DAS-SAN-NAS

Direct-attached storage (DAS) refers to a digital storage system directly attached

to a server or workstation, without a storage network in between.

Network-attached storage (NAS) is file-level computer data storage connected to

a computer network providing data access to heterogeneous network clients.

A NAS unit is essentially a self-contained computer connected to a network, with the

sole purpose of supplying file-based data storage services to other devices on the
network.

NAS uses file-based protocols such as NFS (popular on UNIX systems), SMB/CIFS
(Server Message Block/Common Internet File System) (used with MS Windows
systems), or AFP (used with Apple Macintosh Computers. NAS units rarely limit
clients to a single protocol.

NAS provides both storage and filesystem. This is often contrasted with SAN
(Storage Area Network), which provides only block-based storage and leaves
filesystem concerns on the "client" side. SAN protocols are SCSI, Fibre Channel,
iSCSI, ATA over Ethernet (AoE), or HyperSCSI.

A storage area network (SAN) is an architecture to attach remote computer

storage devices (such as disk arrays, tape libraries, and optical jukeboxes) to servers
in such a way that the devices appear as locally attached to the operating system.
Although the cost and complexity of SANs are dropping, they are still uncommon
outside larger enterprises.

Network attached storage (NAS), in contrast to SAN, uses file-based protocols such
as NFS or SMB/CIFS where it is clear that the storage is remote, and computers
request a portion of an abstract file rather than a disk block.

Figure1 for reference:

Figure2 for reference:

Some Basic Questions and Answers in Storage Daomain:
What is JBOD?
Just a bunch of physical disks.
JBOD (for "just a bunch of disks," or sometimes "just a bunch of drives") is a
derogatory term - the official term is "spanning" - used to refer to a computer's hard
disks that haven't been configured according to the RAID (for "redundant array of
independent disks") system

What is LUN?
A logical unit number or LUN is simply the number assigned to a logical unit. A
logical unit is a SCSI protocol entity, the only one which may be addressed by the
actual input/output (I/O) operations. Each SCSI target provides one or more logical
units, and does not perform I/O as itself, but only on behalf of a specific logical unit.
In SCSI terminology, LUN stands for logical unit number. A LUN represents an
individually addressable (logical) SCSI device that is part of a physical SCSI device
(target). In an iSCSI environment, LUNs are essentially numbered disk drives.

What is LUN masking?

LUN (Logical Unit Number) Masking is an authorization process that makes a LUN
available to some hosts and unavailable to other hosts.
LUN Masking is implemented primarily at the HBA (Host Bus Adapater) level. LUN
Masking implemented at this level is vulnerable to any attack that compromises the
HBA.
Some storage controllers also support LUN Masking.
LUN Masking is important because Windows based servers attempt to write volume
labels to all available LUN's. This can render the LUN's unusable by other operating
systems and can result in data loss.

Fiber Channel

Today, the term host bus adapter (HBA) is most often used to refer to a Fibre
Channel interface card. Fibre Channel HBAs are available for all major open systems,
computer architectures, and buses, including PCI and SBus (obsolete today). Each
HBA has a unique World Wide Name (WWN), which is similar to an Ethernet MAC
address in that it uses an OUI assigned by the IEEE. However, WWNs are longer (8
bytes). There are two types of WWNs on a HBA; a node WWN (WWNN), which is
shared by all ports on a host bus adapter, and a port WWN (WWPN), which is unique
to each port. Major HBA manufacturers are Brocade Communications Systems,
Emulex, QLogic, LSI, Sun StorageTek, Agilent Technologies, and ATTO Technology.
There are HBA models of different speeds: 1Gbit/s, 2Gbit/s, 4Gbit/s, 8Gbit/s,
10GBit/s and 20GBit/s.

Fiber Channel Ports

Fiber Channel uses a shorthand terminology to describe different types of

connections to the fiber channel network.

Fiber Channel uses the term "ports" and defines seven different types of ports:

Short Descriptive Device

Port Function
Name Name Type
Node port used to connect a node to a Fiber
N-port Network Port Nodes
Channel switch
Switch port used to connect the Fiber
F-port Fabric Port Switches
Channel fabric to a node
Node port used to connect a node to a Fiber
L-port Loop Port Nodes
Channel loop
Network + Loop Node port which connects to both loops and
NL-port Nodes
Port switches
Fabric + Loop Switch port which connects to both loops
FL-port Switches
Port and switches
Used to cascade fiber channel switches
E-port Extender Port Switches
together
General purpose port which can be
G-port General Port Switches
configured to emulate other port types

What is a World Wide Name (WWN)?

A World Wide Name, or WWN, is a 64-bit address used in fibre channel networks to
uniquely identify each element in a Fibre Channel network.

The use of World Wide Names for security purposes is inherently insecure, because
the World Wide Name of a device is a user-configurable parameter.

For example, to change the World Wide Name (WWN) of an Emulex HBA, the users
simply needs to run the `elxcfg` command.

What is SAN zoning?

SAN zoning is a method of arranging Fibre Channel devices into logical groups over
the physical configuration of the fabric.

Each device in a SAN may be placed into multiple zones.

What are hard and soft zoning?

Hard zoning is zoning which is implemented in hardware. Soft zoning is zoning which
is implemented in software.

Hard zoning physically blocks access to a zone from any device outside of the zone.

Soft zoning uses filtering implemented in fibre channel switches to prevent ports
from being seen from outside of their assigned zones. The security vulnerability in
soft zoning is that the ports are still accessible if the user in another zone correctly
guesses the fibre channel address.

What is port zoning?

Port zoning utilizes physical ports to define security zones. A users access to data is
determined by what physical port he or she is connected to.

With port zoning, zone information must be updated every time a user changes
switch ports. In addition, port zoning does not allow zones to overlap.

What is WWN zoning?

WWN zoning uses name servers in the switches to either allow or block access to
particular World Wide Names (WWNs) in the fabric.

A major advantage of WWN zoning is the ability to recable the fabric without having
to redo the zone information.

WWN zoning is susceptible to unauthorized access, as the zone can be bypassed if an

attacker is able to spoof the World Wide Name of an authorized HBA.

Emulex Software products

? HBAnyware, centralized HBA management utility supporting Windows, Linux,

Solaris and VMware ESX.
? AutoPilot Manager, HBA management utility for SMBs
? AutoPilot Installer
? VMPilot, Virtual machine and NPIV management utility for use with Microsoft
Virtual Server
? lpfc Emulex Linux Drivers for HBAs

qlogic Software products

? SANsurfer Management Suite:

o SANsurfer FC HBA Manager
o SANsurfer iSCSI HBA Manager
o SANsurfer Switch Manager
o SANsurfer Command Line Interface (CLI), for Windows, Linux and
Solaris
? PathScale Compiler Suite (C, C++, and Fortran95)
? InfiniPath MPI

All devices on a storage area network need to be uniquely identifiable.

The SAN equivalent of a MAC address is the worldwide name (WWN). You will also
see references to WWPN (Worldwide Port Name) and WWNN (Worldwide Node
Name). Usually, the WWPN is the name you will more likely use as it is the name an
HBA will present when logging into a SAN fabric. Worldwide Names consist of 16
hexadecimal digits grouped as 8 pairs. These are written with colon characters
separating each pair. Some WWN examples are shown below:

50:06:04:81:D6:F3:45:42 (EMC disk subsystem)

10:00:00:00:c9:22:fc:01 (Emulex HBA card)
21:00:00:e0:8b:05:05:04 (Qlogic HBA card)

The format of the WWN is defined by the IEEE, The Institute of Electrical and
Electronics Engineers, a global (non-profit) organization responsible for setting and
maintaining a large number of IT standards. You can find full details of the WWN
standard from the IEEE but here’s a quick breakdown.

The specific format of a WWN is defined by the Name Address Authority field value,
which is the first digit of the WWN. The following values are used:

1 – IEEE 803.2 standard 48 bit ID

2 – IEEE 803.2 extended 48-bit ID
5 – IEEE Registered Name
6 – IEEE Extended Registered Name

Most commonly seen are options 1, 2 and 5. We will not discuss format 6.

IEEE Standard (NAA=1)

This format is divided into 3 sections. We will use the previous Emulex example
above to illustrate this format.

Section 1
10:00 00:00:c9 22:fc:01
identifies
Section 1 Section 2 Section 3 the WWN
as a
standard format WWN. Only one of the 4 digits is used, the other three must be zero
filled. Section 2 is called the OUI or “company_id” and identifies the vendor (more on
this later). Part 3 is a unique identifier created by the vendor.

IEEE Extended (NAA=2)

This format is divided into 4 sections. Using the Qlogic example, we can illustrate
this:

Section 1
2 0:00 00:e0:8b 05:05:04
identifies
Section 1 Section 2 Section 3 Section 4 the WWN
as an
extended format WWN. Section 2 is a vendor specific code and can be used to
identify specific ports on a node or to extend the serial number (section 4) of the
WWN. Section 3 identifies the vendor. Section 4 is the unique vendor-supplied serial
number for the device.

IEEE Registered Name (NAA=5)

Format 5 enables vendors to create unique identifiers without having to maintain a
database of serial number codes. This format tends to be used by hardware vendors
to create unique WWN values based on the serial number and physical port number
of hardware devices such as disk arrays. The format has 3 sections, using the EMC
example we can illustrate this.

Section 1
5 0:06:04:8 1:D6:F3:45:42
identifies
Section 1 Section 2 Section 3 this as a
registered
name WWN. Section 2 identifies the vendor. Section 3 is a vendor-specific generated
code, usually based on the serial number of the device, such as a disk subsystem.
The hardware vendor will use an algorithm to generate the WWN. The EMC algorithm
is quite complex and for disk subsystems is based on the array serial number and
the port number. The code demonstrated above represents a WWN for port 3aa on a
disk frame with serial number 123456789.

Company Ids

All vendors wishing to create WWNs must register for a company ID or OUI
(Organizationally Unique Identifier). These are maintained and published by IEEE,
the current list can be found here.

All company identifiers are six digits in length and used within the WWN. In our
examples, 00-60-48 is the code for EMC, 00-00-C9 is the code for Emulex and 00-
E0-8B is the code for Qlogic.

What exactly is i-SCSI?

In computing, iSCSI (pronounced or eye-scuzzy), is an abbreviation of Internet

Small Computer System Interface, an Internet Protocol (IP)-based storage
networking standard for linking data storage facilities. By carrying SCSI commands
over IP networks, iSCSI is used to facilitate data transfers over intranets and to
manage storage over long distances. iSCSI can be used to transmit data over local
area networks (LANs), wide area networks (WANs), or the Internet and can enable
location-independent data storage and retrieval. The protocol allows clients (called
initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on
remote servers. It is a popular storage area network (SAN) protocol, allowing
organizations to consolidate storage into data center storage arrays while providing
hosts (such as database and web servers) with the illusion of locally-attached disks.
Unlike traditional Fibre Channel, which requires special-purpose cabling, iSCSI can be
run over long distances using existing network infrastructure.

Storage array

In a data center or enterprise environment, an iSCSI target

often resides in a large storage array, such as a NetApp filer or
an EMC Corporation NS-series computer appliance. A storage
array usually provides distinct iSCSI targets for numerous
clients.
Must Read:
Notable families of disk interfaces include:

? Historical bit serial interfaces — connect a hard disk drive (HDD) to a hard
disk controller (HDC) with two cables, one for control and one for data. (Each
drive also has an additional cable for power, usually connecting it directly to
the power supply unit). The HDC provided significant functions such as
serial/parallel conversion, data separation, and track formatting, and required
matching to the drive (after formatting) in order to assure reliability. Each
control cable could serve two or more drives, while a dedicated (and smaller)
data cable served each drive.
o ST506 used MFM (Modified Frequency Modulation) for the data
encoding method.
o ST412 was available in either MFM or RLL (Run Length Limited)
encoding variants.
o Enhanced Small Disk Interface (ESDI) was an interface developed by
Maxtor to allow faster communication between the processor and the
disk than MFM or RLL.

? Modern bit serial interfaces — connect a hard disk drive to a host bus
interface adapter (today typically integrated into the "south bridge") with one
data/control cable. (As for historical bit serial interfaces above, each drive
also has an additional power cable, usually direct to the power supply unit.)
o Fibre Channel (FC), is a successor to parallel SCSI interface on
enterprise market. It is a serial protocol. In disk drives usually the
Fibre Channel Arbitrated Loop (FC-AL) connection topology is used. FC
has much broader usage than mere disk interfaces, it is the
cornerstone of storage area networks (SANs). Recently other protocols
for this field, like iSCSI and ATA over Ethernet have been developed as
well. Confusingly, drives usually use copper twisted-pair cables for
Fibre Channel, not fibre optics. The latter are traditionally reserved for
larger devices, such as servers or disk array controllers.
o Serial ATA (SATA). The SATA data cable has one data pair for
differential transmission of data to the device, and one pair for
differential receiving from the device, just like EIA-422. That requires
that data be transmitted serially. Similar differential signaling system
is used in RS485, LocalTalk, USB, Firewire, and differential SCSI.
o Serial Attached SCSI (SAS). The SAS is a new generation serial
communication protocol for devices designed to allow for much higher
speed data transfers and is compatible with SATA. SAS uses a
mechanically identical data and power connector to standard 3.5"
SATA1/SATA2 HDDs, and many server-oriented SAS RAID controllers
are also capable of addressing SATA hard drives. SAS uses serial
communication instead of the parallel method found in traditional SCSI
devices but still uses SCSI commands.
List of Fibre Channel switches

Major manufacturers of Fibre Channel switches are: Brocade, Cisco, McData and
QLogic.

? Brocade:
o Switches: 5300, 5100, 5000, 4900, 2400, 2800, 3800, 3900, 4100,
300, 200E
o Directors: 12000, 24000, 48000 and DCX Backbone
o More complete list in Brocade Communications Systems article.

? Cisco:
o Switches: Cisco MDS 9016, 9020, 9032, 9112, 9120, 9124, 9124e,
9134, 9140, 9148, 9216, 9216i, 9222i, 9302, 9304, 9308
o Directors: Cisco MDS 9506, 9509, 9513, 9530, 9560 [1]

? McData (now acquired and rebranded by Brocade):

o Switches: 3232
o Directors: 6064, 6140, 10000

? QLogic:
o Switches: SANbox 5800, 5600, 5200, 3050, 1400
o Directors / Modular Chassis Switches: SANbox 9000