern switches allow greater segmentation, creating
“virtual SANs” (FC VSAN/LSAN and Ethernet VLAN)• Array target or LUN masking restricts access by server or
HBA for both Fibre Channel and iSCSI
• …But segmentation isn’t totally secure• Administrators still have complete access• One segment’s traffic can use resources needed by another
Masks and Zones
• Zoning restricts access in a Fibre Channel switch• Port zoning: “this port can talk to that port”• WWN zoning: “the HBA with this name can talk to the port
with that name”• Soft zoning restricts visibility; hard zoning restricts traffic
• Masking restricts access in a storage array• Fibre Channel LUN masking restricts access by WWN or
advanced FCPAP authentication• Masking in iSCSI can use initiator name, MAC address, IP
address, or advanced CHAP authentication
Securing the SAN
• Three security topics to consider: Confidentiality, integrity, accessibility
• Storage security is problematic• Reliance on eggshell model and security through obscurity• Access control and encryption are rarely used• Management interfaces are often overlooked
• Take these minimal steps when designing a SAN• Don’t assume the bad guys can’t get in• Use authentication for LUN access especially with iSCSI• Secure your management LAN with firewalls and VPNs
Managing the SAN
• A wide variety of tools are available for SAN and device management• Array and switch management software typically comes
from the vendor• Many options are available for operations and alerting
• Find software that supports your management processes, not the other way around• Ask who will use it, what their job function is, and what
they need from management software• Don’t get distracted by functions and features – the
software has to help you get your job done
Managing Data• Storage managers need to start focusing on
content rather than infrastructure• Modern hardware and software creates storage
infrastructure that works – but what can you do to better support the business?
• Data accumulation is reaching a crisis point
• IT must reach out to the business• Develop retention policies and defined data classes• Develop a data identification and classification system• Investigate the next wave of SRM software with data
classification features
• Data management is the next big storage topic
Questions?
• Audience Q&A: 10-15 minutes
• Contact me at [email protected]
• Come talk to me after the session or at lunch
• I'll be available at the Ask-the-Expert booth today and tomorrow from 5 PM to 6 PM
For More Information
• Contact me:• Stephen Foskett – [email protected]
• Visit SearchStorage.com and read Storage magazine
• Get SNIA’s "Network Storage Terms and Acronyms" book
• Ask others here at the show or at user groups• Storage Networking User Group (SNUG)
• http://storagenetworking.org• Association of Storage Networking Professionals (ASNP)
• http://asnp.org
• Ask the vendors (really!)