Aug

14
Multistore and Vfiler basics
What is Multistore:
A logical partition of N/W and storage resource in Data ONTAP .
First introducted in Data ONTAP 6.2, MultiStore provides a secure storage consolidation solution.
When enabled, the MultiStore license creates a logical unit called vFiler0 which contains all of the
storage and network resources of the physical FAS unit. Additional vFilers can then be created with
storage and network resources assigned specifically to them. MultiStore is also available in Data
ONTAP 8.0 7-mode.
MultiStore is a unique product in the NAS and iSAN market, because it allows a customer to take
advantage of all the NetApp goodness Data ONTAP, all the Snap and Flex products, and our
management software from Operations Manager to SnapManager software. All of this can be
extended with MultiStore to provide consolidation, security and administrative flexibility.

What is Vfiler:
Vfiler: A lightweight Instance of Data ONTAP Multi protocol server and all the system resource are
shared b/w Vfiler units.
Storage units in the vfilers are Flexvols and Qtrees
Network Units are IP Address ,VLAN,VIFs,aliases and IPspaces
Vfiler units are not hypervisors vfiler resource cannot be accessed and discovered by any other
vfiler units
Multi store configuration:
Maximum vfiler can be created =64+vfiler0
Vfiler configurations is stored in separate volume/qtrees
Additional storage and n/w resource can be moved, added or deleted
NFS, CIFS, iSCSI, HTTP, NDMP, FTP, FTPS, SSH and SFTP protocols are supported
Protocols can be enabled / disabled per vFiler
Destroying a vFiler does not destroy data
Multi store Management :
vFiler Management

CLI from vFiler0 in vFiler context

Directly via non-interactive SSH or API
Operations Manager / Provisioning Manager
FilerView and System Manager 2.0 can create, modify, start, stop and delete vFiler units but cannot
issue commands to an individual vFiler.
Windows MMC can connect to each vFiler for share and session management
Points to remember:
Vfilers can be managed individually via ssh, in a limited fashion: 24 simultaneous remote
connections per FAS, but no interactive login.
Vfilers operate at the volume level - No visibility into RAID or aggregate storage
A vFiler contains volume and/or qtree data resources and a network resource
Volumes/Qtrees and Interfaces can be added/deleted/moved between vFilers
A best practice is to use FlexVols, not qtrees as a base resource
Destroying a vFiler does not destroy the data volume/qtree resources are moved to vFiler0
Qtrees in an assigned flexvol are no problem since the base flexvol is owned by the vFiler, but not a
best practice to assign qtrees as the base unit. For example, you can have 1 flexvol with 10 qtrees in
10 separate vFilers, but this is not a best practice, create 10 flexvols instead.
FCP is only supported on vFiler0, the physical filer.

Multistore Use case:

-Many file server on one storage :Many times different groups such as an engineering department
or marketing department are reluctant to participate in a file server consolidation because they
expect losing control of their data. With MultiStore, two or more groups can share one physical
storage pool but independently manage security and access to their data via a virtual storage
controller This provides IT with fewer devices to manage, better storage utilization and smaller
physical footprint, while the client departments get to retain management of their data.
MultiStore virtual controllers give Administrators the same look and feel of physical storage systems.
The Administrator has the freedom to join different domains, add shares and groups, a

Data Mobility : Migrate a Vfiler unit to new storage system easily

Virtualized storage allows fast and reliable migration

Disaster Recovery :

vFiler DR enables simple cross-site disaster recovery

IP domains migrate with the vFiler unit

Secure multi-tenancy capability with NetApp, Cisco, and Vmware.

Key Points:
Cisco, NetApp, and VMware have built the industrys first, end to end secure multi-tenancy solution.
Multi-tenancy, which securely separates different applications and data sets on the same
infrastructure, is particularly important for HIPAA and other applications that are subject to strict
compliance and security regulations.
A shared infrastructure requires strict isolation between the different tenants that are resident within
the infrastructure. The tenants can be different clients, business units, departments or security
zones. Previously, customers with a shared cloud infrastructure were able to achieve pockets of
isolation within the virtual server layer, the network layer, and storage, but never completely end-toend. Without end-to-end isolation, customers had to spend both money and additional resources to
address the issue of isolation and compliance (as it is mandated by some governments), creating
inefficiencies across the data center.
The pre-tested and validated Secure Multi-Tenancy Design Architecture is for customers who have
deployed the Cisco Unfied Computing System, Cisco Nexus 7000, 5000 and 1000V Series Switches;
NetApp FAS storage with MultiStore software, which creates logical partitions within a storage
system; and VMwares vSphere virtualization software with vShield, another tool that creates secure,
logical partitions in virtual systems, and provides details about implementing and configuring the
architecture, as well as best practices for building and managing these solutions.
With this capability, IT can enable different functional departments or business applications to share
server, networking, and storage infrastructure in a secure fashion. The same is true for service
providers who can now provide secure server, network, and storage partitions across shared
hardware. Shared hardware means greater utilization and efficiency along with equipment,
operations, and utilities cost savings.
Transition: Another important capability is infrastructure management.

Benefits
Address end user security concerns
Meet regulatory and compliance requirements
Gain economies of scale, higher utilization, and better SLAs

Multi store Enhancement:

SnapMover formerly only functioned with tradvols. The aggregate must only contain flexvols for the
vFiler unit. A function available with vFiler migrate m nocopy which uses software-based disk
ownership to change the owner of trad or flexvols, and move the vFiler configuration only.
Deduplication in Data ONTAP 7.3.0 is only available from vFiler0. It must be enabled and managed
from vFiler0, but can apply to any vFiler-owned volume. Make sure the workload or application on
the vFiler is one where deduplication is appropriate.
SnapDrive 5.0+ for Windows and Unix 4.0+ support
SnapVault ZAPI additions
SSH session limit increased to 24
Data ONTAP 7.3.x Enhancements

7.3.1
Dedupe commands in the vFiler context
DR and migrate commands support
SSL transport using the [-c secure] option
7.3.2
SnapMover license no longer required
Complete ZAPI support in vFilers
7.3.3
Data Motion
IPv6 support for vFiler migrate & DR
All vFiler commands available from ssh/rsh
File, LUN & Volume FlexClone
Data ONTAP 8.0.x Enhancements
8.0
Feature parity with Data ONTAP 7.3.1
8.0.1
Feature parity with Data ONTAP 7.3.2
File, LUN & Volume FlexClone

IPSpaces

Networking & IPspace:

An IPSpace is a unique logical routing table

Each interface belongs to only one IPSpace, but an IPSpace can have multiple interfaces
101 IPSpaces per controller including the default IPSpace
Use of VLANs and VIFs is a best practice with IPSpaces
IPSpaces allow handling of identical IP addresses on the same controller

Use of IPSpaces is not required

All vFiler units can use the default IPSpace
An IPSpace can contain multiple vFiler units, but a vFiler can only be in one IPSpace
Route statements are all in the /etc /rc of vfiler0
IPSpaces must exist in both partner controllers in an HA pair
Each IPSpace is a unique logical routing table. This means, among other things, that each IPSpace
can have non-unique IP addresses, provided the networking infrastructure is in place to support this.
It also means that in addition to any logical network separation provided by VLANs, an IPSpace
provides an additional layer of security between vFilers, since traffic cannot leave an IPSpace
without going to a network gateway.
By using vlans, you can have more logical interfaces than physical interfaces, allowing you to not tie
up a physical interface per vFiler.
You can create up to 100 IPSpaces per additional per controller (cluster supports double in takeover
mode.)
A default IPSpace is created for vFiler0 and cannot be deleted. You can use the default IPSpace for
all vFilers - Additional non-default IPSpaces are not required.
Multiple vFilers can be in the same IPSpace, but a vFiler can only be in ONE IPSpace
vFilers do not have an /etc/rc file. Add a route add statement in the base vFiler0 /etc/rc.
vFiler run vFilername route add [default | host | net]

IPSpaces Visualization
Shared Storage is an ideal use case for IPSpaces
Each customer has a unique IP routing table dedicated to their vFiler
Multiple vFiler units can share a single IPSpace if needed
When to use IPSpaces

A de-militarized zone (DMZ)

Multiple Windows, NIS or LDAP Domains in the enterprise organization
A requirement for the same IP address within different vFiler units on the same system
A separate routing table is needed

Even though you may not need a separate IPSpace on a FAS system, to effectively use D.R. and
Migrate functions, you may need IPSpaces to separate multiple source systems to different
IPSpaces on a destination.

When to NOT use IPSpaces

All vFiler units joined to the same domain

Flat IP network with no security needs
No VLANs or other virtual interfaces in use
All vFilers can share a routing table
Hosts and Servers need access to multiple vFilers from non-routable network
Security Considerations

MultiStore provides multiple layers of security

Network separation
Administrative separation
Protocol separation
Storage separation
Security is one of the key concerns when storage is consolidated either within an organization or by
an application service provider. Virtual storage controller provides a confined environment. The data
owned by a virtual storage controller cannot be accessed by any other virtual storage controllers
even though they are hosted on the same physical storage system. All requests for data access
owned by a virtual storage controller are tagged with its context making it impossible for
unauthorized access to data.

Some useful quotes:

Our team can report that we know of no vulnerabilities that compromise the security model of the
MultiStore feature
We know of no software flaws in the NetApp implementations of CIFS, NFS, or iSCSI that would
allow attackers to exploit common C-code flaws like buffer overflows, integer overflows, or race
conditions to execute code remotely in a FAS Storage System.
We know of no architectural flaws in the storage protocols supported by MultiStore or their
management interfaces, that would allow attackers to use access to a vFiler unit to reconfigure the
FAS Storage System itself or any other associated vFiler units.
We know of no protocol vulnerabilities in CIFS, NFS, or iSCSI that would allow an attacker to use a
connection to their own vFiler unit to gain access to storage resources on other vFiler units, such as
iSCSI LUNs or CIFS shares.

We know of no vulnerabilities in the TCP/IP stack of the FAS Storage System that would allow
attackers to bridge traffic from untrusted networks to trusted networks.

FlexShare and Performance Considerations:---Performance Considerations

vFiler units use a very small amount of memory (~400k per vFiler)
The overhead of a vFiler is a function of the workload of the vFiler
System resources and throughput are shared across all vFiler units
A MultiStore system cannot sustain more workload than a system without MultiStore
Consider FlexShare for priority of service
Adding more vFilers to a system will potentially decrease throughput and performance on any
existing vFilers, but it will not change the overall performance of the system.
Workload Prioritization
Challenges
Resource utilization
Secure separation
Resource hogs
MultiStore & FlexShare
Secure partition of storage and networking
FlexShare prioritization of resource consumption
Integration with Flash Cache allows caching and prioritization of certain workloads
MultiStore coupled with FlexShare provides prioritization workloads or fair distribution of resources
among workloads.
FlexShare Gives Priority Service To Your Most Important Workloads

Latency is similar when controller is fully loaded and FlexShare is not used
FlexShare significantly reduces latency for high priority volumes
Latency for other volumes reflects their priority setting
Posted 14th August 2013 by Mohit Khattar
0

Add a comment
Add comment

Storage Inspiration

NetApp and VMware Blog Center.

Classic
Flipcard
Magazine
Mosaic
Sidebar
Snapshot
Timeslide

Mar
29
clustered Data ONTAP with this 7mode command map cheat sheet
https://library.netapp.com/ecm/ecm_download_file/ECMP1196780
1

How to create NetApp Vfiler DR (Disaster recovery)

Firstly, you should check whether Multistore & snapmirror License are installed or not on your
storage.
I will create DR vfilers, one on the FAS3140-a partner (snapmirror async) .
Basic Overview of Thin Provision Volume/LUN
THIN PROVISIONING VOLUME
The Write AnESywhere File Layout (WAFL) file system provides the storage virtualization layer for
Data ONTAP, enabling thin provisioning of the volume.
How to translate stats show for disk to disk id's
Difficult to determine what drive is being referenced using the stats show disk command.
.
How to find ESX/ESXi host on which a virtual machine is running
we can use this method when vCenter Server is down and you want to identify the host on which the
virtual machine runs.

Aug
14
FCoE (Fiber channel over Ethernet) Basics
FCoE (Fiber channel over Ethernet) Basics
FCoE is the ability to take a Fibre Channel frame and put it across Ethernet. So all I'm doing there is
that Fibre Channel frame is identical.
Multistore and Vfiler basics
What is Multistore:
A logical partition of N/W and storage resource in Data ONTAP .
First introducted in Data ONTAP 6.2, MultiStore provides a secure storage consolidation solution.
How to determine if I/O is correctly aligned?

There can be a performance/high CPU utilization issue on the NetApp due to misalign LUN or I/O
error can be expected due to misalignment .we can check Misalignment through below commands
Heuristic Checks:- Data ONTAP counters

lun show -v

lun alignment show

stats show lun

NetApp counters to check improper alignment or VMware misaligned disk

NetApp Counters that indicate improper alignment
There are various ways of determining if you do not have proper alignment. Using perfstat
counters,under the wafl_susp section, wp.partial_writes, pw.over_limit, and pw.async_read, are
indicators of
improper alignment.
Memory Leakage on NetApp
NFS Performance issue due to Memory Leakage
If we are facing performance issue on NetApp controller running multiple of VM on NFS share .
Then you should check nfs memory leakge on the controller.It can be one of the cause of High cpu
utilization(100%) .
ESX commands to find LUN mapping with datastore
How to find Lun Id Mapping with ESX data store
First login into ESX server through root user id then run the command esxcfg-scsidevs --vmfs to find
naa.id of the datastore for which you want to know Lun id .I am going to find the Lun-id for Data
store "LA:VM_swap"
LA:VM_swap[root@test ~]# esx
3

iSCSI storage system commands for Data ONTAP

iSCSI service management commands

iscsi start|stop
Starts or stops the iSCSI service.
iscsi nodename [new_nodename]
Displays or sets the iSCSI target node name.
iscsi alias [-c | new_alias]
Displays, sets, or clears an alias for the iSCSI target node name.
NetApp FCP Solaris commands
Solaris Host Utilities and Host Commands
sanlun lun show [-v] [-d <host device filename> |all | <filer name> | <filer name>:<path name>]
sanlun lun show p all | <filer name> |<filer name>:<pathname>]
Displays information about LUN(s) mapped to this host
-v gives verbose output.
NetApp FCP storage system commands for Data ONTAP
NeApp FCP management commands
fcp status

Displays the status of the fcp service on the storage system.

fcp start|stop Starts or stops the fcp service on the storage system.
What is Snapshot autodelete
Snapshot autodelete is a policy based space management feature that is implemented in Data
ONTAP 7.3 (and subsequent Data ONTAP 7G versions) in order to get back space in volume for
user data. It allows the user to define a policy to automatically delete snapshots when the volume is
nearly full.
Can I mix Fibre Channel (FC) and Serial Attached SCSI (SAS) drives in the same aggregate?

we can use FC and SAS disk drives in the same Aggregate. SAS and FC disks are treated as the
same disk type when creating or increasing the size of an aggregate.
How does the Snapshot reserve work?
How df displays snapshots
To provide information about snapshot disk utilization, the df command on the filer treats snapshots
as a partition different from the active file system.
What is Multipath HA Storage
Previously, on non-fabric Active/Active storage systems, there was only one path from the storage
system to the storage shelf. With the Multipath support in Data ONTAP 7.1.1 and Data ONTAP
7.2.1, two paths are used.
How to Create Virtual Filer (Vfiler OnTap)
we can configure the Vfiler through GUI(system Manager ) and CLI .Vfiler creation is very simple
and covering below CLI and GUI steps for creation of MultiStore Vfiler.

May
19
which is faster ,NDMPcopy or Vol copy
The vol copy command will typically transfer data faster than the NDMPcopy command. When using
the vol copy command, data is copied block for block directly from the disks, which means that Data
ONTAP can complete copying faster than it can with other methods.

Translate
Select Language

Blog Archive

Loading

Dynamic Views template. Powered by Blogger.