Module 3 CLARiiON Storage Provisioning & Management - 1

Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.

The objectives for this module are shown here. Please take a moment to review them.
Module 3 CLARiiON Storage Provisioning & Management - 2
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
The Access Logix feature allows you to enable data access and create storage groups on shared storage
systems. A storage group is a collection of one or more LUNs or metaLUNs to which you connect one
or more servers. A server can access only the LUNs in the storage group to which it is connected. It
cannot access LUNs assigned to other servers. In other words, the server sees the storage group to
which it is connected as the entire storage system.
Note: For security reasons, we recommend you place all storage systems in a domain before you
configure them.
To configure the storage system, you must be logged in as global or local administrator, or global or
local manager.
Access Logix is a licensed software package that runs on each storage processor (SP) in supported
storage systems. It implements this storage sharing using storage groups. Access Logix software
enforces the host-to-storage group permissions. The Access Logix software is preinstalled on all CX,
CX3 and CX4-series arrays at the factory. Access Logix runs within the FLARE Operating
Environment and resides with FLARE software. Disks 0_0 and 0_2 store mirrored copies of the
software for SP A, and disks 0_1 and 0_3 store mirrored copies of the software for SP B. When you
power up the storage system, each SP boots and enables the Access Logix capability within FLARE.
Module 3 CLARiiON Storage Provisioning & Management - 3
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
On a CLARiiON storage system without Access Logix installed, or on a storage system where Access Logix is
installed but not yet enabled, all CLARiiON LUNs are presented to all storage system ports. Any host that
connects to the storage system will then have access to all of the LUNs on that storage system. In environments
where multiple hosts attach to the storage system, this may cause problems. For example, Windows systems may
attempt to take ownership of LUNs belonging to other Windows systems, and Unix systems may try to mount
Windows LUNs. In addition to this, security is compromised because of the lack of access control.
Access Logix solves these problems by performing LUN masking. It masks certain LUNs from hosts that are
not authorized to see them, and presents those LUNs only to the server(s) which are authorized to see them. In
effect, it presents a virtual storage system to each host. The host sees the equivalent of a storage system
dedicated to it alone, with only its own LUNs visible to it. The diagram on the next slide illustrates the process.
Another task which Access Logix performs is the mapping of CLARiiON LUNs, often called FLARE LUNs or
(Array Logical Units ALUs, ) to host LUNs or Host Logical Units HLUs). It determines which physical
addresses, in this case the device numbers, each attached host will use for its LUNs. This feature is configurable
by the user through the CLI and the GUI.
Access to LUNs is controlled by information stored in the Access Logix database, which is resident in a reserved
area of CLARiiON disk - the PSM LUN (Persistent Storage Manager) . The Access Logix software manages
this database.
When host agents in the CLARiiON environment start up, typically shortly after host boot time, they send
initiator information to all storage systems they are connected to.
Module 3 CLARiiON Storage Provisioning & Management - 4
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
There are limits to the number of connections inside any CLARiiON environment. Some of those limits are directly
related to Access Logix, while others are hardware-related. The hardware limits generally affect Access Logix, so are
covered here. No distinction is made between software and hardware limits.
First, note that any host may be connected to only one storage group on any storage system. This does not imply that
only one host may be connected to a storage group; where clustering is involved, two or more hosts may share the
same storage group.
No host may be connected to more than four storage groups. This means that any host may not use LUNs from more
than four storage systems. There may be more storage systems in the environment, and the host may even be zoned to
make them visible at the Fibre Channel level, but connection to storage groups should not be allowed for those storage
systems.
There are also limits to the number of hosts that may attach to an storage system, and those limits depend on the
storage system type. Always consult the latest EMC Configuration Guide for the updated limits. Storage groups are
resident on a single storage system and may not span storage systems. An additional limit, only relevant to newer
storage systems with higher total LUN counts, is that a storage group may not contain more than 256 LUNs.
EMC recommends that any host connected to a CLARiiON storage system have the host agent running. The
advantage to the user is that administration is easier hosts are identified by hostname and IP address rather than by
WWN, and the host addressing of the LUN, e.g. c0t1d2, or H:, is available to Navisphere Manager.
If all users were allowed to make changes to the Access Logix configuration, security and privacy issues would be a
concern. In the GUI environment, the user must be authenticated and have the correct rights before any storage
system configuration values may be changed. With the CLI, the user must have an entry in the SP privileged user list
to be allowed to make configuration changes. This entry specifies both the username and the hostname, which may be
used for storage system configuration. If the Secure CLI is used, then the user must either have a Security File created,
or must specify a username/password/scope combination on the command line.
Module 3 CLARiiON Storage Provisioning & Management - 5
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
This slide shows a conceptual diagram of a storage system attached to two hosts. Each host has a
storage group associated with it storage group A for Server A, and storage group B for Server B. The
LUNs used on the storage system are sequential, from 0 through 7, but need not be. Each LUN on the
storage system (ALU, or Array Logical Unit) has been mapped to a LUN number (sometimes called
the LUN alias) as seen by the host (HLU, or Host Logical Unit). It is important to note that each host
sees LUN 0, LUN 1, etc, and that there is no conflict due to multiple instances of the LUN number
being used. The mappings are stored in a translation table, which is part of the Access Logix database.
Each server sees the LUNs presented to it as though they are the only LUNs on the virtual storage
system, represented by the storage group.
Module 3 CLARiiON Storage Provisioning & Management - 6
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
Initiator registration records contain the information shown above. This information is sent to each
attached CLARiiON by the host agent when it starts, typically shortly after the host OS starts.
Optionally, the user may start or stop the agent at any time. The information may also be manually
entered via the GUI or the CLI, which is necessary on Operating Systems that do not support a host
agent.
The storage system uses this information to match hostnames to HBAs, and, since different operating
systems use slightly different sets of SCSI commands, to determine the appropriate response to host
LUN access requests.
Module 3 CLARiiON Storage Provisioning & Management - 7
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
All iSCSI nodes are identified by an iSCSI name. An iSCSI name is neither the IP address nor the DNS
name of an IP host. Names enable iSCSI storage resources to be managed regardless of address. An
iSCSI node name is also the SCSI device name of an iSCSI device, which is the principal object used
in authentication of targets to initiators and initiators to targets. iSCSI addresses can be one of two
types: iSCSI Qualified Name (iqn) or IEEE Naming convention (EUI).
IQN format - iqn.yyyy-mm.com.xyz.aabbccddeeffgghh where;
iqn - Naming convention identifier
yyyy-mm - Point in time when the .com domain was registered
com.xyz - Domain of the node backwards
aabbccddeeffgghh - Device identifier (can be a WWN, the system name, or any other vendor-
implemented standard)
EUI format - eui.64-bit WWN
eui - Naming prefix
64-bit WWN - FC WWN of the host
Within iSCSI a node is defined as a single initiator or target. These definitions map to the traditional
SCSI target/ initiator model. iSCSI Names are assigned to all nodes and are independent of the
associated address.
Module 3 CLARiiON Storage Provisioning & Management - 8
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
When you are using Fibre Channel, access to the LUNs is controlled by an Access Control List (ACL )
which contains the 128-bit Globally Unique ID (UID) of the LUN, and the 128-bit Unique IDs of the
HBAs in the host. The HBA UID consists of the 64-bit World-Wide Node Name (WWNN) followed by
the 64-bit World-Wide Port Name (WWPN). The LUN UID is assigned to the LUN when it is bound
and includes time-related information. If the LUN is unbound and an identical LUN bound again, they
will have different UIDs.
Each request for LUN access references the ACL, in order to determine whether or not a host should
be allowed access. If this meant that each request required access to the disk-based Access Logix
database, the lookups would slow the storage system significantly; accordingly, the database is cached
in SP memory (not in read or write cache), and operations are fast.
Because of the disk-based nature of the database, it is persistent and will survive power and SP
failures. If an SP fails and is replaced, the new SP assumes the WWPNs of the failed SP and no
changes need be made to the database. If a host HBA fails and is replaced, and if the replacement has a
different WWN (which will be the case unless it can be changed by means of software), then that
hosts entry in the database will be incorrect. The information for the old HBA needs to be removed
from the database, and the information for the new HBA needs to be entered. These processes are the
de-registration and registration processes respectively.
Module 3 CLARiiON Storage Provisioning & Management - 9
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
Regardless of the type of access (FC or iSCSI), the LUN UID is used and has the same characteristics
as discussed in the previous slide.
Module 3 CLARiiON Storage Provisioning & Management - 10
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
Registration can be performed in a number of ways:
Automatically, by the Unisphere Agent, when it starts
Automatically, by the Unisphere Agent, in response to a naviseccli register command
Manually, through Unisphere
Manually, through Navisphere CLI
By using the Unisphere Server Utility, covered in the next slide
Module 3 CLARiiON Storage Provisioning & Management - 11
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
The Connectivity Status dialog box lets you monitor and configure the front-end activity for a
specific storage system. It identifies all initiators connected to the storage system and specifies whether
each initiator is currently logged in or permanently registered.
The example shows Storage Groups ( Access Logix) are enabled as shown in the upper right side of
the window
Click a initiator and select Detail to view the configured parameters.
Click an initiator and select Edit to change the current parameters.
The Host Initiators tab can display up to 1000 hosts at one time. If more than 1000 hosts are
connected to the storage system, a link with the following text will be visible at the end of the current
list - More.../Show All (X remaining).
The MirrorView Initiators tab identifies all MirrorView initiators and specifies whether each initiator
is currently logged in or permanently registered. The MirrorView Initiators tab can display a
maximum of five hundred (500) MirrorView initiators at one time
The SAN Copy Initiators tab identifies all SAN Copy initiators and specifies whether each initiator is
currently logged in or permanently registered.
The SAN Copy Initiators tab can display a maximum of five hundred (500) SAN Copy initiators at
one time.
Module 3 CLARiiON Storage Provisioning & Management - 12
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
The Edit button from the Connectivity Status > Host Initators screen allows you to edit, register or
deregister all or any of the HBA initiators displayed in the Connectivity Status dialog box. The edit
initiators window also allows manual registration of a host which is logged in to the fabric, but does
not have a Unisphere Host Agent capable of communicating with the CLARiiON.
The appropriate entries are selected from the left (Available) pane and moved across to the right-hand
(Selected) pane. To add a new host entry, the user must select the New Host radio button, enter a
hostname, IP address, and other information in the New Initiator Information boxes. Once complete,
the host is regarded as manually registered and management of host access to LUNs may take place in
the normal manner.
If a user wishes to register a host which is not visible to the fabric, then the New Host tab on the
Connectivity Status screen must be used. All relevant information, including the WWNs, must then be
entered manually - a laborious process, prone to error.
A user who wishes to register an HBA whose host is already visible to the fabric, then the Existing
Host button can be used. Select the host from the drop-box. The hostname and IP address will be
entered automatically.
Module 3 CLARiiON Storage Provisioning & Management - 13
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
The screenshot shows the location of the checkbox from the Storage System Properties menu. The
CLI equivalent is the command naviseccli h <SP_name> storagegroup enable.
See the latest Navisphere CLI Administrators Guide for a full listing of supported CLI commands.
Remember that until Access Logix is enabled, all hosts attached to the storage system via Fibre
Channel can see all LUNs on the storage system. Access Logix places the LUNs into the (hidden)
default storage group, ~physical, and does not restrict any host access.
Once Access Logix is enabled, and before any user storage groups are created, all hosts are denied
access to all LUNs. The (hidden) default storage group at this point is ~management, which allows
access to the storage system only and does not allow any LUNs to become members. User, and
therefore visible, storage groups must then be created to allow host access to LUNs.
Once enabled, Access Logix can be disabled only via the CLI command naviseccli h <SP_name>
sc_off . At that point, all user storage groups are destroyed, the default storage group becomes
~physical, and all LUNs are again visible to all attached hosts. This is a dangerous command, and can
cause data corruption!
Note the storage groups option can be disabled/enabled by qualified EMC personnel only.
Module 3 CLARiiON Storage Provisioning & Management - 14
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
When Access Logix is enabled, storage groups may be created and managed.
The following slides take you through the steps needed to manage storage groups. Once a group is
created, you can view and change the group properties, add and remove LUNs, connect and disconnect
hosts and destroy the group.
Module 3 CLARiiON Storage Provisioning & Management - 15
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
Storage Groups can be created several ways with Unisphere. From the menu bar, select Storage >
Storage Groups then click one of the Create options shown in the slide. Optionally, the user can right
click the array from the Dashboard main menu and select Create Storage Group.
When creating a storage group, the software requires only a name for the storage group. All other
configuration is performed after the storage group is created. Storage group creation does not, in itself,
allow hosts to access LUNs. At this point, we are creating only the administrative entity, the storage
group. It is an administrative requirement that a storage group have an unique name the Access
Logix software tracks the storage group by WWN, so only CLI commands specifically referencing the
SG name will be affected by duplicate names. The storage group name may be changed on the fly. By
default, the system supplies the name storage group n, where n is the next available number. A name
supplied for a storage group must be at least one character long, and no more than 64. It may contain
spaces and special characters, but this is discouraged because the host operating system may not allow
those characters. Quoting a name that contains special characters usually allows it to be used in a CLI
command.
After OK or Apply is selected, an empty storage group, with the chosen name, is created on the
storage system.
Module 3 CLARiiON Storage Provisioning & Management - 16
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
Once a storage group has been created, LUNs may be added to it, and hosts attached to it, by right-
clicking the storage group and choosing Properties. Three tabs are displayed along the top: General,
LUNs and Hosts.
The General tab also shows basic SG properties, including the WWN of the storage group. The WWN
is 128 bits long and is globally unique. After it is destroyed, no other SG will ever have the same
WWN.
The LUNs tab is used to add or remove LUNs ( both Pool and Traditional) from a storage group or
verify which LUNs are members. The Show LUNs option allows the user to choose whether to only
show LUNs which are not yet members of any storage group or to show all LUNs. The latter allows
the user to place LUNs in multiple storage groups and thereby share LUNs between hosts. LUNs may
be added to, or removed from, storage groups by selecting them in the appropriate pane, then clicking
the arrow to move them into the opposite pane.
Available LUNs are shown in the top pane by expanding one of the containers. By checking the box
for the respective LUN, the user can move the LUNs to the Selected LUNs window. Unchecking the
box removes the LUN from the Selected LUNs window.
The information on the Selected LUNS box includes the LUN name, Array logical Unit number
(ALU) LUN capacity, drive type, and Host LUN ID (HLU).
If the user chooses to change the Host ID for a LUN, they must click the Host ID column for the LUN
and use the drop down to assign the new ID. Note that once the user changes the Host ID and applies
the change, they cannot change it back unless it is removed from the storage group.
Module 3 CLARiiON Storage Provisioning & Management - 17
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
Available LUNs are shown in the top pane by expanding one of the containers. By checking the box
for the respective LUN, the user can move the LUNs to the Selected LUNs window. Unchecking the
box removes the LUN from the Selected LUNs window.
The information on the Selected LUNS box includes the LUN name, Array logical Unit number
(ALU) LUN capacity, drive type, and Host LUN ID (HLU).
If the user chooses to change the Host ID for a LUN, they must click the Host ID column for the LUN
and use the drop down to assign the new ID. The example shown changes the Host ID of FLARE
Fully Provisioned LUN 10 (ALU) to Host ID LUN 7 (HLU).
Note that once the user changes the Host ID and applies the change, they cannot change it back unless
it is removed from the storage group.
Module 3 CLARiiON Storage Provisioning & Management - 18
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
The Hosts tab allows the user to add or remove hosts in much the same way as LUNs. The tab displays
the hostname, operating system, and host IP address. The host agent must be present for this
information to be obtained automatically. Either right click on the Storage Group or select the Connect
Host tab at the bottom of the LUNs window.
The Hosts tab allows hosts to be connected to, or disconnected from, a storage group. The procedure
here is similar to that used on the LUNs tab; select a host, move it by using the appropriate arrow. Note
also that we can choose to display only hosts not yet connected to a storage group, or all hosts. If a host
connected to a storage group is then connected to a second storage group, it automatically is
disconnected from the initial storage group.
The choices on this tab allow easy reassignment of LUNs from one host to another, for example, in the
event of a host failure.
Module 3 CLARiiON Storage Provisioning & Management - 19
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
A storage group can only be destroyed if it has no connected hosts. If LUNs or Snapshots are present in
a storage group, that will not prevent it from being destroyed.
SAN Copy connections to another storage system count as connected hosts and also prevents a storage
group from being destroyed.
Module 3 CLARiiON Storage Provisioning & Management - 20
Copyright 2010 EMC Corporation. Do not Copy - All Rights Reserved.
These are the key points covered in this module. Please take a moment to review them.