New routing strategies help storage area networks grow up.IT storage administrators face growing pressure to control costs and increase capabilities of storage area networks (SANs). As SANs become more complex and more tightly integrated with network applications and other SANs, organizations seek ways to consolidate multiple SAN "islands" into a more cost-effective architecture. But how can a technology designed to operate in isolation be adapted into a scalable, integrated system? How can SANs be opened up to allow more consolidation and flexibility while still maintaining the tight security and high availability Also called "RAS" (reliability, availability, serviceability) or "fault resilient," it refers to a multiprocessing system that can quickly recover from a failure. There may be a minute or two of downtime while one system switches over to another, but processing will continue. of a closed, isolated network? New SAN routing technologies can provide the answers. Emerging strategies for fabric virtualization An umbrella term for enhancing a computer's ability to do work. Following are the ways virtualization is used. Hardware Virtualization Partitioning the computer's memory into separate and isolated "virtual machines" simulates multiple machines within one physical computer. , virtual fabric trunking and interfabric routing can lead to more scalable and cost-effective SANs while preserving the essential security and availability of traditional SAN architectures. The Trouble with Traditional SANs To understand why SAN technology is changing, it is important to recognize how it evolved. Unlike Internet Protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. (IP)-based local-area networks Local-area networks Computer networks that usually cover a limited range, say, within the boundary of a building. A computer network is two or more computers that communicate with each other through some medium. (LANs), SANs--and the Fibre Channel transport on which they're built--are designed primarily around the concept of ensuring availability. To provide maximum control and reliability, storage administrators historically built SANs as completely isolated networks, in which each application or user group had its own physical SAN fabric. There were good reasons for taking this approach. As some storage administrators learned the hard way, when an organization uses a single multiswitch fabric for multiple SAN applications, any disruption in one part of the fabric can impair the entire network. For example, in a multisite SAN, a configuration problem at a secondary disaster recovery location can actually render the production site inoperable inoperable /in·op·er·a·ble/ (in-op´er-ah-b'l) not susceptible to treatment by surgery. in·op·er·a·ble adj. Unsuitable for a surgical procedure. as well. Storage administrators also believed that by keeping SANs isolated, they could more closely manage and monitor each fabric. New demands on storage networks are pushing the limits of these traditional architectures. As business applications, user groups and locations become more tightly integrated, SAN islands no longer reflect the ways these networks are actually used. For example, a storage array originally deployed for a single application at one site may now need to support several applications and remote offices. Without some means of limited interfabric communication, organizations may have to duplicate storage arrays and switches--at substantial cost. Port and connectivity costs have also become a serious concern. Despite the fact that most SAN islands connect only a small number of end points, many SAN switches offer 16 or 32 ports. This means organizations pay a premium for ports that go unused. Also, maintaining segregated SAN islands between remote sites has traditionally meant maintaining multiple site-to-site connections--and paying recurring fees for each link, regardless of the actual bandwidth it uses. And when separate data protection solutions (backup, restore and disaster recovery) are also duplicated on each SAN fabric, the overall costs are that much greater. As these issues come to the forefront, storage administrators face growing pressure to make SANs more "LAN-like" while somehow preserving their fundamental advantages of security and availability. Enter virtual fabric technologies. Fabric Virtualization IT administrators have used virtual LANs (VLANs) for years to segment a common physical IP network into multiple logical networks. More recently, this model has been applied in the SAN realm in the form of virtual SANs (VSANs). Instead of relying on separate physical SAN fabrics for different applications or user groups, storage administrators can segment a single common fabric into multiple, logically isolated fabrics. Developed by Cisco Systems “Cisco” redirects here. For other uses, see Cisco (disambiguation). Cisco System,Inc. (NASDAQ: CSCO, HKSE: 4333 ) is an American multinational corporation with 54,000 employees and annual revenue of US $28.48 billion as of 2006. in 2002, VSANs are now accepted and standardized by the ANSI (American National Standards Institute, New York, www.ansi.org) A membership organization founded in 1918 that coordinates the development of U.S. voluntary national standards in both the private and public sectors. It is the U.S. member body to ISO and IEC. T11 Fibre Channel group. The ability to logically segment a common physical infrastructure offers several advantages, not least of which is that the benefits of traditional SAN architectures are preserved. With logically separated SAN fabrics, a disruption in one virtual fabric remains isolated to that fabric. A configuration error, for example, only affects the VSAN VSAN Virtual Storage Area Network (Cisco) VSAN Virtual San on which it occurs, even though other VSANs share the same physical infrastructure. Different VSANs can still use different transport technologies and operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. . Administrators can still apply statistical analysis, troubleshooting and security and encryption services on a perfabric (per-VSAN) basis. However, using VSANs, storage administrators no longer need separate pairs of switches for each SAN connection. Instead, they can use common SAN switching infrastructure to support multiple fabrics, use all the available ports on each switch and provision services with the exact number of ports required. In short, VSANs allow administrators to support more fabrics with less hardware, reducing the total cost of the network. [FIGURE 1 OMITTED] Fabric virtualization also simplifies SAN administration. New fabrics can be created through a simple configuration change instead of by physically adding or removing equipment, with the attendant costs and risks of disruption. With most VSAN implementations, administrators can provision virtual fabrics through a centralized Web-based interface and grow and shrink virtual fabrics dynamically, as needed as needed prn. See prn order. . VSAN technology can even be used to streamline the introduction of new SAN services. For example, administrators can create VSANs to serve as isolated staging areas for new fabrics before fully deploying them into production. Virtual Fabric Trunking Fabric virtualization isn't only about breaking a common physical fabric apart. With VSAN trunking strategies, storage administrators can also consolidate previously separated physical inter-switch links (ISLs) over a single shared connection or set of connections. For example, if a data center has three traditional SAN switches supporting five VSANs, that implementation requires three ISLs for each VSAN, or 15 total links. With virtual fabric trunking, each switch can share a single connection, consolidating all five VSANs over three physical links. However, the real savings of VSAN trunking is realized in site-to-site connections. Imagine a business wide-area network (WAN) with a primary data center and a secondary location in another city. The business uses three SANs--one to support real-time data Real-time data denotes information that is delivered immediately after collection. There is no delay in the timeliness of the information provided. Some uses of this term confuse it with the term dynamic data. replication for a disaster recovery system, one to support data backup to a tape library at the secondary site each evening and one to support intermittent host-to-remote-disk services. With traditional SAN architectures, the business maintains separate site-to-site connections for each service and is charged as if all three links carried traffic 24 hours a day, even though the tape backup Using magnetic tape for storing duplicate copies of hard disk files. Users can add an internal or external tape drive to their desktop computers for backup purposes, and files are typically copied to the tapes using a backup utility that updates on a periodic schedule. and host-to-remote-disk connections are used only intermittently. With VSAN trunking, the three separate site-to-site links can use a single shared connection with a single monthly fee. See Figure 1. Each virtual fabric link still operates independently and can even support different transport services The collective functions of layers 1 through 4 of the OSI model. . And, just as in an IP WAN, the organization can apply quality-of-service (QoS) techniques to prioritize data traffic for each fabric and more efficiently utilize the shared resource Sharing a peripheral device (disk, printer, etc.) among several users. For example, a file server and laser printer in a LAN are shared resources. Contrast with shared logic. . Virtual Fabric Routing The final piece of the fabric virtualization puzzle is interfabric routing, which Cisco calls inter-VSAN routing, or IVR (Interactive Voice Response) An automated telephone information system that speaks to the caller with a combination of fixed voice menus and data extracted from databases in real time. . IVR provides limited cross-fabric connectivity, allowing storage administrators to route specified services or share designated endpoints among SANs, without merging the fabrics. Basically, IVR brings "Layer 3 switching" intelligence to the SAN realm--an essential prerequisite for SAN implementations that share common resources among multiple fabrics, user groups and locations. See figure 2. [FIGURE 2 OMITTED] With IVR, logically isolated VSAN fabrics can share a common, centralized tape library or disk array without exposing one fabric to potential problems in a neighboring fabric. IVR also binds together a complex array of different SAN technologies into a manageable enterprise system (for example, in an organization integrating SAN fabrics from several vendors after an acquisition). IVR services can operate independent of switch vendors, operating systems, or transport technologies. More sophisticated IVR services even include network address translation (NAT (Network Address Translation) An IETF standard that allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network. ), so storage administrators can selectively link SAN islands without worrying about overlapping domain addresses in each fabric. Securing the SAN As organizations integrate previously isolated SAN architectures and expand storage services outside the traditional "locked-down" data center, the need for strong SAN security becomes more acute. With VLAN See virtual LAN. VLAN - Virtual Local Area Network strategies, organizations can continue to rely on the proven security solutions they have used for years in both SAN and LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. environments. Virtual fabrics support the same fabric, switch and ISL ISL - Interface Specification Language. Xerox PARC. Interface description language used by the ILU (Inter-Language Unification) system. Includes descriptions of multiple inheritance, exceptions and garbage collection. E-mail: Bill Janssen <janssen@parc.xerox.com>. authentication and encryption services as physically isolated SAN fabrics. Newer SAN solutions can offer even more sophisticated security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the , such as role-based access control The identification, authentication and authorization of individuals based on their job titles within an organization. Contrast with mandatory access control and discretionary access control. See least privilege. . For example, a SAN administrator can have read-only access for an organization's online transaction processing See transaction processing and OLCP. (OLTP (OnLine Transaction Processing) See transaction processing and OLCP. OLTP - On-Line Transaction Processing ) VSAN, but read-write access for the data warehousing VSAN. The new SAN solutions also provide full support for RADIUS and TACACS (Terminal Access Controller Access Control System) An access control protocol used to authenticate a user logging into the network. TACACS is a simple username/password system. + authentication and authorization services, allowing administrators to easily incorporate SANs into overarching network security solutions and centralize security management for the entire network. Making the Leap to the Modern SAN While storage administrators have had good reasons for provisioning SANs as isolated islands, more and more businesses agree that it's time for SANs to grow up--to become more scalable, flexible, cost-effective systems. Today, there are several methods for providing fabric virtualization and virtual fabric routing. Some strategies incorporate physical solutions (such as partitioning line cards or deploying dedicated appliances) to perform VSAN routing and trunking services. Others integrate SAN virtualization, routing and trunking capabilities within the fabric itself to provide an extremely granular, streamlined solution. Whichever approach storage administrators choose, they can expect that as businesses grow and evolve, VSAN strategies will become an essential component of any SAN architecture. Lincoln Dale is a technical marketing engineer for the storage technology group at Cisco Systems, Inc., San Jose, CA www.cisco.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion