Beruflich Dokumente
Kultur Dokumente
Abstract
Video surveillance solutions based on NetApp E-Series offer the physical-security integrator
a highly scalable repository for video management systems supporting high camera counts,
megapixel resolutions, high frame rates, and long retention periods. The architecture is
designed to provide high reliability and availability to meet the demands of video surveillance
deployments.
TABLE OF CONTENTS
1 Introduction ........................................................................................................................................... 8
1.1 Publication Scope ...........................................................................................................................................8
7.2 Sizing Example 2: Larger System with Failover and RAID 10.......................................................................50
15.2 Verify Time and Reachability to Network Time Protocol Servers ................................................................149
LIST OF TABLES
Table 1) Training offerings..............................................................................................................................................9
Table 2) Key characteristics of a solution target deployment. ......................................................................................12
Table 3) Best practice network design concepts. .........................................................................................................29
Table 4) Design checklist components. ........................................................................................................................32
Table 5) Usable capacity by RAID level. ......................................................................................................................47
Table 6) E-Series disk shelves for video surveillance deployments. ............................................................................47
Table 7) Multiuse project. .............................................................................................................................................52
Table 8) Data rate and storage per camera..................................................................................................................53
Table 9) Camera assignment per server. .....................................................................................................................53
Table 10) Sizing solution. .............................................................................................................................................54
Table 11) E-Series controllers and disk shelves. ..........................................................................................................58
Table 12) Storage array global parameters. .................................................................................................................60
Table 13) Parameters specific to volume and volume group. .......................................................................................60
Table 14) Genetec Omnicast version 4.8 validation. ....................................................................................................81
LIST OF FIGURES
Figure 1) Solution component overview. ......................................................................................................................11
Figure 2) Recording server logical topology. ................................................................................................................14
Figure 3) Typical resolutions: images to scale between resolutions. ............................................................................15
Figure 4) E-Series for video surveillance. .....................................................................................................................18
Figure 5) E-Series disk structure. .................................................................................................................................20
Figure 6) DDP usable capacity. ....................................................................................................................................21
Figure 7) High-availability design. ................................................................................................................................23
Figure 8) Architectural topology overview.....................................................................................................................25
Figure 9) Cisco Nexus 3048 topology overview. ..........................................................................................................26
Figure 10) VMware vSphere networking configuration. ................................................................................................27
Figure 11) Uplink connectivity (layer 2). .......................................................................................................................28
Figure 12) Uplink connectivity (layer 3). .......................................................................................................................29
Figure 13) System requirements. .................................................................................................................................33
Figure 14) Example of throughput versus retention. .....................................................................................................35
Figure 15) Axis design tool. ..........................................................................................................................................36
Figure 16) Video stream settings. .................................................................................................................................37
Figure 17) Daylight versus nighttime data rate. ............................................................................................................39
Figure 18) OnSSI Ocularis storage configuration. ........................................................................................................40
Figure 19) 64-camera transition from 1x to 16x. ...........................................................................................................42
Figure 20) OnSSI Ocularis ES recording and archiving configuration. .........................................................................43
Figure 21) Sizing fundamentals. ...................................................................................................................................46
Figure 22) Axis design tool bandwidth estimate. ..........................................................................................................49
Figure 23) Physical and virtual machines sizing example. ...........................................................................................50
Figure 24) E-Series raw storage capacity.....................................................................................................................57
Figure 25) E2600 hardware and software components. ...............................................................................................61
Figure 26) E5400 hardware and software components. ...............................................................................................63
Figure 27) OnSSI and Milestone virtual machine layout. ..............................................................................................65
Figure 28) CPU and memory usage. ............................................................................................................................66
Figure 29) VMkernel port management network. .........................................................................................................67
Figure 30) Server management network. .....................................................................................................................67
Figure 31) Video ingress network. ................................................................................................................................68
Figure 32) vSwitch NIC teaming load balancing. ..........................................................................................................69
Figure 33) Video surveillance uplinks. ..........................................................................................................................70
1.2 Audience
This publication is intended to provide guidance to physical-security integrators, video surveillance
management software engineers, network and storage system engineers, and architects responsible for
integrating NetApp E-Series storage systems into existing video surveillance deployments or designing
and implementing new deployments.
The content in this report is presented with the expectation that these professionals can use this
information, combined with their experience and supporting documents, to build an efficient, scalable, and
highly available system.
Targeted Deployments
The targeted deployments for this introduction are large (2001,000 cameras or more) with retention
periods of at least 30 days and primarily use HDTV/megapixel resolution cameras.
Solution Benefits
NetApp E-Series provides the following benefits for large-scale video surveillance deployments:
Intuitive management. SANtricity ES software provides a graphical representation of the E-Series
storage, with an easy-to-use interface.
Ease of provisioning. All management tasks to the array are performed by SANtricity ES software
without taking the array offline.
High availability. Dual controllers mean nondisruptive controller firmware upgrades, host multipath
support, and dual paths to expansion shelves.
High performance. The E-Series controllers offer an excellent price-to-performance ratio.
High capacity. The E5400 systems support up to 1080TB of raw capacity (using 3TB disks) in an
efficient footprint.
In proprietary systems, all components are sourced from a single manufacturer. Open platform systems
allow the physical-security integrator to select the IP cameras, network routers and switches, servers and
workstations, and video management software and storage that provide the best price, performance, and
reliability to meet the specifications of the end user.
The physical-security integrator might standardize on servers and workstations, network equipment, and
storage for the majority of its business opportunities. However, networked video cameras and video
management software are often selected based on end-customer requirements. Typically the majority of
cameras are from a primary vendor, but it is common to have the cameras of several vendors
implemented in a single deployment. Additionally, analog-to-digital encoders may be used to include
legacy analog cameras. It is uncommon to see more than one video management software package
implemented in a single deployment. It is important for the video management software and the storage
array to work together seamlessly.
Element Description
High camera counts Rack space savings of up to 60% over competitive offerings can be
achieved because of the maximum storage density of the E-Series using the
60-drive 4U disk shelves.
Long retention periods Video can be maintained for months to years using the current 3TB or 4TB
NL-SAS drives, with higher TB drives available as the technology matures,
and the E-Series, combined with the video grooming technology of both
Milestone and OnSSI recording servers.
HDTV/megapixel deployments The solution is ideally suited for the increased storage demands of HDTV
and megapixel camera deployments because of the storage density and
performance of the E-Series.
High availability A deployment should be designed and validated to provide high availability
at the application, network, and storage system levels. Fault tolerance is a
key component of all video surveillance solutions.
NetApp validation testing Solutions have been validated with several video management system
software offerings, the Axis Communications megapixel network video
cameras, and the Axis virtual camera simulator. This validation incorporated
thousands of video feeds in the recording servers of NetApps video
surveillance system technology partners. Frame rates up to 30 fps from
HDTV 720p and 1080p validate the performance of the solution.
High performance This validation testing demonstrates that the E-Series has performance
capabilities to support the requirements of video surveillance workloads.
The throughput of the E-Series controllers is not the limiting factor in typical
deployments.
Serviceability Controller firmware can be upgraded without taking the storage array offline:
a feature of the E-Series duplex controllers. Additionally, power supplies,
cooling fans, and disk drives can all be replaced without system downtime.
Data protection Although RAID 5 is typically deployed in the industry, the E-Series supports
DDP and RAID levels 0, 1, 3, 5, 6, and 10.
Drive health monitoring The health of the individual disk drives is monitored, and problems can be
identified before a hard drive failure. When hard drive failures occur, the
system incorporates automatic drive failover and detection and rebuilds
using global hot spare drives or available capacity in a DDP.
Element Description
Number of cameras per The number of cameras supported per server is primarily based on the
recording server aggregate data rate of the configured cameras. However, features such as
server-side motion detection might substantially decrease the number of
cameras per server. In general, each recording server will support from
100Mbps to 600Mbps of video ingress.
Number of virtual machines As a general rule, each physical machine can support from three to four
per physical server virtual machines.
Implement Network Time An accurate time source is critical for the proper functioning of all video
Protocol (NTP) management applications. Synchronize all components (including IP
cameras) with several accurate and reliable NTP sources.
Provision hot spare drives Disk drives will fail over time. Provision the recommended hot spare
coverage. Immediately replace failed drives.
Monitor the operational state The SANtricity ES Enterprise Management window provides an overview of
of the storage array the operational health of all storage arrays in the domain. Address all
nonoptimal array conditions before they become critical problems.
Use the recovery guru Refer to the SANtricity ES recovery guru to resolve reported problems.
Provision adequate reserve As a general rule, size the system with 2030% of the reserve capacity for
capacity the target retention period. This allows increased capacity to address future
requirements.
Allow SANtricity ES to The system will attempt to provide both drawer and shelf loss protection if
automatically select drives for possible.
volume groups
Verify equal distribution of Verify that volumes are on the preferred owner for optimal balanced
volumes across controllers performance following storage array service or outages.
Implement recommended Verify that all recommended performance tuning parameters have been
performance tuning options implemented.
Conduct a network Recording servers can only archive video they receive. Any network
assessment prior to impairment between cameras and recording servers is lost video. Verify
implementation adequate bandwidth with low packet loss and reasonable latency for
transporting IP video. Third-party vendors also provide these service
offerings.
Verify that all components are This validated design implements redundancy for high availability. While
operational implementing the system, verify that all redundant network paths, power
supplies, fans, and so on are operational.
Implement RAID 6 when RAID 6 provides an extra measure of protection over RAID 5: two parity
feasible disks rather than one.
Follow proper electrostatic ESD-related component degradation might affect the long-term reliability of
discharge (ESD) protocol the system. ESD-caused degradation might not manifest into a hard outage
for months or years of service.
The video management software market is predominately based on Microsoft Windows Server 2008 R2
or later releases. Most software vendors support both NAS (NFS/CIFS) and SAN (SCSI), provided there
is acceptable read and write throughput performance.
3.3 IP Network
Video surveillance deployments require a network infrastructure that addresses these requirements:
Provide sufficient available capacity (bandwidth) to transport video
Exhibit very low/no loss of IP video packets
Feature network latency within the range suitable for the transport protocol (TCP or UDP) of the video
feed
Provide high availability through network redundancy and best practices in network design
Meet network security and services requirements
Video may be transported between endpoints using either UDP or TCP. Image quality problems (loss of
frames) can occur in both transport methods. Although TCP is a connection-oriented protocol, TCP
transport is the first to give up its bandwidth during congestion, and real-time applications such as video
might arrive too late and need to be discarded by the receiver because the playout time has passed.
Although IP networkbased video surveillance deployments share many of the same service-level
agreements (SLAs) as voice over IP (VoIP), the bandwidth requirements of video are substantially higher
than those of VoIP. Additionally, each network camera streams video over the network constantly (24/7),
whereas an IP phone uses fewer network resources unless there is an active call. Implementing network-
based video on an existing network requires network quality of service (QoS) for data, VoIP, and video.
Regardless of whether a physically separate network is implemented for video surveillance or video is
converged on an existing network infrastructure, the physical-security department or integrator must work
with the IT department to implement network equipment consistent with the existing infrastructure.
Leading network vendors, as well as leading integrators offering voice and video network implementation
services, can assist with network readiness assessments for IP video surveillance deployments.
3.7 Storage
NetApp E-Series high-performance storage systems support the following block-based storage area
network (SAN) protocols:
E5400: Fibre Channel, InfiniBand, iSCSI (10Gbps), and SAS
E2600: SAS, Fibre Channel, and iSCSI (1/10Gbps)
Video surveillance solutions have been validated with SAS host connectivity on the E2660, and the
E5460 has been validated with Fibre Channel connectivity. All components on both storage array models
are redundant, providing automated path failover. Online administration is accomplished through the
SANtricity ES management client.
The E-Series is ideally suited for video surveillance archiving because it incorporates:
High throughput. Up to 24Gbps for the E5400 controller.
Space efficiency. 60 drives in 4-RU (240TB with 4TB drives) and up to 1.48PB in 24 rack units.
Reliability. Fault tolerance and redundancy are built in; all components are hot swappable.
Maintainability. Firmware updates on one controller while the second controller handles all I/O.
The E-Series scales from one 4-RU shelf to up to six 4-RU shelves. Deployments can encompass from
hundreds to thousands of cameras, depending on the camera data rate, retention period, and available
free space for reserve capacity. The breadth of the solution is illustrated in Figure 4.
The target for E-Series storage in the physical-security market is open VMS deployments, which enable
the physical-security integrator to design a solution that provides best-in-class network video cameras,
servers, software, and NetApp storage.
The unique functionality of the E-Series storage platform makes it an ideal solution for large video
surveillance deployments that use high-resolution cameras with long retention requirements.
The number of physical disks per volume group or disk pool and the number of volumes per group or pool
are determined by the performance and sizing requirements of the video recording server and the
application software.
RAID Levels
For video surveillance deployments, RAID 5/RAID 6 or RAID 10 is commonly deployed in the industry.
The Nevada Gaming Commission standards specify that the storage array must not lose data in the event
of the failure of a single component. Although RAID 6 provides better fault tolerance because it can
tolerate two disk failures, RAID 5 is often deployed instead because of lower costs while still adhering to
the standards.
RAID 10 is typically used for best read performance when combined with solid state disk (SSD) or disks
with higher (15K) rotational speed. RAID 5/RAID 6 is used for best write performance. On the E-Series,
RAID 10 is implemented by selecting RAID 1 with four or more drives.
Some VMS vendors recommend using a combination of RAID 10 and RAID 5 in gaming deployments
where a high volume of forensic analysis occurs, during the most recent minutes or hours of video
archives. These designs use RAID 10 for the most recent archive and then, with the tiered storage
feature, move video to a RAID 5 volume group for the duration of the retention period.
This design consideration might not be required in environments that have infrequent forensic analysis or
where the performance level is such that the RAID 5 or RAID 6 volume group provides acceptable read
performance. The education market is one vertical where reviewing archived video occurs only if an
incident (for example, vandalism or altercation between students) warrants analysis of the video.
Hot Spares
Hot spares are disks that remain idle until needed. Hot spares are used in place of a failed drive, allowing
reconstruction of the data and parity across the number of drives in the volume group. Video surveillance
performance is often measured during a disk rebuild because the system is under both read and write I/O
during the rebuild process. NetApp recommends using a minimum of one hot spare per every 30 drives in
the system.
The amount of time required to rebuild a hot spare drive depends on the size of the drive and the number
of drives in the volume group and might take hours or days. DDP is a means to address the performance
penalty and length of time required to rebuild a failed drive. There are no idle hot spares when DDP is
used; spare capacity is incorporated into the pool.
For video surveillance solutions, smaller single-volume disk pools are optimal for bandwidth and provide
performance comparable to that of RAID 6 with rebuilds that are twice as fast. This is why video
surveillance management software performance testing is measured when the system has filled the
volume to capacity and is in file-deletion mode. DDP performance does not degrade like RAID 6 and is
more consistent throughout the lifecycle.
4.4 Workflow
The performance of disk systems is characterized by I/O operations per second (IOPS) and/or throughput
in megabytes per second. Network performance is measured in packets per second and throughput in
megabits per second.
Optimizing IOPS is important when the disk array is used for small random I/O operations from multiple
applications. Network packet-per-second performance is usually measured in small (64-byte) packets.
However, video surveillance deployments are more concerned with throughput performance than with
IOPS. Network video cameras generate large IP packets to the recording servers and write relatively
large records to the storage array. Because the video ingress to the recording servers is over an IP
network and the data rate is typically calculated in megabits per second (Mbps) for IP networks, many of
the tables in this document list Mbps rather than megabytes per second (MBps).
For areas of critical importance, multiple cameras with overlapping fields of view should be implemented
to maintain coverage in the event a single camera or access-layer switch fails. Multiple cameras covering
the critical area must be connected to separate access-layer switches with redundant uplinks to the
core/distribution-layer switches. The IP network must implement high-availability network design
principles, rapid convergence from link and/or switch failures, deterministic traffic recovery, and sufficient
capacity to adequately service traffic during failures.
VMS features that use local storage in the network video camera, failover recording servers, and a
redundant management server protect the availability of the video archives. Hypervisors such as VMware
ESXi have native support for link aggregation. For nonvirtual deployments, the Microsoft failover cluster
virtual adapter for Windows Server 2008 supports link aggregation.
For Fibre Channel or direct connect SAS connectivity between the server and the E-Series, dual-port
HBAs are installed that provide redundant paths to each controller. For iSCSI deployments, multiple
Ethernet NICs connecting to dual IP SANs also provide for high availability to the E-Series controllers.
The failover drivers are at the center of providing path failure recovery between server and storage array.
In general, failover drivers implement the following functions:
Identify redundant I/O paths
Reroute I/O to an alternate controller when the controller or data path fails
Check the state of paths to a controller
Provide status of controller/bus
For Windows , the failover drivers are a combination of Microsoft MPIO plus the SANtricity ES host
installation device-specific module (DSM). The E-Series supports the native multipath feature of VMware
ESXi.
Networking Example
This section discusses how the network switches provide top-of-rack connectivity to the recording servers
and integrate with the core/distribution-layer switches. A sample configuration built and tested in NetApps
RTP labs is used to illustrate the specifics of networking for video surveillance.
A sample video surveillance solution has been validated for the E2660 deployment consisting of NetApp
E-Series storage, up to four Cisco UCS C220-M3 servers, and two Cisco Nexus 3048 top-of-rack
integrated layer 2/3 switches. VMware ESXi 5.1 is installed on each Cisco UCS server. Each server is
configured with four virtual machines, each running Windows Server 2008 R2.
The Cisco Nexus 3048 switches provide the server access-layer switching infrastructure to connect the
video surveillance system to the end-customer IP network infrastructure. In most deployments, the
network video cameras and viewing workstations are connected to existing or new network routers, and
switches are installed as part of the physical-security deployment.
The IP network is a critical component in the architecture because it provides connectivity to all key
components, as shown in Figure 8.
Note: The E-Series storage arrays are connected to the network switches to provide management
access for workstations running SANtricity ES, even though the host attachment is over Fibre
Channel links or direct SAS attachment.
Each Cisco Nexus 3048 switch supports four 1/10Gbps SFP+ ports. Two ports on each switch are
configured as 10Gbps virtual PortChannel (vPC) peer links; the two remaining ports on each switch may
be used for either layer 3 (routed) or layer 2 (switched) uplinks. The tested configuration utilized one
10Gbps SFP+ Fibre on each switch for uplink connectivity and high availability.
The Cisco Nexus 3048 is a 1RU chassis with 48 10/100/1000Mbps RJ-45 ports to connect to data and
management interfaces on servers and the E-Series management ports. There are redundant power
supplies and redundant fans in the fan tray.
The Cisco Nexus 3048 enables high availability through the redundant power supplies and fans,
redundant uplinks, and the vPC feature. Either of the Cisco Nexus 3048 switches in the video surveillance
Network Interfaces
In the sample configuration tested by NetApp, each Cisco UCS C220-M3 server contains a Broadcom
quad-port Ethernet adapter. The four ports are aggregated into one logical link. This link provides video
ingress to the servers from the network video cameras. Two of the member links are connected to one
Cisco Nexus 3048 switch, and the other two member links are connected to the second Cisco Nexus
3048 switch. The Cisco Nexus 3048 switches are configured with two vPC peer keepalive links (1Gbps)
between switches and two 10Gbps vPC peer links between switches. The vPC peer keepalive links carry
only control plane traffic and are used to detect a peer failure. The vPC peer links are layer 2 trunks and
transport both the device management VLAN traffic as well as traffic for the server PortChannel interfaces
in certain failure situations.
This network topology is illustrated in Figure 9.
Note: Only one server (Server 1) is shown for clarity. All servers are similarly configured. The uplink
connectivity is shown later in this document.
In addition to the video ingress VLAN, a device management VLAN is configured to provide management
connectivity for the E-Series management ports; a Cisco integrated management controller port for
physical server management; an ESXi VMkernel management network port; and a guest operating
system management network port for SSH, Linux X-terminal, or Windows remote desktop connection
connectivity.
Given this assumption, the end-customer core/distribution switches must be configured to provide layer 2
and layer 3 features to support a video surveillance solution. These features include:
Primary and secondary root spanning-tree bridge (rapid spanning-tree protocol [RSTP])
Ethernet switch virtual interfaces (SVIs), for example, interface VLAN for video ingress and
management VLAN
Hot standby router protocol (HSRP) or virtual router redundancy protocol (VRRP); virtual IP
addresses for the video ingress and management VLAN
As part of the installation and implementation process, verify the high-availability configuration of the
design by alternately reloading the Cisco Nexus 3048 switches and validating connectivity and recovery.
VLAN 1 In many deployments, VLAN 1 spans multiple switches and is not bounded by pruning
from trunk ports between switches. Ports in this deployment are not assigned to VLAN
1, and the VLAN 1 SVI is shut down.
VLAN 2 unused In the sample topology, VLAN 2 is defined and configured for all unused ports on the
ports switches. VLAN 2 is not permitted on trunk ports. If a rogue user attaches to a switch
port that is unused, the connected device will not have ready access to the network
outside the local switch. Additionally, it is recommended to disable unused ports.
VLAN 3 native VLAN 3 is designated as the native VLAN for this deployment. A native VLAN is the
VLAN untagged VLAN on an 802.1q trunked port. The native VLAN in this topology is only
configured on trunked ports. VLAN 3 has no edge ports.
VLAN 58 virtual VLAN 58 is designated as the vPC peer keepalive VLAN. A PortChannel 58 interface
PortChannel peer and SVI interface are configured on both switches with two 1G member ports. An IP
keepalive VLAN network address is assigned to the SVI interfaces and used as the source and
destination IP addresses for vPC keepalives. The switch management interface
(mgmt0) is not used for vPC keepalives, allowing the end user to connect the
management interface to other devices in the network topology to manage the switches
out of band.
VLAN 2020 video VLAN 2020 is designed to transport IP video surveillance network traffic from video
ingress surveillance cameras to the recording servers. The video management software
management server virtual machines are also assigned interfaces on this VLAN. Each
ESXi host has four 1Gbps Ethernet aggregated lines configured on a virtual switch and
connected to a PortChannel on the 3048 switches with four member ports. Two of the
four links are attached to each 3048 switch and are associated by a common vPC
number.
Virtual A vPC allows links that are physically connected to the two Cisco Nexus 3048 switches
PortChannel to appear as a single PortChannel to a third device. The third device in the deployment
is the Cisco UCS C220-M3 servers with quad-port Broadcom Ethernet adapters.
Additionally, if the deployment utilizes layer 2 uplinks, these are also configured as
vPCs.
Virtual The vPC peer link is a PortChannel with two 10Gbps member interfaces, per Cisco best
PortChannel peer practices. The vPC peer link carries control traffic between two vPC switches, multicast,
links broadcast, and in some instances unicast traffic.
PortChannel load The default PortChannel load-balancing hash uses the source and destination IP to
balancing determine the load-balancing algorithm used across the interfaces in the PortChannel.
The default configuration will be suitable for most deployments. This load-balancing
algorithm may be changed as required.
Routed server This configuration illustrates using either layer 2 or layer 3 uplinks to the network core.
access layer Layer 3 features require additional license files to be purchased and installed on each
switch. The vPC is part of the system default license. The base license (N3K-BAS1K9)
includes limited layer 3 and IP multicast and has some application in video surveillance
deployments. The LAN enterprise license (N3K-LAN1K9) includes all the layer 3 routing
features plus virtual routing and forwarding lite (VRF-Lite).
Installing the LAN enterprise license on the video surveillance solution switches allows a
more defined demarcation between the system and the core/distribution network
switches. The same VLAN numbering scheme can be used on all switches because of
the layer 3 demarcation. Troubleshooting network connectivity problems might also be
easier because the default gateway addresses (HSRP virtual addresses) are configured
on the 3048 switches and not on the network core/distribution switches. The layer 2
spanning-tree domain only encompasses the two Cisco Nexus 3048 switches.
As a best practice, NetApp recommends implementing a routed access layer. For more
information, see High Availability Campus Network DesignRouted Access Layer using
EIGRP or OSPF.
Hardware Recommendations
At a minimum, the viewing workstation and recording servers must meet the minimum hardware
requirements of the video management software vendor. For example, OnSSI lists its hardware
recommendations at http://www.onssi.com/hardware-recommendations. These are usually general
recommendations, for example, dual-core Intel Xeon (quad core recommended) or Intel Core i5 or
better, rather than specifying an exact model or clock rate. CPU specifications change too frequently and
have far too many derivations for exhaustive testing of each model.
CPU
In validation testing, CPUs that are tested have ranged from Intel Xeon E5504 at 2GHz with two
processor sockets with four cores per socket for a total of eight processors to Intel Xeon E5-2690 at
2.90GHz with two processor sockets with eight cores per socket for a total of 16 processors. Given that
both these configurations meet the minimum hardware recommendation, from a design standpoint the
difference will be the number of cameras that can be supported per recording server. Or alternately, the
CPU utilization will be higher for the same number of cameras with the lower performing CPU than the
higher performing CPU.
One advantage of deploying recording servers as virtual machines is the ability to take advantage of
unused CPU cycles by adding recording server virtual machines to a physical machine to more fully utilize
CPU cycles. Although there might be additional costs associated with licenses for the hypervisor, these
costs might be offset by more efficient use of resources.
Server Manufacture
For solution validation testing, Cisco UCS C220 M2 and M3 rack servers as well as Fujitsu PRIMERGY
RX300 S6 servers have been used.
One advantage of selecting a preferred system from the same manufacturer is the support synergy. Each
manufacturer has its own management interface; for example, Fujitsu ServerView Remote Management
iRMC or Cisco integrated management controller is used for management and monitoring of the system.
Implementing systems from multiple vendors means additional support costs associated with learning
multiple management interfaces.
Memory
In validation testing, memory is not a limiting factor. 4GB to 8GB of RAM per recording server is sufficient,
as recommended by the video management software.
Video management The architecture of the VMS determines the workload requirements of the storage
system software array.
End-user Systems implemented for public sector deployments might have dramatically different
requirements workloads. Deployments with a high percentage of viewing video might require more
servers and different volume layouts than systems with little forensic review of video.
Local support This refers to the geographical location and local support staff. Readiness of on-site
support staff might determine the number of hot spare disk drives or influence the
decision to deploy traditional volume groups or DDP.
High availability The costs associated with download or video loss might be more of a consideration in
some deployments than others. Implementing a highly available design mitigates
outages, but increases the cost and complexity of the deployment.
Host interface The number of servers required influences the choice of host interface to the storage
considerations array. Direct connect serial-attached SCSI (SAS) provides high throughput but is
limited by distance and scalability. Fibre Channel is costlier, but provides high
throughput and reasonable cabling flexibility. iSCSI provides acceptable throughput at
low interface costs and has no practical distance limitation.
Retention The video retention policy is a key component to sizing the system and has a direct
requirements influence on the performance characteristics of the system.
Network The additional network routers and switches required to support the implementation
requirements must address the high-availability requirements, the type of host interface connectivity
(IP SAN requirements), and the readiness of the existing customer network. Video
that is lost between camera and server is never archived.
5 Sizing Fundamentals
Video surveillance solutions based on NetApp E-Series provide performance, efficiency, and reliability
with enterprise-class support for large-scale video surveillance deployments. The solutions can utilize the
NetApp E-Series storage array in an E5460 configuration or an E2660 configuration. This section
addresses sizing guidance for both deployment models.
There are both an absolute limit and a practical limit to the amount of storage allocated to an individual
recording server. Additionally, factors such as network interface capacity and CPU, memory, and
application performance limit the number of cameras per recording server. In most video surveillance
deployments, the performance characteristics of the E-Series controllers meet or exceed the
requirements of the video management application. All video management systems reach a steady state,
where video archives are deleted at the same rate that new video files are added to the storage array.
NetApp recommends a retention period that meets or exceeds the applicable policy.
5.5 Cameras
The number of cameras and the configured resolution, frame rate, codec type, compression factor, and
image complexity must be determined to estimate the aggregate video data rate and the amount of
storage required. Most camera manufacturers provide a design tool to estimate the data rate and storage
requirements based on the camera model and specified values. Figure 15 illustrates an example of one
such tool.
For more information on the Axis design tool, refer to the Axis website.
These tools provide only an estimate. The results might vary and should be verified through field trials run
by the physical-security integrator.
The total number of cameras at a specific location is a function of the physical-security requirements of
the site and how the security integrator plans to address these requirements. The total population of
cameras will encompass a variety of camera models, and in some cases the cameras might be from
different manufacturers. The integrator can select from several types of cameras, including indoor or
outdoor cameras; fixed or pan, tilt, zoom (PTZ); and tamper-proof or vandal-proof dome cameras. From a
sizing perspective, the type of camera is not important, but the resolution and number of channels (video
feeds) from each camera are important.
When the total number of cameras is determined, they need to be further categorized by the resolution.
Resolution
There are a wide variety of resolutions available in the video surveillance camera industry. They are
distinguished by these categories:
Analog video (NTSC/PAL): 4CIF is commonly used: 704x480 pixels or 0.4 megapixels
Video graphics array (VGA) to XVGA: 640x480 pixels to 1024x768 pixels up to 0.75 megapixels
Megapixel SXGA to QSXGA: 1280x1024 pixels to 2560x2048 pixels or 1.3 to 5.2 megapixels
High-definition television (HDTV): 1280x720 pixels and 1920x1080 pixels or 0.9 to 2 megapixels
E-Series storage is ideal for HDTV and megapixel resolution deployments because of the high density
and performance characteristics of the E-Series. For new installations, HDTV/megapixel cameras are the
preferred choice over standard definition (SD) cameras. Although the purchase price of a
HDTV/megapixel camera is slightly more than that of an SD camera, the installation cost is the same. The
total cost of cameras and installation might be less for HDTV/megapixel deployments over SD cameras,
because fewer cameras are required to effectively cover an area.
Video surveillance camera models are selected to meet a functional requirement. These requirements are
classified as detection, recognition, and identification. There are industry guidelines for the number of
pixels per foot required to address each category. Detection has a lower resolution requirement than
identification. One HDTV/megapixel camera might provide sufficient resolution to meet the pixel-per-foot
requirements, whereas earlier multiple SD cameras would need to be deployed.
An HDTV/megapixel camera can also be an SD camera, an HDTV format camera, or a megapixel format
camera. The Axis M3204 camera can be configured for HDTV format (1280x720 resolution, 16:9 aspect
ratio), megapixel resolution WXGA (1280x800 resolution, 16:10 aspect ratio), or VGA (640x480, 4:3
aspect ratio) resolution.
NetApp recommends HDTV/megapixel cameras for new deployments.
Frame Rate
The configured frame rate of the network video cameras also must be determined to accurately estimate
the required storage capacity. Frame rates in the gaming industry are specified by regulations and are
required to be 30 frames per second. Common frame rates for other industries are 7 to 12 frames per
second or less. Cameras positioned at cash registers and teller stations usually require at least 12 to 15
frames per second. In school or office hallways, 5 frames per second are usually sufficient. Parking lots
and other overview scenes for detecting cars, people, or objects often require only 1 to 3 frames per
second.
Cameras positioned with horizontal movement across the field of view or with high-speed movement
(highway intersections, for example) generally require higher frame rates than scenes with vertical
movement or slow-moving people or objects. As a reference, motion pictures (35mm sound film) have
traditionally used 24 frames per second. The human eye begins to notice choppy motion below 16 to 18
frames per second.
The specified frame rate greatly influences the network bandwidth and storage requirements. In addition
to categorizing the cameras by resolution, now frame rate is also added to the equation.
NetApp recommends using a frame rate that meets the regulatory or functional requirements of the
camera.
Compression Ratio
The compression ratio is a configurable value on the network video camera that specifies to what factor
the image is reduced before transmission to the recording server. A 10% value indicates little
compression, and a 90% value indicates a high degree of compression. The process of compressing the
image is known as quantization. In video image processing, this is implemented as lossy compression,
meaning details are lost to reduce the size of the image. Selecting a high value might result in an image
with compression artifacts or pixelization. An appropriate value depends on the scene complexity,
lighting, shapes of objects, and colors in the scene. Values of 30% to 50% are common.
NetApp recommends leveraging the recommendations of the camera manufacturer and experience of the
system integrator when selecting an appropriate compression ratio.
It is important to accurately estimate the selected scene complexity because it greatly influences the
bandwidth and storage required. In some cases, the storage required for a scene at night might be 60%
higher than during the day. Physical-security integrators use infrared (IR) illuminators to provide additional
light in low-light environments. The use of IR illuminators minimizes video image noise and the resulting
increase in bandwidth and storage.
NetApp recommends using VBR for H.264/MPEG-4 and accurately estimating the scene complexity and
percentage of motion.
Audio
Most network video cameras also support an audio channel. The network bandwidth and storage required
for audio are minimal compared to video. When sizing, estimate approximately 30Kbps if the audio
channel is stored with the video.
Alternately, the Ocularis CS feature set has an absolute limit of 64 cameras per recording server, and the
live recording volume is limited to seven days of recordings. Each recording server is configured
independently; there is no central management feature.
The selection of the appropriate VMS and feature set is a collaborative effort between the video security
integrator and the end user. Regardless of the VMS software package selected, any performance or hard
limitations of the number of cameras per server or absolute size of volumes must be assessed to
accurately size and configure the storage array.
Video Walls
Video walls are one or more client workstations and monitors used for displaying video in a control room
setting. Video can be pushed to the workstation running in a video wall mode and might also display
video as the result of triggered events. From the sizing perspective, video displayed on a video wall
requires the same amount of throughput as a client-viewing workstation.
In this example, the average data rate increased from approximately 140Mbps (2.2Mbps per camera) to
400Mbps (6.2Mbps per camera) when transitioning from 1x to 16x playback. Note that the data rate
increase is not a linear relationship; a 16x speed increase increased the I/O rate by a factor of 3x.
The performance characteristics associated with the forensic capabilities of the VMS-viewing client are
implementation specific and might vary between releases. Both video walls and client-viewing
workstations affect the performance characteristics of the storage array but not the capacity required of
the storage array. Investigative activities by the client workstations and incident reporting files might need
to be considered when sizing the storage array.
In the example, both maximum size and retention time are configurable. Files in the recording directory
are moved to the archive directory when the files are over 24 hours old. The archive process runs every
hour. They are stored in the archive directory for seven days and then deleted.
Drive letter J: is mapped to a RAID 5 volume group with 10.913TB of capacity. The recording server will
not use all of the available capacity on drive J: because of the maximum size parameters specified on the
recording (1.95TB) and archive (5.86TB) configuration. This configuration can use up to 7.81TB of the
10.913TB available, or approximately 72%.
Using a DDP for failover volumes provides a RAID 6 level of protection and inherent hot spare coverage
with an efficient use of disk drives.
If all the cameras in the deployment are configured identically, the data rate is the same for all cameras,
and the discussion can be simplified as a number of cameras per server. Each server has the same
number of cameras, with the resulting data rate at or below the specified maximum for the server. An
example of this sizing methodology is described in examples later in this document.
The VMS vendor documentation should provide a recommendation for performance and scalability. The
number of cameras supported per server is a function of the version of the VMS system, the performance
characteristics of the server, and the average data rate of the cameras.
Many video surveillance deployments, however, encompass a variety of camera models at different
resolutions, frame rates, compression ratios, and image complexities. In such deployments, the sizing
exercise becomes more complex due to the increased number of variables.
Number of Dynamic Disk Pool RAID 6: 3TB RAID 5: 3TB RAID 10: 3TB RAID 10: 900GB
Disks (RAID 6): 3TB
2 2794.019GB 837.863GB
3 5588.039GB
5 8382.059GB 10.914TB
7 13.642TB 16.371TB
9 19.099TB 21.828TB
RAID 10 or disk mirroring and striping are configured by selecting RAID 1 with four or more drives. The
usable capacity of a 3TB drive is 2794.019GB. The gray cells in the preceding table are unsupported
selections.
The maximum number of disk drives in a volume group is 30. The minimum number of drives in a DDP is
11; the maximum number of disks in the pool is the total number of drives in the array.
After calculating the number of disks required supporting the volumes (LUNs) required for all servers in
the deployment from Table 5, use Table 6 to determine how many controller shelves and expansion
shelves are required.
Controller shelf 1 1
7 Sizing Examples
This section illustrates several sizing scenarios. They increase in complexity to show various situations
and how they may be sized by the video surveillance integrator.
This profile uses 30-day retention, recording 24 hours per day at 12 frames per second, and 1080p
resolution with H.264 at 50% compression. The image complexity scenario is a schoolyard. Note that this
deployment requires approximately 0.5TB per camera per month.
Given this estimate, each server requires a volume (LUN) capable of storing 28.4TB. Referring to Table 5,
configuring a 14-disk RAID 6 volume (LUN) provides 32.7TB of usable space. This provides a margin of
14% free space (28.4/32.7).
When SANtricity ES is used to configure one 14-disk RAID 6 volume per volume group, the volume
summary and array summary for the storage array would be as follows:
PROFILE FOR STORAGE ARRAY: stle2660-33_34 (Tue May 21 11:00:31 EDT 2013)
SUMMARY------------------------------
Number of drives: 60
Mixed drive types: Enabled
Current media type(s): Hard Disk Drive (60)
Current interface type(s): Serial Attached SCSI (SAS) (60)
There are 56 disks in use with four hot spares. This example does not include volumes (LUNs) for failover
recording servers or centrally stored video clips (bookmarks).
In this sizing example, the assumption is made that a single camera model is deployed with the same
image complexity, frame rate, and compression factor. Because there is consistency in the video ingress
The proposed camera configuration is Axis models M3204 and P1346 at an HDTV resolution of
1280x720 with H.264 encoding and RTP/UDP transport, 12 frames per second with 30% compression.
As a point of reference, the Axis design tool estimates the intersection (night option) image complexity for
an M3204 in the planned configuration to be 1.3Mbps, requiring 448.2GB for 31 days of retention.
Changing the image complexity to reception area (night option) results in an estimated 726Kbps
(231.8GB for 31 days of retention).
Because of this accommodation for the failover volumes, the physical-security integrator should define
cameras with lower data rates to the smaller archive volumes if possible.
The Ocularis base machine has a volume (LUN) for bookmarks, which is a central repository for long-term
storage of video clips. Given these assumptions, the physical-security integrator has configured the
storage array with 26 standard volumes in the following configuration:
PROFILE FOR STORAGE ARRAY: stle2660-33_34 (Thu May 21 15:47:28 EST 2013)
STANDARD VOLUMES------------------------------
This configuration has 8 unassigned 3TB drives that can be defined as hot spares. The volume groups
utilizing the 900GB 10K RPM drives have 10 drives defined as RAID 10, with a total capacity of
4189.314GB. There are up to four 1TB volumes defined in these volume groups.
During the burn-in phase of the implementation, the physical-security integrator sampled and averaged
the data rates from the switch ports supporting the cameras and from the PortChannel (EtherChannel) to
each physical server. The results are shown in the following tabulation:
Server 1 Stlc220m3-9:
RACK-SVR-10 OnSSI Ocularis Base
RACK-SVR-11 OnSSI Ocularis Manager
RACK-SVR-12 failover recording server
RACK-SVR-13 failover recording server
The highest aggregate data rate is on physical server 4, on which all virtual machines have the 32.742TB
volumes (LUNs). The 28TB volumes (LUNs) are defined to the three virtual machines on physical server
2 and one virtual machine on physical server 3.
During the implementation phase of the project, as a best practice, camera data rates should be
monitored, and cameras should be migrated between recording servers to allocate the load as equally as
practical. When the retention period has been reached and the VMS has begun to groom files, the
physical-security integrator must verify that the desired retention period is being met or has been
exceeded.
Based on the recommendation of the VMS vendor and the experience of the physical-security integrator,
four virtual recording servers are deployed on two physical servers. Each physical server will have two
failover server virtual machines. In the event one physical machine fails, the failover virtual machines will
recover the video streams from the failed server.
In Table 8, the aggregate data rates and storage are shown on a per-camera basis. This data is used to
determine the storage required per server.
Camera Model Data Rate per Camera Storage per Camera for 30 Days
of Retention
The cameras are distributed across the four virtual machines as shown in Table 9. Based on the values in
Table 8, the storage requirements of the number and type of camera are calculated and listed in the
minimum storage required column. This column includes the assumption of 20% free space per volume
(LUN).
This configuration uses a total of 56 drives, and the four remaining disks can be provisioned as hot
spares.
Because this exercise maintains a minimum of 20% free space when selecting the number of drives per
volume group, the actual amount of free space per volume (LUN) approaches 30% because it is rounded
up to the next number of disk drives.
8 Sizing Checklist
The following checklist describes the data that must be collected and analyzed to determine the capacity
requirements of the implementation for accurate solution sizing.
Item Comments
Retention period Determines the required minimum retention period of the organization.
Reserve capacity Estimates how much additional capacity should be allocated in excess of the
minimum retention period (for example, retention period plus 20%).
RAID level Determines what RAID levels are required (for example, RAID 5 or RAID 6).
Disk characteristics Determines the size and type of disks (for example, if 3TB NL-SAS or 900GB
10K RPM disks are required).
Volume limitations Analyzes file system limitations of the video management system or operating
system (for example, the Linux 16TB volume limitation).
Data rate per camera Estimates the data rate expected for each type of camera deployed.
Number of cameras Determines the total number of cameras and categorizes them by like data
rates.
Frequency of viewing Determines the frequency, number of concurrent cameras, or video streams
being viewed and the number of client-viewing workstations.
Failover requirements Determines if failover recording servers will be implemented, how many
servers, and the size of the volumes required per server.
Cameras per recording Estimates the number of servers needed for the specified cameras and the
server resulting data rates.
Number and size of volumes Determines the size and number of volumes per recording server based on
per recording server the VMS requirements, retention period, and reserve capacity.
Calculation of total disks Calculates the number of physical disks required based on the volume sizes
required per recording server and number of recording servers.
Additional volumes required Determines if nonrecording volumes are required and what capacity (for
example, bookmark volumes).
Disk shelves required Determines the number of disk shelves required based on the total number of
disks required.
9 Performance Considerations
This chapter discusses the video surveillance storage product selection and performance evaluation and
provides results, recommendations, and conclusions that can be used as design parameters when
planning and implementing the solution.
9.1 Overview
The primary objective of a video management recording server is to receive video feeds over an IP
network from video surveillance cameras and record all or portions of this video content to disk for a given
retention period. The workload for this function is primarily a write I/O at a relatively constant data rate on
a server-to-server basis.
The secondary objective is to allow surveillance operators to view, search, and analyze the video written
to the archive of the video server. This workload is primarily read I/O at a rate that might be substantially
higher than the rate at which it was originally written. This workload might be infrequent and transient and
depends on the deployment model. For example, public school deployments might only view recorded
video once or twice per week, whereas gaming deployments will utilize scores of operators to
continuously analyze activities on the casino floor.
A tertiary workload is the management of the video files by the VMS. Video files are deleted when they
exceed the configured retention period or if the volume reaches the minimum free space, which is a
configurable parameter. Some VMS implementations write video feeds to a temporary directory for a few
minutes and then copy these files to a permanent directory. Other implementations store the first 24
hours of video in a live directory location and then move these files to one or more archive locations on a
configurable, periodic basis.
The three video workloads are:
Recording
Viewing
Virus-Scanning Software
Virus-scanning software might have a negative effect on performance because of the system resources
consumed, and the software might temporarily lock files during scanning. These file locks might affect
performance or cause file corruption. Do not use virus scanning on recording or archiving directories of
the recording servers and on the management servers in general.
The E5460 and E2660 are sixth-generation storage arrays that include patented mechanical engineering,
providing dense, scalable, and highly reliable bandwidth and capacity. The disk controller firmware
supports an optimal mix of high-bandwidth, large-block streaming and small-block random I/O.
Controllers. The controller for this solution is the E5460 or E2660. The E5460 is targeted at FC
deployments, and the E2660 target deployment is direct SAS attachment. The solution deploys dual
controllers for high availability. All components of the E-Series are hot swappable; firmware upgrades
can be completed while the system is operational. Both controllers have a data path to all shelves
and drives in the array. Both controller models deploy cache memory for read and write buffering.
Disk shelves. The DE6600 is a 4rack unit (RU) shelf holding up to 60 3.5 4TB NL-SAS drives.
The E5460 configuration can support the controller shelf plus 5 expansion shelves for a total of 360
drives. The E2660 can support the controller shelf plus 2 expansion shelves for a total of 180 drives.
Using 4TB drives, this gives a total raw capacity of 1440TB and 720TB, respectively. This is
represented in tabular format in Table 11.
Controller shelf 1 1
Data Assurance
Data assurance is a configuration option supported on certain disk drives. It adds a checksum to every
block of data written to the volume. The feature incurs a performance penalty, which might be acceptable
for some applications, but is considered unnecessary for most video surveillance applications.
Cache Mirroring
NetApp recommends that the value of cache mirroring be set to disabled. Cache mirroring effectively
decreases the available cache by 50%, because I/O is mirrored on both controllers. Cache mirroring
incurs a performance penalty for the mirror operation, in addition to the reduction of available cache.
Because the failure of a controller incurs a loss of video recording for seconds to minutes regardless of
the value of cache mirroring, NetApp advises that cache mirroring be disabled.
Cache Flushing
The E-Series manages the pool of cache based on demand and time. Cache is used for both read and
write I/O. By default, the cache blocks containing write I/O are flushed at 10 seconds or more frequently if
the cache gets filled. The demand parameter is a high-/low-watermark value that NetApp recommends to
initially be at 80%. These values instruct the algorithm to attempt to maintain the cache utilization at 80%.
Media Scan
The media scan feature provides error detection before the condition disrupts read and write activity to
the disk. NetApp recommends enabling this feature with a frequency of 30 days and recommends
disabling redundancy check. This option is configured on a volume-by-volume basis. If errors are
detected, the condition is recorded in the event log for storage administrator action.
Note: As of February 2013, Genetec Omnicast, Verint Nextivia, OnSSI Ocularis, and Milestone
XProtect video management software applications have been tested on the E-Series (both E2600
and E5400).
The designation of 128, 384, and 640 cameras is based on an estimate of 64 cameras defined per
recording server virtual machine. The number of cameras might be more or less depending on the data
rate from the camera, the performance characteristics of the application, and what features are enabled.
These virtual machines are identified in Figure 27 by the green rectangles with the word recorder. The
physical machines are identified by gray rectangles. The failover recording servers are identified by
yellow rectangles designated as Failover. The blue rectangles are management virtual machines required
by OnSSI Ocularis and Milestone XProtect.
For example, the top server in the 640-camera configuration has four virtual machines, each recording
video streams from up to 64 network video cameras. If that physical machine fails, there are four failover
servers available on the remaining three physical machines to continue recording the cameras of the
failed server.
Note: Given this design, there will never be more than three physical machines recording video feeds to
the storage array at one time.
The CPU utilization is generally approximately 15% of 16 CPUs (clocked at 2.4Ghz), and memory
utilization is approximately 50%. Each of the four virtual machines is allocated 8GB memory. This
physical server is recording video from 144 cameras with the configuration shown in the section
Performance Validation of Tiered Storage: 30 fps at 720p resolution.
These servers meet or exceed the hardware recommendations for:
OnSSI Ocularis base machine and RC-E recording server. Refer to www.onssi.com/hardware-
recommendations.
Milestone XProtect Corporate minimum system requirements. Refer to
www.milestonesys.com/SharePoint/XProtectCorporate/5_0/Specification%20Sheet/XPCO50_SpecSh
eet_V1.pdf.
The virtual machines are configured to meet or exceed the recommended video management software
hardware specifications. As shown in Figure 28, sufficient CPU and memory are available to support the
guest machines; there is no expectation of any performance limitations based on CPU and memory for
the video surveillance solution.
The number of cameras supported per recording server is a function of the capabilities of the software,
the configuration and data rate of the network video cameras, and other features such as server-side
motion detection.
Because these interfaces are used for server management traffic, the performance implications are
minimal.
Note: When implementing recording servers with failover servers, the failover servers must
communicate with the management server and the recording servers. There are both control
The video ingress network is deployed using the virtual PortChannel feature with two links connected to
each Cisco 3048 switch. The two Cisco 3048 switches are configured with the virtual PortChannel (vPC)
feature, providing layer 2 multipathing and high availability in the event of a switch failure.
Each physical server has a Broadcom quad-port adapter with a combined link capacity of 4Gbps. As
much as practical, the ingress video traffic should utilize at least two of the four links. Following
implementation of the network video cameras, the degree of load balancing should be verified. An
example of this process is described in the section Verify Cisco Nexus 3048 Switch Load-Balance
Configuration.
The vSphere vSwitch NIC teaming properties for VLAN_2020 load balancing should be selected and
configured as Route based on IP hash. This is shown in Figure 32.
When implementing OnSSI Ocularis or Milestone XProtect in the video surveillance solution, there are at
the most four virtual recording servers per physical machine. Assuming 64 network video cameras per
virtual machine at an average data rate of 2Mbps, the maximum expected video ingress data rate per
physical machine is (4 x 64 x 2) or 512Mbps (0.5Gbps) per EtherChannel.
Assuming two of the four member links in the EtherChannel are utilized for ingress video traffic, the
maximum capacity of these member links is 2Gbps with an expected offered load of approximately
512Mbps. In solution validation testing, three of the four member links failed, with all video ingress traffic
traversing the one remaining link, with no loss of video.
The video ingress network configuration should not be a potential performance bottleneck to the solution.
10.7 Uplinks
The video surveillance storage solution using E2600 has been validated using two Cisco 3048 top-of-rack
server access switches. The Cisco Nexus 3048 switch has 176Gbps switching capacity with a forwarding
rate of 132mpps and line-rate traffic throughput (both layer 2 and 3) on all ports. The switch configuration
implements the vPC feature for high availability. These switches connect to customer-supplied
core/distribution-layer switches for transporting ingress video traffic from the network video cameras and
provide access to viewing workstations for monitoring live or browsing archived video.
As a best practice, the video surveillance storage solution using the Cisco Nexus 3048 switches must
have at least two uplinks for high availability. If the uplinks are layer 2 interfaces, they should be
configured as layer 2 trunked PortChannels connected across two physical switches and configured as a
virtual switch. If the uplinks are configured as layer 3 interfaces, each interface can be connected to a
layer 3 switch, and a routing protocol such as Enhanced IGRP (EIGRP) or Open Shortest Path First
(OSPF) is used for load sharing and path redundancy. The Cisco Nexus 3048 switch supports both layer
If properly provisioned and implemented, the network uplinks should not be a potential performance
bottleneck to the solution.
For additional information on campus LAN design, refer to the Cisco Design Zone for Campus. There also
is a Webinar on Campus LAN Design for Converged Facility.
11 Performance Validation
This section addresses these distinct performance signatures:
Validation of baseline performance: serial attached SCSI (SAS)
Video recording and viewing
Tiered storage
Archiving function
Record function
I/O latency
Note: The maximum throughput for the storage array is reported as 1426.2Mbps, or approximately
11Gbps.
These performance results are not intended to correlate on a volume-by-volume basis with what is
observed with a VMS package implementation. However, the same virtual machine layout, live recording
volume (LUN), and archive recording volume (LUN) that were used in this test would be deployed for
OnSSI Ocularis or Milestone XProtect.
The storage array total is 647.2 maximum I/O/second with a throughput maximum of 116.4MB/sec or 931
Mbps. This workload is slightly under 1Gbps, which is approximately 1/10 the throughput demonstrated
using the IOMETER test tool in the previous section.
To summarize, the E-Series storage array deployed in the video surveillance storage solution has
approximately ten times the throughput capabilities required to record live video in this validated
deployment.
In section 11.3, changes to the workload changes are examined when the archive function is used, which
is a tiered storage implementation.
The recording volume (LUN) is 1TB in size, and video recordings over 12 hours old are moved to the
archive volume (LUN) hourly, at the top of the hour. The archive volume is configured for 30-day
retention, but as shown previously, the video files will need to be deleted after approximately 22 days at
the observed data rate.
Given that the SANtricity ES custom installation with the utilities has been installed on the virtual machine,
the LUN numbers of the two volumes can be determined by executing the smdevices command as
shown:
C:\Program Files (x86)\StorageManager\util>smdevices
SANtricity ES Storage Manager Devices, Version 10.00.30.24
Built Tue Aug 28 04:07:49 CDT 2012
Copyright (C) 1999-2012 NetApp, Inc. All Rights Reserved.
As a best practice, the volume names represent the function of the volume (LUN). It is obvious that the
function of the recording (live) volume is LUN 16, and the archive volume is LUN 6.
Because the testing is done in a VMware ESXi environment, VMware performance analysis tools can be
used. Use the VMware vSphere client to highlight the physical server and select the performance tab,
chart options, and storage path in real time. All HBA storage Cisco Nexus switches are selected, and the
read and write rate parameters are checked. The write rate for the active path of LUNs 6 and 16 can be
selected to highlight these lines in the graph. These values represent the write data rate for the two LUNs
encompassing the archive function beginning at the top of the hour. This graph is shown in Figure .
The write data rate to the recording (live) LUN 16 is a constant rate at a maximum write rate of
24,530KBps (196Mbps), whereas the archive LUN 6 is active for approximately 30 minutes and reaches a
peak write rate of 63,723KBps (509Mbps).
An additional observation from reviewing the graph is that the write rate varies more during the archive
function, due to the increased I/O and workload on the recording server during the archive.
This example represents 480 cameras recorded across ten recording servers. Each camera is 720p
resolution, 30 frames per second, 30% compression H.264 in UDP/RTP transport. The performance
monitor table illustrates data being read and written to the recording LIVE volumes. This represents the
normal ingress video feeds being written while the read workload is the process of moving files from the
recording volume to the archive volume. Accordingly, the write percentage is almost 100% on the archive
volumes, and the read percentage of the live volumes is in the 80% to 90% range.
This period of time when the archive process is active represents the worst case load on the storage
system due to the tiered storage configuration of the video management application.
In this example, the maximum I/O per second is 4,158, with a maximum data rate of approximately
6.2Gbps. Actual application throughput performance maximum during the worst case load is slightly over
half of the storage arrays theoretical maximum.
Given the workload of an actual deployment using Milestone XProtect, the E-Series storage array
exceeds the application performance requirements.
One key concept derived from this chart is that average latency does not provide a useful metric when the
range includes both the top half and bottom half of the hour. The workloads are very different during
those two time periods, and therefore the average latency value is skewed.
However, the chart shows the maximum latency, and for both LUNs 6 and 16 the reported write latency
value is less than 50ms. During this interval, no buffer overflows representing frame loss were reported in
the XProtect manager system log. Given this validation, it is seen that the E-Series latency performance
is well within the partner specifications for latency under a real-time workload.
Both DDP and traditional volume groups are configured for the archive volumes (LUNs).
The graph in Figure illustrates the write latency and write rate before, during and after the scheduled
archive with grooming.
Figure 41) Recording latency and rate for DDP archive volume.
In this example, the maximum write data rate observed is approximately 80Mbps, and the write latency is
in the 12ms range, with a maximum latency of 56ms. From these observed data rates, it can be
concluded that the additional CPU workload of the grooming process reduces the data transfer rate
between the recording and archive volumes (LUNs) when compared to tiered storage configuration,
which does not implement grooming.
Enabling server-side motion detection increases the workload of the recording server, effectively reducing
the effective throughput.
14 Software Releases
NetApp tested various VMS applications as previous described. This chapter lists the software releases
for components that were used in the solution validation at the time of this testing and provides a link to
all the caveats identified by the validation.
Network Related
Server Related
Operating system (video management applications) Windows Server 2008 R2 SP1 64-bit Standard
(6.1.7601)
Optional
Loopback IP addresses and netmask
L3 uplink IP addresses and netmask
EIGRP process tag, AS autonomous system, hello interval, and hold time
License files
Figure 42) Cisco Nexus 3048 switches console and management interfaces.
To set up Cisco Nexus 3048 switches 1 and 2, complete the following steps:
1. Power on the switch.
2. Use HyperTerm or another terminal emulator configured and attached to the console, using these
settings: 9600 8 none 1 with flowcontrol hardware.
3. Run these settings for the initial setup of each switch, substituting the appropriate values for the
switch-specific information as follows:
Abort Power On Auto Provisioning and continue with normal setup ?(yes/no)[n]: yes
Would you like to enter the basic configuration dialog (yes/no): yes
Create another login account (yes/no) [n]:
Configure read-only SNMP community string (yes/no) [n]:
Note: It is assumed that the management ports of both switches are connected to the customer
management network.
Software
BIOS: version 1.2.0
loader: version N/A
kickstart: version 5.0(3)U5(1a)
system: version 5.0(3)U5(1a)
power-seq: Module 1: version v4.4
BIOS compile time: 08/25/2011
kickstart image file is: bootflash:/n3000-uk9-kickstart.5.0.3.U5.1a.bin
kickstart compile time: 11/21/2012 1:00:00 [11/21/2012 04:17:19]
system image file is: bootflash:/n3000-uk9.5.0.3.U5.1a.bin
system compile time: 11/21/2012 1:00:00 [11/21/2012 05:03:31]
The kickstart and system images are stored on an FTP server at the IP address 198.18.7.200 in the
DEVICE_MANAGEMENT VLAN (default VRF), in the home directory of the user download, and the
password is Netapp123. Edit and issue these commands and then respond to the prompts appropriately.
copy ftp://downloads:Netapp123@198.18.7.200/n3000-uk9.5.0.3.U5.1a.bin bootflash:
copy ftp://downloads:Netapp123@198.18.7.200/n3000-uk9-kickstart.5.0.3.U5.1a.bin bootflash:
Enable Features
From the configuration mode (config t), run the following commands on each switch:
cfs eth distribute
feature eigrp
feature interface-vlan
feature hsrp
feature lacp
feature vpc
Note: The EIGRP feature is only applicable if configuring a routed access layer using EIGRP as the
routing protocol. For more information, see High Availability Campus Network DesignRouted
Access Layer using EIGRP or OSPF.
router eigrp 64
autonomous-system 64
address-family ipv4 unicast
From the configuration mode (config t), run the following commands on switch2:
interface loopback0
ip address 198.18.2.34/31
ip router eigrp 64
router eigrp 64
autonomous-system 64
address-family ipv4 unicast
Define VLANs
To define and describe the layer 2 VLANs for Cisco Nexus 3048 switches 1 and 2, complete the following
step:
From the configuration mode (config t), run the following commands on each switch:
vlan 2
name UNUSED_PORTS
vlan 3
name NATIVE_VLAN
vlan 7
name DEVICE_MANAGEMENT
vlan 58
name vPC_keepalive
vlan 2020
name VIDEO_INGRESS
Note: At this point all ports are disabled; port groups are enabled (no shutdown) later in this procedure.
Note: These switches connect to the customer distribution/core layer by either a layer 2 (switched) or
layer 3 (routed) uplink. The vPC keepalive links are on ports Ethernet 1/2 and Ethernet 1/48, and
the vPC peer links are Twinax SFP+ 10Gbit connections between Ethernet 1/49 and E1/50. The
green circles on ports Ethernet 1/28 to Ethernet 1/36 are configured for the
DEVICE_MANAGEMENT VLAN, but are not cabled. They are for on-site service use.
interface Vlan58
no shutdown
description vPC_peer-keepalive
vrf member vPC_peer-keepalive
ip address 198.18.2.29/30
vpc domain 58
role priority 11
peer-keepalive destination 198.18.2.30 source 198.18.2.29 vrf vPC_peer-keepalive
interface port-channel58
description vPC_peer-keepalive
switchport access vlan 58
no negotiate auto
interface port-channel59
description vPC peer link
switchport mode trunk
vpc peer-link
switchport access vlan 3
interface Ethernet1/2
description vPC_peer-keepalive
switchport access vlan 58
channel-group 58 mode active
interface Ethernet1/48
description vPC_peer-keepalive
switchport access vlan 58
channel-group 58 mode active
interface Ethernet1/49
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
channel-group 59 mode active
interface Ethernet1/50
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
channel-group 59 mode active
From the configuration mode (config t), run the following commands on switch2:
interface Vlan58
no shutdown
description vPC_peer-keepalive
vrf member vPC_peer-keepalive
ip address 198.18.2.30/30
vpc domain 58
role priority 12
peer-keepalive destination 198.18.2.29 source 198.18.2.30 vrf vPC_peer-keepalive
interface port-channel58
description vPC_peer-keepalive
switchport access vlan 58
no negotiate auto
interface port-channel59
description vPC peer link
switchport mode trunk
vpc peer-link
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
no negotiate auto
interface Ethernet1/2
description vPC_peer-keepalive
switchport access vlan 58
channel-group 58 mode active
interface Ethernet1/48
description vPC_peer-keepalive
interface Ethernet1/49
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
channel-group 59 mode active
interface Ethernet1/50
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
channel-group 59 mode active
The slot labeled vmnic contains a quad-port Broadcom Corporation Broadcom NetXtreme II BCM5709
1000Base-T Ethernet controller.
The slot labeled SAS contains the LSI SAS 9200-8E HBA.
The port labeled 1 is a 10/100/1000 Ethernet dedicated management port, for CIMC.
The ports labeled 2 and 3 are dual 1-Gb Ethernet ports. Port 2 is vmnic0 (vSwitch0, VMkernel port), and
Port 3 is vmnic1 (vSwitch2, SERVER_MGMT) to the ESXi host.
The three management ports are connected to switch ports in the management VLAN. They are identified
in the switch interface description using Server 1 as an example:
Server 1 - CIMC:DEVICE_MANAGEMENT
Server 1 - vmnic0:DEVICE_MANAGEMENT
Server 1 - vmnic1:DEVICE_MANAGEMENT
Note: Servers 1 and 3 are connected on switch 1, and Servers 2 and 4 are connected to switch 2.
interface Ethernet1/18
description SERVER 1 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/20
description SERVER 1 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/22
description SERVER 3 - CIMC:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/24
description SERVER 3 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/26
description SERVER 3 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
Configure available service ports on the switch for the service technicians laptops:
int e 1/28, e 1/30, e 1/32, e1/34, e1/36
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
From the configuration mode (config t), run the following commands on switch 2:
interface Ethernet1/16
description SERVER 2 - CIMC:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/18
description SERVER 2 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/20
description SERVER 2 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/22
description SERVER 4 - CIMC:DEVICE_MANAGEMENT
switchport access vlan 7
interface Ethernet1/24
description SERVER 4 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/26
description SERVER 4 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
Configure available service ports on the switch for the service technicians laptops:
int e 1/28, e 1/30, e 1/32, e1/34, e1/36
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
From the configuration mode (config t), run the following commands on switch 2:
interface Ethernet1/14
description E2660-B:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
From the configuration mode (config t), run the following commands on switch 2.
From the configuration mode (config t), run the following commands on switch 2.
If using the LAN_ENTERPRISE_SERVICES_PKG license and routed (layer 3) access layer:
interface Vlan2020
no shutdown
description VIDEO_INGRESS
ip address 198.18.6.2/24
ip router eigrp 64
hsrp 1
preempt delay reload 120
priority 120
ip 198.18.6.4
If using a switched (layer 2) access layer:
interface Vlan2020
no shutdown
description VIDEO_INGRESS
ip address 198.18.6.2/24
interface port-channel2
description Server 2
vpc 2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel3
description Server 3
vpc 3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel4
description Server 4
vpc 4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface Ethernet1/1
description Server 1 - vmnic5
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 1
interface Ethernet1/5
description Server 3 - vmnic5
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 3
interface Ethernet1/13
description Server 1 - vmnic3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 1
interface Ethernet1/17
description Server 3 - vmnic3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 3
interface Ethernet1/25
description Server 2 - vmnic5
interface Ethernet1/29
description Server 4 - vmnic5
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
interface Ethernet1/37
description Server 2 - vmnic3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 2
interface Ethernet1/41
description Server 4 - vmnic3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
From the configuration mode (config t), run the following commands on switch 2:
interface port-channel1
description Server 1
vpc 1
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel2
description Server 2
vpc 2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel3
description Server 3
vpc 3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel4
description Server 4
vpc 4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface Ethernet1/1
description Server 1 - vmnic4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 1
interface Ethernet1/5
description Server 3 - vmnic4
interface Ethernet1/13
description Server 1 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 1
interface Ethernet1/17
description Server 3 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 3
interface Ethernet1/25
description Server 2 - vmnic4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 2
interface Ethernet1/29
description Server 4 - vmnic4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
interface Ethernet1/37
description Server 2 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 2
interface Ethernet1/41
description Server 4 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
Enable Interfaces
From the configuration mode (config t), run the following commands on both switches:
VIDEO_INGRESS:
interface Eth1/1,Eth1/5,Eth1/13,Eth1/17,Eth1/25,Eth1/29,Eth1/37,Eth1/41,Eth1/49,Eth1/50
no shut
interface po1, po2, po3, po4
no shut
interface vlan 2020
no shut
DEVICE_MANAGEMENT:
interface Eth1/14, Eth1/16, Eth1/18, Eth1/20, Eth1/22, Eth1/24, Eth1/26, Eth1/28, Eth1/30,
Eth1/32, Eth1/34, Eth1/36,Eth1/49, Eth1/50
no shut
interface vlan 7
no shut
vPC keepalive and vPC peer links:
2. From the configuration mode (config t), run the following commands on switch 2:
interface Ethernet1/51
description L3 UPLINK stl3048-f5-2 e1/51
no switchport
ip address 198.18.1.37/30
ip router eigrp 64
ip hold-time eigrp 64 3
ip hello-interval eigrp 64 1
interface Ethernet1/52
description L2 UPLINK stl3048 Eth1/49
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
channel-group 10 mode active
2. From the configuration mode (config t), run the following commands on switch 2:
interface port-channel10
description L2 Portchannel to CORE
switchport mode trunk
vpc 10
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
no negotiate auto
IP Multicast Configuration
Milestone XProtect Corporate and OnSSI Ocularis ES support IP multicast transport of video to client
users. The Cisco Nexus 3048 switches have been validated to integrate to an IP multicast-enabled
campus network.
Because this configuration uses IP PIM sparse mode, two routers (for availability) in the network core
should be configured as rendezvous points (RPs). RPs are used by senders to an IPmc group to
announce their existence and by receivers of IPmc packets to learn about new senders.
The core routers are configured with an IP PIM auto-RP and an RP-mapping agent to arbitrate conflicts
between the two RPs. The RP-mapping agent provides consistent group-to-RP mappings to all other
routers in the IP PIM network.
The solution was validated to transport IP multicast packets source from recording servers on the VIDEO
INGRESS VLAN to clients configured on an access-layer switch also connected to the campus core
network.
Cisco NX-OS does not support PIM dense mode. In Cisco NX-OS, multicast is enabled only after the PIM
feature is enabled on each router. The PIM sparse mode is then enabled on the appropriate interfaces.
With the video surveillance solution Cisco Nexus 3048 switches, PIM sparse mode should be enabled on
the loopback interface, the VIDEO INGRESS switch virtual interface (SVI) interface, and the layer 3
uplinks. Also, the auto-rp function should be enabled to listen and forward.
From the configuration mode (config t), run the following commands on both switches:
feature pim
ip pim auto-rp listen forward
ip pim log-neighbor-changes
interface loopback0
ip pim sparse-mode
interface Vlan2020
ip pim sparse-mode
interface Ethernet1/51
ip pim sparse-mode
After enabling IP multicast routing, the switches should form PIM neighbor relationships with the uplink
switches and learn the RPs. Verify the PIM neighbors and PIM RP status as follows:
VSS-3048-1# show ip pim neighbor
PIM Neighbor Status for VRF "default"
Neighbor Interface Uptime Expires DR Bidir- BFD
Priority Capable State
198.18.6.2 Vlan2020 06:19:35 00:01:29 1 no n/a
198.18.1.34 Ethernet1/51 06:21:06 00:01:33 1 no n/a
Save Configuration
Verify that the configuration has been saved to NVRAM and FTP server for each switch:
VSS-3048-1# copy running-config startup-config
[########################################] 100%
Figure depicts the location of the management ports on the E-Series controllers. The A controller is at
the top, and the B controller is at the bottom. The green lines point to the management port (Port 1). For
initial configuration, connect a laptop to one of the service ports (Port 2).
A best practice is to leave Port 2 with the default values for a service technician to use locally. When
the initial configuration is done, connect each of the Port 1s on both controllers to a network switch in
the test environment topology.
The IP address of the first port can be changed using SANtricity ES from a laptop on the same subnet as
the default IP address on Port 2. Run the SANtricity ES application. The Enterprise Management window
(EMW) appears. For initial configuration, do the following:
1. Edit > Add Storage Array and select Out of Band Management. Enter the IP address for one
management IP port (for example, 192.168.129.101).
2. When you have connected to the controller, click the SANtricity ES Setup tab and select Configure
Ethernet Management Ports to change the IP address of Port 1 on each controller.
3. After configuring the IP addresses management Port 1 on both controllers, detach the laptop from
Port 2 (the service technician port) and remove the storage array from the SANtricity EMW.
4. Connect the laptop to an available port on the appropriate network switch and create a static IP
address on the laptop using an available service technician IP address (for example, 198.18.7.200).
5. Use the SANtricity ES EMW to manually add the storage array, using the IP addresses assigned to
Port 1 of controller A and B.
Table 16 illustrates the details for the sample configuration. Use these details as a guide to create the
volume groups and volumes.
VOL_FAILOVER_1 4.856TB B
VOL_FAILOVER_2 4.856TB A
VOL_FAILOVER_3 4.856TB B
VOL_RECORDING_2 1TB A
VOL_RECORDING_4 1TB A
VOL_RECORDING_5 1TB B
VOL_RECORDING_6 1TB A
VOL_RECORDING_8 1TB A
VOL_RECORDING_9 1TB B
VOL_RECORDING_10 1TB A
When volume creation is completed, the controllers will initialize the volumes. Additional configuration
steps can be done while the volumes initialize; there is no need to wait until initialization has
completed.
The initialization process can take several days to complete (depending on size and number of
volumes created). Although configuration tasks can still be done to the array or the servers connected
to the array, application performance testing should not be done until the initialization process has
completed. Check the status of the volume initialization process. View Operations in Progress in
SANtricity ES, as shown below.
Save the configuration changes by clicking the Save Changes button on the bottom-right corner of the
screen.
12. Select Properties next to the vSwitch that was just added.
13. Select the vSwitch and click Edit.
14. Select the NIC Teaming tab and click the checkbox for Load Balancing.
15. In the drop-down next to Load Balancing, select Route based on IP Hash.
16. The results should appear similar to the following screenshot. Click OK at the bottom of the dialog
box.
7. Select the vmnic1 port (the only one not in a vSwitch). Click Next.
8. Type a network label (such as SERVER_MGMT).
9. Leave the VLAN ID at the default setting.
6. Change other parameters as needed for your network/DNS environment; click OK.
7. A warning might appear about IPv6; click Yes to continue.
8. Verify that the new host identification name is shown as desired. See the following sample
configuration.
8. Because startup policy reverts (changes), it is necessary to click the Start and stop with host button
again.
9. On the Services Properties screen, the SSH should show its daemon as Running.
10. To save the setting change, click OK.
10. Navigate to the location of the .ISO file on your laptop or workstation.
11. Select the files to upload. Click Open.
12. If an Upload/Download Operation Warning dialog box appears, click Yes.
13. Observe as the file copies to the folder on the datastore. It will appear similar to this screenshot:
Note: When a single CAT 5 cable is removed and the command is reissued, the Link column can be
observed to show a down state. This is useful for troubleshooting cabling issues.
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch1 128 13 128 1500 vmnic2,vmnic3
,vmnic4,vmnic5
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch2 128 7 128 1500 vmnic1
2. Use the esxcfg-vswitch command to enable advertisement of CDP on all virtual switches
configured on the ESXi host.
~ # esxcfg-vswitch -B both vSwitch0
~ # esxcfg-vswitch -B both vSwitch1
~ # esxcfg-vswitch -B both vSwitch2
4. Following this change, log in to the Cisco Nexus 3048 switches and verify the ESXi host device IP
and port connected to individual interfaces. For example, CDP neighbor for Ethernet 1/1 is shown.
VSS-3048-1# show cdp neighbors interface e1/1
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
2. Using the output from the ipconfig command, Local Area Connection 2 has an Ethernet MAC
address of 00-0C-29-A2-62-D9, and Local Area Connection has an Ethernet MAC address of 00-0C-
29-A2-62-CF. Ignore the physical address lines, which are not preceded by an Ethernet adapter line.
From the preceding screenshot, note that the Ethernet MAC address associated with Network adapter 1
(VLAN_2020) is 00:0c:29:a2:62:cf.
Given the MAC address values shown in the last two steps, it can be determined that the Windows
Ethernet adapter named Local Area Connection is associated with the video ingress interface named
VLAN_2020.
The purpose of this procedure is to verify which Windows Ethernet adapter is associated with the network
adapter defined to the virtual machine using the vSphere client. This eliminates the common error of
assigning the wrong IP address to the wrong adapter.
This relationship can be documented for each virtual machine (in a text file) as follows:
Virtual Machine Ethernet adapter MAC Address vSwitch IP Address
=============== ======================= ================= =========== ==========
RACK-SVR-43
Local Area Connection 2: 00-0C-29-A2-62-D9 SERVER_MGMT 198.18.7.43
Local Area Connection : 00-0C-29-A2-62-CF VLAN_2020 198.18.6.43
From the command window on the virtual machine, assign the appropriate IP addresses to the interfaces.
The following example assigns an IP address of 198.18.6.43/24.
netsh interface ip add address name="Local Area Connection" addr=198.18.6.43 mask=255.255.255.0
If the interface requires a DNS server, it can also be specified with the netsh command, as shown here:
netsh interface ip add dns name="Local Area Connection" addr=198.18.6.253
If the IP addresses must be changed, the existing address may be deleted and a new IP address added.
To delete an IP address of 198.18.6.45 on the interface Local Area Connection, use the command format
shown here:
netsh interface ip delete address name="Local Area Connection" addr=198.18.6.43
To verify the configured IPv4 routes, use the route print command to review the section labeled Persistent
Routes.
C:\Users\Administrator>route print -4
===========================================================================
Interface List
13...00 0c 29 a2 62 d9 ......Intel(R) PRO/1000 MT Network Connection #2
11...00 0c 29 a2 62 cf ......Intel(R) PRO/1000 MT Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
Note: The metric value specified on the command line is used to prioritize routes with the same network
and mask; a lower value has a higher preference.
To verify the routing, both tracert and ping may be used. In this example, ping is used to verify
connectivity to a switch virtual interface (SVI) supporting network video cameras at 198.18.5.1. Tracert
is used to verify the path to a camera at 198.18.5.100.
C:\Users\Administrator>tracert -d 198.18.5.100
Trace complete.
C:\Users\Administrator>
Introduction
The LSI 9200-8e is a 6Gbps SAS host bus adapter (HBA) used to provide host connectivity for the Cisco
UCS C220-M3 servers to the SAS host interfaces of the E-Series storage array.
The driver, firmware, and BIOS upgrade procedure using VMware ESXi is illustrated in this section. More
information and detailed instructions (including instructions for other operating systems) can be found at
LSI SAS Host Adapter.
During solution testing, two issues were encountered that are addressed by this update:
Servers running ESXi 5.1 might crash to a purple screen of death (PSOD) page fault (PF14).
SAS HBA presenting only one SAS address to attached storage arrays.
Without the update applied, the host properties screen shown in the SANtricity ES might report only one
SAS address per dual port host.
Use the sas2flash Utility Program to Update the Firmware and BIOS
Follow instructions from LSI SAS Host Adapter and the LSI website to flash the HBA with new firmware
and BIOS code. The procedure involves erasing all code from the LSI 9200-8e HBA card and then
flashing the firmware and BIOS, followed by finally resetting the SAS address of the card. Following is a
brief summary of steps, details of which can be found at LSI SAS Host Adapter and the LSI website.
Note: When the SAS address of the HBA is displayed using the list option, save the SAS address for
later use. Copy and paste the SAS address into a text document.
Issue commands in this order, substituting actual file names where appropriate:
cd /opt/lsi/bin
./sas2flash -list
./sas2flash o e 7
./sas2flash o f <path_and_name_of_firmware_file>
./sas2flash o b <path_and_name_of_BIOS_file>
./sas2flash o sasadd <SAS_Address>
A sample output of executing the steps on a server running VMware ESXi 5.1 is shown as follows. Some
output has been removed for brevity.
sas2flash -list
/opt/lsi/bin # ./sas2flash -list
LSI Corporation SAS2 Flash Utility
Adapter Selected is a LSI SAS: SAS2008(B2)
Controller Number : 0
Controller : SAS2008(B2)
PCI Address : 00:03:00:00
SAS Address : 500605b-0-0266-0310
NVDATA Version (Default) : 0e.03.00.03
NVDATA Version (Persistent) : 0e.03.00.03
Firmware Product ID : 0x2213
Firmware Version : 14.00.01.00
NVDATA Vendor : LSI
NVDATA Product ID : SAS9200-8e
BIOS Version : 07.05.01.00
Save the output of this command; the SAS address will be needed later. The next command erases all
code on the LSI SAS HBA.
sas2flash -o -e 7
/opt/lsi/bin # ./sas2flash -o -e 7
Resetting Adapter...
Reset Successful!
Verifying Download...
Resetting Adapter...
Adapter Successfully Reset.
The next section illustrates how to use SANtricity ES to create host mappings on the E-Series array. The
host map should show two SAS addresses, rather than one.
~ # cd /opt/lsi/bin
/opt/lsi/bin # ./sas2flash -list
LSI Corporation SAS2 Flash Utility
Version 15.00.00.00 (2012.11.06)
Copyright (c) 2008-2012 LSI Corporation. All rights reserved
Controller Number : 0
Controller : SAS2008(B2)
PCI Address : 00:03:00:00
SAS Address : 500605b-0-04f5-3090
NVDATA Version (Default) : 0f.00.00.05
NVDATA Version (Persistent) : 0f.00.00.05
Firmware Product ID : 0x2213 (IT)
Firmware Version : 15.00.00.00
NVDATA Vendor : LSI
NVDATA Product ID : SAS9200-8e
BIOS Version : 07.29.00.00
UEFI BSD Version : N/A
The SAS address found using either of these methods is the address for the first SAS port. The second
port will have an address that is the same, except for the last digit. Use this information to map hosts to
the E-Series storage later.
4. Right-click to see the details for a single-mapping entry. You should see information similar to that
shown as follows with both SAS addresses from the host LSI 9200-8e SAS HBA.
Table 18) Logical view of volume and LUNs for mapping hosts.
The following example illustrates a physical host with two volumes mapped to the host.
All volumes for the guest virtual machines are mapped to the physical (ESXi) host. If there are four virtual
machines on the physical host with two volumes per virtual machine, there will be eight volumes mapped
to the physical host. The previous example only illustrated the first two volumes mapped to the physical
machine.
After all the volumes are mapped to the physical machine, they are assigned to the appropriate guest
machine by the RDM function.
Here is an actual complete vmkfstools command where the final syntax is seen. The actual command
is issued to ESXi as a single-line command with a space character after the network address authority
(NAA) ID.
vmkfstools -z /vmfs/devices/disks/naa.60080e50002e319200000a3d506d9132
/vmfs/volumes/datastore1/SVR-10/REC-SVR-10-RDMLUN0.vmdk
Following are templates for the commands that will be created for each of the four ESXi host servers in
the sample configuration. Create four text files with content similar to the following commands. The actual
commands can be created from these templates. The naa.X in each command is replaced by the
appropriate actual NAA ID value. The LUN numbers are taken from the sample volume configuration in
Table 18.
# SVR-1: for Bookmarks LUN, 2 Failovers LUNs:
vmkfstools -z /vmfs/devices/disks/naa.X /vmfs/volumes/datastore1/SVR-10/REC-SVR-10-RDMLUN0.vmdk
vmkfstools -z /vmfs/devices/disks/naa.X /vmfs/volumes/datastore1/SVR-12/REC-SVR-12-RDMLUN21.vmdk
vmkfstools -z /vmfs/devices/disks/naa.X /vmfs/volumes/datastore1/SVR-13/REC-SVR-13-RDMLUN22.vmdk
To locate the NAA ID identifier for each LUN, follow these steps.
1. Log in to the host using the vSphere client; click the host server name on the left pane.
2. Click the Configuration tab.
7. If the expected LUNs do not show up or appear to be an old list (erroneous or from a previous
setup), click Rescan All in the upper right of the vSphere client interface.
8. Right-click the data line for the LUN.
9. Select Copy identifier to clipboard. This naa ID value is the NAA identifier for the LUN.
All LUNs mapped to the host should appear under the storage adapters after you attach the server to the
fabric, as shown in this example.
8. When the computing space requirements task has completed, click the Next button and follow the
prompts to perform a typical installation of VMware Tools. Click Finish.
9. Click Yes when prompted to perform a required reboot of the virtual machine.
10. After the VM has rebooted, verify that VMware Tools are installed. To verify that VMware Tools are
installed and running, use the vSphere client application; examine the summary tab for the virtual
machine. It should appear similar to the following screenshot:
To restore the configuration, the archive file must be uploaded to /tmp/configBundle.tgz, and the
host must be placed in maintenance mode before restoring the configuration.
~ # vim-cmd hostsvc/maintenance_mode_enter
~ # vim-cmd hostsvc/firmware/restore_config /tmp/configBundle.tgz
For a detailed example of this procedure, refer to How To Backup & Restore Free ESXi Host
Configuration.
VMware event log The event log for VMware hypervisors can be queried from the vSphere
client by selecting the events tab and highlighting physical hardware.
Major event log (MEL) The SANtricity ES Array Management GUI can be used to view the MEL on
the storage array. Use the SUPPORT tab and select View Event Log. The
dialog box has drop-down boxes that allow the administrator to filter events,
optionally view details, and save the log files to the local disk of the
workstation.
VMS event log The VMS management client provides a means to review the software
system event logs. The recording servers in Milestone and OnSSI have log
files that can provide state and debugging details.
They are hidden files on each recording server starting at the
C:\ProgramData\ directory:
C:\ProgramData\OnSSI\RC-E-Recorder\Logs
C:\ProgramData\Milestone\XProtect Corporate Recording Server\Logs
Network switch logging buffer The network switches and routers supporting the deployment (for example,
Cisco Nexus 3048 switches) logging buffer should be examined for any
warnings or errors. The relevant interface counters should be monitored for
packet loss or errors.
CIMC faults and log file The physical server CIMC main screen has an option to view hardware-
related faults and logs. Verify the system event log, the fault summary, and
the CIMC log for operational errors.
The video surveillance storage solution does not provide Network Time Protocol (NTP) servers or Domain
Name System (DNS) services. An accurate clock source through NTP is required for proper functioning of
the system. DNS is a recommended, but optional service.
A client viewing workstation is used to allow the physical-security manager to view live or recorded video
clips. One or more client viewing workstations may be deployed at various locations in the network
topology, including extranet locations such as police substations or VPN/teleworker connections. By
default, the rack Cisco Nexus 3048 switches do not have ports enabled for use by client viewing
workstations.
Peer: 198.18.6.1
State: Active
Time Remaining: 587.7696847s
Mode: 3 (Client)
Stratum: 5 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 17 (out of valid range)
HostPoll Interval: 10 (1024s)
Peer: 198.18.6.2
State: Active
Time Remaining: 587.7696847s
Mode: 3 (Client)
Stratum: 5 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 17 (out of valid range)
HostPoll Interval: 10 (1024s)
Alternately, the Array Management window will prompt the administrator to synchronize the controller
clocks if they are out of synchronization by more than a few minutes when compared to the storage
management station. An example is shown in the following screenshot.
Trace complete.
--------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
--------------------------------------------------------------------------------
Eth1/1 2020 eth access up none 1000(D) 1
Eth1/2 58 eth access up none 1000(D) 58
Eth1/3 2 eth access down Link not connected auto(D) --
Eth1/4 2 eth access down Link not connected auto(D) --
Eth1/5 2020 eth access up none 1000(D) 3
Eth1/6 2 eth access down Link not connected auto(D) --
Eth1/7 2 eth access down Link not connected auto(D) --
Eth1/8 2 eth access down Link not connected auto(D) --
Eth1/9 2 eth access up none 1000(D) --
Eth1/10 2 eth access down Link not connected auto(D) --
Eth1/11 2 eth access down Link not connected auto(D) --
Eth1/12 2 eth access down Link not connected auto(D) --
Eth1/13 2020 eth access up none 1000(D) 1
Eth1/14 7 eth access up none 1000(D) --
Eth1/15 2 eth access down Link not connected auto(D) --
Eth1/16 7 eth access down Link not connected auto(D) --
Eth1/17 2020 eth access up none 1000(D) 3
Eth1/18 7 eth access down Link not connected auto(D) --
Eth1/19 2 eth access down Link not connected auto(D) --
Eth1/20 7 eth access down Link not connected auto(D) --
Eth1/21 2 eth access up none 1000(D) --
Eth1/22 7 eth access down Link not connected auto(D) --
Eth1/23 2 eth access down Link not connected auto(D) --
Eth1/24 7 eth access down Link not connected auto(D) --
Eth1/25 2020 eth access up none 1000(D) 2
Eth1/26 7 eth access down Link not connected auto(D) --
Eth1/27 2 eth access down Link not connected auto(D) --
Eth1/28 7 eth access down Link not connected auto(D) --
Eth1/29 2020 eth access up none 1000(D) 4
Eth1/30 7 eth access down Link not connected auto(D) --
Eth1/31 2 eth access down Link not connected auto(D) --
Eth1/32 7 eth access down Link not connected auto(D) --
Eth1/33 2020 eth access up none 1000(D) --
Eth1/34 7 eth access down Link not connected auto(D) --
Eth1/35 2 eth access down Link not connected auto(D) --
Eth1/36 7 eth access down Link not connected auto(D) --
Eth1/37 2020 eth access up none 1000(D) 2
Eth1/38 2 eth access down Link not connected auto(D) --
Eth1/39 2 eth access down Link not connected auto(D) --
Eth1/40 2 eth access down Link not connected auto(D) --
Eth1/41 2020 eth access up none 1000(D) 4
Eth1/42 2 eth access down Link not connected auto(D) --
Eth1/43 2 eth access down Link not connected auto(D) --
Eth1/44 2 eth access down Link not connected auto(D) --
Eth1/45 2 eth access up none 1000(D) --
Eth1/46 2 eth access down Link not connected auto(D) --
Eth1/47 2 eth access down Link not connected auto(D) --
Eth1/48 58 eth access up none 1000(D) 58
--------------------------------------------------------------------------------
Port-channel VLAN Type Mode Status Reason Speed Protocol
Interface
--------------------------------------------------------------------------------
Po1 2020 eth access up none a-1000(D) none
Po2 2020 eth access up none a-1000(D) none
Po3 2020 eth access up none a-1000(D) none
Po4 2020 eth access up none a-1000(D) none
Po10 3 eth trunk up none a-10G(D) lacp
Po58 58 eth access up none a-1000(D) lacp
Po59 3 eth trunk up none a-10G(D) lacp
--------------------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
--------------------------------------------------------------------------------
mgmt0 -- up 198.18.57.12 1000 1500
-------------------------------------------------------------------------------
Interface Secondary VLAN(Type) Status Reason
-------------------------------------------------------------------------------
Vlan1 -- down Administratively down
Vlan7 -- up --
Vlan58 -- up --
Vlan2020 -- up --
--------------------------------------------------------------------------------
Interface Status Description
--------------------------------------------------------------------------------
Lo0 up --
In the preceding example, all vPC-related interfaces except the Po10 interface show they are connected.
The Po10 interface is not properly connected to the customer network in this example.
Show vPC
Log in to the Cisco Nexus 3048 switches and issue the show vpc command.
VSS-3048-1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 58
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 7
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
vPC status
----------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
------ ----------- ------ ----------- -------------------------- -----------
1 Po1 up success success 2020
2 Po2 up success success 2020
3 Po3 up success success 2020
4 Po4 up success success 2020
10 Po10 down* success success -
In the preceding example, the peer status should report being alive and adjacency formed okay. The
consistency status should report success. The vPC peer-link status should show an up status. Under the
vPC status, each port (Po1, Po2, and so on) represents the PortChannel to the respective server
(Server1, Server2, and so on) and should report an up status.
VLAN2020
Spanning tree enabled protocol rstp
Root ID Priority 34788
Address 547f.ee78.51fc
Cost 3
Port 4154 (port-channel59)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Note: As a best practice, the root (and secondary root) bridge in the topology should be explicitly
identified switches in the network core. Use the spanning-tree vlan vlan-id root
[primary | secondary] command to configure the root and secondary root.
Note: Ethernet ports 1/16 to 1/26 show notconnec for illustrative purposes only. When properly
configured, their status should report connected, as is the case with port Ethernet 1/14.
Show Interface
Issue the show interface command on both switches for all configured uplinks.
VSS-3048-1# show interface ethernet 1/51
Ethernet1/51 is up
Hardware: 1000/10000 Ethernet, address: e4d3.f162.88bc (bia e4d3.f162.889a)
Description: L3 UPLINK stl3048-f5-1 e1/51
Internet Address is 198.18.1.33/30
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
full-duplex, 10 Gb/s, media type is 10G
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
Last link flapped 4week(s) 5day(s)
Last clearing of "show interface" counters never
30 seconds input rate 928740808 bits/sec, 116092601 bytes/sec, 87422 packets/sec
30 seconds output rate 207240 bits/sec, 25905 bytes/sec, 223 packets/sec
Note: In the preceding example, the input rate of this uplink is approximately 927Mbps. This data rate,
when combined with the reported rate from the second Cisco Nexus 3048 switch, should
approximately equal the average data rate per camera, multiplied by the number of cameras.
Windows IP Configuration
[snip]
Non-authoritative answer:
Name: support.netapp.com
Address: 216.240.18.16
Note: In the previous example, the manager IP address is 198.18.6.16, and the failover recording
servers IP addresses are 198.18.6.17, 198.18.6.18, 198.18.6.28, and 198.18.6.38.
Verify That Each Recording Server Can Reach the Configured Network Video
Cameras
After logging on a recording server, connectivity between the recording server and the configured network
video camera can be verified by using ping or tracert. Additionally, the recording server has a control
panel connection to each IP camera. The following examples illustrate how to validate connectivity of an
IP camera at the IP address 198.18.13.33, at port 8000.
C:\Users\Administrator>tracert -d 198.18.13.33
Trace complete.
Tracert
C:\Users\NETAPP>tracert -d 198.18.6.47
1 3 ms 9 ms 10 ms 198.18.5.1
2 <1 ms <1 ms <1 ms 198.18.1.10
3 <1 ms <1 ms <1 ms 198.18.1.30
4 <1 ms <1 ms <1 ms 198.18.1.37
5 <1 ms <1 ms <1 ms 198.18.6.47
Trace complete.
Esxtop
Esxtop is started from the ESXi shell prompt. Open an SSH client and log in to the ESXi hypervisor.
~ # esxtop
In the previous screenshot, vmnic 3 and vmnic 5 have a relatively equal distribution of the ingress video
traffic at 104.78MbRX/s and 158.39MbRX/s, for a total of 263.17Mbps of ingress video traffic to the
physical machine.
Additionally, this display also reports the respective data rate of ingress video traffic to each virtual
machine. The four virtual machines, RACK-SVR-45, RACK-SVR-46, RACK-SVR-47, and RACK-SVR-48,
have ingress video traffic ranging from 43.08MbRX/s to 103.69MbRX/s.
Because observed data rates normally fluctuate between each of the iterations, this display can be used
to verify the distribution of load across the recording servers in the implementation. The physical-security
integrator can use this information to balance the offered load across all recording servers by moving
cameras between servers.
The default value source-dest-ip is a recommended initial value. This default value should provide a
reasonable degree of load sharing, because hundreds of networked video cameras (each with a unique
IP address) will be streaming video of up to four video recording servers, each with its own IP address.
Note: This command reports the percentage of traffic and not the observed data rate on the member
links.
Note: The majority of the traffic for server 4 uses the two member links on PortChannel 4 of switch 1:
19,373 packets/sec versus 110 packets/sec for switch 2.
Fsutil
To verify the cluster size of a volume (LUN) on E-Series (assuming drive letter E:\), log in to each
recording server, open a command window, and issue the fsutil command.
fsutil fsinfo ntfsinfo e:
The bytes per cluster value reported should be 65536 (64 kilobytes).
E5460
This is a sample configuration from an E5460 used in solution testing. The host interface to this array is
Fibre Channel. This configuration includes traditional volume groups and DDPs. Following is an excerpt
summary of the configuration showing three volumes configured for use by the physical host stlc200m2-7.
This host supports one virtual machine running a Milestone XProtect recording server.
DISK POOLS------------------------------
VOLUME GROUPS------------------------------
Name Status Usable Capacity Used Capacity Free Capacity RAID Level
VG_ARCHIVE_91 Optimal 16.371 TB 16.371 TB 0.000 MB 6
VG_LIVE_90 Optimal 2,794.019 GB 2,794.019 GB 0.000 MB 1
STANDARD VOLUMES------------------------------
// Uncomment the three lines below to remove the default volume (if exists). NOTE: Default volume
name is always = "Unnamed".
//on error continue;
//show "Deleting the default volume created during the removal of the existing configuration.";
//delete volume["Unnamed"] removeVolumeGroup=true;
//on error stop;
show "Setting the Storage Array to begin cache flush at 80% full.";
set storageArray cacheFlushStart=80;
show "Setting the Storage Array to end cache flush at 80% full.";
set storageArray cacheFlushStop=80;
show "Creating Host Port stlc200m2-7-1 on Host stlc200m2-7 with WWN 21000024ff3de382 and with
interfaceType FC.";
create hostPort host="stlc200m2-7" userLabel="stlc200m2-7-1" identifier="21000024ff3de382"
interfaceType=FC;
show "Creating Host Port stlc200m2-7-2 on Host stlc200m2-7 with WWN 21000024ff3de383 and with
interfaceType FC.";
create hostPort host="stlc200m2-7" userLabel="stlc200m2-7-2" identifier="21000024ff3de383"
interfaceType=FC;
show "Creating Volume-to-LUN Mapping for Volume VOL_LIVE_90 to LUN 19 under Host stlc200m2-7.";
set volume ["VOL_LIVE_90"] logicalUnitNumber=19 host="stlc200m2-7";
show "Creating Volume-to-LUN Mapping for Volume VOL_ARCHIVE_91 to LUN 91 under Host stlc200m2-
7.";
set volume ["VOL_ARCHIVE_91"] logicalUnitNumber=91 host="stlc200m2-7";
CACHE SETTINGS
Start cache flushing at: 80%
Stop cache flushing at: 80%
Cache block size: 32 KB
STORAGE SUMMARY
Volume groups: 15
RAID 1 Volume Groups: 4 Volumes: 11
RAID 6 Volume Groups: 11 Volumes: 14
HARDWARE SUMMARY
Trays: 3
Controllers: 2
Redundancy mode: Duplex (dual controllers)
Drives: 180
FIRMWARE INVENTORY
SANtricity ES AMW Version: 10.84.G0.32
Storage Array
Storage Array Name: stle2660-33_34
Current Package Version: 07.84.44.09
Current NVSRAM Version: N26X0-784834-DB2
Controllers
Location: Tray 99, Slot A
Current Package Version: 07.84.44.09
Current NVSRAM Version: N26X0-784834-DB2
VOLUME GROUPS------------------------------
Name Status Usable Capacity Used Capacity Free Capacity RAID Level
Drive/Media Type Volumes Secure Capable DA Capable
VG_ARCHIVE_1 Optimal 32.742 TB 32.742 TB 244.031 MB 6
Serial Attached SCSI (SAS), Hard Disk Drive 2 Yes (Non Secure) Yes
VG_LIVE_1_2 Optimal 4,189.314 GB 4,096.000 GB 93.314 GB 10
Serial Attached SCSI (SAS), Hard Disk Drive 4 Yes (Non Secure) Yes
DETAILS
Name: VG_ARCHIVE_1
Status: Optimal
Capacity: 32.742 TB
Current owner: Controller in slot B
RAID level: 6
Name: VG_LIVE_1_2
Status: Optimal
Capacity: 4,189.314 GB
Current owner: Controller in slot A,B
RAID level: 10
Drive media type: Hard Disk Drive
Drive interface type: Serial Attached SCSI (SAS)
Tray loss protection: Yes
Drawer Loss Protection: Yes
Data Assurance (DA) capable: Yes
DA enabled volume present: No
Total Volumes: 4
Standard volumes: 4
Repository volumes: 0
Free Capacity: 93.314 GB
DETAILS
Volume name: VOL_ARCHIVE_1
Volume status: Optimal
Thin provisioned: No
Capacity: 28.000 TB
Volume world-wide identifier: 60:08:0e:50:00:2e:31:92:00:00:0a:2f:50:6d:8d:4a
Associated volume group: VG_ARCHIVE_1
RAID level: 6
LUN: 1
Accessible By: Host stlc220m3-10
Drive media type: Hard Disk Drive
Drive interface type: Serial Attached SCSI (SAS)
Preferred owner: Controller in slot B
Current owner: Controller in slot B
Segment size: 128 KB
Modification priority: Lowest
Read cache: Enabled
Write cache: Enabled
Write cache without batteries: Disabled
Write cache with mirroring: Disabled
Flush write cache after (in seconds): 10.00
Dynamic cache read prefetch: Disabled
Enable background media scan: Enabled
Media scan with redundancy check: Disabled
Pre-Read redundancy check: Disabled
VSS-3048-1
This sample configuration is from the first top-of-rack Cisco Nexus 3048 switch.
version 5.0(3)U5(1a)
feature telnet
cfs eth distribute
feature interface-vlan
feature hsrp
feature lacp
feature vpc
ip domain-lookup
hostname VSS-3048-1
vrf context vPC_peer-keepalive
vlan 1
vlan 2
name UNUSED_PORTS
vlan 3
name NATIVE_VLAN
vlan 7
name DEVICE_MANAGEMENT
vlan 58
name vPC_keepalive
vlan 2020
name VIDEO_INGRESS
spanning-tree port type edge bpduguard default
vpc domain 58
role priority 11
peer-keepalive destination 198.18.2.30 source 198.18.2.29 vrf vPC_peer-keepalive
interface Vlan1
interface Vlan7
no shutdown
description DEVICE_MANAGEMENT
interface Vlan58
no shutdown
description vPC_peer-keepalive
vrf member vPC_peer-keepalive
ip address 198.18.2.29/30
interface Vlan2020
no shutdown
description VIDEO_INGRESS
ip address 198.18.6.1/24
interface port-channel1
description Server 1
vpc 1
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel2
description Server 2
vpc 2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel3
description Server 3
vpc 3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel4
description Server 4
vpc 4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel10
description L2 Portchannel to CORE
switchport mode trunk
vpc 10
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
no negotiate auto
interface port-channel58
description vPC_peer-keepalive
switchport access vlan 58
no negotiate auto
interface port-channel59
description vPC peer link
switchport mode trunk
vpc peer-link
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
no negotiate auto
interface Ethernet1/2
description vPC_peer-keepalive
switchport access vlan 58
channel-group 58 mode active
interface Ethernet1/3
switchport access vlan 2
interface Ethernet1/4
switchport access vlan 2
interface Ethernet1/5
description Server 3 - vmnic5
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 3
interface Ethernet1/6
switchport access vlan 2
interface Ethernet1/7
switchport access vlan 2
interface Ethernet1/8
switchport access vlan 2
interface Ethernet1/9
switchport access vlan 2
interface Ethernet1/10
switchport access vlan 2
interface Ethernet1/11
switchport access vlan 2
interface Ethernet1/12
switchport access vlan 2
interface Ethernet1/13
description Server 1 - vmnic3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 1
interface Ethernet1/14
description E2660-A:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/15
switchport access vlan 2
interface Ethernet1/16
description SERVER 1 - CIMC:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/17
interface Ethernet1/18
description SERVER 1 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/19
switchport access vlan 2
interface Ethernet1/20
description SERVER 1 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/21
switchport access vlan 2
interface Ethernet1/22
description SERVER 3 - CIMC:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/23
switchport access vlan 2
interface Ethernet1/24
description SERVER 3 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/25
description Server 2 - vmnic5
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 2
interface Ethernet1/26
description SERVER 3 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/27
switchport access vlan 2
interface Ethernet1/28
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/29
description Server 4 - vmnic5
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
interface Ethernet1/30
description DEVICE_MANAGEMENT
switchport access vlan 7
interface Ethernet1/31
switchport access vlan 2
interface Ethernet1/32
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/33
switchport access vlan 2
interface Ethernet1/34
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/35
switchport access vlan 2
interface Ethernet1/36
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/37
description Server 2 - vmnic3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 2
interface Ethernet1/38
switchport access vlan 2
interface Ethernet1/39
switchport access vlan 2
interface Ethernet1/40
switchport access vlan 2
interface Ethernet1/41
description Server 4 - vmnic3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
interface Ethernet1/42
switchport access vlan 2
interface Ethernet1/43
switchport access vlan 2
interface Ethernet1/44
switchport access vlan 2
interface Ethernet1/45
switchport access vlan 2
interface Ethernet1/46
switchport access vlan 2
interface Ethernet1/47
switchport access vlan 2
interface Ethernet1/49
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
channel-group 59 mode active
interface Ethernet1/50
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
channel-group 59 mode active
interface Ethernet1/52
description L2 UPLINK stl3048-LOANER Eth1/49
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
channel-group 10 mode active
VSS-3048-2
This sample configuration is from the second top-of-rack Cisco Nexus 3048 switch.
version 5.0(3)U5(1a)
feature telnet
cfs eth distribute
feature interface-vlan
feature hsrp
feature lacp
feature vpc
banner motd #
UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
You must have explicit permission to access or configure this
device. All activities performed on this device are logged and
violations of this policy may result in disciplinary action.
ip domain-lookup
hostname VSS-3048-2
interface Vlan1
interface Vlan7
no shutdown
description DEVICE_MANAGEMENT
ip address 198.18.7.2/24
interface Vlan58
no shutdown
description vPC_peer-keepalive
vrf member vPC_peer-keepalive
ip address 198.18.2.30/30
interface Vlan2020
no shutdown
description VIDEO_INGRESS
ip address 198.18.6.2/24
interface port-channel1
description Server 1
vpc 1
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel2
description Server 2
vpc 2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel3
description Server 3
vpc 3
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel4
description Server 4
vpc 4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
no negotiate auto
interface port-channel10
description L2 Portchannel to CORE
switchport mode trunk
vpc 10
switchport access vlan 3
interface port-channel58
description vPC_peer-keepalive
switchport access vlan 58
no negotiate auto
interface port-channel59
description vPC peer link
switchport mode trunk
vpc peer-link
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
no negotiate auto
interface Ethernet1/1
description Server 1 - vmnic4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 1
interface Ethernet1/2
description vPC_peer-keepalive
switchport access vlan 58
channel-group 58 mode active
interface Ethernet1/3
switchport access vlan 2
interface Ethernet1/4
switchport access vlan 2
interface Ethernet1/5
description Server 3 - vmnic4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 3
interface Ethernet1/6
switchport access vlan 2
interface Ethernet1/7
switchport access vlan 2
interface Ethernet1/8
switchport access vlan 2
interface Ethernet1/9
switchport access vlan 2
interface Ethernet1/10
switchport access vlan 2
interface Ethernet1/11
switchport access vlan 2
interface Ethernet1/12
switchport access vlan 2
interface Ethernet1/13
description Server 1 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/14
description E2660-B:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
interface Ethernet1/15
switchport access vlan 2
interface Ethernet1/16
description SERVER 2 - CIMC:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/17
description Server 3 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 3
interface Ethernet1/18
description SERVER 2 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/19
switchport access vlan 2
interface Ethernet1/20
description SERVER 2 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/21
switchport access vlan 2
interface Ethernet1/22
description SERVER 4 - CIMC:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/23
switchport access vlan 2
interface Ethernet1/24
description SERVER 4 - vmnic0:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/25
description Server 2 - vmnic4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 2
interface Ethernet1/26
description SERVER 4 - vmnic1:DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/27
switchport access vlan 2
interface Ethernet1/29
description Server 4 - vmnic4
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
interface Ethernet1/30
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/31
switchport access vlan 2
interface Ethernet1/32
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/33
switchport access vlan 2
interface Ethernet1/34
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/35
switchport access vlan 2
interface Ethernet1/36
description DEVICE_MANAGEMENT
switchport access vlan 7
spanning-tree port type edge
spanning-tree bpduguard enable
interface Ethernet1/37
description Server 2 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 2
interface Ethernet1/38
switchport access vlan 2
interface Ethernet1/39
switchport access vlan 2
interface Ethernet1/40
switchport access vlan 2
interface Ethernet1/41
description Server 4 - vmnic2
switchport access vlan 2020
spanning-tree port type edge
spanning-tree bpduguard enable
channel-group 4
interface Ethernet1/42
interface Ethernet1/43
switchport access vlan 2
interface Ethernet1/44
switchport access vlan 2
interface Ethernet1/45
switchport access vlan 2
interface Ethernet1/46
switchport access vlan 2
interface Ethernet1/47
switchport access vlan 2
interface Ethernet1/48
description vPC_peer-keepalive
switchport access vlan 58
channel-group 58 mode active
interface Ethernet1/49
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
channel-group 59 mode active
interface Ethernet1/50
description vPC peer link
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
channel-group 59 mode active
interface Ethernet1/52
description L2 UPLINK stl3048-LOANER Eth1/50
switchport mode trunk
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3,7,2020
spanning-tree port type network
channel-group 10 mode active
clock timezone est -5 0
clock summer-time edt 2 Sun Mar 2:00 1 Sun Nov 2:00 60
line console
line vty
Note: The live input (video feed from the camera), the number of video feeds output to the recording
server, and the aggregate data rate are shown in the lower right corner of the window.
C:\Users\Administrator\Desktop>show_clock
The current time is 3/26/2013 2:17:22 PM.
C:\>systeminfo
17 Summary
The NetApp video surveillance storage solution offers the physical-security integrator a highly scalable
repository for VMS supporting high camera counts, megapixel resolutions, high frame rates, and long
retention periods. The architecture is designed to provide high reliability and availability to meet the
demands of video surveillance deployments.
Appendixes
Glossary
This section contains the glossary of terms used throughout this document.
Term Definition
Asymmetric logic unit A topology used for redirecting I/O in case of an FC path failure.
References
The following references were used in this document:
NetApp Support
https://support.netapp.com/
Version History
Version Date Document Version History
Version 1.0 October 2013 Initial release
Authors
Joel W. King
Joel joined NetApp in July 2011 working on E-Series video surveillance storage, a big data vertical in the
Solutions and Integrations Group (SIG). He developed and delivered video surveillance storage at
NetApp Foresight/Insight 2012.
Joel has over 12 years of experience at Cisco (CCIE no. 1846), having joined the company as a
network consulting engineer dedicated to customer planning, design, and troubleshooting of large
enterprise customer networks. His focus was on large-scale routing protocol design. He developed the
Cisco IP Video Surveillance design guide and Network Readiness Assessment for Video Surveillance. He
also authored additional Cisco Validated Design guides (CVDs) specific to MAN/WAN topics such as
QoS-enabled IPSec VPNs (V3PN), teleworker, and performance routing (PfR), available on
www.cisco.com/go/designzone. He has developed and presented sessions at Cisco Live / Networkers for
10 years.
Joel also served as an instructor at Harrisburg Area Community College and was a technical architect at
AMP Incorporated in the Global Information Technology Division.
He has a BBA degree from Temple University, where he graduated with honors.
Jim Laing
Jim joined NetApp in September 2011 as a performance engineer in video solutions. He is an IT storage
and infrastructure professional with over 20 years of experience in a variety of industries and IT functions
with a focus on high-performing storage systems. His specialties include systems design, infrastructure,
fault-tolerant storage systems, system performance analysis and optimization, video and audio
production, and digital content creation.
In addition to independent consulting for the video and audio production industry, Jim has also worked in
performance engineering roles for IBM, Lockheed Martin, and Digital Equipment Corporation. He has BA
and MS degrees from Boston University with specialties and interests in OS design, system optimization,
and artificial intelligence.
NetApp provides no representations or warranties regarding the accuracy, reliability, or serviceability of any
information or recommendations provided in this publication, or with respect to any results that may be
obtained by the use of the information or observance of any recommendations provided herein. The
information in this document is distributed AS IS, and the use of this information or the implementation of
any recommendations or techniques herein is a customers responsibility and depends on the customers
ability to evaluate and integrate them into the customers operational environment. This document and the
information contained herein may be used solely in connection with the NetApp products discussed in this
document.
2013 NetApp, Inc. All rights reserved. No portions of this document may be reproduced without prior written consent of NetApp,
Inc. Specifications are subject to change without notice. NetApp, the NetApp logo, Go further, faster, and SANtricity are trademarks
or registered trademarks of NetApp, Inc. in the United States and/or other countries. Catalyst, CCIE, Cisco, Cisco Nexus, Cisco
UCS, and IOS are registered trademarks of Cisco Systems, Inc. Intel and Xeon are registered trademarks of Intel Corporation. Linux
is a registered trademark of Linus Torvalds. Hyper-V, Microsoft, Windows, and Windows Server are registered trademarks of
Microsoft Corporation. UNIX is a registered trademark of The Open Group. ESX, vMotion, VMware, and VMware vSphere are
registered trademarks and ESXi is a trademark of VMware, Inc. All other brands or products are trademarks or registered
192 Video Surveillancetrademarks of theirNetApp
Solutions Using respective holdersStorage
E-Series and should be treated as such. TR-4233-1013