Beruflich Dokumente
Kultur Dokumente
components: Central processing unit (CPU), Storage (such as internal memory and disk devices) and nput!"utput ( !") devices !" devices ena#le sending and receiving data to and from a host$ Communication #et%een various devices takes place in the follo%ing %ay: User to host communications: &andled #y #asic !" devices, such as the key#oard, mouse, and 'onitor$ (hese devices ena#le users to enter data and vie% the results of operations$ Host to host communications: )na#led using devices such as a *et%ork nterface Card (* C) or modem$ Host to storage device communications: &andled #y a &ost +us Adaptor (&+A) &+A is an Application,specific integrated circuit (AS C) #oard that performs !" interface functions #et%een the host and the storage, relieving the CPU from additional !" processing %orkload$ &+As also provide connectivity outlets kno%n as ports to connect the host to the storage device$ A host may have multiple &+As$ -ollo%ing are the logical components of a host: Application , nterface #et%een user and the host Operating system , .esides #et%een the applications and the hard%are File system , -ile is a collection of related records or data stored as a unit , -ile system is hierarchical structure of files Volume manager , A /olume 0roup is created #y grouping together one or more Physical /olumes$ evice drivers , )na#les operating system to recogni1e the device Types of servers n a general net%ork environment the follo%ing types of servers may #e found$ Application server, a server dedicated to running certain soft%are applications Catalog server, a central search point for information across a distri#uted net%ork Communications server, carrier,grade computing platform for communications net%orks 2ata#ase server, provides data#ase services to other computer programs or computers -a3 server, provides fa3 services for clients -ile server, provides file services 0ame server, a server that video game clients connect to in order to play online together &ome server, a server for the home *ame server or 2*S server Print server, provides printer services
Pro3y server, acts as an intermediary for requests from clients seeking resources from other servers Sound server, provides multimedia #roadcasting, streaming$ Standalone server, an emulator for client4server (%e#,#ased) programs 5e# server, a server that &((P clients connect to in order to send commands and receive responses along %ith data contents Almost the entire structure of the nternet is #ased upon a client4server model$ &igh, level root name servers, 2*S servers, and routers direct the traffic on the internet$ (here are millions of servers connected to the nternet, running continuously throughout the %orld$ 5orld 5ide 5e# 2omain *ame System ),mail -(P file transfer Chat and instant messaging /oice communication Streaming audio and video "nline gaming 2ata#ase servers /irtually every action taken #y an ordinary nternet user requires one or more interactions %ith one or more servers$ (here are also technologies that operate on an inter,server level$ "ther services do not use dedicated servers6 for e3ample peer,to,peer file sharing, some implementations of telephony (e$g$ Skype), and supplying television programs to several users (e$g$ 7ontiki, Sling+o3)$
$+%: *peripheral +omponent %nterconnect- 4 provides the interconnection #et%een the CPU and attached devices such as mouse, printer, key#oard, etc$ % E: *%ntegrated evice Electronics- 4 (he term Integrated Drive Electronics refers not 8ust to the connector and interface definition, #ut also to the fact that the drive controller is integrated into the drive, as opposed to a separate controller on or connected to the mother#oard$ A"A: *Advanced "echnology Attachment- 4 A(A, is an interface standard for the connection of storage devices such as hard disks, solid,state drives, floppy drives, and optical disc drives in computers$ S+S%: *Small +omputer System %nter.ace- 4 is a set of standards for physically connecting and transferring data #et%een computers and peripheral devices$ $A"A: *$arallel Advanced "echnology Attachment- 4 Parallel A(A (PA(A), originally A(A, is an interface standard for the connection of storage devices such as hard disks, solid,state drives, floppy drives, and optical disc drives in computers SA"A: *Serial Advanced "echnology Attachment- 4 is a computer #us interface for connecting host #us adapters to mass storage devices such as hard disk drives and
optical drives$ Serial A(A %as designed to replace the older A(A (A( Attachment) standard (also kno%n as ) 2)), offering several advantages over the older parallel A(A (PA(A) interface: SAS: *Serial Attached Small +omputer System %nter.ace- 4 is a computer #us used to move data to and from computer storage devices such as hard drives and tape drives$ %S+S%: *%nternet Small +omputer System %nter.ace- 4 P #ased protocol used to connect host and storage /agnetic "ape 4 9o% cost solution for long term data storage 4 9imitations Sequential data access, Single application access at a time, Physical %ear and tear and Storage!retrieval overheads Optical is0s 4 Popularly used as distri#ution medium in small, single,user computing environments 4 5rite once and read many (5".'): C2,."', 2/2,."' 4 9imited in capacity and speed is0 rive 4 'ost popular storage medium %ith large storage capacity 4 .andom read!%rite access deal for performance intensive online application 1) RA% "echnology
RA% : .edundant Array of ne3pensive 2isks is a technology that provides increased storage functions and relia#ility through redundancy$ RA% 2evels : Striped array %ith no fault tolerance ; 2isk mirroring *ested .A 2 (i$e$, ; < :, : < ;, etc$) = Parallel access array %ith dedicated parity disk > Striped array %ith independent disks and a dedicated parity disk ? Striped array %ith independent disks and distri#uted parity @ Striped array %ith independent disks and dual distri#uted parity RA% 3: 2ata striping %ithout redundancy (no protection) /inimum num4er o. drives: A Strengths: &ighest performance$ 5ea0nesses: *o data protection6 "ne drive fails, all data is lost$
R%VE 1 !
R%VE
2ata A 2ata + 2ata C 2ata 2 2ata ) 2ata RA% 1: 2isk mirroring /inimum num4er o. drives: A Strengths: /ery high performance6 /ery high data protection6 /ery minimal penalty on %rite performance$ 5ea0nesses: &igh redundancy cost overhead6 #ecause all data is duplicated, t%ice the storage capacity is required$ uple6ing Host R%VE ! 2ata A 2ata + 2ata C /irrored ata Standard Host Adapter 1 R%VE 1 2ata A 2ata + 2ata C Original ata Standard Host Adapter ! R%VE ! 2ata A 2ata + 2ata C /irrored ata
RA%
!: *o practical use /inimum num4er o. drives: *ot used in 9A* Strengths: Previously used for .A' error environments correction (kno%n as &amming Code) and in disk drives #efore he use of em#edded error correction$ 5ea0nesses: *o practical use6 same performance can #e achieved #y .A 2 = at lo%er cost$
RA%
1: +yte,level data striping %ith dedicated parity drive /inimum num4er o. drives: = Strengths: )3cellent performance for large, sequential data requests$ 5ea0nesses: *ot %ell,suited for transaction,oriented net%ork applications6 Single parity drive does not support multiple, simultaneous read and %rite requests$ 7: +lock,level data striping %ith dedicated parity drive
RA%
/inimum num4er o. drives: = (*ot %idely used) Strengths: 2ata striping supports multiple simultaneous read requests$ 5ea0nesses: 5rite requests suffer from same single parity,drive #ottleneck as .A 2 =6 .A 2 ? offers equal data protection and #etter performance at same cost$
RA%
8: +lock,level data striping %ith distri#uted parity /inimum num4er o. drives: = Strengths: +est cost!performance for transaction,oriented net%orks6 /ery high performance, very high data protection6 Supports multiple simultaneous reads and %rites6 can also #e optimi1ed for large, sequential requests$ 5ea0nesses: 5rite performance is slo%er than .A 2 : or .A 2 ;$ R%VE ! 1 R%VE
2ata C 2ata C
RA% 31 93:1) and RA% 13 91:3): Com#ination of .A 2 : (data striping) and .A 2 ; (mirroring)$ .A 2 :; (:<;) is a mirrored configuration of t%o striped sets (mirror of stripes)6 .A 2 ;: (;<:) is a stripe across a num#er of mirrored sets (stripe of mirrors)$ .A 2 ;: provides #etter fault tolerance and re#uilds performance than .A 2 :;$ +oth array types provide very good to e3cellent overall performance #y com#ining the speed of .A 2 : %ith the redundancy of .A 2 ; %ithout requiring parity calculations$ /inimum num4er o. drives: > Strengths: &ighest performance, highest data protection (can tolerate multiple drive failures)$ 5ea0nesses: &igh redundancy cost overhead6 #ecause all data is duplicated, t%ice the storage capacity is required6 requires minimum of four drives$ RA% 31 93:1 mirror o. stripes) R%VE ! 2ata A 2ata + 2ata C Original ata R%VE 1 mA m+ mC /irrored ata R%VE 7 mA m+ mC /irrored ata
RA%
13 91:3 stripe o. mirrors) R%VE ! mA mC m) /irrored ata R%VE 1 2ata + 2ata 2 2ata Original ata R%VE 7 m+ m2 m/irrored ata
7) (E"5OR& +O(+E$"S ) * 2A(, 5A( (E"5OR&: A computer net;or0, often simply referred to as a net%ork, is a collection of hard%are components and computers interconnected #y communications channels that allo% sharing of resources and information 2A(: A local area net;or0 (9A*) is a computer net%ork that interconnects computers in a limited area such as home, school, computer la#oratory or office #uilding$ 5A(: A ;ide area net;or0 (5A*) is a telecommunication net%ork that covers a #road area (i$e$, any net%ork that links across metropolitan, regional, or national #oundaries)$ +usiness and government entities utili1e 5A*s to relay data among employees, clients, #uyers, and suppliers from various geographical locations$ <A(: A glo4al area net;or0 (0A*) is a net%ork used for supporting mo#ile communications across an ar#itrary num#er of %ireless 9A*s, satellite coverage areas, etc$ A net;or0 topology is the layout of the interconnections of the nodes of a computer net%ork$ Common layouts are: A 4us net;or0: all nodes are connected to a common medium along this medium$ (his %as the layout used in the original )thernet, called ;:+AS)? and ;:+AS)A$ A star net;or0: all nodes are connected to a special central node$ (his is the typical layout found in a 5ireless 9A*, %here each %ireless client connects to the central 5ireless access point$ A ring net;or0: each node is connected to its left and right neigh#or node, such that all nodes are connected and that each node can reach each other node #y traversing nodes left, or right%ards$ (he -i#er 2istri#uted 2ata nterface (-22 ) made use of such a topology$ A mesh net;or0: each node is connected to an ar#itrary num#er of neigh#ors in such a %ay that there is at least one traversal from any node to any other$
8) S5%"+HES S%itches are the foundation for high,performance connectivity in storage, P, and converged net%ork environments, these highly relia#le, scala#le, and availa#le s%itches are designed for a %ide range of environmentsBena#ling a lo% (C" and fast ." $ 'a8or manufacturers of -i#re Channel s%itches are: A((", +rocade, Cisco, 'c2ata and C9ogic$ A""O (echnology: o S%itches: D=:D, D=;@ and D=A> =rocade: o S%itches: @?;:, ?=:: (D: ports), ?;::(>: ports), ?:::, >E::, A>::, AD::, =D::, =E::, >;::, =::(A> ports), A::) o 2irectors: ;A:::, A>:::, >D:::, 2CF +ack#one and 2CF D?;: o 'ore complete list in +rocade Communications Systems article$ +isco: o S%itches: Cisco '2S E:;@, E:A:, E:=A, E;;A, E;A:, E;A>, E;A>e, E;=>, E;>:, E;>D, EA;@, EA;@i, EAAAi, E=:A, E=:>, E=:D o 2irectors: Cisco '2S E?:@, E?:E, E?;=, E?=:, E?@: /c ata (no% acquired and re#randed #y +rocade): o S%itches: =A=A o 2irectors: @:@>, @;>:, ;:::: >2ogic: o S%itches: SA*#o3 ?D::, ?@::, ?A::, =:?:, ;>:: o 2irectors ! 'odular Chassis S%itches: SA*#o3 E::: =rocade So.t;are (he +rocade product portfolio also includes net%ork management applications$ SA* 'anagement Soft%are o 2ata Center -a#ric 'anager (2C-') o )nterprise -a#ric Connectivity 'anager ()-C') (from 'c2A(A) o -a#ric 'anager o &ost Connectivity 'anager (&C') o SA* &ealth SA* Application 'odules o 2ata 'igration 'anager (2'') P *et%ork 'anagement Soft%are o ron /ie% *et%ork 'anager ( *') +isco So.t;are nternet%ork "perating System ( "S) *F,"S "S,F. Cisco Active *et%ork A#straction
Cisco -a#ric 'anager Cisco AnyConnect Secure 'o#ility Client Cisco Systems /P* Client Cisco /ie% 2ata Center 'anagement and Automation 4 Cisco ntelligent Automation Cisco (idal )nterprise Scheduler Cisco 5orks *et%ork 'anagement soft%are Clean Access Agent, Cisco *AC Appliance Cisco )os Packet (racer, didactic net%ork simulator Cisco *et%ork 'agic Pro Cisco Unified Communications 'anager Cisco P Communicator Cisco Cuad Cisco Security 'anager 5e#)3 Colla#oration (ools
?) F%=RE +HA((E2S )* 2A#ERS, "O$O2O<%ES, $OR"S Fi4re +hannel, or F+, is a giga#it,speed net%ork technology primarily used for storage net%orking (here are three ma8or -i#re Channel topologies ;$ $oint@to@$oint (FC-P2P)$ (%o devices are connected directly to each other$ (his is the simplest topology, %ith limited connectivity$ G;H A$ Ar4itrated loop (FC-AL)$ n this design, all devices are in a loop or ring, similar to token ring net%orking$ Adding or removing a device from the loop causes all activity on the loop to #e interrupted$ (he failure of one device causes a #reak in the ring$ -i#re Channel hu#s e3ist to connect multiple devices together and may #ypass failed ports$ A loop may also #e made #y ca#ling each port to the ne3t in a ring$ o A minimal loop containing only t%o ports, %hile appearing to #e similar to -C,PAP, differs considera#ly in terms of the protocol$ o "nly one pair of ports can communicate concurrently on a loop$ o 'a3imum speed of D0-C$ =$ S;itched .a4ric (FC-SW)$ All devices or loops of devices are connected to -i#re Channel s%itches, similar conceptually to modern )thernet implementations$ Advantages of this topology over -C,PAP or -C,A9 include: (he s%itches manage the state of the fa#ric, providing optimi1ed interconnections$ (he traffic #et%een t%o ports flo%s through the s%itches only, it is not transmitted to any other port$ -ailure of a port is isolated and should not affect operation of other ports$ 'ultiple pairs of ports may communicate simultaneously in a fa#ric
F+ 2ayers: F+7 B $rotocol /apping layer, in %hich application protocols, such as SCS or P, are encapsulated into a P2U for delivery to -CA6 F+1 B +ommon Services layer, a thin layer that could eventually implement functions like encryption or .A 2 redundancy algorithms6 F+! B (et;or0 layer, defined #y the F+@$%@! standard, consists of the core of -i#re Channel, and defines the main protocols6 F+1 B ata 2in0 layer, %hich implements line coding of signals6 F+3 B $hysical 2ayer, includes ca#ling, connectors etc$6 (he follo%ing types of ports are defined #y -i#re Channel: (ode ports (Aport is a port on the node (e$g$ host or storage device) used %ith #oth -C, PAP or -C,S5 topologies$ Also kno%n as (ode port$ (2Aport is a port on the node used %ith an -C,A9 topology$ Also kno%n as (ode 2oop port$ FAport is a port on the s%itch that connects to a node point,to,point (i$e$ connects to an *Iport)$ Also kno%n as Fa4ric port$ An -Iport is not loop capa#le$ F2Aport is a port on the s%itch that connects to a -C,A9 loop (i$e$ to *9Iports)$ Also kno%n as Fa4ric 2oop port$ EAport is the connection #et%een t%o fi#re channel s%itches$ Also kno%n as an E6pansion port$ 5hen )Iports #et%een t%o s%itches form a link, that link is referred to as an inter,s%itch link (%S2)$ EBAport is the connection #et%een a fi#re channel router and a fi#re channel s%itch$ "n the side of the s%itch it looks like a normal )Iport, #ut on the side of the router it is a )FIport$ "EAport C a Cisco addition to -i#re Channel, no% adopted as a standard$ t is an e3tended S9 or E%S2$ (he ()Iport provides not only standard )Iport functions #ut allo%s for routing of multiple /SA*s (/irtual SA*s)$ (his is accomplished #y modifying the standard -i#re Channel frame (vsan tagging) upon ingress!egress of the /SA* environment$ Also kno%n as "run0ing EAport$ VEA$ort an *C (S (;; addition, -C P interconnected ),Port! S9, i$e$ fa#rics %ill merge$ VEBA$ort a *C (S (;; addition, is a -C P interconnected )F,Port, routing needed via lsan 1oning to connect initiator to a target$ <eneral 9catch@all) types Auto or auto@sensing port found in Cisco s%itches, can automatically #ecome an )I, ()I, -I, or -9Iport as needed$ F6Aport a generic port that can #ecome a -Iport (%hen connected to a *Iport) or a -9Iport (%hen connected to a *9Iport)$ -ound only on Cisco devices %here oversu#scription is a factor$ <Aport or generic port on a s%itch can operate as an )Iport or -Iport$ -ound on +rocade and 'c2ata s%itches$
2Aport is the loose term used for any ar#itrated loop port, *9Iport or -9Iport$ Also kno%n as 2oop port$ UAport is the loose term used for any ar#itrated port$ Also kno%n as Universal port$ -ound only on +rocade s%itches$$$$$
Port 55* is the -C net%ork 2 for the particular s%itch port$ All entities in an -C net%ork have a 55*$ *ode 55* is the 55* of the node that is connected to a particular port$ n other %ords it is the 55* of the system or storage device!su#system that is connected to the s%itch port n -i#re Channel, there are three different types of loginBPort 9ogin, -a#ric 9ogin, and *ode 9ogin$ (%o can #e corrupted %ith a spoofed A>,#it fa#ric address$ +efore %e discuss ho% spoofing disrupts these processes, letJs discuss the login types first$ FA=R%+ 2O<%( 9F2O<%), $OR" 2O<%( 9$2O<%), A( (O E 2O<%( 9(2O<%)
Fa4ric 2ogin: is performed #!% an *,port and an ),port$ (o log on to the fa#ric, a device sends a flogi frame %ith the %orld %ide *ode name (55**) and %orld%ide port *ame (55P*) parameters to the login service at the %ell kno%n -C address$ $ort 2ogin: is performed #!% an *,port and another *,port to esta#lish a session the intiator *,port sends a plogi request frame to the target *,port, %hich accepts it$ (he target *,port returns an all to the initiator *,port$ (he -a#ric 9ogin (-9"0 ) process allo%s a node to log in to the fa#ric and receive an assigned address from a s%itch$ (he -9"0 occurs %ith any node (*IPort or *9IPort) that is attached to the fa#ric$ (he *IPort or *9IPort %ill carry out the -9"0 %ith a near#y s%itch$ (he node (*IPort or *9IPort) %ill send a -9"0 frame that contains its node name, its *IPort name, and any service parameters$ 5hen the node sends its information to the address of :3-----), it uses the A>,#it source address of :3:::::: #ecause it hasnJt received a legitimate A>,#it address from the fa#ric yet$ (he -9"0 %ill #e sent to the %ell,kno%n fa#ric address of :3-----), %hich is similar to the #roadcast address in an P net%ork (though not the same)$ (he -C s%itches and fa#ric %ill receive the -9"0 at the address of :3-----)$ After a s%itch receives the -9"0 , it %ill give the *IPort or *9IPort a A>,#it address that pertains to the fa#ric itself$ (his A>,#it address %ith #e in the form of 2omain,Area,Port address from, %here the 2omain is the unique domain name ( 2) of the fa#ric, Area is the unique area name ( 2) of the s%itch %ithin the domain, and Port is the unique name ( 2) of each port %ithin the s%itch in the fa#ric$ +elo% ta#le sho%s ho% the A>,#it address is made$ A>,+it addresses !7@=it Address escription "ype D,#it domain Unique domain 2 in a fa#ric$ /alid domain 2s
are #et%een ; and A=E$ area Unique area 2 on a s%itch %ithin a fa#ric$ /alid area 2s are #et%een : and A??$ port Unique area 2 on a s%itch %ithin a fa#ric$ /alid area 2s are #et%een : and A??$
A A>,#it address (port 2) uses the follo%ing formula to determine a nodeJs address: 2omainI 2 3 @??=@ < AreaI 2 3 A?@ < PortI 2 K A> #it Address An e3ample address for and node on the first domain (domain 2 of ;), on the first s%itch (area 2 of :), and the first port (port 2 of ;), %ould #e the follo%ing: ; 3 @??=@ < : 3 A?@ < ; K @??=L (&e3: :3;:::;) After the node has completed the -9"0 and has a valid A>,#it fa#ric address, it %ill perform a Port 9ogin (P9"0 ) to the %ell,kno%n address of :3-----C to register its ne% A>,#it address %ith the s%itchJs name server, as %ell as su#mit information on its @>,#it port 55*, @>,#it node 55*, port type, and class of service$ (he s%itch then registers that A>,#it fa#ric address, along %ith all the other information su#mitted, to the name server and replicates that information to other name servers on the s%itch fa#ric$ -igures A$;> and A$;? sho% the -9"0 and P9"0 processes$
A *ode 9ogin is some%hat similar to a -a#ric 9ogin, #ut instead of logging in to the fa#ric, the node %ould log in to another node directly (node to node communication)$ (he node %ill not receive any information from the fa#ric, #ut %ill receive information from the other node as it relates to )3change 2s ("FI 2 and .FI 2) and session information (SeqI 2 and SeqIC*()$ After this information has #een e3changed, the t%o nodes %ill #egin to communicate %ith each other directly$ F2O<%, $2O<%, A( A RESS S$OOF%(< *o% that %e have esta#lished facts concerning -9"0 , P9"0 , and address spoofing, letJs understand ho% the %eaknesses interrelate them after performing the -9"0 process, an -C node needs to perform a P9"0 to the %ell,kno%n address of :3-----C$ (he P9"0 then registers the A>,#it address of the node to the *ame Server (also referred to as a Simple *ame Server) of the s%itch$ f an entity %ere to spoof their A>,#it fa#ric address and send it to the address of :3-----C, the s%itches %ould see a node performing a P9"0 $ "nce the s%itch receives the information from the P9"0 frame, it %ill register the spoofed A>,#it address of the node to the name serverBthus, polluting the name server %ith incorrect information$ Mou might %onder %hat the #ig deal is since the node has corrupted its o%n information6 ho%ever, consider the fact that the A>,#it address is used for hard and soft 1oning$ -or e3ample, letJs say the A>,#it address of @??=L (&e3: :3;:::;) %as allo%ed to route to nodes in 1one A and no other addresses can access that 1one$ A malicious attacker has the address of @??>; (&e3: :3;:::?) and cannot access that 1one$ (he malicious attacker can spoof (change) their A>,#it address to match @??=L (:3;:::;) and then route frames to the restricted 1one A, despite #eing unauthori1ed to do so$ Spoofing the A>,#it address during P9"0 negates any route, #ased 1oning rules that may have #een applied$ (he simple process of spoofing no% creates the a#ility to route (hop) across hard and soft 1oning rules$ -igure A$;@ sho%s the -9"0 !P9"0 spoofing process$
Noning is a logical separation of traffic #et%een host and resources$ Noning can #e categori1ed into three types: $ort Goning: t uses the -C addresses of the physical ports to define 1ones$ n port 1oning, access to data is determined #y the physical s%itch port to %hich a node is connected$ (he -C address is dynamically assigned %hen the port logs on to the fa#ric$ (herefore, any change in the fa#ric configuration affects 1oning$ Port 1oning is also called hard zoning$ Although this method is secure, it requires updating of 1oning configuration information in the event of fa#ric reconfiguration$ 55( Goning: t uses 5orld 5ide *ames to define 1ones$ 55* 1oning is also referred to as soft zoning$ A ma8or advantage of 55* 1oning is its fle3i#ility$ t allo%s the SA* to #e re,ca#led %ithout reconfiguring the 1one information$ (his is possi#le #ecause the 55* is static to the node port$ /i6ed Goning: t com#ines the qualities of #oth 55* 1oning and port 1oning$ Using mi3ed 1oning ena#les a specific port to #e tied to the 55* of a node$ $ersistent =inding: &ost,#ased 1oning can include 55* or 9U* masking, and is typically kno%n as Opersistent #inding$P
2U( mas0ing: 9ogical Unit *um#er 'asking or 9U* masking is an authori1ation process that makes a 9ogical Unit *um#er availa#le to some hosts and unavaila#le to other hosts. H) S"ORA<E +O(+E$"S ) * AS, (AS, SA(,%$SA( Storage: 2ata created #y individuals or #usinesses must #e stored so that it is easily accessi#le for further processing 4 ndividuals 4 2igital cameras, cell phones, hard disks 4 +usinesses 4 &ard disks, )3ternal disk arrays, tape li#raries irect@attached storage 9 AS): (his type of storage connects directly to a server (host) or a group of servers in a cluster$ Storage can #e either internal or e3ternal to the server$ )3ternal 2AS alleviated the challenges of limited internal storage capacity$ Storage area net;or0 9SA(): (his is a dedicated, high,performance -i#re Channel (-C) net%ork to facilitate #lock,level communication #et%een servers and storage$ Storage is partitioned and assigned to a server for accessing its data$ SA* offers scala#ility, availa#ility, performance, and cost #enefits compared to 2AS$ (et;or0@attached storage 9(AS): (his is dedicated storage for file serving applications$ Unlike a SA*, it connects to an e3isting communication net%ork (9A*) and provides file access to &eterogeneous clients$ +ecause it is purposely #uilt for providing storage to file server applications, it offers higher scala#ility, availa#ility, performance, and cost #enefits compared to general purpose file servers$ %nternet $rotocol SA( 9%$@SA(): "ne of the latest evolutions in storage architecture, P,SA* is a convergence of technologies used in SA* and *AS$ P,SA* provides #lock,level communication across a local or %ide area net%ork (9A* or 5A*), resulting in greater consolidation and availa#ility of data$ I) S"ORA<E =OB +O((E+"%V%"#
SA( +onnectivity
(AS +onnectivity
DAS connectivity
(here are +', )'C, &itachi and &P Series of Storage Array +o3es$ Some of Storage Array #o3 models are as follo%s E/+ $roducts Clariion CF=,>:, CF;A:, CFA>:, CF>D:, CFE@:, *S>:, /*F?;::, /*F?=::, /*F??::, /*F?L::, /*FL?::, /*Fe Series, 2'F Series, /'AF etcQ
Fact Sheet E6ample .or V(BE833 9o. Any Environment Array =o6es)
=loc0 +omponents 'in!'a3 2rives Array )nclosure 2rive )nclosure "ptions (2A)) Stand#y Po%er System .aid "ptions CPU!'emory per Array V(BE833 >!;::: AU 2isk Processor )nclosure (*o drives) A?3A$?P SAS!-lash drives 4 A U$ ;?3=$?P SAS!-lash drives 4 = U ;U ;$A75 :!;!;:!=!?!@ ntel Feon ?@::!>D 0+
'a3 +lock Ultra-le3 " 'odules per ;: Array )m#edded " Ports per Array : 'a3 (otal Pors per Array =A A!>!D 0#!s -C 'a3 Ports per Array =A ; 0#ase( iSCS 'a3 (otal Ports per ;@ Array ;: 0#) iSCS 'in!'a3 (otal Ports per ;A Array 'a3 -co) (otal Ports per Array ;@ @ 0#!s SAS +uses (> 9anes per +us) > or D (consumes A or > Ultra-le3 " modules per array) for 2A) Connections Other 'anagement nterfaces 9A* A 3 ;:!;::!;::: Copper 0#) Functional 2imits 'a3 .a% Capacity ;,EL> (+ 'a3 SA* &osts D,;EA 'a3 *um#er of Pools @: 'a3 *um#er of 9U*s D$;EA 'a3 9U* Si1e ;> (+ (/irtual Pool 9U*) 'a3 -ile System Si1e ;@ (+ 'a3imum Usa#le -ile Capacity per F, A?@ (+ +lade +lock "SJs Plus -ile "SJs see ),9a# *avigator and "S Support *AS Support 'atri3 on Po%erlink
Symmetrix VMAX Maximum Drives Architecture Maximum Integrated Directors onnection !y"es Maximum onnectivity 2400 Virtual Matrix Architecture 16 FC, FICON, Giga it !ther"et, i#C#I $% t& 12' %&rt( )e%e")i"g &" c&""ecti&" t*%e 360
Symmetrix VMAX SE
Symmetrix DMX- Symmetrix DMX4 4 950 2400 Direct Matrix Architecture N/A FC, FICON, !#CON, Giga it !ther"et, i#C#I $% t& 64 %&rt( )e%e")i"g &" c&""ecti&" t*%e ' +G ! #,DF 360 Direct Matrix Architecture N/A FC, Giga it !ther"et, i#C#I $% t& 16 %&rt( )e%e")i"g &" c&""ecti&" t*%e ' +G ! #,DF
Virtual Matrix Architecture 2 FC, FICON, Giga it !ther"et, i#C#I $% t& 16 %&rt( )e%e")i"g &" c&""ecti&" t*%e 4 +FC &r G !
%orts
#,DF %&rt(-
#,DF %&rt(-
%&rt(-
%&rt(-
%=/ $roducts +' 'id .ange 9evel products 2S?:A: )3press, 2S?;::, 2S?=::, )FP=E?!)FP?A: etcQ +' &igh .ange 9evel Products F /, 2SD:::, 2SD;::, 2SD=::, 2SDL::, 2SDD::
H$ $roducts &P =PA. Product (ypes ./ 3/A, F0Cla(( #t&rage #*(te1( ./ 3/A, 20Cla(( #t&rage #*(te1( ./ P@:::!)/A disk arrays ./ 4400 !"ter%ri(e Virtual Arra* ./ /6000 !"ter%ri(e Virtual Arra* #*(te1( ./ 6400/'400 !"ter%ri(e Virtual Arra* ./ PA:::!'SA disk arrays ./ /2000 G3 M#A Arra* #*(te1( .% PE:::!FP disk arrays ./ /3000 4/ Di(5 Arra*( .% P>::: SA* solutions ./ /4000 G2 #AN #&luti&"(
11)SA( =AS%+S, SA( SE"U$ SA(: GStorage area *et%orkingH , 2edicated high speed net%ork of servers and shared storage devices Provides storage consolidation and centrali1ation -eatures of an array 4 &igh Availa#ility!.edundancy 4 Performance 4 +usiness Continuity 4 'ultiple host connect A SA* is a speciali1ed highRspeed net%ork of storage devices and s%itches connected to computer systems$ (his %hite paper refers to the computer systems as servers or hosts$ A SA* presents shared pools of storage devices to multiple servers$ )ach server can access the storage as if it %ere directly attached to that server$ A SA* supports
centrali1ed storage management$ SA*s make it possi#le to move data #et%een various storage devices, share data #et%een multiple servers, and #ackup and restore data rapidly and efficiently$ n addition, a properly configured SA* facilitates #oth disaster recovery and high availa#ility$ (he SA* components interact as follo%s: ; 5hen a host %ants to access a storage device on the SA*, it sends out a #lockR#ased access request for the storage device$ A SCS commands are encapsulated into -C packets$ (he request is accepted #y the &+A for that host and is converted from its #inary data form to the optical form required for transmission on the fi#er optic ca#le$ = At the same time, the request is packaged according to the rules of the -C protocol$ > (he &+A transmits the request to the SA*$ ? 2epending on %hich port is used #y the &+A to connect to the fa#ric, one of the SA* s%itches receives the request and sends it to the storage processor, %hich sends it on to the storage device$ SA( +omponents (he components of an -C SA* can #e grouped as follo%s and are discussed #elo%: &ost Components$ -a#ric Components$ Storage Components$ Host +omponents (he host components of a SA* consist of the servers themselves and the components that ena#le the servers to #e physically connected to the SA*$ H=As are located in the servers, along %ith a component that performs digitalRtoR optical signal conversion$ )ach host connects to the fa#ric ports through its &+As$ H=A drivers running on the servers ena#le the servers$ operating systems to communicate %ith the &+A$ Fa4ric +omponents All hosts connect to the storage devices on the SA* through the SA* fa#ric$ (he net%ork portion of the SA* consists of the follo%ing fa#ric components: SA( S;itches: SA* s%itches can connect to servers, storage devices, and other s%itches, and thus provide the connection points for the SA* fa#ric$ (he type of SA* s%itch, its design features, and its port capacity all contri#ute to its overall capacity, performance, and fault tolerance$ (he num#er of s%itches, types of s%itches, and manner in %hich the s%itches are interconnected define the fa#ric topology$ -or smaller SA*s, the standard SA* s%itches (called modular s%itches) can typically support ;@ or A> ports (though some =ARport modular s%itches are #ecoming availa#le)$ Sometimes modular s%itches are interconnected to create a faultRtolerant fa#ric$ -or larger SA* fa#rics, directorRclass s%itches provide a larger port capacity (@> to ;AD ports per s%itch) and #uiltRin fault tolerance$
ata Routers: 2ata routers are intelligent #ridges #et%een SCS devices and -C devices in the SA*$ Servers in the SA* can access SCS disk or tape devices in the SA* through the data routers in the fa#ric layer$ +a4les SA* ca#les are usually special fi#er optic ca#les that are used to connect all of the fa#ric components$ (he type of SA* ca#le and the fi#er optic signal determine the ma3imum distances #et%een SA* components and contri#ute to the total #and%idth rating of the SA*$ +ommunications $rotocol -a#ric components communicate using the -C communications protocol$ -C is the storage interface protocol used for most of today$s SA*s$ -C %as developed as a protocol for transferring data #et%een t%o ports on a serial !" #us ca#le at high speeds$ -C supports pointRtoRpoint, ar#itrated loop, and s%itched fa#ric topologies$ S%itched fa#ric topology is the #asis for most current SA*s$ Storage +omponents (he storage components of a SA* are the storage arrays$ Storage arrays include storage processors (SPs)$ (he SPs are the front end of the storage array$ SPs communicate %ith the disk array (%hich includes all the disks in the storage array) and provide the .A 2!9U* functionality$ Storage $rocessors SPs provide frontRside host attachments to the storage devices from the servers, either directly or through a s%itch$ (he server &+As must conform to the protocol supported #y the storage processor$ n most cases, this is the -C protocol$ Storage processors provide internal access to the drives, %hich can #e using a s%itch or #us architecture$ n highRend storage systems, drives are normally connected in loops$ (his #ackRend loop technology employed #y the SP provides several #enefits: &ighRspeed access to the drives A#ility to add more drives to the loop .edundant access to a single drive from SA( $orts and $ort (aming n the conte3t of this document, a port is the connection from a device into the SA*$ )ach node in the SA* )ach host, storage device, and fa#ric component (router or s%itch) has one or more ports that connect it to the SA*$ Ports can #e identified in a num#er of %ays: 55$(: 5orld 5ide Port *ame A glo#ally unique identifier for a port %hich allo%s certain applications to access the port (he -C s%itches discover the 55P* of a device or host and assign a port address to the device$ $ortA% : (or port address) 5ithin the SA*, each port has a unique port 2 that serves as the -C address for the port$ (his ena#les routing of data through the SA* to that port$ (he -C s%itches assign the port 2 %hen the device logs into the fa#ric$ (he port 2 is valid only %hile the device is logged on$ SA( SE"U$ 5hen you$re ready to set up the SA*, complete these tasks
"o prepare the SA( ; Assem#le and ca#le together all hard%are components and install the corresponding soft%are$ a$ Check the versions$ #$ Set up the &+A$ c$ Set up the storage array$ A Change any configuration settings that might #e required$ = (est the integration$ 2uring integration testing, test all the operational processes for the SA* )nvironment$ (hese include normal production processing, failure mode testing, #ackup functions, and so forth$ > )sta#lish a #aseline of performance for each component and for the entire SA*$ )ach #aseline provides a measurement metric for future changes and tuning$ See ESX Server SAN Config ration ! ide for additional information$ ? 2ocument the SA* installation and all operational procedures$ 1!)SA( V%R"UA2 $ROV%S%O(%(<
RA% <roup 4 A Set of 2isks on %hich traditional 9U*s and 'eta 9U*s can #e created$
"raditional 2U( 4 (he amount of physical space allocated is the same as the user capacity seen #y the host server$ (raditional 9U*s cannot #e created on a pool6 they are al%ays created on a .A 2 group$ /eta 2U( 4 A collection of traditional 9U*s can #e striped and!or concatenated together, and presented to a host as a single 9U*$ Additional 9U*s can #e added to a 'eta 9U* dynamically, allo%ing 'eta 9U*s to #e e3panded on the fly$ $ool 4 A group of disk drives for configuring pool (thick and thin) 9U*s$ (here may #e 1ero or more pools in a storage system$ 2isks can only #e a mem#er of one pool, and they cannot also #e in a .A 2 group$ $ool 2U( 4 A logical unit of storage created on a pool$ A pool 9U* can #e either a thin 9U* or a (hick 9U* "hic0 2U( 4 A type of pool 9U* %here physical Space allocated is equal to the user capacity seen #y the host server$ "hin 2U( 4 A type of pool 9U* %here physical Space allocated can #e less than the user capacity seen #y the host server 2U( /igration 4 A feature that dynamically migrate data to another traditional 9U*, pool 9U*, or 'eta 9U* %ithout disrupting running applications$ Availa4le capacity 4 (he amount of actual physical pool space that is currently not allocated for pool 9U*s +onsumed capacity 4 for a pool, this is the space currently used #y all 9U*s in the pool$ -or a thin 9U*, this is the physical space used #y the 9U*$ -or a thick 9U*, this is the host,visi#le capacity used #y the 9U*$
+onsumed +apacity: -or a pool, this is the Space currently used #y all 9U*Ss in the pool$ -or a thin 9U*, this is the physical space used #y the 9U*$ -or a thick 9U*, this is the host,visi#le capacity used #y the 9U*$ +onsumed +apacity J 9User +onsumed +apacity C 1D3!) : 1<=D ata store: 9U* Presented in the Server side is kno%n and called as data store Storage =+K+A +usiness Copy Continuous Access
9U* masking is commonly used for permission management$ 9U* masking is also referred to as selective storage presentation, access control, and partitioning, depending on the vendor$ 9U* masking is performed at the SP or server level6 it makes a 9U* invisi#le %hen a target is scanned$ (he administrator configures the disk array so each server or group of servers can see only certain 9U*s$ 'asking capa#ilities for each disk array are vendor specific, as are the tools for managing 9U* masking$
11)S(A$V%E5 /%RRORV%E5, S(A$V%E5 +2O(ES, SA( +O$# S(A$V%E5 /%RRORV%E5: Snap /ie% is an application that allo%s the creation of either point,in,time copies of storage system data (called Snapshot) or full, local mirrors (called clones)$ (his feature is sometimes can #e accessed directly #y other applications such as development testing$ (hey can also #e used to offload the #ackup activities from production hosts$ 'irror vie% is soft%are designed for disaster recovery solution #y mirroring local production data to a remote disaster recover site$ t provides an online, host independent, mirrored data storage and protection solution that duplicates production site data (primary) to one or t%o secondary sites (secondary!secondarySs) in a campus environment$ (he mirroring is synchronous, meaning that every time a host %rites to the primary array, the secondary array mirrors the %rite #efore an ackno%ledgement is returned to the host$ Salient Features:@ ;) ndependent of server, operating system, net%ork, applications, and data#ase$ A) Centrali1ed, simplified management via )'C *avisphere$ =) Concurrent information access %hen used %ith Snap/ie%$ >) Synchronous .emote 'irroring +et%een (%o C9A.ii"* Systems$ S(A$V%E5 +2O(ES: Provides a full copy of the data on the source 9U* or additional reada#le!%rita#le copies of the mirror data at the remote site Clones %ould #e used for corruption recovery Snap/ie% clones are fully populated point,in,time copies of 9U*s (9ogical units) that allo% incremental synchroni1ation #et%een the source and destination 9U*s$ 5hen com#ined %ith Sanp/ie% snapshots, %hich provide users point,in,time vie%s of data, clones provide fully populated, point,in,time copies, ma3imi1ing users fle3i#ility in using their storage environment tasks %ith minimal impact to the production data$ (hese tasks include: +ackup!recovery Application testing 5arehousing 2ata movements All the a#ove tasks can use the point,in,time copy of the data to minimi1e on the production server$
SA( +O$#: SA* C"PM is a remote replication application$ ( supports the #ulk transfer of data #et%een or %ithin the Storage systems$ +oth Storage Systems do not have to #e Clariion or )'C Systems using SA* C"PM, 2ata can #e transferred from storage system to another storage system %ithout host involvement$ 17)$O5ER$A"H $O5ER$A"H: Po%erPath is a &ost,resident soft%are solution that enhances performance and information availa#ility$ t integrates multiple path !" capa#ilities, automatic load #alancing, and path failover functions into one comprehensive package for use on open server platforms connected to Symmetri3 enterprise storage systems$ Po%erPath ena#les you to do more %ork in a shorter time so you can serve more customers, run more applications, and e3ploit more #usiness opportunities Po%erpath improves the serverSs a#ility to manage heavy storage loads through continuous and intelligent !" #alancing$
FAS" +A"+H: -ast (echnology can #e used to identify and move the #usy 9U*s residing on a set of #usy 2isks to -lash drives and similarly identify and move the 9U*S residing ideal disks to SA(A drives$ (he cast capa#ility is a very po%erful technology that can improve the (C" of enterprises applications storage deployment #y automatically migrating the data sets to right storage,tiers$