ibm spectrum accelerate: product overview · 2018. 3. 16. · ibm knowledge center with your ibmid....

IBM Spectrum AccelerateVersion 11.5.4

Product Overview

GC27-6700-05

IBM

NoteBefore using this information and the product it supports, read the information in “Notices” on page 101.

Edition notice

Publication number: GC27-6700-05. This publication applies to the version 11.5.4 of IBM Spectrum Accelerate™ andto all subsequent releases and modifications until otherwise indicated in a newer publication.

© Copyright IBM Corporation 2016.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Figures . . . . . . . . . . . . . . . v

Tables . . . . . . . . . . . . . . . vii

About this document . . . . . . . . . ixPurpose and scope . . . . . . . . . . . . ix

Intended audience . . . . . . . . . . . ixDocument conventions . . . . . . . . . . ixRelated information and publications . . . . . ixTerms and abbreviations . . . . . . . . . x

IBM Publications Center . . . . . . . . . . xSending or posting your comments . . . . . . . xGetting information, help, and service . . . . . xi

Chapter 1. Introduction . . . . . . . . 1Features and functionality . . . . . . . . . . 2Hardware . . . . . . . . . . . . . . . 3Management options . . . . . . . . . . . 3Reliability . . . . . . . . . . . . . . . 4

Data mirroring. . . . . . . . . . . . . 4Self-healing mechanisms . . . . . . . . . 4Protected cache . . . . . . . . . . . . 5

Performance . . . . . . . . . . . . . . 5Functionality . . . . . . . . . . . . . . 6

Snapshot management . . . . . . . . . . 6Consistency groups for snapshots . . . . . . 6Storage pools . . . . . . . . . . . . . 6Remote monitoring and diagnostics. . . . . . 6SNMP . . . . . . . . . . . . . . . 6Multipathing . . . . . . . . . . . . . 7Automatic event notifications . . . . . . . . 7Management through GUI and CLI . . . . . . 7External replication mechanisms . . . . . . . 7Support for solid-state drive (SSD) caching . . . 7Upgradability . . . . . . . . . . . . . 8

Chapter 2. Connectivity . . . . . . . . 9IP and Ethernet connectivity . . . . . . . . . 9

Ethernet ports . . . . . . . . . . . . . 9Management connectivity . . . . . . . . . 9Interconnect connectivity . . . . . . . . . 10

Host system attachment . . . . . . . . . . 11Dynamic rate adaptation . . . . . . . . . 11Attaching volumes to hosts . . . . . . . . 11Excluding LUN0. . . . . . . . . . . . 11Advanced host attachment . . . . . . . . 12

CHAP authentication of iSCSI hosts . . . . . . 12Clustering hosts into LUN maps . . . . . . . 13

Volume mappings exceptions . . . . . . . 14Support for VMware extended operations . . . . 14

Writing zeroes . . . . . . . . . . . . 14Hardware-assisted locking . . . . . . . . 15Fast copy . . . . . . . . . . . . . . 15

QoS performance classes . . . . . . . . . . 16

Chapter 3. Storage pools . . . . . . . 17Protecting snapshots on a storage pool level . . . 18Thin provisioning . . . . . . . . . . . . 18

Chapter 4. Volumes and snapshots . . 21The volume life cycle . . . . . . . . . . . 21

Support for Symantec Storage Foundation ThinReclamation . . . . . . . . . . . . . 22

Snapshots . . . . . . . . . . . . . . . 23Redirect on write . . . . . . . . . . . 23Storage utilization . . . . . . . . . . . 26The snapshot auto-delete priority . . . . . . 26Snapshot name and association . . . . . . . 26The snapshot lifecycle . . . . . . . . . . 26Snapshot and snapshot group format . . . . . 31

Chapter 5. Consistency groups . . . . 33Creating a consistency group . . . . . . . . 33Taking a snapshot of a Consistency Group . . . . 34The snapshot group life cycle . . . . . . . . 35Restoring a consistency group . . . . . . . . 36

Chapter 6. Synchronous remotemirroring . . . . . . . . . . . . . . 39Remote mirroring basic concepts . . . . . . . 39Synchronous mirroring operation . . . . . . . 40Synchronous mirroring configuration and activationoptions . . . . . . . . . . . . . . . . 41Synchronous mirroring statuses. . . . . . . . 42Synchronous mirroring role switchover and rolechange . . . . . . . . . . . . . . . . 45

Role switchover when remote mirroring isoperational . . . . . . . . . . . . . 45Role switchover when remote mirroring is notoperational . . . . . . . . . . . . . 46

I/O operations in synchronous mirroring . . . . 47Coupling synchronization process . . . . . . . 48Synchronous mirroring of consistency groups . . . 50

Chapter 7. Asynchronous remotemirroring . . . . . . . . . . . . . . 51Asynchronous mirroring highlights . . . . . . 52Snapshot-based technology in asynchronousmirroring . . . . . . . . . . . . . . . 53Disaster recovery scenarios in asynchronousmirroring . . . . . . . . . . . . . . . 54

Chapter 8. Volume migration with IBMHyper-Scale Mobility . . . . . . . . . 57The IBM Hyper-Scale Mobility process . . . . . 57

Chapter 9. Data-at-rest encryption . . . 61HIPAA compatibility . . . . . . . . . . . 61

© Copyright IBM Corp. 2016 iii

Chapter 10. Data migration . . . . . . 63I/O handling in data migration. . . . . . . . 63Data migration stages . . . . . . . . . . . 64Handling failures . . . . . . . . . . . . 66

Chapter 11. Event handling . . . . . . 67Event information . . . . . . . . . . . . 67Viewing events . . . . . . . . . . . . . 68Event notification rules . . . . . . . . . . 68Alerting events configuration limitations . . . . 69Defining destinations . . . . . . . . . . . 69Defining gateways . . . . . . . . . . . . 69Monitoring Spectrum Accelerate using SNMP traps 70

Chapter 12. Access control . . . . . . 73User roles and permission levels . . . . . . . 73

Predefined users. . . . . . . . . . . . 75Application administrator . . . . . . . . 76

Authentication methods . . . . . . . . . . 77Native authentication . . . . . . . . . . 78

LDAP authentication . . . . . . . . . . 78Switching between LDAP and nativeauthentication modes . . . . . . . . . . 83

Access control commands . . . . . . . . . 84

Chapter 13. Multi-Tenancy . . . . . . 87Multi-tenancy principles . . . . . . . . . . 87Multi-tenancy concept diagram . . . . . . . . 89Working with multi-tenancy . . . . . . . . . 89

Chapter 14. Non-disruptive code load 93

Glossary . . . . . . . . . . . . . . 95

Notices . . . . . . . . . . . . . . 101Trademarks . . . . . . . . . . . . . . 102

Index . . . . . . . . . . . . . . . 103

iv IBM Spectrum Accelerate: Product Overview

Figures

1. Volume operations . . . . . . . . . . 222. The Redirect-on-Write process: the volume's

data and pointer . . . . . . . . . . . 243. The Redirect-on-Write process: when a

snapshot is taken the header is written first . . 244. The Redirect-on-Write process: the new data is

written . . . . . . . . . . . . . . 255. The Redirect-on-Write process: The snapshot

points at the old data where the volume pointsat the new data . . . . . . . . . . . 25

6. The snapshot life cycle . . . . . . . . . 277. Restoring volumes . . . . . . . . . . 298. Restoring snapshots . . . . . . . . . . 309. The Consistency Group's lifecycle . . . . . 33

10. A snapshot is taken for each volume of theConsistency Group . . . . . . . . . . 34

11. Most snapshot operations can be applied tosnapshot groups . . . . . . . . . . . 35

12. Synchronous remote mirroring scheme 4013. Coupling states and actions . . . . . . . 4914. Synchronous remote mirroring concept 5115. Asynchronous mirroring - no extended

response time lag . . . . . . . . . . 5216. Flow of the IBM Hyper-Scale Mobility . . . 5817. Data migration steps . . . . . . . . . 6518. XIV GUI – The Misc tab in XIV Settings 7219. The way the system validates users through

issuing LDAP searches . . . . . . . . . 82

© Copyright IBM Corp. 2016 v

vi IBM Spectrum Accelerate: Product Overview

Tables

1. Synchronous mirroring statuses . . . . . . 432. The IBM Hyper-Scale Mobility process . . . 58

3. Available user roles . . . . . . . . . . 734. Application administrator commands . . . . 77

© Copyright IBM Corp. 2016 vii

viii IBM Spectrum Accelerate: Product Overview

About this document

IBM® Spectrum Accelerate™ is a member of the IBM Spectrum Storage™ family ofsoftware-defined storage products that allow enterprises to use their own serverand disk infrastructure for assembling, setting up, and running one or morestorage systems that incorporate the proven IBM XIV® storage technology.

Purpose and scopeThis document provides a functional feature overview of IBM SpectrumAccelerate™, a member of the IBM Spectrum Storage family of software-definedstorage solutions. Relevant tables, charts, graphic interfaces, sample outputs, andappropriate examples are also provided.

Intended audienceThis document is aimed for administrators, IT staff, and other professionals whowork or intend to work with Spectrum Accelerate.

Document conventionsThese notices are used in this guide to highlight key information.

Note: These notices provide important tips, guidance, or advice.

Important: These notices provide information or advice that might help you avoidinconvenient or difficult situations.

Attention: These notices indicate possible damage to programs, devices, or data.An attention notice appears before the instruction or situation in which damagecan occur.

Related information and publicationsYou can find additional information and publications related to IBM SpectrumAccelerate on the following information sources.v IBM Spectrum Accelerate marketing portal (ibm.com/systems/storage/

spectrum/accelerate)v IBM Spectrum Accelerate on IBM Knowledge Center (ibm.com/support/

knowledgecenter/STZSWD) – on which you can find the following relatedpublications:– IBM Spectrum Accelerate – Release Notes– IBM Spectrum Accelerate – Planning, Deployment, and Operation Guide– IBM Spectrum Accelerate – Command-Line Interface (CLI) Reference Guide– IBM XIV Management Tools – Release Notes– IBM XIV Management Tools – Operations Guide– Platform and application integration solutions for IBM Spectrum Accelerate –

See under 'Platform and application integration'

© Copyright IBM Corp. 2016 ix

http://www.ibm.com/systems/storage/spectrum/accelerate

http://www.ibm.com/support/knowledgecenter/STZSWD

v IBM XIV Storage System on IBM Knowledge Center (ibm.com/support/knowledgecenter/STJTAG) – on which you can find the following relatedpublications:– IBM XIV Management Tools – Release Notes– IBM XIV Management Tools – Operations Guide

v VMware Documentation (vmware.com/support/pubs)v VMware Knowledge Base (kb.vmware.com)v VMware KB article on IBM Spectrum Accelerate (kb.vmware.com/kb/2111406)

Terms and abbreviationsA complete list of terms and abbreviations can be found in the “Glossary” on page95.

IBM Publications CenterThe IBM Publications Center is a worldwide central repository for IBM productpublications and marketing material.

The IBM Publications Center website (ibm.com/shop/publications/order) offerscustomized search functions to help you find the publications that you need. Youcan view or download publications at no charge.

Sending or posting your commentsYour feedback is important in helping to provide the most accurate and highestquality information.

Procedure

To submit any comments about this guide:v Go to IBM Spectrum Accelerate on IBM Knowledge Center (ibm.com®/support/

knowledgecenter/STZSWD), drill down to the relevant page, and then click theFeedback link that is located at the bottom of the page.

The feedback form is displayed and you can use it to enter and submit yourcomments privately.

v You can post a public comment on the Knowledge Center page that you areviewing, by clicking Add Comment. For this option, you must first log in toIBM Knowledge Center with your IBMid.

v You can send your comments by email to [email protected]. Be sure toinclude the following information:– Exact publication title and product version– Publication form number (for example: SC01-0001-01)– Page, table, or illustration numbers that you are commenting on

x IBM Spectrum Accelerate: Product Overview

http://www.ibm.com/support/knowledgecenter/STJTAG

http://www.vmware.com/support/pubs

http://kb.vmware.com

http://kb.vmware.com/kb/2111406

http://www.ibm.com/shop/publications/order

http://www.ibm.com/support/knowledgecenter/STZSWD_11.5.0

mailto:[email protected]

– A detailed description of any information that should be changed

Note: When you send information to IBM, you grant IBM a nonexclusive rightto use or distribute the information in any way it believes appropriate withoutincurring any obligation to you.

Getting information, help, and serviceIf you need help, service, technical assistance, or want more information about IBMproducts, you can find various sources to assist you. You can view the followingwebsites to get information about IBM products and services and to find the latesttechnical information and support.v IBM website (ibm.com)v IBM Support Portal website (www.ibm.com/storage/support)v IBM Directory of Worldwide Contacts website (www.ibm.com/planetwide)

About this document xi

http://www.ibm.com

http://www.ibm.com/storage/support

http://www.ibm.com/planetwide

xii IBM Spectrum Accelerate: Product Overview

Chapter 1. Introduction

IBM Spectrum Accelerate™ is a key member of the IBM Spectrum Storage portfolio.It is a highly flexible storage solution that enables rapid deployment of blockstorage services for new and traditional workloads, on-premises, off-premises andin a combination of both.

Designed to help enable cloud environments, it is based on the proven technologydelivered in IBM storage systems. In addition to Spectrum Accelerate, the IBMSpectrum Storage™ family of software-defined storage (SDS) products currentlyincludes the following software applications:v Spectrum Virtualizev Spectrum Scalev Spectrum Controlv Spectrum Protectv Spectrum Archive

For more information about the Spectrum Storage portfolio, go tohttp://www.ibm.com/systems/storage/spectrum.

Spectrum Accelerate is provided as a software defined storage product for VMwareESXi hypervisors and can be installed on 3–15 (minimum 3; maximum 15) physicalESXi hosts (servers), which together comprise a single storage system. SpectrumAccelerate pools server-attached storage into a consolidated hyper store. Thesoftware leverages the same technology used by IBM storage systems, and featuressimilar storage system software running on qualified commodity hardware. Thissolution provides the power of IBM storage systems on existing datacenterresources, making it suitable for rapid deployment in a ‘build-your-own’ storageinfrastructure. The solution makes it possible to use any hardware for suchapplications as development or test.

This software-defined storage system packages a major part of the capabilities thatmake the Spectrum Accelerate system an outstanding solution for high-endenterprise environments. In addition, Spectrum Accelerate features three of themost beneficial aspects:v Consistent high performance with optimizationv A simplified management experience due to an architecture that eliminates

many traditional planning, setup and maintenance choresv Advanced features including snapshot, synchronous and asynchronous

replication, multi-tenancy, QoS, and support for open cloud standards.

Spectrum Accelerate runs as a virtual machine concurrently on several VMwarevSphere ESXi hypervisors, allowing the creation of a server-based storage areanetwork (SAN) from commodity hardware that includes x86-64 servers, Ethernetswitches, solid state drives (SSDs), and high-density disk drives. Runningalongside other virtual appliances on the same ESXi server, Spectrum Accelerateworks by efficiently grouping virtual nodes with the underlying physical disks andspreading the data evenly across the nodes, creating a single, provisioning-readyvirtual array. It cost-effectively uses any standard data center network for bothinter-node and host connectivity.

© Copyright IBM Corp. 2016 1

http://www.ibm.com/systems/storage/spectrum

Spectrum Accelerate supports any hardware configuration and components thatmeet the minimal requirements, and requires no explicit hardware certification.Scaling of nodes is linear and nondisruptive.

Each individual ESXi host with its single Spectrum Accelerate acts as a virtualstorage system module, which contains 6 to 12 physical disks that SpectrumAccelerate uses. Each storage node, uses a10-Gigabit Ethernet (10 GigE)interconnection with the other Spectrum Accelerate storage nodes to create uniquedata distribution capabilities and other advanced features.

The ESXi hosts can be connected to a vCenter server, although it is not arequirement. If a vCenter server is used, the Spectrum Accelerate storage systemand disk resources can be visually monitored through vSphere Client.

After the Spectrum Accelerate storage system is up and running, it can be used forstorage provisioning over iSCSI, and can be managed with the dedicated IBMManagement Tools (CLI or GUI) or through REST API.

Features and functionalitySpectrum Accelerate is characterized by an advanced set of storage capabilities andfeatures.

Performance

v Cache and disks in every modulev Extremely fast rebuild time in the event of disk failurev Constant, predictable high performance that scales linearly with added

storage enclosures with zero tuningv The use of flash media provides a superior cache hit ratio, as well as

extended cache across all volumes. This boosts performance whilesaving the need to manage tiers

Agility

v Deployment of scale-out storage grids in automated environments inminutes rather than days

v Seamless operation across delivery models—on commodity servers inprivate cloud, with the optimized storage system, and on public cloudinfrastructure

v Ability to re-purpose servers at any time to improve utilization

Quality of Service (QoS)

v Ability to restrict the performance associated with selected tenants (in amulti-tenant setting), storage pools, or hosts

v Ability to establish different performance tiers without a need forphysical tiering

v Sustainable high performance without any manual orsystem-background tuning

Reliability

v Resilience during hardware failures, ability to continue functioning withminimal performance impact

v Data mirroring guarantees that the data is always protected againstpossible failure

v Fault tolerance, failure analysis, and self-healing algorithms

2 IBM Spectrum Accelerate: Product Overview

v No single-point-of-failure

Connectivity

v iSCSI interfacev Multiple host access

Multi-tenancy

v Allocation of storage resources to several independent administrators,assuring that one administrator cannot access resources associated withanother administrator

v Isolation of tenants; storage domain administrators are not informed ofresources outside their storage domain

Hyper-Scale Manager

v Easy-to-use Graphical User Interface (GUI) management dashboardbased on the IBM Management Tool

v Compliance with any browser-enabled device, from desktops to iOS andAndroid mobile devices

IBM Hyper-Scale Consistency

v Support of cross-system consistencyv Coordinated snapshots across independent Spectrum Accelerate and

storage systemsv Full data protection across multiple Spectrum Accelerate and storage

systems

Snapshots

v Innovative snapshot functionality, including support for practicallyunlimited number of snapshots, snap-of-snap and restore-from-snap

Replication

v Synchronous and asynchronous replication of a volume (as well as aconsistency group) to a remote system

Ease of management

v Standard data management across the data centerv Tune-free, scaling enables management of large, dynamic storage

capacities with minimal overhead and trainingv Non-disruptive maintenance and upgradesv Management software with graphical user interface (GUI), the IBM

Hyper-Scale Manager, and a command-line interface (CLI)v A mobile dashboard accessible from any browser-enabled device, from

desktops to iOS and Android mobile devicesv Notifications of events delivered through e-mail, SNMP, or SMS

messages

HardwareFor information on hardware requirements, consult the IBM Spectrum AcceleratePlanning, Deployment, and Operation Guide.

Management optionsSpectrum Accelerate provides several management options.

Chapter 1. Introduction 3

GUI, CLI, and REST API and OpenStack management applicationsLike other IBM Spectrum Storage offerings,Spectrum Accelerate includes anintuitive, easy-to-use Graphical User Interface (GUI) managementdashboard, and integrates with IBM Spectrum Control for consolidatedmanagement. The IBM Spectrum Accelerate GUI, called the IBMHyper-Scale Manager, can be run on any browser enabled device, fromdesktops to iOS and Android mobile devices.

An advanced CLI management fully supports scripting and automation.

Web service APIs adhere to the Representational State Transfer (REST)architecture.

OpenStack, open source software for creating public and private clouds.

SNMPThird-party SNMP-based monitoring tools are supported using SpectrumAccelerate MIB.

E-mail notificationsSpectrum Accelerate can notify users, applications or both through e-mailmessages regarding failures, configuration changes, and other importantinformation.

SMS notificationsUsers can be notified through SMS of any system event.

ReliabilitySpectrum Accelerate reliability features include data mirroring, spare storagecapacity, self-healing mechanisms, and data virtualization.

Data mirroringData arriving from the host for storage is temporarily placed in two separatecaches before it is permanently written to two disk drives located in separatemodules.

This guarantees that the data is always protected against possible failure ofindividual modules, and this protection is in effect even before data has beenwritten to the nonvolatile disk media.

Self-healing mechanismsSpectrum Accelerate includes built-in functions for self-healing to take care ofindividual component malfunctions and to automatically restore full dataredundancy in the system within minutes.

Self-healing functions in Spectrum Accelerate increase the level of reliability ofyour stored data. Automatic restoration of data redundancy after hardwarefailures, class-leading rebuild speed and smart ‘call home’ support help ensurereliability and performance at all times with minimal human effort.

Self-healing mechanisms are not just started in a reactive fashion following anindividual component malfunction, but also proactively - upon detection ofconditions indicating potential imminent failure of a component. Often, potentialproblems are identified well before they might occur with the help of advancedalgorithms of preventive self-analysis that are continually running in thebackground.


In all cases, self-healing mechanisms implemented in Spectrum Accelerate identifyall data portions in the system for which a second copy has been corrupted or is indanger of being corrupted. Spectrum Accelerate creates a secure second copy outof the existing copy, and stores it in the most appropriate part of the system.Taking advantage of the full data virtualization, and based on the data distributionschemes implemented in Spectrum Accelerate, such processes are completed withminimal data migration.

As with all other processes in the system, the self-healing mechanisms arecompletely transparent to the user, and the regular activity of responding to I/Odata requests is thoroughly maintained with no degradation to systemperformance. Performance, load balance, and reliability are never compromised bythis activity.

Protected cacheSpectrum Accelerate cache writes are protected. Cache memory on a module isprotected with error correction coding (ECC).

All write requests are written to two separate cache modules before the host isacknowledged. The data is later de-staged to disks.

PerformanceSpectrum Accelerate is a high performance software-defined storage productdesigned to help enterprises overcome storage challenges through an exceptionalmix of characteristics and capabilities.

Breakthrough architecture and designThe design of Spectrum Accelerate enables performance optimizationtypically unattainable by traditional architectures. This optimization resultsin superior utilization of system resources and automatic workloaddistribution across all system hard drives. It also empowers administratorsto tap into the system’s rich set of built-in, advanced functionality such asthin provisioning, mirroring and snapshots without adversely affectingperformance.

Consistent, predictable performance and scalabilitySpectrum Accelerate can optimize load distribution across all disks for allworkloads, coupled with a powerful distributed cache implementation.This facilitates high performance, that scales linearly with added storageenclosures. Because this high performance is consistent—without the needfor manual tuning—users can enjoy the same high performance during thetypical peaks and troughs associated with volume and snapshot usagepatterns, even after a component failure.

Resilience and self-healingSpectrum Accelerate maintains resilience during hardware failures,continuing to function with minimal performance impact. Additionally, thesolution’s advanced self-healing capabilities allow it to withstandadditional hardware failures once it recovers from the initial failure.

Automatic optimization and managementUnlike traditional storage solutions, Spectrum Accelerate automaticallyoptimizes data distribution through hardware configuration changes, suchas component additions, replacements or failure. This helps eliminate theneed for manual tuning or optimization.


FunctionalitySpectrum Accelerate functions include point-in-time copying, automaticnotifications, and ease of management.

Snapshot managementSpectrum Accelerate provides powerful snapshot mechanisms for creatingpoint-in-time copies of volumes.

The snapshot mechanisms include the following features:v Differential snapshots, where only the data that differs between the source

volume and its snapshot consumes storage spacev Instant creation of a snapshot without any interruption of the application,

making the snapshot available immediatelyv Writable snapshots, which can be used for a testing environment; storage space

is only required for actual data changesv Snapshot of a writable snapshot can be takenv High performance that is independent of the number of snapshots or volume

sizev The ability to restore from snapshot to volume or snapshot

Consistency groups for snapshotsVolumes can be put in a consistency group to facilitate the creation of consistentpoint-in-time snapshots of all the volumes in a single operation.

This is essential for applications that use several volumes concurrently and need aconsistent snapshot of all these volumes at the same point in time.

Storage poolsStorage pools are used to administer the storage resources of volumes andsnapshots.

The storage space can be administratively portioned into storage pools to enablethe control of storage space consumption for specific applications or departments.

Remote monitoring and diagnosticsSpectrum Accelerate can email important system events to IBM Support.

This allows IBM to immediately detect hardware failures warranting immediateattention and react swiftly (for example, dispatch service personnel). Additionally,IBM support personnel can conduct remote support and generate diagnostics forboth maintenance and support purposes. All remote support is subject to customerpermission and remote support sessions are protected with a challenge responsesecurity mechanism.

SNMPThird-party SNMP-based monitoring tools are supported for the SpectrumAccelerate MIB.


MultipathingThe parallel design underlying the activity of the Host Interface modules and thefull data virtualization achieved in the system implement thorough multipathingaccess algorithms.

Thus, as the host connects to the system through several independent ports, eachvolume can be accessed directly through any of the Host Interface modules, andno interaction has to be established across the various modules of the HostInterface array.

Automatic event notificationsThe system can be set to automatically transmit appropriate alarm notificationmessages through SNMP traps, or email messages.

The user can configure various triggers for sending events and various destinationsdepending on the type and severity of the event. The system can also beconfigured to send notifications until a user acknowledges their receipt.

Management through GUI and CLISpectrum Accelerate provides the user-friendly and intuitive XIV GUI applicationand CLI commands to configure and monitor the system.

These feature the same comprehensive system management functionality as XIV,encompassing hosts, volumes, consistency groups, storage pools, snapshots,mirroring relationships, events, and more.

External replication mechanismsExternal replication and mirroring mechanisms in Spectrum Accelerate are anextension of the internal replication mechanisms and of the overall functionality ofthe system.

These features provide protection against a site disaster to ensure productioncontinues. The mirroring can be performed over iSCSI connections, and thehost-to-storage protocol is independent of the mirroring protocol.

Support for solid-state drive (SSD) cachingSolid-state drive (SSD) caching, available as an option, provides up to four timesfaster performance for application workloads, without the need for setup,administration, or migration policies.

The SSD extended caching option adds from 500 through 800 GB read cachecapacity to each module. For example, adding 500 GB read cache capacity to eachmodule in a fully populated configuration (15 modules) creates a total of 7.5 TB.Spectrum Accelerate manages the flash caching. There is nothing that the storageadministrator must configure. The storage administrator can enable or disable theextended flash cache at the system level or on a per host volume level. Thesoftware dynamically and uses the flash as an extended read cache to boostapplication performance.

Flash caching with SSD provides a significant advantage when compared tocaching over tiering with SSDs. Tiering with SSDs limits caching of data sets tospecific applications, requires constant analysis and frequent writing from cache todisk and could involve rebalancing of SSD resources to suit evolving workloads.


SSD caching, on the other hand, brings improved performance to all applicationsserved by the storage system without the planning complexities and resourcesrequired by SSD tiering.

Finally, the Spectrum Accelerate SSD caching design provides administrators withthe flexibility to define the applications they would like to accelerate should theywish to single out particular workloads. Although by default the cache is madeavailable to all applications, it may be easily restricted to select volumes if desired;volumes containing logs, history data, large images or inactive data can beexcluded. Ultimately, this means that the SSD cache can store more dynamic data.

UpgradabilitySpectrum Accelerate is available in a partial rack system comprised of as few asthree (3) modules, or as many as fifteen (15) modules per rack.

Partial rack systems may be upgraded by adding data and interface modules, upto the maximum of fifteen (15) modules per rack.

The system supports a non-disruptive upgrade of the system, as well as hotfixupdates.


Chapter 2. Connectivity

This chapter describes the way the storage system connects internally andexternally.

IP and interface connectivityIntroduces various configuration options of the storage system.

Host system attachmentIntroduces various topics regarding the way the storage system connects toits hosts.

IP and Ethernet connectivityThe following topics provide a basic explanation of the various Ethernet ports andIP interfaces that can be defined and various configurations that are possiblewithin the Spectrum Accelerate.

The Spectrum Accelerate IP connectivity provides:v iSCSI services over IP or Ethernet networksv Management communication

Ethernet portsThe following types of Ethernet ports are supported.

iSCSI service portsThese ports are used for iSCSI over IP or Ethernet services. A fullyequipped rack is configured with six Ethernet ports for iSCSI service.These ports should connect to the user's IP network and provideconnectivity to the iSCSI hosts. The iSCSI ports can also acceptmanagement connections.

Management portsThese ports are dedicated for CLI and GUI communications, as well asbeing used for outgoing SNMP and SMTP connections. A fully equippedrack contains three management ports.

Interconnect portsThese ports are used for intra-cluster communication. They are configuredwhen the system is first deployed. This connectivity is critical for thefunctionality of the system.

Management connectivityManagement connectivity is used for the following functions.v Spectrum Accelerate uses the XIV Management Tools with IBM Hyper-Scale

Manager - an advanced web-based graphical user interface (GUI) from whichone or more IBM Spectrum Accelerate™ Family system can be managed andmonitored in real time from a web browser. The management dashboard can berun on any browser enabled device, from desktops to iOS and Android mobiledevices.

v Executing XIV CLI commands through the IBM XIV command-line interface(XCLI)

v Sending e-mail notification messages and SNMP traps about event alerts


To ensure management redundancy in case of module failure, in addition to theIBM Hyper-Scale Manager dashboard, Spectrum Accelerate supports managementfunctions that are accessible from three different IP addresses. Each of the three IPaddresses is handled by a different hardware module. The various IP addresses aretransparent to the user and management functions can be performed through anyof the IP addresses. These addresses can be accessed simultaneously by multipleclients. Users only need to configure the IBM Hyper-Scale Manager or XCLI for theset of IP addresses that are defined for the specific system. Spectrum Acceleratealso features on-the-go management through a special Mobile Dashboard thatworks with Apple iOS and Android devices.

Note: All management IP interfaces must be connected to the same subnet and usethe same network mask, gateway, and MTU.

IBM Hyper-Scale Manager dashboard

Like other IBM Spectrum Storage offerings, IBM Spectrum™ Accelerate includes theIBM Hyper-Scale Manager, which is based on the XIV Management Tool (GUI)which can integrate with IBM Spectrum Control Base Edition (SCBE) forconsolidated management. The IBM Hyper-Scale Manager can be run on anybrowser enabled device, from desktops to iOS and Android mobile devices to letclients manage technical and administrative operations through a mobiledashboard at the tap of a screen. In the era of real-time data management, mobilemanagement of storage can help reduce storage downtime, data overload,over-provisioning and application disruption.

XCLI and IBM Hyper-Scale Manager system management

The Spectrum Accelerate management connectivity system allows users to managethe system from both the XCLI and IBM Hyper-Scale Manager. Accordingly, theXCLI and IBM Hyper-Scale Manager can be configured to manage the systemthrough iSCSI IP interfaces. Both XCLI and IBM Hyper-Scale Managermanagement is run over TCP port 7778 with all traffic encrypted through theSecure Sockets Layer (SSL) protocol.

System-initiated IP communication

IBM storage systems can also initiate IP communications to send event alerts asnecessary. Two types of system-initiated IP communications exist:

Sending e-mail notifications through the SMTP protocolE-mails are used for both e-mail notifications and for SMS notificationsthrough the SMTP to SMS gateways.

Sending SNMP traps

Note: SMPT and SNMP communications can be initiated from any of thethree IP addresses. This is different from XCLI and IBM Hyper-ScaleManager, which are user initiated. Accordingly, it is important to configureall three IP interfaces and to verify that they have network connectivity.

Interconnect connectivityInterconnect connectivity is used for all communication between system modules.This includes:v Data trafficv Cluster monitoring


v Housekeeping operations

Host system attachmentSpectrum Accelerate attaches to hosts of various operating systems.

The Spectrum Accelerate system can be attached to hosts through a complementaryHost Attachment Kit (HAK) utilities. For more information, see 'Platform andapplication integration'.

Note: The term host system attachment was previously known as host connectivity ormapping.

Dynamic rate adaptationSpectrum Accelerate provides a mechanism for handling insufficient bandwidthand external connections for the mirroring process.

The mirroring process replicates a local site on a remote site (see the Chapter 6,“Synchronous remote mirroring,” on page 39 and Chapter 7, “Asynchronousremote mirroring,” on page 51 chapters later in this document). To accomplish this,the process depends on the availability of bandwidth between the local and remotestorage systems.

The mirroring process sync rate attribute determines the bandwidth that isrequired for a successful mirroring. Manually configuring this attribute, the usertakes into account the availability of bandwidth for the mirroring process, whereSpectrum Accelerate adjusts itself to the available bandwidth. Moreover, in somecases the bandwidth is sufficient, but external IOs latency causes the mirroringprocess to fall behind incoming IOs, thus to repeat replication jobs that werealready carried out, and eventually to under-utilize the available bandwidth even ifit was adequately allocated.

Spectrum Accelerate prevents IO time-outs through continuously measuring the IOlatency. Excess incoming IOs are pre-queued until they can be submitted. Themirroring rate dynamically adapts to the number of pre-queued incoming IOs,allowing for a smooth operation of the mirroring process.

Attaching volumes to hostsWhile Spectrum Accelerate identifies volumes and snapshots by name, hostsidentify volumes and snapshots according to their logical unit number (LUN).

A LUN (logical unit number) is an integer that is used when attaching a system'svolume to a registered host. Each host can access some or all of the volumes andsnapshots on the storage system, up to a set maximum. Each accessed volume orsnapshot is identified by the host through a LUN.

For each host, a LUN identifies a single volume or snapshot. However, differenthosts can use the same LUN to access different volumes or snapshots.

Excluding LUN0LUN0 cannot be used as a normal LUN.

Chapter 2. Connectivity 11

LUN0 can be mapped to a volume just like other LUNs. However, when novolume is mapped to LUN0, the IBM XIV Host Attachment Kit (HAK) is using itto discover the LUN array. Hence, we recommend not to use LUN0 as a normalLUN.

Advanced host attachmentSpectrum Accelerate provides flexible host attachment options.

The following host attachment options are available:v Definition of different volume mappings for different ports on the same hostv Support for hosts that have iSCSI ports.

CHAP authentication of iSCSI hostsThe MS-CHAP extension enables authentication of initiators (hosts) toSpectrumAccelerate and vice versa in unsecured environments.

When CHAP support is enabled, hosts are securely authenticated by SpectrumAccelerate. This increases overall system security by verifying that onlyauthenticated parties are involved in host-storage interactions.

Definitions

The following definitions apply to authentication procedures:

CHAP Challenge Handshake Authentication Protocol

CHAP authenticationAn authentication process of an iSCSI initiator by a target throughcomparing a secret hash that the initiator submits with a computed hash ofthat initiator's secret which is stored on the target.

InitiatorThe host.

Oneway (unidirectional CHAP)CHAP authentication where initiators are authenticated by the target, butnot vice versa.

Supported configurations

CHAP authentication typeOneway (unidirectional) authentication mode, meaning that the Initiator(host) has to be authenticated by the Spectrum Accelerate.

MDS CHAP authentication utilizes the MDS hashing algorithm.

Access scopeCHAP-authenticated Initiators are granted access to the SpectrumAccelerate via mapping that may restrict access to some volumes.

Authentication modes

Spectrum Accelerate supports the following authentication modes:

None (default)In this mode, an initiator is not authenticated by the Spectrum Accelerate.


CHAP (oneway)In this mode, an initiator is authenticated by the Spectrum Acceleratebased on the pertinent initiator's submitted hash, which is compared to thehash computed from the initiator's secret stored on the IBM XIV StorageSystem.

Changing the authentication mode from None to CHAP requires an authenticationof the host. Changing the mode from CHAP to None doesn't require anauthentication.

Complying with RFC 3720

Spectrum Accelerate CHAP authentication complies with the CHAP requirementsas stated in RFC 3720. on the following Web site:http://tools.ietf.org/html/rfc3720

Secret lengthThe secret has to be between 96 bits and 128 bits; otherwise, the systemfails the command, responding that the requirements are not fulfilled.

Initiator secret uniquenessUpon defining or updating an initiator (host) secret, the system comparesthe entered secret's hash with existing secrets stored by the system anddetermines whether the secret is unique. If it is not unique, the systempresents a warning to the user, but does not prevent the command fromcompleting successfully.

Clustering hosts into LUN mapsTo enhance the management of hosts, Spectrum Accelerate allows clustering themtogether, where the clustered hosts are provided with identical mappings.

The mapping of volumes to LUN identifiers is defined per cluster and applies toall of the hosts in the cluster.

Adding a host to a clusterAdding a host to a cluster is a straightforward action in which a host isadded to a cluster and is connected to a LUN:v Changing the host's mapping to the cluster's mapping.v Changing the cluster's mapping to be identical to the mapping of the

newly added host.

Removing a host from a clusterThe host is disbanded from the cluster, maintaining its connection to theLUN:v The host's mapping remains identical to the mapping of the cluster.v The mapping definitions do not revert to the host's original mapping

(the mapping that was in effect before the host was added to thecluster).

v The host's mapping can be changed.

Note:

v Spectrum Accelerate defines the same mapping to all of the hosts of the samecluster. No hierarchy of clusters is maintained.

v Mapping a volume to a LUN that is already mapped to a volume.v Mapping an already mapped volume to another LUN.


http://tools.ietf.org/html/rfc3720

http://tools.ietf.org/html/rfc3720

Volume mappings exceptionsSpectrum Accelerate facilitates association of cluster mappings to a host that isadded to a cluster.

The system also facilitates easy specification of mapping exceptions for such host;such exceptions are warranted to accommodate cases where a host must have amapping that is not defined for the cluster (e.g., Boot From SAN).

Mapping a volume to a host within a cluster It is impossible to map a volume or a LUN that are already mapped.

For example, the host host1 belongs to the cluster cluster1 which has amapping for the volume vol1 to lun1:1. Mapping host1 to vol1 and lun1 fails as both volume and LUN are

already mapped.2. Mapping host1 to vol2 and lun1 fails as the LUN is already mapped.3. Mapping host1 to vol1 and lun2 fails as the volume is already mapped.4. Mapping host1 to vol2 and lun2 succeeds with a warning that the

mapping is host-sepcific.

Listing volumes that are mapped to a host/cluster Mapped Hosts that are part of a Cluster are listed (that is, the list is at aHost-level rather than Cluster-level).

Listing mappings For each Host, the list indicates whether it belongs to a Cluster.

Adding a host to a cluster Previous mappings of the Host are removed, reflecting the fact that theonly relevant mapping to the Host is the Cluster's.

Removing a host from a cluster The Host regains its previous mappings.

Support for VMware extended operationsSpectrum Accelerate supports VMware extended operations (VMware vStorageAPIs).

The purpose of the VMware extended operations is to offload operations from theVMware Server onto the storage system. Spectrum Accelerate supports thefollowing operations:

Full copyThe ability to copy data from one storage array to another without writingto the ESXi server.

Block zeroingZeroing-out a block as a means for freeing it and make it available forprovisioning.

Hardware-assisted lockingAllowing for locking volumes within an atomic command.

Writing zeroesThe Write Zeroes command allows for zeroing large storage areas without sendingthe zeroes themselves.


Whenever an new VM is created, the ESXi server creates a huge file full of zeroesand sends it to the storage system. The Write Zeroes command is a way to tell astorage controller to zero large storage areas without sending the zeroes. To meetthis goal, both VMware's generic driver and our own plug-in utilizes the WRITESAME 16 command.

This method differs from the former method where the host used to write andsend a huge file full of zeroes.

Note: The write zeroes operation is not a thin provisioning operation, as itspurpose is not to allocate storage space.

Hardware-assisted lockingThe hardware-assisted locking feature utilizes VMware new Compare and Writecommand for reading and writing the volume's metadata within a single operation.

Upon the replacement of SCSI2 reservations mechanism with Compare and Writeby VMware, the Spectrum Accelerate provides a faster way to change the metadataspecific file, along with eliminating the necessity to lock all of the files during themetadata change.

The legacy VMware SCSI2 reservations mechanism is utilized whenever the VMserver performs a management operation, that is to handle the volume's metadata.This method has several disadvantages, among them the mandatory overall lock ofaccess to all volumes, which implies that all other servers are refrained fromaccessing their own files. In addition, the SCSI2 reservations mechanism entailsperforming at least four SCSI operations (reserve, read, write, release) in order toget the lock.

The introduction of the new SCSI command, called Compare and Write (SBC-3,revision 22), results with a faster mechanism that is displayed to the volume as anatomic action that does not require to lock any other volume.

Note: The Spectrum Accelerate supports single-block Compare and Writecommands only. This restriction is carried out in accordance with VMware.

Backwards compatibility

The Spectrum Accelerate maintains its compatibility with older ESX versions asfollows:v Each volume is capable of connecting legacy hosts, as it still supports SCSI

reservations.v Whenever a volume is blocked by the legacy SCSI reservations mechanism, it is

not available for an arriving COMPARE AND WRITE command.v The Admin is expected to phase out legacy VM servers to fully benefit from the

performance improvement rendered by the hardware-assisted locking feature.

Fast copyThe Fast Copy functionality allows for VM cloning on the storage system withoutgoing through the ESXi server.

The Fast copy functionality speeds up the VM cloning operation by copying datainside the storage system, rather than issuing READ and WRITE requests from thehost. This implementation provide a great improvement in performance, since it


saves host to storage system intra-storage system communication. Instead, thefunctionality utilizes the huge bandwidth within the storage system.

QoS performance classesSpectrum Accelerate allows the user to allocate more I/O rates for importantapplications.

The QoS Performance Classes feature allows the user to restrict I/O for specifiedhosts, pools or tenants, thereby maximizing performance for other applications thatare considered to be more important, through prioritizing their hosts—and withoutincurring data movement. Each of the hosts that are connected to the storagesystem is associated with a group. This group is attributed with a rate limitation.

This limitation attribute and the association of host with the group limit the I/Orates of a specified host in the following way:v Host rate limitation groups are independent of other forms of host grouping (i.e.

Clusters)v The group can be associated with an unlimited number of hostsv By default, the host is not associated with any host rate limiting group

Max bandwidth limit attribute

The host rate limitation group has a max bandwidth limit attribute, which is thenumber of blocks per second. This number could be either:v A value between min_rate_limit_bandwidth_blocks_per_sec and

max_rate_limit_bandwidth_blocks_per_sec (both are available from the storagesystem's configuration).

v Zero (0) for unlimited bandwidth.


Chapter 3. Storage pools

Spectrum Accelerate partitions the storage space into storage pools, where eachvolume belongs to a specific storage pool.

Storage pools provide the following benefits:

Improved management of storage spaceSpecific volumes can be grouped together in a storage pool. This enablesyou to control the allocation of a specific storage space to a specific groupof volumes. This storage pool can serve a specific group of applications, orthe needs of a specific department.

Improved regulation of storage spaceSnapshots can be automatically deleted when the storage capacity that isallocated for snapshots is fully consumed. This automatic deletion isperformed independently on each storage pool. Therefore, when the sizelimit of the storage pool is reached, only the snapshots that reside in theaffected storage pool are deleted. For more information, see “The snapshotauto-delete priority” on page 26.

Facilitating thin provisioning Thin provisioning is enabled by Storage Pools.

Storage pools as logical entities

A storage pool is a logical entity and is not associated with a specific disk ormodule. All storage pools are equally spread over all disks and all modules in thesystem.

As a result, there are no limitations on the size of storage pools or on theassociations between volumes and storage pools. For example:v The size of a storage pool can be decreased, limited only by the space consumed

by the volumes and snapshots in that storage pool.v Volumes can be moved between storage pools without any limitations, as long

as there is enough free space in the target storage pool.

Note: For the size of the storage pool, please refer to the Spectrum Accelerate datasheet.

All of the above transactions are accounting transactions, and do not impose anydata copying from one disk drive to another. These transactions are completedinstantly.

For information on volumes and snapshots, go to Chapter 4, “Volumes andsnapshots,” on page 21.

Moving volumes between storage pools

For a volume to be moved to a specific storage pool, there must be enough roomfor it to reside there. If a storage pool is not large enough, the storage pool must beresized, or other volumes must be moved out to make room for the new volume.


A volume and all its snapshots always belong to the same storage pool. Moving avolume between storage pools automatically moves all its snapshots together withthe volume.

Protecting snapshots on a storage pool levelSnapshots that participates in the mirroring process can be protected in case ofstorage pool space depletion.

This is done by attributing both snapshots (or snapshot groups) and the storagepool with a deletion priority. The snapshots are attributed with a deletion prioritybetween 0–4 and the storage pool is configured to disregard snapshots whosepriority is above a specific value. Snapshots with a lower delete priority (i.e.,higher number) than the configured value might be deleted by the systemwhenever the Pool space depletion mechanism implies so, thus protectingsnapshots with a priority equal or higher to this value.

Thin provisioningSpectrum Accelerate supports thin provisioning, which provides the ability todefine logical volume sizes that are much larger than the physical capacityinstalled on the system.

Physical capacity needs only to accommodate written data, while parts of thevolume that have never been written to do not consume physical space.

This chapter discusses:v Volume hard and soft sizesv System hard and soft sizesv Pool hard and soft sizesv Depletion of hard capacity

Volume hard and soft sizes

Without thin provisioning, the size of each volume is both seen by the hosts andreserved on physical disks. Using thin provisioning, each volume is associatedwith the following two sizes:

Hard volume sizeThis reflects the total size of volume areas that were written by hosts. Thehard volume size is not controlled directly by the user and depends onlyon application behavior. It starts from zero at volume creation orformatting and can reach the volume soft size when the entire volume hasbeen written. Resizing of the volume does not affect the hard volume size.

Soft volume sizeThis is the logical volume size that is defined during volume creation orresizing operations. This is the size recognized by the hosts and is fullyconfigurable by the user. The soft volume size is the traditional volumesize used without thin provisioning.


System hard and soft size

Using thin provisioning, each Spectrum Accelerate is associated with a hard systemsize and soft system size. Without thin provisioning, these two are equal to thesystem's capacity. With thin provisioning, these concepts have the followingmeaning:

Hard system sizeThis is the physical disk capacity that was installed. Obviously, thesystem's hard capacity is an upper limit on the total hard capacity of allthe volumes. The system's hard capacity can only change by installing newhardware components (disks and modules).

Soft system sizeThis is the total limit on the soft size of all volumes in the system. It can beset to be larger than the hard system size, up to 79TB. The soft system sizeis a purely logical limit, but should not be set to an arbitrary value. It mustbe possible to upgrade the system's hard size to be equal to the soft size,otherwise applications can run out of space. This requirement means thatenough floor space should be reserved for future system hardwareupgrades, and that the cooling and power infrastructure should be able tosupport these upgrades. Because of the complexity of these issues, thesetting of the system's soft size can only be performed by SpectrumAccelerate support.

Pool hard and soft sizes

The concept of storage pool is also extended to thin provisioning. When thinprovisioning is not used, storage pools are used to define capacity allocation forvolumes. The storage pools control if and which snapshots are deleted when thereis not enough space.

When thin provisioning is used, each storage pool has a soft pool size and a hardpool size, which are defined and used as follows:

Hard pool sizeThis is the physical storage capacity allocated to volumes and snapshots inthe storage pool. The hard size of the storage pool limits the total of thehard volume sizes of all volumes in the storage pool and the total of allstorage consumed by snapshots. Unlike volumes, the hard pool size is fullyconfigured by the user.

Soft pool sizeThis is the limit on the total soft sizes of all the volumes in the storagepool. The soft pool size has no effect on snapshots.

Thin provisioning is managed for each storage pool independently. Each storagepool has its own soft size and hard size. Resources are allocated to volumes withinthis storage pool without any limitations imposed by other storage pools. This is anatural extension of the snapshot deletion mechanism, which is applied evenwithout thin provisioning. Each storage pool has its own space, and snapshotswithin each storage pool are deleted when the storage pool runs out of spaceregardless of the situation in other storage pools.

The sum of all the soft sizes of all the storage pools is always the same as thesystem's soft size and the same applies to the hard size.

Chapter 3. Storage pools 19

Storage pools provide a logical way to allocate storage resources per application orper groups of applications. With thin provisioning, this feature can be used tomanage both the soft capacity and the hard capacity.

Depletion of hard capacity

Thin provisioning creates the potential risk of depleting the physical capacity. If aspecific system has a hard size that is smaller than the soft size, the system willrun out of capacity when applications write to all the storage space that is mappedto hosts. In such situations, the system behaves as follows:

Snapshot deletionSnapshots are deleted to provide more physical space for volumes. Thesnapshot deletion is based on the deletion priority and creation time.

Volume lockingIf all snapshots have been deleted and more physical capacity is stillrequired, all the volumes in the storage pool are locked and no writecommands are allowed. This halts any additional consumption of hardcapacity.

Note: Space that is allocated to volumes that is unused (that is, the differencebetween the volume's soft and hard size) can be used by snapshots in the samestorage pool.

The thin provisioning implementation with Spectrum Accelerate manages spaceallocation per storage pool. Therefore, one storage pool cannot affect anotherstorage pool. This scheme has the following advantages and disadvantages:

Storage pools are independentStorage pools are independent in respect to the aspect of thin provisioning.Thin provisioning volume locking on one storage pool does not create aproblem in another storage pool.

Space cannot be reused across storage poolsEven if a storage pool has free space, this free space is never reused foranother storage pool. This creates a situation where volumes are lockeddue to the depletion of hard capacity in one storage pool, while there isavailable capacity in another storage pool.

Important: If a storage pool runs out of hard capacity, all of its volumes are lockedto all write commands. Although write commands that overwrite existing data canbe technically serviced, they are blocked to ensure consistency.


Chapter 4. Volumes and snapshots

Volumes are the basic storage data units in Spectrum Accelerate.

Snapshots of volumes can be created, where a snapshot of a volume represents thedata on that volume at a specific point in time.

Volumes can also be grouped into larger sets called Consistency Groups andStorage Pools.

The basic hierarchy may be described as follows:v A volume can have multiple snapshots.v A volume can be part of one and only one Consistency Group.v A volume is always a part of one and only one Storage Pool.v All volumes in a Consistency Group must belong to the same Storage Pool.

The following subsections deal with volumes and snapshots specifically.

The volume life cycleThe volume is the basic data container that is presented to the hosts as a logicaldisk.

The term volume is sometimes used for an entity that is either a volume or asnapshot. Hosts view volumes and snapshots through the same protocol.Whenever required, the term master volume is used for a volume to clearlydistinguish volumes from snapshots.

Each volume has two configuration attributes: a name and a size. The volumename is an alphanumeric string that is internal to Spectrum Accelerate and is usedto identify the volume to both the GUI and CLI commands. The volume name isnot related to the SCSI protocol. The volume size represents the number of blocksin the volume that the host sees.

The volume can be managed by the following commands:

Create Defines the volume using the attributes you specify

Resize Changes the virtual capacity of the volume. For more information, see“Thin provisioning” on page 18.

Copy Copies the volume to an existing volume or to a new volume

FormatClears the volume

Lock Prevents hosts from writing to the volume

UnlockAllows hosts to write to the volume

RenameChanges the name of the volume, while maintaining all of the volumespreviously defined attributes

Delete Deletes the volume. See Instant Space Reclamation.


The following query commands list volumes:

Listing VolumesThis command lists details of all volumes, or a specific volume accordingto a given volume or pool.

Finding a Volume Based on a SCSI Serial NumberThis command prints the volume name according to its SCSI serialnumber.

These commands are available when you use both the IBM XIV StorageManagement GUI and the IBM XIV command-line interface (XCLI). See the IBMXIV Storage System XCLI User Manual for the commands that you can issue in theXCLI.

Figure 1 shows the commands you can issue for volumes.

Support for Symantec Storage Foundation Thin ReclamationSpectrum Accelerate supports Symantec's Storage Foundation Thin ReclamationAPI.

Spectrum Accelerate features instant space reclamation functionality, enhancing theexisting Thin Provisioning capability. The new instant space reclamation functionallows users to optimize capacity utilization, thus saving costs, by allowingsupporting applications, to instantly regain unused file system space inthin-provisioned volumes instantly.

Spectrum Accelerate is one of the first high-end storage systems to offer instantspace reclamation. The new, instant capability enables third party productsvendors, such as Symantec Thin Reclamation, to interlock with SpectrumAccelerate such that any unused space is detected instantly and automatically, andimmediately reassigned to the general storage pool for reuse.

Figure 1. Volume operations


This enables integration with thin-provisioning-aware Veritas File System (VxFS)by Symantec, which enables you to leverage the Spectrum Acceleratethin-provisioning-awareness to attain higher savings in storage utilization.

For example, when data is deleted by the user, the system administrator caninitiate a reclamation process in which Spectrum Accelerate frees the non-utilizedblocks and where these blocks are reclaimed by the available pool of storage.

Instant space reclamation doesn't support space reclamation for the followingobjects:v Mirrored volumesv Volumes that have snapshotsv Snapshots

SnapshotsA snapshot is a logical volume reflecting the contents of a given source volume at aspecific point-in-time.

Spectrum Accelerate uses advanced snapshot mechanisms to create a virtuallyunlimited number of volume copies without impacting performance. Snapshottaking and management are based on a mechanism of internal pointers that allowthe master volume and its snapshots to use a single copy of data for all portionsthat have not been modified.

This approach, also known as Redirect-on-Write (ROW) is an improvement of themore common Copy-on-Write (COW), which translates into a reduction of I/Oactions, and therefore storage usage.

With Spectrum Accelerate snapshots, no storage capacity is consumed by thesnapshot until the source volume (or the snapshot) is changed.

Redirect on writeSpectrum Accelerate uses the Redirect-on-Write (ROW) mechanism.

The following items are characteristics of using ROW when a write request isdirected to the master volume:1. The data originally associated with the master volume remains in place.2. The new data is written to a different location on the disk.3. After the write request is completed and acknowledged, the original data is

associated with the snapshot and the newly written data is associated with themaster volume.

In contrast with the traditional copy-on-write method, with redirect-on-write theactual data activity involved in taking the snapshot is drastically reduced.Moreover, if the size of the data involved in the write request is equal to thesystem's slot size, there is no need to copy any data at all. If the write request issmaller than the system's slot size, there is still much less copying than with thestandard approach of Copy-on-Write.

In the following example of the Redirect-on-Write process, The volume is displayedwith its data and the pointer to this data.

Chapter 4. Volumes and snapshots 23

When a snapshot is taken, a new header is written first.

The new data is written anywhere else on the disk, without the need to copy theexisting data.

Figure 2. The Redirect-on-Write process: the volume's data and pointer

Figure 3. The Redirect-on-Write process: when a snapshot is taken the header is written first


The snapshot points at the old data where the volume points at the new data (thedata is regarded as new as it keep updating by I/Os).

The metadata established at the beginning of the snapshot mechanism isindependent of the size of the volume to be copied. This approach allows the userto achieve the following important goals:

Continuous backupAs snapshots are taken, backup copies of volumes are produced atfrequencies that resemble those of Continuous Data Protection (CDP). Instantrestoration of volumes to virtually any point in time is easily achieved incase of logical data corruption at both the volume level and the file level.

Figure 4. The Redirect-on-Write process: the new data is written

Figure 5. The Redirect-on-Write process: The snapshot points at the old data where thevolume points at the new data


ProductivityThe snapshot mechanism offers an instant and simple method for creatingshort or long-term copies of a volume for data mining, testing, andexternal backups.

Storage utilizationSpectrum Accelerate allocates space for volumes and their Snapshots in a way thatwhenever a Snapshot is taken, additional space is actually needed only when thevolume is written into.

As long as there is no actual writing into the volume, the Snapshot does not needactual space. However, some applications write into the volume whenever aSnapshot is taken. This writing into the volume mandates immediate spaceallocation for this new Snapshot. Hence, these applications use space lessefficiently than other applications.

The snapshot auto-delete prioritySnapshots are associated with an auto-delete priority to control the order in whichsnapshots are automatically deleted.

Taking volume snapshots gradually fills up storage space according to the amountof data that is modified in either the volume or its snapshots. To free up spacewhen the maximum storage capacity is reached, the system can refer to theauto-delete priority to determine the order in which snapshots are deleted. Ifsnapshots have the same priority, the snapshot that was created first is deletedfirst.

Snapshot name and associationA snapshot can either be taken of a source volume, or from a source snapshot.

The name of a snapshot is either automatically assigned by the system at creationtime or given as a parameter of the XCLI command that creates it. The snapshot'sauto-generated name is derived from its volume's name and a serial number. Thefollowing are examples of snapshot names:MASTERVOL.snapshot_XXXXXNewDB-server2.snapshot_00597

Parameter Description Example

MASTERVOL The name of the volume. NewDB-server2

XXXXX A five-digit, zero filledsnapshot number.

00597

The snapshot lifecycleThe roles of the snapshot determine its life cycle.

Figure 6 on page 27 shows the life cycle of a snapshot.


The following operations are applicable for the snapshot:

Create Creates the snapshot (a.k.a. taking a snapshot)

RestoreCopies the snapshot back onto the volume. The main snapshotfunctionality is the capability to restore the volume.

UnlockingUnlocks the snapshot to make it writable and sets the status to Modified.Re-locking the unlocked snapshot disables further writing, but does notchange the status from Modified.

DuplicateDuplicates the snapshot. Similar to the volume, which can be snapshottedinfinitely, the snapshot itself can be duplicated.

A snapshot of a snapshotCreates a backup of a snapshot that was written into. Taking a snapshot ofa writable snapshot is similar to taking a snapshot of a volume.

Overwriting a snapshotOverwrites a specific snapshot with the content of the volume.

Delete Deletes the snapshot.

Creating a snapshotFirst, a snapshot of the volume is taken. The system creates a pointer to thevolume, hence the snapshot is considered to have been immediately created. This

Figure 6. The snapshot life cycle


is an atomic procedure that is completed in a negligible amount of time. At thispoint, all data portions that are associated with the volume are also associated withthe snapshot.

Later, when a request arrives to read a certain data portion from either the volumeor the snapshot, it reads from the same single, physical copy of that data.

Throughout the volume life cycle, the data associated with the volume iscontinuously modified as part of the ongoing operation of the system. Whenever arequest to modify a data portion on the master volume arrives, a copy of theoriginal data is created and associated with the snapshot. Only then the volume ismodified. This way, the data originally associated with the volume at the time thesnapshot is taken is associated with the snapshot, effectively reflecting the way thedata was before the modification.

Locking and unlocking snapshotsInitially, a snapshot is created in a locked state, which prevents it from beingchanged in any way related to data or size, and only enables the reading of itscontents. This is called an image or image snapshot and represents an exact replica ofthe master volume when the snapshot was created.

A snapshot can be unlocked after it is created. The first time a snapshot isunlocked, the system initiates an irreversible procedure that puts the snapshot in astate where it acts like a regular volume with respect to all changing operations.Specifically, it allows write requests to the snapshot. This state is immediately setby the system and brands the snapshot with a permanent modified status, even ifno modifications were performed. A modified snapshot is no longer an imagesnapshot.

An unlocked snapshot is recognized by the hosts as any other writable volume. Itis possible to change the content of unlocked snapshots, however, physical storagespace is consumed only for the changes. It is also possible to resize an unlockedsnapshot.

Master volumes can also be locked and unlocked. A locked master volume cannotaccept write commands from hosts. The size of locked volumes cannot bemodified.

Duplicating image snapshotsA user can create a new snapshot by duplicating an existing snapshot. Theduplicate is identical to the source snapshot. The new snapshot is associated withthe master volume of the existing snapshot, and appears as if it were taken at theexact moment the source snapshot was taken. For image snapshots that have neverbeen unlocked, the duplicate is given the exact same creation date as the originalsnapshot, rather than the duplication creation date.

With this feature, a user can create two or more identical copies of a snapshot forbackup purposes, and perform modification operations on one of them withoutsacrificing the usage of the snapshot as an untouched backup of the mastervolume, or the ability to restore from the snapshot.

A snapshot of a snapshotWhen duplicating a snapshot that has been changed using the unlock feature, thegenerated snapshot is actually a snapshot of a snapshot. The creation time of thenewly created snapshot is when the command was issued , and its content reflectsthe contents of the source snapshot at the moment of creation.


After it is created, the new snapshot is viewed as another snapshot of the mastervolume.

Restoring volumes and snapshotsThe restoration operation provides the user with the ability to instantly recover thedata of a master volume from any of its locked snapshots.

Restoring volumes

A volume can be restored from any of its snapshots, locked and unlocked.Performing the restoration replicates the selected snapshot onto the volume. As aresult of this operation, the master volume is an exact replica of the snapshot thatrestored it. All other snapshots, old and new, are left unchanged and can be usedfor further restore operations. A volume can even be restored from a snapshot thathas been written to. Figure 7 shows a volume being restored from three differentsnapshots.

Restoring snapshots

The snapshot itself can also be restored from another snapshot. The restoredsnapshot retains its name and other attributes. From the host perspective, thisrestored snapshot is considered an instant replacement of all the snapshot contentwith other content. Figure 8 on page 30 shows a snapshot being restored from two

Figure 7. Restoring volumes


different snapshots.

Full Volume CopyFull Volume Copy overwrites an existing volume, and at the time of its creation it islogically equivalent to the source volume.

After the copy is made, both volumes are independent of each other. Hosts canwrite to either one of them without affecting the other. This is somewhat similar tocreating a writable (unlocked) snapshot, with the following differences andsimilarities:

Creation time and availabilityBoth Full Volume Copy and creating a snapshot happen almost instantly.Both the new snapshot and volume are immediately available to the host.This is because at the time of creation, both the source and the destinationof the copy operation contain the exact same data and share the samephysical storage.

Singularity of the copy operationFull Volume Copy is implemented as a single copy operation into anexisting volume, overriding its content and potentially its size. The existingtarget of a volume copy can be mapped to a host. From the host

Figure 8. Restoring snapshots


perspective, the content of the volume is changed within a singletransaction. In contrast, creating a new writable snapshot creates a newobject that has to be mapped to the host.

Space allocationWith Full Volume Copy, all the required space for the target volume isreserved at the time of the copy. If the storage pool that contains the targetvolume cannot allocate the required capacity, the operation fails and has noeffect. This is unlike writable snapshots, which are different in nature.

Taking snapshots and mirroring the copied volumeThe target of the Full Volume Copy is a master volume. This mastervolume can later be used as a source for taking a snapshot or creating amirror. However, at the time of the copy, neither snapshots nor remotemirrors of the target volume are allowed.

Redirect-on-write implementationWith both Full Volume Copy and writable snapshots, while one volume isbeing changed, a redirect-on-write operation will ensure a split so that theother volume maintains the original data.

PerformanceUnlike writable snapshots, with Full Volume Copy, the copying process isperformed in the background even if no I/O operations are performed.Within a certain amount of time, the two volumes will use different copiesof the data, even though they contain the same logical content. This meansthat the redirect-on-write overhead of writes occur only before the initialcopy is complete. After this initial copy, there is no additional overhead.

AvailabilityFull Volume Copy can be performed with source and target volumes indifferent storage pools.

Snapshot and snapshot group formatThis operation deletes the content of a snapshot - or a snapshot group - whilemaintaining its mapping to the host.

The purpose of the formatting is to allow customers to backup their volumes viasnapshots, while maintaining the snapshot ID and the LUN ID. More than a singlesnapshot can be formatted per volume.

Required reading

Some of the concepts this topic refers to are introduced in this chapter as well as ina later chapter on this document. Consult the following reading list to get a graspregarding these topics.

Snapshots“The snapshot lifecycle” on page 26

Snapshot groups“The snapshot group life cycle” on page 35

Attaching a host“Host system attachment” on page 11

The format operation results with the followingv The formatted snapshot is read-onlyv The format operation has no impact on performance


v The formatted snapshot does not consume spacev Reading from the formatted snapshot always returns zeroesv It can be overriddenv It can be deletedv Its deletion priority can be changed

Restrictions

No unlockThe formatted snapshot is read-only and can't be unlocked.

No volume restoreThe volume that the formatted snapshot belongs to can't be restored fromit.

No restore from another snapshotThe formatted snapshot can't be restored from another snapshot.

No duplicatingThe formatted snapshot can't be duplicated.

No re-formatThe formatted snapshot can't be formatted again.

No volume copyThe formatted snapshot can't serve as a basis for volume copy.

No resizeThe formatted snapshot can't be resized.

Use case1. Create a snapshot for each LUN you would like to backup to, and mount it to

the host.2. Configure the host to backup this LUN.3. Format the snapshot.

4. Re-snap. The LUN ID, Snapshot ID and mapping are maintained.

Restrictions in relation to other Spectrum Accelerate operations

Snapshots of the following types can't be formatted:

Internal snapshotFormatting an internal snapshot hampers the process it is part of, thereforeis forbidden.

Part of a sync jobFormatting a snapshot that is part of a sync job renders the sync jobmeaningless, therefore is forbidden.

Part of a snapshot groupA snapshot that is part of a snapshot group can't be treated as anindividual snapshot.

Snapshot group restrictionsAll snapshot format restrictions apply to the snapshot group formatoperation.


Chapter 5. Consistency groups

Consistency groups can be used to take simultaneous snapshots of multiplevolumes, thus ensuring consistent copies of a group of volumes.

Creating a synchronized snapshot set is especially important for applications thatuse multiple volumes concurrently. A typical example is a database application,where the database and the transaction logs reside on different storage volumes,but all of their snapshots must be taken at the same point in time.

This chapter contains the following sections:

Creating a consistency groupConsistency groups are created empty and volumes are added to them later on.

The consistency groups is an administrative unit of multiple volumes thatfacilitates simultaneous snapshots of multiple volumes, mirroring of volumegroups, and administration of volume sets. Hyper-Scale Consistency - Cross systemconsistency (or snapshot) groups enables a coordinated creation of snapshots forinter-dependent consistency groups on multiple systems. This feature is availableonly through the IBM Hyper-Scale Manager.

Figure 9. The Consistency Group's lifecycle


Taking a snapshot of a Consistency GroupTaking a snapshot for the entire Consistency Group means that a snapshot is takenfor each volume of the Consistency Group at the same point-in-time.

These snapshots are grouped together to represent the volumes of the ConsistencyGroup at a specific point in time.

In Figure 10, a snapshot is taken for each of the Consistency Group's volumes inthe following order:

Time = t0

Prior to taking the snapshots, all volumes in the consistency group areactive and being read from and written to.

Time = t1

When the command to snapshot the consistency group is issued, I/O issuspended .

Time = t2

Snapshots are taken at the same point in time.

Time = t3

I/O is resumed and the volumes continue their normal work.

Figure 10. A snapshot is taken for each volume of the Consistency Group


Time = t4

After the snapshots are taken, the volumes resume active state andcontinue to be read from and written to.

Most snapshot operations can be applied to each snapshot in a grouping, known asa snapshot set. The following items are characteristics of a snapshot set:v A snapshot set can be locked or unlocked. When you lock or unlock a snapshot

set, all snapshots in the set are locked or unlocked.v A snapshot set can be duplicated.v A snapshot set can be deleted. When a snapshot set is deleted, all snapshots in

the set are also deleted.

A snapshot set can be disbanded which makes all the snapshots in the setindependent snapshots that can be handled individually. The snapshot set itself isdeleted, but the individual snapshots are not.

The snapshot group life cycleMost snapshot operations can be applied to snapshot groups, where the operationaffects every snapshot in the group.

Taking a snapshot groupCreates a snapshot group. .

Restoring consistency group from a snapshot groupThe main purpose of the snapshot group is the ability to restore the entireconsistency group at once, ensuring that all volumes are synchronized tothe same point in time. .

Figure 11. Most snapshot operations can be applied to snapshot groups

Chapter 5. Consistency groups 35

Listing a snapshot groupThis command lists snapshot groups with their consistency groups and thetime the snapshots were taken.

Note: All snapshots within a snapshot group are taken at the same time.

Lock and unlockSimilar to unlocking and locking an individual snapshot, the snapshotgroup can be rendered writable, and then be written to. A snapshot groupthat is unlocked cannot be further used for restoring the consistency group,even if it is locked again.

The snapshot group can be locked again. At this stage, it cannot be used torestore the master consistency group. In this situation, the snapshot groupfunctions like a consistency group of its own.

OverwriteThe snapshot group can be overwritten by another snapshot group.

RenameThe snapshot group can be renamed.

Restricted namesDo not prefix the snapshot group's name with any of thefollowing:1. most_recent2. last_replicated

DuplicateThe snapshot group can be duplicated, thus creating another snapshotgroup for the same consistency group with the time stamp of the firstsnapshot group.

Disbanding a snapshot groupThe snapshots that comprise the snapshot group are each related to itsvolume. Although the snapshot group can be rendered inappropriate forrestoring the consistency group, the snapshots that comprise it are stillattached to their volumes. Disbanding the snapshot group detaches allsnapshots from this snapshot group but maintains their individualconnections to their volumes. These individual snapshots cannot restorethe consistency group, but they can restore its volumes individually.

Changing the snapshot group deletion priorityManually sets the deletion priority of the snapshot group.

Deleting the snapshot groupDeletes the snapshot group along with its snapshots.

Restoring a consistency groupRestoring a consistency group is a single action in which every volume thatbelongs to the consistency group is restored from a corresponding snapshot thatbelongs to an associated snapshot group.

Not only does the snapshot group have a matching snapshot for each of thevolumes, all of the snapshots have the same time stamp. This implies that therestored consistency group contains a consistent picture of its volumes as theywere at a specific point in time.


Note: A consistency group can only be restored from a snapshot group that has asnapshot for each of the volumes. If either the consistency group or the snapshotgroup has changed after the snapshot group is taken, the restore action does notwork.

Chapter 5. Consistency groups 37

Chapter 6. Synchronous remote mirroring

Remote mirroring allows replication of data between two geographically remotesites, allowing full data recovery from the remote site in different disasterscenarios.

Remote mirroring can be used to replicate the data between two geographicallyremote sites. The replication ensures uninterrupted business operation if there is atotal site failure.

The process of ensuring that both storage systems contain identical data at alltimes is called remote mirroring. Remote mirroring can be established between tworemote storage systems to provide data protection for the following types of sitedisasters:

Local site failureWhen a disaster occurs at a certain site, the remote site takes over andmaintains full service to the hosts connected to the original site. Themirroring is resumed after the failing site recovers.

Split-brain scenarioAfter a communication loss between the two sites, each site maintains fullservice to the hosts. After the connection is resumed and the link (mirror)is established, the sites complement each other's data to regain fullsynchronization.

Synchronous and asynchronous remote mirroring

The two distinct methods of remote mirroring – synchronous and asynchronous –are described in this chapter and in the following chapter. Throughout this chapter,the term remote mirroring refers to synchronous remote mirroring, unless clearlystated otherwise.

Remote mirroring basic conceptsSynchronous remote mirroring provides continuous availability of criticalinformation in the case of a disaster scenario.

A typical remote mirroring configuration involves the following two sites:

Primary siteThe location of the primary storage system.

A local site that contains both the data and the active servers.

Servers may simultaneously perform primary or secondary roles with respect totheir hosts. As a result, a server at one site can be the primary storage system for aspecific application, while simultaneously being the secondary storage system foranother application.

Secondary siteThe location of the secondary backup storage system.

A remote site that contains a copy of the data and standby servers.Following a disaster at the primary site, the servers at the secondary sitebecome active and start using the copy of the data.


Master volumeThe volume which is mirrored. The master volume is usually located at theprimary site.

Slave volumeThe volume to which the master volume is mirrored. The slave volume isusually located at the secondary site.

Synchronous remote mirroring is performed during each write operation. Thewrite operation issued by a host is applied to both the primary and the secondarystorage systems.

Note: When using remote mirroring with Spectrum Accelerate, data is transferredover the mirror connectivity in uncompressed format. The data is deduplicated andcompressed again after it reaches the remote system.

When a volume is mirrored, reading is performed from the master volume, whilewriting is performed on both the master and the slave volumes, as previouslydescribed.

Synchronous mirroring operationRemote mirroring operations involve configuration, initialization, ongoing operation,handling of communication failures, and role switching.

The following list describes the remote mirroring operations:

ConfigurationConfiguration is the act of defining master and slave volumes for a mirrorrelation.

InitializationRemote mirroring operations begin with a master volume that containsdata and a new slave volume. Next, data is copied from the master volumeto the slave volume. This process is called initialization. Initialization isperformed once in the lifetime of a remote mirroring coupling. After it issuccessfully completed, both volumes are synchronized.

Ongoing operationAfter the initialization process is complete, remote mirroring is activated.During this activity, all data is written to the master volume and to theslave volume. The write operation is complete after an acknowledgment is

Figure 12. Synchronous remote mirroring scheme


received from the slave volume. At any point, the master and slavevolumes contain identical data except for any unacknowledged (pending)writes.

Handling of communication failuresCommunication between sites may break. In this case, the primary sitecontinues its function and updates the secondary site after communicationresumes. This process is called synchronization.

Role switchingWhen needed, a volume can change its role from master to slave or viceversa, either as a result of a disaster at the primary site, maintenanceoperations, or intentionally, to test the disaster recovery procedures.

Using snapshots in synchronous mirroring

The storage system uses snapshots to identify inconsistencies that may arisebetween updates.

If the link between volumes is disrupted or if the mirroring is deactivated, themaster continues accepting host writes, but does not replicate the writes onto theslave. After the mirroring is restored and activated, the system takes a snapshot ofthe slave, which represents the data that is known to be mirrored. This snapshot iscalled the last-consistent snapshot. Only then more recent writes to the master arereplicated to the slave.

The last-consistent snapshot is automatically deleted after the resynchronization iscomplete for all mirrors on the same target. However, if the slave volume role ischanged to master during resynchronization, the last-consistent snapshot will notbe deleted.

Synchronous mirroring configuration and activation optionsThe remote mirroring configuration process involves configuring volumes andvolume pairs.

Volume configuration

The following concepts are to be configured for volumes and the relations betweenthem:

The volume role is the current function of the volume. The following volume rolesare available:

None The volume is created using normal volume creation procedures and is notmirrored.

MasterThe volume is directly written to by the host.

Slave A backup to the master volume.

Data can be read from the slave volume by a host. Data cannot be writtento the slave volume by any host.

Mixed configurationIn some cases, the volumes on a single storage system can be defined in amixed configuration. For example, a storage system can contain volumes

Chapter 6. Synchronous remote mirroring 41

whose role is defined as master, as well as volumes whose role is definedas slave. In addition, some volumes might not be involved in a remotemirroring coupling at all.

Configuration errorIn some cases, configuration on both sides might be changed in anon-compatible way. This is defined as a configuration error. For example,switching the role of only one side when communication is down causes aconfiguration error when connection resumes, because each side isconfigured as a master or slave.

Coupling activation

When a pair of volumes point to each other, it is referred to as a coupling. In acoupling relationship, two volumes, referred to as peers, participate in a remotemirroring system with the slave peer serving as the backup for the master peer.The coupling configuration is identical for both master volumes and slavevolumes.

Remote mirroring can be manually activated and deactivated per coupling. Whenactivated, the coupling is in Active mode. When deactivated, the coupling is inStandby mode.

These modes have the following functions:

Active Remote mirroring is functioning and the data is replicated.

StandbyRemote mirroring is deactivated. The data is not replicated to the slavevolume.

Standby mode is used mainly when maintenance is performed on thesecondary site or during communication failures between the sites. In thismode, the master volumes will not generate mirroring-failure alerts.

The coupling lifecycle has the following characteristics:v When a coupling is created, it is always initially in Standby mode.v Only a coupling in Standby mode can be deleted.

Supported network configurations

Synchronous mirroring supports the following network configurations:v Either Fibre Channel (FC) or iSCSI connectivity can be used for replication,

regardless of the connectivity that is used by the host to access the master.v The remote system must be defined in the remote target connectivity definitions.v All the volumes that belong to the same consistency group must reside on the

same remote system.v Master and slave volumes must have exactly the same size.

Synchronous mirroring statusesThe status of a synchronous remote mirroring volume depends on thecommunication link and on the coupling between the master volume and the slavevolume.


The following table lists the different statuses of a synchronous remote mirroringvolume during remote mirroring operations.

Table 1. Synchronous mirroring statuses

Entity Status type Possible status values Description

Link Operational status v Up

v Down

Specifies if the communicationslink is up or down.

The link status of the mastervolume is also the link status ofthe slave volume.

Coupling Operational status v Operational

v Non-operational

Specifies if remote mirroring isworking.

To be operational, the link statusmust be up and the couplingmust be activated. If the link isdown or if the remote mirroringfeature is in Standby mode, thestatus is Non-operational.

Synchronization status v Initialization

v Synchronized

v Unsynchronized

v Consistent

v Inconsistent

For detailed description of eachstatus, see "Synchronizationstatus" below.

Last-secondary timestamp Point-in-time date Timestamp for when thesecondary volume was lastsynchronized.

Synchronization progress Synchronization status The relative portion of dataremaining to be synchronizedbetween the master and slavevolumes due to non-operationalcoupling.

Secondary-locked Boolean If the slave volume is locked forwriting due to lack of space, theSecondary-locked status is true. Thismay occur during thesynchronization process, whenthere is not enough space for thelast-consistent snapshot.Otherwise, the Secondary-lockedstatus is false.

Configuration error Boolean If the configuration of the masterand slave is volumes isinconsistent., the Configurationerror status is true.

Synchronization status

The synchronization status reflects the consistency of the data between the masterand slave volumes.

Because remote mirroring is for ensuring that the slave volume is an identical copyof the master volume, this status indicates whether this objective is currentlyattained.


The possible synchronization statuses for the master volume are:

InitializationThe first step in remote mirroring is to create a copy of the data from themaster volume to the slave volume. During this step, the coupling statusremains Initialization.

Synchronized (master volume only)This status indicates that all data that was written to the master volumeand acknowledged has also been written to the slave volume. Ideally, themaster and slave volumes should always be synchronized. This does notimply that the two volumes are identical because at any time there mightbe a limited amount of data that was written to one volume, but was notyet acknowledged by the slave volume. These are also known as pendingwrites.

Unsynchronized (master volume only)

After a volume has completed the Initialization stage and achieved theSynchronized status, a volume can become unsynchronized. This occurswhen it is not known whether all the data that was written to the mastervolume was also written to the slave volume. This status occurs in thefollowing cases:v Communications link is down – As a result of the communication link

going down, some data might have been written to the master volume,but was not yet replicated to the slave volume.

v Secondary system is down – This is similar to communication linkerrors because in this state, the primary system is updated while thesecondary system is not.

v Remote mirroring is deactivated – As a result of the remote mirroringdeactivation, some data might have been written to the master volumeand not to the slave volume.

ConsistentThe slave volume is an identical copy of the master volume.

InconsistentThere is a discrepancy between the data on the master and slave volumes.

It is always possible to reestablish the Synchronized status when the link isreestablished or the remote mirroring feature is reactivated, no matter what wasthe reason for the Unsynchronized status.

Because all updates to the master volume that are not written to the slave volumeare recorded, these updates are written to the slave volume. The synchronizationstatus remains Unsynchronized from the time that the coupling is not operationaluntil the synchronization process is completed successfully.

Last-secondary timestamp

A timestamp is taken when the coupling between the master and slave volumesbecomes non-operational.

This time stamp specifies the last time that the slave volume was consistent withthe master volume. This status has no meaning if the coupling's synchronizationstate is still Initialization.


For synchronized coupling, this timestamp specifies the current time. Mostimportantly, for an unsynchronized coupling, this timestamp denotes the timewhen the coupling became non-operational.

The timestamp is returned to current only after the coupling is operational and themaster and slave volumes are synchronized.

Synchronization progress

During the synchronization process, when the slave volumes are being updatedwith previously written data, the volumes are given a dynamic synchronizationprocess status.

This status comprises the following sub-statuses:

Size to completeThe size of data that requires synchronization.

Part to synchronizeThe size to synchronize divided by the maximum size-to-synchronize sincethe last time the synchronization process started. For couplinginitialization, the size-to-synchronize is divided by the volume size.

Time to synchronizeTime estimation that is required to complete the synchronization processand achieve synchronization, based on past rate.

Secondary-locked error status

When synchronization is in progress, there is a period in which the slave volume isnot consistent with the master volume. While in this state, the slave volumemaintains a last-consistent snapshot. Provided that every I/O operation requires acopy-on-write partition, this may result in insufficient space and, consequently, inthe failure of I/O operations to the slave volume.

Whenever I/O operations to the slave volume fail due to insufficient space, allcouplings in the system are set to the Secondary-locked status and becomenon-operational. The administrator is notified of a critical event, and can free spaceon the system containing the slave volume.

Synchronous mirroring role switchover and role changeWhen role switchover occurs, the master volume becomes the slave volume, andthe slave volume becomes the master volume.

Role switching can occur when the synchronous remote mirroring function iseither operational or not operational, as described in the following sections.

Role switchover when remote mirroring is operationalWhen the remote mirroring function is operational, role switching between masterand slave volumes can be initiated from the management GUI or CLI.

There are two typical reasons for performing a switchover when communicationbetween the volumes exists:

Drills Drills can be performed on a regular basis to test the functioning of the


secondary site. In a drill, an administrator simulates a disaster and teststhat all procedures are operating smoothly.

Scheduled maintenanceTo perform maintenance at the primary site, switch operations to thesecondary site on the day before the maintenance. This can be done as apreemptive measure when a primary site problem is known to occur.

The CLI command that performs the role switchover must be run on the mastervolume. The switchover cannot be performed if the master and slave volumes arenot synchronized.

Role switchover when remote mirroring is not operationalA more complex situation for role switching is when there is no communicationbetween the two sites, either because of a network malfunction, or because theprimary site is no longer operational.

The CLI command for this scenario is mirror_change_role. Because there is nocommunication between the two sites, the command should be issued on both sitesconcurrently, or at least before communication resumes. Otherwise, the sites willnot be able to establish communication.

Switchover procedures differ depending on whether the master and slave volumesare connected or not. As a general rule:v When the coupling is deactivated, it is acceptable to change the role on one side

only, assuming that the other side will be changed as well before communicationresumes.

v If the coupling is activated, but is either unsynchronized or nonoperational dueto a link error, an administrator must either wait for the coupling to besynchronized, or deactivate the coupling.

v On the slave volume, an administrator can change the role even if coupling isactive. It is assumed that the coupling will be deactivated on the master volumeand the role switch will be performed there as well in parallel. If not, aconfiguration error occurs on the original master volume.

Switching secondary to primary

The role of the slave volume can be switched to master using the managementGUI or CLI. After this switchover, the following takes effect:v The slave volume is now the master volume.v The coupling has the status of unsynchronized.v The coupling remains in Standby mode, meaning that the remote mirroring is

deactivated. This ensures an orderly activation when the role of the other site isswitched.

The new master volume starts to accept write commands from local hosts. Becausecoupling is not active, in the same way as any master volume, it maintains a log ofwhich write operations should be sent to the slave when communication resumes.

Typically, after switching the slave to the master volume, an administrator alsoswitches the master to the slave volume, at least before communication resumes. Ifboth volumes are left with the same role, a configuration error occurs.


Switching primary to secondary

When coupling is inactive, the primary machine can switch roles. After such aswitch, the master volume becomes the slave.

Before switching roles, the master volume is inactive. Hence, it is in theunsynchronized state, and it might contain data that has not been replicated. Suchdata will be lost. When the master volume becomes slave, this data must bediscarded to match the data on the peer volume, which is now the new mastervolume. In this case, an event is created, summarizing the size of the lost data.

Upon reestablishing the connection, the recovery volume (current slave, which wasthe master) will update the remote volume (new master) with this uncommitteddata list to update, and it is the responsibility of the new master volume tosynchronize these lists to the local volume (new slave).

I/O operations in synchronous mirroringI/O operations are performed on the master and slave volumes across variousconfiguration options.

I/O on the master volume

Read All data is read from the primary (local) site regardless of whether thesystem is synchronized.

Write

v If the coupling is operational, data is written to both the master andslave volumes.

v If the coupling is non-operational, data is written to the master volumeonly, and the master is aware that the slave is currently notsynchronized.

I/O on the slave volume

The LUN of a slave volume can be mapped to remote hosts. In this case, the slavevolume will be accessible to those remote hosts as Read-only.

These mappings are then used by remote hosts for master-slave role switchover.When the slave volume becomes the master, hosts can write to it on the remotesite. When the master volume becomes a slave volume, it becomes Read-only andcan be updated only by data replicated from the new master volume.

Read Data can be read from the slave volume like from any other volume.

Write

In an attempt to write on the slave volume, the host will receive a volumeread-only SCSI error.

Synchronization speed optimization

The storage system has two global parameters that limit the maximum rate usedfor initial synchronization and for synchronization after non-operational coupling.

These limits are used to prevent a situation where synchronization uses too muchof the system or communication line resources, and hampers the host's I/Operformance.


The values of these global parameters can be viewed by the user, but setting orchanging them should be performed by an IBM technical support representative.

Dynamic rate adaptation

The storage system provides a mechanism for handling insufficient bandwidth andexternal connections whenever remote mirroring is used.

The mirroring process replicates data from one site to the other. To accomplish this,the process depends on the availability of bandwidth between the local and remotestorage systems. The mirroring synchronization rate parameter determines thebandwidth that is required for a successful mirroring.

You can request that an IBM technical support representative manually modify thisparameter. To define its value, the IBM technical support representative shouldtake into account the availability of bandwidth for the mirroring process, wherethe storage system adjusts itself to the available bandwidth.

The storage system prevents I/O timeouts through continuously measuring theI/O latency. Excessive incoming I/Os are queued until they can be submitted. Themirroring rate dynamically adapts to the number of queued incoming I/Os,allowing for a smooth operation of the mirroring process.

Implications on volume and snapshot management

When using sync mirroring, the default behavior of volumes and snapshotschanges in order to protect the mirroring operation, as follows:v Renaming a volume changes the name of the last-consistent and most updated

snapshots.v Deleting all snapshots does not delete the last-consistent and most updated

snapshots.v Resizing a master volume automatically resizes its slave volume.v A master volume cannot be resized when the link is down.v Resizing, deleting, and formatting are not permitted on a slave volume.v A master volume cannot be formatted. If a master volume must be formatted, an

administrator must first deactivate the mirroring, delete the mirroring, formatboth the slave and master volumes, and then define the mirroring again.

v Slave or master volumes cannot be the target of a copy operation.v Locking and unlocking are not permitted on a slave volume.v The last-consistent and most updated snapshots cannot be unlocked.v Deleting is not permitted on a master volume.v Restoring from a snapshot is not permitted on a master volume.v Restoring from a snapshot is not permitted on a slave volume.v A snapshot cannot be created with the same name as the last-consistent or most

updated snapshot.

Coupling synchronization processWhen a failure condition has been resolved, remote mirroring begins the process ofsynchronizing the coupling. This process updates the slave volume with all thechanges that occurred while the coupling was not operational.


The following diagram shows the various coupling states, together with the actionsthat are performed in each state.

The following list describes each coupling state:

InitializationThe slave volume has a Synchronization status of Initialization. During thisstate, data from the master volume is copied to the slave volume.

SynchronizedThis is the working state of the coupling, where the data in the slavevolume is consistent with the data in the master volume.

TimestampWhen a link is down, or when a coupling is deactivated, a timestampneeds to be taken. After the timestamp is taken, the state changes toTimestamp, and stays so until the link is restored, or the coupling isreactivated.

Unsynchronized

Remote mirroring is recovering from a communications failure ordeactivation. The master and slave volumes are being synchronized.

Coupling recovery

When remote mirroring recovers from a non-operational coupling, the followingactions take place:v If the slave volume is in the Synchronized state, a last-consistent snapshot of the

slave volume is created and named with the string secondary-volume-time-date-consistent-state.

v The master volume updates the slave volume until it reaches the Synchronizedstate.

Figure 13. Coupling states and actions


v When all couplings that mirror volumes between the same pair of systems aresynchronized, the master volume deletes the special snapshot.

Uncommitted data

For best-effort coupling, when the coupling is in Unsynchronized state, the systemmust track which data in the master volume has been changed, so that thesechanges can be committed to the slave when the coupling becomes operationalagain.

The parts of the master volume that must be committed to the slave volume andmust be marked are called uncommitted data.

Constraints and limitations

The following constraints and limitations apply to the synchronization process:v The size, part, or time-to-synchronize are relevant only if the synchronization

status is Unsynchronized.v The last-secondary time stamp is only relevant if the coupling is Unsynchronized.

Synchronous mirroring of consistency groupsMirroring can be applied to whole consistency groups.

The following restrictions apply:v All volumes in a consistency group have the same role, either master, or slavev All mirrors in a consistency group are between the same two systems


Chapter 7. Asynchronous remote mirroring

Asynchronous mirroring enables high availability of critical data byasynchronously replicating data updates from a primary storage peer to a remote,secondary peer.

The relative merits of asynchronous and synchronous mirroring are best illustratedby examining them in the context of two critical objectives:v Responsiveness of the storage systemv Currency of mirrored data

With synchronous mirroring, host writes are acknowledged by the storage systemonly after being recorded on both peers in a mirroring relationship. This yieldshigh currency of mirrored data (both mirroring peers have the same data), yetresults in less than optimal system responsiveness because the local peer cannotacknowledge the host write until the remote peer acknowledges it. This type ofprocess incurs latency that increases as the distance between peers increases, butboth peers are synchronized (first image below).

Asynchronous mirroring (second image below) is advantageous in situations thatwarrant replication between distant sites because it eliminates the latency inherentto synchronous mirroring, and might lower implementation costs. Careful planningof asynchronous mirroring can minimize the currency gap between mirroringpeers, and can help realize better data availability and cost savings.

Note: The following images show storage systems that also represent IBMSpectrum Accelerate deployments.

Figure 14. Synchronous remote mirroring concept


Note: Synchronous mirroring is covered in Chapter 6, “Synchronous remotemirroring,” on page 39.

Asynchronous mirroring highlightsThe following are highlights of the Spectrum Accelerate asynchronous mirroringcapability.

Advanced snapshot-based technologySpectrum Accelerate asynchronous mirroring is based on IBM snapshottechnology, which streamlines implementation while minimizing impact ongeneral system performance. The technology leverages functionality thatsupports mirroring of complete systems, translating to hundreds orthousands of mirrors. For a detailed description, see “Snapshot-basedtechnology in asynchronous mirroring” on page 53.

Mirroring of consistency groupsSpectrum Accelerate supports definition of mirrored consistency groups,which is highly advantageous to enterprises, facilitating easy managementof replication for all volumes that belong to a single consistency group.This enables streamlined restoration of consistent volume groups from aremote site upon unavailability of the primary site.

Automatic and manual replicationAsynchronous mirrors can be assigned a user-configurable schedule forautomatic, interval-based replication of changes, or can be configured toreplicate changes upon issuance of a manual (or scripted) user command.Automatic replication allows you to establish crash-consistent replicas,whereas manual replication allows you to establish application-consistentreplicas, if required. You can combine both approaches, because you candefine mirrors with a scheduled replication and issue manual replicationjobs for these mirrors as needed.

Multiple RPOs (Recovery Point Objectives) and multiple schedulesSpectrum Accelerate asynchronous mirroring enables each mirror to bespecified a different RPO, rather than forcing a single RPO for all mirrors.This can be used to prioritize replication of some mirrors over others,potentially making it easier to accommodate application RPO requirements,as well as bandwidth constraints.

Flexible and independent mirroring intervalsSpectrum Accelerate asynchronous mirroring supports schedules withintervals ranging between 20 seconds and 12 hours. Moreover, intervals are

Figure 15. Asynchronous mirroring - no extended response time lag


independent from the mirroring RPO. This enhances the ability to fine tunereplication to accommodate bandwidth constraints and different RPOs.

Flexible pool managementSpectrum Accelerate asynchronous mirroring enables the mirroring ofvolumes and consistency groups that are stored in thin provisioned pools.This applies to both mirroring peers.

Bi-directional mirroringSpectrum Accelerate systems can host multiple mirror sources and targetsconcurrently, supporting over a thousand mirrors per system. Furthermore,any given Spectrum Accelerate can have mirroring relationships withseveral other Spectrum Accelerate systems. This enables enormousflexibility when setting mirroring configurations.

The number of systems with which the storage system can have mirroringrelationships is specified outside, in the Spectrum Accelerate Data Sheet.

Concurrent synchronous and asynchronous mirroringThe Spectrum Accelerate can concurrently run synchronous andasynchronous mirrors.

Easy transition between peer rolesSpectrum Accelerate mirror peers can be easily changed between masterand slave.

Easy transition from independent volume mirrors into consistency group mirrorThe Spectrum Accelerate allows for easy configuration of consistencygroup mirrors, easy addition of mirrored volumes into a mirroredconsistency group, and easy removal of a volume from a mirroredconsistency group while preserving mirroring for such volume.

Control over synchronization rates per targetThe asynchronous mirroring implementation enables administrators toconfigure different system mirroring rates with each target system.

Comprehensive monitoring and eventsSpectrum Accelerate systems generate events and monitor criticalasynchronous mirroring-related processes to produce important data thatcan be used to assess the mirroring performance.

Easy automation via scriptsAll asynchronous mirroring commands can be automated through scripts.

Snapshot-based technology in asynchronous mirroringSpectrum Accelerate features an innovative snapshot-based technology forasynchronous mirroring that facilitates concurrent mirrors with different recoveryobjectives.

With Spectrum Accelerate asynchronous mirroring, write order on the master is notpreserved on the slave. As a result, a snapshot taken of the slave at any moment ismost likely inconsistent and therefore not valid. To ensure high availability of datain the event of a failure or unavailability of the master, it is imperative to maintaina consistent replica of the master that can ensure service continuity.

This is achieved through Spectrum Accelerate snapshots. Spectrum Accelerateasynchronous mirroring employs snapshots to record the state of the master, andcalculates the difference between successive snapshots to determine the data thatneeds be copied from the master to the slave as part of a corresponding replication

Chapter 7. Asynchronous remote mirroring 53

process. Upon completion of the replication process, a snapshot is taken of theslave and reflects a valid replica of the master.

Below are select technological properties that explain how the snapshot-basedtechnology helps realize effective asynchronous mirroring:v Spectrum Accelerate supports a practically unlimited number of snapshots,

which facilitates mirroring of complete systems with practically no limitation onthe number of mirrored volumes supported

v Spectrum Accelerate implements memory optimization techniques that furthermaximize the performance attainable by minimizing disk access.

Disaster recovery scenarios in asynchronous mirroringA disaster is a situation where one of the sites (either the master or the slave) fails,or the communication between the master site and the slave site is lost.

Asynchronous mirroring attains synchronization between master and slave peersthrough a recurring data replication process called a Sync Job. Running atuser-configurable schedules, the Sync Job takes the most recent snapshot of themaster and compares this snapshot with the last replicated snapshot on the slave.The Sync Job then synchronizes the master data corresponding to these differenceswith the slave. At the completion of a sync job, a new last replicated snapshot iscreated both on the slave and on the master.

Disaster recovery scenarios handle cases in which one of the snapshots mentionedabove becomes unavailable. These cases are:

Unplanned service disruption

▌1▐ FailoverUnplanned service disruption starts with a failover to the slave.

The slave is promoted and becomes the new master, serving hostrequests

▌2▐ RecoveryNext, whenever the master and link are restored, the replication isset from the promoted slave (the new master) onto the demotedmaster (the new slave).

▌Alternatively:▐ No recoveryIf recovery is not possible, a new mirroring is establishedon the slave. The original mirroring is deleted and a newmirroring relationship is defined.

▌3▐ FailbackFollowing the recovery, the original mirroring configuration isreestablished. The master maintains its role and replicates to theslave.

Planned service disruption

▌1▐ Planned role switchPlanned service disruption starts with a coordinated demotion ofthe master to the slave, while the slave is promoted to become thenew master. The promoted slave serves host requests, andreplicates to the demoted master. On the host side, the host isdisconnected from the demoted master and connected to the newmaster.


▌2▐ RecoveryNext, whenever the master and link are restored, the replication isset from the promoted slave (the new master) onto the demotedmaster (the new slave).

▌2▐ FailbackFollowing the recovery, the original mirroring configuration isreestablished. The master maintains its role and replicates to theslave.

TestingThere are two ways to test the slave replica:v Create a snapshot of an LRS snapshot on the slave. Then map a host to

it and verify the data.v Disconnect the host from the master, switch roles, and connect the host

to the slave. This is a more realistic, but also a more disruptive test.

Note: Please contact IBM Support in case of disaster or for any testing of disasterrecovery, in order to get clear guidelines and to secure a successful test.

Chapter 7. Asynchronous remote mirroring 55

Chapter 8. Volume migration with IBM Hyper-Scale Mobility

IBM Hyper-Scale Mobility enables a non-disruptive migration of volumes from onestorage system to another.

IBM Hyper-Scale Mobility helps achieve data migration in the following scenarios:v Migrating data out of an over-provisioned system.v Migrating all the data from a system that will be decommissioned or

re-purposed.v Migrating data to another storage system to achieve adequate (lower or higher)

performance, or to load-balance systems to ensure uniform performance.v Migrating data to another storage system to load-balance capacity utilization.

The IBM Hyper-Scale Mobility processThis section walks you through the IBM Hyper-Scale Mobility process.

Hyper-Scale Mobility moves a volume from one system to another, while the hostis using the volume. To accomplish this, I/O paths are manipulated by the storage,without involving host configuration, and the volume identity is cloned on thetarget system. In addition, direct paths from the host to the target system need tobe established, and paths to the original host can finally be removed. Host I/Osare not interrupted throughout the migration process.

The key stages of the IBM Hyper-Scale Mobility and the respective states ofvolumes are depicted in Figure 16 on page 58 and explained in detail in Table 2 onpage 58.

For an in-depth practical guide to using IBM Hyper-Scale Mobility, see theRedbooks publication IBM Hyper-Scale Mobility Overview and Usage.


http://www.redbooks.ibm.com/redpapers/pdfs/redp5007.pdf

Table 2. The IBM Hyper-Scale Mobility process

Stage DescriptionSource and destinationvolume states

Setup A volume is automatically created atthe destination storage system with thesame name as the source volume. Therelation between the source anddestination volumes is established.

The two volumes are not yetsynchronized.

Migration New data is written to the source andreplicated to the destination.

Initializing - The content ofthe source volume is copied tothe destination volume. Thetwo volumes are not yetsynchronized. This state issimilar to the Initializing stateof synchronous mirroring (see“Synchronous mirroringstatuses” on page 42). As longas the source instance cannotconfirm that all of the writeswere acknowledged by thedestination volume, the stateremains Initializing.

Figure 16. Flow of the IBM Hyper-Scale Mobility


Table 2. The IBM Hyper-Scale Mobility process (continued)

Stage DescriptionSource and destinationvolume states

Proxy-Ready The replication of the source volumedata is complete when the destination issynchronized. The source serves hostwrites as a proxy between the host andthe destination.

The system administrator issues acommand that moves the IBMHyper-Scale Mobility relation to theproxy.

Next, the system administrator mapsthe host to the destination. In this state,a single copy of the data exists on thedestination and any I/O directed to thesource is redirected to the destination.

Synchronized - The sourcewas wholly copied to thedestination. This state issimilar to the Synchronizedstate of synchronous mirroring(see “Synchronous mirroringstatuses” on page 42).

Proxy New data in written to the source andis migrated to the destination. Theproxy serves host requests as if it werethe target, but it actually impersonatesthe target.

Proxy - The source acts as aproxy to the destination.

Cleanup After validating that the host hasconnectivity to the destination volumethrough the new paths, the storageadministrator unmaps the sourcevolume on the source storage systemfrom the host.

Then the storage administrator ends theproxy and deletes the relationship.

Chapter 8. Volume migration with IBM Hyper-Scale Mobility 59

Chapter 9. Data-at-rest encryption

The IBM Spectrum Accelerate utilizes full disk encryption for regulationcompliance and security audit readiness.

Data-at-rest encryption protects against the potential exposure of storage systemsensitive data on discarded or stolen media. The encryption ensures that the datacannot be read, as long as its encryption key is secured. This feature complementsphysical security at the customer site, protecting the customer from unauthorizedaccess to the data.

The encryption of the disk drives is transparent to hosts that are attached to thestorage system, and does not affect either their management or performance.

The IBM Spectrum Accelerate data-at-rest encryption design is TCG-compliant.Consequently, SCSI security protocol in/out commands are directly issued toTCG-compliant SED drives. While no known HBA (host bus adapter) is supposedto block such commands, certain RAID controllers do this by design, thusdisabling the IBM Spectrum Accelerate encryption altogether.

The SSDs used as flash cache are also encrypted with software-based encryption.

HIPAA compatibilityIBM Spectrum Accelerate complies with the following security requirements andstandards.

The IBM Spectrum Accelerate data-at-rest encryption complies with HIPAA Federalrequirements as follows:v User data is inaccessible without XIV system specific keying material.v Physical separation of encryption keys from encrypted data, by using an external

key serverv Cryptographic keys may be replaced at the user’s initiativev All keys stored must be wrapped and stored in ciphertext (not reside in

plaintext or hidden/obfuscated)v AES 256 encryption is used to wrap keys and encrypt data, RSA 2048 encryption

is used for public key cryptographyv Key exchanges are performed securely over encrypted interconnect traffic, using

AES 256 encryptionv Encryption configuration and settings must be auditable, thus the related

information and notifications should be kept in events log.


Chapter 10. Data migration

The use of any new storage system frequently requires the transfer of largeamounts of data from the previous storage system to the new storage system.

This can require many hours or even days; usually an amount of time that mostenterprises cannot afford to be without a working system. The data migrationfeature enables production to be maintained while data transfer is in progress.

Given the nature of the data migration process, it is recommended that you consultand rely on the IBM Spectrum Accelerate support team when planning a datamigration.

The data migration feature enables the smooth transition of a host working withthe previous storage system to a Spectrum Accelerate by:v Immediately connecting the host to the Spectrum Accelerate storgae system and

providing the host with direct access to the most up-to-date data even beforedata has been copied from the previous storage system.

v Synchronizing the data from the previous storage system by transparentlycopying the contents of the previous storage system to the new storage systemas a background process.

During data migration, the host is connected directly to the Spectrum Acceleratestorage system and is disconnected from the previous storage system. SpectrumAccelerate is connected to the previous storage system.. The new storage systemand the previous storage system must remain connected, until both storagesystems are synchronized and data migration is completed. The previous storagesystem perceives the new storage system as a host, reading from and optionallywriting to the volume that is being migrated. The host reads and writes data to thenew storage system, while the new storage system might need to read or write thedata to the previous storage system to serve the command of the host.

The communication between the host and Spectrum Accelerate and thecommunication between Spectrum Accelerate and the previous storage system isiSCSI.

I/O handling in data migrationI/Os are handled per read and write requests.

Serving read requests

Spectrum Accelerate serves all the host's data read requests in a transparentmanner without requiring any action by the host, as follows:v If the requested data has already been copied to the new storage system, it is

served from the new storage system.v If the requested data has not yet been copied to the new storage system,

Spectrum Accelerate retrieves it from the previous storage system and thenserves it to the host.


Serving write requests

Spectrum Accelerate serves all host's data write requests in a transparent mannerwithout requiring any action by the host.

Data migration provides the following two alternative Spectrum Accelerateconfigurations for handling write requests from a host:

Source updating:A host's write requests are written by Spectrum Accelerate to the newstorage system, as well as to the previous storage system. In this case, theprevious storage system remains completely updated during thebackground copying process. Throughout the process, the volume of theprevious storage system and the volume of the new storage system areidentical.

Write commands are performed synchronously, so Spectrum Accelerateonly acknowledges the write operation after writing to the new storage,writing to the previous storage system, and receiving an acknowledgementfrom the previous storage system. Furthermore, if, due to a communicationerror or any other error, the writing to the previous storage system fails,Spectrum Accelerate reports to the host that the write operation has failed.

No source updating:A host's write requests are only written by Spectrum Accelerate to the newstorage system and are not written to the previous storage system. In thiscase, the previous storage system is not updated during the backgroundcopying process, and therefore the two storage systems will never besynchronized. The volume of the previous storage system will remainintact and will not be changed throughout the data migration process.

Data migration stagesData migration includes the following stages.

Figure 17 on page 65 describes the process of migrating a volume from a previousstorage system to the new storage system. It also shows how the SpectrumAccelerate synchronizes its data with the previous storage system, and how ithandles the data requests of a host throughout all these stages of synchronization.


Initial configuration

The new storage system volume must be formatted before data migration canbegin. The new storage must be connected as a host to the previous storage systemwhose data it will be serving.

The volume on the previous storage system and the volume on the new storagesystem must have an equal number of blocks. This is verified upon activation ofthe data migration process.

You can then initiate data migration and configure all hosts to work directly andsolely with the Spectrum Accelerate.

Data migration is defined through the dm_define command.

Testing the data migration configuration

Before connecting the host to the new storage system, use the dm_test CLIcommand to test the data migration definitions to verify that the SpectrumAccelerate can access the previous storage system.

Activating data migration

After you have tested the connection between the new storage system and theprevious storage system, activate data migration using the dm_activate CLIcommand and connect the host to Spectrum Accelerate. From this point forward,the host reads and writes data to the new storage system, and the SpectrumAccelerate will read and optionally write to the previous storage system.

Figure 17. Data migration steps

Chapter 10. Data migration 65

Data migration can be deactivated using the dm_deactivate CLI command. It canthen be activated again. While the data migration is deactivated, the volumecannot be accessed by hosts (neither read nor write access).

Background copying and serving I/O operations

Once data migration is initiated, it will start a background process of sequentiallycopying all the data from the previous storage system to the new storage system.

Synchronization is achieved

After all of a volume's data has been copied, the data migration achievessynchronization. After synchronization is achieved, all read requests are servedfrom the Spectrum Accelerate.

If source updating was set to Yes, Spectrum Accelerate will continue to write datato both itself and the previous storage system until data migration settings aredeleted.

Deleting data migration

Data migration is stopped by using a delete command. It cannot be restarted.

Handling failuresUpon a communication error or the failure of the previous storage system,Spectrum Accelerate stops serving I/O operations to hosts, including both readand write requests.

If Spectrum Accelerate encounters a media error on the previous storage system(meaning that the it cannot read a block on the previous storage system), thenSpectrum Accelerate reflects this state on its own storage system (meaning that itmarks this same block and an error on its own storage system). The state of thisblock indicates a media error even though the disk in the new storage system hasnot failed.


Chapter 11. Event handling

Spectrum Accelerate monitors the health, the configuration changes, and theactivity of your storage systems, and generates system events.

These events are accumulated by the system and can help the user in the followingtwo ways:v Users can view past events using various filters. This is useful for

troubleshooting and problem isolation.v Users can configure the system to send one or more notifications, which are

triggered upon the occurrence of specific events. These notifications can befiltered according to the events, severity and code. Notifications can be sentthrough e-mail, SMS messages, or SNMP traps.

Event informationEvents are created by various processes, including the following:v Object creation or deletion, including volume, snapshot, map, host, and storage

poolv Physical component eventsv Network events

Each event contains the following information:v A system-wide unique numeric identifierv A code that identifies the type of the eventv Creation timestampv Severityv Related system objects and components, such as volumes, disks, and modulesv Textual descriptionv Alert flag, where an event is classified as alerting by the event notification rules.v Cleared flag, where alerting events can be either uncleared or cleared. This is

only relevant for alerting events.

Event information can be classified with one of the following severity levels:

CriticalRequires immediate attention

Major Requires attention soon

Minor Requires attention within the normal business working hours

WarningNonurgent attention is required to verify that there is no problem

InformationalNormal working procedure event


Viewing eventsSpectrum Accelerate provides the following variety of criteria for displaying a listof events:v Before timestampv After timestampv Codev Severity from a certain value and upv Alerting events, meaning events that are sent repeatedly according to a snooze

timerv Uncleared alerts

The number of displayed filtered events can be restricted.

Event notification rulesSpectrum Accelerate monitors the health, configuration changes, and activity ofyour storage systems and sends notifications of system events as they occur.

Event notifications are sent according to the following rules:

Which eventsThe severity, event code, or both, of the events for which notification issent.

Where The destinations or destination groups to which notification is sent, such ascellular phone numbers (SMS), e-mail addresses, and SNMP addresses.

Notifications are sent according to the following rules:

DestinationThe destinations or destination groups to which a notification of an eventis sent.

Filter A filter that specifies which events will trigger the sending of an eventnotification. Notification can be filtered by event code, minimum severity(from a certain severity and up), or both.

AlertingTo ensure that an event was indeed received, an event notification can besent repeatedly until it is cleared by a CLI command or the GUI. Suchevents are called alerting events. Alerting events are events for which asnooze time period is defined in minutes. This means that an alertingevent is resent repeatedly each snooze time interval until it is cleared. Analerting event is uncleared when it is first triggered, and can be cleared bythe user. The cleared state does not imply that the problem has beensolved. It only implies that the event has been noted by the relevantperson who takes the responsibility for fixing the problem. There are twoschemes for repeating the notifications until the event is clear: snooze andescalation.

SnoozeEvents that match this rule send repeated notifications to the samedestinations at intervals specified by the snooze timer until they arecleared.

EscalationYou can define an escalation rule and escalation timer, so that if events are


not cleared by the time that the timer expires, notifications are sent to thepredetermined destination. This enables the automatic sending ofnotifications to a wider distribution list if the event has not been cleared.

Alerting events configuration limitationsThe following limitations apply to the configuration of alerting rules:v Rules cannot escalate to nonalerting rules, meaning to rules without escalation,

snooze, or both.v Escalation time should not be defined as shorter than snooze time.v Escalation rules must not create a loop (cycle escalation) by escalating to itself or

to another rule that escalates to it.v The configuration of alerting rules cannot be changed while there are still

uncleared alerting events.

Defining destinationsEvent notifications can be sent to one or more destinations, meaning to a specificSMS cell number, e-mail address, or SNMP address, or to a destination groupcomprised of multiple destinations.

Each of the following destinations must be defined as described:

SMS destination

An SMS destination is defined by specifying a phone number. When defining adestination, the prefix and phone number should be separated because some SMSgateways require special handling of the prefix.

By default, all SMS gateways can be used. A specific SMS destination can belimited to be sent through only a subset of the SMS gateways.

E-mail destination

An e-mail destination is defined by an e-mail address. By default, all SMTPgateways are used. A specific destination can be limited to be sent through only asubset of the SMTP gateways.

SNMP managers

An SNMP manager destination is specified by the IP address of the SNMPmanager that is available to receive SNMP messages.

Destination groups

A destination group is simply a list of destinations to which event notifications canbe sent. A destination group can be comprised of SMS cell numbers, e-mailaddresses, SNMP addresses, or any combination of the three. A destination groupis useful when the same list of notifications is used for multiple rules.

Defining gatewaysEvent notifications can be sent by SMS, e-mail, or SNMP manager. This stepdefines the gateways that will be used to send e-mail or SMS.

Chapter 11. Event handling 69

E-mail (SMTP) gateways

Several e-mail gateways can be defined to enable notification of events by e-mail.By default, the Spectrum Accelerate attempts to send each e-mail notificationthrough the first available gateway according to the order that you specify.Subsequent gateways are only attempted if the first attempted gateway returns anerror. A specific e-mail destination can also be defined to use only specificgateways.

All event notifications sent by e-mail specify a sender whose address can beconfigured. This sender address must be a valid address for the following tworeasons:v Many SMTP gateways require a valid sender address or they will not forward

the e-mail.v The sender address is used as the destination for error messages generated by

the SMTP gateways, such as an incorrect e-mail address or full e-mail mailbox.

E-mail-to-SMS gateways

SMS messages can be sent to cell phones through one of a list of e-mail-to-SMSgateways. One or more gateways can be defined for each SMS destination.

Each such e-mail-to-SMS gateway can have its own SMTP server, use the globalSMTP server list, or both.

When an event notification is sent, one of the SMS gateways is used according tothe defined order. The first gateway is used, and subsequent gateways are onlytried if the first attempted gateway returns an error.

Each SMS gateway has its own definitions of how to encode the SMS message inthe e-mail message.

Monitoring Spectrum Accelerate using SNMP trapsSpectrum Accelerate supports third-party SNMP-based monitoring tools.

Simple Network Management Protocol (SNMP)

SNMP is a set of functions for monitoring and managing network devices. Itincludes a protocol, a database specification, and a Management Information Base(MIB). The MIB is a set of data objects that can be monitored by a networkmanagement system.

The SNMP protocol defines two terms, agent and manager. An SNMP agent is adevice that reports information to SNMP managers. An SNMP manager, in its turn,collects information from SNMP agents. The information is sent in SNMPnotifications, also referred to as traps.

You can define Spectrum Accelerate as an SNMP agent that sends notifications tothe SNMP manager. If a predefined monitored event occurs, Spectrum Accelerateinitiates the sending of an SNMP trap without waiting for a request from XIV. Youcan also send SNMP get or walk commands to collect status information fromSpectrum Accelerate. To accomplish this task, you must use an SNMP managerthat supports this task and you need to import the XIV Storage System MIB intothat manager.


SNMP notifications

Six types of SNMP notifications are predefined in Spectrum Accelerate. Each typecorresponds to a specific severity:v DESCRIPTION "An event notification" ::= { xivEventTrap 1 }

v DESCRIPTION "An informational event notification" ::= { xivEventTrap 2 }

v DESCRIPTION "A warning event notification" ::= { xivEventTrap 3 }

v DESCRIPTION "A minor event notification" ::= { xivEventTrap 4 }

v DESCRIPTION "A major event notification" ::= { xivEventTrap 5 }

v DESCRIPTION "A critical event notification" ::= { xivEventTrap 6 }

Management Information Base (MIB)

To display the system MIB file, issue the mib_get command.

In the Global Status category, MIB defines the following object IDs:

1.3.6.1.4.1.2021.77.1.1.1.1 xivMachineStatusShows if a disk rebuild or redistribution is occurring1.3.6.1.4.1.2021.77.1.1.1.2 xivFailedDisksThe number of failed disks in the XIV1.3.6.1.4.1.2021.77.1.1.1.3 xivUtilizationSoftThe percentage of total soft space that is allocated to pools1.3.6.1.4.1.2021.77.1.1.1.4 xivUtilizationHardThe percentage of total hard space that is allocated to pools1.3.6.1.4.1.2021.77.1.1.1.5 xivFreeSpaceSoftThe amount of soft space that is unallocated in GB1.3.6.1.4.1.2021.77.1.1.1.6 xivFreeSpaceHardThe amount of hard space that is unallocated in GB

In the Interfaces category, MIB defines the following object IDs:

1.3.6.1.4.1.2021.77.1.1.2.1.1.2 xivIfIOPSThe number of IOPS being currently executed at the module1.3.6.1.4.1.2021.77.1.1.2.1.1.3 xivIfStatusThe current status of the module

For SNMP notifications sent by Spectrum Accelerate, the MIB defines the followingobject IDs in the Events category:

1.3.6.1.4.1.2021.77.1.3.1.1.1 xivEventIndex A unique value for each event1.3.6.1.4.1.2021.77.1.3.1.1.2 xivEventCode The code of the event1.3.6.1.4.1.2021.77.1.3.1.1.3 xivEventTime The time of the event1.3.6.1.4.1.2021.77.1.3.1.1.4 xivEventDescription A description of the event1.3.6.1.4.1.2021.77.1.3.1.1.5 xivEventSeverity The severity of the event1.3.6.1.4.1.2021.77.1.3.1.1.6 xivEventTroubleshooting Troubleshooting information

In the Statistics category, MIB defines the following object IDs:

1.3.6.1.4.1.2021.77.1.4.1.1.2 xivStatisticsHostNameThe name of the host that collects the statistics1.3.6.1.4.1.2021.77.1.4.1.1.3 xivStatisticsHostIOPSThe number of input/output operations performed by the statistics host per second

In the Statistics Volume Table category, MIB defines the following object IDs:

Chapter 11. Event handling 71

1.3.6.1.4.1.2021.77.1.4.2.1.2 xivStatisticsVolumeName The name of the statistics volume1.3.6.1.4.1.2021.77.1.4.2.1.3 xivStatisticsVolumeIOPS The number of IOPS per volume1.3.6.1.4.1.2021.77.1.4.2.1.4 xivStatisticsVolumeBW The number of BW objects per volume1.3.6.1.4.1.2021.77.1.4.2.1.5 xivStatisticsVolumeLatency The volume latency

Spectrum Accelerate SNMP setup

To use SNMP monitoring with Spectrum Accelerate, in the Settings > SNMP tab ofthe XIV GUI define the standard SNMP parameters identical for all XIV machines.Then, in the Settings > Misc tab define the only unique attribute for SpectrumAccelerate: SDS = Yes:

Figure 18. XIV GUI – The Misc tab in XIV Settings


Chapter 12. Access control

Spectrum Accelerate features role-based authentication either natively or by usingLDAP-based authentication.

The system provides:

Role-based access controlBuilt-in roles for access flexibility and a high level of security according topredefined roles and associated tasks.

Two methods of access authenticationSpectrum Accelerate supports the following methods of authenticatingusers:

Native authenticationThis is the default mode for authentication of users and groups onSpectrum Accelerate. In this mode, users and groups areauthenticated against a database on the system.

LDAP When enabled, the system authenticates the users against an LDAPrepository.

User roles and permission levelsUser roles allow specifying which roles are applied and the various applicablelimits.

Note: None of these system-defined users have access to data.

Table 3. Available user roles

User role Permissions and limits Typical usage

Read only Read only users can only list andview system information.

The system operator, typically, butnot exclusively, is responsible formonitoring system status andreporting and logging allmessages.


Table 3. Available user roles (continued)

User role Permissions and limits Typical usage

Applicationadministrator

Only application administratorscarry out the following tasks:

v Creating snapshots of assignedvolumes

v Mapping their own snapshot toan assigned host

v Deleting their own snapshot

Application administratorstypically manage applications thatrun on a particular server.Application managers can bedefined as limited to specificvolumes on the server. Typicalapplication administratorfunctions:

v Managing backupenvironments:

– Creating a snapshot forbackups

– Mapping a snapshot to backup server

– Deleting a snapshot afterbackup is complete

– Updating a snapshot for newcontent within a volume

v Managing software testingenvironment:

– Creating an applicationinstance

– Testing the new applicationinstance

Storageadministrator

The storage administrator haspermission to all functions,except:

v Maintenance of physicalcomponents or changing thestatus of physical components

v Only the predefinedadministrator, named admin,can change the passwords ofother users

Storage administrators areresponsible for all administrationfunctions.

Operationsadministrator

The operations administrator onlyhas permission to performmaintenance operations.

Storage administrators areresponsible for all maintenancefunctions.

Technician The technician is limited to thefollowing tasks:

v Physical system maintenance

v Phasing components in or outof service

Technicians maintain the physicalcomponents of the system. Onlyone predefined technician isspecified per system.

Notes:

1. All users can view the status of physical components; however, onlytechnicians can modify the status of components.

2. User names are case-sensitive.3. Passwords are case-sensitive.


Predefined usersThere are several predefined users configured on Spectrum Accelerate.

These users cannot be deleted.

Storage administratorThis user id provides the highest level of customer access to the system.

Predefined user name: admin

Default password: adminadmin. The password can be changed, and theuser is strongly recommended to do so.

TechnicianThis user id is used only by Spectrum Accelerate service personnel. It hasfull system access. It can be enabled or disabled using thexiv_support_enable or xiv_support_disable command, respectively.

Predefined user name: technician

Default password: Password is predefined and is used only by theSpectrum Accelerate technicians.

XIV developmentThis user id is used only by Spectrum Accelerate service personnel. It hasfull system access. It can be enabled or disabled using thexiv_support_enable or xiv_support_disable command, respectively.

Predefined user name: xiv_developer


XIV maintenanceThis user id is used only by Spectrum Accelerate service personnel. It hasfull system access. It can be enabled or disabled using thexiv_support_enable or xiv_support_disable command, respectively.

Predefined user name: xiv_maintenance


XIV host profilerThis user id is used only by Host Attachment Kit, if enabled. It has a verylimited system access. It can be disabled using the host_profiler_disablecommand.

Predefined user name: xiv_hostprofiler

HSA clientThis user id is used only by the Host Side Accelerator service. It has a verylimited system access.

Predefined user name: hsa_client

Note: Predefined users are always authenticated by Spectrum Accelerate, even ifLDAP authentication has been activated for them.

Chapter 12. Access control 75

Application administratorThe primary task of the application administrator is to create and managesnapshots.

Application administrators manage snapshots of a specific set of volumes. The usergroup to which an application administrator belongs determines the set of volumeswhich the application administrator is allowed to manage.

User groupsA user group is a group of application administrators who share the same set ofsnapshot creation permissions.

This enables a simple update of the permissions of all the users in the user groupby a single command. The permissions are enforced by associating the user groupswith hosts or clusters. User groups have the following characteristics:v Only users who are defined as application administrators can be assigned to a

group.v A user can belong to only a single user group.v A user group can contain up to eight users.v If a user group is defined with access_all="yes", application administrators who

are members of that group can manage all volumes on the system.

Storage administrators create the user groups and control the various permissionsof the application administrators.

User group and host associationsHosts and clusters can be associated with only a single user group.

When a user belongs to a user group that is associated with a host, it is possible tomanage snapshots of the volumes mapped to that host. User and host associationshave the following properties:v User groups can be associated with both hosts and clusters. This enables limiting

application administrator access to specific volumes.v A host that is part of a cluster cannot also be associated with a user group.v When a host is added to a cluster, the associations of that host are broken.

Limitations on the management of volumes mapped to the host is controlled bythe association of the cluster.

v When a host is removed from a cluster, the associations of that host become theassociations of the cluster. This enables continued mapping of operations so thatall scripts will continue to work.

Listing hostsThe command host_list lists all groups associated with the specified host,showing information about the following fields:

Range All hosts, specific host

DefaultAll hosts

Listing clustersThe command cluster_list lists all clusters that are associated with a usergroup, showing information about the following fields:

Range All clusters, specific cluster


DefaultAll clusters

Command conditionsThe application administrator has access only to several XCLI commands.

The application administrator can perform specific operations through a set ofcommands. The Table 4 table lists the various commands that applicationadministrators can run according to association definitions and applicableconditions.

If the application administrator is a member of a group that is defined withaccess_all=yes, then it is possible to perform the command on all volumes.

Table 4. Application administrator commands

Relevant command Conditions

cg_snapshot_create This command is accessible for applicationadministrators if the following condition is met:

v At least one volume in the consistency group ismapped to a host or cluster that is associated with anapplication administrators user group.

map_volunmap_vol

Application administrators can use these commands tomap snapshots of volumes. The following conditionmust be met:

1. The master volume is mapped to a host or clusterthat is associated with a user group that contains theuser.

vol_locksnapshot_duplicatesnapshot_deletesnapshot_change_priority

These commands are accessible for applicationadministrators if the following conditions are both met:


snap_group_locksnap_group_duplicatesnap_group_deletesnap_group_change_priority

These commands are accessible for applicationadministrators if the following conditions are both met:

1. At least one volume in the consistency group ismapped to a host or cluster that is associated withan application administrators user group.


snapshot_create This command is accessible for applicationadministrators if the following condition is met:

1. The volume is mapped to a host or cluster that isassociated with a user group that contains the user.

2. If the command overwrites a snapshot, theoverwritten snapshot must be previously created byan application administrator.

Authentication methodsSpectrum Accelerate offers several methods for authentication.

The following authentication methods are available:


Native (default)The user is authenticated by Spectrum Accelerate based on the submittedusername and password, which are compared to user credentials definedand stored on the Spectrum Accelerate system.

The user must be associated with a Spectrum Accelerate user role thatspecifies pertinent system access rights.

This mode is set by default.

LDAP

The user is authenticated by an LDAP directory based on the submittedusername and password, which are used to connect with the LDAP server.

Predefined users authenticationThe administrator and technician roles are always authenticated bySpectrum Accelerate, regardless of the authentication mode. They are neverauthenticated by LDAP.

Native authenticationThis is the default mode for authentication of users and groups on the SpectrumAccelerate.

In this mode, users and groups are authenticated against a database on the system.

User configurationConfiguring users requires defining the following options:

Role Specifies the role category that each user has when operating the system.The role category is mandatory. for explanations of each role.

Name Specifies the name of each user allowed to access the system.

PasswordAll user-definable passwords are case sensitive.Passwords are mandatory, can be 6 to 12 characters long, use uppercase orlowercase letters as well as the following characters: ~!@#$%^&*()_+-={}|:;<>?,./\[] .

E-mail E-mail is used to notify specific users about events through e-mailmessages. E-mail addresses must follow standard addressing procedures.E-mail is optional. Range: Any legal e-mail address.

Phone and area codePhone numbers are used to send SMS messages to notify specific usersabout events. Phone numbers and area codes can be a maximum of 63digits, hyphens (-) and periods (.) Range: Any legal telephone number; Thedefault is N/A

LDAP authenticationLightweight Directory Access Protocol (LDAP) support enables SpectrumAccelerate to authenticate users through an LDAP repository.

When LDAP authentication is enabled, the username and password of a useraccessing Spectrum Accelerate (through CLI or GUI) are used by the IBM XIVsystem to login into a specified LDAP directory. Upon a successful login, SpectrumAccelerate retrieves the user's IBM XIV group membership data stored in theLDAP directory, and uses that information to associate the user with an IBM XIVadministrative role.


The IBM XIV group membership data is stored in a customer defined,pre-configured attribute on the LDAP directory. This attribute contains stringvalues which are associated with IBM XIV administrative roles. These values mightbe LDAP Group Names, but this is not required by Spectrum Accelerate. Thevalues the attribute contains, and their association with IBM XIV administrativeroles, are also defined by the customer.

Supported domains

Spectrum Accelerate supports LDAP authentication of the following directories:v Microsoft Active Directoryv SUN directoryv Open LDAP

LDAP multiple-domain implementation

In order to support multiple LDAP servers that span over different domains, andin order to use the memberOf property, Spectrum Accelerate allows for more thanone role for the Storage Administrator and the Read⌂Only roles.

The predefined XIV administrative IDs “admin” and “technician” are alwaysauthenticated by the IBM XIV Storage System, whether or not LDAP authenticationis enabled.

Responsibilities division between the LDAP directory and thestorage systemLDAP and the storage system divide responsibilities and maintained objects.

Following are responsibilities and data maintained by the IBM XIV system and theLDAP directory:

LDAP directory

v Responsibilities - user authentication for IBM XIV users, and assignmentof IBM XIV related group in LDAP.

v Maintains - Users, username, password, designated IBM XIV relatedLDAP groups associated with Spectrum Accelerate.

Spectrum Accelerate

v Responsibilities - Determination of appropriate user role by mappingLDAP group to an IBM XIV role, and enforcement of IBM XIV usersystem access.

v Maintains - mapping of LDAP group to IBM XIV role.

LDAP authentication processThe LDAP authentication process consists of several key steps.

In order to use LDAP authentication, carry out the following major steps:1. Define an LDAP server and system parameters2. Define an XIV user on this LDAP server. The storage system uses this user

when searching for authenticated users. This user is later on referred to assystem's configured service account.

3. Identify an LDAP attribute in which to store values that are associated withIBM XIV user roles


4. Define a mapping between values that are stored in the LDAP attribute andIBM XIV user roles

5. Enable LDAP authentication

Once LDAP is configured and enabled, the predefined user is granted with logincredentials authenticated by the LDAP server, rather than the Spectrum Accelerateitself.

Testing the authentication

The storage administrator can test the LDAP configuration before its activation byissuing the ldap_test command (see “Access control commands” on page 84).

LDAP configuration scenarioThe LDAP configuration scenario allows the storage administrator to enable LDAPauthentication.

Following is an overview of an LDAP configuration scenario:1. Storage administrator defines the LDAP server(s) to the IBM XIV storage

system.2. Storage administrator defines the LDAP base DN, communication, and timeout

parameters to the IBM XIV storage system.3. Storage administrator defines the LDAP XIV group attribute to be used for

storing associations between LDAP groups and XIV storage administrator roles.These are the storage administrator and readonly roles using the ldap_config_setcommand.

4. Storage administrator defines the mapping between LDAP group name andIBM XIV application administrator roles using the user_group_createcommand.

5. Storage administrator enables LDAP authentication.

LDAP login scenarioLog into LDAP from within Spectrum Accelerate.

LDAP-authenticated login scenario takes the following course:

Initiation

If initiated from the GUI

1. User launches the Spectrum Accelerate GUI.2. Spectrum Accelerate presents the user with a login screen.3. User logs in submitting the required user credentials (e.g.,

username and password).

If initiated from the CLI

1. User logs into the CLI with user credentials (username andpassword).

Authentication

1. Spectrum Accelerate attempts to log into LDAP directory using theuser-submitted credentials.

2. If login fails:v Spectrum Accelerate attempts to log into the next LDAP server.v If login fails again on all servers, a corresponding error message is

returned to the user.


3. If login succeeds, Spectrum Accelerate will determine the IBM XIV rolecorresponding to the logged-in user, by retrieving the user-relatedattributes from the LDAP directory. These attributes were previouslyspecified by the IBM XIV-to-LDAP mapping.v Spectrum Accelerate will inspect whether the user role is allowed to

issue the CLI.v If the CLI is permitted for the user's role, it will be issued against the

system, and any pertinent response will be presented to the user.v If the CLI is not permitted for the user's role, Spectrum Accelerate

will send an error message to the user.

Supported user name characters

The login mechanism supports all characters, including @, * and \ to allow namesof the following format:v UPN: name@domainv NT domain: domain\name

Searching within indirectly-associated groups:

In addition to the users search, Spectrum Accelerate allows for searchingindirectly-associated Active Directory groups.

Searching for indirectly-associated Active Directory groups is done separately fromthe user search that was described above. This search of indirectly-associatedgroup utilizes the group attribute memberof and it conveys the following flow.

Note: This search does not apply to SUN directory, as you get all theindirectly-associated groups on the users validation query.

The Spectrum Accelerate search for the group membership starts with the groupsthe user is directly associated with and spans to other groups. The memberofattribute is searched for within each of these groups. The search goes on until oneof the following stop criteria is met:

Stop when found

v A group membership that matches one of the configured LDAP rules isfound

v The search command is set to stop searching upon finding a group.

Don't stop when found

v A group membership that matches one of the configured LDAP rules isfound

v The search command does not stop once a group membership is found.It is set to continue onto the next group.

v The search command is set to stop upon reaching a search limit (seeReaching a limit below).

Multiple findings

v More than a single group membership that matches one of theconfigured LDAP rules were found– Every match will be counted once even if it was found several times

(arrived at it from several branches).


– The search doesn't avoid checking groups that were previouslychecked from other branches.

Reaching a limitOne of the following limits is met (the limits are set as part of the searchcommand):v The search reached the search depth limit.

This search attribute limits the span of the search operation within thegroups tree.

v The search reached the maximum number of queries limit.

User validationUsers are validated against LDAP.

During the login, the system validates the user as follows:

Issuing a user searchThe system issues an LDAP search for the user's entered username.

The request is submitted on behalf of the system's configured serviceaccount and the search is conducted for the LDAP server, base DN andreference attribute as specified in the XIV LDAP configuration.

The base DN specified in the XIV LDAP configuration serves as a referencestarting point for the search – instructing LDAP to locate the valuesubmitted (the username) in the attribute specified (whose value isspecified in user_name_attrib).

If a single user is found - issuing an XIV role searchThe system issues a second search request, this time submitted onbehalf of the user (with the user's credentials), and will search forXIV roles associated with the user, based on XIV LDAPconfiguration settings (as specified in parameter xiv_group_attrib).

If a single XIV role is found - permission is grantedThe system inspects the rights associated with that role and

Figure 19. The way the system validates users through issuing LDAP searches


grant login to the user. The user's permissions are incorrespondence with the role associated by XIV, base onXIV LDAP configuration.

If no XIV role is found for the user, or more than one role wasfound If the response by LDAP indicates that the user is either

not associated with an XIV role (no user role name isfound in the referenced LDAP attribute for the user), or isactually associated with more than a single role (multipleroles names are found) – login will fail and acorresponding message will be returned to the user.

If no such user was found, or more than one user were foundIf LDAP returns no records (indicating no user with the usernamewas found) or more than a single record (indicating that theusername submitted is not unique), the login request fails and acorresponding message is returned to the user.

Service account for LDAP queriesSpectrum Accelerate carries out the LDAP search through a service account. Thisservice account is established by using the ldap_config_set command (see here“Access control commands” on page 84).

Switching between LDAP and native authentication modesThis section describes system behavior when switching between LDAPauthentication and native authentication.

After changing authentication modes from native to LDAP

The system will start authenticating users other than "admin" or "technician"against the LDAP server, rather than the local Spectrum Accelerate storage systemuser database. However, the local user account data is not deleted.v Users without an account on the LDAP server is not granted access to the

Spectrum Accelerate system.v Users with an LDAP account who are not associated with a Spectrum Accelerate

role on the LDAP directory are not granted access to the Spectrum Acceleratesystem.

v Users with an LDAP account who are associated with a Spectrum Accelerate roleon the LDAP directory are granted access to the Spectrum Accelerate system ifthe following conditions are met:– The Spectrum Accelerate role on the LDAP server is mapped to a valid

Spectrum Accelerate role.– The user is associated only to one Spectrum Accelerate role on the LDAP

server.

The following commands related to user account management will be disabled.These operations must be performed on the LDAP directory.v user_define

v user_rename

v user_update

v user_group_add_user

v user_group_remove_user

Note: When deleting a user group, even if the user group LDAP role does notcontain any users, the following completion code might appear:


>> user_group_delete user_group=Appadmincommand 0:administrator:

command:code = "ARE_YOU_SURE_YOU_WANT_TO_DELETE_LDAP_USER_GROUP"status = "3"status_str = "One or more LDAP users might be associated to user group. Are you sure you want to delete this user group?"warning = "yes"

aserver = "DELIVERY_SUCCESSFUL"

This might occur if users were associated with the specified user_group prior toLDAP mode activation.

After changing authentication modes from LDAP to native

The system starts authenticating users against the locally defined user database.Users and groups that were defined prior to switching from native to LDAPauthentication are re-enabled. The Spectrum Accelerate system allows localmanagement of users and groups.

The following commands related to user account management are enabled:v user_define

v user_rename

v user_update

v user_group_add_user

v user_group_remove_user

Users must be defined locally and be associated with Spectrum Accelerate usergroups in order to gain access to the system.

Access control commandsThe following CLI commands are available for managing role-based access control(RBAC). For a detailed explanation of these commands, see the chapter detailingaccess control commands in the relevant (for the release you are using) SpectrumAccelerate Command-Line Interface (CLI) Reference Guide.

User-related commands

You can use the following user-related commands to manage role-based accesscontrol:

user_defineDefines a new user.

user_updateUpdates the attributes of the user.

user_listLists all users, or a specific user.

user_renameRenames the user.

user_deleteDeletes the user.


User groups-related commands

You can also use the following user group-related commands to manage role-basedaccess control:

user_group_createCreates a user group.

user_group_update

v Assigns the user group with a Lightweight Directory Access Protocol(LDAP) role.

v Updates the user group name.

user_group_add_userAdds a user to a user group.

user_group_remove_userRemoves a user from a user group.

user_group_listLists all user groups along with their users.

user_group_renameRenames a user group.

user_group_deleteDeletes a user group.

Role-based access control commands

The following list of access-related commands can be used to manage role-basedaccess control:

access_defineAssociates a user group with a host and a cluster.

access_deleteDissociates a user group from the host and cluster with which it is associated.

access_listLists access associations.

Configuration-related commands

You can also use the following LDAP server configuration-related commands:

ldap_config_setSets up the LDAP configuration parameters.

ldap_config_getLists the configuration attributes of an LDAP server that works with thestorage system.

ldap_mode_setEnables/disables LDAP authentication to the storage system.

ldap_mode_getReturns the authentication mode of the storage system (active/inactive).

ldap_user_testThis command authenticates the user's credentials on the LDAP machine.


ldap_testValidates the LDAP settings prior to the activation.

Non-LDAP commands

The following commands are available in non-LDAP mode and are not available inLDAP mode:

user_defineDefining a new user on the SA system.

user_updateModifying the SA user's details.

user_renameRenaming an SA user.

user_group_add_userAdding a user the an SA Application Administrator user group.

user_group_remove_userRemoving a user from an SA application administration user group.


Chapter 13. Multi-Tenancy

Spectrum Accelerate allows allocation of storage resources to several independentadministrators, assuring that one administrator cannot access resources associatedwith another administrator.

Multi-tenancy extends the Spectrum Accelerate approach to role-based accesscontrol. In addition to associating the user with predefined sets of operations andscope (the applications on which an operation is allowed), Spectrum Accelerateenables the user to freely determine what operations are allowed, and where theyare allowed.

Multi-tenancy principlesThe main idea of multi-tenancy is to allow an Spectrum Accelerate owner toallocate storage resources to several independent administrators with the assurancethat one administrator cannot access resources associated with anotheradministrator.

This resource allocation is best described as a partitioning of the system's resourcesto separate administrative domains. A domain is a subset, or partition, of thesystem's resources. It is a named object to which users, pools, hosts/clusters,targets, etc. may be associated. The domain restricts the resources a user canmanage to those associated with the domain.

A domain maintains the user relationships that exist on the SpectrumAccelerate-level (when multi-tenancy is inactive).

A domain administrator is a user who is associated with a domain. The domainadministrator is restricted to performing operations on objects associated with aspecific domain.

The following access rights and restrictions apply to domain administrators:v A user is created and assigned a role (for example: storage administrator,

application administrator, read-only).v When assigned to a domain, the user retains his given role, limited to the scope

of the domain.v Access to objects in a domain is restricted up to the point where the defined

user role intersects the specified domain access.v By default, domain administrators cannot access objects that are not associated

with their domains.

Multi-tenancy offers the following benefits:

PartitioningSpectrum Accelerate resources are partitioned to separate domains. Thedomains are assigned to different tenants and each tenant administratorgets permissions for a specific, or several domains, to perform operationsonly within the boundaries of the associated domain(s).

Self-sufficiencyThe domain administrator has a full set of permissions needed formanaging all of the domain resources.


IsolationThere is no visibility between tenants. The domain administrator is notinformed of resources outside the domain. These resources are notdisplayed on lists, nor are their relevant events or alerts displayed.

User-domain associationA user can have a domain administrator role on more than one domain.

Users other than the domain administratorStorage, security, and application administrators, as well as read-onlyusers, retain their right to perform the same operations that they have in anon-domain-based environment. They can access the same objects underthe same restrictions.

Global administratorThe global administrator is not associated with any specificdomain, and determines the operations that can be performed bythe domain administrator in a domain.

This is the only user that can create, edit, and delete domains, andassociate resources to a domain.

An open or closed policy can be defined so that a globaladministrator may, or may not, be able to see inside a domain.

Intervention of a global domain administrator, that has permissionsfor the global resources of the system, is only needed for:v Initial creation of the domain and assigning a domain

administratorv Resolving hardware issues

User that is not associated with any domainA user that is not associated with any domain has access rights toall of the entities that are not uniquely associated with a domain.


Multi-tenancy concept diagramThe following figure displays a graphical depiction of multi-tenancy.

v The domain is an isolated set of storage resources.v The domain administrator has access only to the specified domains.v The global administrator can manage domains and assign administrators to

domains.v Private objects are assigned to domainsv The domain maintains its connectivity to global objects, such as: users, hosts,

clusters, and targets. Hosts (and clusters) can server several domains. However,hosts created by a domain administrator are assigned only to that domain.

Working with multi-tenancyThis section provides a general description about working with multi-tenancy andits attributes.

Chapter 13. Multi-Tenancy 89

The domain administratorThe domain administrator has the following attributes:v Prior to its association with a domain, the future domain administrator

(now a system administrator) has access to all non-domain entities, andno access to domain-specific entities.

v When the storage administrator becomes a domain administrator allaccess rights to non-domain entities are lost.

v The domain administrator can map volumes to hosts as long as both thevolume and the host belong to the domain.

v The domain administrator can copy and move volumes across pools aslong as the pools belong to domains administered by the domainadministrator.

v Domain administrators can manage snapshots for all volumes in theirdomains.

v Domain administrators can manage consistency and snapshot groups forall pools in their domains. Moving consistency groups across pools isallowed as long as both source and destination pools are in the admin'sdomains.

v Domain administrators can create and manage pools under the storageconstraint associated with their domain.

v Although not configurable by the domain administrator, hardware list,and events are available for view-only to the domain administratorwithin the scope of the domain.

v Commands that operate on objects not associated with a domain are notaccessible by the domain administrator.

Domain

The domain has the following attributes:v Capacity - the domain is allocated with a capacity that is further allocated among

its pools. The domain provides an additional container in the hierarchy of whatwas once system-pool-volume, and is now system-domain-pool-volume:– The unallocated capacity of the domain is reserved to the domain's pools– The sum of the hard capacity of the system's domains cannot exceed the total

hard capacity of the Spectrum Accelerate system.– The sum of the soft capacity of the system's domains cannot exceed the total

soft capacity of the Spectrum Accelerate system.v Maximum number of volumes per domain - the maximum number of volumes per

system is divided among the domains in a way that one domain cannotconsume all of the system resources at the expense of the other domains.

v Maximum number of pools per domain - the maximum number of pools per systemis divided among the domains in a way that one domain cannot consume all ofthe system resources at the expense of the other domains.

v Maximum number of mirrors per domain - the maximum number of mirrors persystem is divided among the domains.

v Maximum number of consistency groups per domain - the maximum number ofconsistency groups per system is divided among the domains.

v Performance class - the maximum aggregated bandwidth and IOPS is calculatedfor all volumes of the domain, rather than on a system level.

v The domain has a string that identifies it for LDAP authentication.


Mirroring in a multi-tenancy environment

v The target, target connectivity and interval schedule are defined, edited anddeleted by the storage administrator.

v The domain administrator can create, activate and change properties to amirroring relation based on the previously defined target and target connectivitythat are associated with the domain.

v The remote target does not have to belong to a domain.v Whenever the remote target belongs to a domain, it checks that the remote

target, pool and volume (if specified upon the mirror creation) all belong to thesame domain.

Chapter 13. Multi-Tenancy 91

Chapter 14. Non-disruptive code load

Non-disruptive code load (hot upgrade) enablesSpectrum Accelerate to upgrade itssoftware from a current version to a newer version without disrupting applicationservice.

The upgrade process is run on all modules in parallel and is designed to be quickenough so that the applications' service on the hosts will not be damaged. Theupgrade requires that neither data migration nor rebuild processes are run, andthat all internal network paths are active.

During the non disruptive code load process there is a point in time dubbed the'upgrade-point-of-no-return', before which the process can still be aborted (eitherautomatically by the system - or manually through a dedicated CLI). Once thatpoint is crossed - the Non-Disruptive Code Load process is not reversible.

Following are notable characteristics of the Non-disruptive code load:

Duration of the upgrade processThe overall process of downloading new code to storage system andmoving to the new code is done online to the application/Host.

The duration of the upgrade process is affected by the following factors:v The upgrade process requires that you stop all IOs. If there are a lot of

IOs in the system, or there are slow disks, the system might not be ableto stop the IOs fast enough, so it will restart them and try again after ashort while, taking into consideration some retries.

v The upgrade process installs a valid version of the software and thenretains its local configuration. This process might take a considerableamount of time, depending on the future changes in the structure of theconfiguration.

Prerequisites and constraints

v The process cannot run if a data migration process or a rebuild processis active. An attempt to start the upgrade process when either a datamigration or a rebuild process is active will fail.

v Generally, everything that happens after the point-of-no-return is treatedas if it happened after the upgrade is over.

v As long as the overall hot upgrade is in progress (up to several minutes)no management operations are allowed (save for status querying), andno events are processed.

v Prior to the point-of-no-return, a manual abort of the upgrade isavailable.

Effect on mirroringMirrors are automatically deactivated before the upgrade, and reactivatedafter it is over.

Effect on management operationsDuring the Non-Disruptive Code Load process it is possible to query thesystem about the upgrade status, and the process can also be abortedmanually before the 'point-of-no-return'. If a failure occurs before this point- the process will be aborted automatically.


Handling module or disk failure during the upgradeIf the failure occurs before the point-of-no-return, it will abort the upgrade.If it happens after that point, the failure is treated as if it happened afterthe upgrade is over.

Handling power failure during the upgradeAs for power failure before the point-of-no-return, power is beingmonitored during the time the system prepares for the upgrade (before thepoint-of-no-return). If a power failure is detected, the upgrade will beaborted and the power failure will be taken care of by the old version.


Glossary

The following is an alphabetical list of terms and abbreviations that are usedthroughout this product overview.

Active directoryMicrosoft Active Directory (AD) provides directory (lookup), DNS andauthentication services.

Alerting eventAn event that triggers recurring event notifications until it is cleared.

API See Application program interface (API).

Application program interface (API)The interface through which the application accesses the operating systemand the other services.

Authorization levelThe authorization level determines the permitted access level to thevarious functions of the GUI:

Read onlyOnly viewing is allowed.

Full Enables access to all the configuration and control functions,including shutdown of the system. This level requires a password.

Auto delete priorityAs the storage capacity reaches its limits, snapshots are automaticallydeleted to make more space. The deletion takes place according to thevalue set for each snapshot, as follows:

1 last to be deleted

4 first to be deleted

Each snapshot is given a default auto delete priority of 1 at creation.

Clearing eventsThe process of stopping the recurring event notification of alerting events.

CLI See Command line interface (CLI)

Command line interface (CLI)The nongraphical user interface used to interact with the system throughset commands and functions. The CLI for the Spectrum Accelerate.

Completion codeThe returned message sent as a result of running CLI commands.

Consistency groupA cluster of specific volumes that can all be snapshotted, mirrored andadministered simultaneously as a group. A volume can only be associatedwith a single consistency group.

The volumes within a consistency group are grouped into a single volumeset. The volume set can be snapshotted into multiple snapshot sets underthe specific consistency group. See also Snapshot set, Volume set.


CouplingThe two peers (volumes or consistency groups) between which a mirroringrelationship was set.

Data moduleA module dedicated to data storage. A fully-configured rack contains 9dedicated data modules, each with 12 disks.

DestinationSee Event destination.

EscalationA process in which event notifications are sent to a wider list of eventdestinations because the event was not cleared within a certain time.

Event destinationAn address for sending event notifications.

Event notification ruleA rule that determines which users are to be notified, for which events andby what means.

Event notificationThe process of notifying a user about an event.

Event A user or system activity that is logged (with an appropriate message).

Fabric The hardware that connects workstations and servers to storage devices ina SAN. The SAN fabric enables any-server-to-any-storage deviceconnectivity through the use of fibre-channel switching technology.

Functional areaOne of the high level groupings of icons (functional modules) of theleft-hand pane of the GUI screen. For example: Monitor, Configuration orVolume management. See Functional module.

Functional moduleOne of the icons of a functional area, on the left-hand pane of the GUIscreen. For example, System (under Monitor) or Hosts and LUNs (underConfiguration). See Functional area.

Graphical user interface (GUI)On-screen user interface supported by a mouse and a keyboard.

H/W Hardware.

HBA Host bus adapter.

Host interface moduleThe interface data module serves external host requests with the ability tostore data. A fully-configured rack has 6 interface data modules.

Host A host is a port name of a host that can connect to the system. The systemsupports iSCSI hosts.

I/O Input/output.

Image snapshotA snapshot that has never been unlocked. It is the exact image of themaster volume it was copied from, at the time of its creation. See alsosnapshot.

Internet ProtocolSpecifies the format of packets (also called datagrams), and theiraddressing schemes. See also Transmission Control Protocol (TCP).


IOPs Input/output (I/O) per second.

IP See Internet Protocol.

iSCSI Internet SCSI. An IP-based standard for linking data storage devices over anetwork and transferring data by carrying SCSI commands over IPnetworks.

LatencyAmount of time delay between the moment an operation is issued, and themoment it is committed.

LDAP Lightweight Directory Access Protocol.

LDAP attributeAn attribute defined in an LDAP directory data model.

LDAP authenticationA method for authenticating users by validating the user's submittedcredentials against data stored on an LDAP directory.

LDAP directoryA hierarchical database stored on an LDAP server and accessed throughLDAP calls.

LDAP serverA server that provides directory services through LDAP.

LDAP statusThe status of an LDAP server.

Load balancingEven distribution of load across all components of the system.

LockingSetting a volume (or snapshot) as unwritable (read-only).

LUN mapA table showing the mappings of the volumes to the LUNs.

LUN Logical unit number. Exports a systems volume into a registered host.

Master volumeA volume that has snapshots is called the master volume of its snapshots.

MIB Management information base. A database of objects that can be monitoredby a network management system. SNMP managers use standardized MIBformats to monitor SNMP agents.

Microsoft Active directorySee Active Directory

Mirror peerA peer (volume or consistency group) that is designated to be a replica of aspecified source peer data.

MirroringSee Remote mirroring.

Modified StateA snapshot state. A snapshot in modified state can never be used forrestoring its master volume.

MultipathingEnables host interface modules direct access to any volume.

Glossary 97

Peer Denotes a constituent side of a coupling. Whenever a coupling is defined,a designation is specified for each peer - one peer is designated primaryand the other is designated secondary.

Pool See Storage pool.

Primary peerA peer whose data is mirrored for backup on a remote storage system.

Rack The cabinet that stores all of the hardware components of the system.

Remote mirroringThe process of replicating the content of a source peer (volume orconsistency group) to a designated mirror peer.

Remote target connectivityA definition of connectivity between a port set of a remote target and amodule on the local storage system.

Remote targetAn storage system on a remote site, used for mirroring, data migration,and so on.

Role Denotes the actual role that the peer is fulfilling as a result of a specificcondition, either a master or a slave.

Rule See Event notification rule.

SAN Storage area network.

SCSI Small computer system interface.

Secondary peerA peer that serves as a backup of a primary peer.

SMS gatewayAn external server that is used to send SMSs.

SMTP gatewayAn external host that is used to relay e-mail messages through the SMTPprotocol.

Snapshot setThe resulting set of synchronized snapshots of a volume set in aconsistency group. See also Consistency group, Volume set.

SnapshotA point-in-time snapshot or copy of a volume. See also Image snapshot.

SNMP agentA device that reports information through the SNMP protocol to SNMPmanagers.

SNMP managerA host that collects information from SNMP agents through the SNMPprotocol.

SNMP trapAn SNMP message sent from the SNMP agent to the SNMP manager,where the sending is initiated by the SNMP agent and not as a response toa message sent from the SNMP manager.

SNMPSimple Network Monitor Protocol. A protocol for monitoring networkdevices. See also MIB, SNMP agent, SNMP manager, SNMP trap.


SnoozeThe process of sending recurring event notifications until the events arecleared.

Storage poolA reserved area of virtual disk space serving the storage requirements ofthe volumes.

Sync best effort modeA mode of remote mirroring in which I/O operations are not suspendedwhen communication between a primary and secondary volume is broken.

SynchronizationThe process of making the primary volume and secondary volumeidentical after a communication down time or upon the initialization of themirroring.

Target See Remote target.

TCP/IPSee Transmission Control Protocol, Internet Protocol.

Thin provisioningThin provisioning provides the ability to define logical volume sizes thatare much larger than the physical capacity installed on the system.

Transmission Control ProtocolTransmission Control Protocol (TCP) on top of the Internet Protocol (IP)establishes a virtual connection between a destination and a source overwhich streams of data can be exchanged. See also IP.

Trap See SNMP trap.

Unassociated volumeA volume that is not associated with a consistency group. See Consistencygroup.

Uninterruptible power supplyThe uninterruptible power supply provides battery backup power for adetermined period of time, particularly to enable the system to powerdown in a controlled manner, on the occurrence of a lengthy power outage.

Volume cloningCreating a snapshot from a volume.

Volume setA cluster of specific volumes in a consistency group, which can all besnapshotted simultaneously, thus, creating a synchronized snapshot of allof them. The volume set can be snapshotted into multiple snapshot sets ofthe specific consistency group. See also Snapshot set, Volume set.

VolumeA discrete unit of storage on disk, tape or other data recording mediumthat supports some form of identifier and parameter list, such as a volumelabel or input/output control.

A volume is a logical address space, having its data content stored on thesystems disk drives. A volume can be virtually any size as long as the totalallocated storage space of all volumes does not exceed the net capacity ofthe system. A volume can be exported to an attached host through a LUN.A volume can be exported to multiple hosts simultaneously. See alsoStorage pool, Unassociated volume.

Glossary 99

WWPNWorld Wide Port Name

XCLI IBM XIV command-line interface (XCLI) command set. See Command lineinterface.

XDRP The disaster recovery program for Spectrum Accelerate – The remotemirror feature of Spectrum Accelerate.

XIV-LDAP mappingAn association of data on the LDAP server (a specific LDAP attribute) anddata on the Spectrum Accelerate system. This is required to determine theaccess rights that should be granted to an authenticated LDAP user.


Notices

These legal notices pertain to the information in this IBM Storage productdocumentation.

This information was developed for products and services offered in the US. Thismaterial may be available from IBM in other languages. However, you may berequired to own a copy of the product or product version in that language in orderto access it.

IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785USA

For license inquiries regarding double-byte character set (DBCS) information,contact the IBM Intellectual Property Department in your country or sendinquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not applyto you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.


Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785USA

Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

The performance data discussed herein is presented as derived under specificoperating conditions. Actual results may vary.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the Copyright and trademarkinformation website (www.ibm.com/legal/us/en/copytrade.shtml).

VMware, ESX, ESXi, vSphere, vCenter, and vCloud are trademarks or registeredtrademarks of VMware Corporation in the United States, other countries, or both.

Microsoft, Windows Server, Windows, and the Windows logo are trademarks orregistered trademarks of Microsoft Corporation in the United States, othercountries, or both.

Other product and service names might be trademarks of IBM or other companies.


http://www.ibm.com/legal/us/en/copytrade.shtml

http://www.ibm.com/legal/us/en/copytrade.shtml

Index

Aaccess control 73

commands 84access_all 77, 78Accessing Data-at-Rest 61Active Directory 81administering

access control 73administrator 87, 89, 90advanced host attachment 12advanced snapshot mechanism 23alarm notification 6algorithms 4, 6application administrator 73, 76

access_all 77command conditions 77

associationsuser groups and hosts 76

asynchronous remote mirroringrole transmission 54

Atomic test & set 15ATS 15authentication 77

xiv 78authentication modes

switching 83auto delete priority 26automatic

recovery from failure 4automatic event notifications 6

Bbackup

continuous 23, 26bandwidth utilization 11Block zeroing 14

Ccache

protection 5CDP (continuous data protection) 26CHAP 12cleanup

IBM Hyper-Scale Mobility 57CLI

management options 4CLI (command line interface) 6CLI management 9clustering

hosts 13commands

host attachment 14configuration 80

multi-rack 6configured sync rate 11connectivity 11consistency group 36

creating 33

consistency groups 6and remote mirroring 50overview 33restore 36restoring 33snapshots 34, 35

continuous backup 23, 26continuous data protection 23Copy-on-Write (COW) 23, 26COW (copy-on-write) 23COW (Copy-on-Write) 23, 26creating

consistency group 33creating a vm 15

Ddata migration

deleting 64failures 66I/O handling 63overview 63read requests 63stages

activating 64initial configuration 64synchronization 64testing 64

write requests 63Data mirroring 4data mobility 57data virtualization 4, 6Data-at-Rest 61Data-in-Flight 61defining gateways 70destination

is synchronized 57destination groups 69destinations

defining 69e-mail 69SMS 69

detached media 61diagnostics 6disaster recovery 39, 51, 54disaster recovery types 40disconnects prevention 11domain 87, 89, 90domain administrator 87Don't stop when found

a stop criteria 81dr

disaster recovery 54Dynamic rate adaptation 11

Ee-mail (SMTP) gateways 70e-mail destination 69e-mail notifications 4

e-mail-to-SMS gateways 70error code protection 5establishing a proxy

IBM Hyper-Scale Mobility 57ESX

COMPARE AND WRITE 15fast copy 15SCSI2 reservations mechanism 15

ESXiwrite zeroes 15

Ethernet connectivity 9Ethernet ports 9

field technician ports 9interconnect ports 9iSCSI service ports 9management ports 9

eventhandling 67information 67notification rules 68viewing 68

event notifications 6external connection congestion 11external replication mechanisms 6

Ffailback 54failover 54fast copy 15features and functionality 2format

snapshot and snapshot group 31Full copy 14Full Volume Copy 30

Ggateways

defining 70e-mail (SMTP) 70e-mail-to-SMS 70

global spare storage 4glossary 95group rate limitation 16groups, destination 69GUI

management options 4GUI (graphic user interface) 6GUI management 9gui/cli initiated LDAP login 80

HHAK 12hard capacity, depletion 18Hardware-assisted locking 14, 15HIPAA compliance 61HIPAA Federal requirements 61


hostclustering 13rate 16

host connectivity 11host system attachment 11hosts

associations 76hot upgrade 93Hyper-Scale vision 57

II/O

rate limitation 16I/O operations 47IBM Hyper-Scale (in general) 57IBM Hyper-Scale Mobility 57IBM XIV role

in relation to access control 79image snapshots

duplicating 28implementation

of LDAP 78indirectly associated groups

of LDAP users 81initial creation of a domain 87initiator

iSCSI 12instance 57instant space reclamation 22interconnect connectivity 10internal snapshots 31IP communication, system-initiated 9IP connectivity 9iSCSI CHAP authentication 12Isolation

in domain-based multi-tenancy 87

Kkey server inaccessibility 61

Llatency

overcoming latency that is inherent tosynchronous mirroring 51

LDAPauthentication 77, 78authentication mode

switch to and from 83authentication scenarios 81directory 79group mapping 79service account 83use cases 79, 80user validation 82

LDAP authentication scenarios 80LDAP server

definition 79ldap_test 79life-cycle

of a volume 21Lightweight Directory Access

Protocol 78

limitinghost rates 16

load balancing 57logical storage unit

migration 57logical unit numbers 11low sync rate 11LUN array 12LUN ID 31LUN0 12

Mmachine re-purposing 57management connectivity 9management options 4managers, SNMP 69mapping, LUN, 11master volume 39master volumes 21max sync rate 11maximum number of queries

as a search limit 81mechanisms

self-healing 4memberof

group attribute 81methods

of access control 73MIB 70Microsoft Active Directory 78mirroring

data 4remote 39, 51

mirroring relationestablishing, following

IBM Hyper-Scale Mobility 57modules

cache 5multi-rack configuration 6multi-tenancy 87, 89, 90multipathing 6Multiple findings

during a search within indirectlyassociated groups 81

Nnative

authentication 77Non-disruptive code load 93nonvolatile disk media 4notifications

e-mail 4SMS 4SNMP 4

Oof an LDAP server 80Off-line Data Migration 57Open LDAP 78options

management 4over-provisioning 57owner 87

PPartitioning

in domain-based multi-tenancy 87Performance classes

(QoS) 16Planned service disruption 54planning

IBM Hyper-Scale Mobility 57post completion

IBM Hyper-Scale Mobility 57predefined users 75

authentication 77primary site 39provisioning

thin 6provisioning, thin 18

QQoS

performance classes 16

Rrecovery

from a disaster 54Recovery Key 61Redirect-on-Write (ROW) 23, 26reliability 4remote mirroring 39

and consistency groups 50basic concepts 39, 40disaster recovery types 40operation 39, 40role switchover 45synchronization 49synchronous mirroring statuses 43use of snapshots 40

remote monitoring 6replication 51replication mechanisms 6resolving hardware issues 87resource allocation 87, 89, 90restoring 36

snapshots 29volumes 29

restricted prefixto a snapshot group 35

role switchover 45when remote mirroring is not

operational 46when remote mirroring is

operational 45role transmission

within the asynchronous mirroringprocess 54

role-basedaccess control 73

role-based access controlapplication administrator 76configuring users 78

ROW (redirect-on-write) 23ROW (Redirect-on-Write) 23, 26


Sscrubbing 4SCSI error

while writing to a secondaryvolume 47

search flowof indirectly-associated groups 81

secondary site 39self-healing

mechanism 4self-healing mechanisms 4Self-sufficiency

in domain-based multi-tenancy 87set of permissions 87set-up

IBM Hyper-Scale Mobility 57single physical copy of data 27slave volume 39smis_user 75SMS destination 69SMS notifications 4snapshot 27, 29

atomic procedure of creating a 27format 31storage utilization 26

Snapshotassociation 26name 26serial number 26

snapshot groupformat 31

snapshot groups 34, 35, 36snapshot ID 31snapshot management 6snapshot policy

establishing, followingIBM Hyper-Scale Mobility 57

snapshots 23, 26auto delete priority 26depletion of hard capacity 18duplicating 28locking and unlocking 28restoring 29

Snapshots 21, 23snapshots, overview 21snapshotting 23, 26

consistency groups 6snapshot management 6

Snapshotting 23SNMP 6, 70SNMP agent 70SNMP managers 69, 70SNMP notification 70SNMP notifications 4SNMP trap

See SNMP notificationSource 57spare storage 4stolen media 61stop criteria

for searching indirectly associatedgroups 81

Stop when founda stop criteria 81

storageglobal spare 4

storage administrator 75

storage pooldepletion of hard capacity 18hard and soft sizes 18

storage pools 6moving volumes 17, 18overview 17, 18

storage unit 57Storage, security, and application

administrators and read-only usersin domain-based multi-tenancy 87

SUN directory 78switchover 45Symantec Storage Foundation Thin

Reclamation 22sync job

snapshot that is part of a 31sync rate

low 11synchronized

remote mirroring 39, 51synchronous mirroring

statuses 43synchronous remote mirroring

I/O operations 47system

hard and soft sizes 18system attachment

see: host system attachment 11, 12system resources 87

Ttechnician 75tenancy 87, 89, 90the unmap bit 15thin provisioning 6, 18tracking the migration

IBM Hyper-Scale Mobility 57transmission

of roles 54

UUnintentional/erroneous role change 54Unplanned service disruption 54upgradability 8use cases

LDAP 79, 80user groups 76

associations 76user roles

application administrator 73operations administrator 73permission levels 73read only 73storage administrator 73technician 73

user searchLDAP 82

User-domain associationin domain-based multi-tenancy 87

Users other than the domainadministrator

in domain-based multi-tenancy 87users validation

using LDAP 82

Vvm cloning 15volumes 21

Full Volume Copy 30hard and soft sizes 18restoring 29

Wwrite zeroes 15

Xxiv authentication 78XIV key Recovery 61xiv owner 89XIV owner 90XIV role search

LDAP 82XIV-to-LDAP mapping 80

Index 105

IBM®

Printed in USA

GC27-6700-05

ibm spectrum accelerate: product overview · 2018. 3. 16. · ibm knowledge center with your ibmid....

Documents