When it comes to Storage we are the Solution

Storage Networking icon

Storage Networking

Storage Area Networking (SAN)

Over the years, Fibre Channel (FC) Storage Area Networks (SANs) have become the backbone for serving the information needs of enterprise data centers. SANs have been traditionally considered physically secure due to their closed and physically isolated location in data centers. While physical network isolation offers critical security, breaches through unauthorized hosts or users still poses potential security risks.

Adoption of server virtualisation technologies, increasing the number of physical or virtual servers in data centers, and data center growth through mergers and acquisitions have resulted in increased security concerns. Accordingly, security has remained the top budget priority over the last five or six years, with 60 percent of companies placing it as the highest priority in a recent International Data Corporation™ (IDC) survey.

Data-at-rest encryption with self-encrypting drives, when used with physical SAN security and techniques such as zoning and LUN masking, address all the major security risks that are faced by today’s IT storage administrators. This type of encryption allows for minimal disruption of existing SAN infrastructure deployments and maintains interoperability. Additionally, alternative approaches, such as fabric encryption, which pose implementation and interoperability challenges that negate pervasive adoption in data centers of the future, may not provide the correct degree of security.

Alternative approaches to secure data, such as adapter based encryption, are solutions looking for a problem. These approaches promote vendor lock-in, as the data encrypted by the hardware/adapters can only be read by the same vendor’s adapter or proprietary solutions that created them. Such approaches also pose new security risks if interoperability with existing deployments is mandated by IT managers. Host-based encryption also poses new challenges to datacompression or de-duplication applications.

Data at rest encryption

Virtualisation

IT administrators are becoming increasingly aware of virtualisation technologies because they help to drive significant cost reduction, asset optimization, and higher availability in data centers. Forward-looking IT organisations are turning inflexible data centers into agile, virtualised environments. International Data Corporation (IDC) expects spending on virtualisation technology to reach $15 billion in 2009.

The introduction of 64-bit, multi-core processors, PCI Express host bus, and improved memory architectures have greatly benefited server consolidation and its rapid adoption in the virtualised data center. To meet these increasing demands in consolidated and virtualised environments, enterprise IT managers must deploy a scalable, high-performance hot bus adapter (HBA) architecture. This architecture can address the demands placed by multiple Virtual Machines (VMs) or guest OSs, and applications in virtualised environments running simultaneously on a single physical server while meeting high levels of security, performance, and isolation.

Deployments of virtualisation today are primarily based on software-based hypervisor technologies such as Microsoft Hyper-V, VMware® ESX Server and Xen™ Hypervisor. Virtualisation is becoming mainstream and increasingly being used for production workloads. As the industry makes the transition from physical (non-virtualised) environments to virtualised environments, IT managers will expect the same level of deterministic service delivery in virtualised environments.

Software virtualisation technologies have enabled the rapid deployment of virtualisation into the enterprise data centers. However, they come with certain trade-offs in handling I/O operations. In physical environments there is a “single OS per server” mapping and thus applications running on the server will have direct access to the HBAs. In virtualised environments, multiple OSs/virtual machines share the same underlying hardware resources across multiple application workloads. This sharing leads to potential security and I/O performance considerations that are unique to virtualised environments.

Storage and Fabric Access in Virtualised SAN Environments

In typical Fibre Channel SAN environments, zoning and LUN masking are the key methods of providing access control in the fabric and to storage Logical Unit Numbers (LUNs). Traditional SAN environments require systems administrators to use physical HBAWorldwide Port Names (WWPN) for defining fabric zones, masking storage LUNs, and migrating VMs. Today, in virtualised SAN environments, storage administrators need to reconfigure SAN network settings (zoning, masking, and binding) when migrating a VM from one physical server to another. In addition, storage administrators typically define one zone where all disks are exposed to every server to support the migration of VMs to new servers. These practices go against SAN best practices followed by storage administrators in non-virtualised environments. Having storage disks with sensitive information potentially visible to all servers, the open zoning policy wherein all physical servers hosting VMs are in the same zone and the reconfiguration of SAN network settings after VM migrations are all potential challenges in virtualised SAN environments.

The following diagram shows how to dynamically provision VMs and applications, with minimal impact to the existing infrastructure.

Virtualised SAN environment

Fibre Channel and Data Center Power Requirements

As Fibre Channel (FC) technology evolves into a new generation of 8Gb products, it is imperative that a scalable architecture be deployed to meet a full spectrum of concerns beyond cost, performance, and backwards compatibility. The modern data center is faced with ever growing demands in the areas of virtualisation; power consumption; Reliability, Availability, and Serviceability (RAS); security; and manageability.

Technology advancements such as multi-core processors and the transition to high-density servers (blade servers) have allowed significantly more processing power in a much smaller space. However, these advancements have created new challenges for data centers and IT managers. One of these challenges is to address the overall energy and cooling needs of this new compact data center.

According to a 2007 report from Michael Bell, Vice President of Gartner Inc, “Power and cooling is a pandemic in the world of the data center. By next year (2008), about half the world’s data centers will be functionally obsolete due to insufficient power and cooling capacity to meet the demands of high-density equipment.” To put this expense into a different context, the International Data Corporation (IDC) estimates that data center servers accounted for 1.2 percent of total US electricity expenditure in 2005! The cost of providing power and cooling has led IT giants like Google®, Microsoft®, and Yahoo!® to locate multiple mega data centers in the Pacific Northwest region of the USA to benefit from the cheap hydroelectric power that is available in that region.

Fibre Channel and Data Center Power Requirements

Converged Networking

Fibre Channel is the established SAN interconnect, spanning from redundant Fibre Channel interfaces in each server, through SAN switches, and eventually to enterprise storage systems. Fibre Channel over Ethernet (FCoE) extends Fibre Channel traffic over 10Gb Ethernet networks, converging I/O onto one set of cables. FCoE is an evolutionary technology that coexists with Fibre Channel fabric, allowing Information Technology (IT) organisations to implement incrementally, while reaping business benefits including the following:

  • Fewer interface cards per server
  • Reduction in data center cabling
  • Fewer access-layer switches
  • Flexible performance management
  • Power and cooling savings
  • Seamless integration with existing
  • Fibre Channel infrastructure
  • Seamless management integration

A key enabling technology for I/O consolidation in the data center is 10 Gigabit Ethernet. With an order of magnitude more bandwidth available than Gigabit Ethernet, and with enhanced features incorporated into infrastructure components, I/O consolidation becomes more feasible than ever before. This consolidation is made ever more certain because a number of factors are driving adoption and the eventual ubiquity of 10Gb Ethernet: Multi-socket, multi-core server technology supports higher workload levels which, in turn, demand greater network throughput. Server virtualisation enables workload consolidation, which contributes additionally to network throughput demands. Increasing use of network storage requires higher bandwidth between servers and storage.

Extensions to the Ethernet specification give 10Gb Ethernet the flexibility to support transmission mechanisms beyond Internet Protocol, including Fibre Channel over Ethernet. Classical Ethernet manages congestion by dropping packets, and higher-level, connection-based protocols recover from packet losses. The IEEE 802.3x Pause mechanism transforms Ethernet into a lossless fabric, allowing it to emulate Fibre Channel operation.

Related Quick Links
Achieve more with Bell Micro