Beruflich Dokumente
Kultur Dokumente
6 Technical Update
Byron Grossnickle
Consulting IT Specialist
byrongro@us.ibm.com
Bill Wiegand
Consulting IT Specialist
wiegandb@us.ibm.com
Denis Frank
Spectrum Virtualize Performance Architect
Agenda
If an MDisk is self-encrypting (and identified), then per-pool encryption will not encrypt any data to be sent to that
MDisk
Child pools can also have keys, which are different to the parent pool
USB key management support
External key manager support being planned for 1H16
Copyright IBM Corporation 2015
Implementing Encryption
Two methods
Create new encrypted pool
Move volumes from existing pool to new pool
Unencrypted Pool
Copyright IBM Corporation 2015
Encrypted Pool
7
Data encryption key is used to encrypt data and is created automatically when an encrypted pool
is created
Stored encrypted with the master key
No way to view data encryption key
Cannot be changed
Discarded when an array is deleted (secure erase)
Copyright IBM Corporation 2015
10
V7000
No compression enabled 7 of 8 cores
Compression enabled 4 of 8 cores
11
Ordering Encryption
FlashSystem V9000
Order feature AF14 on Model AE2 (flash enclosure). Includes USB devices and enablement
5725-Y35 (PPA)
12
Encryption Recommendations
If
you can encrypt on the back end storage with no performance penalty or encrypt with
data in place, take that option
For example, an XIV can encrypt it's data without the need to move it
The DS8K, XIV and V7K Internal encryption can be done with no performance penalty
If
you need more granular key management or single methodology use external encryption
i.e. key per child pool
Single methodology for
entire environment (i.e. encryption is done the same way for everything)
Be
careful when mixing types of encryption in the same pool, as different forms of
encryption may have different security characteristics
13
IP Quorum Devices
The
user will use either the CLI or the GUI to generate a Java-based quorum
application which is run on a host located at a third site.
The user must also regenerate and redeploy this application when certain aspects of
the cluster configuration change, e.g. a node is added.
The need for a regeneration will be indicated via a RAS event.
The maximum number of applications that can be deployed is five (5).
The IP topology must allow the quorum application to connect to the service IP
addresses of all nodes.
The IP network and host must fulfill certain constraints:
Requirement
Constraint
Comment
Round-trip latency
< 80ms
No exceptions
Port forwarding
1260
Suggested JRE
IBM Java 7
14
15
16
Comprestimator Integration
With
R7.6, deployed as part of SVC/Storwize via CLI command vs separate host installable
Does not require compression license
Does not start RACE (RtC compression engine)
Same algorithm as host based tool so same results are expected
Schedule a volume or all volumes for estimation
Volumes are estimated in VDisk-id order
One volume per node at a given time within a given I/O group
Each I/O group processes its own volumes
Starts immediately (unless otherwise engaged)
Schedule all volumes in system
Display estimation results include thin provisioning, compression and overall results
All volumes output
Single volume output
Fast and accurate results
Rule of Thumb is <1 minute per volume (divided across nodes) with <5% error margin (same as
CLI)
17
18
19
Examples - lsvdiskanalysis
20
21
lsvdiskanalysis States
Estimated Compression ratio has been determined. Give date and time of last
Active Volume is currently being estimated
Scheduled Volume is waiting to be estimated
Idle Volume has never been estimated and is not scheduled to be estimated
run
22
Storage
23
Discovery
Provisioning
Optimization
SRM
SRA
For XIV
SRA
For DS8000
SRA
For Storwize
vRA /
vCAC
vRO /
vCO
Backup
Snapshot
Management
Automation
Operations Management
Self-service
Server Virtualization
vROPS /
vCOPS
vCenter
VASA
VWC
VADP
Spectrum
Protect
24
Target Environment
Future
Storage Arrays
VASA
XIV Mgmt
Web Client
Common
Services
DS8000 Mgmt
(Authentication,
High availability,
Configuration storage,
Etc)
SVC Mgmt
vROPs
vRO
<future plugin>
Storage
FlashSystem
Mgmt
3rd Party
Mgmt
http://www-01.ibm.com/support/knowledgecenter/STWMS9/landing/IBM_Spectrum_Control_Base_Edition_welcome_page.html
Copyright IBM Corporation 2015
25
26
VDisks
VM Volumes
VDisks
VMFS datastore
VM Volume
Volume
Storage array
XIV/SVC support for VMware vSphere Virtual Volumes (VVOL)
VM Volume
Storage array
IBM was a Virtual Volumes design
partner +3 years working together!
Delivers an excellent level of storage
abstraction through VVOL
27
Key Benefits
Considerations
28
29
30
Bill Wiegand
Consulting IT Specialist
wiegandb@us.ibm.com
Traditional RAID 6
Double parity improves data availability by protecting against single or double drive failure in
an array
However
Spare drives are idle and cannot
contribute to performance
Particularly an issue with flash drives
32
Traditional RAID 6
Active Drives
Stripe
Spares
D1
D1
D2
D2
D3
D3
PP
Q
Q
D1
D2
D3
D3
PP
D1
D1
D2
D3
PP
D1
D1
D2
D2
D3
D1
D1
D2
D2
D3
D3
D1
D1
D2
D2
D3
D3
Write to 1 drive
33
34
Distributed RAID
Improved RAID implementation
Faster drive rebuild improves availability and enables use of lower cost larger drives with confidence
All drives are active, which improves performance especially with flash drives
35
Distributed RAID 6
Distribute 3+P+Q over 10 drives with 2 distributed spares
Drive
In this instance
these 5 rows make
up a pack
We allocate the spare
space depending on
the pack number
D1
D1
P
D2
D2
Q
D3
D3
D2
D2
Q
D3
D3
D1
D1
P
D3
D1
P
D2
Q
PP
D2
D2
Q
D3
D3
D1
Q
D3
D3
D1
PP
D2
D1
PP
D2
Q
D3
D2
Q
D3
D1
D1
P
D3
D1
D1
P
D2
D2
Q
D3
D1
P
D2
Q
Row
36
37
Main goal of DRAID is to significantly lower the probability of a second drive failing during
the rebuild process compared to traditional RAID
38
Distributed RAID
V7.6 supports Distributed RAID 5 & 6
Distributed RAID 10 is a 2016 roadmap item
39
Distributed RAID
Minimum Drive Count in one array/MDisk
Distributed RAID5: 4 (2+P+S)
Distributed RAID6: 6 (3+P+S)
Up to 36 drives: 1 spare
37-72 drives: 2 spares
73 to 100 drives: 3 spares
101 to 128 drives: 4 spares
RAID6: 12 (10+P+Q)
Copyright IBM Corporation 2015
40
41
Amount of usable
storage that will be
added to the pool
42
Raid type
Number of spares
Array Width
43
44
Host Server
Site 1
Site 2
Vol_1P
Node 1
I/O Group 1
Vol_1S
Node 2
Node 3
Site 1
I/O Group 2
Site 2
Site 1
Storage Pool 1
Node 4
Site 2
Quorum
Site 3
Storage Pool 2
Host Server
Site 1
Site 2
Vol_1P
Vol_1S
Node 1
I/O Group 1
Node 2
Node 3
Site 1
I/O Group 2
Site 2
Site 1
Storage Pool 1
Node 4
Site 2
Quorum
Site 3
Reads are
performed locally,
as long as the
local copy is up to
date
Storage Pool 2
46
47
1)
2)
3)
4)
5)
6)
7)
8)
1) mkvolume my_volume
mkvdisk master_vdisk
mkvdisk aux_vdisk
mkvdisk master_change_volume
mkvdisk aux_change_volume
mkrcrelationship activeactive
chrcrelationship -masterchange
chrcrelationship -auxchange
addvdiskacces
48
mkvolume
mkimagevolume
addvolumecopy
rmvolumecopy
rmvolume
Also:
lsvdisk now includes volume_id, volume_name and function fields to easily
identify the individual volumes that make up a HyperSwap volume
49
Basic volume
Mirrored volume
Stretched volume
HyperSwap volume
- any topology
- standard topology
- stretched topology
- hyperswap topology
The type of volume created is determined by the system topology and the number of
storage pools specified
mkimagevolume
Create a new image mode volume
Can be used to import a volume, preserving existing data
Implemented as a separate command to provide greater differentiation between the action
of creating a new empty volume and creating a volume by importing data on an existing
MDisk
Copyright IBM Corporation 2015
50
- standard topology
- stretched topology
- hyperswap topology
rmvolumecopy
Remove a copy of a volume but leaves the actual volume intact
Converts a Mirrored, Stretched or HyperSwap volume into a basic volume
For a HyperSwap volume this includes deleting the active-active relationship and the
change volumes
Allows a copy to be identified simply by its site
The -force parameter from rmvdiskcopy is replaced by individual override parameters,
making it clearer to the user exactly what protection they are bypassing
Copyright IBM Corporation 2015
51
52
53
Set Multi-Site
Site 1:
London
Site 2:
Hursley
Site 3 (quorum):
Manchester
Back
Next
Cancel
54
55
56
Advanced
Basic
Quantity:
1
HyperSwap
Capacity:
24
Consistency group:
London
Pool:
I/O group:
GiB
Capacity savings:
Compressed
Custom
Name:
My_hs_volume
None
Hursley
Pool1
Pool:
Auto select
I/O group:
Pool2
Auto select
Summary
1 volume
1 copy in Hursley
1 copy in London
1 active-active relationship
2 change volumes
Create
Copyright IBM Corporation 2015
Cancel
57
58
59
60
SITE-2
SVC (iogrp1)
Layer = replication
(external storage)
(external storage)
Layer = storage
Layer = storage
SITE-3
V3700 (Quorum)
Layer = storage
61
SITE-2
V7K/V5K (iogrp1)
Layer = replication
(external storage)
(external storage)
Layer = storage
Layer = storage
SITE-3
V3700 (Quorum)
Layer = storage
62
Miscellaneous changes
63
PCIe slot
Empty
or
Compression Accelerator
Empty
or
Compression Accelerator
Using any of slots 4-6 requires second CPU and 32GB cache upgrade
Copyright IBM Corporation 2015
64
Compression Accelerator
Each one of the 4-port 16Gb ports will have 2 LEDs (amber and green)
LED behaviour is exactly the same as on the 2port 16Gb FC card
Supports maximum cable length of up to 5KM with single mode fibre and LW SFP
For certain use cases, cable length of more than 5KM can be used with DWDM/CWDM technology
65
Administrators can now configure up to a maximum of 512 iSCSI Host IQNs per I/O group
Maximum of 2048 iSCSI Host IQNs for a 4 I/O group system
66
Running the upgradetestutility (aka CCU checker) will call out the non-support of 8xx nodes
and any attempt to upgrade to V7.6 will fail
67
68
Solution
Instead of slandering the link, we want to allow the customer to set a system-wide timeout value
If a particular I/O takes more than that specified amount of time to complete, we will look at the stream the
volume in question belongs to and do a version of a 1920 on it
CLI additions
Adding to chsystem
o chsystem -maxreplicationdelay <value>
o Sets a maximum replication delay in seconds: allows 0-360 (increments of 1)
o If set to 0, feature is disabled
69
70
71
CLI commands:
chbanner -file /tmp/loginmessage
chbanner -enable / disable
chbanner -clear
Copyright IBM Corporation 2015
72
SSL Certificates
Now we will allow the system to generate SSL certificates which the customer can
then sign and re-upload to the system
Also we increased the strength of SSL certificates generated
Both self-signed and customer-signed
One certificate will be used for all uses of SSL on the system
Cluster GUI
Service GUI
Keyserver
Future enhancements
73
svcinfo lssystemcert
Displays the information about the installed certificate
svctask chsystemcert
mkselfsigned: This will generate a self-signed certificate, similar to how it currently works
mkrequest: This generates an unsigned certificate, to be signed by an external authority
install: Install a certificate signed by an external authority
export: Export the current installed certificate in a format suitable for external use
o E.g. a web browser
Self-signed certificates have optional parameters with defaults provided by the system
Unsigned certificates must have all parameters included in the CLI command
74
Certificate storage
75
Announcement letters:
IBM FlashSystem 900 and V9000 deliver enhanced worldwide support
IBM Spectrum Virtualize Software V7.6 delivers a flexible, responsive, available, scalable, and efficient
storage environment
76
Denis Frank
Spectrum Virtualize Performance Architect
78
DRAID - Overview
Traditional RAID (TRAID) has a very rigid layout:
RAID-10: N data drives + N mirrors, spares
RAID-5/6: N data drives + P checksum drive (RAID-6: P+Q), spares
79
80
81
Virtualized FlashSystems
Storage controllers reporting encrypted disks in SCSI Inquiry page C2
SAS hardware encryption on internal storage (drives) on V7k v2, DH8
External MDisks manually defined as encrypted
82
unencrypted
% performance
520k
600k
86%
168k
185k
90%
10700
13000
82%
2900
3100
93%
Storwize V7000 Gen2 over 50% FlashSystem (SW encrytion) / 50% SSD RAID5 (HW
encryption), 1 I/O group, 8Gb FC, cache miss
encrypted
unencrypted
270k
316k
85%
74k
83k
89%
7200
9200
78%
2600
3100
83%
% performance
83
84
Questions?
Legal Notices
Copyright 2015 by International Business Machines Corporation. All rights reserved.
No part of this document may be reproduced or transmitted in any form without written permission from IBM Corporation.
Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. This document could include technical
inaccuracies or typographical errors. IBM may make improvements and/or changes in the product(s) and/or program(s) described herein at any time without notice. Any
statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. References in this document
to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does
business. Any reference to an IBM Program Product in this document is not intended to state or imply that only that program product may be used. Any functionally equivalent
program, that does not infringe IBM's intellectually property rights, may be used instead.
THE INFORMATION PROVIDED IN THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER OR IMPLIED. IBM LY DISCLAIMS ANY
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IBM shall have no responsibility to update this information. IBM
products are warranted, if at all, according to the terms and conditions of the agreements (e.g., IBM Customer Agreement, Statement of Limited Warranty, International Program
License Agreement, etc.) under which they are provided. Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM products. IBM makes no representations or warranties, ed or implied, regarding non-IBM products and services.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents or copyrights. Inquiries regarding patent or
copyright licenses should be made, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 1 0504- 785
U.S.A.
86
87
Special notices
This document was developed for IBM offerings in the United States as of the date of publication. IBM may not make these offerings available in other countries, and the information is
subject to change without notice. Consult your local IBM business contact for information on the IBM offerings available in your area.
Information in this document concerning non-IBM products was obtained from the suppliers of these products or other public sources. Questions on the capabilities of non-IBM products
should be addressed to the suppliers of those products.
IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. Send
license inquires, in writing, to IBM Director of Licensing, IBM Corporation, New Castle Drive, Armonk, NY 10504-1785 USA.
All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
The information contained in this document has not been submitted to any formal IBM test and is provided "AS IS" with no warranties or guarantees either expressed or implied.
All examples cited or described in this document are presented as illustrations of the manner in which some IBM products can be used and the results that may be achieved. Actual
environmental costs and performance characteristics will vary depending on individual client configurations and conditions.
IBM Global Financing offerings are provided through IBM Credit Corporation in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and
government clients. Rates are based on a client's credit rating, financing terms, offering type, equipment type and options, and may vary by country. Other restrictions may apply. Rates
and offerings are subject to change, extension or withdrawal without notice.
IBM is not responsible for printing errors in this document that result in pricing or information inaccuracies.
All prices shown are IBM's United States suggested list prices and are subject to change without notice; reseller prices may vary.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
Any performance data contained in this document was determined in a controlled environment. Actual results may vary significantly and are dependent on many factors including system
hardware configuration and software design and configuration. Some measurements quoted in this document may have been made on development-level systems. There is no
guarantee these measurements will be the same on generally-available systems. Some measurements quoted in this document may have been estimated through extrapolation. Users
of this document should verify the applicable data for their specific environment.
88