Storage Networking Design and Management - Session 3

Storage Networking
Design and Management
Section 2: Technology Design Considerations
2007 EMC Corporation. All rights reserved.

Overview
Module 2.1: Storage Area Networks
SAN Technology Overview
Technology Design
FC Protocol layers
Considerations
FC Theory of Operations
SAN Design Principles
Host & Storage Connectivity Principles
SAN Security
Module 2.2: Network Attached Storage
NAS Devices
Network Connectivity SAN NAS Hybrid (IP-SAN)
NAS Performance
NAS Security
NAS Design Considerations
Module 2.3: IP-SAN Hybrid Technologies
Block Level IP-Storage Review
iSCSI
SAN Extension: FCP, FCiP
Name and Discovery Services
Module 2.4: Case Study

Technology Design Considerations
Upon completion of this section, you will be able to:
Describe the role and functions of each layer in the Fibre Channel
protocol stack
Explain fundamental operational constructs, such as:
Classes of Service, Fabric Services, ISLs and routing of traffic, and flow
control mechanisms
Demonstrate detailed knowledge of SAN topology design principles,
and connectivity principles for the host and storage
Describe SAN security features
Identify NAS devices
Explain NAS Topology/Connectivity, NAS Performance, NAS
Security, NAS File Sharing and identify related technologies
Identify block level IP devices and components, topologies and
connectivity, IP-SAN security features

Module 2.1
SAN Technology Design Considerations

SAN Technology Design Considerations
Upon completion of this module, you will be able to:
Describe the role and functions of each layer within the
Fibre Channel protocol stack
Explain fundamental operational constructs, such as:
Classes of Service
Fabric Services
ISLs and routing of traffic
Flow control mechanisms
Demonstrate detailed knowledge of:
SAN topology design principles
Host and storage connectivity principles
Describe SAN security features

Lesson 1: SAN Technology Overview
Upon completion of this lesson, you will be able to:
Describe the fundamental architecture and components
of a Fibre Channel SAN

The SCSI I/O Channel
SCSI is the dominant protocol
Applications
used to communicate between
servers and storage devices in Raw File System
open systems
SCSI I/O channel is a Block Device
half-duplex pipe for SCSI Generic
SCSI CDBs and data TCP/IP
Parallel bus evolution Stack
Bus width: 8, 16 bits
Bus speed: 580 Mhz NIC
Adapter Driver
Throughput: 5320 MBps Driver
Devices/bus: 216 devices
Half-Duplex
Cable length: 1.5m25m Ethernet SCSI Adapter SCSI
A network approach can scale NIC I/O Channel
the I/O channel in many areas SCSI
(length, devices, speed)
SCSI
Ethernet
Initiator
SCSI
SCSI CDB: SCSI Command Descriptor Block Used to Relay Target
SCSI Commands, Parameters, and Status between SCSI
Initiators and SCSI Targets; Typically 6, 10, or 12 Byte Block
FCP: Fibre Channel Protocol
Serial SCSI-3 carried over the Fibre Host System
Channel network transport layer
Initiator
Transport must not jeopardize SCSI
payload (security, integrity, latency) SCSI
Networked I/O channel allows
I/O Channel
Networked
for multiple improvements HBA
Distance limitations greatly increased

Network
High number of addressable devices
24 bit addressing
Theoretical limit: over 15 million
High performance
Channel transport characteristics
Speeds of up to 400 MB/s (1, 2 or 4 GB/s) Target and LUNS

SAN Connectivity Methods
There are three basic
methods of communication
using Fibre Channel Point to Point
infrastructure
Point to point (Pt-to-Pt)
A direct connection between two
devices
Fibre Channel Arbitrated Loop
(FC-AL)
A loop architecture implemented
via a daisy-chain of devices, or
via a hub
Fabric connect (FC-SW)
Multiple devices connected via
switching technologies

Port Types
?NL-Port ?
Tape
Host
Library
NL-Port
Hub
Host
?NL-Port
Host
N-Port
F-Port FL-Port
?
? ?E-Port ?
Switch Switch
F-Port E-Port F-Port
?N-Port
Storage Storage
Array N-Port Array

SAN Physical and Logical Components
Host components
Open Systems HOST
Host Bus Adapters
Drivers Apps
Mgmt Utils
Multipathing DBMS
Filesystem
Volume Manager LVM
Filesystem Multipathing Software
Interconnects Device Drivers
Cables SCSI Controller HBA HBA

Connectors
Switches
SAN security
Zoning SAN
SAN
LUN masking
Storage Resources
Storage Arrays
Tape libraries Storage Arrays
Management System
In-band or out-of-band
Switched Fabric Topologies
Core Edge
Single-Switch
Full Mesh
Lesson 2: Fibre Channel Protocol Layers
Describe the Fibre Channel Protocol stack
Identify primary stack layers
List functions of each layer
Define the data organization primitives
Frames, Sequences and Exchanges
Illustrate data flow between layers

FC Protocol Layers
The standards define a layered communications stack for
Fibre Channel
Similar to the OSI model used for IP
OSI layer # function IP Networking Fibre Channel

telnet, ftp, Upper Layer Protocol:
5-7 application IP, SCSI-3 (FCP) etc.
SCSI-3 (iSCSI)
4 transport TCP, UDP Mapping Layer (FC-4)
Routing (FC-2)
3 network IP, ICMP, IGMP
Flow Control (FC-2)
Encode/decode (FC-1)
2 data link Ethernet, Token Ring Link control services
(FC-2)
1 physical media media (FC-0)

FC Protocol Features
Mechanisms within a SAN depend on FC features
specified by the standards
FC layer Function SAN-relevant features specified by FC layer
FC-4 mapping interface mapping Upper Layer Protocol (e.g. SCSI-3) to FC transport
FC-3 common services functions spanning multiple ports (multicast, striping etc)
FC-2 routing, flow control frame structure, ports, FC addressing, buffer credits
FC-1 encode/decode 8B/10B encoding, bit and frame synchronization
FC-0 physical layer media, cables, connectors

FC4: Mapping Layer
Defines mapping between the Upper Layer Protocol (ULP) and the
layers below
Examples of ULPs for which mappings are defined:
Serial SCSI-3 over FC
IP over FC
HIPPI (High Performance Parallel Interface) over FC
Defines the format and structure of protocol-specific information

being delivered, in the form of Information Units
For example: for SCSI-3, mappings are defined for:
Command Descriptor Blocks (CDBs)
SCSI data
SCSI status
SCSI sense information

FC3: Common Services Layer
Currently provides only for functions that span multiple
ports on a single node or fabric
Supported multi-port functions:
Hunt Group
Provides ability for more than one port to respond to the same alias
Improves efficiency: decreases the chance of reaching a busy N_Port
Striping
Allows for many N_Ports to transmit a single Information Unit in parallel
Increases the achievable bandwidth
Multicast
Simultaneous transmission to multiple receivers
Includes sending to all N_Ports on the Fabric (broadcast), or to only a
subset of the N_Ports

FC2: Transport Layer
The following entities are defined in FC Layer 2:
Fibre Channel Addressing
Structure and organization of data
Frames
Sequences
Exchanges
Fabric Services
Classes of service
Flow control
Routing
Fibre Channel Addressing
FC Address is assigned during Fabric Login

Used for routing frames
Address Format:
24 bit address, dynamically assigned
Contents of the three bytes depend on the type of N-Port
For an N_Port or a public NL_Port:
switch maintains mapping of WWN to FC-Address via the Name Server
FC2 Frame Structure - 1
Frame Header
24 bytes
SOF Frame Header Data Field CRC EOF

4 bytes 24 bytes 0 - 2112 Bytes 4 Bytes 4 Bytes

Payload
0 to 2112 bytes


CRC
4 bytes


Data Organization: Frame, Sequence and Exchange
Transport layer: provides the organizational structure to control and manage transport
FC2 defines the following four tiers for control and management:
Login
Two ports establish a session and exchange parameters
Must be established for I/O operations to take place
Exchange
Composed of one or more sequences
Can be uni-directional or bi-directional
Identified by OX_ID (mandatory) and RX_ID (optional), which are specific fields in the data frame
Allows two fibre channel ports to identify and manage a set of Information Units
An Information Unit signifies a specific operation within the ULP (Upper Layer Protocol, such as SCSI)
An Information Unit maps to a Sequence (defined below)
The Information Unit structure for specific protocols is defined in FC Layer 4
Sequence
A contiguous set of frames that are sent from one port to another
Correspond to an Information Unit as defined by the ULP (Upper Layer Protocol)
Characterized by a SEQ_ID
Each Frame within a Sequence has a unique SEQ_CNT
Frame
The fundamental unit of data transfer at Layer 2
up to 2112 bytes of payload

FC1: Encode / Decode Layer
Controls 8B/10B encoding/decoding rules
At transmitting node:
A) Encodes 8 bit unencoded character to 10 bit transmission character
B) 10 bit character is transmitted to a receiving node
At receiving node:
A) 10 bit character is passed to FC1 layer
B) FC1 layer decodes 10 bit character to original 8 bit character
Defines the following constructs:

Transmission Word: four transmission characters (bytes)
May be: Data Transmission Words or Ordered Sets for control purposes
Ordered Sets provide a means for bit synchronization
Types of Ordered Sets:
Frame Delimiters: Start of Frame (SOF), End of Frame (EOF)
Primitive Signals: Arbitrate (for loops only), IDLE and R_RDY
Primitive Sequences: used for link initialization and error recovery
FC0: Physical Layer
Defines standards for physical connectivity: media,
cables, connectors
Converts signal data to serial data and serial data to
signal data
Protocol runs on optical media or copper
Copper imposes more stringent distance limitations
Standard optical media specifications

Copper Media
Copper is favored over optical media for shorter
distances
Can provide better signal-to-noise ratio for distances up to 30 meters
Widely used for back-end connectivity of storage arrays

to Fibre Channel disk drives

Check Your Knowledge
What are the typical applications for Fibre Channel over
copper versus Fibre Channel over optical media?
Why are Ordered Sets needed?
How does Fibre Channel Layer 2 data transfer between
N_Ports resemble human conversation?
What are the five logical parts of a Fibre Channel frame?
What is the function of each logical part?
Research: Discover and list all ULPs (Upper Layer
Protocols) for which mappings have been defined (to
date), in the FC4 layer.

Lesson 3: Fibre Channel Theory of Operations
Describe connectivity concepts such as fabric reconfiguration and
segmentation
List and describe Classes of Service as defined in the standards
List critical Fabric Services and state their function
Explain how frames are routed within a fabric
Describe ISL trunking, and typical trunking implementations
Explain flow control constructs in Fibre Channel
Detail error detection and recovery in each FC layer

Domain ID of a Switch
In a fabric, every switch (domain) is assigned a unique
identifier called its Domain ID
Domain ID has implications for the following:
Port Zoning, also known as Hard Zoning
Zoning members are of the form {Domain_ID, Port_Number}
Fibre Channel Address for an attached N_Port
The first field of FC Address is the Domain_ID
Domain ID assignment is a two-step process:

One switch is selected to be the Principal switch
Principal Switch assigns Domain IDs to all other (subordinate) switches

Principal Switch: Selection and Role
Selection process for Principal Switch:
A switch indicates preference to become a Principal, via its priority
setting (which is configurable)
If multiple switches contend to become Principal, the one with the
lowest WWN wins
Location of Principal Switch is critical to fabric stability

Principal Switch must notify all subordinate switches about all Fabric
Events

Fabric Segmentation
Segmentation Definition: When two switches are
connected by one or more ISLs, but the fabrics fail to
merge
Possible causes of segmentation:
Domain ID conflict
Attempt to merge switches with distinct, active zonesets

Flow Control: BB_Credit
Buffer-to-Buffer Credit, abbreviated to BB_Credit
Used for hardware-based flow control between port-pairs
N_PortF_Port as well as E_PortE_Port flow control
Credit value is negotiated based on receiving ports capability
R_RDY (defined in the FC1 layer) is used for acknowledgement
Motivation for BB_Credit: to improve link bandwidth use

when signal propagation time is significant

BB_Credit and Long-Distance Links
Fibre Channel links, and therefore fabrics, may span distances beyond a
single data center (100s of km)
Enabling technologies: Singlemode long wave, DWDM, CWDM, etc.
Long-distance links typically dedicated to multi-site Business Continuity applications
Signal propagation delay due to speed-of-light becomes a factor
Round-trip signal propagation time dictates minimum buffer credits needed
BB_Credits usually sized for 100% utilization on long-distance links
Links may be leased lines shared with other subscribers
Links may entail significant recurring costs
Switches at either end must support the minimum required level of BB_Credits

Classes of Service: Class 1, 2 and 3
Applications have differing requirements for:

Reliability of delivery
Bandwidth
Type of routing to be deployed
Fibre Channel standards provide for distinct classes of service
Class 3 is the commonly-used class for data frames between N-ports
Unacknowledged: non-dedicated datagram service
Routing of frames via Fabric Shortest Path First (FSPF)
Classes of Service: Class F
Class F: for traffic related to Fabric Management
Similar to Class 2, but provides notification of non-delivery
Mostly used by E-Ports for fabric control and management traffic

Other Classes of Service (4, 5, 6)
Class 4: Virtual Circuits
For applications that require a portion of available bandwidth to be
dedicated to a device-pair
Similar to Class 1, but multiplexing of frames is allowed
Defines a Virtual Circuit between each device-pair
A Virtual Circuit may have a specified Quality of Service (QoS)
Class 5: Isochronous Service

Guarantees immediate delivery of data, with no buffering
Class 6: Multicast
Efficient frame delivery for single_sourcemultiple_targets
Otherwise similar to Class 1

Fabric Services
Login Service: reserved address FFFFFE
Receives and responds to Fabric Login frames
Node registers with this service by performing a Fabric Login (FLOGI)
Simple Name Server (SNS): reserved address FFFFFC
Maintains tables that correlate WWN Addresses with corresponding FC
Addresses for all logged-in nodes
All switches in the fabric keep the Simple Name Server (SNS) updated, and
have the same view of all logged-in devices
Node registers with this service by performing a Port Login (PLOGI)
During PLOGI, the node passes several parameters to the switch (Class of
Service, WWN address, FC Address, and the ULP that it supports)
Fabric Controller: reserved address FFFFFD
Sends state change notifications (RSCNs) to those nodes that register for it
Registered State Change Notification (RSCN):
Used to propagate information about the change in state of one node to all other
nodes in the fabric
A switch distributes RSCNs (Class F) through the fabric whenever its local
name server database changes
Login Types in a Switched Network
Extended Link Services that are defined in the standards:
FLOGI - Fabric login: N_Port to F_Port
Device sends FLOGI frame with {WWNN, WWPN, parameters} to the login
service at the well-known FC Address 0x FFFFFE
Switch accepts login, returns ACC frame with the assigned FC Address for
the device
PLOGI - Port login: N_Port to N_Port
N_Port establishes a session with another N_Port
Initiator N_Port sends a PLOGI request frame to the target N_Port
Target N_Port returns an accept to the Initiator N_Port
N_Ports exchange service parameters relevant to the session
PRLI - Process login: N_Port to N_Port
Relates to the FC4 ULP (Upper Layer Protocol) that is in use, e.g. FCP
With FCP, N_Ports exchange service parameters related to SCSI-3
information, e.g.
the FC4 type in use (0x08 represents SCSI)
whether the port is a SCSI initiator or target
FCP: SCSI Device Discovery from an Initiator
Fabric Login (FLOGI)
The HBA and Storage Port each perform Storage Array

a Fabric Login using the Login Server
Host
Login Server Storage Port
HBA Name Server Storage Port
HBA Fabric Controller Storage Port
Storage Port

Fan-out and Fan-in - 1
Host 1 Host 2 Host 3 Host 4
Fabric A Fabric B
Fabric
Zones
Storage Array 1 Storage Array 2
Fan-out: Number of server HBAs that share a single storage port

Fan-in: Number of storage ports that a server port (HBA) addresses
Fan-in = 2
Fabric A Fabric B
Fabric
Zones

Fabric A Fabric B
Fabric
Zones
Fan-out = 4

Routing of Frames in a Switched Fabric
Routing algorithm uses a combination of lowest-cost and Fabric
Shortest Path First (FSPF) to determine the route for a node-pair
The route for a given node-pair is static
Recalculated only at each change in topology
ISLs may remain unused
2 2
Host Host 1 3
1 3
4
4
SPF =2,3,4
SPF=1
Storage
Storage
ISLs Without Trunking
Potential problems with the standard routing algorithm:

Load-balancing across the ISLs is static
Ineffective when two very active node-pairs are assigned to the same link
Can result in a condition where some ISLs are saturated, while others are idle
A given node-pair can use only one ISL between a pair of switches
Can limit achievable bandwidth

ISLs With Trunking
Trunking allows multiple ISLs to function as a single

logical ISL
Aggregates bandwidth of all ISLs
Achieves dynamic load-balancing over available links
Note: trunking implementation is highly vendor-specific!

Types of Trunking Implementations
Flow-based Trunking
Just the standard one ISL per node-pair routing allocation
If there is just one active node-pair, only one of the available ISLs can be
effectively in use
Open Trunking
An intelligent variant of flow-based trunking, where the routing tables are
occasionally adjusted based on load monitoring
Algorithm can periodically change the ISL in use for any given node-pair
Exchange-based Trunking
Route is determined at the granularity of one Exchange
Frames with the same {Source_ID, Destination_ID, OX_ID} are routed
through one ISL
Guarantees in-order delivery of frames within a particular Exchange
Can provide load-balancing even when just one node-pair is active

Error Detection and Recovery
FC0 layer:
Errors due to signal quality are detected
Primitive Signals used to re-establish link integrity
FC1 layer:
Checking for invalid transmission characters
FC2 layer:
Frame structure integrates CRC field
Missing frames are detected as follows:
By the receiver, using the SEQ_CNT
By the sender, via the E_D_TOV timeout value
Timeouts configurable on a Fibre Channel switch: E_D_TOV and R_A_TOV
E_D_TOV: based on reasonable expectations of the maximum time for a
Sequence to complete
Typically used value: 2 seconds
R_A_TOV: based on reasonable expectations of the maximum time for an
Exchange to complete
Typically used value: 10 seconds

How does a Principal switch differ from a Subordinate switch?
How does FSPF work?
What is link cost related to?
Which other class of service is most similar to Class 2? How is it
different from Class 2?
What is an RSCN?
How does a FLOGI differ from a PLOGI?
What are the different types of ISL trunking implementations?
Under what topology conditions do you think the BB_Credit value
becomes significant?

Lesson 4: SAN Design Principles
Explain fundamental SAN design principles:
Stability via simple fabric topology design
Influence of switch architecture on connectivity design
Best practices for switch configuration and switch roles
Physical and logical tiers within a topology
Balanced fabrics, mirrored fabrics and application-specific fabrics
ISL design considerations
Fabric consolidation and expansion strategies
Special considerations that apply to heterogeneous fabrics
Sparing for ports and cables
Physical layout and management of optical cabling

Switch Count Per Fabric
Restrict the switch count per fabric
Keep the topology simple!
Large, complex fabric topologies
evolve from need, not from desire
Plan for needed growth in the switch
port count
Newer Switch / Director architectures
provide for highly scalable port-count
within a single switch frame
Bladed design allows for add-on
switch blades with extra ports as
needed
Ports on blade integrate with the fabric
via the backplane
No ISLs needed
With initial investment in a backplane,
fabric can scale up while keeping the
domain count and overall stability
unchanged
Effective Use of Switch Ports
Switch ports may be dedicated or oversubscribed (shared
bandwidth)
Understand the switch architecture
In some blade or switch models, a common ASIC may service 4 to 8
contiguous, shared-bandwidth ports
Make effective use of available port bandwidth
Dedicated switch ports: reserve for storage connectivity and ISLs
Shared-bandwidth ports: reserve for host HBAs
Be aware of locality benefits (if any) within a single ASIC

On some switches, backplane traffic can be avoided by connecting host and
storage to ports that are serviced by the same ASIC
Protect inter-switch connectivity from ASIC or blade failure
Director with multiple blades: configure ISL ports on two separate blades
Departmental switch: configure ISL ports on two separate ASICs
Port Fencing
Use Port Fencing if the switch vendor supports it
Benefits stability and security
Port fencing: a policy-based feature that allows the setting of a
threshold limit on the number of specified port events permitted
during a given time period
When threshold is exceeded on a port, Port Fencing blocks that port by
disabling transmit and receive traffic on it
Types of events that may be specified in fencing policies:
Repeated attempts to establish an ISL via E-Port
This policy prevents disruptive fabric rebuild traffic
F-port that repeatedly exits from an active-link state
This policy eliminates excessive RSCN traffic
After problem resolution, port must be manually unblocked

Policies may need to be customized to suit the environment

Switch Roles and Domain IDs
Principal switch must reside at the logical core of the
fabric
Reduces Class F traffic
In a core/edge fabric, this would be the Core switch or director
Set the Domain IDs, rather than allowing the fabric to set
them
At switch configuration time, specify a preferred domain ID for the
switch that is unique to the entire environment

Physical and Logical Tiers
Minimize physical tiers and
logical tiers
Physical tiers: number of
switches traversed between the
farthest two points in the fabric
What it affects: distance that a
fabric management message
must travel to reach every switch
in the fabric
Logical tiers: number of
switches traversed between a
server HBA and the storage port
it accesses
What it affects: I/O latency from
the hosts point-of-view
Fabric Design Strategies
Balanced fabrics
Mirrored fabrics
Application-specific fabrics

Balanced Fabrics
Balance I/O traffic over:
switches and ISLs in each tier
storage ports of each array
hosts
This rule applies to every

design, regardless of the
chosen topology
Create initial balance based on
understanding of host
workloads
Maintain balance over time
Enables the most efficient use
of fabric resources
Mirrored Fabrics
Deploy mirrored fabric whenever High
Availability is a requirement
Host with two HBAs: connect one HBA to
each fabric
Storage Array: connect multiple ports
from the array to each fabric
Production can survive:
Isolated failure of one component
Total loss of one fabric
Allows for non-disruptive changes in a
live environment
Perform routine maintenance, such as
switch firmware upgrades
Experiment with topology changes
Replace older switching gear, phase in
newer gear without fear of disruption
Application-specific Fabrics
Consider using separate fabrics for applications with differing

requirements
I/O traffic patterns and SLAs may be very different across applications
Not all applications may require High Availability

ISL Layout
Design for predictable ISL traffic
Consider using logical segregation of
I/O traffic
Construct fabric to have multiple
equal, lowest-cost, shortest-path
routes for each host/storage pair
Between any two switches,
provision at least two ISLs
Bladed director: configure the ISL
ports on two different blades
Use the vendor-specific trunking
feature for bandwidth aggregation
across all available ISLs
Non-mirrored fabrics: connect
each switch to at least two other
switches
ISL OverSubscription
Definition: An ISL is oversubscribed
when its bandwidth is less than the
aggregate bandwidth of all Node
Ports that it must service
Design based on rules-of-thumb for
ISL oversubscription:
Validate design against vendor limits for
ISL oversubscription
Host/storage port pairs per ISL
Storage ports serviced per ISL
Design based on known I/O rates

from each host:
Count on no more than 80% of an ISLs
bandwidth capacity
Post-implementation checks
Plan for ISL load monitoring and alerts

Estimating Fibre Channel Link Utilization
I/O load on hosts and storage arrays is typically expressed via two
quantities:
I/O/sec (also known as IOPs); and
Blocksize (typically reported in Kbytes)
Most performance tools on hosts and storage arrays provide the

capability to measure average blocksize, and average and peak
I/O/sec and Mbytes/sec
Maximum I/O throughput capacity of a Fibre Channel link is
computed as follows:

Consolidation: Merging Full-Meshes - 1

Consolidation: Merging Full-Meshes - 2

Expansion: Transforming Mesh to Core-Edge

Expansion: Adding a Connectivity Tier

Consolidation: Merging Core-Edge Fabrics - 1

Consolidation: Merging Core-Edge Fabrics - 2

Deploying Heterogeneous Fabrics
Heterogeneous Fabric: consists of FC switches from more than one
vendor (Brocade, McData, Cisco, Qlogic)
Motivations:
Permanent deployment: Use the best-in-class switching components based
on key differentiating factors (available port speeds, feature-set, pricing)
Transitional deployment: Hot migration from one switch vendor to another
Fabric becomes homogeneous once migration is complete
Investigate inter-operability concerns when considering a multi-

vendor fabric
E-Port compatibility
ISL Trunking across switches from different vendors
Fabric management applications
Supportability

Transitioning to a New Switch Vendor - 1



Optical Patch Panels and Cable Lengths
0.5dB loss 0.4dB loss/ km 0.5dB loss
Each patch panel/connector = 0.5 dB loss

Each kilometer of 9 micron single-mode cable = 0.4 dB
loss
Compute the signal attenuation, and ensure that it is
within the acceptable range!
Sparing of Physical Components
Sparing: leaving some resources unused for convenient
and quick use, e.g. when a failure occurs
Port Sparing
Reserve spare ports on the fabric
For extra ISLs as indicated by post-implementation monitoring
For quick deployment in case of switch port, ASIC or blade failures
For ad-hoc additions of host/storage after implementation, as needed

Optical Cable Layout and Management
Implement cabling best practices
Cable management has become increasingly challenging with
increasing port densities
Use the provided special-purpose cable guides within racks and
director chasses
Deploy standard cable labeling methods
Maintain a cable plant diagram
Sparing in optical cabling

Run multiple cable trunks that are distant from each other
Within a fabric, spread related connections (e.g. ISLs) over multiple
cable trunks
Provision spare cables in each trunk

Other SAN Design Considerations
Specify single-HBA zoning
Each zone contains one HBA and one or more storage ports
Prevents possibility of chatter between host initiators
Develop a back-up strategy for switch configurations and

fabric configurations
Look for relevant features in fabric management applications
Deploy two IP networks or separate IP subnets where

necessary
Strictly needed only when High Availability is a requirement for fabric
management and Fibre Channel connectivity

Factors Influencing SAN Design
Accessibility: via fan-in Scalability
Ability of a host to access any storage Ability to increase the N_port count
arrays as required by the hosts (host or storage ports)
application Scalability of connectivity
Must meet Connectivity requirements Scalability of throughput
Must meet Performance requirements
Consolidation Supportability
Ability to provision and manage all Ease of trouble-shooting
storage resources centrally Ease of repair
Storage device consolidation via fan-out
Consolidation of SAN islands Security
Impact of Security policies on
Availability
Accessibility, Flexibility, and
Planning should include considering a Supportability
variety of failure scenarios
Flexibility Business Continuity
Ability to deploy new storage/hosts, or Accommodate connectivity and
shift existing storage assets without performance requirements of BC
disrupting production applications functions

Lesson 5: Host and Storage Connectivity Principles
Describe core connectivity principles as applied to
Active/Active and Active/Passive storage arrays
List and describe host-specific and array-specific
considerations for SAN connectivity

Active/Active Arrays: High Availability Configuration
Host 1 Host 2
LUN 1 LUN 2 LUN 3 LUN 4
Fabric A Fabric B
Fabric Fabric
Zones Active / Active Array Zones
LUN 1
LUN 2
LUN Map LUN 3 LUN Map
LUN 4

Active/Active Arrays: High Performance Variant
Enterprise-Class Host Server
Fabric A Fabric B
Fabric Zones Fabric Zones

Active / Active Array
LUN 1
LUN 2
LUN 3
LUN Maps LUN 4 LUN Maps

Active/Passive Arrays: High Availability Configuration
Host 1 Host 2
Fabric A Fabric B
Fabric Fabric
Zones Active / Passive Array Zones
SP-A LUN 0
LUN 2
LUN 1
LUN 3
SP-B
Host Considerations: Drivers and Multipathing
Supported HBA model with qualified HBA firmware,
device driver and HBA configuration utilities
Depending on host OS platform, this is supplied by the host vendor
or HBA vendor
Supported interconnect type (FC-AL or FC-SW)

Switched fabric implementations may require explicit support from
the array manufacturer - for a given combination of server model,
OS version, HBA, storage array, and FC switches.
Multipathing software for High Availability hosts

Selected multipathing option should meet the requirements:
Load-balancing and performance
Path failover, failback for the specific storage array(s)
Degree of control over I/O traffic distribution
Host Considerations: Boot from SAN
Boot from SAN: operating system boots via HBA from a
device (LUN) provisioned on a storage array
SAN device hosts the operating system instead of an
internal disk drive
Requires the HBA to be configured
BIOS settings must be changed on the Fibre Channel HBA
Boot support must be enabled
Boot device must be identified {target, LUN}
Moving the OS boot disk to the SAN provides several

benefits:
Patch management and configuration management may be
centralized
Internal drives may be dedicated exclusively to high-speed swap
Servers with Bladed Architecture
Motivation for Blade Servers:
Rapidly increasing server count in data
centers
Need for high-density server racks
Conventional rackmount servers hit a
form-factor limit of 1U (1.75 high) per
server
Cable management problems
Cables needed for one standalone server:
two cables each for IP network, Fibre
Channel and power; and one KVM cable
Blade Server architecture:

Backplane hosting server modules and
I/O modules for connectivity
Up to 16 server blades in a 7U system
Hot-pluggable server modules
A pair of Fibre Channel switch modules
service all server blades in the chassis
Dramatically reduced cable count

Blade Server SAN Connectivity
Blade Servers use mezzanine
cards not HBAs for FC
connectivity
Mezzanine card connects via the
backplane to internal ports on two
installed FC switch modules
Each switch module provides for
one internal port per Blade
FC switch modules in the chassis
take the place of edge switches in
a standard core-edge design
ISLed to core directors
Optical PassThrough Modules
may be used instead of switch
modules
Provide pass-through connectivity of
Blade HBAs to the core director

Array-specific Considerations
Volume presentation capabilities
Open Systems hosts (Windows, Solaris, AIX, Linux)
Volume Set Addressing (HP-UX only)
SCSI-3 persistent reservation support

Some types of host clustering software require this
Fail-over mode
Fail-over handling depends on multipathing software option

Lesson 6: SAN Security
Position SAN security mechanisms within a global data center
security architectural model
List current and emerging standards in SAN security
Describe widely-deployed strategies for security-focused SAN
implementations
List typically available access control mechanisms at various levels:
storage array
Fibre Channel switch port
switch-wide and fabric-wide
host
State benefits of VSANs from a security perspective
List encryption methods in the SAN, and state their benefits and
drawbacks

SAN Security: The Need for Mature Standards
Traditional Fibre Channel SANs
enjoyed a natural security advantage
over IP
Smaller isolated FC networks
Presuppose a smaller, private environment
with fewer nodes
This is changing! Storage consolidation is
driving rapid growth
No single, comprehensive security

solution for SANs
Many SAN security mechanisms have
evolved from counterpart enablers in IP
networking
Security not fully accounted for in early
standards
FC-SP, the first IETF standard for SAN
security, published in 2006

Security Architecture: Defense in Depth

Security Zones and Protection Strategies

Basic SAN Security Mechanisms
Port zoning
Zone member is of the form {Switch_Domain_ID, Port_Number}
Mitigates against WWPN spoofing attacks and route-based attacks
Array-based Volume Access Control

LUN Masking
Implemented on the storage array
Filters the list of LUNS that a HBA can access, based on the HBAs WWPN
S_ID Lockdown (EMC Symmetrix arrays)
Stronger variant of masking
LUN access restricted to HBA with the specified 24-bit FC Address (Source ID)
Motivates the use of a Persistent FCID feature on the fabric
Widely-deployed model in security-conscious environments:

Port Zoning, in conjunction with array-based LUN Masking

Security on FC Switch Ports
Port Binding
Limits devices that can attach to a particular switch port
A node must be connected to its corresponding switch port for fabric access
Mitigates but does not eliminate - WWPN spoofing
Port Lockdown, Port Lockout

Restricts the type of initialization of a switch port
Typical variants include:
Port cannot function as an E-Port; cannot be used for ISL, e.g. to a rogue switch
Port role is restricted to just FL-Port, F-Port, E-Port, or some combination
Persistent Port Disable

Prevents a switch port from being enabled, even after a switch reboot

Switch-wide and Fabric-wide Access Control
Access Control Lists (ACLs)
Implemented on the FC switch
Typically implemented policies may include:
Device Connection Control: specifies which HBAs and storage ports may
be part of the fabric
Prevents unauthorized devices (identified by WWPN) from accessing the fabric
Switch Connection Control: specifies which switches are allowed to be
part of the fabric
Prevents unauthorized switches (identified by WWN) from joining the fabric
Fabric Binding
Prevents unauthorized switch from joining any existing switch in the
fabric
Authorized membership data exists on every switch
Attempt to ISL in a rogue switch causes fabric to segment
Role Based Access Control
Implemented on the Fibre Channel Switch
Specifies which user can have access to which device in
a fabric
Specifies what this user can do on the device
Each user may be assigned a role
Role

Logical Partitioning of a Fabric: VSAN
VSAN: mechanism to divide
a physical topology into
separate logical fabrics
Administrator allocates switch
ports to different VSANs
A switch port (and the HBA or
storage port connected to it) can
be in only one VSAN at a time
Each VSAN has its own distinct
active zoneset and zones
Fabric Events in one VSAN VSAN 2 - ENG VSAN 3 - HR
are not propagated to the
others
Examples: RSCNs, activation of
a changed zoneset
Role-based management
VSAN 10 - IT
can be on a per-VSAN basis
Security on the Host: Persistent Binding of Targets

Host-based LUN Masking

Encryption
Directly addresses the security of the data payload itself
Beyond just access control and perimeter guards
An additional security layer to block attackers
Does not address authentication of the receiver
Where can data be encrypted?
in-flight
Using a secure communication tunnel in the middle of an initiator/target session; or in ISLs
e.g. on a Fibre Channel switch that implements the FCsec protocol
at-rest i.e. on the storage media
Can counter successful attacks on LUN masking, zoning, or E-port security
Implementation methods:
HBA-based encryption
Appliance based encryption
File-based encryption
Limitations and drawbacks of encryption

Does not protect against destruction of the data by a malicious user
Lost or stolen keys: must be addressed with a key management system
Need to assess and alleviate impact on Performance, High Availability

What is Defense in Depth? How is it relevant to SAN Security?
From a historical perspective, how have SAN security requirements
differed from IP security requirements? Why?
What are the most commonly deployed SAN security mechanisms?
How can you prevent a rogue switch from joining a fabric?
How is a VSAN similar to a separate physical fabric? How is it
different?
Why is it inadequate to implement only host-based security
mechanisms such as persistent binding and LUN masking?

Check Your Knowledge: Mini-Case Study 1
Design a SAN to meet host-to-storage connectivity
requirements for three applications as depicted in the
diagram

Check Your Knowledge: Mini-Case Study 1 (Cont.)
Plan for growth beyond initial deployment (Phase 1)
The environment is expected to grow up to 300% over
the next two years
Plan for a final configuration of up to 4x the numbers
stated for all Phase 1 components:
Hosts and HBAs
Storage arrays and storage array ports
Tape libraries and tape library ports

Plan for growth beyond initial deployment (Phase 1)
The environment is expected to grow up to 300% over
the next two years
Plan for a final configuration of up to 4x the numbers
stated for all Phase 1 components:
Hosts and HBAs
Storage arrays and storage array ports
Tape libraries and tape library ports

Design criteria:
Adequate switch port count to accommodate all the hosts and
storage gear in Phase 1
The initial design for fabric(s) should grow easily, with minimal re-
cabling and within availability constraints
Do not overprovision ports, initially or during subsequent phases
The number of unused switch ports should be reasonable and justifiable!
The mission-critical OLTP application cannot provide any
maintenance window for component replacements, upgrades, etc.
There will be a Service Level Agreement (SLA) for each application
stating the performance requirement
Ease of trouble-shooting and bandwidth isolation are critical from an
operational perspective

Available building blocks (switching elements):
16-port standalone switch, with dedicated 2 Gbps bandwidth on every port
32-port standalone switch, with dedicated 2 Gbps bandwidth on every port
Bladed switch with 16 built-in dedicated-bandwidth ports
Switch also provides one spare slot for an add-on blade
Bladed director with no built-in FC ports
Switch provides four usable slots for blades
This particular item is a potential budget-buster; make a compelling case if you
plan to use it!
Available blade options (for use in the bladed switch/director):

16-port module with dedicated bandwidth ports
32-port module with oversubscribed ports
This blade uses 8 ASICs to service 32 ports
Each quad of 4 ports serviced by one ASIC can deliver 2 Gbits/sec aggregate

Describe and justify your design
What is your initial fabric design for Phase 1?
Draw a diagram of the configuration showing the switches, hosts,
storage array and tape library, with all interconnecting cables
Describe your zoning configuration
Critique your design from an ease-of-management perspective
What is your final fabric design to accommodate 4x the current
connectivity?
What is your strategy to transition possibly in phases from your
initial topology to your final topology? Make a case for why this
expansion process will not cause unacceptable disruptions.
State how the SAN design principles presented in this lesson have
influenced your design

Module Summary
Key points covered in this module:
Role and functions of each layer within the Fibre Channel
protocol stack
The fundamental operational constructs of:
Classes of Service
Fabric Services
ISLs and routing of traffic
Flow control mechanisms
SAN topology design principles
Host and storage connectivity principles
SAN security features
Module 2.2
Network Attached Storage (NAS) Overview

Networking Attached Storage (NAS) Overview
Identify NAS Devices
Explain NAS Topology/Connectivity
Describe NAS Performance
Describe NAS Security
Explain NAS File Sharing

Lesson 1: NAS Devices
Describe two common implementations of IP Network
Attached storage devices
Identify NAS device components
Describe NAS connectivity
Describe NAS design considerations

Network Attached Storage
Single-purpose, dedicated file sharing device
NAS appliances have the ability to share a data instance
on multiple application servers
Consolidating data at central location
Replace general-purpose servers
Dedicated File Server over IP Network
Enables clients on a network to store and retrieve files
over the network

NAS Devices
NAS devices are generally categorized into two types
Gateway
Devices are generally connected to their storage arrays via traditional SAN
connectivity and therefore allow the storage arrays to also support general
purpose host connectivity
Integrated
Devices are closely integrated with their back-end storage and generally do not
enable general purpose host connectivity to the storage. i.e. storage is
completely dedicated to NAS functionality
Decision point
Which technology will meet my business needs?
Examples
Consolidation
Storage = Gateway
Management = Integrated
Scalability
Gateway
Initial cost
Integrated

NAS Integrated Devices
NAS Integrated Devices
Provide NAS functionality without
requiring SAN infrastructures
Provide dedicated NAS storage
Provide consolidated NAS and NAS
storage management functionality and
thereby offer greater ease of use
Can provide a lower initial acquisition
and implementation cost
Can provide an interim stage of NAS
storage before upgrade to a Gateway
implementation
Gives a better long-term ROI since the
original hardware can be repurposed

Integrated NAS Device Connectivity
Storage System
IP Network
NAS Head
Management Console
Integrated NAS System

NAS Gateway Devices
Gateway Devices
Integrate into existing SAN
infrastructures
Allow pooling of storage devices by
utilization
Consolidate storage management
efforts by containing all storage within
fewer arrays
Add additional management tasks for
separated NAS and storage
functionality
Improve scalability of NAS and
storage, as well as allowing for
independent scaling
Provide a better long term ROI due to
improved storage utilization and
scalability
Can increase initial cost of acquisition
and implementation

Gateway NAS Device Connectivity
Internet Firewall Server
Server
IP Network
NAS Head
Management Console
NAS Gateway System

Clients Storage System
= SAN = NAS
NAS Device Design Considerations
Sizing CPU and memory
Consider
Number of concurrent clients (CIFS/NFS) accessing the NAS device
IOPS requirements
Number of concurrent open files
Workload type sequential or random
Data replication requirements
To determine
CPU requirements
Number of NAS devices required
Network port requirements
Memory requirements
Sizing storage capacity

Number and size of new and existing (will be migrated) share/export directories and/or
application files
Consider RAID type when determining disk requirements, what is important to the
organization/application; fault tolerance, I/O performance, or capacity utilization
Determine IOPS required by the application and match to disk capabilities
Size based on IOPS, then capacity
Consider replication requirements
Plan for spare disks for back-up and growth

NAS Storage Sizing Summary
New and/or existing NFS/CIFS data
File system Consider IOPS first, then capacity requirements
capacity
Consider I/O block size on NAS device and existing file sizes
Future growth Based on future needs
Consider usable disk space
RAID factor RAID 1 50%
RAID 5 depends on number of disks in the RAID 5 group
Determine
number of spares To provide redundancy in case of disk failure
required
Snap storage Based on application need for snapshots, the size of the data, and
needed frequency of snapshots
Total storage File system capacity + RAID factor + snapshot requirements + spares
needed
Drive size Choose drive size
Number of drives Total storage needed / drive size
needed

Gateway Solution Considerations
Analyze current SAN implementation
How busy is current storage device (specific values vary by vendor)
Number of IOPS
Depends on disk device and I/O size
Queue depth should be < 10
Device % utilization should be < 70%
Current cache allocation (read vs. write)
No forced flushing
SAN workload characterization
Read or Write
I/O size
Sequential or Random
Sequential if read throughput = read cache hits/sec
Large I/Os are often sequential
Typical NAS workload (random, multi-threaded, large working set size)

interferes with sequential SAN workload
Design considerations for NAS/SAN sharing
Dedicate spindles to SAN and NAS workload
Are enough spindles available
Determine if cache configuration is appropriate for both environments
Storage Performance Considerations
Workload Characterization
Volume Manager
aggregates LUNS
File system
Storage LUNS
LUN LUN LUN LUN presented

to NAS Device
4+1R5 4+1R5 4+1R5 4+1R5
Maximize number of spindles for best random performance

NAS Device High Availability Design
Cluster
Data flow prior NAS Device
to node failure
Node failover
X
Active Node
transparent Active Node

to clients
Active Node
Data flow after
node failure Standby Node

What is the difference between an Integrated and Gateway NAS
solution?
Which NAS type would you deploy if you already have a SAN and
storage array?
Which NAS type is the simplest to deploy?
You are designing a NAS Gateway solution for the CME Corporation
that will consolidate several Windows file servers onto one NAS
Device. CME would like the Gateway to use storage capacity
available on an existing SAN with the following performance
characteristics:
Average Disk Utilization % 80%
Read throughput = Read cache hits per second
Average queue depth 12
What is your recommendation to CME?

Lesson 2: Application Layer Protocols
Identify and describe the commonly used NAS
Application Layer Protocols
CIFS: Common Internet File System
NFS: Network File System

Application Layer Protocols
Two commonly used NAS protocols at this layer
CIFS: Common Internet File System protocol
Traditional Microsoft environment file sharing protocol, based upon the
Server Message Block protocol
NFS: Network File System protocol
Traditional UNIX environment file sharing protocol

NAS File Sharing - CIFS
CIFS, Common Internet File System, developed by
Microsoft in 1996
An enhanced version of the Server Message Block (SMB)
protocol
Operates at the Application/Presentation layer of the OSI
model
Most commonly used with Microsoft operating systems,
but is platform-independent
Uses TCP Port 139 and 445 for communication*

NAS File Sharing - CIFS (Cont.)
Important features of CIFS:
File and record locking prevents multiple users from overwriting the
work that another person is doing on a file or record
CIFS runs over TCP/IP and uses DNS (Domain Naming Service) for
name resolution
CIFS support fault tolerance and can automatically restore
connections and reopen files that were open prior to interruption
Users refer to remote file systems with an easy to use file naming
scheme (\\server\share or \\servername.domain.suffix\share)

NAS File Sharing CIFS Features
Feature Description
File access File operations include open, close, read, write, and seek.
After a file or record is locked, non-locking applications are denied access to the
File and record locking
file.
Safe caching, read-
ahead, and write- Allows read/write access to a file from multiple clients simultaneously.
behind
File change Applications can register with a server to be notified when a file or directory
notification contents are modified.
When client and server first come into network contact, they negotiate the version
Protocol version
(dialect) to be used. Different dialects can include new message types as well as
negotiation
changes to the field formats in other dialects.
Non-file system attributes, such as the author's name, can be added to the built-in
Extended attributes
file attributes, such as creation and modification times.
The protocol supports multi-volume file system sub-trees which look like to clients
Distributed replicated as if they are on a single volume. If the sub-tree files and directories are physically
virtual volumes moved or replicated, the CIFS protocol uses referrals to transparently direct a
client to the appropriate server.
Server name Clients may resolve server names using any name resolution mechanism. Using
resolution the name resolution server DNS, for example, permits access to file systems over
independence the Internet.
Multiple file requests may be grouped into a single message, in order to minimize
Batched requests round trip latencies, even when a later request depends on the results of an earlier
one.
NAS File Sharing - NFS
Three versions of NFS are currently in use
NFS version 2 (NFSv2)
uses the User Datagram Protocol (UDP) to provide a stateless network
connection between the client and server
Locking and other features are handled outside of the protocol

uses UDP or TCP
Stateless Protocol Design
Most commonly used
New features such as: 64-bit file size (>4GB), asynchronous writes,
additional file attributes in replies (to reduce re-fetching)
uses TCP running over an IP
Stateful Protocol Design
Enhanced Security

Which environment typically uses CIFS?
How many versions of NFS are available?
What protocol was CIFS based on?

Lesson 3: Network and Transport Layer Protocols
Describe the network layer functionality of the OSI model
and IP protocol
Explain the transport layer functionality of the OSI model
and TCP and UDP protocols
Describe the use of TCP and UDP ports within a network
infrastructure

Network and Transport Layer Protocol Functions
Internet Protocol is an OSI
Network layer (layer 3) protocol Layer Name
which provides the routing and
7 Application
logical paths for transmitting data
between nodes 6 Presentation
However, for effective and 5 Session
reliable data transfer between 4 Transport

nodes, a Transport layer (layer 4)
3 Network
protocol is used.
2 Data Link
The protocols used for this
1 Physical
purpose are commonly
Transmission Control Protocol
(TCP) and User Datagram
Protocol (UDP)

TCP Details
TCP is connection-oriented
3-way handshake is used for connection setup/teardown
TCP is reliable
Acknowledgements indicate delivery of data
Checksums are used to detect corrupted data
Sequence numbers detect missing, or mis-sequenced data
Corrupted data is retransmitted after a timeout
Mis-sequenced data is re-sequenced
Flow control prevents over-run of receiver
Buffer overruns are a source of exploits on Windows servers
TCP uses congestion control to share network capacity

among users
UDP Details
Different from TCP
Connectionless packet delivery
Unreliable
Best effort
Uses checksumming for packet integrity checking. Any packet that
fails checksum is simply discarded without further action

Parallel Resource Utilization
A computer running a TCP/IP stack must be able to
allocate bandwidth to several programs executing in
parallel
Ports allow multiple applications to communicate
simultaneously
Packet headers specify the source and destination ports

Protocol Port Utilization
A server listening on a specific port directs packets to the appropriate
process
The sending device transmits the packets from a source port, which is
used to direct return packets
Reply
Request Source 2.2.2.2 445
Source 1.1.1.1 3822 Destination 1.1.1.1 3822
Destination 2.2.2.2 445
Client
NAS
1.1.1.1
2.2.2.2

Name two Transport Layer protocols
Which Transport Layer protocol is connection-oriented?
What is a source port used for?

Lesson 4: Switching, Routing and Addressing
Identify and describe the important Network connectivity
concepts of:
Switching
Routing
Addressing

NAS Networking Concepts: Routing
#2
3 hops
switch
switch
#1
0 hops
NAS Networking Concepts: Routing (Cont.)
Routing: Directing data from one network to another in
order to reach its destination
Routing occurs at layer 3

NAS Networking Concepts: Switching
LAN switches can link multiple network
connections together
Layer 2 device Layer Name
Learns MAC addresses of devices attach 7 Application

ed to each port
6 Presentation
Each switch port is a collision domain
Each switch 5 Session
port has dedicated bandwidth
4 Transport
Maximum availability for the least cost
Reduce effects of collisions on available 3 Network
bandwidth
Reduce effect of broadcasts on available 2 Data Link
bandwidth
Deploy network hardware (media/switches/ 1 Physical
routers) to overcome bottlenecks
& meet bandwidth requirements

NAS Networking Concepts: Switching (Cont.)
LAN Switching Operation
When a switch starts up, it sends a broadcast out of all ports to learn
host MAC addresses connected to it
Addresses are added to a switching table mapping them to the port
on which they were learned
When a frame is received from a known destination, it is switched to
the appropriate port
Stores MAC address table
Used as frame buffer
Used to queue frames when switch ports are operating at different
speeds e.g. 10 and 100 Mbps

IP Addressing Schemas
IP v4 is made up of three required components
Address: built out of a 4 octet (32 bit address)
Subnet mask: uses another 4 octet address to mask specific
addresses into environment addresses
Node MAC (Media Access Control) address: assigned to the
interface card/port by the manufacturer
A fourth component, which is required for inter-network

communication, is the default gateway address. This is
a dedicated address of a device that can forward network
traffic onto other networks for delivery

What layer of the OSI model does a router operate at?
What is a collision domain?
What is a router?

Lesson 5: Network Performance
Identify and discuss the concept of Bandwidth and Latency
Identify and describe some commonly used methodologies for
Network performance enhancement
Port/Link aggregation
Jumbo packets and MTU considerations
Virtual LANs (VLANs)
Gigabit Ethernet
Use flow control to maximize network efficiency

Determine causes of packet retransmissions and resolve
Diagnose and eliminate buffer overflows
Design for network high availability
Bandwidth and Latency
Bandwidth is the information carrying capacity of a medium
In a network, latency (a synonym for delay) is an expression of how
much time it takes for a packet of data to get from one designated
point to another
Factors affecting latency are:
Propagation: This is simply transmission of signals though a medium e.g.
electrical impulses through copper cable, light pulses through fiber, etc.
Transmission: The medium itself (whether optical fiber, wireless, or some
other) introduces some delay. The size of the packet introduces delay in a
round trip since a larger packet takes longer to receive and return than a
short one
Router and other processing: Each gateway node takes time to examine
and possibly change the header in a packet (for example, changing the hop
count in the time-to-live field).
Other computer and storage delays: At each end of the journey, a packet
may be subject to storage, processor or memory bottlenecks

Causes of Latency
NAS Clients
6
7 1
3
3
4 4 4
5
7 3
3
qu est
in Re
Log 2 NAS Device
Directory Services
Server
Latency is an expression of how much time it takes for a

packet of data to get from one designated point to
another. Latency issues are not always solved by adding
additional bandwidth.
Gigabit Ethernet
Consider implementing a Gigabit Ethernet and jumbo
frames if network bandwidth is constrained
Compatible with existing Ethernet technology
Increase bandwidth from 100 Mbps to 1000 Mbps
Generally used in high speed backbones today
Some Gigabit Ethernet to workstation

Link Aggregation - High Availability LACP and 802.3ad
Link aggregation is the combining of
two or more data channels into a
single data channel for high
availability
Two Methods: IEEE 802.3ad LACP or LINK
Cisco Etherchannel
Does not increase single client LACP
throughput
Compatible
If one port fails others continue to Switch
function NAS Device
IEEE 802.3ad LACP
Industry standard IEEE 802.3ad
Combines 212 Ethernet ports
into a single virtual link
Channel
Cisco Etherchannel
Combines 2, 4, or 8 Ethernet ports into
a single virtual channel
Inter-operates with Ethernet Etherchannel
PortChannel-capable switches Capable Switch

Link Aggregation
To offset some performance drawbacks, link aggregation
can be used
There are several ways to aggregate links in a networking
environment:
Inter-switch
Switch to end-node
Benefits of aggregation
Higher link availability
Higher link capacity
Offset immediate need for technology upgrade

Network High Availability Design
Link Aggregation
LACP or Cisco Port Channel
LAN
NAS
NIC Ports
Device
Standby
Redundant Paths

Virtual LANs (VLANs)
A logical segmentation of a physical network
Group of end stations with a common set of requirements
Independent of physical location
Controlled Broadcast Activity
Workgroup and Network Security
VLANs can span single-building infrastructures, interconnected
buildings, or campus networks
Benefits
Increased performance
Improved manageability
Network tuning
Physical topology independence
Increased security options
Reduce hardware requirements

VLANs
VLAN Components
Switches that logically segment connected end stations
Routers that extend VLAN communications between workgroups
Transport protocols that carry VLAN traffic across shared LAN and
backbones
VLAN 1
Switch 1 Switch 2
Router
VLAN 3 VLAN 3
VLAN 2

VLAN Tagging
Tagging is a process that inserts a NAS Device
marker (called a tag) into the Ethernet
NAS
frame
Tag contains identification number of Trunk link
VLANs
a specific VLAN, called the VLAN id 10, 20, 30, 40
Using tags, multiple VLANs can span Trunk link

VLANs 10, 20
multiple switches
Trunk link
VLANs 30, 40
Benefit of tagged VLANs is the ability
for a port be a member of multiple
VLANs
Hosts that support VLAN tagging can
have virtual interfaces on multiple Marketing Sales Engineering HR
VLAN VLAN VLAN VLAN
networks 10 20 30 40

MTU Size and Jumbo Frames
MTU = MSS + IP and TCP Header
Common Jumbo Frame MTU size = 9000
IP/TCP Headers = 40 bytes MSS = 8960 bytes
IP and TCP Headers MSS
Standard Ethernet MTU size = 1500
IP/TCP Headers = 40 bytes MSS = 1460 bytes
IP and TCP Headers MSS

Jumbo Frame Performance
Server Utilization improves
Larger frames mean fewer
frames resulting in less interrupts
from the NIC
Fewer CPU cycles required for
moving data from network to
memory
Router efficiency improves

Larger frames mean fewer
headers to examine and process
Network efficiencies
Less header overhead

Network MTU Considerations
The MTU of a transaction is negotiated end to end, and is determined by
the smallest MTU on the route and is generally referred to as the path
MTU
Problem
Two end stations may have successfully negotiated an MTU size of 9,000 bytes,
but an intermediate network does not support extended frame sizes. As a result:
Router fragments the packets
End station has to reassemble
If dont fragment bit is set, packets are dropped and a smaller MTU size is used
1500 MTU
Node A 9000 MTU Node D
Node B Ethernet Node C
9000 MTU
Ethernet
Ethernet

Post-Implementation Tuning - Flow Control
The purpose of flow control is to match the sending and
receiving device throughput
NAS Device
s to switch 3. End session,

switch 1. Data flow
wait required
2. Congested, time before
Pause sent
4. Send da sending
ta

Causes of TCP Retransmissions
Physical link errors
Duplex mismatches
Buffer overflows
Send packets 1, 2, 3
Packets 1, 2, 3 acknowledged
Send packets 4, 5
Packet 4 acknowledged
Retransmit packet 5

Identifying Link Errors
netstat command: netstat (network statistics) is a
command-line tool that displays network connections
(incoming and outgoing), routing tables, and a number of
network interface statistics
Windows example
Linux example

Speed and Duplex Settings
Duplex mismatch is most common performance issue and is easily resolved
Speed mismatches may result in no connectivity
Duplex mismatches typically result in degraded network performance, intermittent
connectivity and data link errors
Autonegotiation is an attempt to reduce speed/duplex mismatch. Autonegotiation
often results in mismatch because of incompatibility among vendor implementations
This configuration results in a duplex mismatch

HDx auto auto FDx
switch
Resolution: configure consistent

speed/duplex settings end-to-end
Speed/Duplex Autonegotiation
Cisco Catalyst Speed and Duplex Configuration Examples**
Configuration Configuration Resulting Resulting
Comments
NIC Switch NIC Catalyst
1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps Correct manual
Full duplex Full duplex Full duplex Full duplex config
100 Mbps 1000 Mbps Speed

No Link No Link
Full duplex Full duplex mismatch
100 Mbps 100 Mbps 100 Mbps Duplex
Auto
Full duplex Full duplex Half duplex mismatch
100 Mbps 100 Mbps 100 Mbps Duplex
Auto
Full duplex Half duplex Full duplex mismatch
1000 Mbps 1000 Mbps
Auto Auto *
Full duplex Full duplex
* Assuming maximum capability of Catalyst switch, and NIC is 1000 Mbps, full duplex
** Cisco.com

Buffer Overflow
100Mb Link (1 cable) Buffer GigE Link (1 cable)

Overflow
1 0 1 0
NAS
Client 0 1
1 0
Device
Switch
Buffer overflows occur when a receiving device cannot

accommodate the speed with which data is being transmitted to its
memory buffer
For example, if a 100 Mbps client is reading from a Gigabit
connected NAS Device, the output buffer on the clients switch port
can be overrun causing packet loss and retransmissions
Improving TCP Performance
Window Size
The amount of outstanding (unacknowledged by the recipient) data a
sender can send on a particular connection before it gets an
acknowledgment back from the receiver
Set Window size as follows
Window size = available network bandwidth * Round Trip Transmit Time
Example Given a 100 Mbps network and 5 ms RTT
100 Mbits/sec x .005 seconds / 8 bits/byte = 62,500 bytes
Window Scaling
Used to increase the maximum window size from 65,535 bytes to 1
Gigabyte
SACK: Selective Acknowledgement
Data receiver can inform the sender about all segments that have arrived
successfully, so the sender need retransmit only the segments that have
actually been lost
Check Your Knowledge - 1
What is the size of a typical jumbo packet?
What is a VLAN?
What is VLAN tagging?

CME is experiencing poor network performance. Given
the following configuration, what might the problem be?
VLAN 5
Gigabit Ethernet
Full Duplex
MTU = 9000
Gigabit Ethernet
Full Duplex
MTU = 1500
Gigabit Ethernet
VLAN 7 Full Duplex

Gigabit Ethernet MTU = 9000
Full Duplex
MTU = 9000

Explain these causes of network latency
NAS Clients
6
7 1
3
3
4 4 4
5
7 3 3 st
ue
Req
in
Log 2 NAS Device
Directory Services
Server

Lesson 6: Security
Identify and describe some commonly used security
descriptors in the Windows and UNIX environments
Identify and describe several network security
components used today, including:
Kerberos
Firewalls
Describe the role of directory services

Lightweight Directory Access Protocol (LDAP)
Active Directory (AD)
Network Information System (NIS)

NAS File Sharing: ACLs and Permissions
ACLs (Access Control Lists): Windows related
Permissions: Unix related
Permissions/ACLs represent privileges required to
access resources
ACL includes the object owner information
Windows ACLs and UNIX permissions are maintained for
every file and directory

NAS File Sharing: Windows ACLs
Windows only supports static access control.
authorization information is statically assigned to the resource
static information is used to determine whether access is granted
Access control information is commonly called an access

control list (ACL)
Comprised of multiple entries called access control
entries (ACE)
ACE is usually comprised of two pieces of information:
identity given (or denied) access
level of access given (or denied)

NAS File Sharing: UNIX Permissions
Permissions tell UNIX what can be done with that file and by whom
Common Permissions
Read
Write
Execute
Every file and directory (folder) has three access permissions:
rights for the file owner
rights for the group you belong to
rights for all others in the faculty
File or Directory permission looks:
# rwx rwx rwx (Owner, Group, Others)
# : d for directory, - for file
Permission can be changed using:
chmod : Change permission of a file/directory
chgrp : Change group of a file/directory
Directory Services
Directory services provide authentication and/or
authorization services for an environment
Centralized location for user accounts
Eases management
Enable single sign-on capabilities
Three popular directories

Lightweight Directory Access Protocol (LDAP)
Active Directory
Network Information Service (NIS)

LDAP: Lightweight Directory Access Protocol
Administrators
Servers
Users, Groups,
Access Control,
Services,
Certificates,
Preferences
Devices
Clients

Microsoft Active Directory
Part of Windows 2000/2003
Tightly integrated with Microsoft products
Provides a standard LDAP interface for programmatic
access and interoperability with other operating systems

NIS
r
s erve
Secondary NIS ce
s our Primary NIS
Server t he re Server
ott n
Permissions File
c l ien d o mai
e IS
f or th t h eN Permissions File
ns s fro
m
i ssio i o n
erm iss
th ep e p erm
s th
eturn t es for
in r oga
o ma i n terr
r
Resource NIS D Serve
)
3 our c e
Server es
2 R
)
FILE 1) Client requests access to a resource
4) Resource Server grants the Client access to the resource.

Client
NIS: Network Information Service (yellow pages) is the mechanism where

user or group security information is stored on a central server and all
resource servers query these servers before granting access to resources.
This relieves the necessity of setting up multiple security structures on
many servers
Authentication and Authorization
Windows and UNIX Considerations
Authorization
NIS Server
UNIX object
NAS Device
UNIX Client -rwxrwxrwx
UNIX Authentication
Windows object
User root ACL
Network
SID abc deny write
Windows Client
Windows SID xyz allow write
Authentication
Validate DC/NIS connectivity and bandwidth
User SID - abc

Multi-protocol considerations
Windows Domain Controller

Active Directory (LDAP)
Kerberos, CHAP
Kerberos
Kerberos is a network authentication protocol
Kerberos protocol uses strong cryptography so that a client can
prove its identity to a server (and vice versa) across an insecure
network connection
In Kerberos, all authentication takes place between clients and
servers
"Kerberos client" is any entity that gets a service ticket for a
Kerberos service. A client is typically a user or host
"Kerberos server" generally refers to the Key Distribution Center
Kerberos support is a "true" Kerberized application that uses
Kerberos tickets to verify identity and/or encrypt data
Kerberos makes no provisions for host security
Actual verification of a client's identity is done by validating an
authenticator. The authenticator contains the client's identity and a
timestamp

Kerberos V5 KDC: Key Distribution Center
TGT: Ticket Granting Ticket
TKT: Service Ticket
KDC
Windows Client ID Proof (1)
TGT (2)
TGT + server-name (3)
KerbC (KerbS TKT) (5)
Ke
rb
Se S T
ss KT
io (6 (4)
n
ID )
(8
)
NAS Device
keytab (7)
CIFS Active
Service CIFS Server Directory

Kerberos V5 (Cont.) KDC: Key Distribution Center
TGT: Ticket Granting Ticket
TKT: Service Ticket
KDC
Windows Client ID Proof (1)
TGT (2)
TGT + server-name (3)
KerbC (KerbS TKT) (5)
Ke
rb
Se S T
ss KT
io (6 (4)
n
ID )
(8
)
NAS Device
keytab (7)
CIFS Active
Service CIFS Server Directory

Network Layer Firewalls
Network layer firewalls generally make decisions on traffic filtering based upon:
Source address
Destination address
Ports used
They route traffic directly, but are usually fast and transparent to users on the
network
DMZ is a common firewall implementation
Private
Internet
Network
DMZ
What type of privileges are used on a Windows file
system?
Which Kerberos component is responsible for providing
tickets?
Which directory service is primarily used by Microsoft
Windows PCs?

Lesson 7: Migration Considerations
Describe the steps and concerns related to migrating
existing data onto a NAS device

NAS Migration Considerations - 1
Summarize Current Migration Environment
Review
Current storage configuration
Data layout
Contents of source file servers to be migrated
Document all file systems and shares to be migrated
Server Readiness
Document all server names, location, OS, and network connections including IP configuration
and speed/duplex settings
Determine if there is a priority for migration
Determine the destination size for each designated migration file system
Determine if it is possible to move several paths in parallel
Document access control requirements for each file system to be migrated
Determine if source file servers can be backed up and restored before data migration
Determine if any file system merging is required
Determine if the share protocols on the source are compatible with NAS Device capabilities
Network Evaluation
Estimate bandwidth requirements
Create a schedule for the migration
Review network infrastructure

Analysis and Planning
Determine NAS storage capacity requirements based on:
Number and size of file systems to migrate
Performance requirements
Expected growth patterns
Map the NFS/CIFS source file server to the destination NAS Device and its associated
file system
Review results of network evaluation
Assess the impact of network utilization
Identify areas of concern
Determine if any network changes are required and how that might affect the migration
schedule
Based on the information from the network evaluation, determine whether any
enhancements to the network are required such as;
Enabling a private network for data migration
Adding trunking options
Upgrading other portions of the network infrastructure
Determine the methodology for migration

Analysis and Planning (cont.)
Develop a data migration strategy/plan
Determine if parallel data streams can be implemented
Determine the migration strategies to use for all servers being migrated
Consider how IP configurations will be assigned to the NAS Device
Identify the order in which the file systems should be processed
Ensure the migration schedule takes into account production schedules,
periods of downtime or minimal activity, and maintenance windows
Consider intermediate checkpoints in large migration efforts
Provide contingency plans for unplanned outages or other circumstances
Reconfirm the necessary resources and costs to perform a
successful migration
Reconfirm the migration schedule and available migration window
Assess potential risks, and determine risk mitigation strategies
Define plans for migration verification testing
Module Summary
NAS Devices
NAS Topology/Connectivity
NAS Performance
NAS Security
NAS File Sharing

Module 2.3
IP-SAN Hybrid Technologies

IP-SAN Hybrid Storage Technologies
Identify block level IP devices and components
Discuss block level IP topologies and connectivity
Describe block level IP security features

Lesson 1: Block Level IP Storage Review
Identify and discuss the various options for block level IP
solutions

Block Storage Over IP Overview: Technologies
iSCSI
SCSI over IP
IP encapsulation done on host / IP FC
HBA(host bus adapter)
Hardware-based gateway to Fibre IP IP
Channel storage
FCIP
Fibre Channel-to-IP bridge / tunnel
FC IP IP IP FC
(point
to point)
Fibre Channel end points
FC/ IP/
iFCP IP FC
IP as the inter-switch fabric IP
FC/ IP/
Fibre Channel end points IP FC

Sample Uses for Hybrid Storage Technologies
WAN
LAN LAN
Business Critical
Applications
FCIP/iFCP
iSCSI Remote Office
Mission Critical
Applications
Fibre iSCSI
FibreChannel
Channel Fibre
Fibre
Channel
Channel
DR Site

Lesson 2: Block Level IP Storage - iSCSI
Identify devices used in an iSCSI implementation
Explain the topology of an iSCSI solution
Assess security options for an iSCSI solution

iSCSI: Components
iSCSI host initiators
Host computer using a NIC or iSCSI HBA to connect to storage
iSCSI initiator software may need to be installed
iSCSI targets
Storage array with embedded iSCSI capable network port
FC-iSCSI bridge
Ethernet LAN for IP storage network

Interconnected Ethernet switches and/or routers

iSCSI Components: Host
Three options for iSCSI configuration:
Software Initiators
Code that can be loaded onto a host to provide the translation between
the storage I/O calls and the network interface
TCP Offload Engine (TOE)
Moves the TCP processing load off the host CPU onto the NIC card, to
free up processing cycles for application execution
iSCSI HBA
A network interface adapter with an integrated SCSI ASIC (application-
specific integrated circuit)
Simplest option for boot from SAN

Sample Initiator Configuration
When target is initially

discovered, it is Inactive
LUNS available to iSCSI Host

iSCSI Connectivity: Native iSCSI
Target
Initiator
IP
iSCSI Network
10.127.50.162
No FC components
Each iSCSI port on the array is configured with an IP
address and port number
iSCSI Initiators Connect directly to the Array

Network Portals and Portal Groups
iSCSI Enabled Storage Device

Target 1 Target 2
Portal Group 1 Portal Group 2 Portal Group 3
10.168.0.111:3260 172.24.81.13:3262
192.168.0.15:3269
172.24.81.12:3261 192.168.0.14:3262
Network Interfaces
iSCSI transmissions from initiator

iSCSI Connectivity: Bridged iSCSI
iSCSI FCP
iSCSI
IP Fibre Channel
Network Fabric
iSCSI
Initiator -
10.127.10.1
Bridge
Target -
FC Initiator FC Target
10.127.10.2
Bridge device translates iSCSI/IP to FCP

Standalone device
Integrated into FC switch (multi-protocol router)
iSCSI initiator/host configured with bridge as target

Bridge generates virtual FC initiator
iSCSI Connectivity: Combination iSCSI & FC
iSCSI FCP
iSCSI Fibre Channel

IP Fabric
Network
iSCSI Initiator iSCSI Target FC Target

FC Host
Array provides FC and iSCSI connectivity natively

No bridge devices needed

iSCSI Discovery
SendTargetsDiscovery
Target
Initiator
IP
iSCSI Network
iSNS Initiator
iSCSI Target
Initiators IP
Targets Network
portals
iSNS server iSCSI
Initiator

CHAP
Challenge-Handshake Authentication Protocol (CHAP)
authenticates a user to a network resource
CHAP is not an iSCSI specific security function
Widely used by many network devices and vendors
Implemented:
One way
Authentication password configured on only one side of the connection
OR
Two way
Authentication password configured on both sides of the connection,
requiring both nodes to validate the connection e.g. mutual
authentication

One-Way CHAP Authentication
One-Way CHAP Authentication
Target
1. Initiates a logon to the target

Initiator
2. CHAP Challenge sent to Initiator
3. Takes shared secret

calculates value using
a one-way hash function
4. Returns hash value to target
5. Computes the expected hash value

from the shared secret. Compares
to value received from initiator.
6. If values match, authentication acknowledged

Two-Way CHAP Authentication
Two-Way CHAP Authentication
Target
1. Initiates a logon to the target

7. CHAP Challenge sent to Target
Initiator
2. CHAP Challenge sent to Initiator
9. Returns hash value to Initiator
4. Returns hash value to target

to value received from target.
to value received from initiator.

iSCSI Protocol Stack
OSI Model iSCSI Initiator iSCSI Target

Commands
Layer 7 SCSI And Data SCSI
Application
Login and
Layer 5 Discovery
iSCSI iSCSI
Session
Windows and
Layer 4 Segments
TCP TCP
Transport
Layer 3 Packets
IP IP
Network
Layer 2 Frames
Ethernet Ethernet
Data Link
IP
IP TCP
TCP iSCSI
iSCSI SCSI
SCSI Data
Data

iSCSI Protocol Data Unit
Basic Additional Header

IP TCP Header
Header Header Data Data
Header Header Digest
Segment Segment Digest
iSCSI PDU
TCP Segment
IP Packet

Fibre Channel Frame TCP Packet iSCSI PDU
FC Frame
iSCSI PDU

SCSI to iSCSI Mapping

Ordering & Numbering
CmdSN CmdSN
StatSN StatSN StatSN
PDU #1 PDU #1 PDU #1
PDU #2 PDU #2
PDU #3 PDU #3
PDU #4
Every iSCSI PDU message is numbered

Commands are numbered by CmdSN and are unique per iSCSI
session
Status is numbered by StatSN and are unique per TCP connection
Data are numbered by DataSN and are unique per command
iSCSI Names
All initiators and targets require a unique iSCSI identifier
Two types of iSCSI names
iqn.: iSCSI Qualified Name
iqn.1992-05.com.emc:apm000339013630000-10
eui.: Extended Unique Identifier
eui.02004567a425678a

What is the difference between a native and bridged
iSCSI implementation?
Explain the benefits and drawbacks of using: NIC, TOE
and iSCSI HBA
Describe the CHAP authentication process in a one-way
and two-way environment
Name two iSCSI discovery mechanisms
What are two types of iSCSI names, and which one is
similar to a Fibre Channel name?

Lesson 3: SAN Extension
Identify the topology of an FCIP and iFCP solution
Describe security options for an FCIP and iFCP solution

FCIP (Fibre Channel over IP)
FCIP is an IP-based storage
networking technology
FCIP combines the
advantages of Fibre Channel
and TCP/IP
FCIP enables the
transmission of information
by tunneling data between
SAN facilities over IP
networks
Facilitates data sharing over
a geographically distributed
area
FCIP is designed to be
transparent to Fibre Channel
FCIP Protocol
Transparent Operation for Local & Remote SANs
Only FCIP Gateway must be aware of FCIP encapsulation
Appears like FC to the SAN, and IP to the LAN/MAN/WAN network
Fibre Channel Frame

FC
CRC
SOF
EOF
Header SCSI Data
FCIP Encapsulation
IP TCP FCIP
IP Payload
Header Header Header
IP Packet

FCIP: Topology
GigE Links
FC Port
FC Port FCIP
L2 L2 L2 L2 L2 L2
L2 L2 IP Network L2 L2
(LAN/WAN)
IP Address A IP Address B
Edge Fabric A Edge Fabric B
FC Router is used to encapsulate FC frames in IP

packets
FC Router at other end removes IP wrapper and sends
FC data to L2 fabric

FCIP: Performance & Security
FC IP IP FC
L2 L2 L2 L2 L2 L2
IP
Networ
L2 L2 L2 L2
k
FC FC
IP IP
AP-7420B
Ensure IP connection can accommodate the added traffic

Redundant IP links can increase bandwidth in addition to reliability
Various security options can be implemented

IPSec

iFCP (Internet Fibre Channel Protocol)
iFCP is an IP-based
storage networking
technology
Replaces the FC-2
layer with Ethernet
Accommodates an
unreliable IP
infrastructure
Provides device-to-
device communication
instead of SAN-to-SAN
communication

iFCP Protocol
Maps fibre channel frames to a predetermined TCP
connection for transport
FC messaging and routing services are terminated at the
gateways so the fabrics are not merged into one another
Dynamically creates IP tunnels for FC frames

iFCP: Topology

iFCP Addressing and Routing
Two Modes of Operation
Address Transparent Mode
N_Port address scope is fabric wide
Simplified administration
Inefficient if Gateway N_Port count is low
Gateway Region Local Mode
N_Port address scope is local to the Gateway
More administration
Efficient for small environments
Scales well and provides a stable environment

iFCP Gateway Architecture
Includes the FC domain
and IP domain
FC devices are connected
to iFCP fabric through
F_Ports on the Gateway
Gateway presents remote
N_Ports as directly
attached
Gateway presents locally
connected N_Ports as
logical iFCP devices on the
IP network
What is the difference between FCIP and iFCP?
Which protocol offers better stability over unreliable
network links?

Lesson 4: Name and Discovery Services
Identify the topology of iSNS and SLP
Describe the functionality of iSNS and SLP

iSNS (Storage Name Service)
Registration, discovery and
management of networked
storage assets
Unified service framework for
topology discovery
iSCSI & iFCP
Extensible to FCIP and other IP
storage protocols
Zoning: iSNS maintains access
control policies for registered
targets and initiators
Asynchronous notification of
zoning and topology changes
Lightweight protocol deployable
in servers, switches and targets
iSNS Structure - 1

iSNS Structure - 2
Management Platform
iSNS can be integral to

the cloud or management
station
Device B
2
EMC
S Y MME T R
I X
iSNS
iSNS
EMC
2
SY M ME T R
I X
Device A
Two
Discovery
Host A Domains
Host B Host C
Domains are similar to Fibre

Channel zones, e.g., Host C
will not discover Device B
Service Location Protocol (SLP)
A discovery mechanism with minimal configuration
A good choice for small or medium networks
The Service Agent advertises the iSCSI address as URL:

iSCSI://<domain name>[:<port>]/<iSCSI-name>
<domain name> = IP address
<port> = optional and can be the IANA assigned (3260)
<iSCSI-name> = target iSCSI name
This address is primarily used for discovery

SLP Example
Management Code
SLP iSCSI TCP/IP

UA Initiator SLP iSCSI
UA Initiator
TCP/IP
IP Network Management Code
SLP
Directory
Agent

Module Summary
Block level IP devices and components
Block level IP topologies and connectivity
Block level IP security features

Module 2.4: Case Study
Technology Design Considerations

Case Study: Technology Design Considerations
Describe the steps and concerns related to implementing
an appropriate NAS/IP-SAN solution

Case Study: Microsoft Applications and File Servers
Current Deployment
4000 mailboxes on 4 Exchange servers
20 file servers
NFS and/or CIFS clients
2 Terabytes of direct-attached storage hosting SQL databases
Exchange servers
Outlook users
file clients
LAN
LAN SQL server

back-up
2007 EMC Corporation. All rights reserved. File servers

Current Issues
Issues
Poor utilization
Difficult to scale
High management cost
Inefficient back-ups
Other Considerations
System administration team very knowledgeable on IP networks
Minimum disruption and investment on server infrastructure
The organization is currently on Exchange 2000 and they have
decided to move to Exchange server 2003 in the next 12 months.
Block level access to exchange servers data is stated as a best
practice by the corporate IT team

User Requirements
Improved utilization
Improved data availability
Leverages the existing LAN infrastructure
LAN-free back-ups
Total cost of ownership lowered
File servers to be freed up for re-use and re-deployment
in another facility of the same organization

Deliverables
Design a solution to meet the user requirements
Provide an architecture that will consolidate the storage
environment and meet the user requirements
Explain how the design lowers the total cost of ownership
and how it addresses the current issues
Make a short presentation on your design

Considerations - 1
Based on network analysis, you find that the network is
very heavily utilized, primarily because of excessive
broadcast and Exchange traffic. What could you do to
resolve the utilization issue?
How would you design high availability into your solution?
What back-up solution would you propose and why?

Considerations - 2
How would you determine how many disks are required
for your storage solution?
What type of RAID configuration would you propose and
why?
Why would your solution be more easily managed than
the existing environment?

Considerations - 3
Describe the security mechanisms in place for your
solution
What needs to be considered regarding the migration of
CIFS/NFS data to the new solution?

Module Summary
The steps and concerns related to implementing an
appropriate NAS/IP-SAN solution

Section Summary
Key points covered in this section are:
Fundamental architecture and components of a Fibre Channel SAN
Fibre Channel Protocol stack, functions of each layers, SAN theory
of operations and Fundamental design principles of SAN
Host-specific and array-specific considerations for SAN connectivity
SAN security mechanisms and VSANs
NAS Devices, NAS Topology/Connectivity, NAS Performance, NAS
Security,NAS File Sharing and Related Technologies
Block level IP devices and components, topologies & connectivity
and security features

Storage Networking Design and Management - Session 3

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Storage Networking Design and Management - Session 3

Uploaded by

Copyright:

Available Formats

Storage Networking

Design and Management

Section 2: Technology Design Considerations

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

SAN Technology Design Considerations

2007 EMC Corporation. All rights reserved.

Describe SAN security features

2007 EMC Corporation. All rights reserved.

Networked I/O channel allows

Distance limitations greatly increased

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

Cables SCSI Controller HBA HBA

Illustrate data flow between layers

2007 EMC Corporation. All rights reserved.

OSI layer # function IP Networking Fibre Channel

4 transport TCP, UDP Mapping Layer (FC-4)

1 physical media media (FC-0)

2007 EMC Corporation. All rights reserved.

FC layer Function SAN-relevant features specified by FC layer

FC-1 encode/decode 8B/10B encoding, bit and frame synchronization

FC-0 physical layer media, cables, connectors

2007 EMC Corporation. All rights reserved.

Defines the format and structure of protocol-specific information

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

FC Address is assigned during Fabric Login

SOF Frame Header Data Field CRC EOF

2007 EMC Corporation. All rights reserved.

SOF Frame Header Data Field CRC EOF

2007 EMC Corporation. All rights reserved.

SOF Frame Header Data Field CRC EOF

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

Defines the following constructs:

Standard optical media specifications

2007 EMC Corporation. All rights reserved.

Widely used for back-end connectivity of storage arrays

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

Domain ID assignment is a two-step process:

2007 EMC Corporation. All rights reserved.

Location of Principal Switch is critical to fabric stability

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

Motivation for BB_Credit: to improve link bandwidth use

2007 EMC Corporation. All rights reserved.

2007 EMC Corporation. All rights reserved.

Applications have differing requirements for:

2007 EMC Corporation. All rights reserved.

Class 5: Isochronous Service

2007 EMC Corporation. All rights reserved.

Fabric Login (FLOGI)

The HBA and Storage Port each perform Storage Array

2007 EMC Corporation. All rights reserved.

Storage Array 1 Storage Array 2

Fan-out: Number of server HBAs that share a single storage port

Storage Array 1 Storage Array 2

Fan-out: Number of server HBAs that share a single storage port

Fan-out: Number of server HBAs that share a single storage port