The pitfalls of smart switches


This article can also be found in the Premium Editorial Download "Storage magazine: Storage salary survey: Are you being paid enough?."

Download it now to read this article plus other related content.

What should users be doing now?
Storage services. Storage

Requires Free Membership to View

services should take precedence in user environments consisting of heterogeneous operating systems and storage arrays. The good news is that existing players in this space such as DataCore Software, FalconStor Software and Hewlett-Packard Co. already are beyond the 1.0 release levels and new players such as Brocade Communications Systems Inc., Candera Inc., Cisco Systems Inc.,

Fujitsu Softek and IBM Corp., among others, have entered the market providing an increasing number of solutions with new feature sets to test. Users need to take some time to understand the pros and cons of appliance and switch-based solutions. Be cautious about deploying too rapidly and be ready for some short-term pain. However, keep focused on the long-term benefits such as simplified networking and easier storage management because they will definitely outweigh the short-term testing and implementation headaches.

Transport services. Understanding transport services should take priority in environments where users anticipate using different protocols (Fibre Channel, iSCSI) to connect to the storage network, to connect storage area network (SAN) islands or experience throughput problems. Intermixing different protocols on a single switch generates a lukewarm reception from users. FC switches that support different protocols will take on increasing importance in the coming year as iSCSI starts to build momentum. Users need to become more comfortable with storage networks before starting to introduce different protocols.

Throughput problems appear to be taking a back seat right now in the minds of users. 2Gb FC exceeds the requirements for many sites, and with 4Gb and 10Gb FC and 10Gb Ethernet slated for a 2004 appearance, few users seem concerned about current bandwidth limitations other than for creating inter-switch links (ISLs).

Connecting SAN islands gets mixed reviews in the minds of users. Some users seem content to pull out their existing smaller 16- and 32-port switches and replace them with 64-port or larger directors. This move keeps the fabric design and management simple and also helps to avoid, for the time being, any throughput issues that may arise. Others appear willing to connect smaller switches and centralize resources, but face the trade-off of creating more complicated environments.

Security services. Security services remains last in the minds of users. While companies like Decru Inc. and NeoScale Systems Inc. both appliances that can authenticate servers and encrypt traffic on the SAN, most users get peace of mind by placing their servers and storage on a physically separate network running a different protocol behind locked doors. For now, users should only consider security services where there's some question about the legitimacy of the users or servers accessing the SAN or if some chance exists that the data may be intercepted.

Another important characteristic that comes into play on switches is the ability to do QoS. While smaller, high-speed SANs can usually handle today's storage traffic without any performance impacts, as SANs grow and different types of data traffic get introduced into the network, the ability to understand and prioritize the data traffic will grow. That's when switches with OS that support QoS should shine.

For instance, today's storage networks may concurrently support traffic from a Windows e-mail server, a network file server and multiple Unix and Windows database servers, all with varying degrees of importance. Switches that support QoS should be able to inspect and prioritize each data packet flowing through the network for the type of data contained in the packet, performing tasks such as increasing or decreasing the bandwidth available for a specific application.

Here's where the header segment of the FC data packet can help. Several companies, including Veritas, are looking to write to this part of the FC packet so the network can better manage traffic. For instance, if a packet will carry backup traffic, Veritas can adjust its NetBackup code to write that information to the header portion of the FC packet.

Once the header has such information, QoS can intervene during periods of high activity on the network. The QoS inspects the appropriate portions of each FC packet and based on user-defined policies, allocates more bandwidth to applications such as OLTP while throttling back on the bandwidth allocated for backups and routine requests.

Secure access
Today, storage networks remain relatively secure simply because they usually exist as physically separate, limited-access networks. Those days are coming to an end. With new technologies like iSCSI, the increasing need to back up and replicate data remotely--and the emerging corporate objectives to consolidate and manage storage across different data centers--networks will no longer remain isolated.

As SANs become connected, security risks start to emerge. As occasionally happens with servers, host bus adapters (HBAs) move from one server to another, especially if the server the HBA was originally installed has a PCI bus. Because multiple server hardware and software vendors support the PCI bus type, the card may be salvaged for use in another server, introducing the chance of a security breach.

If the LUN security and zoning associated with the original HBA isn't removed prior to this HBA being installed in another server, the possibility exists that as soon as this HBA is plugged back into the SAN, the HBA and its new server OS may immediately access its old storage. Administrators may also not know that they shouldn't have access to this storage and may try to discover and format the storage, wiping out data.

New switches and specialized storage security appliances can help secure expanding networks. Brocade, for example, has agents that can be placed on servers that do a handshake between the server and their switch OS. If the switch detects that the world wide name (WWN) of the HBA logging onto the network is assigned to a different server, it will prevent that server from logging into the network or accessing any storage.

Appliances from Decru Inc., Redwood City, CA, and NeoScale Systems Inc., Milpitas, CA, go a step further. While they also authenticate servers coming onto the storage network, they actually encrypt the data coming onto the storage network and store the data in an encrypted format on the disk itself. The advantage of this approach is that even if storage is presented to another server, the disk and data can neither be read nor written by the new server--only the server that possesses the original encryption key can access the data.

All of these new fabric-based technologies come with a price. While most eliminate one or more existing pain points of storage management or network connectivity, they create their own set of management or performance problems.

No silver bullet
Introducing routing into the switch can introduce potential problems, especially if routing involves multiple switches. Routing the data traffic from the server to the storage array across multiple hops and ensuring it responds in a manner that meets current SLAs performance requirements can be a tricky venture at best. Spread that server's data across multiple storage arrays connected to different switch ports and it becomes a nightmare to untangle any performance issues that might crop up.

A similar scenario holds true for QoS. The idea of allocating more bandwidth to an application that needs it while throttling the bandwidth back for another application sounds great. Unfortunately, not all environments are so cut and dry. While increasing the bandwidth for an OLTP application may be ideal, there may also be SLAs tied to backups as well. If the backup is not completed within its backup window or fails because it can't get the bandwidth it needs in time, then the whole intent behind QoS fails.

Volume management sounds like another stellar idea whose time has arrived. Yet the jury is still out on whether this technology will dramatically improve a storage administrator's work. While standardizing on one virtualization or volume management platform across the enterprise may appeal to the organization's storage team, it's the guys with the check books who close the deals.

So standardizing on Fujitsu Softek's Storage Virtualization or IBM's SAN Volume Controller may sound great today, but when Cisco shows up on your doorstep offering EMC's or Veritas' Volume Manager natively integrated into their switch for free--plus a discount to throw out all of your company's existing switches--upper management will be hard pressed to ignore that value proposition. Or worse yet, companies may elect to keep everyone's products, switches, storage arrays and multiple virtualization solutions, forcing the storage team to manage the existing storage arrays alongside these new network-based storage controllers. So instead of the problem getting easier, it just got more complex.

Getting a bigger brain in the network appears to be a foregone conclusion as storage networking moves ahead. By providing faster provisioning, secure access, improved QoS and simpler management through a central console, a new intelligent fabric is slowly emerging. However, until the brain matures and more questions get answered, much of this technology still belongs predominantly on the test floor and not on the production floor.

This was first published in December 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: