Chapter 1.

Networking and Storage Concepts

Basic networking concepts and topologies Need for storage networks Storage devices and techniques Network attached storage (NAS) and storage area networks (SANs) SAN standards organizations

This is the age of the Internet. But a few of us also realize that this is the Store Agethe age of mission-critical, data-intensive applications that have been fueled by the immense popularization of the phenomenon called the Internet. Also, the progress achieved by the multimedia industry has enabled the integration of storage-intensive data, such as audio and video, with common applications, thus making increased demands on the storage capacity. These applications have grown at such a rapid pace that today for many of us the term computing is synonymous with data management. No matter if it's a large corporate organization sprawled across the globe or a small business, all are struggling to keep pace with the ever-growing amount of business data, which might be dispersed all over the network, especially if the network is a wide-area network (WAN). The current scenario has forced the IT industry to re-evaluate the strategy for managing the existing storage infrastructure and to accommodate the staggering amount of data in the future.

1B. Basic Networking Concepts and Topologies

What is known as the Internet today started in early 1968 as a connection of four computers as a part of the project funded by the U.S. Department of Defense (DoD). This network was known as Advanced Research Project Agency Network (ARPANET). With the realization that communication through networks is the fastest and cheapest way to communicate with other computers, many hardware and software vendors jumped on the bandwagon. Soon a wide range of hardware and software network products was available in the market. To avoid the incompatibility between various products and the monopoly of a product, a need for common standards of communication, which ensures that the inter-connected machines communicate successfully, was realized. These standards are known as protocols. Transmission Control Protocol/Internet Protocol (TCP/IP) is one of the most widely used protocols to date. Likewise, a theoretical model was developed that established a way to communicate about communication solutions for networks. This model is known as the Open System Interconnect (OSI) reference model. The following section discusses OSI.

1B. The Need for Storage Networks

This is the age of mission-critical, storage-intensive applications that with the advent of the Internet and popularization of e-commerce have forced businesses to provide 24-hour, 7-days a week data availability to their customers. 24/7 worldwide data availability ensures that users can access data at any point of time. This means that the storage infrastructure must always be ready to handle transaction data. Some of the applications that need to deliver 24/7 services include the following:

Online trading and transactions NOTE Popular online trading sites, such as Amazon.com, register a high number of hits and orders on a per-hour basis. All the user registration and order information needs to be stored, verified, and modified. This makes online transactions and trading storageintensive.

E-commerce transactions (B2B and B2C) Enterprise Resource Planning (ERP) Managing Information Systems (MIS) Data warehouse and data mining systems Web-based e-mail NOTE Details of the huge number of users using Web-based mail services, such as Hotmail and Yahoo, need to be stored and managed. This makes Web-based e-mail highly storage-intensive.

Multimedia applications Internet downloads

1C. Storage Devices and Techniques

Storage infrastructures form the basis of the reliable storage of business data. A wealth of storage devices exists that can be used to store huge amounts of data. These include disks, disk arrays, tape libraries, and optical storage devices, such as compact disks (CDs) and digital versatile disks (DVDs). The following sections discuss each of these.

CD Storage and Libraries

CDs provide the least expensive storage solution. However, a CD's storage capacity (up to a few gigabytes) is less than that of other storage devices. The more data, the larger the number of CDs. Therefore, if the amount of business data is gigantic, managing the number of CDs becomes tedious, if not impossible. A few types of CDs are available in the market that can be used based on the user requirement. These include the CD-R format that can be written onto only once and CD-RW that can be rewritten many times. A collection of CDs that contain business data is known as a CD library .

1D. NAS and SAN

Data-intensive applications and the Internet resulted in a data boom. The amount of data that is being transacted has skyrocketed, which has sent businesses scrambling for reliable solutions that are comparatively low in cost and easy to manage. NAS is being touted as one of the best solutions for small- and medium-sized businesses because it effectively addresses the problem of data storage. Storage area networks (SANs), the most recent storage solution technology in the market, were developed to deal with enormous amounts of data securely and reliably without hampering overall network performance. NAS and SANs are introduced in the following sections. The focus of this book is on SANs, but as you'll see, NAS is worth mention, and a comparison of the two demonstrates the possibilities of SANs.

1E. SAN Standard Organizations

Although fast emerging, the SAN technology is a relatively new technology. Most of the SAN solutions that are currently available in the market are standalone and cannot boast seamless compatibility. However, many vendors, industry associations, and standards organizations are working toward common industry standards to ensure interoperability between SAN devices, software, and solutions provided by various vendors. Some of these associations and standards bodies are actively involved in the development of a commonly accepted SAN technology. Standard organizations are SNIA, FCIA, ANSI, IETF, SCSITA, and InfiniBandTA. The Storage Networking Industry Association (SNIA) is the primary organization for the development of SAN standards. As a forum of major SAN vendors (IBM, Brocade Systems, Jiro, Hewlett Packard, Fibre Alliance, and so on) and networking professionals, SNIA is responsible for developing and promoting efficient and compatible solutions in the market. In addition, SNIA is also committed to delivering widely accepted architectures, technical reference material, and industry-wide education on implementing the standards through various conferences. SNIA is also actively involved in developing NAS standards.

Chapter 2. Introduction to Storage Area Networks

Evolution and benefits of SANs SAN components and building blocks Data access over SANs

Storage area networks are the future of enterprise storage, period. If your company is heading toward, or has already passed the terabyte mark in storage, it's a prime candidate for a SAN migration. If you are forecasting significant growth in storage requirements, you should develop your SAN strategy now. Excerpted from Building a Storage Area Network, Dave Fetters www.networkcomputing.com/1109/1109ws1.html

2A. Evolution and Benefits of SANs

In the pre-Internet era, storage management was not a big problem. Networks were small in size and businesses were just beginning to realize the potential that computer tech-nologies and networks would have on their operations. The focus was on how to make data processing faster. Small Computer Systems Interface (SCSI) was born out of this need. As reliability and the popularity of computers and computer networks increased, the amount of data that had to be maintained on computers rose proportionately. At this time, storage was embedded in servers. However, a server's storage capacity was severely limited because it could handle only a finite number of storage disks. This limitation caused major bottlenecks when several users tried to access information simultaneously. This gave birth to separate storage devices such as Just a Bunch Of Disks (JBODs), disk arrays, and tape libraries. These storage devices could effectively store huge amounts of data. However, with the growth of server farms, administrators realized that the interactions with these devices were extremely slow if too many users tried to access the same information from an individual server in the group. NOTE A server farm is a group of network servers that are located in physical proximity to each other and that provide services to network clients. Server farms serve to expedite the com-puting process by distributing the workload between individual servers in the group.

2B. SAN Components and Building Blocks

A wealth of devices and components make up a SAN. These include the following:

Servers Storage Interfaces Interconnects Fabric Software and applications

2C. Data Access over SANs

In a network, it is possible that more than one client (local or remote) will request access to the same data simultaneously. The setup of the SAN environment is such that multiple servers belonging to different platforms can access a storage resource at the same time. Data can be accessed from a storage device in the following ways:

Physical partitioning of the storage disk volumes Logical partitioning of the storage disk volumes File pooling Sharing data

Summary
In this chapter, you learned about the evolution of SAN technology. SANs evolved out of the need for fast and secure data access. Until the Internet became a household name, SCSI technology worked fine because data transfers were not bandwidth-intensive. However, the advent of the Internet heralded the era of storage-intensive applications. Managing huge amounts of data became the bane of network administrators. When NAS technology entered the market it stabilized the datamanagement scenario for some time, but it failed to provide a long-lasting solution. Thus emerged the SAN technology of today. The technology is young, but it is gaining fast industry-wide acceptance. SANs are slowly becoming the darling of network administrators and managers because they are effectively helping them to combat the ever-threatening problems related to storage management.

Chapter 3. Fibre Channel Basics

In this chapter, you will learn about the following topics:

Overview of Fibre Channel technology Fibre Channel ports Fibre Channel topologies Fibre Channel layers Classes of service

The last decade has witnessed enormous advancement in the performance of computers, which has led to the popularization of bandwidth- and storage-intensive applications. The existing framework has been slow to keep up with the increasing demands related to performance and storage, which has resulted in the framework bogging down with restrictions in the areas of speed, distance, and device connectivity. For example, Small Computer System Interface (SCSI)one of the popular infrastructuresis limited to 80 Mbps of speed, up to 25 meters of bus length, and a maximum of 32 devices per bus. These restrictions are major bottlenecks for online trading and transactions. Over the years, Fibre Channel has emerged as an ideal solution for storing, retrieving, and transferring data between servers, storage devices, other network devices, and ultimately users. Despite the high-speed, high-performance, and reliable solution that Fibre Channel offers, it remains relatively inexpensive. Because of these advantages, Fibre Channel has been adopted as the native technology in storage area networks (SANs).

3A. Overview of Fibre Channel Technology

Fibre Channel is an integrated set of technology standards that was developed by the American National Standards Institute (ANSI) to overcome the limitations posed by the SCSI infrastructure. The main aim behind the Fibre Channel technology was the following:

Facilitate high-speed data transfers between servers, storage devices, and other network devices Provide a high-performance, yet inexpensive solution, which does not lead to skyrocketing implementation costs Provide a highly mature infrastructure that responds well to future growths and advancement Provide a generic solution that supports the heterogeneous environments seamlessly Reuse existing protocols and infrastructures

3B. Fibre Channel Ports

Located on a network device (or node), a port is a point of connection between a network device and the Fibre Channel cabling (link). The communication between two entities over Fibre Channel occurs through their respective ports. Fibre Channel supports five types of ports, which are categorized on the basis of their use. The various Fibre Channel ports are the following:

Node ports (N_Port) These ports are a part of Fibre Channel nodes and are used to connect Fibre Channel nodes to the Fabric (an interconnection of Fibre Channel switches). These ports can be attached only to other N_Ports and Fabric ports (F_Ports).

Loop ports (L_Port) Loop ports are basic ports used in the Fibre Channel-Arbitration Loop (FC-AL) topology and are a part of FC-AL nodes. These ports can be of two typesNL_Ports or FL_Ports. NL_Ports are a part of the Fibre Channel nodes and are used to connect a node to the FC-AL topology. These ports can be attached only to other NL_Ports and FL_Ports. FL_Ports are a part of the Fibre Channel switched Fabric and are used to connect the FC-AL loop to the Fibre Channel Fabric. Similar to F_Ports, these ports also act as the middlemen between the communicating ports. They can be attached only to other NL_Ports. NOTE For more information on FC-AL, refer to the next section Fibre Channel Topologies. The FC-AL topology is discussed in further detail inChapter 6, SAN Topologies.

Fabric ports (F_Port) These basic ports are a part of the Fibre Channel switched Fabric. These can act as neither the source nor destination ports during communication. They simply act as middlemen by facilitating communication between two entities. These ports can be attached only to other N_Ports.

Expansion ports (E_Port) These ports are a part of the Fibre Channel switched Fabric and are used to connect Fibre Channel switches to other Fibre Channel switches and routers. Similar to NL_Ports and FL_Ports, expansion ports also act as middlemen and facilitate communication between switches or routers involved in communication. They can be attached only to other E_Ports.

3C.

Fibre Channel Topologies

As discussed earlier, Fibre Channel is strongly based on network and channel technologies. Network technology is highly dependent on topology (that is, the physical layout of net-work devices). However, major network topologies, such as Ethernet, Token Ring, and FDDI are incompatible with each other because of the differences in their media access methods, frame length, clock speed, and so on. In contrast, the three topologies offered by Fibre Channel are highly flexible and compatible with each other. These topologies include point-to-point, FC-AL, and switched Fabric. Each of these is discussed in the following sections.

NOTE: Point-to-point, FC-AL, and switched Fabric are also discussed in Chapter 6.

3D. Fibre Channel Layers

Understanding the workings of a protocol is easier when it's broken down into layers. The International Standards Organization's (ISO's) seven-layer Open System Interconnect (OSI) model is one such example. Similarly, the Fibre Channel standard has been structured as a stack of five layers. These layers define the physical media, transmission rates, flow control, encoding-decoding method, framing scheme, common services, and upper-layer applications. However, similar to the other reference models, such as the Transmission Control Protocol/Internet Protocol (TCP/IP) model, Fibre Channel layers do not directly map to the OSI layers. As shown in Figure 3-8, the five Fibre Channel layersFC-0, FC-1, FC-2, FC-3, and FC-4are generally organized into two functional levels. These two functional levels are the Physical and signaling level and the Upper level.

3E. Classes of Service

Fibre Channel offers six communication strategies to ensure successful, efficient, and fast delivery of different types of traffic. These strategies are commonly known as classes of service. The six classes of service play a major role in communication, be it between two N_Ports or between an N_Port and the Fabric. For every port-to-port and port-to-Fabric communication, at least one class of service must be supported by the communicating entities and the corresponding Login protocols (N_Port Login or Fabric Login protocol). The six classes of service are Class 1, Class 2, Class 3, Class 4, Class 5, and Class 6. Each class of service is related to different aspects of communication, such as the following:

Chapter 4. Fibre Channel Products

In this chapter, you will learn about the following Fibre Channel products:

Host Bus Adapters Connectors Hubs Switches Bridges Routers Storage devices

With the growing popularity of storage area networks (SANs), Fibre Channel technology has emerged to the forefront as an effective means of solving storage-related problems that have plagued corporate networks all over the world. A wealth of Fibre Channel products are available, including Host Bus Adapters (HBAs), connectors, switches, hubs, gateways, and Fibre Channel-to-Small Computer System Interface (SCSI) bridges. Along with optical cables, Fibre Channel products enable network administrators and designers to develop solutions to storage problems related to performance, distance, backups and restoration, bandwidth, and security. For example, Fibre Channel switches play an important role in enhancing the performance of database servers by switching data queries and their results much faster. Similarly, switched Fibre Channel hubs provide high-speed access to disk arrays, tape libraries, and Just a Bunch of Disks (JBODs). To build a successful SAN that fulfills all or most of the requirements of a corporation, you must choose each device of a SAN with care and understanding. Understanding the purpose and the capabilities of each Fibre Channel device will help you make effective choices while designing a SAN. With the infiltration of SAN and Fibre Channel technology in corporate storage solutions, many vendors have jumped into the field of Fibre Channel devices. You need not restrict yourself to the Fibre Channel products offered by one single vendor. As a SAN designer, an intelligent mix and match of compatible products will help you to implement a cost-effective and high-performance storage solution.

4A. HBAs
Similar to network interface cards (NICs) that are used in traditional Ethernets, HBAs provide the physical interface between the input/output (I/O) host bus of Fibre Channel devices (such as servers and storage devices) and the underlying Fibre Channel network. In other words, HBAs connect Fibre Channel devices to Fibre Channel links. NOTE Popularly used I/O host buses include IBM's PCI-MCA, HP's HSC, and Sun's SBus. The term PCI-MCA is a combination of two termsPCI (Peripheral Component Interconnect) and MCA (Micro Channel Architecture). PCI-MCA is a 32-bit, high-speed interface between the processor of a computer and the attached peripheral devices and expansion cards. HP's High Speed Connect (HSC) is a high-speed proprietary interface that functions much like PCI. SBus is a 32-bit bus used in Sun's SPARC workstations. SBus facilitates the transactions between the processor and the attached peripheral devices. SBus can also help the processor in identifying the corresponding device drivers of the attached devices.

4B. Fibre Channel Connectors

Data transfer rates over the Fibre Channel infrastructure are measured in gigabits. As a result, the data transported over Fibre Channel links is sometimes referred to as gigabit transport. Fibre Channel connectors play an important role in facilitating the gigabit transport between two communicating

ends. The connectors provide an interface that converts any type of communication transport into gigabit transport. Four types of Fibre Channel connectors are used to interconnect Fibre Channel devices:

4C. Hubs
The FC-AL topology allows cost-effective connection of up to 126 devices without the need of an underlying Fabric. However, a daisy chain of devices connected to form a loop makes it difficult to troubleshoot the network. Adding or removing devices from the loop is a highly time-consuming exercise. Also, any cable break or power loss can lead to the temporary shut down of the entire loop and all the nodes attached to the loop until the problem is remedied. Fibre Channel hubs are used to effectively solve the problems that occur in the FC-AL topology. Analogous to the hubs used in traditional local-area networks (LANs), Fibre Channel hubs form the focal point of the FC-AL topology, as shown in Figure 4-9. As a result, network administrators can centrally monitor and manage the loop. The Port Bypass Circuitry (PBC) used in hubs allows devices to be dynamically added or removed from the loop while the loop is still functional. If a device is added or removed from the loop, these hubs can automatically reconfigure the loop.

4D. Switches
Fibre Channel switches are one of the most powerful components of a SAN. They are responsible for the efficient and high-speed switching of frames over a storage network. These switches are the basis of the switched Fabric topology, where the switches are interconnected to form the Fabric. The Fabric, in turn, can support numerous point-to-point connections, individual nodes, and arbitrated loops. Unlike Fibre Channel hubs that are generally used to implement the arbitrated loop topology and extend the effective distance of a loop, Fibre Channel switches offer enhanced and more complex functionality. As a part of the Fabric, Fibre Channel switches are responsible for the following:

4E. Bridges
Fibre Channel bridges allow the integration of legacy SCSI devices in a Fibre Channel network. By allowing the inclusion of expensive SCSI devices such as legacy SCSI disks and drives, SCSI tape subsystems, and optical CD and DVD devices in Fibre Channel storage networks, Fibre Channel bridges help in reducing the total cost of implementation of SANs. The biggest advantage of Fibre Channel bridges is the LAN-free backup and archiving that reduces traffic overhead from LANs by an average of 400500%.

10

Fibre Channel bridges provide the capability for Fibre Channel and SCSI interfaces to support both SCSI and Fibre Channel devices seamlessly. Therefore, they are often referred to as FC-SCSI routers.

4F. Routers
Fibre Channel routers enable the integration of IP-based hosts with Fibre Channel nodes. Thus, the use of Fibre Channel routers increases the reach of SANs by allowing access to remote storage devices over IP WANs through ATM, ISDN, and T1/T3 lines. Many vendors also offer routers that provide Fibre Channel to SCSI interconnectivity. In addition, the use of intelligent routers allows the implementation of firewalls that can play a very important role in preventing unauthorized access. Depending on the functionality provided, the cost of a Fibre Channel router can range anywhere from $7000 to $35,000. Many vendors offer a wide variety of Fibre Channel routers. These vendors include Cisco, IBM, HP, Gadzoox, and Brocade Communication, Inc. As in the field of network routers, Cisco is considered the leader in Fibre Channel routers. The following sections describe Cisco routers

4G. Storage Devices

High-performance and reliable storage infrastructure forms the basis of storage networks. SANs support a rich variety of storage devices that you can use to store large amounts of data and ensure the high-speed retrieval of data. The most commonly implemented Fibre Channel storage devices are the following: Disk arrays JBODs Tape libraries and subsystems Storage servers

Summary
Fibre Channel technology offers high-performance solutions that are a prerequisite of any SAN. In fact, most of the SANs that are built today are based on Fibre Channel devices. However, to build a successful SAN that fulfills all or most of the business requirements of a corporation, each device must be chosen with care and understanding. An intelligent mix and match of compatible products will help you as a SAN designer to build a cost-effective and high-performance storage solution.

11

Chapter 5. Fibre Channel Cabling

In this chapter, you will learn about the following:

Copper-based cabling Fiber-optic cabling

Cabling is the backbone of any network, including a storage area network (SAN). Similar to any other network, if cables in a storage network haven't been implemented properly, your network can fail to live up to its expectations, no matter how sophisticated or high the performance of your infrastructure or other SAN components is. You can use two types of Fibre Channel links in storage networkscopper-based and fiber-optic. You must understand the two types of media thoroughly to build a high-speed and high-performance SAN. In this chapter, you'll explore the two types of Fibre Channel media.

5A. Copper-Based Cabling

Copper has been one of the most popularly used media in normal networks. The main reasons behind its popularity are that it is inexpensive, easy to implement, and capable of supporting considerably high data transfer rates. Currently, copper-based cables are used to implement Gigabit Ethernet networks, where the average data transfer rate is 1 Gbps and higher. Because of their ability to support high data transfer rates, copper-based links are also used in storage networks. However, copper-based links do not enjoy the same popularity in SANs as fiber-optic links. NOTE You will learn about the reasons why fiber-optic links enjoy more popularity in storage networks as compared to copper-based links later in this chapter.

5B. Fiber-Optic Cabling

Copper-based cabling solutions were preferred in normal networks until a few years ago. However, due to the fast emergence of speed- and data-intensive transactions over local networks, intranets, and the Internet, fiber-optic has been replacing copper-based cables. In fact, fiber-optic cables have emerged as the undisputed choice in the field of Fibre Channel-based networks. To understand why fiber-optic cabling has replaced copper in the present scenario, you need to understand the basics of fiber-optic technology. A fiber-optic cable consists of a core, cladding, and a plastic encasement.

12

Copper-based cabling Fiber-optic cabling

Chapter 6. SAN Topologies

Point-to-point topology FC-AL topology Fibre Channel switched Fabric topology

A storage area network (SAN) is based on Fibre Channel technology. Therefore, the three SAN topologiespoint-to-point, Fibre Channel-Arbitrated Loop (FC-AL), and switched Fabricare the same as Fibre Channel topologies. Of these three, FC-AL and switched Fabric are implemented more commonly because they are cost-effective, high-performing, and scalable. Although the point-to-point topology offers the best performance of the three, it incurs high costs and, therefore, is used only in specialized cases. An effective mix of these three topologies can be implemented to meet the specific requirements and needs of a corporation.

6A. Point-to-Point Topology

The point-to-point topology is the simplest and the fastest of the three SAN topologies. In this topology, a Fibre Channel link connects two nodes, as shown in Figure 6-1. The maximum length of the link depends on the type of cabling you use. If the Fibre Channel link is copper-based, the maximum length of the link is barely 30 meters. However, the use of optical fiber cables can stretch the link beyond 100 kilometers.

13

6B. FC-AL Topology

Fashioned after the Token Ring topology used in a local-area network (LAN), FC-AL is a cost-effective method of connecting up to 126 nodes to a Fibre Channel link. All the connected nodes share the available bandwidth. Similar to the Token Ring topology, frames can travel only in one direction.

14

6C. Switched Fabric Topology

The term switched Fabric refers to an intelligent infrastructure that can efficiently switch bandwidthintensive data between communicating nodes and ports. Despite the fact that the switched Fabric topology allows an interconnection of 224 ports, each individual port that is connected to the Fabric is allocated 100 Mbps full-duplex, dedicated bandwidth. Each logical connection that is established using the Fabric actually helps in increasing the overall bandwidth of the switched Fabric network. This is because each connection is allocated a dedicated bandwidth. Therefore, overall network bandwidth is equal to the product of the average bandwidth used by one connection and the total number of current connections. In fact, the higher the number of connections at a given time, the greater the overall bandwidth of a switched Fabric SAN. Thus, where each new device that is connected to the arbitrated loops leads to the further reduction of shared bandwidth, addition of a new node or a port to the switched Fabric increases the overall bandwidth.

Summary
SANs are strongly based on Fibre Channel technology. The following list summarizes each technology:

Point-to-point topology This topology is the direct connection between two SAN devices. Because of the dedicated nature of physical connections, the point-to-point topology is the fastest, simplest, and easiest to implement and manage. However, the point-to-point topology is not commonly used to build an entire storage network because it is the costliest of the three.

FC-AL topology FC-AL is the most cost-effective topology of the three and can support up to 127 nodes and devices simultaneously. However, because the link bandwidth is shared among connected devices in this topology, its performance can degrade considerably if all 126 nodes are connected to it. Also, because of the shared nature of the loop, node loops need to arbitrate for loop control. After a node gains control of the loop, only one loop node can transmit data at a time. Therefore, this topology should be used in a SAN if the number of nodes is not high or transmissions are not time-sensitive. FC-AL supports two types of loops public loops and private loops. Private loops have no connection to the rest of the Fabric in the SAN. However, public loops are connected to the Fabric.

Switched Fabric topology This topology is the most high-performing and reliable topology of the three. Also, it is not as expensive as the point-to-point topology. This topology consists of an interconnection of Fibre Channel switches that can support a staggering 16 million Fibre Channel devices. The high point of this topology is that despite the addition of devices to the Fabric, the aggregate bandwidth of the topology increases because Fibre Channel switches that form the backbone of the switched Fabric topology are high-performing, non-blocking devices.

15

Chapter 7. Designing and Building a SAN

SAN design considerations Designing a SAN Constructing a SAN SAN best practices

The design and implementation of a storage area network (SAN) is a complex process. You need adequate expertise, manpower, and a sufficient budget to develop a storage network that not only will address the current storage demands, but also will meet any future requirements. A SAN must be stable, secure, high-performance, scalable, and extremely resilient. At the same time, a SAN must justify its cost.

7A. SAN Design Considerations

Although vendors offer standard solutions for the implementation of SANs, customized SAN designs are the norm. This is because custom designs allow organizations to tailor their storage networks according to their needs, requirements, and limitations..

Business requirements Performance Physical layout Data pooling Data availability Heterogeneity Storage requirement Connectivity Scalability Migration Security Manageability Resilience Routability

16

 Prevention of traffic congestion Backup and restore capability

7B.. Designing a SAN

After you evaluate the design considerations carefully, you can start designing your storage network. You might need to replace or upgrade the existing infrastructure or start from scratch. In either case, the SAN design phase consists of selecting an appropriate topology and selecting SAN components. The following sections discuss these two aspects of designing a SAN.

Selecting the Appropriate Topology

A well-planned topology helps an organization to meet its business and technical requirements efficiently and cost-effectively. The following decisions help you to arrive at the most appropriate topology for your organization's needs:

7C. Constructing a SAN

After you have thoroughly worked out the design requirements, designed the Fabric, and selected SAN components, you can start constructing your SAN. Before going ahead with the construction, you need to assemble the team that will implement the SAN. The team members must have the appropriate skills and extensive experience in the field of implementing complex and heterogeneous networks. Your team must have extensive knowledge of various operating systems and platforms, network and non-network applications, and databases. There should also be experts on the team who can handle the Fibre Channel cabling of the storage network.

7D. SAN Best Practices

Best practices help you to achieve better results. In the following sections, you examine some best practices that you can follow while designing and constructing a SAN. NOTE Although the practices discussed in this section are referred to as best practices, an organization's business and technical requirements dictate the implementation of its storage network. Every organization has its own set of business and technical requirements. Therefore, these practices need not be followed verbatim to achieve best practice results.

17

Chapter 8. Implementing SAN Security

General security guidelines Securing a SAN Securing business environments

The end user expects the storage system to provide speedy data transactions 24 hours a day, 7 days a week, and 365 days a year. So, the prime focus of storage networks is high performance and 24/7 data availability. In addition to these requirements, the data stored in a storage network is highly confidential and valuable. According to a recent study, compromise of this data or a security breach can cost a small organization tens of thousands of dollars. The fourth annual Information Security Survey by Information Week and Ernst & Young presented some more shocking statistics. According to this survey, more than 50 percent of 1300 IS executives surveyed across the U.S. and Canada indicated that they had suffered financial losses from security breaches and disaster recovery. Seventy percent were unable to calculate the loss they had to bear. More than 25 percent of medium-sized organizations estimated a loss of roughly $250,000. However, large organizations had to face losses of up to several million dollars. It is estimated that 90 percent of small businesses would go out of business in the case of a catastrophic event. These statistical figures reiterate the fact that security is not only important, but that it is another fundamental requirement of any storage area network (SAN). NOTE The Internet has grown at an unprecedented rate. Since its advent in 1969, the Internet has expanded from merely four interconnected hosts to more than 80,000,000 interconnected hosts that form the core of the Internetthe World Wide Web (WWW). The security threat has grown proportionately. As per the latest report by the Computer Emergency Response Team (CERT), 34,754 security incidents were reported within the first three quarters of 2000-2001. This figure is staggering and warns just how real the security threat is in our wired world, and how important it is to protect mission-critical data stored in SANs if they are going to be interconnected over the Internet! In this chapter, you will learn the basics of securing a storage network. You'll learn about the general guidelines that will help you secure a SAN. You'll also learn how to prevent SAN components and business transactions in divisional and enterprise environments from unauthorized access and hacking.

18

8A. General Security Guidelines

As mentioned earlier, security is one of the most neglected aspects of SANs. The common security issues are as follows:

Poor administration of the storage network. Lack of a comprehensive security policy. The security policy of a network contains directions on the management of user

NOTE :

accounts. This includes detailed information about user accounts, user privileges, data categories and the associated safeguards, and a list of legal and prohibited activities.

NOTE : Vulnerability analysis helps an organization to re-evaluate and locate loopholes in its
security policies.

8B. Securing a SAN

Security of a storage network can be implemented at two levelsthe hardware level and the software level. Security at the hardware level is implemented by ensuring the physical security of SAN components. Similarly, security at the software level is implemented with the help of various software applications that play a significant role in shielding data from security breaches and threats. These security breaches can be determined only in an after-the-fact method. Therefore, it is imperative that you maintain a running log file.

8C. Securing Business Environments

Depending on the size of the organization, the storage network can be small-to-medium or large in size. Small- and medium-sized storage networks generally use the divisional approach, whereas large networks spanning great distances are based on the enterprise approach. However, irrespective of the size of the SAN, both the environments need to be adequately secured. The following sections discuss both of these approaches.

Divisional Security
In the divisional approach, the SANlets are created on the basis of divisions in the organization, as compared to the enterprise approach where the storage network is not divided into various zones on the basis of divisions. Security in the divisional environment is not as big a concern as in the enterprise environment. This is because personnel in the same division share similar goals and generally work on the same set of projects or tasks. All the employees in the same division more or less must access the same storage systems. Therefore, the implementation of security measures and the management of data access is comparatively simpler. However, there is still a possibility of the following security threats:

19

Chapter 9. Problem Isolation and Management of SANs

Isolating and troubleshooting problems Managing SANs Disaster management

Problems are part of any network setup. A storage network is no exception. Despite choosing best-ofbreed components, applications, and management tools, there is no guarantee that everything will function ideally. The challenge is in handling any problem quickly so that long-term harm to the network is avoided. How quickly you detect, isolate, diagnose, and troubleshoot the problem so that no ongoing operations are disrupted is critical to the management of a storage network. If operations are disrupted, the disruption must be short-lived. Proper management can prove to be the most proactive method of avoiding a problem or disastrous situation. Management tools and applications allow you to control the network, monitor it, detect a problem before it reaches disastrous proportions, and provide assistance in troubleshooting the problem. Management tools and applications also play an important role in optimizing the performance of a storage network. In addition, many management tools can help you in planning, implementing, and configuring a storage area network (SAN). Isolating and troubleshooting problems is not an instinctive art. It is an ongoing education that you gain from each experience. In this chapter, you will learn the basic techniques that set the groundwork for isolating and troubleshooting any problem in a storage network. You will learn about the management of SANs to help you to maintain and support a stable storage network. In addition, you will learn about one of the most critical aspects of any networkdata backup and restoration. Proper data backup and restoration strategies help you recover data without potential corruption or loss, if you have to face network failure or data loss.

9A. Isolating and Troubleshooting Problems

Most of the problems that occur in a storage network can be generalized into three broad categories. These categories are the following:

Problems related to the physical connectivity of devices

20

Problems related to the access of storage devices Problems related to the upper-layer protocols

9B. Managing SANs

A SAN is a complex environment. Therefore, after a SAN has been designed and deployed, you need to manage it effectively to ensure its smooth functioning. Also, its effective management ensures that the heterogeneous devices that make up the SAN are integrated seamlessly and that the complexity of the storage network is simplified.

9C. Disaster Management

Data, especially business data, is one of the most valuable assets of any organization. Therefore, all necessary steps must be taken to ensure the safety of this data even in case of disastrous situations, such as storage crashes, virus attacks, and so on. Data backups done on a regular basis are one of the most effective measures of disaster recovery. Timely restoration of business data can prevent a business from prolonged standstill situations. Corporations are struggling not only to cope with huge amounts of data and full-time, on-demand access to data, but also with the complex infrastructure that supports this data. As a result, backups seem to have taken a backseat because network administrators are busy with protecting the networks and ensuring full-time, high-speed availability of data. In fact, many administrators feel that they cannot back up their data as regularly and as cost-effectively as they would prefer. Therefore, many have been forced to adopt makeshift strategies, such as cloning and data replication to ensure the safety of mission-critical data.

Summary:
Problems in a SAN can be categorized as the following: Problems related to the physical connectivity of devices Problems related to the access of storage devices Problems related to the upper-layer protocols

21

Chapter 10. iSCSI Technology

In this chapter, you will learn about the following:

The emergence of iSCSI technology iSCSI concepts iSCSI design considerations and security requirements

Since the advent of storage networks, Fibre Channel has been the mainstay of storage area networks (SANs). In fact, for most of us, Fibre Channel is synonymous with SANs. However, the unrivaled reign of Fibre Channel technology might not entirely be due to the fact that it provides high-performance solutions. Fibre Channel has never had to face any serious competition because of the significant lack of options in the field of SAN products. Fibre Channel has been, and still is, a market on its own. However, the Fibre Channel market is now facing a serious challenge for the first time in its history. A small group of SAN vendors have come up with a new standard called Internet Small Computer System Interface (iSCSI) that is creating waves in the SAN arena.

10A. The Emergence of iSCSI Technology

Although Fibre Channel products form the backbone of most of the SAN solutions that are being implemented today, Fibre Channel technology poses a few problems. These include high cost and difficulty of implementation, necessity of retraining staff or of hiring additional staff, incompatibility with other technologies, and relatively immature management tools. Each of these problems is examined in the following section.

Problems Faced by Fibre Channel Technology

Typical Fibre Channel products are implemented at an average cost of $1000 for each port. Until now, the Fibre Channel market has been virtually without competition. Therefore, the cost of per-port implementation is not estimated to go down in the near future. To some extent, the high cost of implementation has limited the popularity of SANs. This is because medium- and small-sized companies either cannot afford the staggering cost of Fibre Channel implementation or cannot be convinced about the viability of implementing expensive Fibre Channel solutions.

10B . iSCSI Concepts

iSCSI is an industry standard jointly proposed by a group of vendors led by IBM and Cisco along with HP, Quantum, Adaptec, Intel, and so on. Although the proposal is still in its draft stages, it is estimated that iSCSI's future will be much clearer by mid-2002.

22

iSCSI, which is often referred to as SCSI over IP networks, is a next generation SCSI standard. In other words, iSCSI derives its roots from SCSI. SCSI is one of the most popularly used interfaces (or protocols) to facilitate data movement on a storage network. To understand iSCSI, you will briefly review the concept of SCSI.

10C. iSCSI Design Considerations and Security Requirements

The iSCSI requirements and design considerations draft (draft-ietf-ips-iscsi-07.txt) presented by the IETF defines the most important requirements that should be fulfilled by the proposed iSCSI protocol, as shown in Table 10-1.

Table 10-1. iSCSI Requirements Definition Performance/cost Requirements MUST allow implementations to equal or improve the current state of SCSI interconnects MUST enable cost competitive implementations MUST have low host CPU uses, equal to or better than current technology MUST be possible to build I/O adapters that handle the entire SCSI task MUST provide for the full use of the available link bandwidth Flow control and synchronization MUST be able to support existing flow-control mechanisms MUST be able to synchronize the transaction between iSCSI and non-iSCSI devices Description To make iSCSI a viable and marketable solution, there should be a balance between the performance and the cost of implementation and the maintenance of iSCSI-based networks. Although reusing most of the existing IP-based infrastructure, it should be able to meet the basic requirements of high speed and high availability. Use of SNICs can help meet most of these requirements because these adapters handle protocolrelated processing, such as encapsulation, CRC checks, and so on, and therefore offload the burden of processing from the host CPU. The iSCSI protocol must incorporate additional information in PDU headers or data streams so that implementations can locate the boundaries of iSCSI PDUs within the TCP byte stream.

High bandwidth/bandwidth aggregation

MUST operate over a single To be able to compete with Fibre TCP connection Channel technology, which offers

23

Table 10-1. iSCSI Requirements Definition Requirements Description high-bandwidth solutions, iSCSI must be able to facilitate the full use of the available link bandwidth while minimizing the use of TCP connections. This is because if one session were to operate over multiple TCP connections, it would slow down the network considerably, especially during peak hours because other devices would have to wait for an availabile TCP connection. Also, it is important that iSCSI must not jeopardize the performance of simultaneous connections within the interconnect Fabric. Ease of implementation/complexity of protocol SHOULD keep the protocol simple MUST operate correctly when no optional features are negotiated and when individual option negotiations are unsuccessful For the protocol to be marketable, it should be simple to understand and easy to implement. This makes it simple for network administrators to diagnose problems. To diagnose faults and failures, the protocol must provide parameter negotiation during the Login phase. Also, its default parameters must be such that successful transactions can be handled if optional features were not negotiated during transaction. Data might be corrupted while in transit. Therefore, the iSCSI protocol must support data integrity check formats for the early detection of data corruption. Also, the iSCSI data corruption detection mechanism

Detection of data corruption MUST support a data integrity check format for use in digest generation

24

Table 10-1. iSCSI Requirements Definition Requirements Description must support other detection methods, such as checksum and Cyclic Redundancy Checks (CRCs). Recovery MUST specify mechanisms to recover in a timely fashion from failures on the initiator, target, or connecting infrastructure SHOULD take into account fail-over schemes for mirrored targets or highly available storage configurations SHOULD provide a method for sessions to be gracefully terminated and restarted by either the initiator or target Internet infrastructure MUST be compatible with both IPv4 and IPv6 Because it operates over IPbased infrastructures, ISCSI must be compatible with the MUST use TCP connections current version of IPIPv4. IPv6 conservatively, keeping in is likely to take over from IPv4 in mind that there might be the near future. Therefore, iSCSI many other users of TCP technology should be worked out in such a manner that no major on a given machine issues related to infrastructure MUST NOT require changes arise during the transition from to the existing Internet IPv4 to IPv6. protocols SHOULD minimize required changes to existing TCP/IP implementation. Interoperability iSCSI protocol document MUST be clear and Incompatibility with contemporary network In case of network failures, iSCSI should support recovery mechanisms. Also, it should support failover strategies that ensure the availability of data, even if the primary source is down.

25

Table 10-1. iSCSI Requirements Definition Requirements unambiguous Description technologies has forced the industry to look for other solutions. The iSCSI protocol must be simple and unambiguous so that it can be seamlessly integrated with other popular networking technologies, such as the Internet, SCSI, and Fibre Channel.

Extensible security

SHOULD require minimal Because iSCSI stresses data configuration and overhead transfers over insecure media, in an insecure operation such as the Internet, extensible security measures, such as SHOULD provide for strong strong authentication, should be authentication when implemented in case of iSCSI increased security is data exchanges to ensure required integrity and confidentiality of the data being transmitted over SHOULD allow integration the iSCSI infrastructure. At the of new security same time, these measures mechanisms without should also be compatible with breaking backward existing security mechanisms compatible operations and must not require major reconfiguration. MUST support private authenticated login CAN support various levels of authentication security iSCSI authenticated login MUST be resilient against passive attacks. To ensure secure transactions over insecure media, iSCSI must support strong authentication mechanisms.

Authentication

SCSI

SHOULD track changes to SCSI and the SCSI architecture model MUST reliably transport

Because it is the nextgeneration, SCSI-based technology, iSCSI must be able to accommodate future changes

26

Table 10-1. iSCSI Requirements Definition Requirements SCSI commands from the initiator to the target MUST correctly deal with iSCSI packet drops, duplication, correction, stale packets, and reordering Data integrity SHOULD NOT preclude the use of additional data integrity protection protocols (for example, IPSec and TLS) SHOULD be manageable by using standard IP-based management protocols (for example, SNMP, RMI, and so on) In addition to strong authentication, additional security measures will only improve the reliability of iSCSIbased transactions. Because iSCSI transactions are carried over the IP-based infrastructure, the iSCSI protocol must be manageable by using the standard IP-based management protocols. For this, iSCSI specifications must ensure that the iSCSI resources are uniquely identifiable, and also can be located by using IP-based standard resource location methods, such as DNS. The iSCSI naming scheme must be human-readable and compatible with both IP and Fibre Channel. This ensures the smooth discovery of iSCSI devices regardless of the interface. Description in the existing SCSI model.

Management

Naming

The means by which an iSCSI resource is located MUST use or extend existing Internet standard resource location methods. MUST provide a means of identifying iSCSI targets by a unique identifier that is independent of the path on which it is found An iSCSI name should be a

27

Table 10-1. iSCSI Requirements Definition Requirements human-readable string in an international character set encoding Standard Internet lookup services SHOULD be used to resolve iSCSI names. Discovery MUST have no impact on the current IP network discovery techniques The iSCSI specification must ensure that iSCSI devices and services can be discovered by standard discovery methods, such as DNS, which are used in IP-based networks. The iSCSI protocol specifications must be able to protect the storage network from unauthorized and malicious attacks without hampering the security of the entire network. For this, the iSCSI implementation must be able to seamlessly support Network Address Translators (NATs), proxy servers, and firewalls without disturbing the existing network setup. As an added security mechanism, iSCSI should be able to seamlessly support the current breed of network security devices, such as firewalls, proxy servers, and NATs. Description

Internet accessibility

SHOULD be scrutinized for denial of service issues and the issues should be addressed

Firewalls and proxy servers

SHOULD allow deployment where functional and optimizing middle-boxes such as firewalls, proxy servers, and NATs are present Use of IP addresses and TCP ports SHOULD be firewall friendly.

Congestion control and transport selection

MUST be a good network During peak hours, iSCSI must citizen with TCP-compatible be able to handle transport layer

28

Table 10-1. iSCSI Requirements Definition Requirements congestion control (as defined in RFC 2309) iSCSI implementations MUST NOT use multiple connections as a means to avoid transport layer congestion control. Description network conges-tions so that situations leading to traffic congestions do not occur or their after-effect is minimized if congestion does occur.

Chapter 11. Future of SANs

The need for change SAN technology developments Non-SAN technologies

Storage networking is a powerful technology and its potential is staggering. As companies and organizations all over the world struggle with huge amounts of mission-critical data, the storage area network (SAN) has emerged as an extremely reliable solution. SANs offer a high-performance means of ensuring that data is always available, which has brought a new lease on life to e-commerce and online businesses. However, a few hurdles still remain. SANs are a costly venture, and the in-depth, technical know-how necessary to implement SANs is scarce. The emergence of other storage technologies, such as Internet Small Computer System Interface (iSCSI), Internet Protocol (IP), and Storage over Internet Protocol (SoIP) have further challenged the coveted position of SANs in the field of storage technology. You learn about the need for change in the present storage scenario. You learn about various SAN technology developments, such as optical storage networking (OSN), IP SANs, and the emergence of storage service providers. These developments address several issues and problems faced in traditional SANs. Finally, you learn about technology developments other than SANs, including SoIP, Network Data Management Protocol (NDMP), virtual interface (VI) architecture, Direct Access File System (DAFS), and InfiniBand. Some of these, such as SoIP, are rival technologies, whereas others, such as NDMP, DAFS, VI, and InfiniBand, when augmented with the existing SAN technology, enhance the performance, reach, and popularity of SANs.

11A. The Need for Change

SAN technology has, slowly but surely, gained acceptance in the networking industry. In fact, many experts vouch for its high-speed transactions, adaptability to future growth, reliability, high availability of data, and faultless performance. However, SANs are entirely dependent on the Fibre Channel technology, which can pose a few problems that are propelling vendors and customers to look into

29

other alternatives. The major reasons for this heightened interest for other alternatives include the following:

Fibre Channel's high cost of implementation The difficulty of Fibre Channel's implementation A lack of expertise and technical know-how The necessity for retraining staff or for hiring additional staff Incompatibility with other popular technologies (such as TCP/IP) Inability to support long-distance data transfers A lack of mature management tools

11B. SAN Technology Development

Similar to other technologies, many advancements have been made in the arena of storage networks. Several organizations are actively involved in extending the capabilities of SANs and the reach of Fibre Channel technology. Technologies are being developed to incorporate multicasting, virtual circuits, and enhance upper-layer protocol support. In addition, present-day SAN technology is gearing up to accommodate the increasing future requirements of bandwidth, security, and scalability.

11C. Non-SAN Technologies

As a result of varying customer demands and diverse networking environments, a lot of development work is being carried out in the field of storage networks. Many of these developments complement the existing SAN technology. A few developments, however, display the potential to develop into fullfledged storage solutions in the near future. All these developments, along with the existing SAN solutions, provide the customer with a wide range of choices according to their individual requirements.

30

31