基于BlueArc ®的High-performance NAS Platform业务连续性概述

© 2007 Hitachi Data Systems

High-performance NAS Platform, powered by BlueArc® Business Continuity Overview

2

Agenda

• The Hitachi Approach To Business Continuity

• Challenges in File-based Data Protection

• Why Hitachi High-performance NAS Platform for Business Continuity?

– High Availability

– Data Protection

– Security

– Disaster Recovery

3

The Hitachi Data System Approach to Business Continuity

• Hitachi Data Systems provides innovative technology solutions to enable continuous business operations for all organizations

• Business Continuity means partnering with our customers:– to understand key business problems and requirements in order to better

design our products, partnerships and solutions – customer focus

– to provide robust application-focused storage solutions that enhance operational efficiency and resilience

– to provide technology that reduces operational risk for the organization

– to improve management of the data protection infrastructure

– to provide the most resilient and scalable data protection solutions

4

Hardware Faults Software Failures Network Problems Corrupted Data File corruption Operator Errors Viruses Hackers Glitches Bugs

Interdependence ThreatsInterdependence ThreatsSystem EventsSystem Events Internal EventsInternal Events

External Acts of NatureExternal Acts of NatureExternal EventsExternal Events

Supply Outages Partner Failures Strikes

Fire Plumbing Leaks Electrical Spike Construction Defects

Wind Storms Floods Hurricane Tornados Earthquakes

Utility Interruptions Sabotage/Terrorism Hacking Low-tech Attacks Accidents

Have We Identified the Most Damaging Risks?

5

Recovery Time vs. Cost -Evaluate each application separately

Co

st

Recovery Time Objective

Acceptable Acceptable Cost/Time Cost/Time

WindowWindow

Cost of Solution and time-to-recover

Minutes Hours Days

Online

Mission-

critical

Applications

Back office,BatchApplications

Cost of outage over time

Cost of outage over time

6

Data Protection Continuum

• Different types of data require different levels of protection

Completely duplicated/Interconnected recovery site

Remote disk mirroring

Local disk mirroring

Electronic vaulting

Tape on-site

Tape backupoff-site

More

LessDelayed

Immediate

More

LessAmountof Data

RecoveryTime

Importance ofData

Disk-to-disk backup and recovery

Remote PiT mediated copy

Out-of-region and multiple data center strategies

Cost

7

Agenda





– Data Protection

– Security


8

Explosive Growth of Unstructured Data

• Unstructured content (files such as word and power point) growing faster than traditional information or structured content (Database or transactional data)

• 75% to 90% of data is unstructured

– SNIA estimates 80%– Sun estimates 75% – OpenText estimates 90%– Day Software estimates 85%

• Ensure business continuity for unstructured data is increasingly difficult

9

Customers Challenges

Challenges in data protection and disaster recovering of unstructured data:

• Unplanned downtime• Unreliable data mirroring across geographies• Unprotected data• Managing multiple vendors and multiple devices• Management complexity• Difficulties in planning future capacity requirement• Virus threats

10

Agenda





– Data Protection

– Security


11

Why Hitachi High-performance NAS?

• Ensure high availability

• Protect data with robust capabilities

• Accelerate data recovery

• Support continuous operations

12

High Availability

• Redundant hardware (hot swap disk, power supplies, raid controllers).

• Provide continuous application processing in the event of planned or unplanned outages

• Active-active clustering up to 8 nodes• Cluster stretching up to 100km for real-time failover and recovery • Supports RAID 5, 1 and 6 (double parity to protect against parity

disk failure during RAID set rebuilding)• Complete protection against all layers of failure – application, server,

networking and storage

13

Agenda





– Data Protection

– Security


14

Data Protection Features

• Highly granular snapshots• NDMP compatible backup to tape/disk and VTL• Highly secure architecture (hardware based – difficult to hack)• NVRAM Mirroring (battery-backed NVRAM cache – data is never

lost, even in the event of a site failure).• Checkpoint file system (protects against file system corruption and

associated downtime – object based file system).• File system roll back (easily recover a file system to a previous

state).• Third-party Anti-Virus support (multiple external scanning engines)

15

Pointer-based Snapshots

What it is:• Administrators can create a cumulative history of data without

duplication. • Once the initial reference point is set then snapshots efficiently copy just

the changes or differences that occurred between selected intervals.

Benefits:• Increased data copy infrastructure performance: only updates are

captured• Improved data protection: allows for fast point in time recoveries• Simplified management• Lower cost of ownership than full cloning

16

Snapshots Overview

Features:• Stores block level changes to data

– Hardware implementation for low overhead

• Policy based snapshot management– Automated scheduler (one time or recurring)

• Up 1,024 snapshots per file system• Frequency can go down to 1

snapshot per second• File system, directory and file

permissions are maintained• File system can be backed up from

snapshots automaticallyLive File System

Delta View

Delta View

Delta View

Cumulative History

17

NDMP Backup

• Common themes of problems emerge as storage grows – The difficulty of scaling backup to meet capacity growth of storage

– The need to shrink, not expand, the backup window

– Escalating costs and complexity

• Hitachi High-performance NAS Platform has standards-based disk-to-tape copy utility built into hardware

• Separate State-Machine provides NDMP backup using FPGA (Field Programmable Gate Array) chips

• High-performance while providing concurrent file-serving activity (continuous background process)

18

NDMP Control Data

• An uncomplicated, scalable data protection and data management solution

• Zero Load on file serving function

Data movement in

HW

Backuo Data

NDMP State Machine

19

Supported Backup Solutions

The solution supports various backup applications providers for scalable and high performance backup solutions:

20

LAN

File system(P-Vol)

Master Server Media Server

NDMP over LAN

Data ManagementApplication

Tape Server Agent

SAN

NDMP Data Server ND

MP

NDMP

Actual Implementation might vary depending on backup software solution vendor

21

LAN

File system(P-Vol)


NDMP over SAN


Tape Server Agent

SAN

NDMP Data ServerNDMP


22

LAN

File system(P-Vol)


NDMP direct to Tape


Tape Server Agent

SAN

NDMP Data ServerNDMP


23

Agenda





– Data Protection

– Security


24

Virtual Servers

• Features:– 64 virtual servers per entity (single, dual, 3, 4 or up to 8

nodes cluster is one entity)– Separate IP addresses and policies– Migration of virtual servers with their policies between local

or remote NAS nodes– Clustering support with failover and recovery – Optional license for enhanced security by independent EVS

settings

• Benefits:– Reduces downtime– Simplifies management– Lowers cost of ownership

Allows administrators to create up to 64 logical servers within a single physical system. Each virtual server can have a separate address and policy and independent security settings.

EVS 1

•IP Address•Policy

EVS 2


EVS 3


. . . .

25

High-performance NAS Platform Security Posture

• No Shared Buses or Data Paths– Two uni-directional data paths across multiple FPGAs– No traditional shared buses or cross over points for data

redirection

• Proprietary OS and Components– Firmware barriers to prevent injection of malicious code– Attacker would have to know how to manipulate IP Stack,

BOS OS, and Memory Locations

• OS Software and Design Specs are Confidential– BOS OS and Design specs are not licensed outside of

BlueArc and Hitachi Data Systems– All reasonable measures are taken to protect

confidentiality

26

High-performance NAS Platform Security Posture (2)

• High-performance NAS Platform Architecture Helps Prevent Tampering

– Modification or injection of malicious code would be difficult

– Attacker would have to inject malware into firmware

– The BOS OS is loaded into flash at boot time

– No way to load exploit code without complete system image or causing a noticeable outage

27

Secure Management for High-performance NAS Platform

• Separation of management and data access• Role-based access control (RBAC) with

predefined roles– CLI – Supervisor Role and Read Only Role

– SMU/GUI – Global Admin, Storage Admin, Server Admin

• Encrypted communications– CLI -- SSH

– SMU/GUI -- SSL

28

Anti-Virus Support

• Files scanned on read (open) and on file close

• Scanning configurable on a per share basis

• NAS node interfaces to external virus scanners who scan files for viruses on read

– External scanners not provided by Hitachi Data Systems

• Management and Configuration:– Inclusion and exclusion lists

supported– File scanned statistics provided– Standard configuration on AV

scanners

Supported AV solutions:•Symantec Anti-Virus Scan Engine (SAVSE) v4•McAfee VirusScan (with RPC support)•Trend Micro ServerProtect (with RPC support)•CA Antivirus (with RPC support)

File Access Request

“deny” if file is not scanned

File

Scan

AV Scanners

“allow” when file scanned

Scan

request

29

Agenda





– Data Protection

– Security


30

Disaster Recovery Features

• Array-based replication with TrueCopy™– Industry-proven synchronous block based replication

• IP-based replication with IDR and IBR– Easy to configure and policy-based asynchronous replication

• MetroCluster to ensure protection during site failure– Active/Active stretched Geo-Cluster up to 100km distance

• Nearline solution– Replication target, Tape replacement, Disaster Recovery site

31

Leveraging Replication Technology

• IP Replication (asynchronous only)– Incremental Data Replication (IDR)

– Incremental Block Replication (IBR)

• IDR replicates (whole) changed files over NDMP• IBR replicates block changes only over any network port• Leveraging array-based synchronous replication for high availability and

disaster recovery– Most likely in a remote cluster scenario

– Uses FC link

• All replication options may be used simultaneously, if required

32

Replication Overview

IDR Whole File

IBR Changed Blocks Only

NDMP

IP Any Port

TrueCopy™ FC Only

Asynch

Synch S i

m u

l t

a n

e o

u s

33

IP Replication Overview

• Asynchronous data replication utilizing hardware accelerated snapshot technology

• IDR—incremental data replication (file level)

• IBR—incremental block-level (sparse) replication

• Full or incremental copies• Automated scheduler (One time or

recurring)• Preserves NFS and CIFS

permissions, and ViVol/user/group quota information

• File system and replication rollback

TCP/IP

34

IP-based replication – IDR….1/2

Incremental Data Replication (IDR):• Supports policy-based asynchronous full and incremental file system-

based data replication. • Administrators can schedule replication policies such as continuous

incremental, periodic incremental and individual single full complete data replications.

Use Cases:• IDR is ideal in environments where there are many small files to

replicate.

35

IP-based replication – IDR….2/2

Strengths:• Pricing: Included in firmware of High-performance NAS; most competitors charge

for it• Ease of Use: Strong policy-based features for automating replication tasks. • Coverage: Asynchronous operation is possible over long distances. • Flexibility: Does not require NAS nodes to be clustered; Does not require NAS

nodes to be identical at each end.

Weaknesses:• Not suitable for HA cluster failover—asynchronous operation guarantees there

might be data loss in an HA cluster failover. Use TrueCopy with MetroCluster instead.

• Performance can be an issue for large, active file systems. The more files change between replications, the longer a replication will take. Highly active, large systems can exceed the available time and/or bandwidth.

• Changed object list can actually degrade performance on highly active file systems with many changes between replications.

36

IP-based replication – IBR

Incremental Block Replication (IBR):• IBR leverages the advantages of file-level replication on a block-level• When data is modified, the modified blocks are replicated instead of the whole

file. • Optional license Use Cases:• File systems with large files. • Large database applications. • High-performance NAS deployed with iSCSI LUNs (which are seen as large files

by the file system).Strengths:• Efficient bandwidth utilization. Weaknesses:• More resource intensive than IDR.

37

Leveraging array-based synchronous replication: MetroCluster

Features: • Combination of clustering and replication

technologies over metropolitan distances• Synchronous data replication utilizing very

sophisticated TrueCopy replication technology

• MetroCluster — Active/Active Cluster geographically dispersed up to 100km (62miles)

Benefits:• Survive site specific disasters with minimal

interruption to mission critical applications and no loss of a single transaction

• Improved operational resilience

Cluster Interconnects

Bi-directionalTrueCopy

Synchronous

SAN SAN

WAN

Thank You

38