01 4 access logix
DESCRIPTION
Access Logix for clariion and VMAXTRANSCRIPT
Access Logix1 of 30
Access LogixAccess Logix
LUN Masking with
Access Logix
Access Logix2 of 30
ObjectivesObjectives
By the end of this lesson, you will be able to:
• Explain features of Access Logix• Understand CLARiiON Access Logix features
in Navisphere • Configure Data Access• Configure Storage Groups
Access Logix3 of 30
What is Access Logix?What is Access Logix?
• Access Logix allows multiple hosts attach to the same storage array by providing LUN masking capabilities.
• It allows multiple NT and/or Unix hosts to share up to four storage arrays not to exceed a total of 80 devices• Single host zoned to no more than 4 arrays• Single array (FC4500) zoned to no more than 15
hosts (4 for FC5300)
Access Logix4 of 30
• Access Logix is part of the core software (LIC) on the SP. Specific versions of the Flare code are Access Logix enabled.• FC4500 (6.32.13/5.32.13)
• FC5300 (6.24.05/5.24.05)
What is Access Logix?What is Access Logix?
Access Logix5 of 30
Access Logix ConceptsAccess Logix Concepts
• Access Logix implements LUN masking through a concept known as Storage Groups or Virtual Arrays.
• Storage Groups can be dedicated or shared. (single server or clustered servers)
• Other new concepts:• Fair Access - Keeps one server from monopolizing
the SP• Configuration Access Control - Added level of security
Access Logix6 of 30
Storage GroupStorage Group
• Storage Group• a.k.a. virtual array, LUN masking
• A subset of logical units (LUNs) in a physical storage system reserved for one or more hosts and inaccessible to other hosts.
• The CLARiiON Administrator controls which hosts access which LUNs by assigning the host and LUNs to the same storage group.
• Without Storage Groups, all hosts can access all LUNs regardless of operating system
Access Logix7 of 30
Storage Group - ExampleStorage Group - Example
Web Server
HBA
HBA
Inventory Host
HBA
HBA
Fibre ChannelSwitch
Fibre ChannelSwitch
AdminStorage Group
LUN
LUN
LUN
LUN
LUN
LUN
LUN
LUN
LUN
LUN
InventoryStorage Group
Email & Web ServerStorage Group
PhysicalStorage System
SP A SP B
Highly-Available NT Cluster
Email Server
HBA
HBA
Admin Host
HBA
HBA
Access Logix8 of 30
Storage Groups - In depth Storage Groups - In depth
• Host can be added to only 1 storage group per array
• Storage Group appears to the host as an entire array (i.e. Virtual Array)
• A mapping table is used to keep track of which Host LUN is mapped to which FLARE LUN .
• Each mapping entry includes:• LUN Alias - LUN number presented to the host starting at 0
and incrementing as LUNs are added• Core Software LUN - LUN number created during the array
bind; is visible as LUN number in Manager Storage Tree
Access Logix9 of 30
Storage Group - LUN AliasStorage Group - LUN Alias
Servers
Virtual Arrays/Storage GroupsPhysical Array Translation
Table
LUN 4
LUN 0
LUN 1
LUN 2
LUN 3
LUN 5
LUN 6
LUN 7
LUN 0
LUN 1
LUN 2
LUN 3
LUN 0
LUN 1
LUN 2
LUN 3
Server A
Server B
StorageGroup A
StorageGroup B
Access Logix10 of 30
Default Storage GroupsDefault Storage Groups
• Default Storage Group for initiators (HBAs) not explicitly connected to a storage group• Management - mapping table with no LUNs• Physical - all mapping entries are LUN Alias = Core
Software LUN• Shown under
Engineering Mode
Access Logix11 of 30
Unique Identifiers (UIDs)Unique Identifiers (UIDs)
• Each Storage Group has an Access Control List
based on the Host HBA UIDs and the LUN UIDs for
exclusive access to resources.
• Unique Identifiers • 128 bit numbers that uniquely identify objects.
• For each type of object (e.g. a LUN), no two objects in the
world have the same UID.
Access Logix12 of 30
Unique Identifiers (UIDs)Unique Identifiers (UIDs)
• HBA UID is composed of the 64 bit node WWN
followed by the 64 bit port WWN. • Access Logix uses HBA UIDs during access control
checks to determine which host issued a request.
• LUN UID is generated by the storage system when
a LUN is bound. • Used by ATF and Access Logix to match LUNs to the
HBAs.
Access Logix13 of 30
Host Registration with Access LogixHost Registration with Access Logix
• Initiator Registration • A process performed during Agent startup, where the Agent
sends initiator registration information to each array through all paths.
• Can also register HBA through the Connectivity Status window of Navisphere Manager.
• Initiator Registration Records are host registration information stored permanently on every array. • Each includes: sending HBA UID, receiving SP, initiator
type, hostname, and other information.• Used by the GUI to match HBAs from the same host.• Used by the array to prepare access control information.
Access Logix14 of 30
Checking Registration RecordsChecking Registration Records
• Right click the Storage Array in the Storage View and select Connectivity Status.
Access Logix15 of 30
Delete a Host RegistrationDelete a Host Registration
• Some instances may require deleting an initiator or host registration (replace HBA)
• There are two methods to delete host registration.• Method 1: navicli “port” command.• Method 2: Engineering Mode from Navisphere
Manager
• Either of these methods only deregisters the HBA. To actually remove the HBA from the table, a reboot of the storage array is required.
Access Logix16 of 30
Deleting Host RegistrationDeleting Host Registration
• Entering engineering mode.• Right click the Storage Array in the Storage View and
select Connectivity Status.• A Deregister button should now be available.
Access Logix17 of 30
Fairness Fairness
• Fair access to physical storage-system resources• Balancing of access to logical units (LUNs) to
ensure that one host does not unfairly monopolize the resources of the physical storage system.
• The process learns how the system is being used and adjusts to meet the needs of the applications / databases using the storage array.
• Can be disabled if it causes user problems with resource access.
Access Logix18 of 30
Implementing Access LogixImplementing Access Logix
• Enable Data Access Control• Hosts can now only see “their” LUNs• Newly connected hosts see no LUNs
• Set Configuration Access Control Password• Create Storage Groups as needed
• Designate as shared/dedicated• Add LUNs to storage groups• Connect hosts to storage groups
• Modify storage groups• Add / remove LUNS
Access Logix19 of 30
Enabling Access LogixEnabling Access Logix
Access Logix20 of 30
Enabling Access LogixEnabling Access Logix
Enable Access Logix by checking the Access Control Enabled box and then click Apply.
Once enabled, Access Logix can ONLY be disabled through CLI or the GUI engineering mode.
Access Logix21 of 30
Data Access DisableData Access Disable
• The navicli command, sc_off, will disable data access control and turn off Access Logix.
Access Logix22 of 30
Configuration Access Control Configuration Access Control
• Configuration Access Control• Array management password
• Configuration access control lets you limit which host(s) can access configuration functions on a physical storage system.
• By default, all hosts connected to a physical storage system have configuration access.
• Lost password can be changed by connecting to the array through the serial interface• LAN interface will NOT work
Access Logix23 of 30
Enabling Configuration Access ControlEnabling Configuration Access Control
• Enable Access Control
• Change Password
• Show current Access Privileges
• Enable/disable access for hosts
Access Logix24 of 30
Fair AccessFair Access
Enable Access Fairness
Access Logix25 of 30
Create Storage GroupCreate Storage Group
Access Logix26 of 30
Connecting a hosts to SGConnecting a hosts to SG
Access Logix27 of 30
Storage Group AssociationsStorage Group Associations
Access Logix28 of 30
Seeing the ResultsSeeing the Results
Access Logix29 of 30
Seeing the ResultsSeeing the Results
• Windows NT/2000: • NT: Reboot, run Disk Administrator
• Windows 2000: Rescan using Disk Administrator.
• UNIX: • drvconfig, disks and devlinks commands to
configure the devices and links to the new volumes (LUNs)
• Then run format to use the volumes and create new file systems on the LUNs.