MANAGING THE SWITCHED SAN.
Early storage area networks have been less than robust, often comprised of a few disk drives, a server, and maybe a hub. As SAN implementations mature, they will likely consist of one or more switches connecting servers, disk drives, and, eventually, tape drives. These configurations will demand the management features of a switch.
User Access-Taking Control Of The SAN
One way to protect a SAN configuration is to limit access to the management console. With a SAN switch management system, access can be granted or denied to different types of users. For example, users requiring full authority on a switch can be given super user privileges by being added to a super user group. Those requiring authority to be able to only bring ports or loops on and offline can be added to an administrator group. Finally, anyone needing to view a switch configuration, zoning, or the name server can be added to a view group with no privileges to make changes to the switch configuration.
Multiple Fabric Control-A Graphical Look At The SAN
With switch management software, users are able to view multiple SAN fabrics from a single management console. The management system queries the network looking for switches, automatically drawing a picture on the screen of everything it finds. Each discovered SAN can, then, be named, for example "Engineering SAN," and its IP address and world wide name displayed. A departmental contact can also be added and queried by an administrator for notification when there is a problem or change to be made. The user can modify the actual placement of switches on the screen to reflect the true logical arrangement of SANs.
Through the use of a switch name server as specified in the Fibre Channel ANSI standard, a switch enables automatic registration of all devices on every port and every loop within the entire fabric. Administrators can see proof that a device is logged in, discover what is attached to each port and loop, verify world wide names, Fibre Channel addresses, as well as other useful information. Fibre Channel standards committees are being petitioned to have even more information added to the name server information in order to identify devices by their actual name and location, resulting in a very helpful name such as "bldg_6_floor_5_rack2."
Zoning--Securing And Separating Data
A very powerful security feature of a switched fabric is the ability to segregate switch ports into self-contained zones. One of a SAN's major benefits, the ability of all servers to connect to all storage and tape devices, can also present a security problem. A corporation may not want all its servers to have access to certain data such as payroll or, in order to simplify administration, it might be advantageous to segregate departments or functional data. There are two methods of setting up separate fabrics or "zoning" switches. Both are done via the graphical management console.
Hardware Zoning: This type of zoning segregates physical switches or sections of a switch via circuitry. Zoning by this method is secure because data cannot be changed via software or user manipulation.
Software Zoning: Software zoning is a flexible method of separating data and servers into specific areas. Software zoning can be performed via name server entries, world wide names, or by device logical addresses. Unlike hardware zoning, administrators have maximum flexibility to zone per port and across switch boundaries independent of the switch's internal architecture.
Traffic-Type Zoning: Finally, switch management methods enable zones to segregate traffic by type. For example, zones can be set up that divert all IP broadcast traffic away from certain ports.
Control Over Each Individual Port On A Switch
When setting up and administering a SAN, one of the most powerful switch management features available is the ability to look at exactly what is happening on each switch port. This management feature allows an administrator the ability to "look down the pipe" at all the devices attached, whether singly or on a loop. Information, which can be gleaned, includes:
* Port type - Fabric (F), Fabric Loop (FL), or switch to switch, (E)
* Login Status - Online, offline, or logged in
* Fibre Channel version
* World Wide Name and Loop Address
The login status is particularly important for debugging.
Loop Control--The Power To See Behind Each Port
Some switch management schemes offer the added benefit of seeing and controlling each device on every loop attached to the fabric. IS managers can reset a loop, disable or bypass a device on a loop, and re-initialize a loop. This ability is helpful in problem isolation.
Within a switch, there are systems that detect errors, isolate failed devices on a loop, and bypass failing or failed devices. This error management system provides the ability to monitor CRC, parity, and encoding errors. When a number of errors has occurred during a set time period, a trap occurs. A trap can be set to generate an alarm or take other action. Once the error management system determines an error is occurring, it sends out "echo" frames to each loop device. The management system, then; analyzes all returned frames to verify the interfaces. The results of the test can be useful in determining which device on a loop is failing or has failed. The management system can, then, automatically bypass that device or notify the operator as to which device needs replacing.
Although early in implementation, switched SANs contain management features to control accessibility, configure, and troubleshoot the network. While all of the features that deliver on the promise of the SAN are not still being developed, IS managers can be assured that switch designers are laying the foundation for SAN management.
Larry Olson is the senior system engineer of Ancor Communications, Inc. (Eden Prairie, MN).
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Technology Information|
|Publication:||Computer Technology Review|
|Date:||Jan 1, 2000|
|Previous Article:||Understanding Online Archiving.|
|Next Article:||ASK THE SCSI EXPERT.|