Simplified Storage, Simplified Storage, Storage Directions Storage Directions And Trends And Trends Simple SANs Simple SANs SAN Security SAN Security Rahul Auradkar Rahul Auradkar Partner Program Manager Partner Program Manager Keith Hageman Keith Hageman Technical Technical Evangelist Evangelist
43
Embed
Simplified Storage, Storage Directions And Trends Simple SANs SAN Security Rahul Auradkar Partner Program Manager Keith Hageman Technical Evangelist.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Simplified Storage, Storage Simplified Storage, Storage Directions And TrendsDirections And TrendsSimple SANsSimple SANsSAN SecuritySAN Security
Rahul AuradkarRahul AuradkarPartner Program ManagerPartner Program Manager
Keith HagemanKeith HagemanTechnical EvangelistTechnical Evangelist
AgendaAgenda SAN Complexities & Adoption BlockersSAN Complexities & Adoption Blockers
SAN Deployment/ConfigurationSAN Deployment/Configuration SAN SecuritySAN Security ……
Windows Server 2003 Storage Windows Server 2003 Storage TechnologiesTechnologies
Industry Initiatives with Microsoft PlatformsIndustry Initiatives with Microsoft Platforms SAN Simplification with WindowsSAN Simplification with Windows SAN SecuritySAN Security
Obstacles to Faster SAN AdoptionObstacles to Faster SAN AdoptionAbsence of O.S. SAN Facilities
Security
Path Fail-over
Snap-Shot
LUN Management
Multiple Storage Management Interfaces
Expensive Storage Networking Hardware
Build-a-SAN StudiesBuild-a-SAN Studies 5 attempts of 6-9 people5 attempts of 6-9 people
Technical – server and storage awareTechnical – server and storage aware Not specifically SAN trainedNot specifically SAN trained
SAN ConfigurationSAN Configuration Server, HBA, Switch & Storage Array – 1 eachServer, HBA, Switch & Storage Array – 1 each
Goal – Build-a-SAN in under 4 hoursGoal – Build-a-SAN in under 4 hours Cable server to switch to storage arrayCable server to switch to storage array Zone switchZone switch Create LUN, format, assign drive letterCreate LUN, format, assign drive letter Write data to volumeWrite data to volume
Results – 100% failureResults – 100% failure
Windows Server 2003Storage Technologies
Windows Server 2003Windows Server 2003Storage GoalsStorage Goals Data Protection and Recovery Data Protection and Recovery
Volume Shadow Copy Services (VSS)Volume Shadow Copy Services (VSS) Automated System Recovery (ASR)Automated System Recovery (ASR)
Availability, Scalability, and PerformanceAvailability, Scalability, and Performance Multipath IO (MPIO)Multipath IO (MPIO) Distributed File System (DFS) Distributed File System (DFS) File and System Performance (SMB, NFS, Chkdsk, Vrfydsk) File and System Performance (SMB, NFS, Chkdsk, Vrfydsk)
InteroperabilityInteroperability Virtual Disk Service (VDS)Virtual Disk Service (VDS) SAN friendliness (SAN Boot, Flexible Volume Mounting, Storport, SNIA-SAN friendliness (SAN Boot, Flexible Volume Mounting, Storport, SNIA-
based HBA Management API) based HBA Management API)
Best Platform for Storage SolutionsBest Platform for Storage Solutions
Microsoft AnswerMicrosoft AnswerWindows Server 2003 Storage StackWindows Server 2003 Storage Stack
(tape and (tape and optical media optical media management)management)
Virtual Disk Virtual Disk ServiceService
(RAID, disk (RAID, disk access, access,
Enclosures)Enclosures)
HW ProvidersHW Providers
Volume Volume Shadow Shadow
Copy Copy ServiceService
(Point-in-time (Point-in-time copies)copies)
SW ProviderSW Provider
Writ
ers
Writ
ers
RequestorsRequestors
Writ
ers
Writ
ers
HW ProvidersHW Providers
SW ProviderSW Provider
iSCSI InitiatoriSCSI Initiator
iSCSIprtiSCSIprt
Multipath I/OMultipath I/O DSMDSM DSMDSM DSMDSM MS MPIOMS MPIO
ApplicationsApplications
Volume Shadow Copy Service (VSS)
VSS ComponentsVSS Components Volume Shadow Copy ServiceVolume Shadow Copy Service
Coordinators all componentsCoordinators all components RequestorsRequestors
Invokes VSS to a create shadow copyInvokes VSS to a create shadow copy Backup applicationsBackup applications Shadow copy management applicationsShadow copy management applications
Writers – Represents Apps and Windows ServicesWriters – Represents Apps and Windows Services(i.e., SQL, Exchange, AD, etc.)(i.e., SQL, Exchange, AD, etc.) Differentiates VSS from competitorsDifferentiates VSS from competitors Participate in shadow copy creation processParticipate in shadow copy creation process
EqualLogic (iSCSI)EqualLogic (iSCSI) Veritas Storage Foundation for WindowsVeritas Storage Foundation for Windows
HP EVAHP EVA
HP VAHP VA
HP XP (32 & 64-bit)HP XP (32 & 64-bit)
IBM ESSIBM ESS
IBM FastTIBM FastT
Intransa (iSCSI)Intransa (iSCSI)
LSI LogicLSI Logic
NetAppNetApp
NECNEC
StorageTek SVAStorageTek SVA
XIOtech 3DXIOtech 3D
XIOtech MagnitudeXIOtech Magnitude
VSS ProvidersVSS Providers
Virtual Disk Service (VDS)
VDS – What Is It?VDS – What Is It?
Single interface for managing block Single interface for managing block storage whether done by storage whether done by OS software, orOS software, or RAID storage hardware, orRAID storage hardware, or other storage virtualization enginesother storage virtualization engines
Vendor and technology Vendor and technology neutralneutral Interconnect neutralInterconnect neutral Focus is virtualization and innovation in Focus is virtualization and innovation in
hardware for auto-managementhardware for auto-management
VDS ComponentsVDS ComponentsCommand Line
InterfacesDiskpart / Diskraid
ManagementApplication(s)
DiskManagement
- Hardware- MS functionality- 3rd party functionality
Virtual Disk Service
Software Providers - Basic Disk
- Dynamic Disk
Disks LUNs
Drives
SpindleSpindle
Hardware Provider(s)
VDS ProvidersVDS Providers
Windows Server 2003 providers Windows Server 2003 providers (in-box)(in-box)
Basic disk (partitions, volumes)Basic disk (partitions, volumes) Dynamic disk (partitions, volumes, Dynamic disk (partitions, volumes, spanning, mirror, RAID-5, Stripes)spanning, mirror, RAID-5, Stripes)
ElipSAN iSCSIElipSAN iSCSI Veritas Storage Foundation for Veritas Storage Foundation for Windows 4.0Windows 4.0
HP Fast Recovery SolutionsHP Fast Recovery Solutions
IOMegaIOMega
VDS 1.1 – MS MPIO & iSCSIVDS 1.1 – MS MPIO & iSCSI
Feature additionsFeature additions Integrated MPIO managementIntegrated MPIO management Support for iSCSI hardwareSupport for iSCSI hardware Better SDK docs, sample code, and tests for IHVsBetter SDK docs, sample code, and tests for IHVs Managed code wrappers for ISVsManaged code wrappers for ISVs
““Designed for Windows” logo programDesigned for Windows” logo program VDS 1.0 or 1.1 (TBD) in HCT 12.1 (W2K3 SP1)VDS 1.0 or 1.1 (TBD) in HCT 12.1 (W2K3 SP1)
Integration of MS MPIO & iSCSIIntegration of MS MPIO & iSCSI Part of Osaka release available in beta this monthPart of Osaka release available in beta this month Microsoft MPIO binaries are included with this release of Microsoft MPIO binaries are included with this release of
iSCSI as well as a generic iSCSI DSM written and iSCSI as well as a generic iSCSI DSM written and supported by Microsoft supported by Microsoft
iSCSI DSM designed to work with all SPC-2 or later iSCSI DSM designed to work with all SPC-2 or later compliant iSCSI targets compliant iSCSI targets
Additionally, Microsoft MPIO partners will have access to Additionally, Microsoft MPIO partners will have access to iSCSI DSM source and can add functionality and release iSCSI DSM source and can add functionality and release their own Microsoft MPIO iSCSI solution to customerstheir own Microsoft MPIO iSCSI solution to customers
Logo program will be available only for iSCSI multipath Logo program will be available only for iSCSI multipath solutions based on Microsoft MPIOsolutions based on Microsoft MPIO
Simple SANs
The Solution: The Solution: Virtual Disk ServiceVirtual Disk Service
VirtualDisk
Services
Simplify & Cost Reduce SAN Array Management
Partner Driven Simple SAN initiativePartner Driven Simple SAN initiative
SAN’s SAN’s Very successful in the high-end enterpriseVery successful in the high-end enterprise VERY COMPLEXVERY COMPLEX to deploy, expensive ($/byte), lack of end-to-end prescriptive to deploy, expensive ($/byte), lack of end-to-end prescriptive
configurationsconfigurations
Mid-Market Customers open to networked storage Mid-Market Customers open to networked storage solutionssolutions data explosion, server consolidation, cost support this BUT …data explosion, server consolidation, cost support this BUT … Need SANs with modular arrays Need SANs with modular arrays Ease of initial deployment, provisioning; reasonable cost for ongoing managementEase of initial deployment, provisioning; reasonable cost for ongoing management More favorable cost to capacity – the trend-lines here are positive More favorable cost to capacity – the trend-lines here are positive
Solutions from Key Industry partners Solutions from Key Industry partners Windows Server 2003 hostsWindows Server 2003 hosts Low-cost, simple fabrics that includes pre-configured switches and HBAsLow-cost, simple fabrics that includes pre-configured switches and HBAs Integrated applications & management consoles on Windows Server 2003Integrated applications & management consoles on Windows Server 2003
SAN Config - AcceleratorSAN Config - AcceleratorPowerful O.S. Storage Networking Facilities
RADIUS SecurityMPIO Path Fail-over
VSS Snap-Shot
VDS LUN Management
One Simple Storage Management Interface
Affordable Storage Networking Hardware
Protocol A
gnostic - iSC
SI or F
C
SANsurferSANsurfer®® VDS Manager VDS Manager Windows 2003 Server Windows 2003 Server
applicationapplication Complements VDS CLI with Complements VDS CLI with
an easy to use GUIan easy to use GUI FunctionsFunctions
Distributed with QLogic Distributed with QLogic HBAs, switches and SAN HBAs, switches and SAN Connectivity Kit for Windows Connectivity Kit for Windows 20032003
Downloadable from Downloadable from QLogic.comQLogic.com
Complementary to VDS CLIComplementary to VDS CLI CLI for Windows storage expertsCLI for Windows storage experts
Must know command strings, syntax and flagsMust know command strings, syntax and flags Typo’sTypo’s Must know the environmentMust know the environment
QLogic VDS GUI those that don’t want to be Windows QLogic VDS GUI those that don’t want to be Windows storage expertsstorage experts One intuitive easy to use interfaceOne intuitive easy to use interface Uses HBA API for auto discovery of devicesUses HBA API for auto discovery of devices Maps and displays storage network topologyMaps and displays storage network topology Configure cross platform devices from one interfaceConfigure cross platform devices from one interface Point and ClickPoint and Click Accelerates mass adoptionAccelerates mass adoption
SANsurfer VDS ManagerSANsurfer VDS Manager
SAN Security
Enterprise SAN SecurityEnterprise SAN SecurityPhases of implementationPhases of implementation
Physical Lock-down & Physical Lock-down & Protection of Data at Protection of Data at
Rest Rest
PHASE IIPHASE IIIn-Band Audits for In-band events In-Band Audits for In-band events
RADIUS with Policy EngineRADIUS with Policy Engine
1. Out of Band Management Access1. Out of Band Management AccessSimple AuthenticationSimple Authentication
Enterprise security does not address SAN Security today – but SANs a are Enterprise security does not address SAN Security today – but SANs a are critical piece of the Enterprise Infrastructurecritical piece of the Enterprise Infrastructure
Seamless integration into existing networks for advanced featuresSeamless integration into existing networks for advanced features Ease of security administration (user and device security management)Ease of security administration (user and device security management)
Eliminate SAN security complexityEliminate SAN security complexity Single point (RADIUS) to create and administer user and device Authentication Single point (RADIUS) to create and administer user and device Authentication
Authorization and Administration (AAA)Authorization and Administration (AAA) Common mgmt of user and device profiles across LAN and SANCommon mgmt of user and device profiles across LAN and SAN
Advanced Policy creation and enforcementAdvanced Policy creation and enforcement Dynamic policies with Microsoft's Internet Authentication Service (RADIUS)Dynamic policies with Microsoft's Internet Authentication Service (RADIUS) User policy, group policy (Active Directory)User policy, group policy (Active Directory) Device and SAN policies (server and application policies)Device and SAN policies (server and application policies)
Enterprise SAN SecurityEnterprise SAN SecurityRadius ImplementationRadius Implementation
What’s newWhat’s new Current SAN Security solutions are non-existent, Current SAN Security solutions are non-existent,
insecure or isolated from the Enterprise : this integrates insecure or isolated from the Enterprise : this integrates SAN Security into the overall Enterprise Security SAN Security into the overall Enterprise Security frameworkframework
Industry leaders working together to address SAN Industry leaders working together to address SAN Security – Standards based implementationSecurity – Standards based implementation
Use of existing RADIUS Authentication to integrate a Use of existing RADIUS Authentication to integrate a new class of users (SAN administrators)new class of users (SAN administrators)
Use of existing policy engines (dynamic policies in Use of existing policy engines (dynamic policies in RADIUS, user/group/device policies from AD)RADIUS, user/group/device policies from AD)
Enterprise SAN SecurityEnterprise SAN SecurityRadius ImplementationRadius Implementation
Competitive advantage for Microsoft and PartnersCompetitive advantage for Microsoft and Partners Microsoft:Microsoft:
Microsoft will be first to market in addressing SAN Security that integrates with Microsoft will be first to market in addressing SAN Security that integrates with existing enterprise security (partnering with the leading players in the industry)existing enterprise security (partnering with the leading players in the industry)
Holistically address SAN security (as compared to islands of security and policy in Holistically address SAN security (as compared to islands of security and policy in the competitive platform offerings – Linux and Unix)the competitive platform offerings – Linux and Unix)
Partners:Partners: Ability to integrate widely deployed SAN markets with market leading frameworks Ability to integrate widely deployed SAN markets with market leading frameworks
for Enterprise securityfor Enterprise security Proliferation of SANs to smaller enterprisesProliferation of SANs to smaller enterprises SAN security fits within the context of overall Enterprise Security and is not an SAN security fits within the context of overall Enterprise Security and is not an
isolated solutionisolated solution Partnership with widely deployed Enterprise infrastructure provider (MS) Partnership with widely deployed Enterprise infrastructure provider (MS)
Call To ActionCall To Action
Storage products are TOO hard to deploy Storage products are TOO hard to deploy for end users; especially MORG/SORGfor end users; especially MORG/SORG
Make your product(s) compatible with Make your product(s) compatible with Microsoft’s partner-driven Storage Microsoft’s partner-driven Storage Security Initiative & Storage Simplification Security Initiative & Storage Simplification InitiativeInitiative
Request the Windows Storage Services Request the Windows Storage Services SDKs and DDKs to develop VDS, VSS, SDKs and DDKs to develop VDS, VSS, iSCSI, Storport and MPIO solutionsiSCSI, Storport and MPIO solutions
Community ResourcesCommunity Resources
Community SitesCommunity Sites http://www.microsoft.com/communities/default.mspxhttp://www.microsoft.com/communities/default.mspx
List of NewsgroupsList of Newsgroups http://communities2.microsoft.com/communities/newsgroups/en-uhttp://communities2.microsoft.com/communities/newsgroups/en-u
s/default.aspxs/default.aspx
Attend a free chat or webcastAttend a free chat or webcast http://www.microsoft.com/communities/chats/default.mspxhttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/seminar/events/webcasts/default.mspxhttp://www.microsoft.com/seminar/events/webcasts/default.mspx
Locate a local user group(s)Locate a local user group(s) http://www.microsoft.com/communities/usergroups/default.mspxhttp://www.microsoft.com/communities/usergroups/default.mspx
Non-Microsoft Community SitesNon-Microsoft Community Sites http://www.microsoft.com/communities/related/default.mspxhttp://www.microsoft.com/communities/related/default.mspx