An IP cure for the SAN
IP SAN is perceived as a technology that can overtake Fibre
Channel SAN. Its benefits make it attractive for SMBs and enterprises (DR systems).
An in-depth look at this disruptive technology. by Anil Patrick R
An IP SAN uses the iSCSI protocol to network disk arrays using a TCP/IP network.
These SANs provide native-level block access and data transfer, similar to traditional
Start-ups lead the field
An IP-based SAN provides dedicated LAN-attached storage
accessible to a variety of platforms using high-level protocols. It is
a more mature technology than FC SAN and fits more easily into an existing
P Rangarajan, AVP, Operation and Systems, Birla Sunlife Distribution
When iSCSI was standardised, most SAN majors stayed away dismissing
it as a buzzword. This resulted in start-ups coming up with open and high-performance
IP SAN architectures that were widely adopted by enterprises worldwide.
Thus, the IP SAN ventures of most FC SAN vendors are relatively nascent. However,
since IP SANs are built around an open architecture and have components which
are easy to design, use and manage, this should not be an entry barrier for
traditional SAN vendors.
The entry-level IP SAN
IP SANs provide value for money to businesses that do not need the performance
levels of FC SANs. This has led many storage vendors to turn their product focus
towards IP SAN technology in a major way.
Despite the lower throughputs vis-à-vis FC SAN, IP SAN is being widely
adopted. The link media and protocols used differ, but an IP SAN is capable
of providing near Gigabit speeds (as opposed to throughputs of 1, 2, 4, and
10 Gbps offered by FC SANs) that are more than enough for most enterprise requirements.
"IP SAN throughput may not be as high as FC SAN, but then IP SANs are typically
targeted at specific application requirements. Earlier we were concerned because
iSCSI was not certified but now that vendors like Microsoft are endorsing it,
IP SANs have a bright future," explains George Thomas, Country Manager,
As its name suggests, IP SAN is built on top of IP, making deployment relatively
easy and quick. Many vendors claim that their solutions can be configured to
be up and running in a couple of hours. An IP SAN does not require a data centre
environment unlike a FC model, reducing the investments required for storage
consolidation. Like a FC SAN, IP SAN can also be accessed from across the network
by appropriately configuring the firewall. "IP SAN can be accessed from
both servers and workstations, unlike the FC SAN, which is typically designed
for access within the data centre," says C Kajwadkar, Vice President, NSE.IT.
When it comes to management, IP SANs can be managed by existing IT teams with
TCP/IP network administration skills and basic training. Refer to Box: Empowering
your team to make your existing team compatible with IP SANs.
On the storage centralisation front, IP SANs present a good option for SMBs
who want to consolidate their storage from distributed DAS systems. For these
organisations, the technology provides a low-cost and hassle-free implementation
or maintenance centralisation option. "IP-based SANs provide dedicated
LAN-attached storage accessible to a variety of platforms using high-level protocols.
It is a more mature technology than FC SANs and fits more easily into an existing
environment," according to P Rangarajan, AVP, Operation and Systems, Birla
However, the biggest implementation of IP SANs will be in enterprise DR, tiered
storage and Data Lifecycle Management (DLM). "A natural fit for IP SANs
is disaster recovery and remote replication as these problems require a broad
network reach and cost-effective scaling, which is something that IP/Ethernet
excels at," adds B Chandrashekar, Country Manager, India, Intransa.
Yet another application is to augment an existing FC SAN. Most recent FC switches
come with iSCSI interfaces and have capabilities like iSCSI redirection that
enable IP SANs to be attached to FC SANs. Although most enterprises are still
considering these IP SAN applications, maturing technology will make it an attractive
These advantages have ensured that there is a strong demand for IP-based solutions
at the enterprise level. Now let us examine how the IP SAN functions.
Inside an IP SAN
Most of the IP SANs available today are essentially a combination of six cost-effective
and high performance technologies, namely, iSCSI, Gigabit Ethernet (GbE) switches,
Serial ATA (SATA) hard disk arrays, Linux or similar open source OS kernel,
virtual LANs (VLAN), and Cat 6 cables.
A basic IP SAN consists of GbE switches, a disk array controller, and a SATA
disk RAID array. Depending on the vendor's product design, the controller and
hard disks may be a single unit or separate elements. The merits and demerits
of these two arrangements in terms of scalability and flexibility are highly
debatable. Vendors whose products have separate controller and switch units
claim that it is easier to scale up with this arrangement.
The disk array controller is connected via GbE switches to
the drive arrays and servers using Cat 6 cables. These controllers are usually
powered by applications that run on an open source OS like Linux. This OS is
suitably hardened for data security.
IP SANs are natural fits in disaster recovery and remote
replication as these problems require a broad network reach and cost-effective
scaling, which is something that IP/Ethernet excels at
Country Manager, India, Intransa
Next comes the initiator part at the server end. Although
the server CPU can handle the IP encapsulation required for iSCSI transmission,
it is best to use a TCP offload engine (ToE). Most popular operating systems
available today have initiator support for iSCSI. However, it is better to use
the ToE for data crunching to avoid overloading the processors. The ToE is a
hardware TCP card which will do all the TCP processing required for encapsulation.
ToEs help free the processor(s) from the heavy duty crunching required for the
The targets for the server(s) are the disk array(s). The
disk array controller is responsible for de-encapsulation of iSCSI and packet
routing required for RAID. The controller(s) do the processing required to convert
iSCSI traffic from servers to SCSI packets for storage on the SATA disks and
route it to the target(s).
Although IP SANs can be situated in the primary LAN itself,
it is best to have a secondary dedicated LAN. The secondary LAN should be located
in the DMZ (De-Militarised Zone) and connected to the servers to avoid issues
like traffic contention. This will enable extraction of maximum performance
and efficiency from the IP SAN.
Refer to Figure: Typical IP SAN architecture to see an IP
SAN layout using four storage controllers.
Now let us see how the data transmission happens. iSCSI data transmission sessions
involve a login phase and a full-feature data transmission phase.
Once the initiator (server) and target (hard disk array) have identified each
other, data transmission is initiated. On the IP SAN side, the required iSCSI-SCSI
conversion and routing is performed by the controller.
Security features include use of virtual SANs (VSANs) within the IP SAN. This
is basically the virtual LAN (VLAN) facility itself available in most GbE switches.
Using VSANs helps maintain security by limiting access to storage devices from
the servers. Access control lists (ACL) at the switches and IPSec VPNs are also
being used by vendors to secure data exchange between the primary LAN or external
networks and the IP SAN.
Some security consultants also suggest encrypting data in
the disk arrays, but this can affect SAN performance. Work is also on to incorporate
more security features in IP SAN switches.
Possible cons in IP Land
Whatever the pros, IP SAN technology is yet to mature. Although most original
storage manufacturers have started support, it remains to be seen if they will
accept the technology in the long run.
On the other hand, FC SANs have a strong operational history which will still
make them the first choice in high performance or availability solutions. "We
are seeing movement on the IP-based solutions front only recently, but it is
still some time away. Till this happens, buyers will explore iSCSI for the sheer
kick of deploying IP-based storage and will be restricted to non-critical applications,"
feels Srikant Chakrapani, Consulting Director, Hitachi Data Systems.
Next in line comes the issue of varying speeds. GbE technology is yet to mature
enough to provide a constant guaranteed throughput. While this has been a drawback
of Ethernet technology from the beginning, rectifying this drawback is necessary
if IP SANs are to really compete with FC SANs in the large enterprise space.
One of the known limitations of IP layer is the overheads for every frame. "IP
SAN has to ride on top of the IP layer and so it inherits all the overheads
associated with the IP layer. This slows down the performance to some extent,"
Although FC is also subject to many security attacks, IP being more widely used
is more vulnerable. At present, IP SAN vendors are working on ironing out these
concerns. In the meanwhile, FC vendors are capitalising on it by preaching the
higher security and performance levels of FC SANs.
|Works on Fibre Channel link and uses FCP
||Works over TCP/IP and uses iSCSI over Gigabit Ethernet
|Operates on a dedicated FC network
||Can work on internal LAN, but dedicated LAN is recommended
|Proprietary technology Interoperability issues might arise
||Uses open standards and freely available technology. Proprietary
nature might be limited only to controller or advanced tool sets and has
very few known interoperability issues
|Expensive to implement, deploy, and maintain
||Much lower implementation, deployment and maintenance costs
than FC SANs
|Requires dedicated and experienced storage administrators
||Regular network administrators can be trained to handle an
|Can operate at throughputs of up to 10 Gbps
||Can operate at a maximum throughput of less than 1 Gbps
|Monolithic storage architecture
||Available in monolithic as well as separate controller plus
disk array architecture
|Ideal for large enterprises and applications that require
||Ideal for SMBs and for low-cost backup or DR set-ups
The future of FC?
In high-performance computing, the FC SAN will still
remain a better choice. The trend seems to suggest that storage systems
are moving towards support for both IP SAN and FC SAN natively
C Kajwadkar, Vice President, NSE.IT
Now the questions that arise are the following. Is FC SAN
on the way out? Is IP the only way ahead? The answer is no.
IP SAN will not be making FC SANs obsolete any time in the near future. IP SANs
will certainly grow to have a strong presence in the SMB and DR segments as
well as in departmental applications. FC SANs will continue to dominate in the
large enterprise and mission-critical applications.
"In high-performance computing, the FC SAN will still remain a better choice.
The trend seems to suggest that storage systems are moving towards support for
both IP SAN and FC SAN natively," says Kajwadkar.
On the storage horizon
The most recent development for IP SAN technology is 10 Gigabit Ethernet (10
GbE). The present distance restraint in 10 GbE will not limit its usage in IP
SANs since their cabling does not exceed this.
According to Chandrasekhar, 10 GbE will be a cost-effective driver in helping
IP SANs provide reliable storage to mission-critical data. Many 10 GbE vendors
claim to have solutions that overcome the distance limitations, but the costs
remain prohibitive. "It will be a year or two before 10 GbE becomes affordable
for a majority of applications but once that happens, adoption will continue
apace," predicts Chandrasekhar.
Anil Patrick R can be reached at firstname.lastname@example.org