managing the storage infrastructure section 4 : storage security and management
TRANSCRIPT
Managing the Storage InfrastructureManaging the Storage Infrastructure
Section 4 : Storage Security and Management
Storage Infrastructure Management
o Managing storage infrastructure is a key to ensure continuity of business
o Establishing management processes and implementing appropriate tools is essential to meeting service levels proactively
o Management activities include availability, capacity, performance, and security management
o Monitoring is the most important aspects that forms the basis for storage management
o Continuous monitoring enables availability and scalability by taking proactive measures
Lesson: Monitoring the Storage Infrastructure
Upon completion of this lesson, you will be able to:
o Discuss the major storage infrastructure components that should be monitored
o Describe what is to be monitored for the various storage infrastructure components
o Discuss alerting of events
Monitoring Storage Infrastructure
Accessibility
Capacity
Performance
Security
Network
HBA
Port
HBA
Cluster
Kee
p A
live
Client
Port
Storage Arrays
Hosts/Servers with Applications
SANIP
Parameters Monitored – Accessibility
o Accessibility refers to the availability of a component to perform a desired operation
o Why monitor accessibility of different components?o Failure of any hardware/software component can lead to outage of a
number of different componentso Example: HBA (Host Bus Adapter) failure could cause degraded access to a
number of devices in multi-path environment or loss of data access in single path environment
o Monitoring accessibility involveso Checking availability status of the hardware or software components
through predefined alerts
Parameters Monitored – Capacity
o Capacity refers to the amount of storage infrastructure resources available
o Why monitor capacity?o Capacity monitoring prevents outages before they can occur
o Inadequate capacity may lead to degraded performance or affect application/service availability
o More preventive and predictive in natureo Report indicates 90% of all the ports have been utilized in SAN, a new switch
must be added if more arrays/servers are to be added
Parameters Monitored – Performance
o Performance monitoring evaluates how efficiently different components are performing
o Why monitor Performance metrics?o Want all data center components to work efficiently/optimallyo Helps to identify performance bottleneckso Measures and analyzes the ability to perform at a certain predefined level
o Exampleso Number of I/Os to diskso Application response timeo Network utilization o Server CPU utilization
Parameters Monitored – Security
o Monitoring security helps to track and prevent unauthorized access
o Why monitor security?o Need to be protected for confidentiality (Confidentiality prevents sensitive
information from reaching the wrong people, while making sure that the right people can in fact get it), integrity (Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit) and availability(Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed).
o To meet regulatory compliance
o Exampleso Tracking and reporting changes made to zoning configurationso Physical security through badge readers, scanners and cameras
Monitoring Environmental parameters– Temperature, humidity, airflow, hazards (water, smoke, etc.)– Voltage – power supply
Monitoring Hostso Accessibility
o Hardware components: HBA, NIC, graphic card, internal disko Status of various processes/applications
o Capacityo File system utilizationo Database: Table space/log space utilizationo User quota
o Performanceo CPU and memory utilizationo Transaction response times
o Securityo Login and authorization o Physical security (Data center access) Host
HBA
HBA
o What is SAN?
A SAN (Storage Area Network) is a network designed to transfer data from servers to targets, and it is alternative to a directly attached target architecture, where the storage is connected to the servers on general purpose networks.
Monitoring the SANo Accessibility
o Device statuso Processor cards, fans, power supplies
o Capacityo ISL (inter-switch link) and port utilization
o Performanceo Connectivity ports
o Link failures, loss of signal, link utilizationo Connectivity devices
o Port statistics
o Securityo Administrative tasks and physical security
o Authorized access, strict passwords SAN
Monitoring Storage Arrayso Accessibility
o All Hardware componentso Array Operating Environment
o RAID processeso Environmental sensorso Replication processes
o Capacityo Configured/un-configured capacityo Allocated/unallocated storage
o Performanceo FE (front-end) and BE (back-end) utilization/throughputo I/O profile, response time, cache metrics
o Securityo Physical and administrative security
Storage Array
HBA
HBA
HBA
HBA
Accessibility Monitoring Example: Array Port Failure
HBA
HBA
SW2
SW1
H3
H2
H1
Hosts/Servers with Applications
Port
Storage Arrays
Port
Degraded
Degraded
Degraded
HBA
HBA
Accessibility Monitoring Example: HBA Failure
SW2
SW1
H3
Degraded
H2
H1
Hosts/Servers with Applications
HBA
HBA
HBA
HBA
Port
Storage Arrays
Port
Accessibility Monitoring Example: Switch Failure
Storage ArraysSW2
Hosts/Servers with Applications
SW1
Port
PortAll Hosts
Degraded
Capacity Monitoring Example: Storage Array
SW1
New Server
Can the Array provide the required storage to the new server?
Hosts/Servers with Applications
SW2
HBA
HBA
Capacity Monitoring Example: File System Space
File SystemFile System
Warning: FS is 66% Full
Critical: FS is 80% Full
Extend FS
No Monitoring FS Monitoring
Performance Monitoring Example: Array Port Utilization
Storage Arrays
SW2
Hosts/Servers with Applications
SW1
H3
H2
H1
New Server
H4
HBA
HBA
HBA
HBA
HBA
HBA
HBA
HBA
100%
Po
rt U
til. %
H1 + H2 + H3
In data storage, an array is a method for storing information on multiple devices
Performance Monitoring Example: Servers CPU Utilization
Critical: CPU Usage above 90% for the last 90 minutes
Security Monitoring Example: Storage Array
Storage Array
SW2
Workgroup 1 (WG1)
SW1
Workgroup 2 (WG2) WG2
Warning: Attempted replication of WG2 devices by WG1 user – Access denied
Replication Command
WG1
Alerting of Events
o Alerting is an integral part of monitoring
o Monitoring tools enables administrators to assign different severity levels for different events
o Level of alerts based on severityo Information alert: Provide useful information and may not require
administrator interventiono Creation of zone
o Warning alerts: Require administrative attentiono File systems becoming full/Soft media errors
o Fatal alert: Require immediate administrative attentiono Power failures/Disk failures/Memory failures/Switch failures
Lesson Summary
Key concepts covered in this module are:
o Storage infrastructure components that should be monitored
o Parameters of monitoring:o Accessibilityo Capacityo Performanceo Security
o Monitoring examples
Additional Task
Research on key requirements of a data center
Storage Management Activities
o All the management tasks in a storage infrastructure can be broadly categorized into:o Availability managemento Capacity managemento Performance managemento Security managemento Reporting
Availability Managemento Establishing a proper guideline for all configurations to ensure
availability based on service levels.
o Example: When a server is deployed to support a critical business function, the highest availability standard is required. This involved deploying the following components:o Two or more HBAso Multipathing softwareo Server clusteringo Two independent fibre channel switches (Fibre Channel, or FC, is a high-
speed network technology (commonly running at 2-, 4-, 8- and 16-gigabit per second rates) used to connect computer data storage)
o RAID protectiono Backupo Local and remove replication
Capacity Managemento Ensure adequate availability of resources for all services based
on their service level requirements
o Capacity management provides:o Capacity analysis – compare allocated storage to forecasted storage on a
regular basiso Trend analysis – actual utilization of allocated storage and rate of
consumption
o Example 1: Storage provisioningo Device configurationo Zoning configuration on SAN and HBA components (Zoning is a procedure
that takes place on the SAN fabric and ensures devices can only communicate with those that they need to.)
o Example 2: Estimating future needs of resourceso Gather and analyze related information to come up with estimates
Performance Managemento Ensures the optimal operational efficiencies of all components
o Performance analysis is performed on existing storage infrastructure componentso Provides information whether a component is meeting expected
performance levels
o When a new application or server is to be deployed, every components involved must be validated for adequate performance capabilities as defined by the service levels.o Server: volume configuration, database design, application layout on
multiple HBAs, multipathing softwareo SAN: designing sufficient ISLs (Inter Switch Link) in a multi-switch fabric
with adequate bandwidtho Storage arrays: selecting appropriate RAID type zoning, front-end and
back-end ports
Security Management
o Prevents unauthorized access and configuration of storage infrastructure components
o Example: When deploying a new application or servero Managing user accounts and access policieso Zoning configuration in the SAN
Reporting
o Keeping track and gathering information from various components / processes
o This information is compiled to generate reports for:o Trend analysis and capacity planning – current and historic information
about utilization of storage, file system, database tablespace, portso Configuration or asset management – device allocation, local and remote
replicas, fabric configuration, list of equipment with details such as their value, purchase date, lease status and maintenance record
o Chargeback – allocation and utilization of storage infrastructure components by various departments / user groups.
o Performance – performance of various storage infrastructure components
Storage Infrastructure Management Challenges
o Large number and variety of storage arrays, networks, servers, databases and applications
o Variety of storage devices varying in capacity, performance and protection methodologies
o Deployment of both SAN and IP networks for storage devices
o Servers with different operating systems: UNIX, LINUX, Windows, mainframe
o Interoperability issues between devices from multiple vendors
o Multiple vendor-specific tools to monitor devices from different vendors