Managing and protecting all enterprise data


SAN switch smarts

Switches can now handle storage management, performance management and security. Here's a comprehensive look at the pros and cons of intelligent switches.

Where should storage intelligence reside?
Where is the best place to embed storage intelligence into the network? The following guidelines will help you decide:

On The Switch. For environments with heterogeneous storage arrays and servers, minimal anticipated growth and a small team of administrators, placing storage intelligence on the switch makes sense. Products from smaller companies may be acceptable, but more established shops will probably want to consider products from EMC, IBM and Veritas as they become widely available.
On an Appliance. Appliances make sense for heterogeneous array, server and switch environments where growth is dynamic and unpredictable. Appliances can fit into existing deployments without forklift upgrades. Larger shops new to this space may want to experiment with products from Candera, DataCore, FalconStor, Softek and Troika Networks. Once familiar with the technology, consider solutions from EMC, IBM or Veritas as they're more likely to fit into existing infrastructures with less disruption.
No intelligence in the network. There are good arguments for keeping switches stupid. With switches prices as low as $200 per port, keeping intelligence on the host and storage arrays is a cost-effective option for relatively small environments with just one storage array or servers with the same operating system.
Growing and merging storage area networks (SANs) create levels of complexity that many of today's baseline Fibre Channel (FC) switches were never designed to handle. Deployed to referee connectivity between servers and storage, switches need more intelligence to manage the multifaceted performance, storage and security issues that large fabrics increasingly need to address.

Simply put, switches bear the brunt of the changes in storage networks. They must simultaneously monitor and prioritize bandwidth for critical applications, handle storage management functions and secure access for all devices attached to the SAN. Putting these services in switches gives users multiple benefits:

  • A central point of administration for storage, performance and security management functions
  • Simpler storage management
  • Stronger security
  • Better performance and availability of critical applications
Yet as switches take on these responsibilities, users also need to consider the following:
  • Are switches the best choice to house storage and security functions? Or are customized appliances better suited?
  • How will these technologies impact the performance of your critical applications?
  • How compatible are these vendors' advanced switch technologies with your storage environment?
Answering these questions will be complicated by the intangible factors that also come into play. For example, who will manage functions within the switch and under what circumstances? Not everyone understands the benefits of moving these technologies to the switch, so incorrectly configuring any of these functions can create its own set of problems. Even if policies are defined, enforcing them will be difficult because implementing networking, security and storage functions on a single switch may cross existing departmental and political lines.

Users must also assess if they should use existing technologies or deploy new ones. For example, Brocade Communications Systems Inc., Cisco Systems Inc. and McData Corp. switches integrate security and volume management technologies from companies such as EMC Corp., IBM Corp. and Veritas Software Corp. However, a new switch vendor like Maxxan Systems Inc. ships its own storage and security products.

Magnifying the problem, the capabilities that smart switches offer vary significantly from vendor to vendor. For example, Sandial Systems' Shadow 14000 FC switch offers users the ability to monitor performance and then dynamically allocate bandwidth based upon predefined QoS policies. Both Maxxan's MXV320 and Cisco's MDS 9000 family of switches can incorporate virtualization blades into their switches from third-party providers like FalconStor Software Inc., IBM and Veritas. Still others like Computer Network Technology Corp.'s UltraNet Multi-service Director (UMD) offer users the ability to turn on RADIUS authentication that enables switches to verify the authenticity of servers logging onto the FC SAN. What follows is a look at who offers what, how the features work and which ones you need and when.

Intelligent FC switches
Click here for a comparison table about intelligent FC switches (PDF).

Volume management
Volume management functions appearing in the fabric continue to gain momentum. Much of this impetus comes from the fact that vendors in the host, switch and array arenas recognize that storage network traffic in enterprise environments differs from traditional networks in one important aspect: It requires a storage routing table. Network-based volume management products provide this more granular ability to map the server's host bus adapter (HBA) world-wide name (WWN) to the individual LUN on an array.

For users who manage large heterogeneous server and storage environments, network-based volume management technology should appear on their must-have list. It offers the ability to do the following:

  • Pool different vendors' arrays into one logical pool
  • Manage different classes of storage
  • Create a common storage management console
  • Enable advanced capabilities such as mirroring, snapshots and off-site disaster recovery
  • Simplify data and server migrations
What users in large heterogeneous environments need to ask themselves is if this technology should be on the switch or on an appliance dedicated to a specific function. A number of switch and storage vendors already offer this technology at the network level. Cisco offers Veritas' Volume Management and IBM's SAN Volume Controller as applications that can run on a blade in its MDS 9000 family of switches. Other vendors such as Candera Inc., DataCore Software, FalconStor, Hewlett-Packard Co. (HP), IBM, Troika Networks and Softek also offer volume management products that run as appliances in the network.

Unless users are experiencing a lot of pain managing their environment, they should wait for a standardized API virtualization interface. A standardized API will free users from being tied to any one specific switch vendor's volume management implementation and allow them to easily move between switch vendors in the future. The forecast is for a 2005 release of the Fabric Application Interface Standard (FAIS) 1.0 standard that will provide standardized APIs for network-based volume management.

For those enterprises ready to move ahead now, consider either products that are SMI-S enabled or comply with their existing environment. For users who predominantly have either Veritas or EMC in their shops, look to current or forthcoming products from Brocade, Cisco or McData which have announced plans to port these types of volume management products to their switches.

Some new technologies like Maxxan's 256-port MXV500 give users an either/or choice of virtualization technologies. In band, the MXV500 supports file-level and block-level virtualization as well as virtual tape. The switch also supports existing out-of-band products by putting what Maxxan calls "coordinating software" into the MSV500's application card that works in conjunction with existing products on the market. This functionality allows users to choose which type of virtualization solution they wish to deploy and helps remove any concerns about in-band virtualization causing congestion in the switch.

Some users view moving to network-based volume management and away from existing--and working--storage vendor array interfaces as too many steps to take all at once. To help ease users down the path, both Troika Networks' Accelera NSS and DataCore's SANsymphony can create the virtual storage pool from a number of heterogeneous storage arrays. These products run as appliances in the network and can represent LUNs to servers in the manner system administrators want to access them. They can also be deployed as point solutions, allowing users to move into them at a pace at which they're comfortable.

For example, IBM's Subsystem Device Driver (SDD) dual-pathing software looks for a volume labeled with an IBM signature before its dual-pathing functionality will work. Both Accelera and SANsymphony can present a virtual LUN to servers with the IBM 2105 volume signature, even though it may be carved out of a virtualized pool of Dell, EMC, HP and StorageTek storage. This should permit the SDD driver to work as it had before even though there may be no IBM 2105 storage anywhere on the SAN.

Cisco was the first of the major switch vendors to successfully port and host existing server and network-based virtualization technologies on a FC switch. Its MDS 9000 family of switches allows either IBM's SAN Volume Controller (SVC) or Veritas' Storage Foundation for Networks software to operate on the switch. Cisco says it intends to work with EMC and HP and is still in the investigation stage with HDS.

Porting these existing storage management technologies allows users to continue to work with products they're accustomed to using. (For more information go to IBM's SVC ships with software such as Peer-to-Peer Remote Copy (PPRC) and FlashCopy that also come with its IBM Shark. Similarly, users experienced with Veritas' Foundation Suite will find Flash Snap and integration with its Enterprise Administrator and SANPoint Control products at the network level. Users deploying these technologies on Cisco switches can experience one additional benefit. Cisco claims that deploying both its VSAN technology and one of these virtualization technologies on the same switch allows users to virtualize storage in multiple VSANs simultaneously.

On the other hand, companies such as Candera, DataCore, FalconStor, Maxxan, Softek and Sun that offer their own network-based virtualization products usually present LUNs that have characteristics unique to their products. Yet many enterprise administrators are hesitant to deploy these products throughout their enterprise, fearing that they are too risky and too narrowly focused or they are incompatible with the existing infrastructure.

As users consider the benefits and drawbacks of network-based volume management and how to best implement it, here are some key steps to take:

  • Start testing now. Whether on the switch or as an appliance, users need to spend at least a couple of months getting their arms around this technology before gradually moving it into a production environment.
  • Pick a product that fits into your environment. Network-based volume management requires a major change to your storage environment. If you're already an EMC, IBM or Veritas shop, it's probably best to choose one of their products. In a heterogeneous storage and server shop, a third-party product from a vendor such as DataCore, Softek or Troika Networks should be considered.
  • Move slowly. Network-based volume management is a foundational storage technology. It will be extremely difficult for an organization to migrate from the product once it's put into place.
The performance question
While users are increasingly receptive to the idea of more intelligent switches, they must assess the performance impact that network-based intelligence may have on their applications. Features that authenticate the server, encrypt the transmission, route the traffic or perform the volume management in the data path will each introduce latency into the I/O path. The degree to which applications are affected will vary by how many functions are deployed, the latency each one introduces and in what combination they are used.

As a rule of thumb, users of performance-intensive applications such as e-mail and Oracle databases notice an impact when individual I/Os exceed 15 milliseconds. So, the deployment of any technology will ideally keep each I/O at about three milliseconds under normal loads, and under 10 milliseconds per I/O under heavy loads.

Regarding performance, it's also important to consider how a technology such as volume management is deployed. For example, FalconStor and IBM offer virtualization technologies that run as either standalone appliances or as blades in a switch. The underlying features are the same in both instances, but deploying this technology on an appliance can introduce more latency because it requires two more network hops, from the switch to the appliance and then from the appliance back to the switch again.

The good news is that this latency routinely gets measured in microseconds, essentially amounting to little more than noise in the network. Some vendors like DataCore find that its SANsymphony product keeps latency in the nanosecond range for each I/O in optimal conditions. Factor in that these technologies also incorporate additional storage caching algorithms and can take advantage of newer, faster technologies. As a result, users may actually experience a performance boost.

Network bandwidth
While network performance rarely surfaces as an issue, that doesn't mean users never experience network congestion nor does it negate the need to manage network bandwidth. Servers, tape and disk all connect to the SAN at the same 1Gb or 2Gb FC speeds, and the amount of bandwidth each application needs--and when it needs it--varies. With tape and disk ports shared in many users' environments and some servers hosting multiple applications, switches increasingly need to recognize and prioritize how applications utilize the bandwidth on these ports. For the switch to do this, it needs to be able to inspect the contents of the FC packet and adjust bandwidth for specific applications based on predetermined policies.

Brocade, Cisco, CNT and Sandial each enable users to set policies in their switch operating systems that can recognize and respond to fluctuations in SAN activity. For instance, Sandial's ConnectIQ manages the bandwidth of different servers accessing the same storage array port and guarantees bandwidth minimums as well as enforcing maximum bandwidth restrictions based on policies set by the user. Cisco's MDS9000 offers four QoS priority levels that allow users to configure data traffic such that the traffic of latency-sensitive applications receives higher priority than throughput-intensive applications. The ability of different vendor products to analyze the contents of the FC packet and dynamically adjust bandwidths can vary significantly.

Products such as Maxxan's MXV500 and McData's Intrepid 6140 have limited abilities to report on bandwidth utilization and identify potential problem areas. Users should favor FC switches that enable them to capture and monitor performance information. However, you should only pay a premium for those switches that automate this functionality and when your environment has a demonstrated need for it.

With the introduction of IP and different types of servers being connected to the SAN, storage administrators are starting to pay more attention to security. A number of switch vendors already offer tools to enforce various levels of security in their environments, with most designed to prevent accidental intrusions. For example, Cisco's MDS9000 SAN-OS resembles most vendors' products because it follows the Authentication, Authorization and Accounting (AAA) method for centralized administration. Their SAN-OS authenticates the user, and then authorizes the user for the activities on the switch.

McData offers its SANtegrity suite of security products as an option for its switches. It allows users to zone by either WWN or by fabric port as well as the ability to lock down the fabric by preventing the spoofing of WWNs on N_Ports and E_Ports. Brocade's Fabric OS offers similar functions, as well as the ability to implement trusted switches and a Public Key Infrastructure-based infrastructure for authentication and security using digital certificates.

Intelligent switches are a foregone conclusion in the storage network. They offer the ability to prioritize FC and Ethernet packets, divvy up bandwidth between applications, centralize storage management and secure access to the data housed on it. Users should make accommodations for more of these features to appear in their fabric. But the path that intelligence will follow in the network is still unclear. No one switch has assumed a dominant position. As a result, storage administrators should move slowly down this path, only deploying intelligent switches where there's a need for network-based storage, performance or security services.

Article 4 of 19

Dig Deeper on SAN technology and arrays

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Storage

Access to all of our back issues View All