Fall 2013 Assignment
Bachelor of Science in Information Technology (BSc
IT) – Semester 5
BT9003 – Data Storage Management – 4 Credits
(Book ID: B1190)
Assignment Set (60 Marks)
1.
Discuss DAS, NAS
and SAN storage technologies.
Ans.- DAS (Direct Attached Storage):- When
Windows servers leave the factory, they can be configured with several storage
options. Most servers will contain 1 or more local disk drives which are
installed internal to the server’s cabinet. These drives are typically
used to install the operating system and user applications. If additional
storage is needed for user files or databases, it may be necessary to configure
Direct Attached Storage (DAS).
DAS is well suited for a
small-to-medium sized business where sufficient amounts of storage can be
configured at a low startup cost. The DAS enclosure will be a separate
adjacent cabinet that contains the additional disk drives. An internal
PCI-based RAID controller is typically configured in the server to connect to
the storage. The SAS (Serial Attached SCSI) technology is used to connect
the disk arrays as illustrated in the following example.
As mentioned, one of the
primary benefits of DAS storage is the lower startup cost to implement.
Managing the storage array is done individually as the storage is dedicated to
a particular server. On the downside, there is typically limited
expansion capability with DAS, and limited cabling options (1 to 4 meter
cables). Finally, because the RAID controller is typically installed in
the server, there is a potential single point of failure for the DAS solution.
SAN (Storage
Area Networks):- With Storage Area Networks (SAN), we typically see this solution
used with medium-to-large size businesses, primarily due to the larger initial
investment. SANs require an infrastructure consisting of SAN switches,
disk controllers, HBAs (host bus adapters) and fibre cables. SANs
leverage external RAID controllers and disk enclosures to provide high-speed
storage for numerous potential servers.
The main benefit to a
SAN-based storage solution is the ability to share the storage arrays to
multiple servers. This allows you to configure the storage capacity as
needed, usually by a dedicated SAN administrator. Higher levels of
performance throughput are typical in a SAN environment, and data is highly
available through redundant disk controllers and drives. The
disadvantages include a much higher startup cost for SANs, and they are
inherently much more complex to manage. The following diagram illustrates
a typical SAN environment.
NAS (Network
Attached Storage):- A third type of storage solution exists that is a hybrid option
called Network Attached Storage (NAS). This solution uses a dedicated
server or “appliance” to serve the storage array. The storage can be
commonly shared to multiple clients at the same time across the existing
Ethernet network. The main difference between NAS and DAS and SAN is that
NAS servers utilize file level transfers, while DAS and SAN solutions use block
level transfers which are more efficient.
NAS storage typically has a lower startup cost
because the existing network can be used. This can be very attractive to
small-to-medium size businesses. Different protocols can be used for file
sharing such as NFS for UNIX clients and CIF for Windows clients. Most
NAS models implement the storage arrays as iSCSI targets that can be shared
across the networks. Dedicated iSCSI networks can also be configured to
maximize the network throughput. The following diagram shows how a NAS
configuration might look.
2.
Define Perimeter
Defense and give examples of it.
Ans.- Perimeter Defenses:- Used for
security purposes to keep a zone secure. A secure zone is some combination of
policies, procedures, technical tools, and techniques enabling a company to
protect its information. Perimeter defenses provide a physical environment with
management’s support in which privileges for access to all electronic assets
are clearly laid out and observed. Some perimeter defense parameters include
installing a security device at the entrance of and exit to a secure zone and
installing an intrusion detection monitor outside the secure zone to monitor
the zone. Other means of perimeter defense include ensuring that important
servers within the zone have been hardened—meaning that special care has been
taken to eliminate security holes and to shut down potentially vulnerable
services—and that access into the secure zone is restricted to a set of
configured IP addresses. Moreover, access to the security appliance needs to be
logged and all changes to the security appliance need to be documented, and
changes regarding the security appliance must require the approval of the
secure zone’s owner. Finally, intrusion alerts detected in the zone must be
immediately transmitted to the owner of the zone and to Information Security
Services for rapid and effective resolution.
Following are the examples for perimeter
defenses :
Firewall:-
The
primary method of protecting the corporate or home network from intruders is
the firewall. Firewalls are designed to examine traffic as it comes in and deny
entry to those who do not have access rights to the system. The most common
functions of firewalls are proxy services, packet filtering, and network
address translation (NAT).
Packet
filtering admits or denies traffic attempting to access the network based on
predefined rules. A common version of packet filtering is port blocking, in
which all traffic to a particular TCP/IP port is blocked to all external
connections. Host-based firewalls, common in home and small-business
situations, use this method to protect individual desktop computers.
Network
address translation services translate internal addresses into a range of
external addresses. This allows the internal addressing scheme to be obscured
to the outside world. It also makes it difficult for outside traffic to connect
directly to an internal machine.
All
firewalls provide a choke point through which an intruder must pass. Any or all
traffic can then be examined, changed, or blocked depending on security policy.
Intrusion
detection systems and intrusion response systems:- A device or
software system that examines violations of security policy to determine if an
attack is in progress or has occurred is called an Intrusion Detection System
(IDS). An IDS does not regulate access to the network. Instead, it examines
violations of security policy to determine whether an attack is in progress or
has occurred. It then reports on the alleged attack.
Intrusion
Response Systems are devices or software that are capable of actively
responding to a breach in security. They not only detect an intrusion but also
act on it in a predetermined manner.
3.
Explain SCSI
Logical Units and Asymmetrical communications in SCSI.
Ans.- SCSI
logical units: SCSI targets have logical units that provide the
processing context for SCSI commands. Essentially, a logical unit is a virtual
machine (or virtual controller) that handles SCSI communications on behalf of
real or virtual storage devices in a target. Commands received by targets are
directed to the appropriate logical unit by a task router in the target
controller. The work of the logical unit is split between two different
functions the device server and the task manager. The device
server executes commands received from initiators and is responsible for
detecting and reporting errors that might occur. The task manager is the work
scheduler for the logical unit, determining the order in which commands are
processed in the queue and responding to requests from initiators about pending
commands. The logical unit number (LUN) identifies a specific logical
unit (think virtual controller) in a target. Although we tend to use the term
LUN to refer to a real or virtual storage device, a LUN is an access point for
exchanging commands and status information between initiators and targets.
Metaphorically, a logical unit is a "black box" processor, and the
LUN is simply a way to identify SCSI black boxes. Logical units are architecturally
independent of target ports and can be accessed through any of the target's
ports, via a LUN. A target must have at least one LUN, LUN 0, and might
optionally support additional LUNs. For instance, a disk drive might use a
single LUN, whereas a subsystem might allow hundreds of LUNs to be defined.
Asymmetrical
communications in SCSI: Unlike most data networks, the communications model
for SCSI is not symmetrical. Both sides perform different functions and
interact with distinctly different users/applications. Initiators work on
behalf of applications, issuing commands and then waiting for targets to
respond. Targets do their work on behalf of storage media, waiting for commands
to arrive from initiators and then reading and writing data to media.
4.
Explain
techniques for switch based virtualization with necessary diagram.
Ans.- As in array-based storage
virtualization, fabric-based virtualization requires additional processing
power and memory on top of a hardware architecture that is concurrently providing
processing power for fabric services, switching and other tasks. Because large
fabric switches (directors) are typically built on a chassis and option blade
or line card scheme, virtualization capability is being introduced as yet
another blade that slots into the director chassis, as shown in below Figure.
This provides the advantage of tighter integration with the port cards that
service storage and servers but consumes expensive director real estate for
slot that could otherwise support additional end devices. If a virtualization
blade is not properly engineered, it may degrade the overall availability
specification of the director. A five-nines (99.999%) available director will
inevitably lose some nines if a marginal option card is introduced.
Because
software virtualization products have been around for some time, it is tempting
to simply host one or another of those applications on a fabric switch.
Typically, software virtualization runs on Windows or Linux, which in turn
implies that a virtualization blade that hosts software will essentially be a
PC on a card. This design has the advantage, for the vendor at least, of time
to market, but as with host or appliance virtualization products in general, it
may pose potential performance issues if the PC logic cannot cope with high
traffic volumes. Consequently, some vendors are pursuing hardware-assisted
virtualization on fabric switches by creating ASICs (application specific
integrated circuits) that are optimized for high- performance frame decoding
and block address mapping. These ASICs may be implemented on director blades or
on auxiliary modules mounted in the director enclosure.
A storage
virtualization engine as an option card within a director should enable
virtualization of any storage asset on any director port.
Whether
the fabric-based virtualization engine is hosted on a PC blade, an optimized
ASIC blade or auxiliary module, it should have the flexibility to provide
virtualization services to any port on the director. In a standard fabric architecture,
frames are simply switched from one port to another based on destination Fibre
Channel address. Depending on the virtualization method used, the fabric
virtualization engine may intervene in this process by redirecting frames from
various ports according to the requirements of the virtual logical address
mapping of a virtualized LUN. In addition, if a storage asset is moved from one
physical port to another, the virtualization engine must monitor the change in
network address to preserve consistent device mapping. This adds considerable
complexity to internal fabric management to accommodate the adds, moves and
changes that are inevitable in storage networking.
5.
Explain in brief
heterogeneous mirroring with necessary diagram.
Ans.- Abstracting Physical Storage, storage
virtualization enables mirroring or synchronized local data copying between
dissimilar storage systems. Because the virtualization engine processes the
SCSI I/O to physical storage and is represented as a single storage target to
the server, virtualized mirroring can offer more flexible options than
conventional disk-to-disk techniques.
In traditional single-vendor
environments, mirroring is typically performed within a single array (one set
of disk banks to another) or between adjacent arrays. Disk mirroring may be
active/passive, in that the secondary mirror is only brought into service if
the primary array fails, or active/active, in which case the secondary mirror
can be accessed for read operations if the primary is busy. This not only
increases performance but also enhances the value of the secondary mirror. In
addition, some vendors provide mutual mirroring between disk arrays so that
each array acts as a secondary mirror to its partner.
Heterogeneous mirroring under
virtualization control allows mirroring operations to be configured from any
physical storage assets and for any level of redundancy. As shown in below Figure,
a server may perform traditional read and write operations to a virtualized
primary volume. The target entity within the virtualization engine processes
each write operation and acts as an initiator to copy it to two separate
mirrors. The virtual mirrors, as well as the virtualized primary volume, may be
composed of storage blocks from any combination of back-end physical storage
arrays. In this example, the secondary mirror could be used to convenience
non-disruptive storage processes such as archiving disk data to tape or
migration of data from one class of storage to another.
Like traditional disk-based mirroring,
this virtualized solution may be transparent to the host system, providing
there is no significant performance impact in executing copies to heterogeneous
storage. Transparency assumes, though, that the virtualizing is conducted by
the fabric or an appliance attached to the fabric. Host-based virtualization
would consume CPU cycles to perform multiple mirroring, and array-based
virtualization typically cannot cross vendor lines. Because mirroring requires
the completion of writes on the secondary mirrors before the next I/O is
accepted, performance is largely dependent on the aggregate capabilities of the
physical storage systems and the processing power of the virtualization engine
itself.
Heterogeneous mirroring offers more flexible options
than conventional mirroring, including three-way mirroring within storage
capacity carved from different storage systems.
6.
Discuss
Disk-to-disk-to-tape (D2D2T) technology in brief.
Ans.- disk-to-disk-to-tape (D2D2T):- Disk-to-disk-to-tape
(D2D2T) is an approach to computer storage backup and archiving in which data is initially copied to
backup storage on a disk storage system and then periodically copied again to a
tape storage system.
Disk-based backup systems
and tape-based systems both have advantages and drawbacks. For many computer
applications, it's important to have backup data immediately available when the
primary disk becomes inaccessible. In this scenario, the time to restore data
from tape would be considered unacceptable. Disk backup is a better solution
because data transfer can be four-to-five times faster than is possible with
tape. However, tape is a more economical way to archive data that needs to be
kept for a long time. Tape is also portable, making it a good choice for
off-site storage.
A D2D2T scheme provides the
best of both worlds. It allows the administrator to automate daily backups on
disk so he has the ability to implement fast restores and then move data to
tape when he has time. The use of tape also makes it possible to move more
mature data offsite for disaster recovery protection and to comply with
regulatory policies for long-term data retention at a relatively inexpensive
cost.
Disk-to-disk-to-tape is often used as part of a storage
virtualization system where the
storage administrator can express a company's needs in terms of storage
policies rather than in terms of the physical devices to be used.
No comments:
Post a Comment