MANAGING THE SWITCHED SAN.New switch features improve vision of entire fabric Early storage area networks have been less than robust, often comprised of a few disk drives, a server, and maybe a hub. As SAN implementations mature, they will likely consist of one or more switches connecting servers, disk drives, and, eventually, tape drives. These configurations will demand the management features of a switch. User Access-Taking Control Of The SAN One way to protect a SAN configuration is to limit access to the management console A terminal or workstation used to monitor and control a network. See Microsoft Management Console. . With a SAN switch management system, access can be granted or denied to different types of users. For example, users requiring full authority on a switch can be given super user privileges See user permissions. by being added to a super user group. Those requiring authority to be able to only bring ports or loops on and offline can be added to an administrator group. Finally, anyone needing to view a switch configuration, zoning, or the name server can be added to a view group with no privileges to make changes to the switch configuration. Multiple Fabric Control-A Graphical Look At The SAN With switch management software, users are able to view multiple SAN fabrics from a single management console. The management system queries the network looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. switches, automatically drawing a picture on the screen of everything it finds. Each discovered SAN can, then, be named, for example "Engineering SAN," and its IP address and world wide name displayed. A departmental contact can also be added and queried by an administrator for notification when there is a problem or change to be made. The user can modify the actual placement of switches on the screen to reflect the true logical arrangement of SANs. Name Server Through the use of a switch name server as specified in the Fibre Channel ANSI (American National Standards Institute, New York, www.ansi.org) A membership organization founded in 1918 that coordinates the development of U.S. voluntary national standards in both the private and public sectors. It is the U.S. member body to ISO and IEC. standard, a switch enables automatic registration of all devices on every port and every loop within the entire fabric. Administrators can see proof that a device is logged in, discover what is attached to each port and loop, verify world wide names, Fibre Channel addresses, as well as other useful information. Fibre Channel standards Fibre Channel 2005
Zoning--Securing And Separating Data A very powerful security feature of a switched fabric is the ability to segregate seg·re·gate v. seg·re·gat·ed, seg·re·gat·ing, seg·re·gates v.tr. 1. To separate or isolate from others or from a main body or group. See Synonyms at isolate. 2. switch ports into self-contained zones. One of a SAN's major benefits, the ability of all servers to connect to all storage and tape devices, can also present a security problem. A corporation may not want all its servers to have access to certain data such as payroll or, in order to simplify administration, it might be advantageous to segregate departments or functional data. There are two methods of setting up separate fabrics or "zoning" switches. Both are done via the graphical management console. Hardware Zoning: This type of zoning segregates physical switches or sections of a switch via circuitry. Zoning by this method is secure because data cannot be changed via software or user manipulation. Software Zoning: Software zoning is a flexible method of separating data and servers into specific areas. Software zoning can be performed via name server entries, world wide names, or by device logical addresses. Unlike hardware zoning, administrators have maximum flexibility to zone per port and across switch boundaries independent of the switch's internal architecture. Traffic-Type Zoning: Finally, switch management methods enable zones to segregate traffic by type. For example, zones can be set up that divert di·vert v. di·vert·ed, di·vert·ing, di·verts v.tr. 1. To turn aside from a course or direction: Traffic was diverted around the scene of the accident. 2. all IP broadcast traffic away from certain ports. Control Over Each Individual Port On A Switch When setting up and administering a SAN, one of the most powerful switch management features available is the ability to look at exactly what is happening on each switch port. This management feature allows an administrator the ability to "look down the pipe" at all the devices attached, whether singly or on a loop. Information, which can be gleaned, includes: * Port type - Fabric (F), Fabric Loop (FL), or switch to switch, (E) * Login Signing in and gaining access to a network server, Web server or other computer system. The process (the noun) is a "login" or "logon," while the act of doing it (the verb) is to "log in" or to "log on. Status - Online, offline, or logged in * Fibre Channel version * World Wide Name and Loop Address The login status is particularly important for debugging (programming) debugging - The process of attempting to determine the cause of the symptoms of malfunctions in a program or other system. These symptoms may be detected during testing or use by real users. . Loop Control--The Power To See Behind Each Port Some switch management schemes offer the added benefit of seeing and controlling each device on every loop attached to the fabric. IS managers can reset a loop, disable To turn off; deactivate. See disabled. or bypass a device on a loop, and re-initialize a loop. This ability is helpful in problem isolation. Error Management Within a switch, there are systems that detect errors, isolate failed devices on a loop, and bypass failing or failed devices. This error management system provides the ability to monitor CRC (Cyclical Redundancy Checking) An error checking technique used to ensure the accuracy of transmitting digital data. The transmitted messages are divided into predetermined lengths which, used as dividends, are divided by a fixed divisor. , parity, and encoding See encode. errors. When a number of errors has occurred during a set time period, a trap occurs. A trap can be set to generate an alarm or take other action. Once the error management system determines an error is occurring, it sends out "echo" frames to each loop device. The management system, then; analyzes all returned frames to verify the interfaces. The results of the test can be useful in determining which device on a loop is failing or has failed. The management system can, then, automatically bypass that device or notify the operator as to which device needs replacing. Although early in implementation, switched SANs contain management features to control accessibility, configure See configuration. (software) configure - A program by Richard Stallman to discover properties of the current platform and to set up make to compile and install gcc. Cygnus configure was a similar system developed by K. , and troubleshoot To find out why something does not work and to fix the problem. Troubleshooting a computer often requires determining whether the problem is due to malfunctioning hardware or buggy or out-of-date software. See debug. the network. While all of the features that deliver on the promise of the SAN are not still being developed, IS managers can be assured that switch designers are laying the foundation for SAN management. Larry Olson is the senior system engineer of Ancor Communications, Inc. (Eden Prairie Eden Prairie A city of eastern Minnesota, a residential suburb of Minneapolis. Population: 57,300. , MN). |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion