Interesting look at Win cpu usage vs Vmware CPU usage

I came across this scenario:

The windows task manager shows the cpu of the vm pegged at 100%.

The vmware performance monitor says that the vm is only using 5-60% of the CPU.

Given the vm's pegged performance, I am definitely seeing that there is a disparity among the two graphs.

"suffice it to say that if you are looking for an absolute view of how CPUs are being used, you cannot trust the guest’s view of itself"

From <http://blog.logicmonitor.com/2013/02/25/a-tale-of-two-metrics-windows-cpu-or-vcenter-vm-cpu/>

Meaning, that while the guest may think all of the cpu is in use, for itself, there are tiems when the cpu is not accessible to the vm due to cpu sharing. So at load even if the vm thinks that the cpu has been loaded up to 100%, the physcial cpu isnt at 100% which is what the vcenter graph shows.  Vcenter shows the vm only using 50% of the cpu.

In windows Is the vm's cpu meter correct then?

According to the VM, its using 100% of the resources available to it, so yes it is correct.

While it may not be using 100% of the pshycal cpu, it is using 100% of the allocated cpu so that is what windows reports.

***of course make sure you don’t have any storage latency issues either. You don’t want the vm to be in a high ready state. Ready states should be under 5%'

http://kb.vmware.com/kb/2001003

Read More

Windows 7 - Adding drivers to the INF folder

Add drivers to driver store in windows

Creating a win 7 image.
Have some drivers I wanted to add to the driver store.
Can not just paste them into %SystemRoot%\INF because Windows deletes it.

How can you add it?

use PNPUTIL.exe which is included as part of win7.
example : pnputil /a c:lenovo\NICDriver.inf  would add a nic driver.

What if you have many drivers??

That is kind of not fun if you need to add the drivers for 5 different models.
You can place them in one directory, and then use this script  that Alexander Stein placed on github.
Thanks Alexander!
https://gist.github.com/ajstein/1021553
note: you are going to get unsigned driver warnings and will have to OK them.
There is a way to sign the drivers if you would like, but I didn't really look into that since I only had a few to do.

@ECHO OFF

 

IF "%1" == "" GOTO ERROR

 

ECHO.

ECHO Checking dir %1 recursively for drivers. 

ECHO.

 

FOR /F "tokens=*" %%D IN ('DIR /B /AD /S %1') DO PNPUTIL -a "%%D\*.inf" 2>&1 >> %WinDir%\system32\driverimport.log

 

GOTO EOF

 

:ERROR

ECHO Missing argument! Must include QUOTED directory path!

ECHO %0 "C:\path\to\driver\folder\"

 

:EOF

Read More

Good for Enterprise problems sending emails to my phone :

Good for Enterprise problems sending emails.

·         Was having problems sending emails from Good.

·         I reinstalled the software from the phone.

·         I removed and readded the phone from the GMC (Good Mobile Control)

·         Service Status was connected

But I was Paused and the Paused reason was “Exchange not Accessible”

 

I was the only one that this was happening to.

I did notice I was added to a different security group in AD.

The problem ended up being that the Good account that sends emails did not have permission to send emails for me so the good account had to explicitly get the “Send on behalf of “ permission to my mailbox.

From Good:

Send As" permissions will get removed if the user is part of a protected group as defined by Microsoft at http://support.microsoft.com/kb/907434 

Now Im getting emails and it works like the application is supposed to.

Read More

GET UUID of your hosts.

While you can get the uuid of your hosts 1 by 1
https://<HOST>/mob/?moid=ha%2dhost&doPath=hardware%2esystemInfo

but when you have a lot of hosts that is a little time consuming to do that.
This script from http://thephuck.com/scripts/script-to-pull-host-uuid-for-vmware-powercli/
has the ability to get all the uuids from the hosts you have.
Thanks Luke Huckaba!

Worked great

Usage is like this:

Get-VMHostUUID.ps1 -vmhosts ("host1","host2","host3")or

Get-VMHostUUID.ps1 -vc vcenterserver -container cluster1/folder/dc/etc

param([string]$vc = "vc", [string]$container = "container", [string[]]$vmhosts = $null)

#add the snapin, just in case
Add-PSSnapinVMware.VimAutomation.Core

#Show Usage
function usage()
        {
        Write-host -foregroundcolorgreen `n`t"This script is used to pull UUIDs for all hosts provided."
        Write-host -foregroundcolorgreen `n`t"You can either specify -vmhosts as an array:"
        write-host -foregroundcoloryellow `n`t`t"Get-VMHostUUID.ps1 -vmhosts (`"host1`",`"host2`",`"host3`")"
        write-host -foregroundcolorgreen `n`t"or specify -vc and -container, where container is a host name, cluster, folder, datacenter, etc:"
        write-host -foregroundcoloryellow `n`t`t"Get-VMHostUUID.ps1 -vc vcenterserver -container cluster1" `n
    write-host -foregroundcolorgreen `t"if -container is not used, it pulls ALL hosts from the given vCenter" `n
           write-host -foregroundcolorgreen `t"You can use either -vmhosts by itself, or -vc, not a combination of them, and -container is optional."`n
        }

function Get_UUID()
{
    foreach($vmhost in $vmhosts)
        {
           if ($esx -eq 1)
           #do this only if connecting directly to ESX hosts
                {
                connect-viserver $vmhost -credential$vmhost_creds >$NULL 2>&1
                }
        $vmhostUUID= (Get-VMHost $vmhost| Get-View).hardware.systeminfo.uuid
    Write-Host`n
        Write-Host -foregroundcolorgreen "Server: " $vmhost
        write-host -foregroundcolorgreen "UUID: " $vmhostUUID
            if ($esx -eq 1)
            #disconnect from the current ESX host before going to the next one
        {
        disconnect-viserver -confirm:$false
        }
        }
            if($vcenter -eq 1)
        #disconnect from vcenter
        {
        disconnect-viserver -confirm:$false
        }     
}

#check to make sure we have all the args we need
if (($vmhosts -eq $null) -and ($vc -eq "vc"))
    #if vmhosts and vc is not supplied
        {
        usage
    break
        }

elseif (($vmhosts -ne $null) -and ($vc -ne "vc"))
    #if both vmhosts and vc was supplied
        {
        usage
    break
        }

elseif (($vmhosts -ne $null) -and ($container -ne "container"))
    #if both vmhosts and container was supplied
        {
        usage
    break
        }

elseif (($vmhosts -ne $null) -and (($vc -eq "vc") -or ($container -eq "container")))
    #if only vmhosts is used, set our esx variable to 1 and get credentials
        {
    $esx= 1
    $vmhost_creds= $host.ui.PromptForCredential("ESX/ESXi Credentials Required", "Please enter credentials to log into the ESX/ESXi host.", "", "")
    Get_UUID
    }

elseif (($vmhosts -eq $null) -and (($vc -ne "vc") -and ($container -eq "container")))
    #if vc and container are used, set our vcenter variable to 1, get credentials, and populate vmhosts
        {
    $vcenter= 1
    $vc_creds= $host.ui.PromptForCredential("vCenter Credentials Required", "Please enter credentials to log into vCenter.", "", "")
    connect-viserver $vc -credential $vc_creds> $NULL 2>&1
    $vmhosts= get-vmhost| sortname
    Get_UUID
        }

elseif (($vmhosts -eq $null) -and (($vc -ne "vc") -and ($container -ne "container")))
    #if vc and container are used, set our vcenter variable to 1, get credentials, and populate vmhosts
        {
    $vcenter= 1
    $vc_creds= $host.ui.PromptForCredential("vCenter Credentials Required", "Please enter credentials to log into vCenter.", "", "")
    connect-viserver $vc -credential $vc_creds> $NULL 2>&1
    $vmhosts= get-vmhost-location $container| sortname
    Get_UUID
        }

#garbage collection
$vmhost_creds =$null
$vc_creds = $null
$vmhosts = $null
$vc = $null
$container = $null
$esx = $null
$vcenter =$null

Output is something like this:

Server: server1

UUID: 12345678-90ab-cdef-1234-567890abcdef

Server: server2

UUID: 12345678-90ab-cdef-1234-567890abcdef

Server: server3

UUID: 12345678-90ab-cdef-1234-567890abcdef

Pasted from <http://thephuck.com/scripts/script-to-pull-host-uuid-for-vmware-powercli/>

Read More

Visualesxtop problems starting the java bat file

What is it:
Visualesxtop, a new fling that gives you a graphical way to view esxtop data
Get it here
http://labs.vmware.com/flings/visualesxtop












Problems Starting:
Make sure Java is installed


If installed:


If you are getting an error where the bat file wont run like so:









'Java’ is not recognized as an interna1 or external command,
Operable program or batch file.


Then edit the bat file to enter the path directly to java;


Like so:
"C:\Program Files (x86)\Java\jre7\bin\java.exe" %JAVA_OPTS% -cp "%~dp0\lib\vtop-ui.jar" com.vmware.vtop.VTopMain %*











Now it will run

















Note :Win7/8
Right now as of this post there seem to be problems but the engineers are working on it

Read More

White paper summary :: Deploying 10 Gigabit Ethernet on VMware vSphere 4.0 with Cisco Nexus 1000V and VMware vNetwork Standard and Distributed Switches

http://www.vmware.com/files/pdf/techpaper/WP-VMW-Nexus1000v-vSphere4-Deployment.pdf


My notes on the white paper above: using it for review and jotting down things I find important.
Please read the white paper for concepts I may gloss over since it’s a review for myself.
The reason I am going over this is even though vsphere5.x Is out, the concepts are probably relevent.




Design guidance for implementing 10 Gigabit Ethernet networking with VMware vSphere 4.0 (including VMware ESXi 4.0 and ESX 4.0 and associated updates) in a Cisco network environment.


Design Goals
1. Availability: The design should be capable of recovery from any single points of failure in the network outside the VMware ESX or ESXi server. Traffic should continue to flow if a single access or distribution switch, cable, or network interface fails.
2. Isolation: Each traffic type should be logically isolated from every other traffic type.
3. Performance: The design should provide the capability to impose limits on some traffic types to reduce the effects on other traffic types.


VMware ESX and ESXi Network Adapter Configurations
4. the most common configurations
5. Two 10 Gigabit Ethernet interfaces (converged network adapter [CNA], network interfacecard [NIC], or LAN on motherboard [LOM]).
6. Two 10 Gigabit Ethernet interfaces (CNA or NIC) plus two Gigabit Ethernet LOM ports (used for management)
7. the most common design scenario, all traffic is converged to two 10 Gigabit Ethernet interfaces.




Traffic Types in a VMware vSphere 4.0
8. Management: very low network utilization, but it should always be available and isolated from other traffic types through a management VLAN
9. Vmotion :: separate VLAN specific to VMware Vmotion :: a single VMotion migration can use up to approximately 2.6 Gbps bandwidth, with 2 running at the same time
10. Fault-tolerant logging:  latency less than 1ms, separate vlan
11. (iSCSI) :: two iSCSI vmkernel ports canbe bonded to allow iSCSI traffic over both physical network interfaces:: typically iSCSI-specific VLAN , although targets may reside on another VLAN accessiblethrough a Layer 3 gateway.
12. NFS: typically NFS-specific VLAN , although targets may reside on another VLAN accessible through a Layer 3 gateway.
13. Virtual Machines:distributed over more than one VLAN and be subject to different policies defined in port profiles and distributed virtual port groups.


Cisco Nexus 1000V 10 Gigabit Ethernet Network Design
Network architects can use two different approaches for incorporating the Cisco Nexus 1000V into the data center network environment: virtual PortChannel (vPC) and MAC pinning
Both design approaches provide protection against single-link and physical-switch failures,
they differ in theway that the virtual and physical switches are coupled and the way that the VMware ESX or ESXi server traffic is distributed over the 10 Gigabit Ethernet links.
vPC recommended when vPC or clustered physical switches are available at thephysical access layer. MAC pinning should be chosen when these options are not available.


VPC
allows the aggregation of two or more physical server ports to connect to a pair of Cisco Nexus 5000 or 7000 switches to make the connection look like one logical upstream switch.
provides better bandwidthutilization and redundancy
10 Gigabit Ethernet uplinks from the Cisco Nexus 1000V are aggregated in asingle logical link (PortChannel) to the two adjacent physical switches.
The adjacent physical switches require vPC  theyappear as a single logical switch distributed over two physical chassis.


MAC Pinning
uplinks from the Cisco Nexus 1000V are treated as stand-alone links.
each 10 Gigabit Ethernetinterface is connected to a separate physical switch with Layer 2 continuity on all IEEE 802.1Qtrunked VLANs between the two switches.
Virtual Ethernet ports supporting virtual machines, andvmkernel ports are allocated in a round-robin fashion over the available 10 Gigabit Ethernet uplinks.
Each MAC address is pinned to one of the uplinks until a failover event occurs


Traffic Isolation and Prioritization
1000V can provide consistent traffic isolation for the various VMware traffic types using port profiles.
Port profiles map to distributed virtual port groups (Dvport)
Within port profiles, parameters can be set that apply to a specific traffic type such as management, IP storage, VMware VMotion, or virtual machine traffic.
parameters cover suchdetails as port security, VLAN, and ACLs.
Policy maps for QoS treatment can be set on a per-portprofile basis to enable policing and prioritization


Limit traffic
critical that any one type of traffic does notoverconsume the bandwidth.
limit the ingressor egress bandwidth down to the virtual Ethernet port level
can be applied as part of a port profile for a particular type of traffic (ie: Vmotion )
can also be applied on a per-virtual Ethernet interfac




PortChannel Technology
A MEC capability such as vPC, VSS, or VBS is required on the adjacent physical switches to enable the PortChannel to span both physical switches and still maintain availability
When PortChannels are spread across more than one physical switch, the switches are deemed to be clustered.
clustering is transparent to the Cisco Nexus 1000V Switch
When the upstream switches are clustered, the Cisco Nexus 1000V Series Switch should be configured to use an LACP PortChannel with the two 10 Gigabit Ethernet uplinks defined by one port profile.
Traffic is distributed over the available links (two 10 Gigabit Ethernet links in this case) according to the load-balancing algorithm configured at each end of the PortChannel.




VMware vSS and vDS Configuration
 configuration for 10 GigabitEthernet with both VMware vSS and vDS is similar.


Teaming Policy Options
14. Originating virtual port ID ::Uplinks in same Layer 2 domain on all trunked VLANs   best practice recommendation
15. IP hash :: Static IEEE 802.3ad PortChannel required on uplinks (no LACP) :: Traffic distributed according to SRC-IP or DST-IP hash ::
requires the uplinks to be aggregated into a staticPortChannel.
16. Source MAC hash :: Uplinks in same Layer 2 domain on all trunked VLANs :: should be used only if you have multiple MAC addresses assigned to a vnic and you require additional load distribution over the available uplinks.
17. Explicit failover order :: Uplinks in same Layer 2 domain on all trunked VLANs :: highest-order uplink from the list of active adapters that pass failover detection. If one link fails, the next link from the list of standby adapters is activated.




Teaming Policy for Two 10 Gigabit Ethernet Interfaces
a deterministic way of directing traffic on a per-portgroup or per-distributed-virtual-port-group basis to a particular 10 Gigabit Ethernet uplink.
Virtual switch trunking (VST) mode: Trunk the required VLANs into the VMware ESX or ESXi hosts over both 10 Gigabit Ethernet interfaces and make sure that there is Layer 2 continuity between thetwo switches on each of those VLANs.
Virtual machine port groups or distributed virtual port groups: Make these active on one vmnic and standby on the other
vmkernel port groups or distributed virtual port groups: Make these active on one vmnic and standby on the other in reverse to that for the virtual machines
With both NICs active, all virtual machine traffic will use vmnic1, and all the vmkernel ports will use vmnic0. If a switch, link, or NIC failure occurs affecting one uplink, then all traffic will converge to the remaining vmnic
Another variation spreading the virtual machine traffic over both uplinks through the originating virtual port ID policy with both 10 Gigabit Ethernet uplinks active in that port group or
distributed virtual port group


Using Traffic Shaping to Control and LimitTraffic
If you have concerns about one traffic type dominating through oversubscription
traffic shaper controls and limits traffic on a virtual port.
VMware VMotion, management traffic, and fault-tolerant logging are effectively capped,
this process really concerns only iSCSI and NFS
The traffic shaper is configured on the port group (or distributed virtual port group).
On vSS, the shaper applies only to ingress traffic
vDS supports bidirectional traffic shaping.
do not specify a value greater than 4 Gbps :: reason :: 4gb Mod on value: ie: 5gb =1Gb value

Read More

White paper summary : DMZ Virtualization Using VMware vSphere 4 and the Cisco Nexus 1000V Virtual Switch

http://www.vmware.com/files/pdf/dmz-vsphere-nexus-wp.pdf








My notes on the white paper above: using it for review and jotting down things I find important.
Please read the white paper for concepts I may gloss over since it’s a review for myself.
The reason I am going over this is even though vsphere5.x Is out, the concepts are probably relevant.




This document discusses DMZ visualization and security.


DMZ Virtualization
1. The virtualized DMZ takes advantage of virtualization technologies to reduce the DMZ footprint, (fig1 vs fig2)
2. Security requirements for the physical DMZ design remain applicable in the virtual design.
3. *some virtualization-specificconsiderations need to be taken into account.
4. In a virtualized environment, [appsare on vms], andmultiple [vms] may reside within the same physical server. Traffic may not need to leave
5. the physical server In this environment, a virtual network (vnet) is created within each server.Multiple VLANs, IP subnets, and access ports can all reside within the server as part of a virtualnetwork. (Vswitches)


Vswitch:
6. Traditional methods for gaining visibility into server and application traffic flows may not function for inter-virtual machine traffic that resides within a physical server, and enforcement of network policies can become difficul
7. Cisco Nexus 1000V Series Switches address these concerns by allowing network and server teams to maintain their traditional roles and responsibilities in a virtual networking environment through features and functions comparable to those in today’s physical network switches
8. The virtual switch provides connectivity between a vm's  vNIC physical NICs of the server.


1000v
9. 1000V is a Virtual network Distributed Switch (vDS) consists of two components:
10. virtual supervisor module (VSM) and the virtual Ethernet module (VEM).
11. VSM  acts in a similarfashion to a traditional Cisco® supervisor module. The networking and policy configurations areperformed on the VSM and applied to the ports on each VEM.
12. VEM is similar to a traditionalCisco line card and provides the ports for host (virtual machine) connectivity. The VEM resides in the physical server as the virtual switching component.
13. The physical NICs areconfigured as uplink ports on the Cisco Nexus 1000V Series.




following sections describe some of the Cisco Nexus 1000V Series features


Port Profiles and Port Groups
14. some of the network functions now reside in the virtual server platform. VLAN assignment, port mapping, and inter-virtual machine communication
15. The above brings some contention as to who is responsible for the networking and security policies and this virtualized layer
16. server teams rather applying a predefined network policy to their servers.
17. When a network policy is defined on the Cisco Nexus 1000V Series, it is updated in VMware vCenter and displayed as an option on the Port Group drop-down list
18. 1000V Series policies are defined through a feature called port profiles.
19. Port profiles allow you to configure network and security features in a single profile, which can be applied to multiple switch interfaces.
20. apply that profile and any settings defined to one or more interfaces. Multiple profiles can be defined and assigned to individual interfaces




Isolation and Protection
21. VLANs, Private VLANs, ACLs, Anti-Spoofing
22. VLANs with applied ACLs can be used to control traffic to different virtual machines and applications.
23. VLANs provide a reliable and proven method for segmenting traffic flows in the network.
24. Private VLANs provide a means for isolation of machines within the same VLAN ::
25. Private Vlan :Originally developed for service providers as a means of scaling IP addresses in a hosting environment,
26. Two types of VLANs are used in private VLANs: primary and secondary.
27. The primary VLAN is usually the current VLAN being used for access and is the VLAN carried throughout the infrastructure.
28. The secondary VLAN is known only within the physical or virtual switch in which it is configured. Each secondary VLAN is associated with a primary
29. Three types of ports are available when configuring private VLANs: promiscuous, isolated, and community
30. Isolated ports can communicate only with the promiscuous port and cannot communicate directly with other isolated ports on the switch
31. promiscuous port is the aggregation point for access to and from each of the secondary VLANs. The promiscuous port is usually the uplink port for the switch and carries the primary VLAN.
32. Community ports can communicate with other ports in the same community and the promiscuous port.
33. If direct virtual machine-to-virtual machine communication is required or if server clustering is being used, a community VLAN can be a valuable feature.
34. anti-spoofing features on the Cisco Catalyst switching platform. :: Dynamic Address Resolution Protocol (ARP) inspection; IP source guard; Dynamic Host Configuration Protocol (DHCP) snooping
35. ARP inspection is being used to map each default gateway to the associated MAC address. This mapping helps ensure that the default gateway IP address is always associated with the correct MAC address.




Increasing Visibility
SPAN and ERSPAN are very useful tools for gaining visibility into network traffic flows.
Traffic flows can now occur within the server between virtual machines without needing to traverse a physical access switch. Administrators may have a more difficult time identifying a virtual machine that is infected or compromised
 NetFlow defines flows as records and exports these records to collection devices. NetFlow provides information about the use of the applications in the data center network.
host-based IPS is one of the most effective ways to protect an endpoint against exploitation attempts and malicious software.
By looking at the behavioral aspects of an attack, Cisco Security Agent (IPS)can detect and stop new attacks without first needing installation of a signature before it can identify the particular attack


Consolidated DMZ Architecture
Traditionally, DMZ designs make use of a separate infrastructure:: requires the use of dedicated servers to host DMZ-based applications.\
Consolidation of a mix of internal and DMZ virtual machines on the same physical server does support a better use of resources, but a strict security policy must be followed to maintain proper isolation

Read More

Personal : Whats next in IT for me

Interesting question, with the scope of work ever changing and tech rapidly racing ahead its time to kick start some new ideas to play with to get a foot in the future trends that are coming. I think I'm downlading puppetlab's demo this weekend and will play aroudn with it. I heard some great things and it seems like its really a force for automation in terms of vmware as well as other things.
Lets see where it heads in the next couple of years.

Read More

whitepaper summary: SAN Conceptual and Design Basics from Vmware

This is my summary notes of the paper  SAN Conceptual and Design Basics from Vmware
http://www.vmware.com/pdf/esx_san_cfg_technote.pdf
These are things that I wanted to write down for quick review.








1. SAN (storage area network), a specialized high‐speed network that connects computer systems to high performance storage subsystems.
2. SAN provides extra storage for consolidation, improves reliability, and helps with disaster recovery.
3. SAN is a specialized high‐speed network of storage devices and switches connected to computer systems.
4. A SAN presents shared pools of storage devices to multiple servers. Each server can access the storage as if it were directly attached to that server. A SAN supports centralized storage management.
5. The physical components of a SAN can be grouped in a single rack or data center or connected over long distances. [think metro]
6. In its simplest form, a SAN consists of one or more servers (1) attached to a storage array (2) using one or more SAN switches


Fabric (4) — The SAN fabric is the actual network portion of the SAN. When one or more SAN switches are connected, a fabric is created. The FC protocol is used to
communicate over the entire network. A SAN can consist of multiple interconnected fabrics. Even a simple SAN often consists of two fabrics for redundancy.
HBA: NIC on the server side
Storage Processor (SP): NIC on the host side


How a SAN Works
7. host wants to access a storage sends ablock‐based access request
8. SCSI commands are encapsulated into FC
9. HBA transmits the request to the SAN.
10. SAN switches receives the request and sends it to the storage processor, which sends it on to the storage device.


Host Components
HBAs and HBA drivers


Fabric Components
11. SAN Switches
12. Data Routers ::intelligent bridges between SCSI devices and FC devices in the SAN. Servers in the SAN can access SCSI disk or tape devices in the SAN through the data routers in the fabric layer
13. Cables
14. Communications Protocol :Fabric components communicate using the FC communications protocol.


Storage Components
15. storage arrays.
16. Storage processors (SPs). The SPs are the front end of the storage array. SPs communicate with the disk array (which includes all the disks in the storage array) and provide the
17. RAID/LUN functionality.
18. Data is stored on disk arrays or tape devices (or both).
19. Disk arrays are groups of multiple disk devices
20. Storage arrays rarely provide hosts direct access to individual drives.
21. RAID algorithms :  commonly known as RAID levels,Using specialized algorithms, several drives are grouped to provide common pooled storage.


RAID group is equivalent to a singleLUN.
LUN: A LUN is a single unit of storage.
Depending on the host system environment, a LUN is also known as a volume or a logical drive.


advanced storage arrays,
22. RAID groups can have one or more LUNs
23. The ability to create more than one LUN from a singleRAID group provides fine granularity to the storage creation process
24. Most storage arrays provide additional data protection and replication features such as snapshots, internal copies, and remote mirroring.
25. snapshot is a point‐in‐time copy of a LUN
26. Internal copies allow data movement from one LUN to another for an additional copy for testing.
27. Remote mirroring provides constant synchronization between LUNs on one storage array and a second, independent (usually remote) storage array for disaster recovery.


SAN Ports and Port Naming
28. a port is the connection from a device into theSAN.:: Each node in the SAN— each host, storage device, and fabric component(router or switch)—has one or more ports
29. WWPN World Wide Port Name. A globally unique identifier for a port (aka WWN)
30. Port_ID (or port address):: Within the SAN, each port has a unique port ID that serves as the FC address for the port. This enables routing of data through the SAN to that port. The FC switches assign the port ID when the device logs into thefabric. The port ID is valid only while the device is logged on.


An FC path describes a route:
31.  From a specific HBA port in the host,
32.  Through the switches in the fabric, and
33.  Into a specific storage port on the storage array.
34. multipathing.:: Having more than one path from a host to a LUN
35. By default, VMware ESX Server systems use only one path from the host to a givenLUN at any time.[this might be outdated]
36. path failover. The process of detecting a failed path and switching to another




37. active/active disk array allows access to the LUNs simultaneously through all the storage processors that are available without significant performance degradation. All the paths are active at all times (unless a path fails).
38. active/passive disk array, one SP is actively servicing a given LUN. The other SP acts as backup for the LUN and may be actively servicing other LUN I/O. I/Ocan be sent only to an active processor.


Zoning provides access control in the SAN topology;
39. defines which HBAs canconnect to which SP
40. multiple ports to the same SP in different zones to reduce the number of presented paths.
41. devices outside a zone are not visible to the devices inside the zone. SAN traffic within each zone is isolated fromthe other zones.
You can use zoning in several ways.
42. Zoning for security and isolation
43. Zoning for shared services:: allow common server access for backups. backup server with tape services that require SAN‐wide access to host servers individually for backup and recoveryThese backup servers need to be able to access the servers they back up.A SAN zone might be defined for the backup server to access a particular host The zone is then redefined for access toanother host when the backup server is ready to perform backup or recoveryprocesses on that host.
44. Multiple storage arrays — Zones are also useful when there are multiple storagearrays. Through the use of separate zones, each storage array is managed separately from the others, with no concern for access conflicts between servers.




LUN Masking: used for permission management. LUN masking is also referred to as selective storage presentation, access control,
performed at the SP or server level; LUN invisible when atarget is scanned




SAN Design Basics
When designing a SAN for multiple applications and servers, you must balance theperformance, reliability, and capacity attributes of the SAN.
Defining Application Needs SAN support fast response times consistently for each application eventhough the requirements made by applications vary over peak periods for both I/O persecond and bandwidth (in megabytes per second).


The first step in designing an optimal SAN
to define the storagerequirements for each application in terms of:
I/O performance (I/O per second)
45.  Bandwidth (megabytes per second)
46.  Capacity (number of LUNs and capacity of each LUN)
47.  Redundancy level (RAID‐level)
48.  Response times (average time per I/O)
49.  Overall processing priority


Storage array design
50. mapping the defined storage requirements to theresources of the storage array
51.  Each RAID group provides a specific level of I/O performance, capacity, andredundancy.
52.  LUNs are assigned to RAID groups based on these requirements
53.  The storage arrays need to distribute the RAID groups across all internal channelsand access paths. This results in load balancing


Base the SAN design on peak‐period activity


Caching
54. cache could be saturated with sufficiently intense I/O. which can reduces the cache’s effectiveness.
55. A read‐ahead cache may be effective for sequential I/O, such as during certaintypes of backup activities, and for template repositories.
56.  A read cache is often ineffective when applied to a VMFS‐based LUN becausemultiple virtual machines are accessed concurrently




HA
Make sure that redundancyis built into the design at all levels. Build in additional switches, HBAs, and storage processors, creating, in effect, a redundant access path.
Redundant I/O Paths ::from the server to the storage array must beredundant and dynamically switchable
Mirroring ::Protection against LUN failure allows applications to survive storageaccess faults.
Mirroring designates a second non‐addressable LUN that captures all writeoperations to the primary LUN
Duplication of SAN Environment :: replication of san

Read More