What is Storage Are Network (SAN) ?
What is HBA ?
A host bus adapter (HBA), or host controller or host adapter, connects a host system (the computer) to other network and storage devices. The HBA connects to the bus of the host or storage system. The function of the HBA is to convert the parallel electrical signals from the bus into a serial signal to pass to the SAN
- A storage area network (SAN) is a high-speed network composed of computers and storage devices. Instead of servers having locally attached storage with hard drives installed, the storage arrays are remote and accessed over a SAN.
- The servers can run multiple storage protocols, such as Fibre Channel, iSCSI, FCOE, or standard Ethernet or Fibre Channel switching fabrics to access storage shares.
- The server communicates with the Fibre Channel network via host bus adapters (HBA) installed in the servers, much like NIC cards are installed to access the LAN
- To the server’s operating system, the storage appears to be attached locally as it talks to the HBA and the HBA takes the SCSI storage commands and encapsulates them into the Fibre Channel networking protocol
What is HBA ?
A host bus adapter (HBA), or host controller or host adapter, connects a host system (the computer) to other network and storage devices. The HBA connects to the bus of the host or storage system. The function of the HBA is to convert the parallel electrical signals from the bus into a serial signal to pass to the SAN
- A software device driver for each model of HBA is required by the operating system.
- For Fibre Channel each HBA has a unique World Wide Name (WWN) (8 bytes long), which is similar to an Ethernet MAC address. There are two types of WWNs on a HBA; a node WWN, which is shared by all ports on a host bus adapter, and a port WWN, which is unique to each port.
What is Bitlocker?
Bitlocker is volume encryption technology.
It has following characteristics:
1) Can be used to encrypt entire volume or only the used parts of volume
2) Can be combined with EFS
3) Protects integrity of windows boot process
What is Virtual Private Network (VPN)?
The process of securing communication between two devices whose packets pass over some public and unsecured network, typically the Internet. VPNs encrypt packets so that the communication is private, and authenticate the identity of the endpoints.
How to check PWWN of the HBA from the host
if we want to see the PWWN of the HBA, we can run:
cat /sys/class/fc_host/host4/port_name
Explain differences between zoning and masking.
Explain the two major protocols used in Fibre Channel SANs?
1) Fibre Channel protocol (used by the hardware to communicate)
2) Small Computer System Interface (SCSI) protocol (used by software applications to talk to hard drives).
1) Fibre Channel protocol
• This is the language used by the HBAs, hubs,switches, and storage controllers to talk to each other. The Fibre Channel protocol is a low-level language.It is the means of communication between actual hardware components and not between the applications that run on the hardware.
• Fibre Channel is the building block of the SAN highway. It is like the road of the highway, where other protocols can run on top of it, just as different cars and trucks run on top of an actual highway. In other words,if Fibre Channel is the road, then SCSI is the truck that moves the data down the road.
2) SCSI protocol
• This is the language used by SAN-attached server applications on the server computers to talk to the disk drives. This protocol lies on top of the Fibre Channel protocol.
Note:
Even though most storage array manufacturers now use Fibre Channel disks in their storage arrays, the disks themselves still use the legacy SCSI protocol to communicate with applications over the Fibre Channel network. All the SCSI messages are encapsulated (packaged) into the Fibre Channel protocol.
What is Multipathing or multipath I/O (MPIO) ?
Explain NAS file sharing protocols?
1) NFS is mostly used in UNIX-based operating environments.
2) CIFS is used in Microsoft Windows–based operating environments
What is Data De-Duplication?
Data de-duplication means comparing objects (files or blocks) and removing all non-unique or duplicate objects (copies).
We can see several blocks being stored that are not unique. The de-duplication process removes any blocks that are not unique, resulting in the smaller group of blocks being stored.
The basic benefits of de-duplication can be summarized as follows:
1) Reduced hardware costs
2) Reduced backup costs
3) Reduced costs for disaster recovery
4) Increased efficiency of storage
What is hot-swapping?
Devices are allowed to be removed and inserted into a system without turning off the system
What is Hot-Sparing?
A spare device is available to be inserted into the subsystem operation without having to remove and replace a device.
Explain different Port types?
Fibre Channel offers a number of different port types depending on the purpose.
1) A node port (N port) is certainly found on the node itself, and it operates just like aport in a storage array or on a server. N ports connect point-to-point either to a storage
enclosure or to a SAN switch.
2) A fabric port (F port) is located on the Fibre Channel switch and connects to an N port.
3) An E port, or expansion port, connects one switch to another switch for inter-switch link (ISL) communications.
4) In a loop, whether arbitrated or via a hub, the node loop ports (NL ports) are the ports on the hosts or storage nodes
What are the daemons which are involved in NFS?
1) Network File System (NFS) allows a server to share directories and files with clients over a network. With NFS users and programs can access files on remote systems as if they were stored locally.
2) NFS consists of a server and one or more clients. The client remotely accesses the data that is stored on the server machine. In order for this to function properly, a few processes have to be configured and running.
These daemons must be running on the server:
A NAS has the following components:
1) NAS head (CPU and Memory)
2) One or more network interface cards (NICs), which provide connectivity to the network. NIC uses technologies such as Gigabit Ethernet, Fast Ethernet, ATM, and Fiber Distributed Data Interface (FDDI).
3) An optimized operating system for managing NAS functionality
4) NFS and CIFS protocols for file sharing
5) Industry-standard storage protocols to connect and manage physical disk resources, such as ATA, SCSI, or FC
6) Storage Array
What are World Wide Names (WWN)?
Explain Zoning in detail?
Explain Network connectivity
SAN - Hardware and operating systems differences
As per SAN principle with its operating system, treats data differently at various levels in the system architecture, thus creating some of these many challenges:
What is Storage Vmotion?
VMware Storage VMotion is a component of VMware vSphere that provides an in-built interface for live migration of virtual machine disk files within and across storage arrays with no downtime in service. Storage VMotion relocates virtual machine disk files from one shared storage location to another shared storage location with zero downtime, continuous service availability and complete transaction integrity.
What are the issues/errors you have been faced in NFS?
1) Error: “Server Not Responding”
The Network File System (NFS) client and server communicate using Remote Procedure Call (RPC) messages over the network. Both the host->client and client->host communication paths must be functional.
Use common tools such as ping, traceroute or tracepath to verify that the client and server machines can reach each other
The NFS file system also reports “server not responding” when a heavy server or network loads cause the RPC message responses to time out
2) Error: “No route to host”
The “no route to host” error can be reported when the client attempts to mount an NFS file system, even if the client can successfully ping the server
This can be caused by the RPC messages being filtered by either the host firewall, the client firewall, or a network switch. Verify if a firewall is active and if NFS traffic is allowed
3) Error: “mount clntudp_create: RPC: Port mapper failure – RPC: Unable to receive”
The Linux NFS implementation requires that both the NFS service and the portmapper (RPC) service be running on both the client and the server. If not, start it
4) Error: “NFS Stale File Handle”
A program uses the open(2) system call to access an NFS file in the same way the application opens a local file. This system call returns a file descriptor, or “handle”, that the program subsequently uses in I/O commands to identify the file to be manipulated.
5) Error: “Access Denied” or “Permission Denied”
Check the export permissions for the NFS file system. If you see unexpected export permissions, check the /etc/exports file on the server.
6) Error: “rpc mount export: RPC: Timed out”
This is caused by DNS name resolution issue. NFS(RPC) needs reverse name resolution. If NFS server or client cannot resolve their name, this error occurs. In case gets the error message, check DNS configuration and /etc/hosts configuration.
Explain different storage System Types
The types of storage that the host supports include active-active, active-passive, and ALUA-compliant.
1) Active-active storage system
Allows access to the LUNs simultaneously through all the storage ports that are available without noteworthy performance degradation. All the paths are active at all times, unless a path fails.
2) Active-passive storage system
A system in which one storage processor is actively providing access to a given LUN. The other processors act as backup for the LUN and can be actively providing access to other LUN I/O. I/O can be successfully sent only to an active port for a given LUN. If access through the active storage port fails, one of the passive storage processors can be activated by the servers accessing it.
3) Asymmetrical storage system/Asymmetric Logical Unit Access (ALUA)
ALUA-complaint storage systems provide different levels of access per port. ALUA allows hosts to determine the states of target ports and prioritize paths. The host uses some of the active paths as primary while others as secondary.
What is data reduction technology
2) It maximizes the lifespan of flash by reducing the write IOs to flash.
What is Raw Device Mapping
Raw device mapping (RDM) provides a mechanism for a virtual machine to have direct access to a LUN on the physical storage subsystem (Fibre Channel or iSCSI only).
What is Jitter?
Jitter refers to any deviation in timing that a bit stream suffers as it traverses the physical medium and the circuitry on-board the end devices. A certain amount of deviation from the original signaling will occur naturally as serial bit stream propagates over fibre-optic or copper cabling.
Can we assign a hot spare to R0 (RAID 0)array?
Bitlocker is volume encryption technology.
It has following characteristics:
1) Can be used to encrypt entire volume or only the used parts of volume
2) Can be combined with EFS
3) Protects integrity of windows boot process
What is the smallest unit of information transfer in FC?
Frame
What is Remote Replication?
Write ordering is maintained
2) Asynchronous Replication : Write is committed to the source and immediately acknowledged to the host.Data is buffered at the source and transmitted to the remote site later. Data at the remote site will be behind the source by at least the size of the buffer
What is FLOGI?
The FLOGI process authenticates the attached server or storage device to the SAN
fabric and registers the Fibre Channel ID and World Wide Node Name to the SAN port.
Describe the SAN Initiator and Target
Frame
What is Remote Replication?
- Remote replication is the process of creating replicas of information assets at remote sites which could be a few miles away or half way around the globe
- The infrastructure on which information assets are stored at the primary site is called the source. The infrastructure on which the replica is stored at the remote site is referred to as the target. Hosts that access the source or target are referred to as source hosts or target hosts, respectively.
- There are two basic modes of remote replications, Synchronous and Asynchronous
Write ordering is maintained
2) Asynchronous Replication : Write is committed to the source and immediately acknowledged to the host.Data is buffered at the source and transmitted to the remote site later. Data at the remote site will be behind the source by at least the size of the buffer
What is FLOGI?
The FLOGI process authenticates the attached server or storage device to the SAN
fabric and registers the Fibre Channel ID and World Wide Node Name to the SAN port.
- When the server wants to either read or write to the storage device, it will use the SCSI protocol, which is the standard that defines the steps needed to accomplish block-level storage read and write operations. The server requests a block of storage data to what it thinks is a locally attached SCSI drive.
- The HBA or iSCSI software installed on the server receives the requests and talks to the network either via iSCSI over Ethernet or by using the Fibre Channel protocol over a SAN. The server is known as the initiator and the storage array is the target
- The target does not request a SCSI connection but receives the request from the initiator and performs the operation requested. The initiator usually requests a read or write operation for a block of data, and it is up to the storage controller on the target to carry out the request.
What is Virtual Private Network (VPN)?
The process of securing communication between two devices whose packets pass over some public and unsecured network, typically the Internet. VPNs encrypt packets so that the communication is private, and authenticate the identity of the endpoints.
How to check PWWN of the HBA from the host
if we want to see the PWWN of the HBA, we can run:
cat /sys/class/fc_host/host4/port_name
- Zoning is implemented on the switch, and it controls which end node can communicate with other end nodes.
- Masking is done on the storage controller, and it controls which LUNs are accessible by which end nodes.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
1) A client can prove its identity to a server (and vice versa) across an insecure network connection
2) Kerberos client is an entity that gets a service ticket for a Kerberos service
2) Kerberos client is an entity that gets a service ticket for a Kerberos service
3) Kerberos server refers to the Key Distribution Center (KDC)
4) Application can make use of Kerberos tickets to verify identity and/or encrypt data
What is NAS?
Network-attached storage (NAS) is an IP-based file sharing device attached to a Local Area Network (LAN). NAS is shared storage on network infrastructure. NAS is a preferred storage solution that enables clients to share files quickly and directly with minimum storage management overhead. NAS uses network and file sharing protocols to perform filing and storage functions. These protocols include TCP/IP for data transfer, and CIFS and NFS for remote file service
What is CHAP?
4) Application can make use of Kerberos tickets to verify identity and/or encrypt data
What is NAS?
Network-attached storage (NAS) is an IP-based file sharing device attached to a Local Area Network (LAN). NAS is shared storage on network infrastructure. NAS is a preferred storage solution that enables clients to share files quickly and directly with minimum storage management overhead. NAS uses network and file sharing protocols to perform filing and storage functions. These protocols include TCP/IP for data transfer, and CIFS and NFS for remote file service
Challenge-Handshake Authentication Protocol is a basic authentication mechanism that has been widely adopted by network devices and hosts.
CHAP provides a method for initiators and targets to authenticate each other by utilizing a secret code or password. CHAP secrets are usually random secrets of 12 to 128 characters.
The secret is never exchanged directly over the wire; rather, a one-way
hash function converts it into a hash value, which is then exchanged. A hash function, using the MD5 algorithm, transforms data in such a way that the result is unique and cannot be changed back to its original form.
CHAP provides a method for initiators and targets to authenticate each other by utilizing a secret code or password. CHAP secrets are usually random secrets of 12 to 128 characters.
The secret is never exchanged directly over the wire; rather, a one-way
hash function converts it into a hash value, which is then exchanged. A hash function, using the MD5 algorithm, transforms data in such a way that the result is unique and cannot be changed back to its original form.
Explain the two major protocols used in Fibre Channel SANs?
1) Fibre Channel protocol (used by the hardware to communicate)
2) Small Computer System Interface (SCSI) protocol (used by software applications to talk to hard drives).
1) Fibre Channel protocol
• This is the language used by the HBAs, hubs,switches, and storage controllers to talk to each other. The Fibre Channel protocol is a low-level language.It is the means of communication between actual hardware components and not between the applications that run on the hardware.
• Fibre Channel is the building block of the SAN highway. It is like the road of the highway, where other protocols can run on top of it, just as different cars and trucks run on top of an actual highway. In other words,if Fibre Channel is the road, then SCSI is the truck that moves the data down the road.
2) SCSI protocol
• This is the language used by SAN-attached server applications on the server computers to talk to the disk drives. This protocol lies on top of the Fibre Channel protocol.
Note:
Even though most storage array manufacturers now use Fibre Channel disks in their storage arrays, the disks themselves still use the legacy SCSI protocol to communicate with applications over the Fibre Channel network. All the SCSI messages are encapsulated (packaged) into the Fibre Channel protocol.
- When transferring data between the host server and storage, the SAN uses a technique known as multipathing. Multipathing allows you to have more than one physical path from the host to a LUN on a storage system.
- Commonly, a single path from a host to a LUN consists of an iSCSI adapter or NIC, switch ports, connecting cables, and the storage controller port. If any component of the path fails, the host selects another available path for I/O. The process of detecting a failed path and switching to another is called path failover.
Explain different types of thick provisioning?
Thick provisioning is a type of storage pre-allocation. With thick provisioning, the complete amount of virtual disk storage capacity is pre-allocated on the physical storage when the virtual disk is created. A thick-provisioned virtual disk consumes all the space allocated to it in the datastore right from the start, so the space is unavailable for use by other virtual machines.
There are two sub-types of thick-provisioned disks:
1) A Lazy zeroed disk
A Lazy zeroed disk is a disk that takes all of its space at the time of its creation, but this space may contain some old data on the physical media. This old data is not erased or written over, so it needs to be "zeroed out" before new data can be written to the blocks. This type of disk can be created more quickly, but its performance will be lower for the first writes due to the increased IOPS (input/output operations per second) for new blocks
2) An Eager zeroed disk
An Eager zeroed disk is a disk that gets all of the required space still at the time of its creation, and the space is wiped clean of any previous data on the physical media. Creating eager zeroed disks takes longer, because zeroes are written to the entire disk, but their performance is faster during the first writes. This sub-type of thick-provisioned virtual disk supports clustering features, such as fault tolerance.
Note:For data security reasons, eager zeroing is more common than lazy zeroing with thick-provisioned virtual disks. Why? When you delete a VMDK, the data on the datastore is not totally erased; the blocks are simply marked as available, until the operating system overwrites them. If you create an eager zeroed virtual disk on this datastore, the disk area will be totally erased (i.e., zeroed), thus preventing anyone with bad intentions from being able to recover the previous data – even if they use specialized third-party software.
Thick provisioning is a type of storage pre-allocation. With thick provisioning, the complete amount of virtual disk storage capacity is pre-allocated on the physical storage when the virtual disk is created. A thick-provisioned virtual disk consumes all the space allocated to it in the datastore right from the start, so the space is unavailable for use by other virtual machines.
There are two sub-types of thick-provisioned disks:
1) A Lazy zeroed disk
A Lazy zeroed disk is a disk that takes all of its space at the time of its creation, but this space may contain some old data on the physical media. This old data is not erased or written over, so it needs to be "zeroed out" before new data can be written to the blocks. This type of disk can be created more quickly, but its performance will be lower for the first writes due to the increased IOPS (input/output operations per second) for new blocks
2) An Eager zeroed disk
An Eager zeroed disk is a disk that gets all of the required space still at the time of its creation, and the space is wiped clean of any previous data on the physical media. Creating eager zeroed disks takes longer, because zeroes are written to the entire disk, but their performance is faster during the first writes. This sub-type of thick-provisioned virtual disk supports clustering features, such as fault tolerance.
Note:For data security reasons, eager zeroing is more common than lazy zeroing with thick-provisioned virtual disks. Why? When you delete a VMDK, the data on the datastore is not totally erased; the blocks are simply marked as available, until the operating system overwrites them. If you create an eager zeroed virtual disk on this datastore, the disk area will be totally erased (i.e., zeroed), thus preventing anyone with bad intentions from being able to recover the previous data – even if they use specialized third-party software.
Explain NAS file sharing protocols?
1) NFS is mostly used in UNIX-based operating environments.
2) CIFS is used in Microsoft Windows–based operating environments
- NFS is a client/server application that enables a computer user to view, optionally stores, and update files on a remote computer as though they were on the user's own computer.The user's system requires an NFS client to connect to the NFS server. Since the NFS server and client use TCP/IP to transfer files, TCP/IP must be installed on both systems. It uses Remote Procedure Calls (RPC) to communicate between computers
- CIFS is a client/server application protocol that enables client programs to make requests for files and services on remote computers over TCP/IP and used DNS (Domain Name service) for name resolution.Most commonly used with Microsoft OS but is platform independent
What is Data De-Duplication?
Data de-duplication means comparing objects (files or blocks) and removing all non-unique or duplicate objects (copies).
We can see several blocks being stored that are not unique. The de-duplication process removes any blocks that are not unique, resulting in the smaller group of blocks being stored.
The basic benefits of de-duplication can be summarized as follows:
1) Reduced hardware costs
2) Reduced backup costs
3) Reduced costs for disaster recovery
4) Increased efficiency of storage
Devices are allowed to be removed and inserted into a system without turning off the system
A spare device is available to be inserted into the subsystem operation without having to remove and replace a device.
Fibre Channel offers a number of different port types depending on the purpose.
1) A node port (N port) is certainly found on the node itself, and it operates just like aport in a storage array or on a server. N ports connect point-to-point either to a storage
enclosure or to a SAN switch.
2) A fabric port (F port) is located on the Fibre Channel switch and connects to an N port.
3) An E port, or expansion port, connects one switch to another switch for inter-switch link (ISL) communications.
4) In a loop, whether arbitrated or via a hub, the node loop ports (NL ports) are the ports on the hosts or storage nodes
Explain storage Thin Provisioning?
iSCSI uses a unique name to identify an iSCSI node, either target or initiator. This name used as a way to universally identify the node. iSCSI names are formatted in two different ways.
1) IQN
2) EUI
1) iSCSI Qualified Name (IQN) Format
The iSCSI qualified name format is defined in format
Format:
iqn.yyyy-mm.naming-authority:unique name
Example:
iqn.2001-04.com.example.iscsi:SRV1-85412701
“iqn” specifies the use of the iSCSI qualified name as the authority. “YYYY-MM” is the year and month on which the naming authority acquired the domain name used in this iSCSI name.
2) Enterprise Unique Identifier (EUI) Format
The EUI format takes the form eui.16 hex digits. For example,
eui.0123456789ABCDEF.
The 16-hexadecimal digits are text representations of a 64-bit number of an IEEE EUI (extended unique identifier) format. The top 24 bits are a company ID that IEEE registers with a particular company. The lower 40 bits are assigned by the entity holding that company ID and must be unique.
Explain Storage system?
- Thin provisioning is a type of storage pre-allocation. A thin-provisioned virtual disk consumes only the space that it needs initially, and grows with time according to demand.
- Thin provisioning is a method that optimizes storage utilization by allocating storage space in a flexible on-demand manner. Thin provisioning contrasts with the traditional model, called thick provisioning. With thick provisioning, large amount of storage space is provided in advance in anticipation of future storage needs. However, the space might remain unused causing underutilization of storage capacity.
- For example, if you create a new thin-provisioned 30GB virtual disk and copy 10 GB of files to it, the size of the resulting VMDK file will be 10 GB, whereas you would have a 30GB VMDK file if you had chosen to use a thick-provisioned disk.
iSCSI uses a unique name to identify an iSCSI node, either target or initiator. This name used as a way to universally identify the node. iSCSI names are formatted in two different ways.
1) IQN
2) EUI
1) iSCSI Qualified Name (IQN) Format
The iSCSI qualified name format is defined in format
Format:
iqn.yyyy-mm.naming-authority:unique name
Example:
iqn.2001-04.com.example.iscsi:SRV1-85412701
“iqn” specifies the use of the iSCSI qualified name as the authority. “YYYY-MM” is the year and month on which the naming authority acquired the domain name used in this iSCSI name.
2) Enterprise Unique Identifier (EUI) Format
The EUI format takes the form eui.16 hex digits. For example,
eui.0123456789ABCDEF.
The 16-hexadecimal digits are text representations of a 64-bit number of an IEEE EUI (extended unique identifier) format. The top 24 bits are a company ID that IEEE registers with a particular company. The lower 40 bits are assigned by the entity holding that company ID and must be unique.
- Storage array is essentially a collection of hard disks.
- Storage is allocated to hosts based on logical unit numbers (LUNs), not on physical disks.
- When a server administrator requests 20 GB of disk space on the storage array, a 20 GB LUN portion is allotted, which can comprise quite a few kinds of physical storage underneath.
- The storage administrator can increase or decrease the LUN size, with some LUNs being used by a single host for things like booting up.
- Shared LUNs are accessible by multiple hosts, and they are often found where virtual machine images are shared.The entire storage array connects to the Fibre Channel via the storage processors (SPs).
- There are typically two of them so that one is available for connecting to each fabric. Individual SPs have their own unique addresses, which host devices use to connect to the storage system
What are the daemons which are involved in NFS?
1) Network File System (NFS) allows a server to share directories and files with clients over a network. With NFS users and programs can access files on remote systems as if they were stored locally.
2) NFS consists of a server and one or more clients. The client remotely accesses the data that is stored on the server machine. In order for this to function properly, a few processes have to be configured and running.
These daemons must be running on the server:
- nfsd - The NFS daemon which services requests from NFS clients. Starts the kernel-based NFS server daemons that handle filesystem request from clients. After a client mounts an NFS filesystem, access to that mount point and directories below it goes through the nfsd daemons on the server.
- mountd - The NFS mount daemon which carries out requests received from nfsd. Checks for access permissions for the exported filesystem and returns a pointer to it when a client tries to mount a filesystem.
- rpcbind - This daemon allows NFS clients to discover which port the NFS server is using. accepts port reservations from local RPC services. These ports are then made available (or advertised) so the corresponding remote RPC services can access them.
- lockd -This daemon supports record-locking operations on NFS files. It sends locking requests from the client to the NFS server. On the NFS server, it starts local locking
- statd - This daemon works with lockd to provide crash and recovery functions for the lock manager. It tracks the clients that hold locks on an NFS server
A NAS has the following components:
1) NAS head (CPU and Memory)
2) One or more network interface cards (NICs), which provide connectivity to the network. NIC uses technologies such as Gigabit Ethernet, Fast Ethernet, ATM, and Fiber Distributed Data Interface (FDDI).
3) An optimized operating system for managing NAS functionality
4) NFS and CIFS protocols for file sharing
5) Industry-standard storage protocols to connect and manage physical disk resources, such as ATA, SCSI, or FC
6) Storage Array
What are World Wide Names (WWN)?
- Fibre Channel uses World Wide Names (WWNs) to identify specific ports known as World Wide Port Names (WWPNs). Just as MAC addresses are used in Ethernet networks to identify an interface exclusively
- An HBA with one interface would have one WWPN; an HBA with two interfaces would have two, and so on, with one WWPN used for each SAN fabric,World Wide Node Names (WWNNs) represent specific devices like the card itself, and they are unique 8-byte vendor-assigned numbers. An HBA with two interfaces would have one WWNN and two WWPNs.
- As shown below, which shows a single fabric network made up of a server, a switch, and a storage array. As seen, a WWPN is being used to identify each of these devices on the network. To communicate with the storage array, the server is using WWPN 50:00:00:11:22:33:44:55 and the storage array is using WWPN 20:01:00:11:11:11:11:11 to identify the host.
Explain Zoning in detail?
- Zoning is an FC switch function that enables nodes within the fabric to be logically segmented into groups that can communicate with each other.
- Zoning is a fabric-wide service that allows defined hosts to see and connect only to the LUNs to which they are intended to connect. Zoning security maps hosts to LUNs.
- Members that belong to a zone can access each other but not ports on another zone.Nevertheless, it is possible to assign a device to more than one zone.
- It is common to configure a zone for each initiator port and the target to which it is allowed to communicate.
- Zones can be created to separate operating systems from each other, to localize traffic by department, or to segment sensitive data.
- Zoning is done for two primary reasons: security of the storage system and ease of management
Explain Network connectivity
- Network connectivity inside the physical host is vital to understand.Figure below displays the basic components that permit communication to and from virtual machines.
- Each of these devices has one or more virtual network interface cards, or vnics, which connect to a virtual port on a virtual switch that behaves just like a physical switch does—only, we can’t touch it!
- We take the physical NIC and chop it up into a bunch of virtual NICs that we can then attach to the virtual machines running on the hypervisor. Traffic from the virtual machine is received by the virtual switch and flooded or forwarded based on its MAC address tables.
- Furthermore, traffic from all virtual machines on a given physical host that’s destined for locations outside of it must exit through physical interfaces.
As per SAN principle with its operating system, treats data differently at various levels in the system architecture, thus creating some of these many challenges:
- Different attachment interfaces and protocols, such as SCSI, ESCON and FICON.
- Different data formats, such as Extended Count Key Data (ECKD), blocks,clusters, and sectors.
- Different file systems, such as Virtual Storage Access Method (VSAM),Journal File System (JFS), Enhanced Journal File System (JFS2), Andrew File System (AFS), and Windows NT File System (NTFS).
- OS/400, with the concept of single-level storage.
- Different file system structures, such as catalogs and directories.
- Different file naming conventions, such as AAA.BBB.CCC and DIR/Xxx/Yyy.
- Different data encoding techniques, such as EBCDIC, ASCII, floating point,and little or big endian.
What is Storage Vmotion?
VMware Storage VMotion is a component of VMware vSphere that provides an in-built interface for live migration of virtual machine disk files within and across storage arrays with no downtime in service. Storage VMotion relocates virtual machine disk files from one shared storage location to another shared storage location with zero downtime, continuous service availability and complete transaction integrity.
1) Error: “Server Not Responding”
The Network File System (NFS) client and server communicate using Remote Procedure Call (RPC) messages over the network. Both the host->client and client->host communication paths must be functional.
Use common tools such as ping, traceroute or tracepath to verify that the client and server machines can reach each other
The NFS file system also reports “server not responding” when a heavy server or network loads cause the RPC message responses to time out
2) Error: “No route to host”
The “no route to host” error can be reported when the client attempts to mount an NFS file system, even if the client can successfully ping the server
This can be caused by the RPC messages being filtered by either the host firewall, the client firewall, or a network switch. Verify if a firewall is active and if NFS traffic is allowed
3) Error: “mount clntudp_create: RPC: Port mapper failure – RPC: Unable to receive”
The Linux NFS implementation requires that both the NFS service and the portmapper (RPC) service be running on both the client and the server. If not, start it
4) Error: “NFS Stale File Handle”
A program uses the open(2) system call to access an NFS file in the same way the application opens a local file. This system call returns a file descriptor, or “handle”, that the program subsequently uses in I/O commands to identify the file to be manipulated.
5) Error: “Access Denied” or “Permission Denied”
Check the export permissions for the NFS file system. If you see unexpected export permissions, check the /etc/exports file on the server.
6) Error: “rpc mount export: RPC: Timed out”
This is caused by DNS name resolution issue. NFS(RPC) needs reverse name resolution. If NFS server or client cannot resolve their name, this error occurs. In case gets the error message, check DNS configuration and /etc/hosts configuration.
Explain different storage System Types
The types of storage that the host supports include active-active, active-passive, and ALUA-compliant.
1) Active-active storage system
Allows access to the LUNs simultaneously through all the storage ports that are available without noteworthy performance degradation. All the paths are active at all times, unless a path fails.
2) Active-passive storage system
A system in which one storage processor is actively providing access to a given LUN. The other processors act as backup for the LUN and can be actively providing access to other LUN I/O. I/O can be successfully sent only to an active port for a given LUN. If access through the active storage port fails, one of the passive storage processors can be activated by the servers accessing it.
3) Asymmetrical storage system/Asymmetric Logical Unit Access (ALUA)
ALUA-complaint storage systems provide different levels of access per port. ALUA allows hosts to determine the states of target ports and prioritize paths. The host uses some of the active paths as primary while others as secondary.
What is data reduction technology
- Data reduction technologies reduce the actual size of the data.For example, 10TBs of data may be reduced down to 2TBs with 5-to-1 data reduction.
- Examples of data reduction technologies include Deduplication, Compression, Pattern Removal, and Copy Reduction (for clones and xCopy commands, not snapshots).
- Data reduction results in two important benefits:
2) It maximizes the lifespan of flash by reducing the write IOs to flash.
What is Raw Device Mapping
Raw device mapping (RDM) provides a mechanism for a virtual machine to have direct access to a LUN on the physical storage subsystem (Fibre Channel or iSCSI only).
What is snap shot?
A snapshot of data object contains an image of data at a particular point of time
A snapshot of data object contains an image of data at a particular point of time
What are some attacks against FCP?
1) Node Name / Port Name spoofing at Port Login time
2) Source Port ID spoofing on dataless FCP commands
3) Snooping and spoofing on FC-AL
4) Snooping and Spoofing after Fabric reconfiguration
5) Denial of Service attacks can be made in User mode
1) Node Name / Port Name spoofing at Port Login time
2) Source Port ID spoofing on dataless FCP commands
3) Snooping and spoofing on FC-AL
4) Snooping and Spoofing after Fabric reconfiguration
5) Denial of Service attacks can be made in User mode
Jitter refers to any deviation in timing that a bit stream suffers as it traverses the physical medium and the circuitry on-board the end devices. A certain amount of deviation from the original signaling will occur naturally as serial bit stream propagates over fibre-optic or copper cabling.
Can we assign a hot spare to R0 (RAID 0)array?
No, since R0 is not redundant array, failure of any disks results in failure of the entire array so we cannot rebuild the hot spare for the R0 array.
What is FCoE SAN?
1) A SAN that is capable of transporting FC data along with regular Ethernet traffic over high speed (such as 10 Gbps or higher) Ethernet links.
What is the difference between LUNs and Volumes?
A LUN is a "logical unit number" and is related with the physical partition used by a host when writing data to disks. LUN numbers can be associated with SCSI ID numbers. Fundamentally it is the address of the disk so the host can find it.
A "volume" is usually associated with a file system that is written across multiple LUNS.
Let us say we have two LUNS (disks) attached to a server connected to a SAN. The server has the capability of combining those LUNS into one "volume", so it can lay down larger file systems. Software like Veritas Volume Manager is one example. Volume manager can group together multiple LUNS into larger "volumes" so massive amounts of data can be stored on a single file system, rather than on multiple file systems on multiple LUNS.
Which is linux native iSCSI driver?
1) The iscsi_sfnet driver provides a host with the ability to access storage through an IP network.The driver uses the iSCSI protocol to transport SCSI requests and responses over an IP network between the host and an iSCSI target device
2) The open-iscsi driver is a high-performance, transport independent, multi-platform implementation of RFC3720 iSCSI.
The user space open-iscsi consists of a daemon process called iscsid, and a management utility called iscsiadm.
Which protocols are encapsulated in FCoE?
FCoE encapsulates a Fibre Channel frame, which has SCSI commands.
How to check HBA details on the host
HBA details can be found using many commands.
1) lspci |grep “Fibre Channel”
Once we know the HBA is installed in the system we can confirm the drivers are installed by running
lsmod | grep lpfc
2) ls -ltr /sys/class/fc_host/host*
shows the list of Fibre Channel PCI cards. This output matches with lspci command run
What is Replication?
1) Replica - An exact copy
2) Replication - The process of reproducing data
3) Local replication - Replicating data within the same array or the same data center
What is the difference between LUN Masking and LUN Mapping?
Masking refers to making a LUN visible to some servers and not visible to others.
Mapping refers to the assignment of a number to a LUN. It can then be presented to a host.
We can say masking=mapping + presentation
What is Hypervisor?
Hypervisor is compute virtualization software that provides a virtualization layer for abstracting compute system hardware, and enables the creation of multiple virtual machines. It provides a virtualization layer that abstracts the processor, memory, network, and storage of the compute system and enables the creation of multiple virtual machines.
A hypervisor has two key components:
1) Hypervisor Kernel
a) Provides functionality similar to an OS kernel
b) Presents resource requests to physical hardware
2) Virtual Machine Manager (VMM)
a) Each VM is assigned a VMM
b) Abstracts physical hardware and presents to VM
What is RAID?
Redundant Array of Independent Disks (RAID) is a technique in which multiple disk drives are combined into a logical unit called a RAID set and data is written in blocks across the disks in the RAID set. RAID protects against data loss when a drive fails, through the use of redundant drives and parity. RAID also helps in improving the storage system performance as read and write operations are served simultaneously from multiple disk drives.
A RAID array is an enclosure that contains a number of disk drives and supporting hardware to implement RAID. A subset of disks within a RAID array can be grouped to form logical associations called logical arrays, also known as a RAID set or a RAID group.
What are various NAS file access methods?
The various methods can be used to access files on a NAS system are:
1) Network File System (NFS)
2) Common Internet File System (CIFS)
3) Hadoop Distribution File System (HDFS).
What is Persistent binding feature?
1) Persistent binding is an HBA feature that allows the host to permanently assign a system SCSI target ID to a specific FC device, even though the device's ID might vary each time the host initializes.
2) Binding is closely associated with the device discovery process.
3) Before any binding associations have been established, the driver queries the name server for all ports that have logged in with an FC-4 type of SCSI.
4) The name server delivers a list of D_IDs (Destination ID) and the driver logs in to each D_ID, then retrieves the WWPN associated with the D_ID and processes this information against the Control Target Device/Bus Target LUN (CTD) value.
5) Without persistent binding a host cannot maintain persistent communication from a device address across the fabric to a volume.
What are the key FCoE SAN components
The key FCoE SAN components are:
• Network adapters such as Converged Network Adapter (CNA) and software FCoE adapter
• Cables such as copper cables and fiber optical cables
• FCoE switch
1) Converged Network Adapter (CNA)
The CNA is a physical adapter that provides the functionality of both a standard NIC and an FC HBA in a single device. It consolidates both FC traffic and regular Ethernet traffic on a common Ethernet infrastructure. CNAs connect compute systems to the FCoE switches. They are responsible for encapsulating FC traffic onto Ethernet frames and forwarding them to FCoE switches over CEE links. A CNA offloads the FCoE protocol processing task from the compute system, thereby freeing the CPU resources of the compute system for application processing.
2) Software FCoE adapter
Instead of a CNA, a software FCoE adapter may also be used. A software FCoE adapter is OS or hypervisor kernel-resident software that performs FCoE processing. The FCoE processing consumes compute system CPU cycles. With software FCoE adapters, the OS or hypervisor implements FC protocol in software that handles SCSI to FC processing. The software FCoE adapter performs FC to Ethernet encapsulation. Both FCoE traffic (Ethernet traffic that carries FC data) and regular Ethernet traffic are transferred through supported NICs on the compute system.
3) FCoE switch
An FCoE switch has both Ethernet switch and FC switch functionalities. It has a Fibre Channel Forwarder (FCF), an Ethernet Bridge, and a set of ports that can be used for FC and Ethernet connectivity
1) Data backup
2) Data replication
3) Data retention
If we de-duplicate data for the clients it does not need to send as much data over your LAN (local area network) or WAN (wide area network) for remote-office consolidation and data backup. Using de-duplication in backup applications can save a lot of money that otherwise have to spend for media
When not to use dedupe:
Frequently accessed production databases are the worst place to use data deduplication. Trying to keep performance up while each write operation to the database disks must be preceded by a hash process to store the new data, and each read request must be preceded by an operation that reconstitutes the data so that the application can use it. Not a good idea. Use deduplication on the database when you back it up and leave production alone.
What is FCoE SAN?
1) A SAN that is capable of transporting FC data along with regular Ethernet traffic over high speed (such as 10 Gbps or higher) Ethernet links.
What is the difference between LUNs and Volumes?
A LUN is a "logical unit number" and is related with the physical partition used by a host when writing data to disks. LUN numbers can be associated with SCSI ID numbers. Fundamentally it is the address of the disk so the host can find it.
A "volume" is usually associated with a file system that is written across multiple LUNS.
Let us say we have two LUNS (disks) attached to a server connected to a SAN. The server has the capability of combining those LUNS into one "volume", so it can lay down larger file systems. Software like Veritas Volume Manager is one example. Volume manager can group together multiple LUNS into larger "volumes" so massive amounts of data can be stored on a single file system, rather than on multiple file systems on multiple LUNS.
Which is linux native iSCSI driver?
1) The iscsi_sfnet driver provides a host with the ability to access storage through an IP network.The driver uses the iSCSI protocol to transport SCSI requests and responses over an IP network between the host and an iSCSI target device
2) The open-iscsi driver is a high-performance, transport independent, multi-platform implementation of RFC3720 iSCSI.
The user space open-iscsi consists of a daemon process called iscsid, and a management utility called iscsiadm.
Which protocols are encapsulated in FCoE?
FCoE encapsulates a Fibre Channel frame, which has SCSI commands.
How to check HBA details on the host
HBA details can be found using many commands.
1) lspci |grep “Fibre Channel”
Once we know the HBA is installed in the system we can confirm the drivers are installed by running
lsmod | grep lpfc
2) ls -ltr /sys/class/fc_host/host*
shows the list of Fibre Channel PCI cards. This output matches with lspci command run
1) Replica - An exact copy
2) Replication - The process of reproducing data
3) Local replication - Replicating data within the same array or the same data center
Replication is the process of creating an exact copy of data. Creating one or more replicas of the production data is one of the ways to provide Business Continuity (BC). These replicas can be used for recovery and restart operations in the event of data loss. The primary purpose of replication is to enable users to have designated data at the right place, in a state appropriate to the recovery need. The replica should provide recoverability and re-startability.
Possible Uses of Local Replicas
1) Alternate source for backup
2) Fast recovery
3) Decision support
4) Testing platform
5) Data Migration
1) Alternate source for backup
2) Fast recovery
3) Decision support
4) Testing platform
5) Data Migration
Masking refers to making a LUN visible to some servers and not visible to others.
Mapping refers to the assignment of a number to a LUN. It can then be presented to a host.
We can say masking=mapping + presentation
What is Hypervisor?
Hypervisor is compute virtualization software that provides a virtualization layer for abstracting compute system hardware, and enables the creation of multiple virtual machines. It provides a virtualization layer that abstracts the processor, memory, network, and storage of the compute system and enables the creation of multiple virtual machines.
A hypervisor has two key components:
1) Hypervisor Kernel
a) Provides functionality similar to an OS kernel
b) Presents resource requests to physical hardware
2) Virtual Machine Manager (VMM)
a) Each VM is assigned a VMM
b) Abstracts physical hardware and presents to VM
What is RAID?
Redundant Array of Independent Disks (RAID) is a technique in which multiple disk drives are combined into a logical unit called a RAID set and data is written in blocks across the disks in the RAID set. RAID protects against data loss when a drive fails, through the use of redundant drives and parity. RAID also helps in improving the storage system performance as read and write operations are served simultaneously from multiple disk drives.
What are various NAS file access methods?
The various methods can be used to access files on a NAS system are:
1) Network File System (NFS)
2) Common Internet File System (CIFS)
3) Hadoop Distribution File System (HDFS).
What is Persistent binding feature?
1) Persistent binding is an HBA feature that allows the host to permanently assign a system SCSI target ID to a specific FC device, even though the device's ID might vary each time the host initializes.
2) Binding is closely associated with the device discovery process.
3) Before any binding associations have been established, the driver queries the name server for all ports that have logged in with an FC-4 type of SCSI.
4) The name server delivers a list of D_IDs (Destination ID) and the driver logs in to each D_ID, then retrieves the WWPN associated with the D_ID and processes this information against the Control Target Device/Bus Target LUN (CTD) value.
5) Without persistent binding a host cannot maintain persistent communication from a device address across the fabric to a volume.
The key FCoE SAN components are:
• Network adapters such as Converged Network Adapter (CNA) and software FCoE adapter
• Cables such as copper cables and fiber optical cables
• FCoE switch
1) Converged Network Adapter (CNA)
The CNA is a physical adapter that provides the functionality of both a standard NIC and an FC HBA in a single device. It consolidates both FC traffic and regular Ethernet traffic on a common Ethernet infrastructure. CNAs connect compute systems to the FCoE switches. They are responsible for encapsulating FC traffic onto Ethernet frames and forwarding them to FCoE switches over CEE links. A CNA offloads the FCoE protocol processing task from the compute system, thereby freeing the CPU resources of the compute system for application processing.
2) Software FCoE adapter
Instead of a CNA, a software FCoE adapter may also be used. A software FCoE adapter is OS or hypervisor kernel-resident software that performs FCoE processing. The FCoE processing consumes compute system CPU cycles. With software FCoE adapters, the OS or hypervisor implements FC protocol in software that handles SCSI to FC processing. The software FCoE adapter performs FC to Ethernet encapsulation. Both FCoE traffic (Ethernet traffic that carries FC data) and regular Ethernet traffic are transferred through supported NICs on the compute system.
3) FCoE switch
An FCoE switch has both Ethernet switch and FC switch functionalities. It has a Fibre Channel Forwarder (FCF), an Ethernet Bridge, and a set of ports that can be used for FC and Ethernet connectivity
Is it possible to have VLAN and VSAN in FCoE?
Yes.
1) If VLANs and VSANs are created on the LAN and FC SAN respectively, a mapping is required between the VLANs and VSANs.The mapping determines which VLAN will carry FC traffic that belongs to a VSAN.
2) The VSAN to VLAN mapping is performed at the FCoE switch. Multiple VSANs are not allowed to share a VLAN; hence a dedicated VLAN must be configured at the FCoE switch for each VSAN. It is also recommended that VLANs that carry regular LAN traffic should not be used for VSAN traffic.
How to start and stop iSCSI driver?
To manually start the iSCSI driver, enter
# /etc/init.d/iscsid start
The iSCSI initialization will report information on each detected device to the console or in dmesg output.
To manually stop the iSCSI driver :
# /etc/init.d/iscsid stop
Explain different port types in FCoE?
FCoE utilizes virtual ports, which emulate the behavior of regular FC ports. FCoE virtual ports establish virtual FC links between the devices in an FCoE SAN. The different FCoE port types are listed below:
1) VN_Port: It is an end point in an FCoE SAN. Typically, it is a CNA port or an FCoE storage system port that is connected to an FCoE switch in the FCoE SAN.
2) VF_Port: It is a port on an FCoE switch that connects a VN_Port.
3) VE_Port: It is a port that forms the connection between two FCoE switches. The VE_Port on an FCoE switch connects to the VE_Ports of another FCoE switch in an FCoE SAN.
1) Fabric login (FLOGI)
A storage device or server “joins” a SAN (connects to it logically) by executing a fabric login (FLOGI) operation. The device registers itself by exchanging messages with the
name server at its well-known address. The name server records the address of the server or device and some information about its characteristics. When a server wishes to discover what storage devices are connected to a fabric, it queries the name server, which returns a list of addresses and device characteristics. The server can then connect to each storage device and issue inquiry commands to
verify that the device is connected to the SAN at the registered address, that it is in fact the type of device represented by the name server and to determine additional device characteristics, such as storage capacity.Fabric login (FLOGI) is performed between an N_port and an F_port
2) Port login (PLOGI) is performed between an N_port and another N_port to establish a
session. The initiator N_port sends a PLOGI request frame to the target N_port, which
accepts accepts it. The target N_port returns returns an ACC to the initiator initiator N_port . Next, the N ports N_ports exchange service parameters relevant to the session.
3) Process login (PRLI) is also performed between an N_port and another N_ port. This login relates to the FC upper layer protocols (ULP), such as SCSI. N_ports exchange SCSI-3-
related service parameters. N_ports share information about the ULP type in use, the SCSI
initiator, or the target
When to use De-dupe and When no to use Deduplication ?
De-duplication has the greatest impact in three areas:Yes.
1) If VLANs and VSANs are created on the LAN and FC SAN respectively, a mapping is required between the VLANs and VSANs.The mapping determines which VLAN will carry FC traffic that belongs to a VSAN.
2) The VSAN to VLAN mapping is performed at the FCoE switch. Multiple VSANs are not allowed to share a VLAN; hence a dedicated VLAN must be configured at the FCoE switch for each VSAN. It is also recommended that VLANs that carry regular LAN traffic should not be used for VSAN traffic.
How to start and stop iSCSI driver?
To manually start the iSCSI driver, enter
# /etc/init.d/iscsid start
The iSCSI initialization will report information on each detected device to the console or in dmesg output.
To manually stop the iSCSI driver :
# /etc/init.d/iscsid stop
Explain different port types in FCoE?
FCoE utilizes virtual ports, which emulate the behavior of regular FC ports. FCoE virtual ports establish virtual FC links between the devices in an FCoE SAN. The different FCoE port types are listed below:
1) VN_Port: It is an end point in an FCoE SAN. Typically, it is a CNA port or an FCoE storage system port that is connected to an FCoE switch in the FCoE SAN.
2) VF_Port: It is a port on an FCoE switch that connects a VN_Port.
3) VE_Port: It is a port that forms the connection between two FCoE switches. The VE_Port on an FCoE switch connects to the VE_Ports of another FCoE switch in an FCoE SAN.
Explain NAS and SAN device in a sentence
- A NAS device provides file access to clients to which it connects using file access protocols (primarily CIFS and NFS) transported on Ethernet and TCP/IP.
- A SAN device is a block-access (i.e., it is a disk or it emulates one or more disks) that connects to its clients using Fibre Channel and a block data access protocol such as SCSI.
Explain different login types in Fabric services?
Fabric services define three login types:1) Fabric login (FLOGI)
A storage device or server “joins” a SAN (connects to it logically) by executing a fabric login (FLOGI) operation. The device registers itself by exchanging messages with the
name server at its well-known address. The name server records the address of the server or device and some information about its characteristics. When a server wishes to discover what storage devices are connected to a fabric, it queries the name server, which returns a list of addresses and device characteristics. The server can then connect to each storage device and issue inquiry commands to
verify that the device is connected to the SAN at the registered address, that it is in fact the type of device represented by the name server and to determine additional device characteristics, such as storage capacity.Fabric login (FLOGI) is performed between an N_port and an F_port
2) Port login (PLOGI) is performed between an N_port and another N_port to establish a
session. The initiator N_port sends a PLOGI request frame to the target N_port, which
accepts accepts it. The target N_port returns returns an ACC to the initiator initiator N_port . Next, the N ports N_ports exchange service parameters relevant to the session.
3) Process login (PRLI) is also performed between an N_port and another N_ port. This login relates to the FC upper layer protocols (ULP), such as SCSI. N_ports exchange SCSI-3-
related service parameters. N_ports share information about the ULP type in use, the SCSI
initiator, or the target
1) Data backup
2) Data replication
3) Data retention
If we de-duplicate data for the clients it does not need to send as much data over your LAN (local area network) or WAN (wide area network) for remote-office consolidation and data backup. Using de-duplication in backup applications can save a lot of money that otherwise have to spend for media
When not to use dedupe:
Frequently accessed production databases are the worst place to use data deduplication. Trying to keep performance up while each write operation to the database disks must be preceded by a hash process to store the new data, and each read request must be preceded by an operation that reconstitutes the data so that the application can use it. Not a good idea. Use deduplication on the database when you back it up and leave production alone.
