Bridging SAN islands


This article can also be found in the Premium Editorial Download "Storage magazine: Who owns storage in your organization?."

Download it now to read this article plus other related content.

SAN isolation
Technologies such as VSAN, hard partitioning and LSAN represent vendors' first attempts to isolate the traffic and data on a SAN. These technologies are modeled after Virtual LAN (VLAN) technology, which allows different devices on different LAN segments to communicate with one another as if they're on the same physical segment.

Users cite a variety of practical reasons for wanting to isolate their SANs, and VSANs offer effective methods to satisfy their needs. VSANs allow storage administrators to set up preproduction tests on the same SAN that hosts production applications and data. They also minimize the impact of fabric-wide disruptive events. But the greatest benefits of implementing VSAN technology are likely to be realized in large SAN deployments.

Larger environments tend to get more complex as SANs consolidate. While costs decrease and capacity utilization increases, management and administrative issues become thornier. For instance, individuals used to managing their own SAN islands prior to consolidation may need to still manage their piece of the consolidated SAN for administrative and security reasons, yet current SAN technology makes this almost impossible.

VSANs provide practical solutions. Technologies from both Cisco and McData allow users to create fabrics containing their own fabric services and management access within the SAN. Each VSAN fabric has its own name

Requires Free Membership to View

server, zone server and domain controller, so administrators can have the control they need and allow users attached to the SAN to experience the same level of services they had before.

This becomes especially relevant in storage environments with special requirements. For instance, administrators in production environments may need to limit the timeframes when changes are made in their switch environment. Other administrators working in test and development environments may need to make changes throughout the day to meet ever-changing testing demands.

But often test and development SANs are merged with production SANs and must adhere to the production SAN's more stringent requirements. Current SANs don't accommodate the coexistence of these two environments very well, with users on the development side often getting the short end of the stick by having to work within the confines of the more constraining production environment.

VSAN technology solves this. Cisco and McData allow users to create separate VSANs for different environments on the same switch. Brocade's AP7420 switch allows resources to be shared between the two storage fabrics while maintaining the integrity of each fabric.

High-volume backup traffic in a consolidated storage environment is best run on a separate fabric. Cisco's MDS 9000 and McData's DS10000 enable the segregation of backup traffic from other VSAN traffic. Users in Brocade environments can theoretically configure their AP7420 and partition the switch to separate the backup function as well, but because it's only a 16-port switch, it may make more sense to create a separate SAN dedicated to backup.

However, there are downsides to dividing up the resources of a switch. With VSANs, disk or tape resources allocated to one logical SAN can't be shared with another VSAN. Complementary technologies like Inter-VSAN Routing (IVR) from Cisco help overcome this problem. IVR is a standard part of Cisco's latest MDS 9000 SAN-OS 1.3. It enables the sharing of common storage resources such as FC tape drives and WAN links in Cisco VSAN networks. IVR examines data traffic on different VSANs and allows certain data packets access to devices on another VSAN. But IVR technology only became available with Cisco's November 2003 SAN-OS 1.3 release. Users of other FC switch vendors need to wait until a standard gets defined.

McData's new DS10000 switch features a competing technology called hard partitioning. It operates in a manner similar to Cisco's VSAN technology. Hard partitioning enables, for example, separate administrative logins, data isolation and even different versions of switch microcode to run on different partitions of the same switch. "But McData directors don't allow sharing of storage resources dedicated to one partition by another partition, as Cisco's IVR does.

Brocade's LSAN technology lets users create a VSAN. Rather than offering this feature as an option on its director-class 12000 switch, Brocade chose to deploy this technology on its SilkWorm Fabric AP7420 switch. The switch lets departments retain the management responsibility of their SAN and keep their servers and storage in their existing location. A department with excess capacity can share it with another group, and they can recover or replicate their data at another site.

The AP7420's EX_Port allows the sharing of resources between different fabrics. It acts like a Fibre Channel Network Address Translation (FC-NAT) engine by presenting a device on one SAN to the other SAN, only with a different FC address. So if Tape Drive 1 on SAN A needs to be shared on SAN B, the AP7420 could present it as Tape Drive 2 on SAN B, while protecting its identity of Tape Drive 1 on SAN A's fabric.

Yet Brocade's AP7420 implementation continues to reinforce user perceptions that almost every solution it introduces consumes more FC ports. For example, to achieve redundancy between two existing fabrics requires 16 FC ports: four on each existing SAN, plus four more on each of the two AP7420s. At a cost of $1,500 or more on the existing ports, this adds over $12,000 to the cost. Users should urge Brocade to implement back-end inter-switch links (ISLs) on their switches for these types of solutions.

Virtual SAN switches
Researched by Robin Raulf-Sager.
*Configuration of DS10000 is subject to change because it hasn't been released yet.

This was first published in May 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: