How to share storage devices in a SAN

How to share storage devices in a SAN

There are a variety of ways to control storage access, each with advantages and disadvantages depending on application requirements.

Mike Kane

Compared to traditional direct-attached storage models, the storage area network (SAN) architecture has a great deal of flexibility and scalability. However, to share storage, some mechanism must allow multiple hosts to coexist with common storage connections. While some operating systems allow each server to reserve exclusive access to portions of the common storage pool to facilitate security and data management concerns, others, most notably Windows NT, do not. In these situations, an additional mechanism is needed for control. Multiple models have been developed to provide this mechanism. The best approach depends on the application environment.

The first question to resolve is whether the servers need to share common data. In some instances, the administrator will need to provide a mechanism for the servers to share common files. To facilitate this, a "file-locking" function must be provided to control access to a file at a given time, to maintain file integrity and avoid contention.

In the case of a server cluster, the file-locking function is included with the clustering software. For stand-alone servers, a file-sharing application is installed, which runs as a background application coordinating file access among the servers. These applications also generally include administrative features that allow administrators to establish security and access policy. (For more information, see the August Special Report, pp. 14-19.)

In many cases, however, the SAN primarily allows for a centrally managed storage pool, allowing better management, flexibility, and cost effectiveness than individually attached storage. In these cases, file sharing is not required, although it is still necessary to provide a mechanism to control access to the physical storage.

Mapping and zoning

There are three basic ways to control multiple-host access to a common storage pool: RAID based mapping, fabric zoning, and host-based mapping. Mapping methodologies filter all available storage from the host, except for the portions specified by the administrator. Fabric zoning establishes access zones established by the administrator. The best method depends on the level of control required and the method of management.

RAID-based mapping. RAID arrays potentially allow large pools of storage to be connected to the SAN through a single connection. For the purposes of this illustration, we will assume that a RAID device has only one connection to the SAN, although many applications provide multiple connections for maximize performance and redundancy. For manageability, storage in a RAID system can be divided into multiple pieces, or logical units (LUNs). The host system manages each LUN like a separate physical device.

In RAID-based mapping, the administrator uses tools provided by the RAID supplier to configure the array. Once configured, the RAID array determines which host generates which queries and provides access information for the LUNs specified by the administrator. If correctly configured, no host will have access to a LUN that is owned by another host. In this way, many host computers can share the same RAID device (see above figure).

RAID-based mapping has the advantage of centralized management. As long a single vendor`s RAID systems are used, the entire SAN can be configured from a common management utility. This works well as long as RAID systems are the only storage devices on the SAN. If the administrator needs to control access to other devices, such as disk drives or tape units, either fabric zoning or host-based mapping must be used. In some cases, it may be appropriate to use these in conjunction with RAID-based mapping.

Fabric zoning. A Fibre Channel fabric is the network created by a single Fibre Channel switch or multiple interconnected switches. With fabric zoning, the administrator uses tools provided by the switch supplier to configure the fabric into multiple zones. These tools also allow administrators to assign connected devices to one or more zones. These devices can then be connected to other devices connected to the same zone, but not devices assigned to other zones.

By appropriately creating zones and assigning devices, administrators can create a network that prevents a host from accessing storage devices controlled by another host (see top figure). Like RAID-based mapping, fabric zoning has the advantage of centralized management. In this case, the switch vendor provides a configuration utility. Fabric zoning, however, cannot limit access to individual LUNs within a RAID system. To share the same RAID system, RAID-based mapping must also be used.

Host-based mapping. Connection of a host computer to the Fibre Channel network is accomplished via a host bus adapter (HBA). The software driver, provided by the HBA supplier, maps both physical devices and LUNs to local SCSI ID numbers and LUN numbers recognized by the host operating system.

The administrator uses tools provided by the HBA supplier to map the devices and LUNs to be owned by the host computer. Devices specified by the administrator are assigned a local device ID, or LUN number. Devices that aren`t specified are not assigned a local number. They are recognized by the HBA, but they are not known to the host operating system.

By appropriately configuring each host system attached to the SAN, administrators can make sure that no attached host has access to devices or LUNs controlled by another host (see bottom figure). Unlike RAID-based mapping or fabric zoning, host-based mapping controls access to the entire SAN--physical devices and LUNs. However, currently host-based mapping are configured individually at each server, not centrally.

A range of methods exists for providing access control, which allows the building of SANs that include multiple host computers. If data sharing is required, file-sharing software must be installed on the host computers. In many cases, however, the purpose of establishing a SAN is to share a common pool of storage, providing centralized storage management and flexibility and optimizing costs. In this case, file-sharing software is not required and would increase the overall cost of the implementation.

With RAID-based mapping, fabric zoning, or host-based mapping, access can be controlled without the additional cost of file-sharing software. These methods can be implemented individually or in combination, depending on the system configuration and objectives.

Click here to enlarge image

With RAID-based mapping (above), the RAID array presents different configuration images to each host, only showing LUNs specified for that host by the administrator during setup. RAID-based mapping can control access to specific LUNs, but not access to other storage devices.

Click here to enlarge image

Fabric zoning (top) allows multiple independent zones. Each host can only access storage devices within authorized zones. Zoning controls access to SCSI devices, but not access to specific LUNs within a device. In host-based mapping (bottom), the host bus adapter in each host system only maps the devices or LUNs specified by the administrator. Host-based zoning can control access to SCSI devices and associated LUNs.

Mike Kane is director of product marketing at Emulex Corp. (www.emulex.com), in Costa Mesa, CA.

This article was originally published on November 01, 1999