APPLICATION AND VOLUME
LAYOUT
NetApp storage controllers have
the ability to further logically partition the available storage into
containers called flexible volumes or FlexVol volumes. These FlexVol volumes
are carved out of the available aggregates. For isolation and security
purposes, these FlexVol volumes can be allocated to virtual storage controllers
called vFiler® units. These vFiler units, available by licensing
MultiStore®, allow specific datasets to be housed within their own IP spaces. The
applications provisioned in this environment are provisioned into vFiler units.
Figure 14 details the organization of the deployed applications and their
respective volumes.
Figure 14)
Base FlexPod unit: Application and volume layout.
Multistore and Vfiler basics
What is Vfiler:
Vfiler: A lightweight Instance of Data ONTAP Multi protocol
server and all the system resource are shared b/w Vfiler units.
Storage units in the vfilers are Flexvols and Qtrees
Network Units are IP Address ,VLAN,VIFs,aliases and IPspaces
Vfiler units are not hypervisors –vfiler resource cannot be
accessed and discovered by any other vfiler units
Multi store configuration:
Maximum vfiler can be created =64+vfiler0
Vfiler configurations is stored in separate volume/qtrees
Additional storage and n/w resource can be moved, added or
deleted
NFS, CIFS, iSCSI, HTTP, NDMP, FTP, FTPS, SSH and SFTP protocols
are supported
¡ Protocols can be enabled
/ disabled per vFiler
¡ Destroying a vFiler does
not destroy data
A best practice is to use FlexVols, not qtrees
as a base resource
Destroying a vFiler does not destroy the data – volume/qtree
resources are moved to vFiler0
Secure multi-tenancy capability with NetApp, Cisco, and Vmware.
Key Points:
• Cisco,
NetApp, and VMware have built the industry’s first, end to end secure
multi-tenancy solution.
• Multi-tenancy,
which securely separates different applications and data sets on the same
infrastructure, is particularly important for HIPAA and other applications that
are subject to strict compliance and security regulations.
• A
shared infrastructure requires strict isolation between the different tenants
that are resident within the infrastructure. The tenants can be different
clients, business units, departments or security zones. Previously, customers
with a shared cloud infrastructure were able to achieve “pockets” of isolation
within the virtual server layer, the network layer, and storage, but never
completely end-to-end. Without end-to-end isolation, customers had to spend
both money and additional resources to address the issue of isolation and
compliance (as it is mandated by some governments), creating inefficiencies
across the data center.
• The
pre-tested and validated Secure Multi-Tenancy Design Architecture is for
customers who have deployed the Cisco Unfied Computing System, Cisco Nexus
7000, 5000 and 1000V Series Switches; NetApp FAS storage with MultiStore
software, which creates logical partitions within a storage system; and VMware’s
vSphere virtualization software with vShield, another tool that creates secure,
logical partitions in virtual systems, and provides details about implementing
and configuring the architecture, as well as best practices for building and
managing these solutions.
• With
this capability, IT can enable different functional departments or business
applications to share server, networking, and storage infrastructure in a
secure fashion. The same is true for service providers who can now provide
secure server, network, and storage partitions across shared hardware. Shared
hardware means greater utilization and efficiency along with equipment,
operations, and utilities cost savings.
Transition: Another important capability is infrastructure
management.
How to Create Virtual Filer (Vfiler OnTap)
What
to consider for a vFiler
unit participation in an IPspace
There are some guidelines to remember when
assigning an IPspace to a vFiler unit.
- An IPspace can contain multiple vFiler units, however, a vFiler unit can belong
only to one IPspace.
- Each vFiler unit in an
IPspace must have an IP address that is unique within that IPspace, but a vFiler unit in one
IPspace can have the same IP address as a vFiler unit in a
different IPspace.
- Ensure that you assign an IPspace correctly because
once you assign an IPspace to a vFiler
unit, you cannot change the assignment without destroying the vFiler unit.
- Each vFiler unit must have one IP address on the interface that leads to the default gateway of the assigned IPspace. This requirement ensures that the vFiler unit is reachable from within the IPspace.
No comments:
Post a Comment