New E-Lab Interoperability Navigator features

As I mentioned in a previous post, the E-Lab Navigator Team recently finished a complete redesign of their user interface. If you’re interested in much more detail, check out the introduction video and the user guide. Rather than repeat what they’ve provided in the guide and video, I'd like to call your attention to a few of the new features that I’m going to use on a regular basis.

Simple Support Matrices

The simple support matrices (e.g., the FCoE SSM) are now conveniently located at the top of the page when you first login. Each link now brings you directly to pdf version of that matrix. Previously you had to dig for these and this was a much needed improvement.

Topology Resource Center and Host Connectivity Guides

If you know what these are, you won’t wonder why I’m telling you exactly how to get to them. If you haven’t had a chance to check them out yet, please do. These documents describe the exact setup steps for many different configurations and are written by the Engineers who actually perform the testing. Based on personal experience, I know this information is regularly used by EMC Engineering teams outside of E-Lab when they are trying to get a particular configuration working.

Where are my Wizards!?

If you’re like me and you like using the Wizards, fear not, they have not been removed! Look under Custom Queries -> Advanced Query! This is a huge improvement over the previous version. To use it all you need to do is click the little icon all the way to the right of each “Component Type”. This will automatically bring you to the correct section in the "ELN TREE" and you can navigate to the correct product type from there. One of the many ways I use this is to just find out if we support a particular switch or switch firmware revision. If it’s in the tree, we support it and then it’s just a matter of finding out the support details.

Product Details!!

Have you ever wondered how many logins are supported on a particular storage platform or what Symmextrix director bit settings you need to use? If yes, this section is for you. Just like all of the other important features, you can access Product Details from the main login page. Once there, you can browse to your product of choice and get interface level information about each of our plaforms (including which protocols they support). It used to be so painful to get this information, such a huge improvement!

That’s just a few of the great features that are avaiable on the new E-Lab Navigator, check it out!

Thanks, for reading!

An Introduction to Virtual Storage Networks

I recently started a VSN blog series that describes (in great detail) a new concept that we’re referring to as a Virtual Storage Network or VSN.  As I was writing the third installment in the series, I realized the approach I was using to define the VSN concept was analogous to trying to describe a forest by starting with a description of soil composition.  Although this approach might have eventually led to some kind of understanding of what I was talking about, I began to feel that I was probably going to lose the vast majority of readers if I didn’t take a different tack.  With this in mind, this post will provide a very high level overview of the VSN concept, describe what we’re trying to accomplish and hopefully provide a framework to allow readers to understand the more detailed VSN series. 

Why VSN?

Since Fibre Channel was first introduced, the need to manually configure FC connectivity (e.g., create zones) has not only proven to be unpopular with customers, it has also proven to be a barrier to innovation. 

From a customer’s point of view, many view zoning as just an additional administrative burden and have been asking for a way to eliminate the manual process of zoning for years.  We’ve responded to these requests by:

• introducing products such as Volume Logix, ECC SAN Manager and ViPR;
• participating in industry initiatives (e.g., FC-SCM) intended to eliminate zoning; and
• inventing a new mechanism (TDZ) that automates zone creation

As we were standardizing TDZ, we asked other EMC engineers for input and were surprised to discover that many of them were interested in the approach because they had run into problems with zoning in the past.  In fact, several of them had considered adding functionality but avoided doing so specifically because of zoning.  On the opposite end of the spectrum there was at least one case of an engineer scripting the zoning commands required for their particular use case.  While their script worked fine, ultimately I think they were just cleaning up someone else's mess and thought it was a shame that they had to spend time working around a limitation that should have been addressed long ago.  

A more recent example of the barrier to innovation is the FAST sideways use case; it takes no less than four connectivity (e.g., zoning) changes in order to migrate a storage volume from one array to another.  Until these connectivity changes can be automated (e.g., via ViPR); FAST sideways will probably not be all that useful as a automated remediation mechanism for chronic issues with IOPS or RT due to an overloaded array.

Although zoning is something that is specific to FC and FCoE, other types of storage protocols also suffer from the need to manually configure connectivity.  I described the challenges with iSCSI in the FC and FCoE versus iSCSI – “Network-centric” versus “End-Node-centric” provisioning blog post and I described the challenges for FC, FCoE, iSCSI and File in the Universal Fabric Controller blog post.

While these manual connectivity configuration steps have proven to be burdensome to our Enterprise customers, to our Service Provider customers, they’re anathema.  This is because many of these Service Providers are gearing up to compete with the likes of Amazon and in order for them to complete effectively, they need to be able to:

1. Completely automate the end-to-end provisioning process (including storage provisioning); and
2. Provide services at a price that are difficult to match when using traditional infrastructure components.

As a result, many of these customers are not interested in FC or FCoE because they perceive it to be a more expensive and less flexible solution, due to the perceived manual provisioning steps, specialized skill sets and specialized hardware associated with it. 

Actually, if you press them for what they really want in regards to storage features, many just want storage arrays to go away and have the storage capacity provided via a software based approach.  I’ll generically refer to this approach as Server SAN and point out that EMC has a product in this space called ScaleIO.  I’ll also point out that VMware has a solution called VSAN which has been on our radar for some time.  Both of these products (along with CEPH) have proven to be very popular (at least conceptually) with Customers in both the Enterprise and Service Provider spaces.  I think the main reason for the interest is ease of use. 

I’ll admit that I’m intrigued by the Server SAN concept and I see use cases for both ScaleIO and VSAN.  But I also have to admit, as I discuss in part 1 of the VSN series, I have concerns about the ability of Server SAN solutions to provide Enterprise class features.  That having been said, the message from our customers is crystal clear “Make it easier to consume your array based storage or we’ll find another solution”…

I’ll spare you some of the details and simply say that we took this message to heart.  We did a bunch of work gathering connectivity requirements from customers (including at EMC World last year) to figure out what the best approach would be.  As we were doing this an interesting pattern started to emerge:

Enterprise Customers (in general):

• Really like Fibre Channel
• Really do NOT like iSCSI
• Are willing to use FCoE at least from the Server to the ToR switch
• Are interested in investigating approaches to automate zoning
• Are increasingly looking at File
• Are looking at Server SAN to see what it can do for them but generally like the automation aspect of it
• Are typically very conservative when it comes to new technology
• See connectivity from Server to a Storage array as something that is static.
• Have a wide range of requirements with regards to multi-tenancy.  Generally they see it as something that is handled through orchestration and not necessarily something that needs to extend to the data plane.

Service Providers (in general):

• Really like the Server San concept
• Like iSCSI, File, Object – will use whatever provides adequate performance and is easiest
• Really do not like FC – There are exceptions (e.g., Rackspace hybrid cloud and at least to some degree vCHS)
• Are not conservative when it comes to new technology
• See connectivity from Server to Storage as dynamic
• Have many multi-tenant storage requirements.  Generally they see multi-tenancy as something that is handled through orchestration but also want data plane isolation as I describe in Part 1.

In order to satisfy both the Enterprise and SP requirements, it became clear that we would need a solution that could support multiple protocols and automate connectivity tasks for all of them.  Not only that, we would need something that makes our arrays as simple to use a Server SAN solution. 

Simple, right? </sarcasm>

With these requirements in mind, we set a goal for the VSN project to:

• enable the dynamic creation of storage service compositions;
• automate connectivity between compute and these storage service compositions; and
• do so in a way that is compatible with the concept of multi-tenant storage.

In case you're wondering, a storage service composition is a collection of storage services that are presented to an end user as a single storage volume.  For the purposes of this discussion, think of a storage service composition as a storage volume that has specific attributes.  These attributes could include:

• Input/Output Operations Per Second (IOPS)
• Replication
• Data Deduplication
• Recovery Time Objective (RTO)
• Recovery Point Objective (RPO)
• And many more…

One example of a storage service composition that has been automatically attached to a compute instance is shown below and is described in Part 2 of the VSN series in the "Storage Service Insertion" section. 

The key take away from the above diagram is each hypervisor would only see a single “gray” Virtual Volume on the VPLEX.  The storage capacity for the Virtual Volume actually resides on the VMAX.  The VMAX could then be getting deduplication services from Data Domain.  I refer to the Virtual Volume, the capacity service on the VMAX and the deduplication service on Data Domain as a “Storage Service Composition”. 

I have not (yet) attempted to calculate how many possible storage compositions could be created from just EMC products alone, but there are many others possible.  It’s important to note that from a connectivity automation point of view, the number and type of services doesn’t really matter as long as the two services can use a common protocol (e.g., FC, iSCSI, File, Object, etc) to communicate with one another.

Conclusion

Well, that’s about as close to the forest of Virtual Storage Networks that I can get without getting back into a study of soil composition.  If you were to remember only a couple of things about this post, I would like them to be:

• The purpose of the Virtual Storage Network concept is to make storage and storage service compositions as easy to use as possible
• VSNs will be compatible with both Enterprise and Service Provider environments
•  A Virtual Storage Network can be created using any of the supported protocols today
  • There are limits to this and they will be discussed in parts 3 and 4 of the series.
• Virtual Storage Networks do not have inherent orchestration layer dependencies

If you’re interested in more information please see the more detailed VSN series. 

Thanks for reading!

Join me at EMC World 2014!

It's almost time for EMC World again (May 5th - 8th) and I'm happy to say that I've been granted the privilege of presenting to our Customers again.  I'm actually very excited about this year because we're introducing a few new concepts, demonstrating at least one of them and mixing up the content of the breakout session based on the feedback we received last year.  To better explain what I mean, here's a quick overview of what we're planning.

To start things off, I'll be presenting:

Title: "Storage Networking (FC/FCoE/iSCSI/VSN) Technology & Best Practice Update".

Dates and times: Monday, May 5, 8:30 AM - 9:30 AM and Tuesday, May 6, 3:00 PM - 4:00 PM

Agenda:

1. Protocol overview: Think of this as a "Why do we care about FC again?" kind of segment  
2. Product update: A brief description of product changes that have happened over the past year
3. Things you should know: A list of concepts that you should be familiar with if you deal with SANs frequently.  I'll discuss at least one of them in detail
4. Hot Topics: A list of issues that seem to be causing our customers the most pain.  Ok, it's actually a list of things that are causing our support folks the most pain, but I'm expecting (hoping) that there's a bunch of overlap between these two different topics
5. IaaS and the Impact to SAN: If you've been reading my VSN blog series, you'll have an idea of what I'm going to talk about here.
6. OpenStack and FC: We've done a bit of work with Brocade and others on OpenStack, so I'll briefly describe this work here.

I'll also be moderating the following BoF session.  

Title: "Storage Networking: Network Virtualization & Multi-Tenant Storage (Birds-of-a-Feather)"

Joining me will be:

• Doug Fierro - EMC Senior Director (runs the Connectrix BU)
• Mark Lippitt - EMC Distinguished Engineer (leads the Connectrix Advanced development team)
• Don Pisinski - Connectrix PM (responsible for all things Connectrix-B (Brocade))

Date and time: Wednesday, May 7, 1:00 PM - 2:00 PM

Agenda: This is an interactive session where we ask our Customers for feedback on particular topics.  This year's topic is:

"Infrastructure as a Service (IaaS) and Network Virtualization will radically alter the way you connect to storage.  Or will it?  You tell us.  Join us for a discussion about current Storage Networking trends and the technologies that could potentially disrupt them."

We will probably also ask for feedback on:

1. FC pain points
2. Speeds: 16, 32 and 128G FC and 10, 40 and 100G Ethernet
3. TDZ
4. OpenStack
5. VSN
6. and anything else raised by the attendees

Hope to see you there!

Fast Sideways - A connectivity point of view

Although I mentioned this functionality in a previous blog post, the impact that this type of use case will have on connectivity automation is so significant that it deserves to have it's own post.   

The first time I heard the FAST Sideways concept mentioned publicly was by Brian Gallagher during an EMC World 2013 keynote.  Brian and Steve Todd then talked about the topic in just a bit more detail during an EMCBackstage interview.  Although I believe there will be a team of folks at EMC World this year taking about this concept in general, I’ll say the following about it from a Connectivity Automation perspective.

Fully Automated Storage Tiering (FAST) allows blocks of storage to be moved between different tiers of storage (e.g., Flash, FC, SAS) on the same Array.  These placement decisions are driven by the FAST Engine that runs on the Array’s Service Processor (in the case of VMAX) which makes use of user defined policies.  Because the placement decisions do not impact SCSI connectivity (e.g., LUN, LU ID), these changes are effectively invisible to the host and do not require connectivity layer changes.

FAST Sideways can be thought of as an extension to FAST but instead of operating within a single array, volumes could be moved from one array to another.  These placement decisions will probably need to be driven by a FAST Federation engine that logically operates at a layer above the FAST engines running on each array.  This FAST Federation engine will also probably make use of user defined policies to assist in placement decisions but unlike the FAST engine, it will also need to interact with connectivity elements (e.g., FC switches or Virtual Networks) in order to configure both array to array and host to array connectivity as shown in the following diagram set.

The diagram above contains two physical hosts, a host facing fabric, two storage arrays and a storage fabric at three different phases (i.e., Beginning, Intermediate, and Completed) of a FAST Sideways operation.  The host facing and storage fabrics could either utilize completely different approaches to connectivity (e.g., the host facing fabric could be Fibre Channel (FC) based while the Storage fabric could be a VXLAN based Over The Top (OTT) Virtual Network).  Although not shown in the diagram, both could utilize the same physical fabric.

FAST Sideways workflow – In this case, the user or the FAST Federation engine decides to move Host 2 to Array 2 because Array 1 is very busy and Array 2 is nearly idle. When this happens, three high level actions would need to occur:

1. Establish connectivity between Array 1 and Array 2;
2. Allow Host 2 to access its volumes on Array 2; and
3. Remove connectivity between Array 1 and Array 2 once the data has been copied.

Each of the phases is described in more detail below.

Beginning – The Beginning portion of the diagram illustrates Host 1 (Blue) and Host 2 (Red) accessing different volumes (e.g., “Blue” and “Red” respectively) on the same storage array.

Intermediate – This diagram illustrates that connectivity has been established between Array 1 and Array 2.  Once this connectivity has been established, volume replication may begin from Array 1 to Array 2 via any means available (e.g., ORS, SRDF, etc).  Also at this point connectivity between Host 2 and Array 2 could be established.  Once this connectivity has been established, Host 2 will need to discover Array 2 via a protocol specific mechanism that is described in a later section.  Once Array 2 has been discovered, the volumes may be made available to the operating system via any means available (e.g., ALUA).  At this point Host 2 could begin to access its storage on Array 2 (i.e., if ORS is in use).      

Completed – This diagram illustrates Host 2 accessing its Storage on Array 2 and the connection between Array 1 and Array 2 has been removed.

All of that in mind, you can think of FAST sideways as one possible way to remediate chronic issues with an inability to meet IOPS and RT objectives.

Update:  Helen Raizen (EMC) wrote a great blog post that describes the challenges related to Block Storage Migration.  The functionality she describes could make use of the Connectivity Automation functionality I describe above.   

Thanks for reading!

Virtual Storage Networks – Part 2 (Requirements for multi-tenant storage)

In part 1 of this series, I introduced the concept of a Virtual Storage Network, provided some background information and stated what we believe the requirements for multi-tenant storage are.  In this post I’ll dig into the details of those requirements.

Requirements for multi-tenant storage

As stated before, the following requirements were gathered by speaking with several of our customers who are interested in multi-tenancy.  I’ll describe each in detail and then in the next section, describe a couple of topologies that satisfy all of these requirements.  The detailed explanations for each requirement will provide at least one specific example describing why the feature is needed.  The example may or may not be the most realistic example possible, but it will be the example that I feel makes it easiest to describe why the requirement was asked for.  Finally, keep in mind, the order does not indicate priority.

1. Namespace isolation
2. Prevent noisy neighbor problems
3. Provide Bandwidth /IOPS / response time guarantees
4. Tenant traffic identification
5. Storage Network Service Insertion (e.g., encryption)
6. Authentication (e.g., CHAP)
7. Do not rely on Guest OS resident iSCSI initiators

Namespace isolation

When I say “namespace”, I mean not only a network namespace although that certainly is a part of it.  I’m also referring to things like iSCSI IQNs and in fact anything that can be used to uniquely identify a resource that is remotely connectable.  One example where having more than one namespace would be useful is an environment that is using more than one “orchestration layer software” instance (e.g., two instances of OpenStack).  In this case, let’s assume we have two groups working with different OpenStack versions and they want to utilize the same Storage Array simultaneously and furthermore will connect to it via iSCSI.  Maybe one group is working with the Havana release performing QA testing in preparation for rolling out a service, while the other team is performing dev/integration testing with the Icehouse release.  For the sake of this example, let’s assume the array only supports a single namespace.

Although this may seem like a reasonable configuration, there are a number of problems:

1. The Storage Array would need to be able to support multiple Cinder drivers simultaneously pulling from the same pool of physical resources.
2. The LUN Masking software on the array would need to be able to handle the case of a duplicate IQN being used without the risk of exposing one tenant’s data to another.  BTW, I’m not saying this is likely to happen, but it’s possible.
3. The duplicate IP Addresses used by both tenants would probably cause the biggest problem in this case (I mean, just look what's it's doing to "Bumble").  Due to the way that routing and forwarding works, the array would be unable to determine which network interface to use when responding to an IO.

As shown below, one possible solution to these problems would be to provide isolated namespaces for each OpenStack instance.

This could be achieved by utilizing a Virtual Storage Array (or something like it).  If you’re unfamiliar with this concept, you can think of each VSA as a Virtual Machine that provides storage services and contains its own network namespace.  As far as each VSA would be concerned it would be under the control of a single Cinder driver and would not see duplicate IP Addresses (as long as the Networks shown above are separate).  Also, since provisioning is done on a per VSA basis, there would be no issue with a duplicate (spoofed) IQN getting access to volumes that they shouldn’t.  Today, EMC supports the concept of a Virtual Data Mover (VDM) on the VNX platform but I would expect to see support for this feature expanded as it makes sense to do so.  For now let’s just assume that the concept of a VSA is useful in certain scenarios and that they can be dynamically instantiated as needed (like a VM).

Prevent noisy neighbor problems

When I use the term “noisy neighbor”, I’m referring to the ability of one network end device to negatively impact the effective Quality of Service (QoS) being experienced by another end device.  There are also many other types of noisy neighbor issues (e.g., spindle contention) that can be experienced by tenants that are sharing the same physical resource (e.g., physical disk).  Although these other types of noisy neighbor problems are serious ones that need to be addressed, they are not strictly related to connectivity, so I’m not going to attempt to discuss them here.  I will say that we have a group of very smart people working on physical resource sharing and they are continually enhancing our products to ensure the resources that are allocated are actually delivered to the end user.

In terms of a noisy neighbor as it applies to connectivity, using the previous diagram it’s probably not immediately apparent that there could be an issue.  However, if I redraw things slightly it should become a bit easier to understand. 

The diagram shows both VSA instances are being connected to by a different physical host via a different Virtual Network instance.  This Virtual Network Instance could be a VLAN, a VXLAN or both VLAN and VXLAN.  I will be providing much more detail about this concept later in this series.  The point relevant to noisy neighbor prevention is that both VSAs share a common physical interface.  If this interface were using a lossless protocol such as FC, or a protocol that used DCB (FCoE and Lossless iSCSI), congestion in one VSA would impact traffic to the other VSA if all of the VSAs were using the same priority or more specifically CoS.  This is not only theoretically possible (since there are only 8 ethernet CoS), but in practice many switches only support a single lossless CoS, so it's likely that you’d encounter this situation.  If you’re interested in congestion spreading in a lossless network, check out the Congestion and backpressure section of the Networked Storage Concepts and Protocols techbook.  In the case when traditional iSCSI, File and even Object protocols are used, there’s nothing to prevent spikes in traffic in one Virtual Network from impacting the other.   This problem can be exacerbated in a Virtual Server environment as shown below.

Although not explicitly shown in the diagram, the configuration above would require that the storage protocol in use be terminated in the VM.  While this is possible with iSCSI, it violates one of the requirements I’ll talk about later and in general is not done all that frequently anyway.  It’s much more likely that someone would want to use a File or Object based protocol in this kind of configuration.   In any case, you can imagine that since both VMs are using the same physical connection and there’s no arbitration of network resource allocation being done, it’s possible for each end device to impact the effective QoS being observed by any of the others.

One theoretical solution to this problem would be to implement some kind of traffic shaping (TS) entity at the network edge as shown below.  The problem is, for reasons that are outside the scope of this post, guaranteeing end-to-end bandwidth for an arbitrary number of end points across an arbitrary network topology is something that has proven to be an elusive feature to develop.    

All of that in mind, let’s assume that it will be possible to use something like this approach to limit the amount of bandwidth consumed by an end device.  Although I do realize that this not the same thing as bandwidth guarantee, I’m only suggesting it because I know where I’m going with this line of reasoning.  I’ll just beg for your indulgence until I get to the topologies portion of this series. 

As I mentioned earlier, many end users don’t want to make use of iSCSI initiators that reside inside of the Guest (VM) and this further complicates things for us because of the way iSCSI traffic originates from a hypervisor such as ESX.  As shown below, the problem is unless you’re using an iSCSI HBA, there’s a single iSCSI Initiator instance and this has some interesting side effects.  The most important one from a connectivity point of view is that all iSCSI storage traffic appears to originate from a single iSCSI initiator.  Of course this single initiator can be presented out of multiple network interfaces but short of creating a data store for each VM and then making sure the LUNs in the datastore are only visible via a specific NIC, there’s currently no way to associate a particular VM and its associated IO with a particular network interface.  It seems like every time I point out this issue to someone, they start by asking “aren’t VVOLs are going to solve this problem?” and the answer is NO!  Again shown in the diagram below I’ve added some smaller disk shaped objects that are intended to represent VVOLs.  The point being VVOLs are a SCSI level entity that sit one level above iSCSI in the stack, so VVOLs allow for the identification of VMs but all IOs for a group of VVOLs that are being accessed at the same protocol endpoint will still experience the IO blender issue. 

An architecture that resolves the IO blender issue is shown below.  Note that there are multiple tenants each with their own iSCSI Initiator.  Traffic could be shaped on a per Initiator basis such that each tenant is allowed to consume a fixed amount of bandwidth.  Again, this is not a guarantee from the network, just a guarantee that on a per hypervisor basis each tenant can only consume a certain amount of network bandwidth.  VVols could still be used in this configuration to allow for per VM storage actions to be performed.  

So the astute reader will note that the vast majority of what is described above is not supported today and they would be right.  However, I will tell you that with the exception of VVols, we’ve set something like this up in the lab using LXC containers as the tenant entities and KVM VMs for the VMs.  We did run into a number of problems but that’s a story for another post.  BTW, as I was writing this I noticed a blog post and thought the timing was funny given the fact that I’ve just essentially alluded to nested Hypervisors. :-)

All joking aside, the majority of the “tenant box” above could be implemented as management abstractions, the only piece required to eliminate the cross tenant IO blender effect is one initiator per tenant.  Keep in mind that each initiator would probably also want to exist in its own namespace for the reasons that I described in the “namespace isolation” section above. 

Provide Bandwidth /IOPS / response time guarantees

Above I described how a “traffic shaper” could enforce bandwidth utilization limits on a per tenant per server basis; I’ll come back to this later when I describe a couple of topologies that could meet all of the requirements.  In this section I will briefly discuss providing IOPS and Response Time (RT) guarantees. 

When my colleagues from the array teams talk about IOPS and RT, it’s typical for them to think of this in terms of the T4 (T = Time) segment of the diagram shown below.  This is because they know exactly when the target (labeled as T in the VSA) receives the IO, how long it takes them to complete it and how many times they do this on a per initiator per second basis.  Also when you provision storage and assign IOPS and RT performance parameters on the array, this is really the only way you can think about it.  This is because although the Array knows exactly how many IOPS it’s performed and whether or not it is capable of satisfying the IOPS allocated to each initiator, it has no way to determine (let along alter) how diagram segments T1, T2 and T3 are impacting the effective RT at the VM or how other factors (e.g., congestion in the network) are impacting the ability of a given initiator to perform the number of IOPS allocated to it. 

Some networking vendors, especially Brocade with their Fabric Vision concept, are trying to address this problem by adding functionality that allows them to monitor for and report congestion in segments T2,T3 and to a limited extent T4.  While this certainly represents a huge step in the right direction, I don’t believe it addresses segment T1.  In addition, although I know there are a number of customers using things like Storage IO Control (SIOC) with ESX, I don’t think it completely addresses this problem either. 

In my opinion, in order to address the problem from end-to-end (T1-T4), an additional block of functionality will need to be added and I’ve labeled it as “IOM” in the diagram above.  As I'll describe in subsequent sections, the IOM (I/O Manager) would ideally contain three functions:

1. IOPS and Response Time (RT) Monitoring
2. Remediation for IOPS and Response Time related issues
3. Encryption

For now, we'll just focus on the first two and discuss encryption later.

Monitoring for Response Time was breifly described above and is fairly straight forward.  Essentially the IOM would put a timestamp on each I/O as it "enters" the module.  When the I/O completes the total IO completion time can be calculated.  

• If the I/O completed within the allocated time no additional action would be required but the completion time value could be stored for some period of time.  Perhaps even a rolled up average could be stored for longer periods of time.  
• If the I/O did not complete within the allocated time, this condition could be flagged.  If enough of these conditions occurred in a pre-defined period of time, the remediation functionality could be invoked.  I'll provide more detail on this below.    

Monitoring for IOPS is a bit more convoluted because although you could set a minimum IOPS threshold, you would need to be able to distinguish between the following two cases:

1. a VM would like to perform additional I/O but it cannot for some resource related reason, or
2. it just doesn't have any more I/O to perform that second.

The solution to the above would almost certainly involve monitoring I/O queues and would be implementation specific. 

Once you've identified an IOPS or Response Time related issue, the remediation functionality would need to determine the correct action to take to resolve the issue.  The action could be taken automatically and this would be the expected action for severe issues.  One example would be a path going down (loss of a link) and the action that something like PowerPath would take to resolve it.  The action could also be simply to notify the administrator and this might be a better remediation step for chronic issues, especially if the remediation step involves relocating the storage volume to another array (e.g., FAST Sideways).      

Tenant traffic identification

The basic idea behind this one is to allow for the identification of frames or packets that belong to a given tenant and to be able to perform this identification anywhere in the infrastructure.  At least one Customer was interested in the feature for a security related reason.

For better or worse, when I think of a tenant, I tend to think in terms of vCloud Director and its concept of an Organization VDC, see below for my graphical interpretation.

   

If we use this model and we decide that we want the ability to identify a tenant's traffic between the Initiator (labeled INIT) and the storage (the blue or red "soup can" shape above the INIT), then we would need to isolate each tenant onto a separate physical host.  Again, as I described above, the reason for this has to do with the relationship of an iSCSI initiator to a ESX host.  This relationship also has implications to Storage Network Service Insertion as I describe below.   

Storage Network Service Insertion

Storage Network Service Insertion is similar to Network Service Insertion.  Both Network Service Insertion and Storage Network Service Insertion support:

• dynamic service insertion (e.g., inserting a new service into an existing flow); and
• service composition (e.g., building a network service and then deploying it for use). 

Examples of dynamic Storage Network Service Insertion could be:

• the addition of an inflight encryption appliance;
• the redirection of a flow to a security appliance for a closer look at access patterns, etc; or
• the FAST Sideways use case.  Essentially, you could migrate a storage volume to a different storage appliance and take advantage of features supported by that appliance. 

The above use cases require that tenant flows be isolatable and this is one of the reasons that we think one initiator per tenant is interesting.

An example of Storage Service composition, is shown below.

Typically, I like to think about Service Composition in terms of a user requesting a specific amount of capacity with a set of desired attributes.  I won’t go into details about the services themselves and how they relate to one another other than to say that in this case:  

• the Initiator on the Hypervisor would access a Virtual Volume on the VPLEX
• The Virtual Volume would in reality consist of multiple services each being provided as follows:
• VPLEX would provide the "distributed cache coherency" and "addressability" services
• VMAX would provide the "storage capacity" service
• Data Domain would provide the "dedup" service

The important piece to consider here is that these Storage Service Compositions could be dynamically created as needed without the need for pre-provisioning or manually configuring connectivity.

Authentication (and Encryption)

The customers we spoke with not only wanted the ability to authenticate the identity of an Initiator and a Target.  As we dug into this requirement some more it turned out at least one of them also wanted the ability to provide Encryption as a Service (EaaS) to their tenants.  Originally when we were talking about EaaS, we were thinking about it in terms of a service that you could insert between the initiator and a trusted network device.  Once encrypted, the flow could take any path to reach another trusted portion of a network then be decrypted and sent to its Storage Target.  This seemed to work for many use cases.  However, eyes really seemed to light up when we asked if it would make sense to put this functionality inside of the IOM block I described above.

The basic idea is that the tenant would purchase the encryption service from the service provider and part of the provisioning process would involve the IOM interacting with a key manager on behalf of the tenant perhaps using KMIP.  The idea is to provide tenant level encryption without requiring tenant involvement in the key management process.

Do not require Guest resident iSCSI Initiators

At least one of the customers we spoke with had supportability and security concerns with an approach that relied on iSCSI initiators being installed in the Guest OS (VM). 

As it turns out, we had a scalability concern with this approach especially if every VM (up to 4000 in a rack) were to utilize a common storage array.  The problem is each login consumes system resources and potentially creates management complexity.  Because of this problem and due to the fact that at least one customer didn't like the approach, we decided to focused on per tenant iSCSI Initiators (when iSCSI is required)

Next time...

OK, well that pretty much sums up the description of the requirements.  In part 3 I'll propopse a couple of topologies that either partially or completely satisfy the requirements described above.

Thanks for reading!

Coming soon: The next generation E-Lab Interoperability Navigator!

As many of you know, E-Lab Interoperability Navigator (ELN) is a free E-Lab resource that anyone can use to determine which configurations and solutions have been tested and are currently supported by EMC.   What many of you may not fully appreciate is the staggering amount of work that it takes to keep this information relevant and up-to-date.  Consider this; 130 Engineers working in three different global locations testing over 8000 multi-vendor products.  Once tested, these new products can be used to create 20 million configurations and solutions which are then used to satisfy the 2 million queries they receive every year. 

A few weeks ago I heard that the ELN team was almost finished with a refresh of the user Interface and I have to say I’m really impressed.  It’s much easier to Navigate to the content that I care about, and the new solution based wizard and support envelope intersection views seem like they will be really nice to use.  Also, since I spend the majority of my time in the advanced query section, I like the fact that it has faster product selection and is more dynamic. 

Here’s a sneak peek, take a look for yourself!

If you’re an existing ELN user, you don’t need to do anything.  Starting on Monday April 14^th the new site will go live and you’ll get access to the new UI automatically.   If you are not yet a user, then check it out and see what you are missing.

Thanks for reading!

Virtual Storage Networks - Part 1

We’ve been busy.  For the past three years a group of people including Mark Lippitt, Vinh Dinh, Doug Fierro and I have been working on an idea that we’re referring to as a Virtual Storage Network or VSN for short.  The VSN concept seeks to take advantage of the major disruption currently underway in the networking space thanks to the rise of SDN.  In fact, our work was inspired by what the team at Nicira (now NSX) had been able to accomplish when we were first introduced to them 3 years ago.  Based on what they had done, we saw an opportunity to dramatically improve how we provide storage services to our end users.  As a result, we set a goal to enable the dynamic creation of storage service compositions, automate connectivity between compute and these storage service compositions, and to do so in a way that is compatible with the concept of multi-tenant storage.

It’s important to point out that while our work was inspired by Overlay Virtual Networks (e.g., VXLAN), we expect this work to be compatible with any transport that is capable of providing per tenant isolation.   As a result, VLANs would also be acceptable today.       

One final note before I begin, some of the concepts that I’ll be describing as well as some of the Proof of Concept (PoC) work done in the lab would not have been possible (and probably would not even have occurred to us) without the guidance of Dave Cohen and Patrick Mullaney.

You may already have seen this…

At VMworld 2013, Chad Sakac demonstrated a portion of an EMC advanced development project named “Alta”.  The purpose of the project was to determine the feasibility of running block based protocols (in this case iSCSI) over a VXLAN based virtual network.

 

While the demo and lab experiments proved that this was possible, the demo intentionally left out a number of details such as why you would want to do this or what other benefits could be realized by following this kind of approach.  This blog post and the ones that follow it will attempt to address these questions and also describe the project that we’re currently working on named “Blackhawk”. 

Background

When Fibre Channel was introduced to our Customers back in the mid to late 90s, it solved a couple of connectivity problems related to physical SCSI.  First, it increased the number of servers (Initiators) that could be connected to each storage array interface (Target) and second it increased the maximum distance that could be supported between them.  As is frequently the case, these scalability and reach improvements came with an associated cost.  In this case, the cost was the need to manually define which initiators were allowed to access which targets via the FC fabric.  This connectivity definition is referred to as a zone and the process of creating a zone and adding it to a configuration or zone set must be repeated once per initiator.  To this day zones are still required in both FC and FCoE environments for reasons that are beyond the scope of this blog post.  For now, it will suffice to say that zoning allows for multiple users to simultaneously use an FC/FCoE SAN and their presence reduces the load on the Name Server allowing fabrics to scale to sizes that would otherwise be impossible.

One issue that was discovered early in FC's life was the need for LUN masking.  Although the exact details are also outside the scope of this post, it was created to solve an issue caused by a pair of UNIX admins who were unable to nicely share the Logical Units (LUs) being presented behind a single target interface that both had been zoned to have access to.  Since this sort of problem limited the value of the connectivity benefits described earlier, a couple of EMC engineers discussed alternatives and came up with the concept of using the Initiator WWPN to limit which Logical Unit Numbers (LUNs) could be accessed.  The downside to this solution was that it required administrative configuration, but this was acceptable given the connectivity benefits our customers could realize with FC.

Since then, due to an overwhelming customer demand for automation, there have been many attempts to create a solution that would automate the storage provisioning process (e.g., FC zoning, LUN creation and LUN masking), my personal favorites are TDZ and the UFC.  That having been said, there are also products such as EMCs ViPR that do a good job and are actually available for our customers to use today.  In the future, we can expect to see other approaches to zoning automation appear in the market.  One example is the work that is being done on OpenStack Cinder by a group of Engineers from companies including Brocade, EMC and HP.  See this blueprint for more information.     

While all of this work will certainly help automate the storage provisioning process, the problem is the solutions used to realize them will only be applicable in environments that both use FC and have the connectivity automation (e.g., ViPR, Cinder FC Zoning service) software installed.  This is concerning to us because many customers, especially those in the Service Provider space, are not interested in using FC in their environments and as a result we cannot rely solely on FC solutions to automate connectivity to our storage arrays.  Also many service providers, want to “roll their own” orchestration layer and this means solving the problem solely with ViPR or OpenStack may not be applicable to the fastest growing segment in the IT space. 

I should point out that OpenStack somewhat automates connectivity between compute and Storage today when iSCSI is used.  I view this as a good thing but as I’ll describe later on, this approach doesn’t completely solve the connectivity automation problem.

So with that in mind, what I’m about to describe is an architectural enhancement that ViPR, vCAC, OpenStack, etc may (or may not) eventually decide to embrace.  The reason we feel this enhancement is needed should come as no surprise, competition… 

Enter Server SAN

I tend to get very excited when I hear people describe Server SAN as a panacea.  I have no doubt that ScaleIO, VMware VSAN, etc will prove to be useful and economical in many situations going forward (others are even a bit more optomistic).  The specific use cases that intrigue me today are dev/test, remote office locations (where an array may not make sense) and maybe with VDI.   That having been said, it’s interesting to note that for the most part, these Server SAN solutions do not provide many features that customers consider “Enterprise class” such as remote replication, dedup, FAST or multi-tenant isolation.  I also have concerns about the amount of network bandwidth that will be consumed to replicate data between storage nodes and the CPU cycles that are consumed not only today but in the future as the various Server SAN vendors try to add Enterprise class features.  To be fair, I do realize that not all environments are 100% utilized and therefore something approaching equilibrium will eventually be found between environments that are suitable for Server SAN and those that are not.

One area where a Server SAN solution, particularly VSAN, seems to excel is ease of use.  While listening to the VSAN user panel at VMworld last year, I was blown away with not only how simple VMware had made the actual provisioning process, but also with how well this approach would lend itself to automatically scale without the need to provision networking and storage.  Listening to the moderator and panelists talk, one could imagine data centers filled with “Pods” consisting of nothing but compute and network resources.  Although these pods would have inherent scalability limitations, they could scale to a reasonable size, be deployed repetitively, be managed as a Federation and eliminate all need for external storage arrays…  Since I work for a company that is known for world class Enterprise Storage Arrays, you can imagine I found this kind of talk, ah, um, ALARMING.. :-)  Especially since at least a few companies have figured out how to get some of these concepts to actually work (e.g., Amazon).  After listening to these panelists, a number of things prevented me from giving into despair and “jumping out of the nearest window”:

1. I believe that customers value enterprise class features,
2. Server SAN solutions will find these features difficult to implement,
3. These Server SAN solutions are unable to meet many of the following multi-tenant storage requirements that were gathered by working with a number of Service Providers interested in providing IaaS solutions.

Service Providers and multi-tenant storage requirements

For a while now we’ve been talking with some of our customers in the service provider space about their requirements for next generation multi-tenant storage services and how these storage services are likely to be used and exposed to their end users.  Before I dive into these storage requirements, it’s important to note that this is not an exhaustive list.  The requirements I’ll be sharing are only those directly related to storage connectivity.  You’ll notice that absent in the requirements and the subsequent solutions are most of the details that describe how the storage or storage service will be consumed by each tenant.  This will undoubtedly strike some of you as odd because I spent a fair bit of time at the beginning of this post describing how Customers want things to be automated.  My answer is simply this, in order to create the necessary higher level abstractions and provide things like automated connectivity and differentiated per-tenant services; the underlying infrastructure must undergo some fundamental changes.  The remainder of this post and the ones that follow will be dedicated to describing the requirements we captured, the fundamental infrastructure related changes needed to support those requirements and how connectivity automation will be used to facilitate this.

It's important to note that the entire concept of multi-tenancy and its application to storage is still very much in its infancy.  The requirements that I’m going to share and the solutions being proposed to address them are just that, proposals.  Although we’ve spent a fair bit of time in the lab trying to get different pieces of this to work, there’s a TON left to do.  As a result, please think of the remainder of this VSN series as an attempt to start a discussion and not a lecture on how things ought to be done.

Storage and Tenants

One last point that I have to make before I get into the storage requirements themselves is the current state of tenancy and how it relates to storage.  From the perspective of many in the industry, the concept of a tenant really only includes Compute and Network elements.  Oh sure, you can allocate storage to a particular tenant and other tenants will not be able to access that storage, but the concept of tenancy typically doesn’t extend all the way to the storage tier.

At best, today the tenant concept can be partially and somewhat cumbersomely extended to include network elements using a variety of means, some of which will be discussed in the following section.  Again, fully extending a tenant’s “personality” all the way to the Storage tier matters because many of the requirements I’ll be describing below cannot be fully satisfied otherwise.

Requirements for multi-tenant storage

As stated before, the following requirements were gathered by speaking with several of our customers who are interested in multi-tenancy.  The order does not indicate priority.

1. Namespace isolation
2. Prevent noisy neighbor problems
3. Provide Bandwidth /IOPS / response time guarantees
4. Tenant traffic identification
5. Storage Network Service Insertion (e.g., encryption)
6. Authentication (e.g., CHAP)
7. Do not rely on Guest OS resident iSCSI initiators

In part 2 of this VSN series, I will provide an in-depth explanation for each of these requirements.  In part 3, I’ll describe a couple of topologies that either partially or fully satisfy these requirements and then in part 4, I’ll describe how we think we can automate connectivity.  

Thanks for reading!