This article can also be found in the Premium Editorial Download "Storage magazine: Evaluating the benefits of IP SANs."
Download it now to read this article plus other related content.
Virtual SAN reality
As well as fulfilling Deakin's need for iSCSI and FC connectivity, the MDS 9509 switches provided what was to become another important capability: support for Cisco's VSAN technology, which has been modeled after the IEEE 802.1q-based virtual LANs (VLANs) that were long ago standardized across conventional IP networks.
VLANs work by using packet tagging to assign each data packet to membership in one or more VLANs. That way, IP data can be freely routed across a network, but can only be received by devices subscribed to that particular VLAN.
VSANs take a similar approach with SAN equipment, adding a higher level of granularity to FC port switching so that FC fabrics are no longer an all-or-nothing proposition determined by the physical boundaries of the switch. VSANs allow assignment of each individual FC port to one or more VSANs, creating a virtual FC fabric that's used to manage access to the data by various elements of the SAN. As well as partitioning the data, the VSAN also segregates the various FC services that make up the fabric.
For Deakin, VSAN technology offered significant benefits in that it would allow the IT department to provide greater control over access to the SAN for the university's various applications. For example,
this meant using VSAN tagging to segregate its storage production network from its storage development network.
The ability to virtually separate these two networks resolved a major problem the university had previously been dealing with in staging changes to its environment. With so much data being managed, that data had to be copied into a development environment that would allow the testing and debugging of applications using real data.
In the case of Callista--which as the main repository for all student-related data is arguably the most important system running at Deakin--this meant copying a 1.5TB database to create a development copy that could be used without fear of corrupting the real database. Callista contains over 20 years' worth of past student data and, although Deakin is only legally obligated to keep student records for seven years, it has opted to store all student data permanently.
Using the VSAN, the need to regularly copy such a large volume of data has been eliminated. Deakin uses the IBM ESS server's FlashCopy snapshot capability to provide nearly instant snapshots of the data, which the VSAN then segregates from the university's live production data.
"Because we have separate development and production VSANs, we can do crazy things in the development VSAN," says Warren. "We put in the IP services module and didn't have it have any effect on the production environment. We're stress testing applications, conducting user acceptance testing, and testing failover cluster configurations without interrupting the real environment. This sort of thing was particularly hard to do in the past, when we typically had large mirrors of the production environment."
The nine-slot 9509 chassis have been installed with three interface cards each, providing a total of 80 FC ports. A dozen ports connect to the IBM Shark, eight ports into the Sun Fire 12K and two ports into each of Deakin's other Sun servers. The Linux servers connect into the SAN using both FC and iSCSI. The control modules are configured redundantly, allowing upgrades and changes to each MDS without having to bring them down. Two lower-capacity MDS units will soon be installed at the Burwood data center to provide further redundancy and segregation of the data environment at that site.
Because it's such an early adopter of VSAN technology, Deakin has worked closely with IBM and Cisco to get the VSANs configured correctly. Yet with a bit of training, Warren says Deakin staff found the process was relatively straightforward, with problems limited to a few issues with the QLogic FC HBAs. Cisco debugging tools--including FC equivalents of Ping and Traceroute--provide diagnostic capabilities that helped trace the path of data across the VSANs and quickly resolve any discrepancies.
Although it's only running two VSANs now, Warren envisions further segregation could become valuable, as individual departments and other functional areas of the university begin to demand their own corners of the SAN. In the short term, however, a more immediate upgrade may be the introduction of a third VSAN that would separate regression testing from user acceptance testing.
The SAN may be the biggest architectural change to the university's storage strategy, but the addition of VSANs is proving to be important in helping Deakin get additional benefits from its SAN investment. When production and testing environments "were in the same fabric, whenever the fabric would reset, every machine would have to log in again," says White. "In a big environment with hundreds of switches, the VSAN will be an absolute lifesaver: We can drop and reboot the 9216 all day long without causing a hiccup on the production VSAN."
Given that the traffic segregation provided by the VSANs has now been proved to work, Warren anticipates SAN management will become easier. The university's growing data store--which he expects will surpass 60TB by next year--can now be managed in logical partitions determined by use, not just by which switch the devices happen to be plugged into.
This was first published in July 2003