strategies for data protection first edition

STRATEGIESFOR DATAPROTECTION

FIRST EDITION

A strategic approach tocomprehensive data protection

TOM CLARK

STRATEGIES FOR DATA PROTECTIONFIRST EDITION

A strategic approach to comprehensive data protection

TOM CLARK

This book is dedicated to the memory of Kent Hanson. Returned too soon to stardust and golden, he is sorely

missed by his workmates and friends.

© 2008 Brocade Communications Systems, Inc. All Rights Reserved.

Brocade, Fabric OS, File Lifecycle Manager, MyView, and StorageX are registered trademarks and the Brocade B-wing symbol, DCX, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

Brocade Bookshelf Series designed by Josh Judd

Strategies for Data ProtectionWritten by Tom Clark Reviewed by Brook ReamsEdited by Victoria ThomasDesign and Production by Victoria ThomasIllustrations by Jim Heuser, David Lehmann, and Victoria Thomas

Content for Chapters 9 through 12 based on the Brocade corporate Web site (www.brocade.com), edited by Doug Wesolek

Content for Chapter 13 provided by the S3 team

Printing History

First Edition, eBook, June 2008

iv Strategies for Data Protection

Important Notice

Use of this book constitutes consent to the following conditions. This book is supplied “AS IS” for informational purposes only, without warranty of any kind, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this book at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this book may require an export license from the United States government.

Brocade Corporate HeadquartersSan Jose, CA USAT: (408) 333 [email protected]

Brocade European HeadquartersGeneva, SwitzerlandT: +41 22 799 56 [email protected]

Brocade Asia Pacific HeadquartersSingaporeT: +65 6538 [email protected]

Acknowledgements

Many thanks to Victoria Thomas for her meticulous copyediting and superb organization at pulling this project together. Thanks also to Brook Reams for reviewing the final manuscript and providing technical insight into many of the issues raised by data protection. Finally, thanks to Tom Buiocchi and the entire Brocade Marketing team for creating such a supportive and intelligent working environment.

Strategies for Data Protection v

About the Author

Tom Clark is a resident SAN evangelist for Brocade, and represents Brocade in industry associations, conducts seminars and tutorials at conferences and trade shows, promotes Brocade storage networking solutions, and acts as a customer liaison. A noted author and industry advocate of storage networking technology, he is a board member of the Storage Networking Industry Association (SNIA) and Chair of the SNIA Green Storage Initiative. Clark has published hundreds of articles and white papers on storage networking and is the author of Designing Storage Area Networks, Second Edition (Addison-Wesley 2003, IP SANs: A Guide to iSCSI, iFCP and FCIP Protocols for Storage Area Networks (Addison-Wesley 2001), and Storage Virtualization: Technologies for Simplifying Data Storage and Management (Addison-Wesley 2005).

Prior to joining Brocade, Clark was Director of Solutions and Technologies for McDATA Corporation and the Director of Technical Marketing for Nishan Systems, the innovator of storage over IP technology. As a liaison between marketing, engineering, and customers, he has focused on customer education and defining features that ensure productive deployment of SANs. With more than 20 years experience in the IT industry, Clark has held technical marketing and systems consulting positions with storage networking and other data communications companies.

vi Strategies for Data Protection

Strategies for Data Protection

Contents

Introduction .................................................................................................. i

Part One .......................................................................................................1

Chapter 1: Building the Foundation ........................................................3Storage-Centric vs. Network-Centric SAN Architectures .....................................4

Flat SAN Topologies ......................................................................................4Mesh SAN Topologies ...................................................................................7Core-Edge SAN Topologies ...........................................................................9Inter-Fabric Routing ....................................................................................11Virtual Fabrics .............................................................................................13Additional SAN Design Considerations .....................................................14

Highly Available Storage .....................................................................................16Local Mirroring (RAID 1) .............................................................................16Other RAID Levels .......................................................................................18RAID as a Form of Storage Virtualization ..................................................20Alternate Pathing and Failover ...................................................................20Additional High Availability Storage Features ...........................................22

Storage and Fabric Consolidation .....................................................................22SAN Security ........................................................................................................24

Securing the SAN Data Transport ..............................................................25Securing Storage Data Placement ............................................................31Securing the Management Interface ........................................................34

Going to the Next Level: The Brocade Data Center Fabric ...............................35

Chapter 2: Backup Strategies ............................................................... 37Conventional Local Backup ................................................................................37

Backup Fabrics ...........................................................................................42Disk-to-Disk (D2D) Tape Emulation ...........................................................43Disk-to-Disk-to-Tape (D2D2T) .....................................................................44

Remote Backup ..................................................................................................45Data Restoration from Tape .......................................................................49

vii

Contents

Chapter 3: Disaster Recovery ............................................................... 51Defining the Scope of Disaster Recovery Planning ..........................................52Defining RTO and RPO for Each Application .....................................................53Synchronous Data Replication ..........................................................................55

Metro DR .....................................................................................................56Leveraging High Speed ISLs ......................................................................58

Asynchronous Data Replication .........................................................................59Going the Distance .....................................................................................60

Disaster Recovery Topologies ............................................................................70Three-Tier DR ..............................................................................................70Round Robin DR .........................................................................................71

SAN Routing for DR .............................................................................................73Disaster Recovery for SMBs ............................................................................... 74

Chapter 4: Continuous Data Protection .............................................. 75Defining the Scope of CDP .................................................................................76Near CDP .............................................................................................................78True CDP ..............................................................................................................78Integrating CDP with Tape Backup and Disaster Recovery ..............................80

Chapter 5: Information Lifecycle Management ................................. 81Tiered SAN Architectures ...................................................................................83

Classes of Storage Containers ..................................................................83Classes of Storage Transport .....................................................................84

Aligning Data Value and Data Protection ..........................................................86Leveraging Storage Virtualization ......................................................................87

Storage Virtualization Mechanics ..............................................................89Convergence of Server and Storage Virtualization ...................................92

Fabric-Based Storage Services ..........................................................................92Fabric Application Interface Standard (FAIS) ............................................93Brocade Data Migration Manager (DMM) .................................................95

Chapter 6: Infrastructure Lifecycle Management .............................. 97Leased versus Purchased Storage ....................................................................97The Data Deletion Dilemma ...............................................................................98

Bad Tracks ...................................................................................................98Data Remanence ........................................................................................99Software-based Data Sanitation ............................................................ 100Hardware-based Data Sanitation ........................................................... 100

Physical Destruction of Storage Assets ...........................................................101

viii Strategies for Data Protection

Contents

Chapter 7: Extending Data Protection to Remote Offices ..............103The Proliferation of Distributed Data .............................................................. 103Centralizing Remote Data Assets ................................................................... 106

Remote Replication and Backup .............................................................107Leveraging File Management Technology for Data Protection ............. 108Protecting Data with Brocade StorageX ................................................. 110Brocade File Management Engine ......................................................... 112

Part Two ..................................................................................................113

Chapter 8: Foundation Products ........................................................115Brocade DCX Backbone .................................................................................. 116Brocade 48000 Director ................................................................................. 119Brocade Mi10K Director .................................................................................. 121Brocade M6140 Director ................................................................................ 122Brocade FC4-16IP iSCSI Blade ....................................................................... 123Brocade FC10-6 Blade .................................................................................... 124Brocade 5300 Switch ...................................................................................... 125Brocade 5100 Switch ...................................................................................... 126Brocade 300 Switch ........................................................................................ 127Brocade Fibre Channel HBAs .......................................................................... 128

Brocade 825/815 FC HBA ...................................................................... 128Brocade 425/415 FC HBA ...................................................................... 129

Brocade SAN Health ........................................................................................ 130

Chapter 9: Distance Products .............................................................133Brocade 7500 Extension Switch .................................................................... 133FR4-18i Extension Blade ................................................................................. 134Brocade Edge M3000 ..................................................................................... 135Brocade USD-X ................................................................................................. 136

Chapter 10: Backup and Data Protection Products ........................137Brocade FA4-18 Fabric Application Blade ......................................................137Brocade Data Migration Manager Solution ................................................... 139EMC RecoverPoint Solution ............................................................................ 140

Chapter 11: Branch Office and File Management Products ..........143Brocade File Management Engine ................................................................. 143Brocade StorageX ............................................................................................ 145Brocade File Insight ......................................................................................... 146

Strategies for Data Protection ix

Contents

Chapter 12: Advanced Fabric Services and Software Products ....149Brocade Fabric OS ........................................................................................... 149

Brocade Advanced Performance Monitoring ......................................... 150Brocade Access Gateway .........................................................................151Brocade Fabric Watch ............................................................................. 152Brocade Inter-Switch Link Trunking ........................................................ 153Brocade Extended Fabrics ...................................................................... 154

Brocade Enterprise Fabric Connectivity Manager ......................................... 156Brocade Basic EFCM ............................................................................... 156Brocade EFCM Standard and Enterprise ............................................... 156

Brocade Fabric Manager ................................................................................. 158Brocade Web Tools .......................................................................................... 160

Chapter 13: Solutions Products .........................................................163Backup and Recover Services ........................................................................ 163Brocade Virtual Tape Library Solution ............................................................ 164

Appendix A: The Storage Networking Industry Association (SNIA) .167Overview ........................................................................................................... 167Board of Directors ............................................................................................ 168Executive Director and Staff ........................................................................... 169Board Advisors ................................................................................................. 169Technical Council ............................................................................................. 169SNIA Technology Center .................................................................................. 169End User Council ..............................................................................................170Committees .......................................................................................................170Technical Work Groups .....................................................................................171SNIA Initiatives ..................................................................................................171

The SNIA Storage Management Initiative ...............................................171The SNIA XAM Initiative ............................................................................171The SNIA Green Storage Initiative ...........................................................171Industry Forums ........................................................................................172SNIA Data Management Forum ...............................................................172SNIA IP Storage Industry Forum ..............................................................172SNIA Storage Security Industry Forum ....................................................173

Regional Affiliates .............................................................................................173Summary ...........................................................................................................173

x Strategies for Data Protection


Figures

Figure 1. A simplified flat SAN architecture with no ISLs ..................................4Figure 2. Expanding a flat SAN architecture via the addition of switch elements ....................................................................................................6Figure 3. A mesh SAN topology with redundant pathing ..................................7Figure 4. A core-edge SAN topology with classes of storage and servers .......9Figure 5. A three-tier core-edge SAN topology with the core servicing ISLs to fabric .......................................................................................................10Figure 6. Using inter-fabric routing to provide device connectivitybetween separate SANs .....................................................................................12Figure 7. Sharing a common SAN infrastructure via virtual fabrics ...............14Figure 8. Array-based (top) and server-based (bottom) disk mirroring ..........17Figure 9. Array-based mirroring between separate enclosures .....................18Figure 10. RAID 5 with distributed parity blocks .............................................19Figure 11. Providing alternate paths from servers to storage .......................21Figure 12. Simplifying the fabric and storage management via consolidation .................................................................................................23Figure 13. Establishing zones between groups of initiators and targets to segregate traffic ................................................................................26Figure 14. Creating secure device connectivity via port binding ...................27Figure 15. Securing the fabric with fabric ISL binding ....................................28Figure 16. Restricting visibility of storage Logical Units via LUN masking .......................................................................................................32Figure 17. The Brocade DCF provides the infrastructure to optimize the performance and availability of upper-layer business applications .........36Figure 18. LAN-based tape backup transports both data and metadata over the LAN ........................................................................................................39Figure 19. LAN-free tape backup separates the metadata and data paths to offload the LAN transport and optimize backup streams .................40Figure 20. Server-free backup removes the production server from the data path, freeing CPU cycles for applications instead of backup operations .......41Figure 21. A dedicated tape SAN isolates the backup process from the production SAN ............................................................................................42Figure 22. Disk-to-disk tape emulation requires no changes to backup software .................................................................................................43

xi

Figures

Figure 23. Combining disk-to-disk tape emulation with conventional tape backup ........................................................................................................45Figure 24. Consolidating remote tape backup places all data under the control and best practices of the data center ............................................46Figure 25. Tape vaulting centralizes all data backup to a secure location dedicated to protecting all corporate data .........................................47Figure 26. Without tape pipelining, performance falls dramatically during the first 10 miles. ....................................................................................48Figure 27. Array-based synchronous replication over distance .....................55Figure 28. Maximizing utilization of large storage systems forbi-directional replication ....................................................................................56Figure 29. Leveraging metro SONET for native Fibre Channel disaster recovery ................................................................................................57Figure 30. Using Brocade trunking to build high performance metro disaster recovery links .......................................................................................58Figure 31. Asynchronous data replication buffers multiple I/Os while providing immediate local acknowledgement ........................................59Figure 32. Larger port buffers avoid credit starvation ....................................62Figure 33. Using Brocade rate limiting to avoid congestion and erratic performance ............................................................................................65Figure 34. A standard SCSI write operation over distance requires significant protocol overhead ............................................................................67Figure 35. FastWrite dramatically reduces the protocol overhead across the WAN link by proxying for both initiator and target .........................68Figure 36. A three-tier DR topology provides an extra layer of data protection in the event of regional disruption ..................................................71Figure 37. In a round-robin DR topology, each data center acts as the recovery site for its neighbor ..................................................................72Figure 38. SAN Routing reinforces stability of the DR implementation by maintaining the autonomy of each site. ......................................................73Figure 39. Continuous data protection provides finer granularity for data restoration when corruption occurs. .........................................................76Figure 40. Aged snapshots are rotated on a configurable interval to conserve disk space on the CDP store. ........................................................78Figure 41. The CDP engine manages metadata on the location and time stamp of data copies on the CDP store. ...................................................79Figure 42. Aligning cost of storage to business value of data .......................82Figure 43. Aligning classes of storage transport to classes of storage and applications ....................................................................................85Figure 44. Conventional LUN allocation between servers and storage .........87Figure 45. Logically binding servers to virtual LUNs drawn from the storage pool ........................................................................................................88Figure 46. The virtualization engine maintains a metadata mapping to track virtual and physical data locations ......................................................90Figure 47. FAIS block diagram with split data path controllers and control path processor .......................................................................................94Figure 48. Cylinder, head, and sector geometry of disk media ......................98

xii Strategies for Data Protection

Figures

Figure 49. Traces of original data remain even if the specific sector has been erased or overwritten .............................................................99Figure 50. Remote office processing compounds the growth of remote servers and storage and data vulnerability ...................................... 104Figure 51. Decentralization of data storage has inherent cost and data protection issues ..................................................................................... 105Figure 52. Centralized file access replaces remote server and storage assets with appliances optimized for high-performance file serving ........... 109Figure 53. Brocade StorageX provides a global namespace to virtualize file access across heterogeneous OSs and back-end storage elements .... 111Figure 54. Brocade File Management Engine components and architecture ...................................................................................................... 112Figure 55. Brocade DCX Backbone with all slots populated (no door) ....... 116Figure 56. Brocade 48000 Director with all slots populated ...................... 119Figure 57. Brocade Mi10K Director .............................................................. 121Figure 58. Brocade M6140 Director ............................................................. 122Figure 59. FC4-16IP iSCSI Blade ................................................................... 123Figure 60. Brocade 5300 Switch .................................................................. 125Figure 61. Brocade 5100 Switch .................................................................. 126Figure 62. Brocade 300 Switch ..................................................................... 127Figure 63. Brocade 825 FC 8 Gbit/sec HBA (dual ports shown) ................ 128Figure 64. Brocade 415 FC 4 Gbit/sec HBA (single port shown) ................ 129Figure 65. SAN Health topology display ........................................................ 130Figure 66. SAN Health reporting screen ....................................................... 132Figure 67. Brocade 7500 Extension Switch ................................................. 133Figure 68. FR4-18i Extension Blade ............................................................. 134Figure 69. Brocade Edge M3000 .................................................................. 135Figure 70. Brocade USD-X, 12-slot and 6-slot versions ............................... 136Figure 71. Brocade FA4-18 ............................................................................ 137Figure 72. EMC RecoverPoint on Brocade scenario .................................... 141Figure 73. Brocade File Management Engine (FME) ................................... 143Figure 74. Overview of Brocade File Insight ................................................. 147Figure 75. Access Gateway on blades and the Brocade 300 Switch ......... 152Figure 76. Brocade EFCM interface .............................................................. 157Figure 77. Brocade Fabric Manager displays a topology-centric view of SAN environments .............................................................................. 159Figure 78. Brocade Web Tools Switch Explorer View of the Brocade 48000 Director ................................................................................. 161Figure 79. Storage Networking Industry Association organizational structure ........................................................................................................... 168

Strategies for Data Protection xiii

Figures

xiv Strategies for Data Protection


Introduction

Data protection is an umbrella term that covers a wide range of tech-nologies for safeguarding data assets. Data generated andmanipulated by upper-layer applications is the raw material of usefulinformation. Regardless of their individual products or service offer-ings, institutions and enterprises today depend on information for theirlivelihood. Loss of data can quickly result in loss of revenue, which inturn could result in loss of the enterprise itself.

Because data is so essential for the viability of an organization, findingthe means to protect access to data and ensure the integrity of thedata itself is central to an IT strategy. Data ultimately resides on someform of storage media: solid state disk, tape, optical media, and in par-ticular disk media in the form of storage arrays. The dialect of dataprotection is therefore necessarily storage-centric. Layers of data pro-tection and access mechanisms, ranging from high-availability blockaccess to distributed file systems, are built on a foundation of fortifiedstorage and extend up to the application layer. Network-attached stor-age (NAS), for example, serves files to upper-layer applications, butcannot do so reliably without underlying safeguards at the block level,including redundant array of inexpensive disks (RAID), alternate path-ing, data replication, and block-based tape backup.

A strategic approach to comprehensive data protection includes a par-fait of solutions that on the surface may seem unrelated, but in realityare essential parts of a collaborative ecosystem. Safeguarding datathrough data replication or backup has little value if access to data isimpeded or lost through bad network design or network outage. Con-sequently, it is as important to ensure data access as it is to protectdata integrity. For storage area networks (SANs), alternate pathing withfailover mechanisms are essential for providing highly available accessto data, and high availability (HA) enables consistent implementationof data replication, snapshot, backup, and other data protectionservices.

i

Introduction

In this book we will examine the key components of an enterprise-widedata protection strategy, including data center SAN design within theframework of Brocade’s data center fabric (DCF) architecture andsecuring data assets in remote sites and branch offices. For mostenterprises, data is literally “all over the place.” Typically, more than 70percent of all corporate data is generated and housed outside the cen-tral data center. Data dispersed in remote offices is often unprotectedand creates vulnerability for both business operations and regulatorycompliance.

In the central data center, the most mission-critical applications arerun on high-performance Fibre Channel (FC) SANs. The data generatedby these first-tier applications typically benefits from a high degree ofprotection through periodic disk-to-disk data replication and tapebackup (locally or remotely via a disaster recovery site). Even largedata centers, however, may have hundreds of standalone servers sup-porting less critical, second-tier applications. Because they lack thecentrally managed services provided by a SAN, securing the data onthose servers is often difficult and requires additional administrativeoverhead. Creating an enterprise-wide solution for protecting all localand remote corporate data while keeping overall costs under control istherefore a significant challenge for IT administrators.

Over the past twenty years, a hierarchy of data protection technologieshas evolved to safeguard data assets from device failures, system fail-ures, operator errors, data corruption, and site outages. RAID, forexample, was developed in the late 1980s to provide data protectionagainst disk drive failures. Continuous data protection (CDP) is a morerecent technology that provides protection against malicious or inad-vertent data corruption. At a very granular level, even cyclicredundancy checks (CRCs) performed by SAN switches and enddevices provides data protection against bit corruption in the datastream. Data is, after all, sacrosanct and no single technology can pro-vide comprehensive protection against all potential hazards.

Data protection solutions are differentiated by the scope of defensethey provide. Lower-level solutions offer protection against component,link, or device failure; while higher-level solutions protect against sys-tem, business application, or site failure, as shown in Table 1.

ii Strategies for Data Protection

Introduction

In addition, different layers of data protection may satisfy very differentRTOs and RPOs. The recovery time objective (RTO) defines how quicklyaccess to data can be restored in the event of a device, system or sitefailure. The recovery point objective (RPO) defines the point in time inwhich the last valid data transaction was captured therefore measur-ing the level of data protection from loss. The chronic complaintagainst tape backup, for example, is that data transactions that occurafter the backup was performed are not secured, and restoration fromtape may take hours or days. Despite its poor RTO and RPO, the endur-ing strength of tape is that it provides long-term storage of data oneconomical, non-spinning media and is not subject to head crashes ordrive failures.

The scope of data protection also differentiates between recovery fromdata loss and recovery from data corruption. Although RAID protectsagainst data loss due to disk failure, it offers no defense against datacorruption of inbound streams. A virus attack, for example, may cor-rupt data as it is written to disk, in which case RAID will simply secure

Table 1. Block-based data protection mechanisms

Type of Data Protection

Protection Against

Recovery Time Objective

Recovery Point Objective

RAID Disk drive failure

Instantaneous No data loss

Mirroring Link, disk or array failure

Instantaneous No data loss

True CDP Data corruption

Seconds – minutes

No data loss

Near CDP/Snapshot

Data corruption

Seconds – minutes

Some data loss

Synchronous Replication

System/site failure

Seconds – minutes

No data loss

Asynchronous Replication

System/site failure

Seconds – minutes

Some data loss

Disk to Disk Tape Emulation

Array failure Minutes Some data loss*

*.Since last backup

Local Tape Backup

Array failure Minutes – hours Some data loss*

Strategies for Data Protection iii

Introduction

the already altered data. Likewise, synchronous and asynchronousreplications have no way to verify the integrity of the data on thesource array. Once data corruption has been identified, other meansmust be used for restoration to a known good point in time. Restora-tion from tape works, but is time consuming and useless fortransactions that occurred since the last backup. Continuous data pro-tection (CDP) is a preferred solution, since it can enable immediaterestoration to the point just prior to data corruption (“true” CDP) orwithin some short time frame prior to the event (“near” CDP).

Expanding in concentric circles from centralized SAN storage, the fab-ric and server layers provide protected and continuous access to data.Fabric zoning, and logical unit number (LUN) masking, for example,can prevent servers from accessing and potentially corrupting data onunauthorized storage arrays. Because Windows in particular wants toown every storage asset it sees, it is imperative to zone or mask visibil-ity of Windows servers to UNIX storage volumes. Likewise, use ofzoning or virtual fabrics can ensure that one department’s data isunreachable by another unrelated department. Enforcing fabric con-nections between authorized initiators and targets, between physicalports, and between switches that compose the fabric are meant toprevent illicit access to storage and prevent fabric disruptions thatwould impair data access.

At the server level, clustering facilitates scale-up of data access bymore clients and provides high availability using failover in the event ofa single server failure. Global clustering extends this concept acrossgeographical distances so that remote servers can participate in ahigh-availability collaboration delivering application and data protec-tion in the event of a site-wide disaster. At the transport layer,individual SAN-attached servers are typically configured with redun-dant host bus adapters (HBAs) for connectivity to parallel primary andsecondary fabrics. The failure of an HBA, port connection, switch port,or switch or storage port triggers a failover to the alternate path andthus ensures continuous data access.

At a more granular level, the Fibre Channel transport protocol protectsdata integrity and availability through a number of mechanisms,including CRC checks against the frame contents, to guard against biterrors, frame sequencing to ensure in-order delivery of frames andrecovery from frame loss. iSCSI likewise provides a CRC digest to verifypacket contents, while relying on Transmission Control Protocol (TCP)algorithms to provide discrete packet recovery.

iv Strategies for Data Protection

Introduction

At every level, from entire storage sites to individual data frames, theprime directive of storage technology is to safeguard data integrity andensure availability. This objective is fulfilled by engineering the manyfacets of data protection into each component of the storage ecosys-tem. The challenge for storage architects is to use these buildingblocks in a coherent design that meets organizational and budgetgoals. As with any construction project, quality building materials donot guarantee a quality result. Developing a comprehensive strategy,defining the business requirements, establishing guiding principlesbased on those requirements, and creating a coherent design inadvance help ensure that all layers of protection and accessibility arefully leveraged and work in concert to safeguard your data assets.

In the following chapters, we will explore the different strata of dataprotection technologies, including data center design and operations,disaster recovery, storage virtualization solutions, remote tape vault-ing, SAN extension, and remote office data consolidation via filemanagement. In this process we will define the best practices applica-ble to each technology and explain how Brocade products and servicescan be leveraged to create a complete solution.

Although storage technologies are commonly available to the entiremarket, each enterprise and institution is unique. Customizing animplementation to suit your specific needs therefore requires anunderstanding of your organization’s primary business requirements.Business requirements drive the guiding principles of what a solutionshould provide, and those principles establish the parameters of thefinal design. Characteristically, the first step is the hardest. The pro-cess of collecting business requirements from corporate stakeholdersmay result in conflicting needs, for example, the requirement to cen-tralize storage assets to reduce costs and management overhead andthe requirement to accommodate a rapid proliferation of remote retailsites. Fortunately, harmonizing these requirements is facilitated by themuch broader offering of technologies from the storage networkingindustry today. As will be detailed in the following chapters, Brocadeprovides a wide spectrum of solutions and cost points to fulfill a diver-sity of business needs.

Strategies for Data Protection v

Introduction

vi Strategies for Data Protection


Part One

The following chapters are included in Part One:

• “Chapter 1: Building the Foundation” starting on page 3

• “Chapter 2: Backup Strategies” starting on page 37

• “Chapter 3: Disaster Recovery” starting on page 51

• “Chapter 4: Continuous Data Protection” starting on page 75

• “Chapter 5: Information Lifecycle Management” starting onpage 81

• “Chapter 6: Infrastructure Lifecycle Management” starting onpage 97

• “Chapter 7: Extending Data Protection to Remote Offices” startingon page 103

1

2 Strategies for Data Protection


1
Building the Foundation
Implementing a comprehensive data protection strategy begins withbuilding a firm foundation at the data transport layer to ensure highavailability access to storage data. A typical data center, for example,may have multiple, large storage RAID arrays, high-availability FibreChannel directors, fabric switches, and high-end servers running criti-cal business applications. The data center SAN may be configured withredundant pathing (Fabrics A and B) to guard against link, port, orswitch failures. Many companies have experienced such explosivegrowth in data, however, that the original data center SAN design can-not accommodate the rapid increase in servers, storage traffic, andarrays. The foundation begins to crumble when administrators go intoreactive mode in response to sudden growth and scramble to integratenew ports and devices into the SAN. As a consequence, data accessmay be disrupted and data protection undermined.

NOTE: In this chapter and throughout the book, the term “switch anddirector” refers to a SAN platform, which may be a standalone switch,an embedded switch module, a director, or a backbone device.

Ideally, a data center SAN design should be flexible enough to accom-modate both current and anticipated (typically looking out three years)needs. Although business expansion is rarely linear, it is helpful tocompare an organization's current storage infrastructure to the one ithad three years ago. For most companies, that historical reality checkreveals a substantial increase in storage capacity, servers, tapebackup loads, and complexity of the fabric. That growth may be due tonatural business expansion or simply to the proliferation of computeresources to more parts of the organization. In either case, the steadygrowth of data assets increases the delta between the sheer quantityof storage data and the amount that is adequately protected. A care-fully considered SAN design can help close this gap.

3

Chapter 1: Building the Foundation

Storage-Centric vs. Network-Centric SAN ArchitecturesA SAN architecture is characterized by the relationship between serv-ers and storage that is enabled by the fabric topology of switches anddirectors. A storage-centric architecture places storage assets at thecore of the SAN design with all fabric connectivity devoted to facilitat-ing access to storage LUNs by any attached server. A network-centricarchitecture, by contrast, borrows from conventional LAN networkingand promotes any-to-any peer connectivity. The impact of eachapproach becomes clear when we look at practical examples of SANdesigns in flat, mesh, and core-edge variations.

Flat SAN TopologiesThe flat SAN topology has been a popular starting point for SAN designbecause it simplifies connectivity and can accommodate redundantpathing configurations for high availability. As illustrated in Figure 1,initiators (servers) and targets (storage arrays) are directly connectedto fabric switches or directors, and there is no need for inter-switchlinks (ISLs) to create data paths between switches and directors.

Figure 1. A simplified flat SAN architecture with no ISLs


Storage-Centric vs. Network-Centric SAN Architectures

This is a storage-centric design in that storage connectivity is central-ized to the fabric, and servers (with proper zoning) can attach to anystorage LUN. With redundant A and B pathing, storage transactionscan survive the loss of any single HBA, link, switch port, switch ele-ment, or storage port. Because each switch element providesindependent paths to each storage array, there is no need for ISLs toroute traffic between switches.

Depending on the traffic load generated by each server, the fan-inratio of servers to storage ports (also known as “oversubscription”)can be increased. Typically, for 1 Gbit/sec links, a fan-in ratio of 7:1can be used, although that ratio can be increased to 12:1 at 2 Gbit/sec and 18:1 or greater at 4 Gbit/sec. In the example in Figure 1, theoversubscription would occur in the switch or director, with many moreports devoted to server attachment and fewer ports for storage con-nections. If the server fan-in ratio cannot accommodate the collectivetraffic load of each server group, however, congestion will occur at theswitch storage port and lead to a loss of performance and transactionstability.

In practice, the flat SAN topology can be expanded by adding moreswitch elements, as shown in Figure 2.

Strategies for Data Protection 5


Figure 2. Expanding a flat SAN architecture via the addition of switch elements

Although this design is entirely adequate for moderate-sized SANs, itbecomes difficult to scale beyond about 600 ports. Three 256-portdirectors on each A and B side, for example, would provide 768 portsfor direct server and storage connections. Adding a fourth or fifthdirector to each side, however, would increase costs, complicate thecable plant, and increase the complexity of the SAN and itsmanagement.

In addition, the flat SAN topology is perhaps too egalitarian in applyingan equal cost to all server connectivity regardless of the traffic require-ments of different applications. Particularly for flat SANs based onFibre Channel directors, high-usage servers may benefit from dedi-cated 4 Gbit/sec connections, but that bandwidth and director realestate are squandered on low-usage servers. Likewise, a flat SANtopology cannot accommodate variations in cost and performanceattributes of different classes of storage devices, and so offers thesame connectivity cost to high-end arrays and lower-cost JBODs (just a



bunch of disks) alike. Consequently, even medium-sized SANs withvarying server requirements and classes of storage are better servedby a more hierarchical core-edge SAN design.

Mesh SAN TopologiesIn conventional local area networks (LANs) and wide area networks(WANs), the network is composed of multiple switches and routerswired in a mesh topology. With multiple links connecting groups ofswitches and routers and routing protocols to determine optimumpaths through the network, the network can withstand an outage of anindividual link or switch and still deliver data from source to destina-tion. This network-centric approach assumes that all connected enddevices are peers and that the role of the network is simply to provideany-to-any connectivity between peer devices.

Figure 3. A mesh SAN topology with redundant pathing



In a SAN environment, a mesh topology provides any-to-any connectiv-ity by using inter-switch links between each switch or director in thefabric, as shown in Figure 3. As more device ports are required, addi-tional switches and their requisite ISLs are connected. Because eachswitch has a route to every other switch, the mesh configuration offersmultiple data paths in the event of congestion or failure of a link, portor switch. The trade-off for achieving high availability in the fabric, how-ever, is the consumption of switch ports for ISLs and increasedcomplexity of the fabric cable plant.

Mesh topologies are inherently difficult to scale and manage as thenumber of linked switches increases. A mesh topology with 8 switches,for example, would require 28 ISLs (56 if 2 links are used per ISL). Asthe switch count goes higher, a disproportionate number of ports mustbe devoted to building a more complex and expensive fabric. Conse-quently, as a best practice recommendation, mesh topologies for SANsshould be limited to 4 switches.

A more fundamental problem with mesh topologies, though, is theassumption that storage networks need any-to-any connectivitybetween peers. Although this model may be valid for messaging net-works, it does not map directly to storage relationships. SAN enddevices can be active participants (initiators) or passive participants(targets). Initiators do not typically communicate with one another aspeers across the SAN, but with storage targets in a master/slave rela-tionship. Storage arrays, for example, do not initiate sessions withservers, but passively wait for servers to instigate transactions withthem. The placement of storage targets on the SAN, then, should be tooptimize accessibility of targets by initiators and not to provide univer-sal, any-to-any connectivity. This goal is more readily achieved with acore-edge design.



Core-Edge SAN TopologiesCore-edge SAN topologies enable a storage-centric, scalable infra-structure that avoids the complexities of mesh topologies and limitedcapacity of flat SAN topologies. The core of the fabric is typically pro-vided by one or more director-class switches which provide centralizedconnectivity to storage. The edge of the fabric is composed of fabricswitches or directors with ISL connections to the core.

Figure 4. A core-edge SAN topology with classes of storage and servers

As shown in Figure 4, the heavy lifting of storage transactions is sup-ported by the core director since it is the focal point for all storageconnections, while the edge switches provide fan-in for multiple serv-ers to core resources. This design allows for connectivity of differentclasses of servers on paths that best meet the bandwidth require-ments of different applications. Bandwidth-intensive servers, for



example, can be connected as core hosts with dedicated 4 Gbit/seclinks to the core director. Standard production servers can share band-width through edge switches via ISLs to the core, and second-tierservers can be aggregated through lower-cost edge switches or iSCSIgateways to the core.

Storage placement in a core-edge topology is a balance between man-ageability and application requirements. Placing all storage assets onthe core, for example, simplifies management and assignment ofLUNs to diverse application servers. Some departmental applications,however, could be serviced by grouping servers and local storage onthe same switch, while still maintaining access to core assets. An engi-neering department, for example, may have sufficient data volumesand high-performance requirements to justify local storage for depart-mental needs, in addition to a requirement to access centralizedstorage resources. The drawback for departmental-base storage isthat dispersed storage capacity may not be efficiently utilized. Conse-quently, most large data centers implement centralized storage tomaximize utilization and reduce overall costs.

Figure 5. A three-tier core-edge SAN topology with the core servicing ISLs to fabric

As shown in Figure 5, a three-tier, core-edge design inserts a distribu-tion layer between the core and edge. In this example, the core is usedto connect departmental or application-centric distribution switch ele-ments via high-performance ISLs. Brocade, for example, offers 10Gbit/sec ISLs as well as ISL Trunking to provide a very high-perfor-



mance backbone at the core. This tiered approach preserves theability to assign storage LUNs to any server, while facilitating expan-sion of the fabric to support additional storage capacity and serverconnections.

For simplicity, the figures shown above do not detail alternate or dualpathing between servers, switches, and storage. The fabric illustratedin Figure 4, for example, could be the A side of a dual-path configura-tion. If directors are used, however, the full redundancy and 99.999percent availability characteristic of enterprise-class switches provideanother means to implement dual pathing. A server with dual HBAscould have one link connected to a director port on one blade, and aredundant link connected to a director port on a different blade. Like-wise, storage connections can be provided from storage ports todifferent blades on the same director chassis. As in Fabric A and B,this configuration provides failover in the event of loss of an HBA, link,port, blade, or storage port.

Inter-Fabric RoutingFibre Channel is a link layer (Layer 2) protocol. When two or more FibreChannel switches are connected to form a fabric, the switches engagein a fabric-building process to ensure that there are no duplicateaddresses in the flat network address space. The fabric shortest pathfirst (FSPF) protocol is used to define optimum paths between the fab-ric switches. In addition, the switches exchange Simple Name Server(SNS) data, so that targets on one switch can be identified by initiatorsattached to other switches. Zoning is used to enforce segregation ofdevices, so that only authorized initiators can access designated tar-gets. Analogous to bridged Ethernet LANs, a fabric is a subnet with asingle address space, which grows in population as more switches anddevices are added.

At some point, however, a single flat network may encounter problemswith stability, performance, and manageability if the network grows toolarge. When a fabric reaches an optimum size, it is time to begin build-ing a separate fabric instead of pushing a single fabric beyond itslimits. The concept of a manageable unit of SAN is a useful tool fordetermining the maximum number of switches and devices that willhave predictable behavior and performance and can be reasonablymaintained in a single fabric.



Enterprise data centers may have multiple large fabrics or SAN “conti-nents.” Previously, it was not possible to provide connectivity betweenseparate SANs without merging SANs into a single fabric via ISLs. Withinter-fabric routing (IFR), it is now possible to share assets among mul-tiple manageable units of SANs without creating a single unwieldyfabric. As shown in Figure 6, IFR SAN routers provide both connectivityand fault isolation among separate SANs. In this example, a server onSAN A can access a storage array on SAN B via the SAN router. Fromthe perspective of the server, the storage array is a local resource onSAN A. The SAN router performs Network Address Translation (NAT) toproxy the appearance of the storage array and to conform to theaddress space of each SAN. Because each SAN is autonomous, fabricreconfigurations or Registered State Change Notification (RSCN)broadcasts on one SAN do not impact the others.

Figure 6. Using inter-fabric routing to provide device connectivity between separate SANs

IFR thus provides the ability to build very large data center storageinfrastructures, the “data center fabric,” while keeping each fabric amanageable SAN unit. In combination with Fibre Channel over IP(FCIP), IFR can be used to scale enterprise-wide storage transportacross multiple geographies to further streamline storage operationswithout merging the remote fabrics over WAN networks.



Virtual FabricsIt is also possible to segregate departmental or business unit applica-tions on a shared SAN infrastructure by dividing the physical fabric intomultiple logical fabrics. Each virtual fabric (VF) behaves as a separateautonomous fabric with its own SNS and RSCN broadcast domain,even if the virtual fabric spans multiple fabric switches, as shown inFigure 7. To isolate frame routing between the virtual fabrics on thesame physical ISL, VF tagging headers are applied to the appropriateframes as they are issued, and the headers are removed by the switchbefore they are sent on to the designated initiator or target. Theoreti-cally, the VF tagging header would allow for 4,096 virtual fabrics in asingle physical fabric configuration, although in practice only a few aretypically used.

Virtual fabrics are a means to consolidate SAN assets, while reducingmanagement complexity to enforce manageable SAN units. In theexample shown in Figure 7, each of the three virtual fabrics could beadministered by a separate department with different storage, secu-rity, and bill-back policies. Although the total SAN configuration can bequite large, the division into separately-managed Virtual Fabrics simpli-fies administration, while leveraging the data center investment in SANtechnology.



Figure 7. Sharing a common SAN infrastructure via virtual fabrics

Additional SAN Design ConsiderationsWhether you are implementing a SAN for the first time or expanding anexisting SAN infrastructure, the one unavoidable constant in data stor-age is growth. The steady growth in storage capacity needs, inadditional servers and applications and in data protection require-ments, is so predictable that anticipated growth must be an integralpart of any SAN design and investment. A current requirement for 50attached servers and 4 storage arrays, for example, could be satisfiedwith two 32-port switches (4 for redundant pathing) or a 256-portdirector chassis populated with two 32-port blades (4 for redundancy).



Which solution is better depends on the projected growth in both stor-age capacity and server attachment, as well as availability needs.Unfortunately, some customers have inherited complex meshed SANtopologies due to the spontaneous acquisition of switches to satisfygrowing port requirements. At some point, fabric consolidation may berequired to simplify cabling and management and to provide stabilityfor storage operations. Without a solid foundation of a well-designedmanaged unit of SAN, higher-level data protection solutions are alwaysat risk.

A managed unit of SAN can also be characterized by its intended func-tionality; and functionality, in turn, can drive a specific SAN topology. Ahigh-availability SAN, for example, requires redundancy in switch ele-ments and pathing, as well as management tools to monitor andenforce continuous operation. However, a SAN designed for second-tier applications may not justify full redundancy and be adequatelysupported on a more streamlined topology. In addition, a SANdesigned specifically for tape backup has very different requirementscompared to a production SAN. Tape is characterized by large block,bandwidth-intensive transactions, while production disk access is typi-cally distinguished by small block and I/O-intensive transactions.Because tape operations consume bandwidth for extended periods oftime and are sensitive to fabric events, customers can implement twoseparate SANs or leverage Virtual Fabrics to isolate production diskaccess from backup operations. As a separate tape SAN, a flat SANtopology that avoids potential ISL oversubscription is recommended.

An optimized SAN topology can also be affected by the server technol-ogy used to host applications. Blade servers and blade SAN switches,in particular, can adversely impact the consumption of switchaddresses, or Domain IDs, and limit the total number of switchesallowable in a SAN unit. A new standard for N_Port ID Virtualization(NPIV) has been created to address this problem. An NPIV-enabledgateway presents logical hosts to the SAN and thus eliminates theaddition of another switch element, Domain ID assignment, andinteroperability or switch management issue. Brocade Access Gate-way, for example, leverages NPIV to bring blade servers into the SANwithout requiring administrative overhead to monitor Domain ID usageand potential interoperability conflicts. As long as the edge SANswitches are NPIV aware, larger populations of blade servers can beaccommodated without limiting the scalability of the SAN topology.



Highly Available StorageData protection solutions are dependent on a stable underlying SANtransport that is both predictable and manageable. The most carefullycrafted SAN, however, cannot ensure the availability and integrity ofdata if storage targets are vulnerable to data loss or corruption. Forenterprise-class applications in particular, storage systems must bedesigned to provide performance, capacity, data integrity, and highavailability. Therefore, storage array architectures can include resil-iency features to maximize availability of the array itself and to protectagainst data loss due to failed disk components.

Local Mirroring (RAID 1)Spinning disk technology is mechanical and will eventually wear outand fail. As one of the first storage solutions to guard against disk fail-ure and data loss, simple mirroring of data between two different disksor disk sets is easy to deploy, but it doubles the cost per data blockstored. Mirroring is also known as “RAID 1" and was one of the firstdata protection solutions at the disk level. As shown in Figure 8, diskmirroring can be implemented within a single array enclosure. In thetop example, data is written once by the server to the storage array.The array controller assumes responsibility for mirroring and so writesthe data to both primary and secondary mirror disk sets. If, however,data corruption occurs in the controller logic, the data integrity of theprimary and/or mirror may be compromised.

In the bottom example in Figure 8, the volume manager running on theserver is responsible for mirroring and writes the data twice: once tothe primary and once to the secondary mirror. In both examples, if adisk failure occurs on the primary disk set, either the volume manageror the array controller logic must execute a failover from primary to themirror to redirect I/O and maintain continuity of data operations.


Highly Available Storage

Figure 8. Array-based (top) and server-based (bottom) disk mirroring

Although simple mirroring accomplishes the goal of protecting dataagainst disk failure, additional utilities are required to reconstitute theprimary disk set and re-establish the mirror operation. Once the failedprimary has been serviced, for example, the data on the primary mustbe rebuilt and synchronized to the new production mirror. For array-based mirroring, this is typically performed as an automatic back-ground operation and once synchronization has been achieved, theprimary is reinstated. This automated process, however, can haveunintended consequences. In one customer case study, a service callto replace a drive on a mirror inadvertently resulted in a drive on theprimary being swapped. Instead of failing over to the mirror image, themirror was rebuilt to the now-corrupted primary image. It is no greatmystery that tape backup endures as a data protection insurance pol-icy against potential array failures.

The primary drawback to mirroring within an array is that the entirearray is subject to failure or outage. Consequently, data centers mayphysically isolate primary and mirror arrays, placing them in separateareas with separate power sources.



Figure 9. Array-based mirroring between separate enclosures

As illustrated in Figure 9, separating production and mirror arrays pro-vides protection against loss of disks, the array controller, and thearray enclosure. The mirroring function can be provided by the arraycontroller or the server. For switches that implement application ser-vices, the mirroring intelligence may be provided by the fabric itself. Insome vendor offerings, the mirroring operation can be bidirectional sothat two storage arrays can mutually act as mirrors for each other. Thishelps to reduce the overall cost and avoids dedicating an entire stor-age array as a mirror.

As a data protection element, mirroring offers the advantage of near-zero recovery time and immediate recovery point. Given that storagesystems are the most expensive components of a storage network,however, mirroring comes at a price. In addition, unless mirroring iscombined with data striping across disks, it may lack the performancerequired for high volume data center applications.

Other RAID LevelsIn addition to mirroring, data protection at the array can be enforced byalternate RAID algorithms. RAID 0+1, for example, combines datastriping (RAID 0) with mirroring to enhance performance and availabil-ity. In RAID 0+1, data is first striped across multiple disks and thosedisks in turn are mirrored to a second set of disks. RAID 0+1 boostsperformance, but it retains the additional cost of redundant arrays



characteristic of RAID 1. The inverse of RAID 0+1 is RAID 10, in whichcase the mirroring occurs first as a virtual disk before striping isexecuted.

Other RAID techniques attempt to integrate the performance advan-tage of data striping with alternative means to reconstruct data in theevent of disk failure. The most commonly deployed is RAID 5, whichstripes data across a disk set and uses block parity instead of mirror-ing to rebuild data. As data blocks are striped across multiple disks, aparity block is calculated using an eXclusive OR (XOR) algorithm andwritten to disk. If a disk fails, the data can be reconstructed on a newdisk from the parity blocks. In RAID 4, the parity blocks are written to asingle dedicated disk. This creates some vulnerability if the parity diskitself fails and incurs a write penalty, since every write must be parityprocessed on a single drive. RAID 5 reduces the write penalty by plac-ing the parity information across multiple disks in the RAID set. As theparity data is generated, the array controller does not have to wait forthe availability of a dedicated disk. As shown in Figure 10, RAID 5arrays typically house spare disks that can automatically be broughtonline and reconstructed in the event of disk failure. In this example, ifthe third disk in the set fails, the parity block on the fifth disk (P abcd)can be used to recreate both block C and the parity block (P efgh) forblocks E, F, G, and H.

Figure 10. RAID 5 with distributed parity blocks

The primary benefit of RAID 5 is its ability to protect block data whileminimizing the number of disks required to guard against failure. Onthe other hand, the write penalty generated by parity calculation needshardware acceleration to improve performance and avoid an adverseimpact to upper-layer applications.



With parity distributed across multiple disks, RAID 5 provides protec-tion against a single disk failure. RAID 6 offers additional protection byduplicating the parity blocks across different disks. With multiple cop-ies of the parity blocks distributed over more disks, RAID 6 canwithstand the failure of two disks and still rebuild disk images fromspares.

In addition to standard RAID types, storage vendors may offer propri-etary RAID options to optimize performance and reliability. Becausethe RAID function occurs in the array enclosure, the fact that the par-ticular RAID level is proprietary or open systems has no practicalinteroperability implication. The only requirement is that the disks in aRAID set are of the same technology (Fibre Channel, SATA, or SAS) andhave equivalent capacity and performance characteristics.

RAID as a Form of Storage VirtualizationJust as a volume manager on a server presents a logical view of stor-age capacity that can exist on separate physical disks, a RAIDcontroller hides the complexity of multiple disks and the back-endRAID execution. Binding to a LUN on a RAID array, a server simply seesa single disk resource for reading and writing data. This abstractionfrom the physical to logical views places an immense responsibility onthe RAID controller logic for maintaining the integrity of data on theRAID set(s) and automatically recovering from back-end faults.

Today's storage virtualization takes the logical abstraction of physicalassets to a new level. Instead of simply masking the appearance ofphysical disks in an enclosure, storage virtualization masks theappearance of entire RAID arrays. Creating a single logical pool of sep-arate physical storage systems facilitates capacity utilization anddynamic assignment of storage to upper-layer applications. As withbasic RAID, however, this places significant responsibility on the virtu-alization engine to map the logical location of data to its actualphysical distribution across multiple arrays. Every successive level ofabstraction that simplifies and automates storage administration mustbe accompanied by a robust data protection mechanism workingbehind the scenes.

Alternate Pathing and FailoverHigh-availability storage must provide both internal mechanisms fordata redundancy and data integrity via RAID, in addition to continuousaccessibility by external clients. This requires the appropriate SANdesign as outlined in “Storage-Centric vs. Network-Centric SAN Archi-tectures” on page 4 to build dual pathing through the fabric and multi-port connectivity on the array for each server. As illustrated in



Figure 11, alternate pathing can be configured as Fabrics A and B,which provide each server with a primary and secondary path to stor-age assets.

Figure 11. Providing alternate paths from servers to storage

In this example, the failure of a storage port on the array or any link orport through Fabric A would still allow access through Fabric B. Withboth sides active in normal operation, though, each individual serversees two separate images of the same storage target: one from the Aside and one from the B side. A mechanism is therefore required toreconcile this side effect of dual pathing and present a single image ofstorage to the initiator. Typically, this reconciliation is performed by adevice driver installed on the host. The driver may include the addi-tional ability to load balance between alternate paths to maximizeutilization of all fabric connectivity.



Additional High Availability Storage FeaturesHigh-end storage systems are further fortified with fault-tolerant fea-tures that enable 99.999 percent availability. Redundantuninterruptible power supplies, redundant fans, hot-swappable diskdrives, redundant RAID controllers, and non-disruptive microcodeupdates guard against loss of data access due to any individual com-ponent failure. These high-availability features add to the complexityand total cost of the array, of course, and the selection of storage ele-ments should therefore be balanced against the value of the databeing stored. The reality is that not all data merits first-class handlingthroughout its lifetime. Designing a SAN infrastructure with multipleclasses of storage containers provides more flexibility in migratingdata from one storage asset to another, and thus aligning the value ofstorage to the current business value of data.

Storage and Fabric ConsolidationFor many data centers, the steady growth of data is reflected in thespontaneous acquisition of more servers, switches, and storagearrays. As this inventory grows, it becomes increasingly difficult tomanage connectivity and to provide safeguards for data access anddata integrity. In addition, the proliferation of storage arrays inevitablyleads to under-utilization of assets for some applications and over-utili-zation for others. To reduce the number of storage components andmaximize utilization of assets it may be necessary to re-architect theSAN on the basis of larger but few components.

Storage and fabric consolidation are a means to streamline storageadministration and achieve a higher return on investment on SANinfrastructure. Previously, consolidation strategies were limited toreplacing dispersed assets with larger centralized ones. Today, theconcentration of resources can be further enhanced by new technolo-gies for virtualizing the fabric (discussed in “Virtual Fabrics” onpage 13) and virtualizing storage capacity.

As shown in Figure 12, a SAN that is the result of a reactive addition ofswitch and storage elements to accommodate growth quicklybecomes unmanageable. More switches means units to manage,more ISLs, complex cabling, longer convergence times, and greatervulnerability to fabric instability. While initially it may seem more eco-nomical to simply connect an additional switch to support more ports,in the long run complexity incurs its own costs. Collapsing the SANinfrastructure into one or more directors or backbones simplifies man-agement and the cabling plant and promotes stability andpredictability of operation.


Storage and Fabric Consolidation

Figure 12. Simplifying the fabric and storage management via consolidation

Likewise, reactively adding storage arrays to accommodate increasingcapacity requirements often leads to inefficient utilization of storageand increased management overhead. For the small SAN configura-tion illustrated here, storage consolidation requires an investment in alarger centralized storage system and data migration from dispersedassets to the consolidated array. For large data center SANs, servicingthousands of devices, the next step in storage consolidation may be tovirtualize designated storage systems to optimize capacity utilizationand facilitate data lifecycle management via different classes of virtu-alized storage.

Storage and fabric consolidation projects can now take advantage ofenhanced features that streamline connectivity. Large storage arrays,for example, not only provide high availability and capacity but moreports for the SAN interconnect. Large arrays typically provide 128 to256 ports at 2, 4 or 8 Gbit/sec Fibre Channel speeds. Brocade's intro-duction of 8 Gbit/sec support enables a much higher fan-in ratio ofclients per storage port. In addition, Brocade directors provide 8 Gbit/sec ISLs to both increase bandwidth for switch-to-switch traffic andsimplify cabling.

Storage consolidation also includes technologies to centralize datageographically dispersed in remote sites and offices. As will be dis-cussed in more detail in Chapter 7, centralizing data in the data centeris a prerequisite for safeguarding all corporate data assets, meeting



enterprise-wide regulatory compliance goals and reducing the cost ofIT support for remote locations. Implementing remote office data con-solidation has been contingent on the arrival of new technologies foraccelerating data transactions over fairly low-speed WANs and innova-tive means to reduce protocol overhead and to efficiently monitor datachanges.

SAN SecuritySecurity for storage area networks incorporates three primary aspects:

• Secure data transport

• Secure data placement

• Secure management interfaces

Securing the data transport requires multiple levels of protection,including authorization of access, segregation of storage trafficstreams, maintaining the integrity of network (fabric) connectivity, andencryption/decryption of the data in flight across the SAN.

Securing data placement must ensure that application data is writtento the appropriate storage area (LUN) in a specified storage system,that data copies are maintained via mirroring or point in time copy,and that sensitive data is encrypted as it is written to disk or tape.

Securing the management interface must include means to validateauthorized access to SAN hardware, such as SAN switches and stor-age systems, to prevent an intruder from reconfiguring networkconnections.

These three components are interdependent and a failure to secureone may render the others inoperable. Safeguards can be imple-mented for data transport and placement, for example, but anexposed management interface can allow an intruder to redirect thestorage transport or deny access to data assets.


SAN Security

Securing the SAN Data Transport The fact that the majority of SANs are based on Fibre Channel insteadof TCP/IP has created a false sense of security for data center storagenetworks. Hacking Fibre Channel data streams would require veryexpensive equipment and a high degree of expertise. In addition, thephysical security of data center environments is often assumed to pro-vide sufficient protection against malfeasance. As SAN technology hasbecome ubiquitous in data centers, however, no one should assumethat the SANs are inherently secure. Simply reconfiguring a server so itnow has access to designated storage assets could enable unautho-rized access to valuable corporate information.

Although Fibre Channel has relied on the physical separation of com-munication networks and storage networks to provide a rudimentarysecurity barrier, modern business practices require a much higherassurance of data defense. Physical isolation alone does not providesecurity against internal attacks or inadvertent configuration errors.The storage industry has therefore responded with a spectrum ofsecurity capabilities to provide a high degree of data protection, whilestill maintaining the performance required for storage applications.

Zoning At a low level, zoning of resources in the SAN provides authorizedaccess between servers and storage ports through the Fibre Channelnetwork or fabric as illustrated in Figure 13. Zoning can be port based,restricting access by authorizing only designated Fibre Channel switchports and attached devices to communicate to each other. Alternately,zoning can be based on a 64-bit Fibre Channel World Wide Name(WWN). Since each Fibre Channel device has a unique WWN, it is pos-sible to authorize connections based on the unique identity of eachdevice.



Figure 13. Establishing zones between groups of initiators and targets to segregate traffic

Port-based zoning is fairly secure, since it cannot be spoofed by manip-ulating frame headers. If a device is moved from port to port, however,the zone stays with the port, not the device. This makes hard or port-based zoning more difficult to manage as adds, moves, and changesare made to the fabric. Soft zoning based on WWN provides the flexi-bility to have zones follow the device itself, but can be spoofed ifsomeone inserts a valid WWN into a frame to redirect storage data.Zoning alone provides no means to monitor these sorts of intrusionsand has no integrated data encryption support.

Port Binding Port binding established a fixed connection between a switch port andthe attached server or storage device. With port binding, only desig-nated devices are allowed on specified ports and a substitution ofdevices on a port results in port blocking of communications from thesubstituted end device, as shown in Figure 14.


SAN Security

Figure 14. Creating secure device connectivity via port binding

Port binding thus locks in the authorized connection between the fab-ric and the device, ensuring that the link between the device and thefabric is secure. This mechanism prevents both deliberate and inad-vertent changes in connectivity that might allow an unauthorizedserver or workstation to gain access to storage data.

Fabric BindingAt a higher level, it may also be desirable to secure connectionsbetween multiple fabric switches. Fibre Channel fabric switches aredesigned to automatically extend the fabric as new switches are intro-duced. When two fabric switches are connected via ISLs, theyautomatically exchange fabric-building protocols, zoning information,and routing tables. While this is acceptable in some environments, itcreates a security concern. Someone wishing to probe the fabric couldsimply attach an additional switch and use it to gain entrance into theSAN.



Figure 15. Securing the fabric with fabric ISL binding

As shown in Figure 15, fabric binding establishes fixed relationshipsbetween multiple switches in the network. Only authorized ISLs areallowed to communicate as a single fabric and any arbitrary attemptsto create new ISLs to new switches are blocked. Fabric bindingensures that established switch-to-switch connections are locked intoplace and that any changes to the SAN can occur only through secureadministrative control.

Use of Inter-Fabric Routing to Secure the Storage NetworkAn additional layer for securing storage operations is provided by Inter-Fabric Routing technology. As discussed in “Inter-Fabric Routing” onpage 11, Inter-Fabric Routing can be applied in the data center to buildlarge, stable storage networks, or used for storage over distance appli-cations such as disaster recovery. In addition, Inter-Fabric Routing is ameans to block denial of service attacks if someone were to deliber-ately initiate faults to cause disruptive fabric reconfigurations.

SAN Routing technology prevents SAN-wide disruptions and reconfigu-rations by providing fault isolation between fabric switches. Acting as arouter between SAN segments, the SAN router passes only authorizedstorage traffic between each attached SAN. Each SAN segment main-tains its autonomy from the others, and a disruption in one segment isnot allowed to propagate to other switches. Faults are therefore con-


SAN Security

tained at the segment level, and other fabric switches continue normaloperations. Denial of service attempts are restricted and not allowedto impact the entire storage network.

SAN Routing products may support multi-vendor interoperability andbe extensible over any distance. For mission-critical data applicationssuch as disaster recovery, SAN Routing ensures that the underlyingtransport aligns with the customer's requirement for continuous, non-disruptive storage operation.

Virtual FabricsLarge data centers often support a wide variety of storage applicationsfor different business units such as manufacturing, sales, marketing,engineering, and human resources. While it is possible to deploy aseparate physical fabric for each business unit, this solution adds sig-nificant costs, reduces storage utilization and adds ongoingadministrative overhead. Storage administrators may thereforeattempt to reduce costs by running multiple storage applicationsacross a larger unified SAN.

In order to segregate storage traffic over a single large fabric and pre-vent, for example, sales applications from disrupting engineeringapplications, some means is needed to isolate the fabric resourcessupporting each application. For Fibre Channel SANs, this functionalityis provided by virtual fabric protocols. Frames for a specific applicationare tagged with identifiers that enable that application data to traverseits own path through the fabric. Consequently a large SAN switch withhundreds of ports can host multiple virtual fabrics (or virtual SANs).Similar to inter-fabric routing, disruptions or broadcast storms in onevirtual fabric are not allowed to propagate to other virtual fabrics.

Security for IP SAN Transport via IEEE StandardsFor iSCSI and other IP-based storage protocols, conventional Ethernetstandards can be implemented to safeguard storage data transport.IEEE 802.1Q virtual LAN (VLAN) tagging, for example, can be used tocreate over 4,000 virtual LANs to separate traffic flows and ensurethat only members of the same VLAN can communicate. Like virtualfabrics in Fibre Channel, this mechanism enables multiple storageapplications to share the same infrastructure while gaining the protec-tion of segregated data streams. Access control lists (ACLs) commonlysupported in gigabit Ethernet switches and IP routers can be used torestrict access to only designated network devices.



IPSec for SAN TransportIP standards also provide a range of security features collectivelyknown as IPSec (IP security) standards. IPSec includes both authenti-cation and data encryption standards, and IPSec functionality iscurrently available from a community of IP network and securityvendors.

For IP storage data in flight, data encryption can be implementedthrough conventional Data Encryption Standard (DES) or AdvancedEncryption Standard (AES). DES uses a 56-bit key, allowing for as manyas 72 quadrillion possible keys that could be applied to an IP data-gram. The triple-DES algorithm passes the data payload through threeDES keys for even more thorough encryption. AES provides richerencryption capability through the use of encryption keys of 128 to 256bits.

IPSec authentication and encryption technologies are integrated intothe iSCSI protocol and can be used in conjunction with storage overdistance applications, such as disaster recovery. Use of FCIP for stor-age extension over untrusted network WAN segments mandates dataencryption if data security is required.

Although DES and AES were originally developed for IP networking, thesame key-based encryption technologies can be applied to payloadencryption of native Fibre Channel frames in SANs. With some vendorofferings, data may only be encrypted as it traverses the fabric anddecrypted before being written to disk or tape. In other products, thedata can remain in an encrypted state as it is written to disk anddecrypted only as it is retrieved by a server or workstation.


SAN Security

Securing Storage Data PlacementIn addition to securing storage data as it crosses the fabric betweeninitiator (server) and target (storage array), it may also be necessary tosecure storage data at rest. Safeguarding data at the storage systemhas two components. First, the application data must be written to itsspecified storage location in a storage array. The authorized relation-ship (binding) between a server application and its designated storagelocation ensures that an unauthorized server cannot inadvertently ordeliberately access the same storage data. Second, additional datasecurity can be provided by payload encryption as the data is written todisk or tape. Unauthorized access to or removal of disk drives or tapecartridges would thereby render the data unintelligible without theappropriate encryption keys.

LUN MaskingLUN masking restricts access to storage resources by making visible toa server only those storage locations or logical units (LUNs) behind azoned storage port that a server is authorized to access. Both fabriczoning and LUN masking are needed to fully enforce access controls.Zoning defines server to storage port access control while LUN mask-ing defines which storage LUNs behind the storage port are availableto the server and its applications. If a large storage array, for example,supports 10 LUNs, a server may see only 1 available LUN. The other 9have been masked from view and are typically assigned to differentservers.



Figure 16. Restricting visibility of storage Logical Units via LUN masking

LUN masking provides access control between storage assets andauthorized servers, preventing a server from inadvertently or deliber-ately attaching to unauthorized resources, as shown in Figure 16.Without LUN masking, a Windows server, for example, could query thefabric for available resources and attach to storage LUNs previouslyassigned to a Solaris server. Since Windows writes a disruptive signa-ture to its attached LUNs, this would render the Solaris dataunreadable. Although LUN masking can be implemented on an HBA atthe host, it is typically performed on the storage array after initialconfiguration.


SAN Security

iSCSI LUN MappingiSCSI LUN mapping is an additional technique to extend control of stor-age assets and create authorized connectivity across IP SANs. WithLUN mapping, the administrator can reassign LUNs to meet the stor-age requirements of specific servers. A LUN 5 on the disk array, forexample, can be represented as a LUN 0 to an iSCSI server, enabling itto boot from disk under tighter administrative control. Centralizedmanagement and iSCSI LUN mapping can ensure that servers loadonly their authorized system parameters and applications, and in com-bination with LUN masking, attach only to designated storageresources.

Internet Simple Name Server (iSNS)The Internet Storage Name Service (iSNS) is an IETF-approved protocolfor device discovery and management in iSCSI networks. iSNS com-bines features from Fibre Channel SNS with IP Domain Name Server(DNS) capability. As an integral part of the protocol definition, iSNSincludes support for public/private key exchange, so that storagetransactions in IP SANs can be authenticated and payload secured.iSNS has been endorsed by Microsoft and other vendors as the man-agement solution of choice for iSCSI and IP storage environments.

Encryption of Data at RestRecent publicity on the theft or loss of tape backup cartridge sets anddisk drives in large corporations highlights the inherent vulnerability ofremovable media. Retrieving storage data on tape or disk may requireexpensive equipment, but the proliferation of SAN technology has low-ered the threshold for this type of data theft. The highest level ofsecurity for storage data at rest is therefore provided by encryption ofdata as it is written to disk or tape. Previously, data encryption in theSAN imposed a significant performance penalty. With current SANsecurity technology, however, encrypting and decrypting data as itmoves to and from storage devices can be achieved with minimalimpact on production. As in any encryption solution, management ofencryption keys places an additional obligation on storageadministration.



Securing the Management InterfaceManagement of a SAN infrastructure is typically performed out of bandvia Ethernet and TCP/IP. A Fibre Channel fabric switch, for example,provides Fibre Channel ports for attachment to servers, storage sys-tems, and other fabric switches (via ISLs), while also providing anEthernet port for configuration and diagnostics of the switch itself.Unauthorized access to the management port of a fabric switch istherefore an extreme liability. Deliberate or inadvertent configurationchanges to a switch can result in unauthorized access to storageassets or loss of access altogether (also known as “denial of service”).

In some implementations, fabric management is performed in band,over the Fibre Channel infrastructure. This approach provides addi-tional protection by making it more difficult for an intruder to tap intothe management data stream. However, if a Fibre Channel connectionis down, both production data and management data are blocked. Forlarge enterprises, redundant pathing through the fabric is used toensure that both production and management data have alternateroutes if a link failure occurs.

Whether in band or out of band, ultimately an administrative interfacemust be provided at a console. As in mainstream data communica-tions, it is therefore critical that the operator at that console hasauthorization to monitor fabric conditions or make configurationchanges. Standard management security mechanisms, such as CHAP(Challenge-Handshake Authentication Protocol), SSL (Sec)ure SocketsLayer), SSH (Secure Shell), and RADIUS (Remote Authentication Dial-InUser Service) are typically used to enforce access authorization to thefabric and attached storage systems.


Going to the Next Level: The Brocade Data Center Fabric

Going to the Next Level: The Brocade Data Center FabricThe foundation elements of resilient storage systems and robust andsecure fabrics are prerequisites for implementing a coherent data pro-tection strategy. The next phase in SAN evolution, however, mustextend the coverage of data to the upper-layer applications that gener-ate and process data. This new application-centric approach isembodied by the Brocade data center fabric (DCF) architecture and itssupporting products, including the Brocade DCX Backbone, launchedin January 2008.

The unique application focus of the Brocade DCF design aligns theentire storage infrastructure to the more dynamic requirements oftoday's business operations. For both server platforms and storage,rigid physical connections between applications and data are beingreplaced with more flexible virtual relationships and shared resourcepools. Enhanced data mobility, protection, and security are now key topreserving data integrity and fulfilling regulatory requirements. Bycombining enhanced connectivity with advanced storage and applica-tion-aware services, the Brocade DCF is centrally positioned tocoordinate new capabilities in both server and storage platforms andmaximize data center productivity.

To minimize disruption and cost, the Brocade DCF architecture, shownat a high level in Figure 17, is designed to interoperate with existingstorage and fabric elements while providing enhanced services whereneeded. The Brocade DCX Backbone, for example, integrates withexisting Brocade and third-party fabrics and extends their value by pro-viding Adaptive Networking services, multi-protocol connectivity, datamigration services, storage virtualization, data encryption for data atrest, and other advanced services throughout the data center fabric.To simplify administration, these advanced services can be automatedvia policy-based rules that align to upper-layer applicationrequirements.



Figure 17. The Brocade DCF provides the infrastructure to optimize the performance and availability of upper-layer business applications



2
Backup Strategies
Tape backup for data centers has been one of the original drivers forthe creation of SAN technology. Before the advent of SANs, backing upopen systems storage data over 100 Mbit/sec Ethernet LANs was sim-ply too slow and did not allow sufficient time to safeguard all dataassets. As the first gigabit network transport, Fibre Channel providedthe bandwidth and an alternate storage network infrastructure to off-load backup operations from the LAN. Subsequently, the developmentof SCSI Extended Copy (third-party copy or TPC) technology also freedindividual servers from backup operations and enabled direct SAN-based backup from disk to tape.

Although obituaries for the demise of tape have been written repeat-edly over the past few years, tape endures as the principle mainstay ofdata protection. Unlike spinning disk media, once data is committed totape it can be transported offsite and vaulted, and has a reasonableshelf life. Even data centers that use newer disk-to-disk tape emula-tion for primary backup also often implement a final backup to tape.

Conventional Local Backup Tape backup operations and best practices date back to mainframeand midrange computing environments. Backup processes are thuswell defined for both proprietary and open systems applications, andtechnology innovation has largely focused on higher performance andgreater storage density of tape cartridge formats and robotics. Evensecond-generation initiatives, such as virtual tape libraries (VTLs), relyon established practices honed over the years by conventional tapebackup operations.

37

Chapter 2: Backup Strategies

Tape backup routines are shaped by an organization's recovery pointobjective (RPO) and recovery time objective (RTO). The recovery point,or the amount of data loss that can be tolerated in the event of datacorruption or outage, determines how frequently backups are exe-cuted. The recovery time objective is determined by how the backupsare performed (incremental, differential, or full) and the severity of theoutage itself. A minor event, for example, may have a shorter recoverytime if an incremental backup can be used to restore data. A baremetal restore (for example, required when an entire storage arrayfails), by contrast, may have a much longer recovery time, since bothfull and incremental backups must be restored to rebuild the mostrecent data state.

For many companies today the RPO for mission-critical applications isat or near zero. The loss of any data transaction is unacceptable. Fortape backup schedules that rely on daily incremental backups, then,additional utilities such as snapshots or continuous data protectionare required to protect against data loss that may occur between incre-mental backups. Not all data is essential for a company's survival,however, and the RPO can vary from one application to another. Peri-odic tape backup on a daily basis is therefore the lowest commondenominator for safeguarding all data assets, while more advancedoptions should be implemented selectively for the highest-value data.

In addition to RPO and RTO criteria, tape backup operations arebounded by the dimensions of the backup window, or the allowabletime to complete backups for all servers. Typically, applications mustbe quiesced so that files or records can be closed and in a static statefor backup. For global or other 7/24 operation enterprises, however,there may be no opportunity to quiesce applications and thus nobackup window at all. Although backup software can be used for copy-ing open files, the files themselves may change content as the backupoccurs.

Conventional tape backup architectures for shared open systems envi-ronments are typically LAN-based, LAN-free (SAN-based), or server-free(SAN-based with Extended Copy). Although LAN-based backup configu-rations are still common for small and medium-sized businesses,today's enterprise data centers normally perform backup operationsacross a storage network.


Conventional Local Backup

Figure 18. LAN-based tape backup transports both data and meta-data over the LAN

As shown in Figure 18 a LAN-based tape backup configurationrequires a backup server that acts as the repository for metadata(information on the structure of files and which files or records havebeen copied) and the gatekeeper of the target tape subsystem.Although metadata may incur little overhead on the LAN, the continu-ous streaming of gigabytes of data from the production server to thebackup server can seriously impact other LAN-based applications.

Traditional LAN-based tape backup is based on backup of files. Eachserver on the LAN may have gigabytes of direct-attached storage thatneeds to be secured through backup. The backup server instructseach server to initiate a backup, with the data sent over the LAN fromserver to backup server. This type of backup involves multiple conver-sions. Upon launching a backup, the target server must read blocks ofSCSI data from disk, assemble the blocks into files, and packetize thefiles for transfer over the LAN. At the backup server, the inbound pack-ets must be rebuilt into files, while the files are, in turn, disassembledinto blocks to be written to tape. The original data blocks that resideon the target storage therefore undergo four steps of conversionbefore reappearing at the destination as blocks: blocks > file > pack-ets > file > blocks. Both the server and backup server must devoteconsiderable Central Processing Unit (CPU) cycles to both SCSI andnetwork protocol overhead.



In addition, the limited bandwidth of the LAN (typically 1 Gbit/secEthernet) can impose a much longer backup window. Simply movingthe data path off the LAN and onto a higher performance storage net-work can alleviate the dual problem of LAN traffic load and backupwindow constraints. This was one of the initial issues that acceleratedthe adoption of SANs in enterprise data centers.

Figure 19. LAN-free tape backup separates the metadata and data paths to offload the LAN transport and optimize backup streams across the SAN

Figure 19 illustrates a LAN-free, SAN-based tape backup scheme. Inthis case, the target tape subsystem is deployed on the storage net-work to create a more direct path between the production server andtape. As in LAN-based backup, the backup server is responsible formaintaining metadata on the backup process, but the productionserver can now request data from storage and copy it directly to thetape target. With the LAN transport no longer a bottleneck for streamsof backup data, the backup window becomes more manageable. Still,in both LAN-based and LAN-free solutions, the server remains in thedata path, reading data from storage and writing data to tape.



Figure 20. Server-free backup removes the production server from the data path, freeing CPU cycles for applications instead of backup operations

Server-free backup takes a more direct path between storage and tapeby eliminating the production server from the backup process. Asshown in Figure 20 an extended copy engine in the SAN assumes bothinitiator and target roles on behalf of the server to perform the readsand writes of data for the backup operation. The extended copy enginecan be resident in a SAN director or switch, an appliance attached tothe SAN, or embedded in the tape subsystem. The backup server isstill required to host metadata and monitor backup status, but themetadata path can now be across the SAN or via a LAN-attachedextended copy controller.

While the high-performance SAN infrastructure and advanced utilities,such as extended copy, facilitate efficient backup of storage data, theapplication software that initiates and manages backup processes var-ies in capabilities from vendor to vendor. Although every storageadministrator recognizes the necessity of data backup, it is sometimesdifficult to verify that a backup operation was completed and that thetapes can actually be used to restore data. In addition, regular backupoperations may repeatedly copy data that is unchanged over time,which adds to the volume and duration of the backup process. Ven-dors of backup software may provide additional utilities forverification, point-in-time (snapshot) backup for active databases,changed-block-only backup, data de-duplication, or other value-added



backup services. As the volume of storage data grows, the task ofsecurely backing up data in a reasonable time frame is increasinglydifficult.

Backup FabricsData traffic on a production SAN is typically characterized by high I/Oof fairly short transactions. With the exception of streaming video orlarge image data applications (for example, medical or geophysicalimaging), the brevity of normal business transactions across a SANmakes those transactions more tolerant of transient fabric issuessuch as congestion or disruption. Tape backup, by contrast, is charac-terized by the continuous streaming of blocks of data from the initiatorto the tape target. Any fabric disruption in the backup stream canabort the entire backup operation. Data centers can therefore elect tobuild a separate and dedicated fabric for tape backup, both to mini-mize disruption to the backup process and to offload the tape trafficfrom the production SAN.

Figure 21. A dedicated tape SAN isolates the backup process from the production SAN

As shown in Figure 21, a dedicated tape SAN can be implemented inparallel with the production SAN to isolate backup traffic from otherstorage transactions. Because most Fibre Channel-to-SCSI bridges fortape attachment were originally based on Fibre Channel ArbitratedLoop (FCAL) protocol, the tape SAN would employ FCAL-capableswitches and FCAL HBAs for server attachment. Today, Fibre Channelports are typically integrated into tape subsystems and thus eliminatethe need for bridge products. Although implementing a separate tape



SAN may require additional hardware and management, it doesenhance stability of tape operations to ensure backup completion.While Brocade enterprise-class platforms are commonly used for pro-duction SAN connectivity, Brocade SAN switches, such as the Brocade5000 Switch, are often used to build dedicated tape backup SANinfrastructures.

Disk-to-Disk (D2D) Tape EmulationOne of the persistent complaints made against tape backup stemsfrom the disparity between disk array speeds and tape speeds. Diskmedia simply spins at much higher rates than tape media, makingtape the inevitable bottleneck in the backup process. In addition, tapebackup is a linear process that is protracted by the constant reposi-tioning of the tape media to the read/write head. The “shoe shine”motion of tape is essential for accurately positioning the tape media tomark the beginning of a backup stream, but necessarily incurs latency(as well as wear on the media itself).

Figure 22. Disk-to-disk tape emulation requires no changes to backup software



Because tape backup processes and software are so ubiquitous indata centers, it has been difficult to replace tape backup with an alter-native technology. Consequently, vendors have developed tapeemulation products that enable disk arrays to behave as conventionaltape targets. In addition, some tape emulation devices can assumethe personality of different types of tape subsystems and so enable asingle emulation device to service multiple tape backup solutions.

Because disk-to-disk tape emulation eliminates the bottleneck posedby tape mechanics, it is possible to dramatically reduce backup win-dows. Data retrieval from D2D is also expedited for either partial or fulldata restorations. As shown in Figure 22, disk-to-disk tape emulationcan be configured with an external appliance or be embedded in aspecialized disk array controller. From the standpoint of the backupapplication, the target device appears as a conventional tape sub-system. This makes it possible to drop in a D2D solution with no majorchanges to backup operations.

Disk-to-Disk-to-Tape (D2D2T)Not all customers are comfortable, however, with committing theirbackup data entirely to spinning media. Consequently, a disk-to-disktape emulation installation may be supplemented by a conventionaltape subsystem for long-term data archiving, as shown in Figure 23.Once data is backed up to the D2D array, it can be spooled to thedownstream tape subsystem and cartridges can be shipped offsite forsafekeeping. In this case, the tape device no longer imposes a bottle-neck to the backup process, since the initial backup has already beenexecuted to disk. D2D2T does not eliminate tape, but helps overcomethe limitations of tape in terms of performance for both backup andrestore of data. With ever-increasing volumes of data to safeguard viabackup and with regulatory compliance pressures on both data preser-vation and retrieval, D2D2T provides a means to both expediteprocesses and ensure long-term data protection.


Remote Backup

Figure 23. Combining disk-to-disk tape emulation with conventional tape backup

Remote BackupBy leveraging storage networking, large enterprise data centers cancentralize backup operations for local storage systems and replacemultiple dispersed tape devices with larger, higher-performance tapesilos. In addition to the main data center, large enterprises may alsohave several smaller satellite data centers or regional offices with theirown storage and backup systems. Gaining control over all enterprisedata assets is difficult when backup processes can vary from oneremote location to another and when verifying the integrity of remotelyexecuted backups is not possible. The trend towards data center con-solidation is therefore expanding to remote facilities, so that atminimum corporate data can be centrally managed and safeguarded.

Previously, the limitations of WAN bandwidth excluded the possibilityof centralizing storage data backup operations from remote locationsto the main data center. Today, the combination of readily availablebandwidth and new storage technologies to optimize block data trans-port over WANs enables the centralization of tape backup operationsthroughout the enterprise.



Figure 24. Consolidating remote tape backup places all data under the control and best practices of the data center

As shown in Figure 24, remote sites can now leverage dark fiber,Dense Wave Division Multiplexing (DWDM), SONET, IP, or other WANtransports and protocols to direct backup streams to the central datacenter. SAN routers such as the Brocade 7500E, Brocade EdgeM3000, and Brocade USD-X, as well as the FR4-18i Extension Bladefor the Brocade 48000 Director and Brocade DCX Backbone, providehigh-performance storage connectivity over WANs and optimize blockdata transport for backup and other storage applications.

Consolidating backup operations to the main data center enables cus-tomers to extend data center best practices to all corporate data,including verification of scheduled backups and restorability of tapesets. If the primary data center implements disk-to-disk or D2D2Ttechnology, accelerated backup and data retrieval are likewiseextended to remotely generated data assets. In addition, the offload-ing of backup operations to the data center reduces the requirementfor remote support personnel, remote tape hardware, and remote tapehandling and offsite transport.


Remote Backup

Tape VaultingThe introduction of WAN optimization technology for block storagedata and increased availability of WAN bandwidth offer additionalstrategies for data protection, including the shifting of all backup oper-ations to centralized tape backup facilities. In this case, even datacenter backup operations are offloaded--with the additional advantagethat even the failure of one or more data centers would still leave cor-porate data accessible for restoration to a surviving data center orthird-party service.

Figure 25. Tape vaulting centralizes all data backup to a secure loca-tion dedicated to protecting all corporate data

As illustrated in Figure 25, tape vaulting further centralizes data pro-tection by hosting all backup operations in a secure, typically hardenedremote facility. In the event of a catastrophic failure at one or moreproduction sites, the most recent backups can be restored from thetape vault to resume business operations. As with centralized tapebackup, tape vaulting can provide enhanced protection for all corpo-rate data and facilitate higher levels of security, such as encryption ofdata as it is being written to tape. Larger enterprises may implementtheir own tape vaulting sites, but third-party services by companiessuch as Iron Mountain are also available.



Tape PipeliningIn the remote tape backup examples above, the transmission latenciesassociated with long-distance networking were not factored in. Speedof light latency results in about 1 millisecond (ms) of latency per 100miles each way, or 2 ms for the round trip. Depending on the quality ofthe wide area network service, additional latencies incurred by net-work routers may be significant. As will be discussed in more detail inChapter 3, “Disaster Recovery,” transmission latency over long dis-tances has a direct impact on storage applications and in particular ontape backup. Although nothing can be done about the speed of light(other than quantum tunneling, perhaps), Brocade has addressed theproblem posed by latency for remote tape backup by introducing tapepipelining technology.

Tape pipelining is used in the Brocade USD-X and Edge M3000 toexpedite the delivery of tape backup streams over very long distances.Without tape pipelining, every tape I/O must wait for acknowledge-ment from the receiving end before the next I/O can be executed.

Figure 26. Without tape pipelining, performance falls dramatically dur-ing the first 10 miles.

As shown in Figure 26, unassisted tape backup over distance slowsdramatically over the first few miles as both the transmission andacknowledgement encounter longer latencies. Tape pipeliningresolves this problem by providing local acknowledgement to tape I/Os. The Brocade USD-X and Edge M3000 buffer the I/Os issued by thelocal backup server, provide immediate acknowledgments for eachone, and then stream the backup data across the WAN link. At thereceiving end, they buffer the received data and spool it to the tapecontroller. Because neither storage router empties its buffers until thetarget tape device acknowledges that the data has been received, atemporary disruption in the WAN link will not result in loss of data orabort of the tape backup session.


Remote Backup

Tape pipelining is the enabling technology for enterprise-wide consoli-dated tape backup and remote tape vaulting for both open systemsand FICON (Fiber Connectivity). It is currently supported on a wide vari-ety of WAN interfaces, including SONET, dark fiber, DWDM, ATM,Ethernet, and IP networks. In combination with IP networking, in partic-ular, tape pipelining offers an economical means to span thousands ofmiles for centralized backup. Companies that were previously limitedto metropolitan distances can now place their data protection andarchiving sites in safe havens far from potential natural or socialdisruptions.

Data Restoration from TapeThe elephant that is always in the room with tape backup is restorationof data from tape to disk in the event of a data corruption or data cen-ter disaster. No one wants to think about it and consequently manycompanies do not test the viability of their tape backup cartridges forrestorability. As a result, tape backup is sometimes treated as a roteprocess driven by good intentions. It may mark the check box of regula-tory compliance, but without periodic testing cannot ensure dataprotection.

Although the backup window is critical for committing all disk data totape, it is the restoration window that will determine the length of out-age and the loss of revenue from lost business. The recovery timeobjective should therefore be realistically calculated on these basicvariables to the restoration process:

• The total volume of data to be restored

• The number of tape mounts required for that volume

• The speed of the tape subsystem

• The speed of the backup network

• The configuration of the target disk array

If tape restore is performed over Gigabit Ethernet, for example, a tapesubsystem capable of 140 Mbit/sec will encounter a bottleneck at the100 Mbit/sec limitation of the network. By contrast, a Brocade FibreChannel backup SAN can provide 2 Gbit/sec to 8 Gbit/sec throughputand support multiple tape restore streams concurrently.

The design of a comprehensive and viable tape backup and restoresolution will determine whether data recovery takes hours, days, oreven weeks. Even the best design and implementation, however, isincomplete without periodic testing for restorability and resumption ofnormal business operations.



3
Disaster Recovery
Disaster Recovery (DR) is often viewed as an insurance policy. No onelikes to pay the premiums but everyone fears the repercussions of notbeing covered. For today's enterprise data centers, Disaster Recoveryis virtually a mandatory requirement, if not for regulatory compliancethen for company survival. Whether downtime costs thousands or mil-lions of dollars per hour, a prolonged data outage leaves a companyvulnerable to competition, depreciation of brand, and loss of custom-ers. One of the persistent challenges for IT administrations then is tocreate a workable disaster recovery plan that is always under constantpressure from budgetary constraints and the steady growth of datarequiring protection.

Over the past decade storage networking technology has developed anew set of products and protocols that facilitate practical implementa-tion of today's disaster recovery requirements. We are no longerbounded by distance or bandwidth restrictions and it is now possibleto deploy disaster recovery solutions that span thousands of miles.Brocade SAN Routers, for example, are supporting DR installationsthat link sites in Japan to recovery centers on the US east coast andothers that span the Atlantic from Europe to the US. These extremelylong-distance data protection solutions were unthinkable 10 yearsago. In addition, high performance DR is now possible for metro orregional sites. Brocade directors provide sufficient buffering to drive10 Gbit/sec performance for over 50 miles with maximum link utiliza-tion. Along with the technological innovations discussed below, thesenew capabilities are breaking the boundaries for implementing enter-prise-wide DR solutions and give customers the flexibility to tailorsolutions to their own specific requirements.

51

Chapter 3: Disaster Recovery

Defining the Scope of Disaster Recovery PlanningIn terms of data storage, Disaster Recovery represents an essentialaspect of the much broader scope of business continuity. Businesscontinuity planning must include personnel, facilities, remote offices,power, transportation, telephone, and communications networks, inaddition to the data center infrastructure. The narrower scope of DRplanning focuses on data accessibility and so must consider servers,storage networks, and the data center physical plant. This includesproviding additional features, such as standby diesel power generatorsor redundant systems, to support a primary data center and provision-ing dedicated recovery sites should the primary data center failcompletely.

Disaster Recovery planning can be as streamlined as implementingperiodic tape backup and then relying on a service provider for datarecovery and access or as complex as designing for multiple levels ofdata protection at the primary data center and cloning the entire infra-structure at one or more recovery sites. Data centers represent such asubstantial investment, however, that duplicating servers, storageinfrastructure, cooling, and facilities for standby operation is difficult tojustify to non-IT upper management. Enterprises are therefore oftendual-purposing recovery sites for both DR and production or applica-tion development processing.

As recent history has shown, both natural and man-made disastershave severe social and economic repercussions. No geographical loca-tion is immune from potential disruption, but clearly some geographiesare more vulnerable than others. Coastal areas vulnerable to hurri-canes, earthquakes, and tsunamis have an inherently higher riskfactor compared to inland areas, but even inland sites may be vulnera-ble to tornados or periodic flooding. Disaster Recovery planning shouldfactor in the inherent risk of a specific data center location and thatassessment in turn drives selection of appropriate technologies andsafe havens. A DR plan that uses Oakland as a recovery site for a datacenter in San Francisco, for example, probably does not adequatelyprotect against the potential effects of the San Andreas fault.

How far does data have to travel to be safe? Prior to 9/11, companiesin Manhattan commonly relied on recovery sites in New Jersey. NewJersey itself suffered disruption, however, with the anthrax attacks themonth following the World Trade Center (WTC) attacks. During the cas-cading Northeast power blackout in August, 2003, data centermanagers discovered that locating recovery sites hundreds of milesapart still cannot protect against severe failures of regional utilities.


Defining RTO and RPO for Each Application

A similar realization occurred in New Orleans in the fall of 2005, whencompanies whose recovery sites were in Houston were hit by both Hur-ricanes Katrina and Rita within a month's time. Previously, theselection of a recovery site was limited by technology. It simply was notpossible to transport storage data beyond a metropolitan circumfer-ence. With current technologies now able to send storage datathousands of miles, companies can locate their recovery centers farfrom regional vulnerabilities.

Defining RTO and RPO for Each ApplicationWhile all corporate data hopefully has some value, not all data needsto be instantly accessible for the immediate resumption of business incase of disaster or outage. One of the first steps in implementing aneffective Disaster Recovery strategy is to prioritize corporate data andapplications and match data types to levels of recovery. Online trans-action processing, for example, may need a current and full copy ofdata available in the event of disruption. This requirement is generallymet through synchronous disk-to-disk data replication over a suitablysafe distance. For other data, by contrast, it may be sufficient to havetape backups available, with restoration to disk within two to threedays time. The Recovery Point Objective (the amount of data loss thatcould reasonably be accepted) and the Recovery Time Objective (theallowable time after an outage before business is seriously impacted)can both vary from one application to another. Sizing the recovery tac-tic to business requirements helps keep costs under control whilestreamlining a recovery process.

The IBM user group SHARE (founded in 1955, the world's first organi-zation of computing professionals) has defined multiple tiers ofDisaster Recovery protection, ranging from no protection to continuousprotection and availability:

Tier 0. No offsite data backupNo offsite data or means to recover from local disaster

Tier 1. Data backup with no hot siteOffsite backup with no recovery site (CTAM), or remote disk/tape butno remote processors/servers

Tier 2. Data backup with hot siteOffsite backup with bare metal recovery site (data must be reloadedand processors initialized)

Tier 3. Electronic vaultingElectronic transmission of most current mission-critical data with taperestore for remainder



Tier 4. Point-in-time copySnapshot copy of current volumes for streaming to remote disk

Tier 5. Transaction integrityApplication-dependent data consistency between the production andthe remote DR site

Tier 6. Zero or little data lossAsynchronous or synchronous disk-to-disk copy with independent dataconsistency

Tier 7. Highly automated, business-integrated solutionSynchronous disk-to-disk copy / automatic recovery of systems andapplications

The significance of this Disaster Recovery ranking is not that a com-pany must choose a single tier for all applications, but that differentapplications may merit different tiers. For example, a retail chain maybe able to sustain a lengthy data center outage for applications relat-ing to inventory or point-of-sale statistics. The individual stores, afterall, can continue to transact business, sell goods, and accumulateincome for weeks before shelf inventory becomes critical. A weeks-long outage of Microsoft Exchange, however, would be unacceptable,given that e-mail today is critical to the information flow in all compa-nies. In this example, Exchange would qualify for Tier 6 or 7 handling,while inventory applications might adequately be served by Tier 1 or 2solutions.

Prioritizing business applications and data and then pairing differentapplications to different tiers of recovery are probably the most diffi-cult but essential steps in formulating a cost-effective DR plan. If youasked individual business units if their data is critical to the survival ofthe company, of course, they would all say yes. An objective assess-ment of the business value of application data is therefore required toboth contain costs and to ensure that truly mission-critical data getspriority during recovery. The alternative approach is to simply give allcorporate data equal value and priority, but this simpler solution isalso the most expensive. Synchronous data replication of inventoryprojection data or program development code can certainly be done(and storage vendors will gladly sell you the requisite additional stor-age and software licenses), but such data is better served bytraditional backup and offsite tape transport.


Synchronous Data Replication

Synchronous Data ReplicationSynchronous data replication is often used for application data thatrequires a zero or near-zero recovery point objective. Typically imple-mented at the disk array controller, every write of data to disk isduplicated and sent to the (typically remote) secondary or recoveryarray. As shown in Figure 27, the local write complete status is notreturned to the initiating server until the secondary array has com-pleted its write operation.

Figure 27. Array-based synchronous replication over distance

Because every transaction must be confirmed by the secondary stor-age array, synchronous data replication provides an immediate RPOand RTO. In the event of a failure of the primary array or data center,operations can be immediately resumed at the recovery site with nodata loss. As the distance between primary and recovery sitesincreases, however, transmission latency can adversely impact serverperformance. Synchronous data replication is therefore typicallyrestricted by the supplying vendor to about 150 miles or less. Forlonger distances, asynchronous replication can be used.

Conventional array-based synchronous data replication is typically pro-prietary and requires the same vendor products on both ends. Forcustomers who prefer a single vendor solution (or sometimes a “singleneck to choke”) this may not be an issue, but it does present a chal-lenge to customers who have heterogeneous storage systems eitherthrough mergers and acquisitions or vendor changes over time. How-ever, proprietary solutions are often accompanied by unique value-added services optimized for the vendor's architecture.



Figure 28. Maximizing utilization of large storage systems for bi-direc-tional replication

In Figure 28, for example, the primary and secondary storage arrayscan be partitioned so that each array serves as the recovery system forthe other. This active-active configuration enables the both primaryand secondary sites to function as full production centers and as zero-data-loss recovery sites should either array or site fail.

Metro DRGiven the distance limitations of synchronous data replication, it isnormally deployed within metropolitan environments. A financial insti-tution with several sites in a city, for example, would implementsynchronous data replication to safeguard every data transaction,even though all of the sites are vulnerable to potential disruptionsinherent to that geography. The risk that one or all sites may fail simul-taneously (for example, in the event of a major earthquake) must bebalanced against the likelihood of failures due to less disruptiveevents. The vast majority of data outages, after all, are due to operatorerror or the unintended consequences of upgrades or periodic servicecalls. As is discussed below, companies can implement a tiered DRplan that combines synchronous data replication as primary protectionwith asynchronous replication as a safeguard against true disasters.

Today customers have a variety of options for Metropolitan Area Net-work (MAN) services to support synchronous data replication.Companies can install or lease dark fiber between primary and recov-ery sites and use DWDM or Course Wave


Synchronous Data Replication

Division Multiplexing (CWDM) to maximize utilization of the fiber opticcable plant. DWDM currently supports up to 64 channels on a singlefiber optic cable while CWDM, as the name implies, supports fewer at8 to 16 channels per fiber. Both DWDM and CWDM are protocol agnos-tic and so can support native Fibre Channel, Gigabit Ethernet, or IPover Ethernet. In combination with Brocade directors, switches andSAN Routers, DWDM/CWDM can easily accommodate metro storageapplications, including resource sharing and Disaster Recovery forboth open systems and FICON.

In many metropolitan areas, MAN service providers have built exten-sive Synchronous Optical NETwork (SONET) rings around primarybusiness districts. Packet Over SONET (POS) enables encapsulation ofIP and so can be used for IP storage protocols, such as FCIP or iSCSI.In addition, some vendors provide interfaces for bringing native FibreChannel traffic into SONET.

Figure 29. Leveraging metro SONET for native Fibre Channel disaster recovery

As shown in Figure 29, Brocade directors at both primary and recoverysites are Fibre Channel-attached to FC-SONET interfaces to connect tothe metropolitan SONET ring. With speeds from OC3 (155 Mbit/sec) toOC48 (2.5 Gbit/sec) SONET is a viable option for metro disaster recov-ery solutions.

Carriers are also providing Gigabit and 10 Gigabit Ethernet transportsfor metropolitan data applications. Metro Ethernet services are mar-keted primarily for Internet broadband connectivity but can supportany IP traffic including FCIP for DR traffic. In the future, metropolitan10 Gigabit services will also be able to support Fibre Channel overEthernet (FCoE) once that protocol has achieved maturity.



Leveraging High Speed ISLsFor enterprise-class metropolitan DR applications, use of native FibreChannel Inter-Switch Links (ISLs) for connectivity between primary andrecovery sites eliminates the overhead of protocol conversion and sim-plifies deployment and management. A single ISL, however, may notbe sufficient to support the total volume of DR traffic, particularly ifdata replication for some applications is running concurrently withtape backup streams for other applications. To address this issue, Bro-cade has pioneered trunking technology that enables multiple ISLs tobe treated as a single logical ISL or trunk.

Figure 30. Using Brocade trunking to build high performance metro disaster recovery links

As illustrated in Figure 30, up to eight 4 Gbit/sec ISLs can be com-bined to create a single logical ISL capable of up to 32 Gbit/secthroughput. Brocade trunking maintains in-order delivery of frames toensure data reliability. Because all links are treated as a single logicalISL, the loss of a single ISL may reduce the total available bandwidthbut will not disrupt availability. Trunking is further enhanced with Bro-cade Dynamic Path Selection (DPS), which provides exchange-basedload balancing when multiple ISL trunks are configured between multi-ple switches.

The example shown in Figure 30 shows a maximum configuration butin practice two to four 4 or 8 Gbit/sec trunked ISLs would be sufficientfor most metro DR applications. In addition, because each ISL is con-nected to a different DWDM channel, the transmission length deltasbetween the channels must be considered. Typically a metro distanceof 50 miles or less is suitable for trunked ISLs over DWDM.

Brocade has also introduced high-performance 10 Gbit/sec FibreChannel ISLs to further simplify the cabling scheme. The Brocade FC-10-6 blade, for example, supports six 10 Gbit/sec FC ports and up toforty-eight 10 Gbit/sec ports can be configured in a single Brocade48000 Director chassis. As with all extension technologies, the band-width-to-distance ratio dictates that the higher the bandwidth, the


Asynchronous Data Replication

shorter the distance that can be supported. The 10 Gbit/sec FibreChannel port speed, however, is still adequate for most metro dis-tances. If longer metro distances are required, trunked ISLs at lowerspeeds can be provisioned.

Asynchronous Data ReplicationFor data replication beyond the 150-mile radius supported by synchro-nous applications, asynchronous data replication can be used.Asynchronous data replication maintains optimum server performanceby immediately issuing write complete status as soon as the data iscommitted to the local disk array. Multiple write operations are buff-ered locally and then sent en masse to the remote secondary array. Asshown in Figure 31, the remote array sends back its own write com-pletes as they are executed. The primary array can then flush itsbuffers for the previous transactions and issue additional I/Os.

Figure 31. Asynchronous data replication buffers multiple I/Os while providing immediate local acknowledgement

Asynchronous data replication cannot guarantee a zero RPO if the pri-mary array suffers a sudden failure. There is always the risk that oneor more transactions will be lost. For transitory WAN disruptions, how-ever, most asynchronous schemes can resume operations by re-issuing frames still held in the array buffers. In addition, if BrocadeSAN Routers are used to provide WAN connectivity, they will also keepthe most recent transactions buffered until acknowledgment by thereceiving SAN router and this means that recovery of operations is ini-tiated independent of the storage arrays.

Asynchronous data replication can be array based, appliance based ordriven by a storage virtualization engine in a standalone product ordirector blade. Because asynchronous data replication is transparent



to server performance, it can drive over much longer latencies andsupport DR configurations spanning thousands of miles. Long-dis-tance WAN services are expensive, however, and the technicalchallenge for SAN extension for long haul DR is to optimize utilizationof the available bandwidth and get more data across in less time.

Going the DistanceBandwidth and latency are distinct and unrelated variables. Band-width can determine how much data can be issued across a link, buthas no effect on how long it takes to get to the other side. Latency isdetermined by transmission distance as well as intervening networkequipment and mitigating its effects requires other clever engineeringtechniques. Transaction latency over distance must account for bothtransmission of data and receipt of acknowledgment.

As shown in Table 2, transmission latency is about 1 millisecond (ms)per 100 miles or about 2 ms round trip. Because asynchronous trans-actions are largely immune to latency, 80 ms or more round trip isacceptable. Still, if the latency of a certain distance is fixed by the lawsof nature and network equipment, it is always desirable to maximizethe amount of data that is delivered within the latency period.

Table 2. Transaction latency over distance

Point-to-Point Distance (km)

Point-to-Point distance (mi)

Latency each way (ms)

Round-trip latency (ms)

893 555 5 10

1,786 1,110 10 20

2,679 1,664 15 30

3,572 2,219 20 40

4,465 2,774 25 50

5,357 3,329 30 60

6,250 3,884 35 70

7,143 4,439 40 80



Brocade SAN extension products employ a number of innovations toreduce the negative impact of transmission latency on upper-layerapplications. Current Brocade SAN extension products leverage theavailability and longer reach of TCP/IP networks by encapsulatingFibre Channel in IP. FCIP and Internet Fibre Channel (iFCP) enable stor-age traffic to take advantage of IP-based technologies such as jumboframes, data compression, and IP Security (IPSec) to both expeditedata delivery and secure storage data as it traverses the network. TheBrocade enhancements discussed below include both IP-based andFibre Channel-based mechanisms that work in concert to optimize linkutilization and boost performance.

Credit StarvationBecause the Fibre Channel architecture was originally designed forlocal data center application, support for long-distance deploymentwas never a priority. SAN connectivity is measured in feet or metersand only occasionally in miles or kilometers. Consequently, the stan-dard switch ports used for device attachment do not require largebuffers to accommodate long-distance transmission. The Brocade5000 Switch, for example, provides long-haul connectivity up to about25 miles at 4 Gbit/sec and about 50 miles at 2 Gbit/sec usingExtended Long-Wavelength Laser (ELWL) Small Form-factor Pluggable(SFP) optics. That makes it suitable for metro applications, but it is notdesigned to support transmissions of hundreds or thousands of miles.

Without enhanced port buffering, a standard switch port transmits thecontents of its buffer and then waits for buffer credit renewal from itspartner at the other end of the WAN link, as shown at the top ofFigure 32. As the distance between the two switches is extended,more of the WAN link is idle while the initiator waits for credit replen-ishment. Additional idle time is incurred, however, when the receivingswitch send credits back to the initiator. This credit starvation resultsin wasted WAN bandwidth and further delays in data transmission atthe application layer.



Figure 32. Larger port buffers avoid credit starvation

To address this issue, Brocade SAN extension products such as theBrocade 7500E, 7500, and Brocade Edge M3000 SAN Routers, theFR4-18i Routing Blade, and the Brocade USD-X are designed withlarge port buffers to support long-distance SAN and DR applications.As shown at the bottom of Figure 32, enhanced port buffers enableBrocade SAN extension solutions to fill the WAN pipe with productivetraffic. As the receiving SAN router processes the data and hands it offto the downstream SAN, it can issue a steady stream of credits back toits partner as new data continues to arrive. Maximizing utilization ofthe WAN link both improves performance and the return on invest-ment. The WAN provider, after all, charges for the link whether it isused efficiently or not.

Data CompressionCompression technology identifies repetitive patterns in a data streamand represents the same information in a more compact and efficientmanner. By compressing the data stream, more data can be sentacross the network, even if slower link speeds are used. At the destina-tion, compressed data is returned to its original form and deliveredintact to the receiving device. Brocade implements lossless compres-sion to ensure that the exact information is reproduced from thecompressed data. Only the payload of a packet is compressed and notthe Transmission Control Protocol (TCP) header. Packets with sizesless than 512 bytes are not compressed.



The compression ratio compares the size of the original uncom-pressed data to the compressed data. A compression ratio of 2:1, forexample, means that the compressed data stream is half the size ofthe original data stream. Therefore, by using data compression, a cus-tomer would achieve twice the performance using the same networklinks.

Compression is especially useful when transmitting storage data overa slow link such as a T1 (1.5 Mbit/sec) or 10 Mbit/sec Ethernet. Byenabling compression on a Brocade SAN router, a customer couldachieve 2 MB/sec data throughput on a T1 link and 11 MB/sec datathroughput on a standard 10 Mbit/sec Ethernet link. Data compres-sion thus enables use of slower, less expensive link speeds for suchstorage applications as asynchronous remote mirroring, remote tapebackup, and remote content distribution.

Brocade data compression is recommended for use of T3 (45 Mbit/sec) and higher-speed WAN links. Without data compression, a T3 linkcan deliver approximately 4.6 MB/sec of storage data. With data com-pression enabled, the T3 link can support 25 MB/sec of storage data,more than a fivefold increase in link utilization. Likewise, an OC-3 (155Mbit/sec) WAN link that would normally drive 16 MB/sec throughputcan, using compression, deliver 35 MB/sec throughput, a twofold gainin storage data throughput. Disaster Recovery implementations thattypically use T3 or higher speed WAN links can thus maximize use oftheir wide area services to safeguard more data more quickly.

The efficiency of data compression depends on the data itself and thebandwidth of the WAN link. Not all data is compressible. Graphic andvideo data, for example, does not have the same data characteristicsas database records, which tend to have repetitive bit patterns. Inaddition, data compression is most efficient when there is a greaterdelta between ingress and egress speeds. The lower the WAN linkspeed, the more opportunity there is to examine the data held in theSAN router buffers and to apply the appropriate compression algo-rithms if the data is compressible. If, for example, the ingress speed is1 Gbit/sec Fibre Channel and the egress is Gigabit Ethernet, it is moreexpeditious to simply hand the data to the WAN without compression.This explains why in the examples provided above, compression on aT3 link can enhance performance by a factor of 5:1, while compres-sion on a higher speed OC3 link is only a factor of 2:1.



Jumbo FramesIn encapsulating Fibre Channel storage data in TCP/IP for transmis-sion over conventional WANs, it is necessary to address the disparitybetween Ethernet and Fibre Channel frame sizes. A typical Ethernetframe is 1518 bytes. A typical Fibre Channel frame is about 2112bytes. Wrapping Fibre Channel frames in Ethernet, therefore, requiressegmentation of frames on the sending side and reassembly on thereceiving side. This, in turn, incurs more processing overhead andundermines performance end to end.

To align Fibre Channel and Ethernet frame sizes, a larger Ethernetframe is needed. Although not an official IEEE standard, a de factostandard called “jumbo frames” allows for Ethernet frames up toabout 9 k bytes in length. The caveat for use of jumbo frames is that allintervening Ethernet switches, network routers, and SAN routers mustsupport a common jumbo frame format.

Use of a maximum jumbo frame size of 9 k bytes allows four FibreChannel frames to be encapsulated in a single Ethernet frame. Thiswould, however, complicate Fibre Channel link layer recovery as well asbuffer flow control. Instead, Brocade SAN routers encapsulate a com-plete Fibre Channel frame into one jumbo Ethernet frame. BecauseFibre Channel frames may include extended and optional headers orvirtual fabric tagging information, the jumbo Ethernet frame size is notfixed and varies depending on the requirements of the encapsulatedFibre Channel frame.

Jumbo frames help expedite packet processing by increasing the pay-load of every frame transmission and eliminating the continuousoverhead of segmentation and reassembly of Fibre Channel framesfrom smaller 1500-byte Ethernet frames. If all network equipmentbetween source and destination supported jumbo frames, this isanother option that provides incremental improvement of perfor-mance and link utilization.

Rate LimitingThe TCP layer above IP is an end-to-end insurance policy against dataloss. Because the available bandwidth through a network may be vari-able and traffic loads unpredictable, congestion and buffer overruns inthe intervening network equipment can occur. In IP environments, theresponse to congestion is to simply throw away frames, a reaction thatis horrifying to storage administrators. Packets may be lost, but thanksto the TCP layer they will be recovered and retransmitted. Packetrecovery, however, has a performance penalty. The TCP layer must



identify the missing packets and generate retransmission. The IP layer,in turn, does not simply resume at full speed but incrementally rampsup the transmission rate until congestion again occurs.

Early adopters of SAN extension over IP soon learned of this behaviorwhen curious “sawtooth” performance patterns occurred. Levels ofreasonably high performance were periodically punctuated with sud-den drops, as illustrated in the middle of Figure 33.

Figure 33. Using Brocade rate limiting to avoid congestion and erratic performance

This constant cycle of congestion and recovery severely impacts per-formance and results in wasted bandwidth on the WAN link.

As shown at the bottom of Figure 33, Brocade avoids the erraticbehavior caused by congestion, packet loss, recovery, and IP windowramping by pacing the load delivered to the WAN link. By restricting thetraffic offered to the WAN to the designated bandwidth (in this exam-ple, a T3 at 45 Mbit/sec), Brocade SAN routers can minimize potentialcongestion and recovery latencies and help ensure the uninterrupteddelivery of data that storage applications expect.



FastWrite The SCSI protocol includes commands and status exchanges that facil-itate moving large blocks of data in an orderly fashion between serversand storage. When servers and storage are separated by distance,however, the normal SCSI exchange may lead to inefficient use of thebandwidth available in the WAN link. Brocade SAN routers incorporatea FastWrite option to address this problem. FastWrite preserves stan-dards-based SCSI protocol exchanges, while enabling full utilization ofthe available bandwidth across wide area connections and a 10x orgreater performance increase for storage applications.

Pioneered by Nishan Systems in 2001, FastWrite is now an integralpart of Brocade SAN extension technology. In order to understand howFastWrite works, it is useful to review standard SCSCI write operationsas illustrated in Figure 34. There are two steps to a SCSI write. First,the write command is sent across the WAN to the target. The firstround trip is essentially asking permission of the storage array to senddata. The target responds with an acceptance (FCP_XFR_RDY). The ini-tiator waits until it receives this response from the target beforestarting the second step, sending the data (FCP_DATA_OUT). For largeI/Os, the initiator sends multiple FCP_DATA_OUTs sequentially, butmust wait for an FCP_XFR_RDY for each one as shown in Figure 34.When all the data has finally been received by the target and commit-ted to disk, the target responds with a write complete status(FCP_STATUS). In this example, the SAN routers are simply passingSCSI commands and data across the WAN between the initiator andthe target.

As the distance and accompanying latency between the initiator andtarget increases, more and more transaction time is consumed bySCSI protocol overhead. This appears to be an inevitable result oftransmission latency over long WAN links and that would indeed be thecase if the SAN routers provided only protocol conversion betweenFibre Channel and IP. Brocade SAN routers, however, are intelligentdevices that can support more sophisticated applications and Fast-Write can behave as a proxy target to the initiator and a proxy initiatorto the real target.



Figure 34. A standard SCSI write operation over distance requires sig-nificant protocol overhead

As shown in Figure 34, when the initiator issues a write command tothe target (in this example for 1 MB of data), the local SAN router prox-ies for the remote target and immediately responds with a transferready for the entire amount to be written. As the initiator responds witha series of DATA_OUTs, the local SAN router buffers the write data andissues a FCP_CMD_WRT to its partner SAN router on the far side of theWAN link. After an acknowledgment from the remote SAN router, thelocal SAN router begins streaming the entire payload across the WANin a single write operation.

At the receiving end, the remote SAN router proxies as an initiator tothe remote target and issues an FCP_CMD_WRT to it. The remote tar-get responds with an XFR_RDY specifying the amount that can be sentwith each DATA_OUT. On both sides of the WAN link, the SCSI protocoloverhead functions normally but is localized to each side. When all thedata has finally been committed to the remote disk array, the targetresponds with a write complete FCP_STATUS, which is relayed by theSAN routers back to the initiator.



Figure 35. FastWrite dramatically reduces the protocol overhead across the WAN link by proxying for both initiator and target

Because there is no spoofing of the write complete, there is no riskthat the write operation will inadvertently be confirmed if a WAN dis-ruption occurs during this process. For transient WAN outages, theBrocade SAN routers keeps TCP sessions active and resumes opera-tions once the link is restored. In the event of a hard failure of the WANlink during the FastWrite operation, the sessions will terminate and theinitiator, having not received a write complete, will know the write wasunsuccessful. This ensures data integrity and safeguards the immortalsouls of SAN router design engineers. The prime directive of storagenetworking technology, after all, is to preserve the sanctity of customerdata.

FastWrite has been used in customer deployments for over five yearsand has repeatedly demonstrated substantial performance improve-ments for Disaster Recovery and data migration applications.Customers have seen a 10x or better performance boost and havebeen able to compress data migration projects from weeks to days. Incombination with large port buffers, data compression, jumbo frames,and rate limiting, FastWrite enables Brocade SAN routers to deliverenterprise-class SAN extension that fully utilizes WAN bandwidth and



expedites data delivery over long-haul DR installations. As detailed inTable 3, Brocade FastWrite provides sustained high performance overextremely long distances spanning thousands of miles.

IP Security (IPSec)Data moving over any link poses a potential security risk. The securitymechanisms discussed in Chapter 1 help secure the data center SANagainst internal and external intrusions as well as inadvertent disrup-tions due to operator error or system upgrades. Long-haul DR usingFCIP or iFCP protocols can also be secured through established IETFIPSec algorithms. The Brocade 7500 SAN router and FR4-18i Exten-sion Blade, for example, provide hardware-based IPSec dataencryption for enforcing high-performance security over untrusted net-work segments. In combination with the WAN optimization facilitiesdiscussed above, Brocade's IPSec implementation ensures both thesecurity and expeditious delivery of storage data across the network.

Table 3. Comparison of performance over long distances with and without FastWrite

ms kmAverage

Throughputms km

Average Throughput

0 0 55 0 0 55

1 200 37 1 200 55

2 400 30 2 400 55

5 1,000 18 5 1,000 55

10 2,000 10 10 2,000 55

15 3,000 7 15 3,000 55

20 4,000 5.7 20 4,000 55

25 5,000 5.01 25 5,000 55

30 6,000 4.3 30 6,000 43

35 7,000 3.5 35 7,000 40

40 8,000 3.5 40 8,000 39



Disaster Recovery TopologiesAlthough Disaster Recovery scenarios can use the common elementsof source, transport and destination, the profiles of practical DR con-figurations can vary widely from one customer to another. A small ormedium enterprise, for example, can have a single disk array at its pro-duction site and perform synchronous or asynchronous datareplication to a remote array. Large enterprises can have dozens ofarrays distributed over multiple data centers and replicate to one ormore strategically located DR facilities. In addition, remote data repli-cation may be only one element of a more complex DR strategy,incorporating continuous data protection mechanisms and centralizedtape vaulting. Disaster recovery topologies are thus more streamlinedor more complex depending on the business requirements of theenterprise and the amount and variation of data types to be securedagainst loss.

Three-Tier DRBecause synchronous data replication is bounded by WAN latency, it istypically deployed within a 150-mile radius from the primary data cen-ter. Synchronous replication has excellent RPO and RTOcharacteristics, but still cannot protect storage data if a region-widedisaster or outage occurs. Some enterprises therefore have moved toa three-tier DR model that incorporates both synchronous and asyn-chronous replication schemes.


Disaster Recovery Topologies

Figure 36. A three-tier DR topology provides an extra layer of data pro-tection in the event of regional disruption

As shown in Figure 36, conventional synchronous replication can beimplemented within a metropolitan circumference to provide recoveryfor a failure of the primary data center. This two-tier scenario is aug-mented by an additional WAN link to provide asynchronous replicationto a third site. Because asynchronous replication is highly tolerant oflatency, the third remote recovery site can be situated thousands ofmiles from the primary data center and therefore well beyond thereach of a regional disruption. If a regional failure were to occur, thereis always the possibility that one or more transactions would be lost.This potential loss, however, is miniscule compared to the potentialdata loss if both primary and secondary sites were to failsimultaneously.

Round Robin DRLarge enterprises with multiple data centers have yet another option toprovide data protection for all locations while minimizing costs. Asillustrated in Figure 37, a round-robin DR topology circumvents theneed to build a dedicated disaster recovery center by leveraging exist-ing data centers and WAN connectivity. Depending on the



geographical distribution of the data centers, each location can use itsdownstream neighbor as a data replication site, while also acting as arecovery site for an upstream neighbor.

Figure 37. In a round-robin DR topology, each data center acts as the recovery site for its neighbor

There are multiple variations on this theme. Two data centers in thesame metropolitan area, for example, could act as mutual synchro-nous replication sites to each other, while both asynchronouslyreplicate to a more distant partner. In addition, all data centers couldimplement centralized tape vaulting as a safeguard against the failureof two or more data centers. In this example, if data centers B and Cfailed simultaneously, data center D could assume the work of C, andonly data center B's data would be inaccessible until restoration fromtape is completed.

Before the advent of WAN optimization technologies and storage pro-tocols over IP, these types of topologies were cost prohibitive due tothe lease rates for WAN bandwidth. Today, however, more storage datacan be transported over less expensive WAN services and at muchlonger distances, making three-tier and round-robin configurations farmore affordable.


SAN Routing for DR

SAN Routing for DRAs we discussed in Chapter 1, Inter-Fabric Routing technology providesfault isolation when connecting two or more fabrics either locally orover distance. Also known as “SAN Routing,” IFR enables devices ondifferent fabrics to communicate but blocks potentially disruptive Reg-istered State Change Notification (RSCN) broadcasts and fabric-building protocols. SAN Routing is thus an ideal complement to DRover distance. The goal of Disaster Recovery, after all, is to providecontinuous or near-continuous access to storage data and SAN Rout-ing contributes to this goal by minimizing potential disruptions to fabricstability.

Figure 38. SAN Routing reinforces stability of the DR implementation by maintaining the autonomy of each site.

As shown in Figure 38, Brocade SAN Routers provide connectivitybetween the resources that have been authorized to communicateacross the WAN link. Instead of merging both fabrics into a single SAN,SAN Routers maintain the autonomy of each fabric. A disruption in theDR fabric, for example, would not propagate to the production fabric aswould be the case if standard ISL links were used. In the exampleshown in Figures 37 and 38 above, SAN Routing is a prerequisite forconnecting multiple sites over distance. Deploying a single extendedfabric across multiple locations simply poses too much risk and under-mines the central goal of Disaster Recovery.



Disaster Recovery for SMBsAlthough large enterprises have long recognized the necessity of acomprehensive DR plan, Small and Medium Businesses (SMBs) alsoappreciate the value of protecting their data assets from natural orman-made disruptions. Hurricane Katrina, for example, did not dis-criminate on the basis of gross annual receipts and impacted allbusinesses equally. The ability to recover and resume business opera-tions, however, hinges on the level of preparedness and the ability toexecute against the DR plan.

SMBs depend on their IT operations as much as any large, multi-national enterprise, albeit on a smaller scale. This smaller scale, how-ever, works to the advantage of SMBs, because there is typically muchless data to secure and far simpler infrastructures to clone for DRsites. Large enterprises have essentially funded the research anddevelopment of SAN and DR technologies by being the early adoptersand largest clients for shared storage technology. Although, once thetechnology is proven and in production, costs typically decline, bringingmore sophisticated storage products into the price range of SMBs. TheBrocade 7500E SAN Router, for example, incorporates WAN and proto-col optimization features designed to meet the demandingrequirements of large enterprises but is now an affordable DR elementfor the tighter budgets of many SMBs. Likewise, Brocade switches andBrocade 8 Gbit/sec 815 and 825 Host Bus Adapters (HBAs) are eco-nomical SAN building blocks that maintain enterprise-classfunctionality and performance for both production and DRapplications.

Vendors of storage networking products offer tiered solutions thatmeet high-end, mid-range, and low-end requirements. A mid-rangestorage array, for example, can still provide enterprise-class RAID onthe front end but use more economical Serial ATA (SATA) or Serial SCSI(SAS) disks on the back end. The mid-tier systems also provide enter-prise-class DR functionality, such as synchronous and asynchronousdisk-to-disk data replication, but at a lower cost than first-tier storagearrays. In addition, vendors may provide storage appliances which sup-port asynchronous replication between heterogeneous storage arrays,eliminating the need to pair production and DR arrays from a singlevendor.



4
Continuous Data Protection
The tape backup and data replication technologies discussed in theprevious chapters provide varying degrees of data protection andrecovery for standard business applications. These mechanismsalone, however, have proven inadequate for more demanding mission-critical applications. Synchronous data replication, for example, cap-tures every transaction and allows resumption of operations with nodata loss. Synchronous data replication does not maintain a history ofthose transactions and cannot be used to restore operations to aknown “good” point in time if data corruption occurs. A virus attack onan e-mail server simply replicated to the recovery array. Consequently,a new class of data protection mechanisms is required for trackingchanges to data and enabling restoration from variable recoverypoints.

Among its other tasks, the Data Management Forum (DMF) of the Stor-age Networking Industry Association (SNIA) is defining a new set oftechnologies for continuous data protection (CDP). The DMF definesCDP as a “…methodology that continuously captures or tracks datamodifications and stores changes independent of the primary data,enabling recovery points from any point in the past.” The phrase “anypoint in the past” is figurative here, given that the CDP change historyitself takes additional storage capacity and that capacity is not infinite.CDP solutions can be block based, file based or application based.Compared to tape backup or data replication, CDP offers much finergranularity and the ability to move the recovery point objective selec-tively backward in time.

75

Chapter 4: Continuous Data Protection

Defining the Scope of CDPTape backup and remote data replication provide protection againstthe loss of a storage array, a system outage, or loss of the entire datacenter. CDP, by contrast, is not primarily designed to recover from cata-strophic physical events but is focused on the more subtle risks posedby data corruption as transaction data is modified over time. CDPtherefore lies closer to the application layer, and in a large data center,multiple CDP instances may be running against multiple applicationsconcurrently.

As shown in Figure 39, the recovery points for tape backup and datareplication are fixed in time. For tape, the recovery point is the lastincremental backup. For asynchronous data replication, the recoverypoint is the last completed write of buffered I/Os to the secondaryarray. For synchronous data replication, the recovery point is the lasttransaction written to both primary and secondary arrays, even if thattransaction wrote corrupted data. The recovery times are also fixed tothe extent that restoration from tape takes a set time depending onthe volume of data to be restored (hours or days), and both asynchro-nous and synchronous mechanisms require a cutover from primary tosecondary array access.

Figure 39. Continuous data protection provides finer granularity for data restoration when corruption occurs.


Defining the Scope of CDP

Because true continuous data protection is driven by changes to datainstead of fixed points in time, the recovery point is variable. The fre-quency of monitoring and logging data changes can differ from oneCDP solution to another but all CDP utilities provide a sliding recoverypoint that not only facilitates recovery but ensures the integrity of thedata once the application resumes.

The data changes that CDP tracks on a primary array are stored on aseparate storage system, which is either co-located in the data centeror remote at a secondary or DR site. The amount of additional storagerequired by CDP is determined by the rate of data changes and the fre-quency of monitoring those changes. Periodic monitoring based onsnapshot technology is known as “near CDP” and is described as “fre-quent monitoring and change tracking but not actually continuous.”Near CDP is thus more accurately described as periodic data protec-tion (PDP). True CDP, by contrast, continuously monitors and tracksdata changes and so is constantly updating the CDP store.



Near CDPNear CDP solutions may use a number of different snapshot or point-in-time copy mechanisms to capture the state of a storage volume atany given moment. Snapshot-based near CDP triggers on a predefinedinterval to create a recovery point. If, for example, a snapshot is takenevery 10 minutes, the snapshots would contain 6 recovery points perhour. If data corruption is detected, the restore point would be 1 of the6 recovery points or possibly more, depending on the total number ofsnapshots allowed. A system allowing 40 revision points, for example,could accommodate recovery points up to 6 hours prior to detection ofdata corruption, but with granularity of only 10-minute intervals.Depending on the vendor implementation, some products provide forhundreds of recovery points. Once the designated number of recoverypoints has been reached, a rotation algorithm replaces the older snap-shots with new ones, as shown in Figure 40.

Figure 40. Aged snapshots are rotated on a configurable interval to conserve disk space on the CDP store.

True CDPTrue CDP (or simply, CDP) takes granularity to a finer level by monitor-ing and tracking every data change as it occurs. This eliminates thepossibility of losing transactions during a snapshot interval but itrequires a more sophisticated mechanism for accurately managingchange metadata. CDP can operate at the file or block level, and inboth cases triggers on the write (that is, change) of data to primarystorage. Copy-on-write, for example, copies an original data location tothe CDP store just prior to the new write execution. If the write to theprimary array contains corrupted data, there is still a copy of the origi-nal data on the CDP volume to restore from.


True CDP

Figure 41. The CDP engine manages metadata on the location and time stamp of data copies on the CDP store.

To accurately track data changes, a CDP engine must maintain meta-data on the location of copies and the time stamps used todifferentiate one revision from another, as shown in Figure 41. Agraphical interface is typically provided to simplify identification ofrecovery points via a slider or dial to roll back to a designated point intime. Block-based CDP is data-type agnostic and so can operateagainst structured, semi-structured, or unstructured data.

At the application layer, however, it may be necessary to coordinateCDP metadata with the application to maintain data consistency. AnOracle or SQL Server transaction, for example, may issue multiplewrites to update a record. Restoring to a known good transaction staterequires coherence between what the application expects and the req-uisite copies that CDP metadata can recover. Application-based CDP isthus tightly integrated with the application's specific file or recordrequirements via application programming interfaces (APIs) or as acomponent of the application itself.



Integrating CDP with Tape Backup and Disaster RecoveryAlthough there has been marketing-inspired confusion over “near” and“true” CDP, the technology has proven value for addressing issues thatsimple tape backup and data replication alone cannot resolve. Appli-cation or operator errors that result in data corruption, accidentaldeletion of files, or virus attacks on e-mail systems can bypass conven-tional data protection solutions. On the other hand, CDP alone isinsufficient to protect against system outages or disasters. Some ven-dors are therefore combining CDP with traditional tape backup and DRto provide more comprehensive coverage for data assets.

Snapshot recovery points, for example, can be used as static volumeimages for tape backup, leaving the production storage array free toservice ongoing transactions while the backup occurs. In addition, theCDP store and metadata manager can be located at a remote DR siteto protect against both data corruption and outage at the primary datacenter.



5
Information LifecycleManagement
The introduction of information lifecycle management (ILM) technolo-gies over the past few years has marked the maturity of the networkedstorage infrastructure and its ascent toward the application layer. Priorto ILM, data was treated as having constant value that required uni-form treatment until it was finally retired to a tape archive. Typicallythat uniform treatment consisted of high-availability transport, robustfailover mechanisms, and high-end storage. As the volume of dataincreased over time, larger fabrics and additional storage arrays wererequired, often straining the capacity and the budget of the datacenter.

The tendency to accommodate the growth of data via constant expan-sion of the storage infrastructure, however, is not sustainable as longas all data is weighted equally. There is simply not enough floor space,cooling plant, and power to contain growing data volumes and notenough budget to provide first-class handling for all application data.Fortunately, the reality is that not all application data is equal in value,and even a single data set may have varying value through its lifetime.

Information lifecycle management translates this reality into a strategyfor tracking the business value of data and migrating data from oneclass of storage to another, depending on the value of data at a givenpoint in time. Each class of storage represents a specific cost point interms of performance, availability, cost of storage per gigabyte, andassociated power costs. Data with high value gets first-class treat-ment, but as that value declines over time it is more efficient to movethe data to a more economical storage container.

81

Chapter 5: Information Lifecycle Management

An order entry, for example, has high value as long as it is tied to pend-ing revenue. Once the order is assembled, shipped, and mostimportantly, billed, the transaction declines in value and may have onlyhistorical significance (for example, for data mining). However, if sev-eral months later the customer places an identical order, the originaltransaction may regain value as a reference for the detail of the initialorder, customer information, and so on. As shown in Figure 42, ILMcan migrate data from high-end to mid-tier and from mid-tier to aneven lower tier or tape, while still being able to promote the data to ahigher class when needed.

One of the major challenges of ILM is to determine the current value ofa given data set. Using time stamps in file metadata is one approach.If data is rarely accessed, it is legitimate to assume it has less immedi-ate value. Another method is to manipulate file metadata or createseparate metadata on block data to assign a priority or value ratingthat can be monitored and changed over time. A value-tracking mech-anism is key, though, for automating the ILM process and avoidingoperator intervention to manually migrate data.

Figure 42. Aligning cost of storage to business value of data


Tiered SAN Architectures

Although it would appear to be much simpler to deploy a single class ofstorage for all data, that is not feasible for large data centers withspace, power, cooling, and budget constraints. In addition, large datacenters may already have different classes of storage installed to ser-vice less-mission-critical applications. By reserving space on second-or third-tier storage for ILM-migrated data, storage managers can freespace on their first-tier arrays and maximize utilization of their lower-tier systems.

Tiered SAN ArchitecturesTiered SAN architectures are predicated on two basic concepts-classes of storage and classes of storage transport-which reflect dif-ferent cost, availability, and performance points. To maximize thevalue of a storage infrastructure, both storage and the storage inter-connect (or fabric) should be aligned. A JBOD, for example, is far moreeconomical than a high-end RAID array but typically lacks the highavailability, recoverability, and performance of top-tier systems. Conse-quently, fabric connectivity to a JBOD may not merit the higher speed,alternate pathing, and 99.999 percent availability provided by top-tierplatforms, such as the Brocade DCX Backbone or Brocade 48000Director. In a core/edge SAN design, the JBOD is more appropriatelypositioned toward the edge on a more economical SAN switch. Aligningthe class of storage to the appropriate class of transport maximizesthe cost effectiveness of each tier without squandering capacity orbandwidth.

Classes of Storage ContainersStorage systems are characterized by the front-end services they pro-vide and back-end disk capacity and I/O performance. First-tier arrays,for example, offer multiple storage ports for SAN connectivity, config-urable RAID levels, alternate pathing, large cache memory, andpossibly virtualization services on the front end and provide high-per-formance and high-capacity disks (typically Fibre Channel) on the backend. Second-tier systems may provide fewer SAN ports, fixed RAID lev-els, less caching, and alternate pathing on the front end and use lessexpensive SATA or SAS disks on the back end. A third-tier storage sys-tem may provide no caching or RAID controller logic and lower-performance back-end disks. In addition, some systems are deliber-ately designed for lower-performance applications, such as MAID(massive array of idle disks) systems that expect infrequent I/O.



Classes of storage can be classified in a hierarchy that spans a rangeof systems-from high-performance and high-availability to much lower-performance tape and optical storage:

Class 1. High-availability, high-performance RAID systems

Class 2. Moderate-performance RAID systems

Class 3. Fibre Channel JBODs

Class 4. Custom disk-to-disk-to-tape systems

Class 5. High- performance tape libraries

Class 6. Moderate-performance tape subsystems and devices

Class 7. Optical jukeboxes

Each tier or class of storage performs the basic function of storingdata, but with distinctly different levels of performance, availability,reliability, and (most importantly) cost. When ILM migrates data fromone class of spinning media to another, the underlying assumption isthat the data still has sufficient value that it needs to be accessible orreferenced on demand. Otherwise, the data eventually retires to thelower storage classes: tape or optical media. Data can be retrievedfrom tape, but because tape is a linear storage media, data retrieval isa much longer process.

Classes of Storage TransportCorresponding to different classes of storage, the SAN transport canbe configured with different classes of bandwidth, security, and avail-ability characteristics. As shown in Figure 43, the scalability of FibreChannel from 1 Gbit/sec to 10 Gbit/sec and iSCSI from 1 Gbit/sec tosubgigabit speeds enables the transport to align to different classes ofstorage and applications and thus optimize fabric resources.


Tiered SAN Architectures

Figure 43. Aligning classes of storage transport to classes of storage and applications

In this example, 8 and 10 Gbit/sec ISLs and future storage connec-tions represent the top tier of the storage transport. For the BrocadeDCX Backbone and Brocade 48000 Director, 8 and 10 Gbit/sec ISLscan be deployed in the data center to create a high-performance SANbackbone as well as extended to metropolitan distances. The 4 and 8Gbit/sec ports represent the next tier, with connectivity to high-endand/or mid-tier storage and high-performance servers. The 2 and 4Gbit/sec ports can support second-tier storage and servers and 1Gbit/sec Fibre Channel to drive legacy FC servers.

The addition of iSCSI to the configuration provides more tiers of con-nectivity. When connected via Brocade iSCSI-to-FC ports, iSCSI candrive lower-tier iSCSI servers at 1 Gbit/sec Ethernet as well as subgiga-bit remote iSCSI servers across a campus or WAN link.



In addition to proportional bandwidth allocation, the storage infra-structure can be configured to provide higher or lower levels ofavailability through dual- or single-path connectivity. When data hashigher value, accessibility is reinforced by alternate pathing andfailover through the SAN. When its value declines and the data is lessfrequently accessed, single-path connectivity may be sufficient. Like-wise, fabric security features can be judiciously allocated to morecritical storage assets depending on the level of security they merit.

Aligning Data Value and Data Protection Ideally, the value of data should determine the level of data protectionthat is provided for it. This is difficult to achieve in single-tier systemsbecause there is no means to differentiate high-value data from low-value data. In a tiered storage architecture, however, the class of stor-age itself defines the level of data protection. Top-tier storage mayrequire synchronous replication, snapshots, continuous data protec-tion, or disk-to-disk-to-tape backup. For second- or third-tier storage,tape backup alone is probably sufficient.

ILM surfaces another data protection issue, though. As data is agedand archived onto tape, the retention period may no longer be the con-ventional 10 to 15 years that was previously assumed. In addition tobusiness data that may be subject to regulatory compliance and long-term retention requirements, the fact that today virtually all knowledgeis in digital format is raising concerns about much longer data protec-tion and retention. In surveys conducted by the Storage NetworkingIndustry Association's Data Management Forum, for example, 80 per-cent of respondents have information retention requirements ofgreater than 50 years and 68 percent indicate that their data retentionrequirements were in excess of 100 years. This poses significant chal-lenges not only for durable long-term physical media but for logicalformatting of data that can be read by applications of the future. Thefailure to migrate archived data to more current formats and mediaperiodically could make today's enormous repository of informationinaccessible to future generations. John Webster, founder of the DataMobility Group, has called this a potential “digital dark ages.”

With IT administrators currently struggling to provide data protectionfor the diversity of data under their charge, the idea of safeguardingdata and making it accessible in the future is somewhat overwhelm-ing. The hierarchy of data value that drives ILM should help inprioritizing the types of data that are the most likely candidates forvery-long-term retention.


Leveraging Storage Virtualization

Leveraging Storage VirtualizationAlthough storage virtualization is not an absolute prerequisite for ILM,virtualizing storage can facilitate creation of classes of storage thatoptimize capacity utilization and use of heterogeneous storage sys-tems. Storage virtualization is an abstraction layer that sits betweenthe consumers of storage (that is, servers) and the physical storagearrays. Instead of binding to a LUN on a particular storage array, stor-age virtualization enables a server to bind to a LUN created from astorage pool. The pool of storage capacity is actually drawn from multi-ple physical storage systems but appears as a single logical storageresource. As was discussed in Chapter 1, even RAID is a form of stor-age virtualization. RAID presents the appearance of a single logicalresource that hides the complexity of the multiple disk drives that com-pose a RAID set. At a higher level, storage virtualization hides thecomplexity of multiple RAID systems.

Figure 44. Conventional LUN allocation between servers and storage

As illustrated in Figure 44, in traditional configurations storage capac-ity in individual arrays is carved into LUNs, which in turn are bound toindividual servers. During the normal course of operations, some LUNsmay become over-utilized (LUN 55 in this example), while others areunder-utilized (LUN 22). In conventional LUN allocation, however, it is



not possible to simply transfer excess capacity from one array toanother. In this example, Array C would need additional banks of diskdrives to increase overall capacity or a new array would have to beadded and data migrated from one array to another.

Storage virtualization enables optimum use of storage capacity acrossmultiple arrays by combining all capacity into a common storage pool.As shown in Figure 45, each storage system contributes its capacity tothe pool and each server is bound to virtual LUNs created from thepool. There are a number of benefits from basic storage pooling aswell as risks that must be considered for data protection. By poolingstorage capacity it is now possible to fully utilize the capacity of eachstorage system and avoid under- and over-utilization, as shown in Fig-ure 44. In addition, LUNs can be dynamically sized without concern forthe capacity limitations of any individual storage array. Because stor-age virtualization inserts an abstraction layer between servers andphysical storage, it also frees individual servers from the vendor-spe-cific attributes of individual arrays. Shared storage thus assumes amore generic character and can accommodate heterogeneous arraysin a single pool.

Figure 45. Logically binding servers to virtual LUNs drawn from the storage pool



On the other hand, there is no longer a direct correlation between aserver's assigned LUNs and the underlying storage arrays. In fact, thetotal capacity of a virtualized LUN could be drawn from multiple arrays.Data protection mechanisms, such as disk-to-disk data replication,might therefore be inoperable. A series of writes to a virtualized LUNmight span multiple physical arrays, and the replication software atthe array level would have no means to recognize that local writes areonly part of a virtualized transaction. To understand the implications ofstorage virtualization for data protection, it is necessary to examinethe internal mechanics of the technology.

Storage Virtualization MechanicsAll permutations of storage virtualization technology operate on a com-mon algorithm that maps virtual storage locations to physical ones.The virtualization software or engine creates two virtual entities thatintervene between real servers and real storage. From the storage per-spective, the virtualization engine creates a virtual initiator that posesas a server to the storage controller. From the server perspective, thevirtualization engine creates a virtual target that “poses” as a storagecontroller to the real initiator or server. The virtualization engine musttrack every transaction from real initiators to virtual targets and thentranslate those into downstream transactions between virtual initia-tors to real targets.



Figure 46. The virtualization engine maintains a metadata mapping to track virtual and physical data locations

As shown in Figure 46, the virtualization engine maintains metadatamapping that associates the logical block address (LBA) range of a vir-tual LUN to actual logical block address ranges from the contributingstorage arrays. A virtual LUN of 200 GB, for example, would have 400million contiguous logical blocks of 512 bytes each. Those blockscould be drawn from a single physical storage target, or be spread overmultiple storage targets:

Virtual Volume 2 Physical Storage Targets

200 GB VLUN 0Start LBA 0LBA 119,999,999

= FCID 000400 LUN 060 GBStart BA 0End LBA 119,999,999

LBA 120,000,000LBA 199,999,999

= FCID 001100 LUN 340 GBStart LBA 600End LBA 80,000,599



In this example, the 200 GB virtual LUN is composed of 60 GB fromone array, 40 GB from another, and 100 GB from a third array.Although the LBA range of the virtual LUN appears to be contiguous, itis actually eclectically assembled from multiple, non-contiguoussources. A write of 10 GB of data to the virtual LUN beginning at LBA115,000,000 would begin on one array and finish on another.

In terms of data protection, storage virtualization introduces two newissues:

• First, the metadata map itself must be protected, since withoutthe map there is no way to know where the data actually resides.Vendors of storage virtualization solutions safeguard metadata bymaintaining redundant copies and synchronizing updatesbetween them.

• Second, data protection mechanisms such as snapshots, CDP, orreplication must operate against virtual initiators and virtual tar-gets and not their real and physical counterparts. If a virtual LUNspans multiple arrays, conventional disk-based data replicationwill capture only a portion of the total transactions between thevirtual initiator and the physical target. Therefore, virtualizationvendors typically package snapshot or replication utilities in theirsolutions in addition to basic storage pooling.

Although storage virtualization adds a layer of underlying complexity tostorage configurations, it simplifies upper-layer management andresource allocation. Like any abstraction layer, storage virtualizationmasks complexity from an administrative standpoint but does notmake that complexity go away. Instead, the virtualization entityassumes responsibility for maintaining the illusion of simplicity andproviding safeguards for incidents or failures on the back end. As withgraphical user interfaces that mask the complexity of underlying oper-ating systems, files systems, and I/O, the key to success is resiliencyand transparent operation. In storage environments in particular, bluescreens are impermissible.

LBA 200,000,000End LBA 399,999,999

= FCID 00600 LUN 1100 GBStart LBA 100,000,000End LBA 299,999,999

Virtual Volume 2 Physical Storage Targets



Convergence of Server and Storage VirtualizationILM and storage virtualization have evolved in parallel with the devel-opment of blade server platforms and server virtualization software.The common goal of these technologies is to maximize productive utili-zation of IT assets, while simplifying administration and reducingongoing operational costs. The combination of server virtualizationand blade servers in particular delivers more processing power andsimplified administration on a smaller footprint. On the storage side,ILM and storage virtualization likewise facilitate greater efficiencies indata storage, capacity utilization, and streamlined management.

Collectively, these trends are leading to a utility environment for bothdata processing and data storage that will enable much higher levelsof automation of data processes on more highly optimized infrastruc-tures. Brocade is an active contributor to utility computing and storageand has already provided enabling elements for virtualized bladeserver environments, such as the Brocade Access Gateway with NPIVsupport, as discussed in Chapter 1, and fabric-based advanced stor-age services for data migration, tiered storage infrastructures, andstorage virtualization. Future Brocade products will provide otheradvanced storage services to enable customers to fully leverage theirSAN investment.

Fabric-Based Storage ServicesILM, data migration, and storage virtualization are being delivered ona variety of platforms including dedicated servers, appliances, andarray-based intelligence. Because the fabric sits at the heart of stor-age relationships, however, directors and switches that compose thefabric are in a prime position to deliver advanced services efficientlywithout extraneous elements. Fabric-based storage services are alsolargely agnostic to the proprietary features of vendor-specific hostsand storage targets. The combination of centrality and support for het-erogeneous environments makes the fabric the preferred deliverymechanism for advanced storage services, either independently or inconcert with other solutions.


Fabric-Based Storage Services

The Brocade DCX Backbone, for example, uses the Brocade FA4-18Fabric Application Blade to support a variety of fabric-based storageservices, including storage virtualization, volume management, repli-cation, and data migration. Because the Brocade DCX provides thecore connectivity for the SAN, the intelligent services of the BrocadeFA4-18 can be applied throughout the fabric. In addition, the 99.999percent availability and low power consumption engineered into theBrocade DCX extends to the blade and provides resiliency and energyefficiency for the advanced services it supports.

As with all other Brocade products, the Brocade FA4-18 is designed forstandards compliance. For fabric-based virtualization services, theANSI T11 Fabric Application Interface Standard (FAIS) defines a split-path architecture that separates command data from storage dataand enables the fabric to maximize throughput for storage virtualiza-tion applications. In the execution of FAIS, the Brocade FA4-18 deliversenhanced performance of 1 million virtual I/Os per second (IOPS) andan aggregate 64 Gbit/sec throughput. The functionality and perfor-mance of the Brocade FA4-18 is also available in a standaloneproduct, the Brocade 7600 Fabric Application Platform.

Fabric Application Interface Standard (FAIS)FAIS is an open systems project of the ANSI/INCITS T11.5 task groupand defines a set of common APIs to be implemented within fabrics.The APIs are a means to more easily integrate storage applicationsthat were originally developed as host, array, or appliance-based utili-ties to now be supported within fabric switches and directors.

The FAIS initiative separates control information from the data path. Inpractice, this division of labor is implemented as two different types ofprocessors, as shown in Figure 47. The control path processor (CPP)supports some form of operating system, the FAIS application inter-face, and the storage virtualization application. The CPP is therefore ahigh-performance CPU with auxiliary memory, centralized within theswitch architecture. It supports multiple instances of SCSI initiator andSCSI target modes, and via the supported storage virtualization appli-cation, presents the virtualized view of storage to the servers.Allocation of virtualized storage to individual servers and managementof the storage metadata is the responsibility of the storage applicationrunning on the CPP.



Figure 47. FAIS block diagram with split data path controllers and con-trol path processor

The data path controller (DPC) may be implemented at the port level inthe form of an ASIC or dedicated CPU. The DPC is optimized for lowlatency and high bandwidth to execute basic SCSI read/write transac-tions under the management of one or more control path processors(CPPs). Metadata mapping for storage pooling, for example, can beexecuted by a DPC, but the DPC relies on control information from theCPP to define the map itself. The Brocade FA4-18 and Brocade 7600,for example, receive metadata mapping information from an externalCPP processor and then execute the translation of every I/O based onthe map contents.

Although the block diagram in Figure 47 shows the CPP co-locatedwith the data fastpath logic, the CPP can reside anywhere in the stor-age network. A server or appliance, for example, can provide the CPPfunction and communicate across the SAN to the enclosure or bladehousing the DPC function. Because the APIs that provide control infor-mation and metadata are standardized, the DPC function of theBrocade FA4-18 and Brocade 7600 can work in concert with a varietyof storage virtualization applications.

To safeguard the metadata mapping, redundant CPP servers can bedeployed. The FAIS standard allows for the DPC engine to be managedby multiple CPPs, and the CPPs in turn can synchronize metadatainformation to maintain consistency.


Fabric-Based Storage Services

Brocade Data Migration Manager (DMM)In converting from single-tier storage infrastructures to multi-tier, ILM-friendly configurations, it is often difficult to migrate data from oneclass of storage to another due to vendor proprietary features. Bro-cade has proactively addressed this problem with the Brocade DataMigration Manager (DMM) solution, which runs on the Brocade FA4-18Fabric Application Blade or the Brocade 7600 Fabric ApplicationPlatform.

Optimized for heterogeneous storage environments, Brocade DMMsupports both online and offline data migrations to minimize disrup-tion to upper-layer applications. With throughput of terabytes per hour,this solution enables rapid migration of data assets to accelerateimplementation of ILM for ongoing operations.



6
Infrastructure LifecycleManagement
One of the often overlooked components of data protection is therequirement to safeguard storage data once the storage system itselfhas been retired. It is commonly assumed that once a storage systemhas reached the end of its useful life, data will be migrated to a newarray and the old array erased. Simply reformatting the old system,however, does not guarantee that the data is irretrievable. If the data isparticularly sensitive or valuable (for example, financial or personnelrecords), the retired system can become a candidate for new technolo-gies such as magnetic force scanning tunneling microscopy (STM) thatcan retrieve the original data even if it has been overwritten.

Major vendors of content management solutions typically offer utilitiesand secure deletion services for information lifecycle management tomigrate data from one asset to another. Aside from these specializedservices, though, forethought is required to establish best practices fordealing with corporate data during an infrastructure technologyrefresh.

Leased versus Purchased StorageWith purchased storage there is more flexibility in dealing with storagesystems that are being replaced or upgraded. The systems can berepurposed into other departments, other facilities, or integrated assecondary storage into a tiered storage architecture. With leased sys-tems, however, at end of lease the equipment is expected to bereturned to the leasing agency or vendor. Consequently, data on thosesystems should be migrated to new storage and then thoroughlydeleted on the retired system before it is returned.

External regulatory compliance or internal storage best practices maydictate more extreme data deletion methods, including magneticdegaussing, grinding or sanding of the disk media, acid treatment, or

97

Chapter 6: Infrastructure Lifecycle Management

high temperature incineration of disk drives. Some government andmilitary storage practices, in particular, require the complete destruc-tion of disk drives that have failed or outlived their useful lives. Clearly,physical destruction of storage media implies that the storage assetcannot be repurposed or returned, and that aside from the frame andcontroller logic the unit is thoroughly depreciated.

The Data Deletion Dilemma Migrating data from one storage system to another can readily beaccomplished with advanced software, such as Brocade Data Migra-tion Manager, and service offerings. This ensures non-disruptivetransfer of data from an old system to a new one with no loss of perfor-mance for upper-layer applications. Once the migration is complete,however, deleting data on the retired system requires more than a sim-ple reformat of the disk set for a number of reasons.

Bad TracksDuring the normal course of disk drive operation, data blocks are writ-ten to specific logical block addresses, which the disk drive logic, inturn, translates into physical cylinder, head, and sector locations, asillustrated in Figure 48.

Figure 48. Cylinder, head, and sector geometry of disk media


The Data Deletion Dilemma

If a track (cylinder) begins to fail or become marginal in read/writeresponse, the drive logic may attempt to copy the data to another loca-tion and mark the track as “bad.” Bad track marking makes theparticular track unusable, but does not delete the data that was previ-ously written there. In addition, when reformatting a disk drive, thedrive logic simply skips over the flagged bad tracks. Consequently,even if the usual capacity of the disk is overwritten through reformat-ting, the bad tracks may continue to hold sensitive data. It does nottake that many bytes to encode a Social Security number, a bankaccount number, or a personal identification number (PIN), and tech-niques do exist to reconstruct data from virtually any disk media.

Data RemanenceThe writing of data bits on individual tracks is never so precise thatoverwriting the data with new bit patterns will completely obliterate theoriginal data. The term “data remanence” refers to the detectablepresence of original data once it has been erased or overwritten. Withthe right diagnostic equipment it may be possible to reconstruct theoriginal data, and in fact third-party companies specialize in this typeof data retrieval, typically for disk data that has been inadvertentlyerased.

Figure 49. Traces of original data remain even if the specific sector has been erased or overwritten

As symbolically illustrated in Figure 49, variations in magnetic flux orslight changes in media sensitivity or magnetic field strength can leavetraces of the original data even when a disk sector has been erased oroverwritten with new data. This data remanence (the magnetic induc-tion remaining in a magnetized substance no longer under externalmagnetic influence) is detectable with magnetic force microscopy(MFM) and more recently developed magnetic force STM. This technol-ogy is relatively affordable, and given the availability of used ordiscarded disk drives creates an opportunity for reconstruction ofpotentially sensitive information.



Software-based Data SanitationAside from physical destruction of the disk media, data remanencecan be addressed by implementing an erasure algorithm that makesmultiple passes over every disk track.

The Department of Defense, for example, requires a three-passsequence to ensure that tracks are completely overwritten:

• A first pass write of a fixed value (for example, 0x00)

• A second pass write of another fixed value (for example, 0xff)

• The third pass is a write of some randomly selected value

This technique is also known as “shredding” and is analogous to papershredding of physical documents. In some sanitation algorithms, adozen or more passes may be implemented.

Although a final read may verify the overwrites, it is possible to com-pletely eliminate data remanence by overwriting tracks with a lowfrequency magnetic field. The lower frequency generates a broadermagnetic field that spills out on both sides of the track and conse-quently obliterates original data traces detectable to STM technology.

Hardware-based Data SanitationBecause Advanced Technology Attachment (ATA, typically IDE or EIDEdisk drives) disks are commonly used in portable, and therefore theft-prone, laptops and PCs, the ATA standard includes a disk-based mech-anism for Secure Erase. As with software data sanitation, SecureErase may execute multiple passes of overwrites. Because the opera-tion is driven at a low level by the disk logic, however, it is possible toalso overwrite bad track areas and perform calculated offtrack over-writing. In addition, because the process is disk based, it is possible tobypass the upper-layer operating system and execute the erasure viaBIOS configuration.

Currently, an equivalent low-level secure erase procedure is unavail-able for Fibre Channel drives, and so software-base data sanitation isrequired to thoroughly cleanse disk media. Unlike ATA disks, FibreChannel drives for data center applications are typically deployed inmore complex RAID configurations. Data does not reside on a singledisk, but is striped across multiple disks in a RAID set. On the surface,this might seem to inherently reduce the security vulnerability, sincereconstructing data via STM would require data retrieval of small por-tions of remanence scattered across multiple disk drives. A single


Physical Destruction of Storage Assets

sector of a drive in a RAID set, however, could still yield sensitive orproprietary records, Social Security numbers, or names andaddresses.

Physical Destruction of Storage Assets Although physical destruction of disks has been common practice forgovernment, military, and security sectors, there are obvious environ-mental implications. There is not only the issue of which landfill thediscarded disk drives go into or the emissions and energy consump-tion from incineration, but the fact that retired storage assets may stillhave productive application for other departments or organizations.Slower drives may be replaced by faster units with more capacity, buteven slow drives can be repurposed for mid-tier applications.

Although degaussing disk media with a powerful magnetic field erasessensitive data, it also erases the sync bytes and other low-level infor-mation required for reformatting. If the drive is then unusable, it issimply another candidate for landfill. As with acid treatment, sandingor grinding of disk media, and passing disk drives through a physicalshredder, the goal of data security and protection may be accom-plished, but at the expense of increasing limited resources andenvironmental impact. Data sanitation that destroys the digital infor-mation but maintains the viability of the physical storage unit istherefore the preferred solution for storage asset lifecyclemanagement.



7
Extending Data Protectionto Remote Offices
One of the major gaps in corporate data protection is the vulnerabilityof data assets that are geographically dispersed over remote officesand facilities. While server consolidation and SAN technology havehelped customers streamline processes and reduce costs in the datacenter, the bulk of data assets of most large companies are outsidethe data center, dispersed in remote offices and regional sites. Accord-ing to some industry analysts, up to 75 percent of corporate dataresides in remote locations. The majority of that remote data is storedon remote storage arrays for servers hosting local productivity applica-tions and e-mail.

Recent regulatory requirements highlight the cost and difficulty ofsecuring, protecting, and retrieving this data. Further, these remoteoffices often lack personnel with the technical skill sets and rigorousprocesses pioneered in data center environments to provide adequatedata protection. Consequently, even companies that have made signif-icant investments in central data centers have been unable toguarantee data accessibility and preservation of all corporate dataassets. With so much business information in a vulnerable state, com-panies may be unable to meet regulatory compliance for customerdata or provide business continuity in the event of social or naturaldisruptions.

The Proliferation of Distributed DataIn the early evolution of IT processing, all information access was cen-tralized in data center mainframes. Remote offices lacked theresources to independently generate and modify their own data. Dumbterminals connected remote locations to the data center over low-speed telecommunication links, all remote business transactions wereexecuted centrally, and data-center-based backup processes ensureddata protection and availability. The hegemony of the data center,

103

Chapter 7: Extending Data Protection to Remote Offices

though, was broken first by the introduction of minicomputers fordepartments and next by microprocessors, PC-based business appli-cations, local area networks, and client/server applications, such as e-mail and file serving. These new tools enabled remote sites to run theirown applications, generate and analyze their own data, and be moreresponsive to local client needs. If the mainframe or telecommunica-tions links were down, business could still be transacted locally. Thisallowed business units to leverage their own IT resources to be moreflexible and competitive.

The decentralization of application processing power, however, alsomarks a steady increase in IT spending. Each remote site requires itsown file and application servers, program licenses, intelligent worksta-tions, and LAN infrastructure. It also requires local data storageresources to house the volumes of locally generated business informa-tion, as illustrated in Figure 50. For companies with only a few remotelocations, this shift from centralized to decentralized IT assets may bemanageable. For companies with hundreds or thousands of remoteoffices, though, decentralization has resulted in significantly increasedcosts and a loss of control and management of vital corporate infor-mation. This has been exacerbated by the explosion in storagecapacity required to hold the increase in files, e-mail, and otherunstructured data.

Figure 50. Remote office processing compounds the growth of remote servers and storage and data vulnerability


The Proliferation of Distributed Data

Remote offices are now accustomed to the many benefits that localprocessing and data storage provide. Applications can be tailored tolocal business requirements. Using local servers and storage, transac-tion response times are at LAN speed and not subject to the latenciesof remote telecommunication links. PC workstations and laptops offeradditional productivity tools and mobility that were previously unavail-able in the monolithic mainframe model.

Remote offices, however, are also notoriously problematic in terms ofIT best practices and operations. Companies cannot afford to staff ITpersonnel in every remote location. Backup processes are difficult tomonitor, and restore capability is rarely tested. Laptop data, for exam-ple, may include essential business information but may lack thesafeguard of periodic tape backup. Data storage may be bound to indi-vidual servers, requiring acquisition and management of additionalservers simply to meet growing storage capacity requirements. As asuccessful company opens more branch offices, these problems arecompounded, as shown in Figure 51.

Figure 51. Decentralization of data storage has inherent cost and data protection issues

Without some means to bring remote data assets under control, acompany faces the double burden of steadily increasing operationalexpense and exposure to data loss.



Centralizing Remote Data AssetsSome companies have attempted to reverse data decentralization bybringing business applications, servers, and storage back into thedata center. As in the previous mainframe paradigm, workstations atremote offices access applications and data over telecommunicationlinks, and data center best practices for data availability and backupcan be performed centrally.

Typically, the first issue this reversal encounters is bandwidth. Thecommunication links to remote offices are simply not large enough toaccommodate all business traffic. Consequently, bottlenecks occur asmultiple users in remote locations attempt to access and modify datasimultaneously. This situation is aggravated by the fact that the appli-cations themselves may engender megabytes of traffic per transaction(for example, attaching a Microsoft PowerPoint presentation or graphicto an e-mail) or require significant protocol overhead across a remotelink. The net result is that response times for opening or storing datafiles are unacceptable for normal business operations. Without signifi-cant enhancements, wide area links simply cannot deliver the LAN-likeperformance expected (and often demanded) by remote clients.

Increasing bandwidth to remote offices may fix the bottleneck issuebut it cannot overcome the basic limits of wide area networks. Evenwith unlimited bandwidth, network latency from the data center to aremote site imposes its own transaction delay. At roughly 1 millisecondper hundred miles (2x for a round-trip acknowledgment), networklatency negatively impacts response time as the distance increases.Because of transmission delay over long distances, centralizing dataprocessing and storage inevitably imposes a tradeoff between controlof data assets and performance for day-to-day remote businesstransactions.

Network latency is especially evident in “chatty” communication proto-cols, which require constant acknowledgements and handshakingbetween source and destination. When a remote user updates a file,for example, the new data payload is not simply delivered as a continu-ous data stream. Instead, protocol handshaking between the datacenter server and the remote client workstation is interspersed in thetransaction, further exacerbating the effect of latency through the net-work. Given that network latency is beyond our control, this problemcannot be addressed without some means to dramatically reduce pro-tocol overhead.


Centralizing Remote Data Assets

Even with these constraints, the trend toward remote office consolida-tion back to the data center is powered by the recognition that thevitality of a company is untenable if 75 percent of its business data isat risk. Reducing costs for remote office IT infrastructure, gaining con-trol of an enterprise's total data assets, implementing enterprise-widebest practices for data replication and backup, and ensuring compli-ance to new government regulations are essential requirements fortoday's business operations. At the same time, however, solutions tofix the remote office conundrum must maintain reasonable perfor-mance and reliability for remote data transactions, both to provideadequate response time for business operations and to minimize sideeffects to remote users.

Remote Replication and BackupFor regional centers with significant local processing needs, consoli-dating all server and storage assets in the corporate data center maynot be an option. At a minimum, the data housed in larger remote sitesmust be protected against loss. A few years ago, the common practicefor safeguarding remote data was to perform periodic tape backupslocally and use the Chevy truck access method (CTAM) protocol tophysically move tapes offsite or to the central data center. Tapes sets,however, can get lost, misplaced, mislabeled, or intercepted by miscre-ants. In addition, the ability to restore from tape is rarely verifiedthrough testing. Consequently, data protection for larger remote loca-tions is now typically performed using synchronous or asynchronousdisk-to-disk data replication.

Block-based, disk-to-disk replication over distance must obey the lawsof physics, and network latency determines whether synchronous orasynchronous methods can be used. Synchronous disk-to-disk replica-tion for remote sites is operational inside a metropolitancircumference, roughly 150 miles from the central data center. Everywrite operation at the remote storage resource is simultaneously per-formed at the data center, guaranteeing that every businesstransaction is captured and preserved. Beyond 150 miles, however,network latency imposes too great a delay in block level write opera-tions and adversely impacts application performance. Asynchronousblock data replication can extend to thousands of miles, but since mul-tiple write operations are buffered before being sent back to the datacenter, there is always the possibility that a few transactions may belost in the event of WAN outage or other disruption.



Larger enterprises may use a combination of synchronous and asyn-chronous methods to maximize protection of their corporate data. Aremote site, for example, may perform synchronous disk-to-disk repli-cation to a nearby location, and secondarily asynchronous replicationto the data center. This solution imposes greater cost, but helpsensure that any potential data loss is minimized.

In addition to disk-to-disk replication, companies may centralizebackup operations to the data center with remote backup techniques.Remote backup provides only periodic preservation of dispersed data,but at least it enables the data center to centralize control of datamanagement. If a regional site becomes inoperable, the vast majorityof its transactions can be reconstructed centrally to provide businesscontinuity.

The efficiency of disk-to-disk data replication and remote tape backuptechnologies depends on the ability of telecommunications services todeliver adequate performance for the volume of data involved. Forremote tape backup, as in data center backup operations, the windowof time required to perform backup must be sufficient to accommo-date multiple backup operations concurrently. Finding methods toexpedite block data delivery across wide area links is therefore essen-tial to meet backup window requirements and reduce costs for WANservices.

As discussed in Chapters 2 and 3, Brocade technology for remote tapebackup and remote data replication leverages WAN optimization andstorage protocols to fully utilize WAN bandwidth and deliver the maxi-mum amount of data in the least time. Brocade SAN extensiontechnology such as data compression, data encryption, rate limiting,FastWrite, and tape pipelining enable secure data protection forremote storage assets and extension of data center best practices toall corporate data.

Leveraging File Management Technology for Data ProtectionBrocade file management technology includes a suite of solutions tooptimize file-level access throughout the corporate network. Althoughfiles ultimately reside as block data on disk storage, the client or userinterface to business applications is typically at the file level. For clas-sic remote office configurations, client workstations create, retrieve,modify, and store files on servers attached to the local LAN. The serv-ers, in turn, perform the file-to-block and block-to-file conversionsrequired for data storage. The organization of individual files into filesystems is typically executed on a per-server basis. A client is therefore



required to attach to multiple servers if broader file access is required,with the file system structure of those servers represented as addi-tional drive identifiers (for example, M: or Z: drives).

A key component of file management technology, wide area file ser-vice (WAFS) technology, enables companies with multiple remote sitesto consolidate their storage assets at the central data center while pre-serving local LAN-like response time for file access.

Figure 52. Centralized file access replaces remote server and storage assets with appliances optimized for high-performance file serving from the data center to the branch

As shown in Figure 52, wide are file access technologies enable cen-tralization of remote data assets back to the main data center.Formerly, remote clients would access files on their local file serversand storage. In the wide area file solution, the remote client requestsare now directed to the edge appliance. The edge appliance communi-cates across the WAN to the core appliance at the central data center.LAN-like response times are maintained by a combination of technolo-gies, including remote caching, compression, storage caching over IP(SC-IP), and WAN optimization algorithms. Collectively, these technolo-gies overcome the latency issues common to earlier attempts atcentralization and so satisfy the response time expectations of remoteusers.



With data manipulated at remote locations now centralized at the datacenter, best practices for data protection, backup, and disaster recov-ery can be applied to all corporate data. In addition, management ofall corporate data can be streamlined on the basis of consolidatedstorage management and advanced storage services, such as infor-mation lifecycle management, extended to data generated by remoteusers.

Although the primary impetus for remote office consolidation may beto gain control over corporate-wide data assets, wide area file accessprovides additional benefits in terms of rationalizing management offile, print, network, and Web caching services. It dramatically reducesthe amount of hardware and software that has to be supported ateach remote location and reduces the administrative overhead ofmaintaining dispersed assets. Wide area file access technology is alsoa green IT solution in that the energy inefficiencies of hundreds orthousands of dispersed servers and storage arrays can be replaced bymore centralized and energy efficient data center elements.

Wide area file access is designed for native integration with Microsoftplatforms in order to support secure and consistent file access poli-cies. Key support includes Common Internet File System (CIFS)protocol management, security mechanisms, such as Active Directory,Server Message Block (SMB) signing, Kerberos authentication, andSystems Management Server (SMS) distribution services. To helporganizations comply with their internal business objectives and indus-try regulations, wide area file access technology is typically designedto survive common WAN outages, and thus to help guarantee datacoherency and consistency.

Protecting Data with Brocade StorageX Data protection technologies such as replication, snapshot, CDP, anddata archiving are essentially back-end processes operating betweenservers and storage. A key consideration for any data protectionscheme, though, is to minimize the impact on ongoing front-end pro-duction and in particular the end-user applications. In complexheterogeneous environments that must support multiple operatingsystems and different file systems, implementing consistent data pro-tection strategies non-disruptively is often a challenge.

Brocade StorageX facilitates non-disruptive storage management bypresenting a unified view of file data across heterogeneous systems.By pooling multiple file systems into a single logical file system, theStorageX global namespace virtualizes file system access and hidesthe back-end complexity of physical storage, as illustrated in



Figure 53. This enables storage administrators to harmonize diversestorage elements, streamline data management, and implement dataprotection technologies transparently to end user access.

Figure 53. Brocade StorageX provides a global namespace to virtual-ize file access across heterogeneous operating systems and back-end storage elements

As an integrated suite of file-oriented services, Brocade StorageX facil-itates data protection by enabling transparent migration of data fromone storage element to another, replication of file data between heter-ogeneous systems, and simplification of file management, even whenstorage elements are still dispersed. In addition, StorageX enablesoptimization of storage capacity utilization and so helps ensure thatuser applications are allocated adequate storage without disruptingongoing operations.

The Brocade StorageX global namespace eliminates the need for indi-vidual servers to attach to specific storage arrays through separatedrive letter or path designations. Instead, the global namespace pre-sents a unified view of file structures that may be dispersed overmultiple arrays and presents a single drive letter or path. From thestandpoint of the client, it no longer matters where particular subdirec-tories or folders reside, and this in turn makes it possible to migratefile structures from one physical array to another without disruptinguser applications.



Brocade File Management EngineIn combination with the StorageX global namespace, Brocade FileManagement Engine (FME) provides the ability to automate file lifecy-cle management. As with ILM techniques for block storage data, file-level lifecycle management monitors the frequency of file access andas file data ages and declines in immediate value, it can be migratedto secondary storage, retired to tape, or simply deleted depending ondata retention requirements. The clustered, highly-available FME isbuilt on a Windows Storage Server platform. It leverages and inte-grates the following technology standards: CIFS protocol and ActiveDirectory and Microsoft security protocols. FME architecture ensuresthat access to network resources is always available, protects againstdata loss, and allows you to easily scale the management of a fileenvironment.

Figure 54. Brocade File Management Engine components and architecture



Part Two

The following chapters are included in Part Two:

• “Chapter 8: Foundation Products” starting on page 115

• “Chapter 9: Distance Products” starting on page 133

• “Chapter 10: Backup and Data Protection Products” starting onpage 137

• “Chapter 11: Branch Office and File Management Products” start-ing on page 143

• “Chapter 12: Advanced Fabric Services and Software Products”starting on page 149

113


8
Foundation Products
This chapter provides brief descriptions of the following Brocade foun-dation product offerings:

• “Brocade DCX Backbone” on page 116

• “Brocade 48000 Director” on page 119

• “Brocade Mi10K Director” on page 121

• “Brocade M6140 Director” on page 122

• “Brocade FC4-16IP iSCSI Blade” on page 123

• “Brocade FC10-6 Blade” on page 124

• “Brocade 5300 Switch” on page 125



• “Brocade Fibre Channel HBAs” on page 128

• “Brocade SAN Health” on page 130

The best place to obtain current information Brocade products andservices is to visit www.brocade.com > Resources > Documentation >Data Sheets & Solutions Briefs.

Or make choices from the Products, Solutions, or Services mainmenus.

115

Chapter 8: Foundation Products

Brocade DCX BackboneThe Brocade DCX offers flexible management capabilities as well asAdaptive Networking services and fabric-based applications to helpoptimize network and application performance. To minimize risk andcostly downtime, the platform leverages the proven five-nines (99.999percent) reliability of hundreds of thousands of Brocade SANdeployments.

Figure 55. Brocade DCX Backbone with all slots populated (no door)

The Brocade DCX facilitates the consolidation of server-to-server,server-to-storage, and storage-to-storage networks with highly avail-able, lossless connectivity. In addition, it operates natively withBrocade and Brocade M-Series components, extending SAN invest-ments for maximum ROI. It is designed to support a broad range ofcurrent and emerging network protocols to form a unified, high-perfor-mance data center fabric.


Brocade DCX Backbone

Table 4. Brocade DCX Capabilities

Feature Details

Industry-leading capabilities for large enterprises

• Industry-leading Performance 8 Gbit/sec per-port, full-line-rate performance

• 13 Tbit/sec aggregate dual-chassis bandwidth (6.5 Tbit/sec for a single chassis)

• 1 Tbit/sec of aggregate ICL bandwidth • More than five times the performance of

competitive offerings

High scalability • High-density, bladed architecture• Up to 384 8 Gbit/sec Fibre Channel ports in a

single chassis • Up to 768 8 Gbit/sec Fibre Channel ports in a

dual-chassis configuration • 544 Gbit/sec aggregate bandwidth per slot plus

local switching • Fibre Channel Integrated Routing• Specialty blades for 10 Gbit/sec connectivity

(“Brocade FC10-6 Blade” on page 124), Fibre Channel Routing over IP (“FR4-18i Extension Blade” on page 134), and fabric-based applications (“Brocade FA4-18 Fabric Application Blade” on page 137)

Energy efficiency • Energy efficiency less than one-half Watt per Gbit/sec

• Ten times more energy efficient than competitive offerings

Ultra-High Availability • Designed to support 99.99 percent uptime• Passive backplane, separate and redundant

control processor and core switching blades • Hot-pluggable components, including

redundant power supplies, fans, WWN cards, blades, and optics

Fabric services and applications

• Adaptive Networking services, including Quality of Service (QoS), Ingress Rate Limiting, Traffic Isolation, and Top Talkers

• Plug-in services for fabric-based storage virtualization, continuous data protection and replication, and online data migration



Multiprotocol capabilities and fabric interoperability

• Support for Fibre Channel, FICON, FCIP, and IPFC

• Designed for future 10 Gigabit Ethernet, Converged Enhanced Ethernet (CEE), and Fibre Channel over Ethernet (FCoE)

• Native connectivity in Brocade and BrocadeM-Series fabrics, including backward and forward compatibility

Intelligent management and monitoring

• Full utilization of the Brocade Fabric OS embedded operating system

• Flexibility to utilize a CLI, Brocade EFCM, Brocade Fabric Manager, Brocade Advanced Web Tools, and Brocade Advanced Performance Monitoring

• Integration with third-party management tools

Table 4. Brocade DCX Capabilities

Feature Details


Brocade 48000 Director

Brocade 48000 DirectorIndustry-leading 4, 8, and 10 Gbit/sec Fibre Channel and FICON per-formance, the Brocade 48000 provides HA, multiprotocol connectivity,and broad investment protection for Brocade FOS and Brocade M-EOSfabrics. It scales non-disruptively from 32 to as many as 384 concur-rently active 4 or 8 Gbit/sec full-duplex ports in a single domain.

Figure 56. Brocade 48000 Director with all slots populated

The Brocade 48000 provides industry-leading power and cooling effi-ciency, helping to reduce the total cost of ownership. It supportsblades for Fibre Channel Routing, FCIP SAN extension, and iSCSI, andis designed to support a wide range of fabric-based applications. Italso supports the Brocade FC10-6 blade, providing 10 Gbit/sec FibreChannel data transfer for specific types of data-intensive storageapplications.

With its fifth-generation, high-performance architecture, the Brocade48000 is a reliable foundation for core-to-edge SANs, enabling fabricscapable of supporting thousands of hosts and storage devices. To pro-vide even higher performance, enhanced Brocade ISL Trunkingcombines up to eight 8 Gbit/sec ports between switches into a single,logical high-speed trunk running at up to 64 Gbit/sec. Other servicesprovide additional QoS and Traffic Management capabilities to opti-mize fabric performance.



Utilizing Brocade Fabric OS, the Brocade 48000 also supports nativeconnectivity with existing Brocade M-EOS fabrics.

The Brocade 48000 is designed to integrate with heterogeneous envi-ronments that include IBM mainframe and open platforms withmultiple operating systems such as Microsoft Windows, Linux, SunSolaris, HP-UX, AIX, and i5/OS. These capabilities help make it ideal forenterprise management and high-volume transaction processingapplications such as:

• Enterprise resource planning (ERP)

• Data warehousing

• Data backup

• Remote mirroring

• HA clustering

Designed for use in the Brocade 48000 Director, the FR4-18i Exten-sion Blade (see page 134) provides performance-optimized FCIP aswell as Fibre Channel Routing services. The Brocade FR4-18i offers awide range of benefits for inter-SAN connectivity, including long-dis-tance SAN extension, greater resource sharing, and simplifiedmanagement. The Brocade 48000 also supports the Brocade FC4-16IP (see page 123), which enables cost-effective, easy-to-manageEthernet connectivity so low-cost servers can access high-perfor-mance Fibre Channel storage resources.

The Brocade 48000 supports the Brocade FA4-18 Fabric ApplicationBlade (see page 137) for a variety of fabric-based applications—increasing flexibility, improving operational efficiency, and simplifyingSAN management. This includes Brocade OEM and ISV Partner appli-cations for storage virtualization and volume management,replication, and data mobility, as well as the Brocade Data MigrationManager (see page 139).

Brocade directors are the most power-efficient in the industry, with thelowest documented power draw. They require less power per port(under 4 watts per port) and less power per unit bandwidth than anyother director. Brocade is the only vendor to require less than one wattper Gbit/sec of bandwidth.


Brocade Mi10K Director

Brocade Mi10K Director With the Brocade Mi10K, organizations can securely and efficientlyconsolidate large and geographically distributed networks, supportingthe most demanding open systems and mainframe environments. Pro-viding up to 256 Fibre Channel or FICON ports in a compact 14Uchassis, the Brocade Mi10K delivers broad scalability advantages.

Organizations can natively connect Brocade 8 Gbit/sec switches, theBrocade 48000 Director, and Brocade DCX Backbones to the BrocadeMi10K without disruption—enabling improved utilization of sharedstorage resources with complete Brocade Mi10K functionality. Theability to protect M-Series investments helps reduce costs, streamlinedeployment in expanding SANs, and provide a seamless path forfuture infrastructure migration.

Figure 57. Brocade Mi10K Director



Brocade M6140 DirectorThe Brocade M6140 Director is a reliable, high-performance solutionfor small to midsize data centers using Brocade M-Series SAN fabricdevices. Designed to support 24×7, mission-critical open systems andSystem z environments, the Brocade M6140 enables IT organizationsto further consolidate and simplify their storage networks while keep-ing pace with rapid data growth and changing business requirements.

Providing up to 140 Fibre Channel or FICON ports, the Brocade M6140supports 1, 2, and 4 Gbit/sec transfer speeds to address a broadrange of application performance needs. For data replication andbackup to remote sites, the Brocade M6140 provides 10 Gbit/secFibre Channel transfer speeds over dark fiber using DWDM. To helpensure uninterrupted application performance, the Brocade M6140features extensive component redundancy to achieve 99.999 percentsystem reliability.

The Brocade M6140 utilizes special port cards in up to 35 slots,enabling organizations to scale their SAN environments in small 4-portincrements for cost-effective flexibility. Organizations can also nativelyconnect Brocade 8 Gbit/sec switches, the Brocade 48000 Director,and Brocade DCX Backbones to the Brocade M6140 without disrup-tion—enabling improved Brocade utilization of shared storageresources with complete Brocade M6140 functionality.

Figure 58. Brocade M6140 Director


Brocade FC4-16IP iSCSI Blade

Brocade FC4-16IP iSCSI BladeToday’s IT organizations face financial and operational challenges,such as the growing need to better protect data—for mission-criticalapplications and also for second-tier servers such as e-mail servers.Business demands faster provisioning of storage in a more service-ori-ented, granular fashion. The centralization of data has also becomeincreasingly important for these organizations as they deploy new initi-atives to comply with industry regulations.

All of these challenges can be addressedby allowing lower-cost iSCSI servers toaccess valuable, high-performance FibreChannel SAN resources. The BrocadeFC4-16IP blade for the Brocade 48000Director is a cost-effective solution thatenables this type of connectivity. The Bro-cade FC4-16IP provides a wide range ofperformance, scalability, availability, andinvestment protection benefits to helpincrease storage administrator productiv-ity and application performance whilecontinuing to reduce capital and opera-tional costs.

The blade features eight GbE ports foriSCSI connectivity and eight full-speed 1,2, and 4 Gbit/sec FC ports. The FibreChannel ports provide the same perfor-mance features available in all Brocadeswitches.

Figure 59. FC4-16IP iSCSI Blade



Brocade FC10-6 BladeThe Brocade FC10-6 enables organizations with dark fiber or DWDM10 Gbit/sec long-distance links, to fully utilize these links via dark fiberor DWDM (Ciena and Adva 10 Gbit/sec DWDM have been tested andwork with the Brocade FC10-6). In many environments, a leased 10Gbit/sec link is underutilized because organizations can transmit only4 Gbit/sec Fibre Channel traffic over a 10 Gbit/sec connection.

The Brocade FC10-6 Blade has six 10 Gbit/sec FC ports that use 10Gigabit Small Form Factor Pluggable (XFP) optical transceivers. Theports on the FC10-6 blade operate only in E_Port mode to create ISLs.The FC10-6 blade has buffering to drive 10 Gbit/sec up to 120 km perport, which exceeds the capabilities of 10 Gbit/sec XFPs that are avail-able in short-wave and 10 km, 40 km, and 80 km long-wave versions.

The Brocade FC10-6 is managed with the same tools and CLI com-mands that are used for Brocade FOS-based products. The CLI,Brocade Enterprise Fabric Connectivity Manager (EFCM), Brocade Fab-ric Manager, and Brocade Web Tools all support 10 Gbit/sec utilizingthe same commands used for other Fibre Channel links.


Brocade 5300 Switch

Brocade 5300 SwitchAs the value and volume of business data continue to rise, organiza-tions need technology solutions that are easy to implement andmanage and that can grow and change with minimal disruption. TheBrocade 5300 Switch is designed to consolidate connectivity in rapidlygrowing mission-critical environments, supporting 1, 2, 4, and 8 Gbit/sec technology in configurations of 48, 64, or 80 ports in a 2U chassis.The combination of density, performance, and pay-as-you-grow¡¨ scal-ability increases server and storage utilization, while reducingcomplexity for virtualized servers and storage.

Figure 60. Brocade 5300 Switch

Used at the fabric core or at the edge of a tiered core-to-edge infra-structure, the Brocade 5300 operates seamlessly with existingBrocade switches through native E_Port connectivity into Brocade FOSor M-EOS) environments. The design makes it very efficient in power,cooling, and rack density to help enable midsize and large server andstorage consolidation. The Brocade 5300 also includes Adaptive Net-working capabilities to more efficiently manage resources in highlyconsolidated environments. It supports Fibre Channel Integrated Rout-ing for selective device sharing and maintains remote fabric isolationfor higher levels of scalability and fault isolation.

The Brocade 5300 utilizes ASIC technology featuring eight 8-portgroups. Within these groups, an inter-switch link trunk can supply up to68 Gbit/sec of balanced data throughput. In addition to reducing con-gestion and increasing bandwidth, enhanced Brocade ISL Trunkingutilizes ISLs more efficiently to preserve the number of usable switchports. The density of the Brocade 5300 uniquely enables fan-out fromthe core of the data center fabric with less than half the number ofswitch devices to manage compared to traditional 32- or 40-port edgeswitches.



Brocade 5100 SwitchThe Brocade 5100 Switch is designed for rapidly growing storagerequirements in mission-critical environments combining 1, 2, 4, and8 Gbit/sec Fibre Channel technology in configurations of 24, 32, or 40ports in a 1U chassis. As a result, it provides low-cost access to indus-try-leading SAN technology and pay-as-you-grow scalability forconsolidating storage and maximizing the value of virtual serverdeployments.


Similar to the Brocade 5300, he Brocade 5100 features a flexiblearchitecture that operates seamlessly with existing Brocade switchesthrough native E_Port connectivity into Brocade FOS or M-EOS environ-ments. With the highest port density of any midrange enterpriseswitch, it is designed for a broad range of SAN architectures, consum-ing less than 2.5 watts of power per port for exceptional power andcooling efficiency. It features consolidated power and fan assembliesto improve environmental performance. The Brocade 5100 is a cost-effective building block for standalone networks or the edge of enter-prise core-to-edge fabrics.

Additional performance capabilities include the following:

• 32 Virtual Channels on each ISL enhance QoS traffic prioritizationand “anti-starvation” capabilities at the port level to avoid perfor-mance degradation.

• Exchange-based Dynamic Path Selection optimizes fabric-wideperformance and load balancing by automatically routing data tothe most efficient available path in the fabric. It augments ISLTrunking to provide more effective load balancing in certain con-figurations. In addition, DPS can balance traffic between theBrocade 5100 and Brocade M-Series devices enabled with Bro-cade Open Trunking.


Brocade 300 Switch

Brocade 300 SwitchThe Brocade 300 Switch provides small to midsize enterprises withSAN connectivity that simplifies IT management infrastructures,improves system performance, maximizes the value of virtual serverdeployments, and reduces overall storage costs. The 8 Gbit/sec FibreChannel Brocade 300 provides a simple, affordable, single-switchsolution for both new and existing SANs. It delivers up to 24 ports of 8Gbit/sec performance in an energy-efficient, optimized 1U form factor.


To simplify deployment, the Brocade 300 features the EZSwitchSetupwizard and other ease-of-use and configuration enhancements, aswell as the optional Brocade Access Gateway mode of operation (sup-ported with 24-port configurations only). Access Gateway modeenables connectivity into any SAN by utilizing NPIV switch standards topresent Fibre Channel connections as logical devices to SAN fabrics.Attaching through NPIV-enabled switches and directors, the Brocade300 in Access Gateway mode can connect to FOS-based, M-EOS-based, or other SAN fabrics.

Organizations can easily enable Access Gateway mode (see page 151)via the FOS CLI, Brocade Web Tools, or Brocade Fabric Manager. Keybenefits of Access Gateway mode include:

• Improved scalability for large or rapidly growing server and virtualserver environments

• Simplified management through the reduction of domains andmanagement tasks

• Fabric interoperability for mixed vendor SAN configurations thatrequire full functionality



Brocade Fibre Channel HBAsIn mid-2008 Brocade released a family of Fibre Channel HBAs with 8 Gbit/sec and4 Gbit/sec HBAs.

Highlights of these new Brocade FC HBAs include:

• Maximizes bus throughput with a Fibre Channel-to-PCIe 2.0aGen2 (x8) bus interface with intelligent lane negotiation

• Prioritizes traffic and minimizes network congestion with targetrate limiting, frame-based prioritization, and 32 Virtual Channelsper port with guaranteed QoS

• Enhances security with Fibre Channel-Security Protocol (FC-SP) fordevice authentication and hardware-based AES-GCM; ready for in-flight data encryption

• Supports virtualized environments with NPIV for 255 virtual ports

• Uniquely enables end-to-end (server-to-storage) management inBrocade Data Center Fabric environments

Brocade 825/815 FC HBAThe Brocade 815 (single port) and Brocade 825 (dual ports) 8 Gbit/sec Fibre Channel-to-PCIe HBAs provide a new level of server connec-tivity through unmatched hardware capabilities and unique softwareconfigurability. This new class of HBAs is designed to help IT organiza-tions deploy and manage true end-to-end SAN service across next-generation data centers.

Figure 63. Brocade 825 FC 8 Gbit/sec HBA (dual ports shown)


Brocade Fibre Channel HBAs

The Brocade 8 Gbit/sec FC HBA also:

• Maximizes I/O transfer rates with up to 500,000 IOPS per port at 8 Gbit/sec

• Utilizes N_Port Trunking capabilities to create a single logical 16 Gbit/sec high-speed link

Brocade 425/415 FC HBAThe Brocade 4 Gbit/sec FC HBA has capabilities similar to thosedescribed for the 8 Gbit/sec version. The Brocade 4 Gbit/sec FC HBAalso:

• Maximizes I/O transfer rates with up to 500,000 IOPS per port at4 Gbit/sec

• Utilizes N_Port Trunking capabilities to create a single logical 8 Gbit/sec high-speed link

Brocade

Figure 64. Brocade 415 FC 4 Gbit/sec HBA (single port shown)



Brocade SAN HealthThe Brocade SAN Health family of offerings provides the most compre-hensive tools and services for analyzing and reporting on storagenetworking environments. These practical, easy-to-use solutions helpautomate time-consuming tasks to increase administrator productivity,simplify management, and streamline operations throughout theenterprise.

Figure 65. SAN Health topology display

The SAN Health family ranges from a free diagnostic capture utility tooptional fee-based add-on modules and customized Brocade Services.The family of offerings includes:

• Brocade SAN Health Diagnostics Capture (Free data captureutility). By capturing raw data about SAN fabrics, directors,switches, and connected devices, this utility provides a practical,fast way to keep track of networked storage environments. SANHealth Diagnostics Capture collects diagnostic data, checks it forproblems, analyzes it against best-practice criteria, and then pro-duces an Excel-based report containing detailed information on allfabric and device elements. This report provides views that arespecifically designed for open systems or mainframe users, andserves as the basis for all the SAN Health family products and ser-vices. In addition, it generates a comprehensive Visio topologydiagram that provides a graphical representation of networkedstorage environments.


Brocade SAN Health

• Brocade SAN Health Professional (Free data analysis frameworkthat supports optional advanced functionality modules). BrocadeSAN Health Professional provides a framework for loading the orig-inal report data generated by SAN Health Diagnostics Capture.This framework supports extended functionality beyond the capa-bilities of an Excel report and Visio topology diagram. Capabilitiessuch as searching, comparing, custom report generation, andchange analysis are all available in an easy-to-use GUI.

Using SAN Health Professional, organizations can quickly and eas-ily search their SAN Health reports to find common attributes fromthe channel adapters (HBA firmware and driver levels), director/switch firmware, and specific error counter information.

• Brocade SAN Health Professional Change Analysis (Optional fee-based module with sophisticated change analysiscapabilities). SAN Health Professional Change Analysis is anoptional subscription-based add-on module for SAN Health Profes-sional that enables organizations to compare two SAN Healthreports run at different times to visually identify what items havechanged from one audit to the next. Organizations can comparetwo SAN Health reports with all the detailed changes highlightedin an easy-to-understand format. The changes are easily search-able, and organizations can quickly produce a change report.

• Brocade SAN Health Expert (Subscription-based Brocade Servicesoffering featuring detailed analysis and quarterly consultationswith Brocade consultants). The Brocade SAN Health Expert Ser-vice engagement is a subscription service designed fororganizations that want additional analysis and advice from a Bro-cade consultant. As an extension of the SAN Health DiagnosticsCapture utility, this service entitles subscribers to four 1-hour liveconsultations on a quarterly basis during a 365-day period.

As part of the service, a Brocade consultant prepares for eachtelephone consultation by downloading and reviewing the sub-scriber’s SAN Health reports and preparing architectural andoperational recommendations. This preparation serves as the dis-cussion agenda for the live consultations. During theconsultations, subscribers also can ask specific questions abouttheir SAN environments. The quarterly consultations provide acost-effective way to build an ongoing plan for improving uptimeand continually fine-tuning SAN infrastructures.



By utilizing the free versions of the SAN Health Diagnostics Captureutility and SAN Health Professional framework, organizations canquickly gain an accurate view of their storage infrastructure, includingdirector and switch configurations along with all of the devicesattached to the network. They can then opt for the fee-based modulesthat build on the SAN Health Professional framework if they want addi-tional search, filtering, or reporting capabilities. Regardless, ITorganizations of all sizes can utilize these products and services toperform critical tasks such as:

• Taking inventory of devices, directors, switches, firmware versions,and fabrics

• Capturing and displaying historical performance data

• Comparing zoning and switch configurations to best practices

• Assessing performance statistics and error conditions

• Producing detailed graphical reports and diagrams

Figure 66. SAN Health reporting screen

In addition to these capabilities, mainframe users can utilize a newFICON-enhanced tool to model potential configurations and managechange in a simplified format. Specifically, the tool reformats Input/Output Completion Port (IOCP) configuration files into easy-to-under-stand Microsoft Excel spreadsheets.



9
Distance Products
Brocade has a number of highly optimized distance extension prod-ucts, including:

• “Brocade 7500 Extension Switch” on page 133

• “FR4-18i Extension Blade” on page 134

• “Brocade Edge M3000” on page 135

• “Brocade USD-X” on page 136

Brocade 7500 Extension SwitchThe Brocade 7500 combines 4 Gbit/sec Fibre Channel switching androuting capabilities with powerful hardware-assisted traffic forwardingfor FCIP. It features 16 x FC ports and 2 x 1 GbE ports—delivering highperformance to run storage applications at line-rate speed with eitherprotocol. By integrating these services in a single platform, the Bro-cade 7500 offers a wide range of benefits for storage and SANconnectivity, including SAN scaling, long-distance extension, greaterresource sharing (either locally or across geographical areas), and sim-plified management.

Figure 67. Brocade 7500 Extension Switch

133

Chapter 9: Distance Products

The Brocade 7500 provides an enterprise building block for consolida-tion, data mobility, and business continuity solutions that improveefficiency and cost savings:

• Combines FCIP extension with Fibre Channel switching and rout-ing to provide local and remote storage and SAN connectivity whileisolating SAN fabrics and IP WAN networks

• Optimizes application performance with features such as FastWrite, Brocade Accelerator for FICON (including Emulation andRead/Write Tape Pipelining), and hardware-based compression

• Maximizes bandwidth utilization with Adaptive Networking ser-vices, including QoS and Traffic Isolation, trunking, and networkload balancing

• Enables secure connections across IP WANs through IPSecencryption

• Interoperates with Brocade switches, routers, and the BrocadeDCX Backbone, enabling new levels of SAN scalability, perfor-mance, and investment protection

• Simplifies interconnection and support for heterogeneous SANenvironments

FR4-18i Extension Blade

The Brocade FR4-18i, integrating into either theBrocade 48000 Director or the Brocade DCXBackbone, combines Fibre Channel switchingand routing capabilities with powerful hardware-assisted traffic forwarding for FCIP. The blade fea-tures 16 x 4 Gbit/sec Fibre Channel ports and 2 x1 GbE ports—delivering high performance to runstorage applications at line-rate speed with eitherprotocol. By integrating these services in a singleplatform, the Brocade FR4-18i offers a widerange of benefits for storage and SAN connectiv-ity, including SAN scaling, long-distanceextension, greater resource sharing (either locallyor across geographical areas), and simplifiedmanagement.

Figure 68. FR4-18i Extension Blade


Brocade Edge M3000

Brocade Edge M3000The Brocade Edge M3000 interconnects Fibre Channel and FICONSANs over IP or ATM infrastructures. As a result, it enables many of themost cost-effective, enterprise-class data replication solutions—includ-ing disk mirroring and remote tape backup/restore to maximizebusiness continuity. Moreover, the multipoint SAN routing capabilitiesof the Brocade Edge M3000 provide a highly flexible storage infra-structure for a wide range of remote storage applications

Figure 69. Brocade Edge M3000

The Brocade Edge M3000 enables the extension of mission-criticalstorage networking applications in order to protect data and extendaccess to the edges of the enterprise. The ability to extend both main-frame and open systems tape and disk storage provides cost-effectiveoptions for strategic storage infrastructure plans as well as support forthe following applications:

• Synchronous or asynchronous disk mirroring

• Data backup/restore, archive/retrieval, and migration

• Extended tape or virtual tape

• Extended disk

• Content distribution

• Storage sharing


Chapter 9: Distance Products

Brocade USD-XThe Brocade USD-X is a high-performance platform that connects andextends mainframe and open systems storage-related data replicationapplications for both disk and tape, along with remote channel net-working for a wide range of device types.

Figure 70. Brocade USD-X, 12-slot and 6-slot versions

This multi-protocol gateway and extension platform interconnects host-to-storage and storage-to-storage systems across the enterprise—regardless of distance—to create a high-capacity, high-performancestorage network using the latest high-speed interfaces.

In short, the Brocade USD-X:

• Supports Fibre Channel, FICON, ESCON, Bus and Tag or mixedenvironment systems

• Fully exploits Gigabit Ethernet services

• Delivers industry-leading throughput over thousands of miles

• Provides hardware-based compression to lower bandwidth costs

• Offers one platform for all remote storage connectivity needs

• Shares bandwidth across multiple applications and sites

There are two versionsof the Brocade USD-X:

• The 12-slot version shown on the left

• The 6-slot versionshown on the right



10
Backup and Data Protection Products
The Brocade DCX Backbone and 48000 Director with the BrocadeFA4-18 Fabric Application Blade running Brocade or third-party appli-cations provides a robust data protection solution.

NOTE: The functionality described for the FA4-18 Fabric ApplicationBlade is also available in the Brocade 7600 standalone platform.

Brocade FA4-18 Fabric Application BladeThe Brocade FA4-18 blade installed in a Bro-cade DCX Backbone or a Brocade 48000Director is a high-performance platform for fab-ric-based storage applications. Deliveringintelligence in SANs to perform fabric-basedstorage services, including online data migra-tion, storage virtualization, and continuousdata replication and protection, this blade pro-vides high-speed, highly reliable fabric-basedservices throughout heterogeneous data centerenvironments.

Figure 71. Brocade FA4-18

137

Chapter 10: Backup and Data Protection Products

The Brocade FA4-18 is tightly integrated with a wide range of enter-prise storage applications that leverage Brocade Storage ApplicationServices (SAS, an implementation of the T11 FAIS standard) to providewirespeed data movement and offload server resources. These appli-cations include:

• Brocade Data Migration Manager (page 139) provides an ultra-fast, non-disruptive, and easy-to-manage solution for migratingdata in heterogeneous server and storage environments. It helpsorganizations reduce overhead while accelerating data centerrelocation or consolidation, array replacements, and InformationLifecycle Management (ILM) activities.

• EMC RecoverPoint on Brocade (page 141) is designed to providecontinuous remote replication and continuous data protectionacross heterogeneous IT environments, enabling organizations toprotect critical applications from data loss and improve businesscontinuity. (EMC sells the Brocade FA4-18 for RecoverPoint solu-tions under the EMC Connectrix Application Platform brand.)

• EMC Invista on Brocade is designed to virtualize heterogeneousstorage in networked storage environments, enabling organiza-tions to simplify and expand storage provisioning, and move dataseamlessly between storage arrays without costly downtime. (EMCsells the Brocade FA4-18 for Invista solutions under the EMC Con-nectrix Application Platform brand.)

• Fujitsu ETERNUS VS900 virtualizes storage across Fibre Channelnetworks, enabling organizations to allocate any storage to anyapplication with ease, simplify data movement across storagetiers, and reduce storage costs.


Brocade Data Migration Manager Solution

The Brocade FA4-18 blade provides a high-performance platform fortightly integrated storage applications that leverage the Brocade Stor-age Application Services (SAS) API. Highlights of the FA4-18 include:

• Provides 16 auto-sensing 1, 2, and 4 Gbit/sec Fibre Channel portswith two auto-sensing 10/100/1000 Mbit/sec Ethernet ports forLAN-based management

• Leverages a fully pipelined, multi-CP U RI SC and memory system,up to 64 Gbit/sec throughout, and up to 1 million IOPS to meet themost demanding data center environments

• Performs split-path hardware acceleration using partitioned portprocessing and distributed control and data path processors,enabling wire-speed data movement without compromising hostapplication performance

• Helps ensure highly reliable storage solutions through failover-capable data path processors combined with the high componentredundancy of the Brocade DCX or Brocade 48000

Brocade Data Migration Manager SolutionBrocade Data Migration Manager (DMM) provides a fast, non-disrup-tive, and easy-to-manage migration solution for heterogeneousenvironments.

As the need for block-level data migration becomes increasingly com-mon, many IT organizations need to migrate data from one type ofstorage array to another and from one vendor array to another. Assuch, data migration carries an element of risk and often requiresextensive planning. Powerful, yet easy to use, Brocade DMM enablesthese organizations to efficiently migrate block-level data and avoidthe high cost of application downtime.

Because it is less disruptive, more flexible, and easier to plan for thantraditional data migration offerings, Brocade DMM provides a widerange of advantages. Residing on the SAN-based Brocade ApplicationPlatform, Brocade DMM features a migrate-and-remove architectureas well as “wire-once” setup that enables fast, simplified deploymentin existing SANs. This approach helps organizations implement andmanage data migration across SANs or WANs with minimal time andresource investment.



Utilizing the 4 Gbit/sec port speed and 1 million IOPS performance ofthe Brocade Application Platform, Brocade DMM migrates up to 128volumes in parallel at up to five terabytes per hour. For maximum flexi-bility, it supports both offline and online data migration in Windows,HP-UX, Solaris, and AIX environments for storage arrays from EMC, HP,Hitachi, IBM, Network Appliance, SUN, and other vendors.

Key features and benefits include:

• Simplifies and accelerates block data migration during data cen-ter relocation or consolidation, array replacements, or ILMactivities

• Migrates up to 128 LUNs in parallel at up to 5 terabytes per hour

• Performs online (as well as offline) migration without impactingapplications, eliminating costly downtime

• Moves data between heterogeneous storage arrays from EMC,Hitachi, HP, IBM, NetApp, Sun, and other leading vendors

• Enables fast, seamless deployment in existing SAN fabricsthrough a “migrate-and-remove” architecture

• Automates multiple migration operations with easy start, stop,resume, and throttle control

• Utilizes an intuitive Windows management console or CLI scripting

EMC RecoverPoint SolutionEMC RecoverPoint on Brocade provides continuous remote replicationand continuous local data protection across heterogeneous IT environ-ments, as shown in Figure 72. By leveraging the intelligence inBrocade SAN fabrics and utilizing existing WAN connectivity, this inte-grated solution helps IT organizations protect their critical applicationsagainst data loss for improved business continuity.


EMC RecoverPoint Solution

Figure 72. EMC RecoverPoint on Brocade scenario

This solution includes advanced features that provide robustperformance and heterogeneous implementations:

• Brocade SAS API for reliable, scalable, and highly availablestorage applications

• Fully pipelined, multi-CPU RISC (reduced instruction set comput-ing) and memory system, providing inline processing capabilitiesfor optimum performance and flexibility

• Partitioned port processing, which utilizes distributed control anddata path processors for wirespeed data transfer

• A compact, cost-effective deployment footprint

• Investment protection through non-disruptive interoperability withexisting SAN fabrics

• Available for Microsoft Windows, AIX, HP-UX, Sun Solaris, Linux,and VMware server environments, utilizing storage devicesresiding in a Fibre Channel SAN



11
Branch Office and FileManagement Products
With the unprecedented growth of file data across the enterprise,today’s IT organizations face ever-increasing file management chal-lenges: greater numbers of files, larger files, rising user expectations,and shorter maintenance windows.

• “Brocade File Management Engine” on page 143

• “Brocade StorageX” on page 145

• “Brocade File Insight” on page 146

Brocade File Management EngineBrocade File Management Engine (FME) creates a logical abstractionlayer between how files are accessed and the underlying physical stor-age. Because file access is no longer bound to physical storagedevices, organizations can move or migrate files without disruptingusers or applications.

Figure 73. Brocade File Management Engine (FME)

Brocade FME utilizes sophisticated technology for true open file migra-tion—simplifying file management and enabling organizations tovirtualize their files and manage resources more efficiently. As a

143

Chapter 11: Branch Office and File Management Products

result, organizations can manage file data whenever they want, savingtime, money, and resources. Moreover, the automation of labor-inten-sive tasks reduces the potential for errors and business disruption.

Brocade FME combines non-disruptive file movement with policy-driven automation for:

• Transparent file migration, including open and locked files

• File, server, and storage consolidation

• Asset deployment and retirement

• Tiered file classification and placement

• File and directory archiving

Brocade FME provides a number of powerful features, some of whichare unique in the industry:

Open file migration. Enables non-disruptive movement of open orlocked files, supporting on-demand or scheduled movement

Redirection for logical migration. Logically links users to physical filelocations to avoid disruption

Transparency. Does not alter server, network, and storage resourcesor client access and authentication

Automated policies. Saves time by simplifying file classification andmanagement while improving integrity by automatically monitoring fileplacement

Scalable and granular namespace. Supports the management of bil-lions of files and petabytes of data at the share, directory, or file level

Heterogeneous resource support. Abstracts servers, networks, andstorage for easier management, including common management ofSMB and CIFS data


Brocade StorageX

Brocade StorageXBrocade StorageX is an integrated suite of applications that logicallyaggregates distributed files across heterogeneous storage environ-ments and across CIFS- and NFS-based files while providing policies toautomate file management functions. It supports tasks for key areassuch as:

• Centralized network file management with location-independentviews of distributed files

• File management agility and efficiency through transparent high-speed file migration, consolidation, and replication

• Security, regulatory, and corporate governance compliance withreporting and seamless preservation of file permissions duringmigration

• Disaster recovery and enhanced business continuity with 24×7file access, utilizing replicas across multiple heterogeneous, dis-tributed locations

• Centralized and automated key file management tasks for greaterproductivity, including failover and remote site file management

• Information Lifecycle Management (ILM) policies to automatetiered file migration from primary storage to secondary devicesbased on specified criteria

• File data classification and reporting

Brocade StorageX provides administrators with powerful policies toefficiently manage distributed files throughout an enterprise. More-over, it directly addresses the needs of both administrators and usersby increasing data availability, optimizing storage capacity, and simpli-fying storage management for files—all leading to significantly lowercosts for enterprise file data infrastructures.

Brocade StorageX integrates and extends innovative Microsoft Win-dows-based technologies such as DFS to provide seamless integrationwith Windows infrastructures. Rather than managing data through pro-prietary technologies or file systems that must mediate access, itenables file access through established mechanisms.



Brocade StorageX leverages Microsoft technology to:

• Build upon the DFS namespace with a global namespace thataggregates files and centralizes management across theenterprise

• Simplify Windows Server 2003 and Storage Server 2003 adoptionand migration from legacy operating systems, including Novell

• Provide cost-effective, seamless failover across geographically dis-tributed sites by centralizing management of the global failoverprocess

Brocade File InsightBrocade File Insight is a free Windows-based reporting utility that pro-vides a fast and easy way to understand SMB/CIFS file shareenvironments. It collects file metadata and produces meaningfulreports on file age, size, types, and other metadata statistics. Unliketraditional manual data collection and reporting methods, File Insightis easy to use, non-intrusive. and fast. It enables administrators to opti-mize network-based file availability, movement, and access whilelowering the cost of ownership.

The file storage world today is increasingly networked and distributed,and file storage management has become both complex and costly. ITorganizations often struggle to find answers to questions such as:

• What is the percentage of files being managed that have notchanged in the past year?

• How many files have not been accessed in the past six months?

• What file types are most common?

• What file types consume the most space?

To address these challenges, File Insight helps organizations assessand better understand highly distributed file environments. Leveragingthis free file analysis utility, organizations can scan SMB/CIFS networkshares and use the resulting metadata to better understand their fileenvironments.

The File Insight console is an intuitive, task-based interface that is sim-ple to install and use. It enables organizations to create and run FileInsight scans, and view the results. A File Insight scan collects meta-data about the files stored on the network shares included in the scan,and stores the scan results in a CSV file for local reporting and a Zipfile for Brocade-based report generation, as shown in Figure 74.


Brocade File Insight

Figure 74. Overview of Brocade File Insight

File Insight provides reports with the following types of information:

• The number of files in an environment

• File age and file size

• How many files have not been accessed in two or more years

• The most common file types by aggregate file count and file size

As a result, File Insight provides the information organizations need tomore confidently manage their network-based file storage and opti-mize file data availability, movement, access, and cost.

If you have questions, contact [email protected].



12
Advanced Fabric Servicesand Software Products
Brocade ships its flagship proprietary operating system, Brocade Fab-ric OS (FOS) on all B-Series platforms.

NOTE: Also supported for M-Series (formerly McDATA) platforms is Bro-cade M-Enterprise OS.

The following optionally licensed Advanced Fabric Services are avail-able to enhance the capabilities of FOS:

• “Brocade Advanced Performance Monitoring” on page 150

• “Brocade Access Gateway” on page 151

• “Brocade Fabric Watch” on page 152

• “Brocade Inter-Switch Link Trunking” on page 153

• “Brocade Extended Fabrics” on page 154

Brocade offers a suite of manageability software products:

• “Brocade Enterprise Fabric Connectivity Manager” on page 156

• “Brocade Fabric Manager” on page 158

• “Brocade Web Tools” on page 160

Brocade Fabric OSBrocade Fabric OS is the operating system firmware that provides thecore infrastructure for deploying robust SANs. As the foundation for theBrocade family of FC SAN switches and directors, it helps ensure thereliable and high-performance data transport that is critical for scal-able SAN fabrics interconnecting thousands of servers and storagedevices. With ultra-high-availability features such as non-disruptive hotcode activation, FOS is designed to support mission-critical enterpriseenvironments. A highly flexible solution, it is built with field-proven fea-

149

Chapter 12: Advanced Fabric Services and Software Products

tures such as fabric auditing, continuous port monitoring, advanceddiagnostics and recovery, and data management/fault isolation. Inaddition.

FOS capabilities include:

• Maximizes flexibility by integrating high-speed access, infrastruc-ture scaling, long-distance connectivity, and multiserviceintelligence into SAN fabrics

• Enables highly resilient, fault-tolerant multiswitch Brocade SANfabrics

• Supports multiservice application platforms for the most demand-ing business environments

• Features 1, 2, 4, 8, and 10 Gbit/sec capabilities for Fibre Channeland FICON connectivity and 1 Gbit/sec Ethernet for long-distancenetworking and iSCSI connectivity

• Maximizes port usage with NPIV technology

• Provides data management and fault isolation capabilities for fab-rics via Administrative Domain, Advanced Zoning, and Logical SAN(LSAN) zoning technologies

• Supports IPv6 and IPv4 addressing for system managementinterfaces

Brocade Advanced Performance MonitoringBased on Brocade Frame Filtering technology and a unique perfor-mance counter engine, Brocade Advanced Performance Monitoring isa comprehensive tool for monitoring the performance of networkedstorage resources. This tool helps reduce total cost of ownership andover-provisioning while enabling SAN performance tuning, reporting ofservice level agreements, and greater administrator productivity.

Advanced Performance Monitoring supports direct-attached, loop, andswitched fabric Fibre Channel SAN topologies by:

• Monitoring transaction performance from source to destination

• Monitoring ISL performance

• Measuring device performance by port, Arbitrated Loop PhysicalAddress (ALPA), and LUN

• Reporting Cyclic Redundancy Check error measurement statistics


Brocade Fabric OS

• Measuring ISL Trunking performance and resource usage

• Utilizing “Top Talker” reports, which rank the highest-bandwidthdata flows in the fabric for F_Ports and E_Ports (ISL)

• Comparing IP versus SCSI traffic on each port

Brocade Access GatewayBlade servers are experiencing explosive growth and acceptance intoday’s data center IT environments. A critical part of this trend is con-necting blade servers to SANs, which provide highly available andscalable storage solutions. IT organizations that want to connect bladeserver enclosures to SANs in this manner typically utilize one of twomethods: Fibre Channel SAN pass-through solutions or blade serverSAN switches.

Brocade offers blade server SAN switches from all leading blade man-ufacturers, providing significant advantages over Fibre Channel SANpass-through solutions. With fewer cables and related components,Brocade blade server SAN switches provide lower cost and greater reli-ability by eliminating potential points of failure. Brocade has expandedupon these blade server SAN switch benefits with the introduction ofthe Brocade Access Gateway. Specifically for blade server SANswitches, the Brocade Access Gateway simplifies server and storageconnectivity in blade environments. By enabling increased fabric con-nectivity, greater scalability, and reduced management complexity, theBrocade Access Gateway provides a complete solution for connectingblade servers to any SAN fabric.

This unique solution protects investments in existing blade server SANswitches by enabling IT organizations to use them as traditional Bro-cade full-fabric SAN switches or operate them in Brocade AccessGateway mode via Brocade Web Tools or the Brocade command lineinterface. As a result, the Brocade Access Gateway provides a reliableway to integrate state-of-the-art blade servers into heterogeneousFibre Channel SAN environments, as shown in Figure 75.



Figure 75. Access Gateway on blades and the Brocade 300 Switch

Highlights of the Brocade Access Gateway include:

• Simplifies the connectivity of blade servers to any SAN fabric,using hardware that is qualified by industry-leading OEMs

• Increases scalability of blade server enclosures within SAN fabrics

• Helps eliminate fabric disruption resulting from increased bladeserver switch deployments

• Simplifies deployment and change management utilizing standardBrocade FOS

• Provides extremely flexible port connectivity

• Features fault-tolerant external ports for mission-critical highavailability

Brocade Fabric WatchBrocade Fabric Watch is an optional SAN health monitor for Brocadeswitches. Fabric Watch enables each switch to constantly watch itsSAN fabric for potential faults—and automatically alert network manag-ers to problems before they become costly failures. Fabric Watchtracks a variety of SAN fabric elements, events, and counters. Monitor-ing fabric-wide events, ports, transceivers, and environmentalparameters permits early fault detection and isolation as well as per-formance measurement. Unlike many systems monitors, Fabric Watchis easy to configure. Network administrators can select custom fabricelements and alert thresholds—or they can choose from a selection ofpreconfigured settings.


Brocade Fabric OS

In addition, it is easy to integrate Fabric Watch with enterprise systemsmanagement solutions. By implementing Fabric Watch, storage andnetwork managers can rapidly improve SAN availability and perfor-mance without installing new software or system administration tools.

For a growing number of organizations, SAN fabrics are a mission-criti-cal part of their systems architecture. These fabrics can includehundreds of elements, such as hosts, storage devices, switches, andISLs. Fabric Watch can optimize SAN value by tracking fabric eventssuch as:

• Fabric resources: fabric reconfigurations, zoning changes, andnew logins

• Switch environmental functions: temperature, power supply, andfan status, along with security violations and HA metrics

• Port state transitions, errors, and traffic information for multipleport classes as well as operational values for supported models oftransceivers

• A wide range of performance information

Brocade Inter-Switch Link TrunkingBrocade ISL Trunking is available for all Brocade 2, 4, and 8 Gbit/secFibre Channel switches, FOS-based directors, and the Brocade DCXBackbone. This technology is ideal for optimizing performance andsimplifying the management of multi-switch SAN fabrics containingBrocade switches and directors and the latest 8 Gbit/sec solutions.When two or more adjacent ISLs in a port group are used to connecttwo switches with trunking enabled, the switches automatically groupthe ISLs into a single logical ISL, or “trunk.” The throughput of theresulting trunk can range from 4 Gbit/sec to as much as 68 Gbit/sec.

Highlights of Brocade ISL Trunking include:

• Combines up to eight ISLs into a single logical trunk that providesup to 68 Gbit/sec data transfers (with 8 Gbit/sec solutions)

• Optimizes link usage by evenly distributing traffic across all ISLs atthe frame level

• Maintains in-order delivery to ensure data reliability

• Helps ensure reliability and availability even when a link in thetrunk fails



• Optimizes fabric-wide performance and load balancing withDynamic Path Selection

• Simplifies management by reducing the number of ISLs required

• Provides a high-performance solution for network- and data-inten-sive applications

To further optimize network performance, Brocade 4 and 8 Gbit/secplatforms support optional DPS. Available as a standard feature in Bro-cade FOS (starting in Fabric OS 4.4), exchange-based DPS optimizesfabric-wide performance by automatically routing data to the most effi-cient available path in the fabric. DPS augments ISL Trunking toprovide more effective load balancing in certain configurations, suchas routing data between multiple trunk groups—or in Native Connectiv-ity configurations with Brocade M-EOS products. This approachprovides “transmit” ISL Trunking from FOS to M-EOS products while M-EOS products provide transmit trunking via Open Trunking, therebyenabling bidirectional trunking support. As a result, this combinationof technologies provides the greatest design flexibility and the highestdegree of load balancing.

Depending on the number of links and link speeds employed, trunkscan operate at various distance/bandwidth combinations. For exam-ple, trunking can support distances of 345 km for a 2 Gbit/sec, 5-linktrunk providing over 10 Gbit/sec of trunk bandwidth, or 210 km for a 4Gbit/sec, 4-link trunk providing 17 Gbit/sec of trunk bandwidth.

Brocade Extended FabricsFibre Channel-based networking technology has revitalized the reliabil-ity and performance of server and storage environments—providing arobust infrastructure to meet the most demanding business require-ments. In addition to improving reliability and performance, FibreChannel provides the capability to distribute server and storage con-nections over distances up to 30 km using enhanced long-wave opticsand dark fiber—enabling SAN deployment in campus environments.

However, today’s organizations often require SAN deployment over dis-tances well beyond 30 km to support distributed facilities and stricterbusiness continuance requirements. To address these extended dis-tance SAN requirements, Brocade offers Extended Fabrics software.


Brocade Fabric OS

Brocade Extended Fabrics enables organizations to leverage theincreased availability of DWDM equipment in major metropolitanareas (see Figure 24). The most effective configuration for implement-ing extended-distance SAN fabrics is to deploy Fibre Channel switchesat each location in the SAN. Each switch handles local interconnectiv-ity and multiplexes traffic across long-distance DWDM links while theExtended Fabrics software enables SAN management over extendeddistances.

In this type of configuration, the Extended Fabrics software enables:

• Fabric interconnectivity over Fibre Channel at longer distances.ISLs or IFLs use dark fiber or DWDM connections to transfer data.As Fibre Channel speeds increase, the maximum distancedecreases for each switch. However, the latest Brocade 8 Gbit/sectechnology sets a new benchmark for extended distances—up to3400 km at 1 Gbit/sec and 425 km at 8 Gbit/sec—to move moredata over longer distances at a lower cost.

• Simplified management over distance. Each device attached tothe SAN appears as a local device, an approach that simplifiesdeployment and administration.

• A comprehensive management environment. All managementtraffic flows through internal SAN connections, so the fabric canbe managed from a single administrator console using BrocadeEnterprise Fabric Connectivity Manager (EFCM), Fabric Manager,or the Web Tools switch management utility.

Table 5 provides distance data for Brocade Extended Fabrics.

Table 5. Extended Fabrics distances for 8 Gbit/sec platforms

Connection type Native Fibre Channel

Line speed 1, 2, 4, and 8 Gbit/sec

Maximum distance forBrocade 5100 Switch

Up to 3400 km at 1 Gbit/secUp to 1700 km at 2 Gbit/secUp to 850 km at 4 Gbit/secUp to 425 km at 8 Gbit/sec

Maximum distance forBrocade 5300 Switch




Brocade Enterprise Fabric Connectivity ManagerBrocade EFCM runs on M-EOS fabrics and includes Basic, Enterprise,and Standard versions.

Brocade Basic EFCM Brocade EFCM Basic is an intuitive, browser-based SAN managementtool for simple and straightforward configuration and management ofBrocade fabric switches. Ideal for the small to mid-sized business,. Thesoftware is complimentary with every Brocade fabric switch and is per-fect for companies migrating from direct-attached storage to a SAN orcompanies maintaining small switch SANs. It is recommended for fab-rics with one to three switches. Brocade EFCM Basic software isaccessed via a standard Web browser.

Brocade EFCM Standard and Enterprise Brocade EFCM is a powerful and comprehensive SAN managementapplication. It helps organizations consolidate, optimize, and protecttheir storage networks to reduce costs, meet their data protectionrequirements, and improve their service levels through unprecedentedease of use, scalability, global visualization, and intelligent automa-tion. In particular, Brocade EFCM reduces the complexity and cost ofstorage networks through centralized management of global SAN envi-ronments as shown in Figure 76.

With enterprise-class reliability, proactive monitoring/alert notification,and unprecedented scalability, it helps organizations maximize avail-ability while enhancing security for their storage networkinfrastructures.

Maximum distance forBrocade 300Switch


Maximum distance for Brocade 8 Gbit/sec blades


Interconnect distance Extended long-wave transceivers; Fibre Channel repeaters, DWDM

Table 5. Extended Fabrics distances for 8 Gbit/sec platforms


Brocade Enterprise Fabric Connectivity Manager

Figure 76. Brocade EFCM interface

Highlights include:

• Centralizes the management of multiple Brocade M-EOS and Bro-cade Fabric OS SAN fabrics

• Facilitates configuration and asset tracking with end-to-end visual-ization of extended SANs, including HBAs, routers, switches, andextension devices

• Displays, configures, and zones Brocade HBAs, switches, direc-tors, and the Brocade DCX Backbone

• Adds, removes, and modifies remote devices with easy-to-usefunctions that simplify management tasks

• Provides industry-leading support for FICON mainframe environ-ments, including FICON CUP, FICON CUP zoning, and NPIV

• Enables integration with third-party management applications andSRM tools for storage-wide management

• Displays multiple geographically dispersed SANs through a localBrocade EFCM instance



Brocade EFCM is available in Standard or Enterprise versions:

• Brocade EFCM Standard provides advanced functionality thatsmall and mid-sized organizations can easily deploy and use tosimplify SAN ownership

• Brocade EFCM Enterprise is ideal for large, multi-fabric, or multi-site SANs and is upgradable with optional advanced functionality.

• In addition, Brocade EFCM enables third-party product integrationthrough the Brocade SMI Agent.

Brocade Fabric ManagerBrocade Fabric Manager is a powerful application that manages multi-ple Brocade FOS SAN switches and fabrics in real time. In particular, itprovides the essential functions for efficiently configuring, monitoring,dynamically provisioning, and managing Brocade SAN fabrics on adaily basis.

Through its single-point SAN management platform and integratedBrocade Web Tools element manager, Brocade Fabric Manager facili-tates the global integration and execution of management tasksacross multiple fabrics. It is tightly integrated with Brocade FOS andBrocade Fabric Watch, an optional monitoring and troubleshootingmodule. In addition, it integrates with third-party products throughbuilt-in menu functions and the Brocade SMI Agent.


Brocade Fabric Manager

Figure 77. Brocade Fabric Manager displays a topology-centric view of SAN environments

Brocade Fabric Manager provides unique methods for managingSANs, including:

• Device troubleshooting analysis. Utilizes a diagnostics wizard toidentify device miscommunication, reducing fault determinationtime.

• Offline zone management. Enables administrators to edit zoneinformation on a host without affecting the fabric, and then pre-view the impact of changes before committing them.

• Change management. Provides a configurable fabric snapshot/compare feature that tracks changes to fabric objects andmembership.

• Call home support. Performs automatic data collection and notifi-cation in case of support issues, facilitating fault isolation,diagnosis, and remote support.

• Streamlined workflow. Utilizes wizards to streamline tasks suchas zoning and the setup of secure and routed fabrics.

• Real-time and historical performance monitoring. Collects, dates,and displays port and end-to-end monitoring data to facilitateproblem determination and capacity planning.



• Customized views. Enables administrators to import customizednaming conventions and export information for customizedviews—with full integration for Microsoft Office and CrystalReports.

• Advanced reporting. Includes GUI-based functions for exportingconfiguration, performance monitoring, and physical asset data ina spreadsheet format.

• Profiling, backup, and cloning. Enables administrators to capture,back up, and compare switch configuration profiles, and use clon-ing to distribute switch profiles within the fabric.

• Managing long-distance FCIP tunnels. Provides a wizard to sim-plify the task of configuring, monitoring, and optimizing FCIPtunnels and WAN bandwidth usage, including Quality of Service(QoS) and FICON emulation parameters.

• FICON/CUP. Configures and manages FICON and cascadedFICON environments concurrently in Fibre Channel environments.

• Scalable firmware download and repository. Supports firmwareupgrades across logical groups of switches, providing fabric pro-files and recommendations for appropriate firmware, withreporting facilities for a SAN-wide firmware inventory.

• SAN security. Supports standards-based security features foraccess controls and SAN protection, providing support for IPv6,wizards to enable sec mode, policy editors, and HTTPS communi-cation between servers and switches.

• Launching of third-party management applications. Provides aconfigurable menu item to launch management applications fromany switch in a fabric.

Brocade Web ToolsBrocade Web Tools, an intuitive and easy-to-use interface, enablesorganizations to monitor and manage single Brocade Fibre Channelswitches and small Brocade SAN fabrics. Administrators can performtasks by using a Java-capable Web browser from standard laptops,desktop PCs, or workstations at any location within the enterprise. Inaddition, Web Tools access is available from Web browsers through asecure channel via HTTPS.

To increase the level of detail for management tasks, Web Toolsenables organizations to configure and administer individual ports orswitches as well as small SAN fabrics. User name and password login


Brocade Web Tools

procedures protect against unauthorized actions by limiting access toconfiguration features. Web Tools provides an extensive set of featuresthat enable organizations to quickly and easily perform key administra-tive tasks such as:

• Configuring individual switches’ IP addresses, switch names, andSimple Network Management Protocol (SNMP) settings

• Rebooting a switch from a remote location

• Upgrading switch firmware and controlling switch boot options

• Maintaining administrative user logins and passwords

• Managing license keys, multiple user accounts, and RADIUS sup-port for switch logins

• Enabling Ports on Demand capabilities

• Choosing the appropriate routing strategies for maximum perfor-mance (dynamic routes)

• Configuring links and managing ISL Trunking over extendeddistances

• Accessing other switches in the fabric that have similarconfigurations

Figure 78. Brocade Web Tools Switch Explorer View of the Brocade 48000 Director



13
Solutions Products
In late 2007, Brocade created a number of divisions to achieve focusin the following areas:

• Data Center Infrastructure

• Server Connectivity

• File Management (see “Chapter 11: Branch Office and File Man-agement Products” starting on page 143)

• Services, Support, and Solutions (S3)

The sections in this chapter reflect relevant services and solutionsfrom the S3 Division.

Backup and Recover ServicesCorporate data is growing at a dramatic rate. Databases are doubling-sometimes tripling- every 12 months, while IT resources remainunchanged. Internet applications and global business practices haveestablished the 24-hour business day, severely restricting the amountof downtime available to perform regular data backup procedures.

Not long ago, backing up business data was a simple process. Backuptapes were trucked offsite each night, while a backup administratorensured that the software and hardware environment was kept up andrunning. In the event of a recovery effort, tapes were trucked back tothe site, loaded into tape drives, and accessed by the backupadministrator.

Today, backup and recovery is very different. The practice of backingup and recovering data has evolved into a complex, demanding disci-pline requiring continuous information, adherence to regulatorycompliance, and the need for networked data centers. As a result,

163

Chapter 13: Solutions Products

many companies are not able to maintain processes that assure thedegree of protection and recoverability they need for their growingdata, much less do so efficiently.

Brocade offers a lifecycle of Backup and Recovery services to help cus-tomers meet their business challenges:

• Backup and Recovery Workshop

• Backup and Recovery Assessment and Design Services

• Backup HealthCheck Services

• Backup and Recovery Implementation Services

• Reporting Tool Services

Brocade’s Backup and Recovery practice focuses on providing enter-prise class backup and recovery solutions that leverage hardware,software and services, as well as Brocade’s best practices for designand implementation. Brocade consultants have deep knowledge ofIBM Tivoli Storage Manager (TSM) and Veritas NetBackup (NBU). Bro-cade’s experts have in-depth expertise, real world experience and bestpractices for planning and implementing enterprise backup andrecovery.

Brocade Virtual Tape Library SolutionTo augment Brocade’s Backup and Recovery Services, Brocade offersthe Brocade Virtual Tape Library (VTL) Solution. This solution, featuringa combination of Brocade products, services and support along withVTL technology from FalconStor, provides customers a cost-effectiveway to reduce backup windows, improve backup over the WAN andenhance disaster recovery capabilities.

The Brocade VTL Solution is a disk-to-disk-to-tape virtualization solu-tion that complements existing backup and recovery environments,allowing customers to decrease backup and recovery windows whileleveraging existing infrastructure. It utilizes VTL technology to virtualizedisk and make it appear as a tape library within the SAN, enabling cus-tomers to re-deploy lower-performing tape devices in remote locationsas an archival tool and leverage higher-performing VTLs as the primarybackup and restore vehicle. With features such as incrementalbackup, hierarchical storage, disk-to-disk-to-tape backup via storagepools, and more, this solution addresses large-scale data backup,recovery and retention needs.


Brocade Virtual Tape Library Solution

The Brocade VTL Solution supports:

• Integration with backup tape copy: It integrates with existing enter-prise backup environments, enabling backup applications tocontrol and monitor all copies of the backup volumes for simpli-fied management

• Remote replication and archiving: It enables organizations toremotely copy/archive data through FCIP by utilizing Brocadeextension products. In addition, Brocade Tape Pipelining increasesthroughput and read and write performance over standard replica-tion methods, enabling organizations to redeploy existing taperesources to remote sites for archiving purposes, over virtuallyunlimited distances.

To determine the right solution for each customer environment, Bro-cade backup experts assess the existing customer environment foroverall performance and potential gaps. From that assessment andrecommendation, Brocade can then deploy the most appropriate prod-ucts, technology and solution for that environment.


Chapter 13: Solutions Products



A
The Storage NetworkingIndustry Association (SNIA)
Industry associations embody the contradiction between competitiveinterests of vendors and their recognition that the success of individ-ual vendors is tied to the success of the industry as a whole. Theappropriate homily for industry associations is “rising waters raise allships,” although occasionally a gunboat will appear as a vendor's com-petitive drive goes unchecked. An industry association may focusprimarily on marketing campaigns to raise end-user awareness of theindustry's technology, or combine marketing and technical initiativesto promote awareness and to formulate standards requirements. TheFibre Channel Industry Association, for example, has organized promo-tional activity for out-bound messaging through Networld+Interop andother venues as well as technical work on the SANmark program forstandards compliance. For standardization, the FCIA has worked pri-marily through the NCITS T11 Committee, to the extent of holding FCIAmeetings and NCITS T11 sessions concurrently.

OverviewThe umbrella organization for all storage networking technologies isthe Storage Networking Industry Association, or SNIA. The SNIA hasover 400 member companies and over 7,000 individuals, represent-ing vendors and customers from a wide variety of storage disciplinesincluding management software, storage virtualization, NAS, FibreChannel, IP storage, disk and tape, and solution providers who offercertified configurations and support. As with other industry associa-tions, the SNIA is a volunteer organization with only a few paid staffpositions. Its activity is funded by the monetary and personnel contri-butions of the membership. The general mission of the SNIA is topromote the adoption of storage networking technology as a whole,with the membership itself providing the momentum to accomplishthis goal. The more the membership invests in terms of finances and

167

Appendix A: The Storage Networking Industry Association (SNIA)

volunteer resources, the more the organization can accomplish. TheSNIA's outbound advocacy includes co-sponsorship of Storage Net-working World conferences, the Storage Developers Conference andother venues.

Board of DirectorsAs shown in the organizational chart below, the governing body of theSNIA is the Board of Directors. Board members are elected by themembership for two year terms. The ten elected board members aresupplemented by three at-large board members appointed by theboard itself. The board is responsible for establishing policies andmanaging resources of the organization to fulfill the SNIA's missionand provides oversight to the SNIA committees, industry forums, Initia-tives, Technical Council, End User Council, the Technical Director andthe SNIA Technology Center.

Figure 79. Storage Networking Industry Association organizational structure

To insure involvement in wider SNIA activity, Board members areencouraged to chair or provide leadership in SNIA committees andsubgroups. This volunteer activity represents a substantial contribu-tion of time and resources for member companies who participate at


Executive Director and Staff

the board level and reveals their commitment to the industry as awhole. Of course, Board representation also provides an opportunity topromote specific vendor agendas, although Board representation issufficiently diverse to discourage overt vendor-driven initiatives.

Executive Director and StaffBoard activity is supported by a salaried Executive Director and staff.The Executive Director conducts the day to day operations of the orga-nization and logistical support for SNIA meetings and conferenceparticipation. In addition to the Executive Director, SNIA staff includesthe Technical Director, Technology Center Director, Marketing Man-ager, Membership Manager and other operations and supportpersonnel.

Board AdvisorsThe board may receive counsel on industry-related issues from theBoard Advisory Council (BAC), typically former Board members andinterested parties who may attend board meetings and provide inputinto Board discussions. Board Advisors can play a critical role in provid-ing viewpoints on storage networking issues and in helping to promotethe SNIA within the industry.

Technical CouncilThe technical activity and strategic technical vision of the SNIA is man-aged by the SNIA Technical Council. The Technical Council iscomposed of nine of the top experts within the storage networkingcommunity who volunteer their time and expertise to maintaining theintegrity of SNIA's technical initiatives. In 2001, the Technical Councilproduced the SNIA Shared Storage Model as a guide to understandingstorage networking technologies. The Technical Council also overseesthe activity of the technical work groups in cooperation with the Techni-cal Director.

SNIA Technology CenterThe SNIA Technology Center in Colorado Springs was launched in thespring of 2001 as a multi-purpose facility. The Technology Center wasmade possible by a $3.5M grant from Compaq Computer Corporationto the SNIA. It supports 14,000 square feet of lab and classroomspace and is operated as a vendor-neutral facility by the SNIA. Uses ofthe Technology Center include interoperability demonstrations, stan-dards compliance testing, proof of concept and evaluationconfigurations, technology development in support of SNIA technicalwork group activity, and training in storage networking technology.



As with other SNIA activities, the Technology Center is dependent oncontributions of money and equipment by member companies. Net-work Appliance was one of the first vendors to contribute over half amillion dollars worth of equipment in the form of fully configuredNetApp filers, and other vendors have been contributing sponsorshipsand equipment to get the center operational. The Technology Center isa significant and practical step for the SNIA in providing its membersand the customer community a venue for accelerating storage net-working adoption.

End User CouncilSince vendors alone do not determine the useful purposes to whichtechnology will be put, the SNIA has organized an End User Council(EUC) to solicit customer representation within the SNIA and customerinput into storage networking strategies. The EUC is composed ofadministrators, SAN engineers, architects and support personnel whohave practical, day-to-day responsibility for shared storage operations.The EUC can thus provide both strategic and tactical input into theSNIA to help establish priorities and shape the future of storagenetworking.

CommitteesMuch of the non-technical activity of the SNIA is conducted throughCommittees. Committees may be chaired by SNIA board members orother volunteers, with volunteer participation by member companies.Committees are chartered with various tasks that must be performedwithin the vendor-neutral culture of the mother organization. Commit-tees and work groups have face-to-face meetings at least four times ayear, plus periodic conference calls to track their progress and assigntasks. Current committees include the Executive, Channel, Standards,Marketing, Education, International, Interoperability and Strategic Alli-ances committees.

The Education Committee, for example, is responsible for creatingtraining and certification programs for the SNIA and creation of SNIAtechnical tutorials presented at SNW and other venues. This activityranges from training classes held at the SNIA Technology Center totechnology certification through various partnerships. The EducationCommittee has also produced the SNIA Dictionary of Storage Network-ing Terminology.

Depending on time and resources, SNIA member companies may par-ticipate in any or all of the SNIA committees. Although committeeactivity is vendor-neutral and focused on the industry as a whole, par-


Technical Work Groups

ticipation is a means to insure that a company is adequatelyrepresented in the creation of policies, processes and events that pro-vide visibility in the market. Committee participation is also a means tomonitor the state of the industry and thus shape vendor strategies tothe consensus of industry peers.

Technical Work GroupsThe SNIA technical work groups have been instrumental in formulatingrequirements for technology standards that may then be forwarded tothe appropriate standards body for further work. Additional detail onthe activity of each technical work group may be found on the SNIAweb site. Most recently, SNIA work groups have produced the SMI-Sstandard and advanced it through ISO as an international standardbenefiting the global community. Technical work groups support adiversity of interests, from management and backup to security issues.The Green Storage Technical Working Group, for example, is develop-ing metrics for monitoring the energy efficiency of storage networkinginfrastructure.

SNIA InitiativesThe SNIA currently has three major initiatives to promote the develop-ment of standards for key areas of storage networking technology.

The SNIA Storage Management InitiativeThe Storage Management Initiative (SMI) was created by the SNIA todevelop and standardize interoperable storage management technolo-gies and aggressively promote them to the storage, networking andend-user communities. This work has resulted in the approval of theSMI Specification and the adoption of SMI-S as a common manage-ment framework by all major storage networking vendors.

The SNIA XAM InitiativeThe eXtensible Access Method (XAM) Initiative was formed to serve aXAM community that includes storage vendors, independent softwarevendors, and end users to ensure that a XAM specification fulfills mar-ket needs for a fixed content data management interface standard.These needs include interoperability, information assurance (security),storage transparency, long-term records retention and automation forInformation Lifecycle Management (ILM)-based practices.

The SNIA Green Storage Initiative The SNIA Green Storage Initiative (GSI) is dedicated to advancingenergy efficiency and conservation in all networked storage technolo-gies and minimizing the environmental impact of data storage



operations. The GSI’s mission is to conduct research on power andcooling issues confronting storage administrators, educate the vendorand user community about the importance of power conservation inshared storage environments, and to provide input to the SNIA GreenStorage TWG on requirements for green storage metrics andstandards.

Industry ForumsTo accommodate new storage networking trends within the SNIAumbrella, the SNIA has created a category of SNIA Industry Forums asa vehicle for organization and marketing. SNIA Industry Forums enjoysome autonomy within SNIA, but are chartered within the generalguidelines of SNIA policy. The forum concept enables emergent tech-nologies and services to leverage the SNIA infrastructure and thusaccelerate development without the need to create a separate indus-try associations.

SNIA Data Management ForumThe Data Management Forum (DMF) is a cooperative initiative of ITprofessionals, integrators and vendors working to define, implement,qualify and teach improved and reliable methods for the protection,retention and lifecycle management of electronic data and informa-tion. The DMF is currently operating three initiative-based workgroups:The Data Protection Initiative (DPI), Information Lifecycle ManagementInitiative (ILMI), and The Long Term Archive and Compliance StorageInitiative (LTACSI). Each initiative is chartered with the developmentand deployment of best practices for a specific subset of data man-agement functions.

SNIA IP Storage Industry ForumThe first forum created under the Industry Forum definition was the IPStorage Forum. After some initial discussion on its scope, the IP Stor-age Forum now represents all vendors who are developing blockstorage data over IP solutions. Currently, subgroups have been createdfor FCIP, iFCP and iSCSI protocols. Over 40 SNIA member companiesare enrolled in the Forum, including new IP storage vendors as well asestablished storage networking vendors who are developing IP-basedinterface for their products. The focus of the IP Storage Forum is mar-keting and promotion of IP SAN technology. It thus complements thetechnical work of the IP Storage Work Group.


Regional Affiliates

SNIA Storage Security Industry ForumThe SNIA Storage Security Industry Forum is tasked with promotingsecure solutions for storage networks, including authentication anddata encryption mechanisms for both Fibre Channel and IP storagenetworks. The establishment of this forum is an indicator of the steadypenetration of storage networks into enterprise environments and thesecurity concerns that have accompanied more widespreaddeployment.

Regional AffiliatesSince its formation ten years ago, the SNIA has become an interna-tional organization with affiliates in over ten geographies includingAustralia, New Zealand, Canada, China, Europe, India, Japan, andSouth Asia. The SNIA regional affiliates support storage networkingtechnology development and promotion through local committee andconference activities.

SummaryThe SNIA represents a diversity of technologies that meet on the com-mon ground of storage networking. Software vendors, hardwarevendors, solutions providers, integrators, consultants, and customerscommitted to shared storage can work within the SNIA to advancetheir individual and collective interests. As a volunteer organization,the SNIA solicits involvement by its members and interested individu-als for committee and work group activity. Additional information onmembership and services of the SNIA is available at www.snia.org.


T

Bw

$

SD

A

a

e

b

it

in

S

b

F

OM CLARK

rocade Bookshelfww.brocade.com/bookshelf

39.95

TRATEGIES FORATA PROTECTION

strategic approach to comprehensive data protection includes

spectrum of solutions that are essential parts of a coherent

cosystem. Safeguarding data through data replication or

ackup has little value if access to data is impeded or lost

is as important to protect data access as it is to protect data

tegrity. In this book we examine the key components of an

AN design and securing data assets in remote sites and

ranch offices.

IRST EDITION

strategies for data protection first edition

Documents