Archives ||About Us || Advertise || Feedback || Subscribe-
Issue of April 2005 

[an error occurred while processing this directive]

 Home > Cover Story
 Print Friendly Page ||  Email this story


An IP cure for the SAN

IP SAN is perceived as a technology that can overtake Fibre Channel SAN. Its benefits make it attractive for SMBs and enterprises (DR systems). An in-depth look at this disruptive technology. by Anil Patrick R

An IP SAN uses the iSCSI protocol to network disk arrays using a TCP/IP network. These SANs provide native-level block access and data transfer, similar to traditional FC SANs.

Start-ups lead the field

An IP-based SAN provides dedicated LAN-attached storage accessible to a variety of platforms using high-level protocols. It is a more mature technology than FC SAN and fits more easily into an existing environment
P Rangarajan, AVP, Operation and Systems, Birla Sunlife Distribution

When iSCSI was standardised, most SAN majors stayed away dismissing it as a buzzword. This resulted in start-ups coming up with open and high-performance IP SAN architectures that were widely adopted by enterprises worldwide.

Thus, the IP SAN ventures of most FC SAN vendors are relatively nascent. However, since IP SANs are built around an open architecture and have components which are easy to design, use and manage, this should not be an entry barrier for traditional SAN vendors.

The entry-level IP SAN

IP SANs provide value for money to businesses that do not need the performance levels of FC SANs. This has led many storage vendors to turn their product focus towards IP SAN technology in a major way.

Despite the lower throughputs vis-à-vis FC SAN, IP SAN is being widely adopted. The link media and protocols used differ, but an IP SAN is capable of providing near Gigabit speeds (as opposed to throughputs of 1, 2, 4, and 10 Gbps offered by FC SANs) that are more than enough for most enterprise requirements. "IP SAN throughput may not be as high as FC SAN, but then IP SANs are typically targeted at specific application requirements. Earlier we were concerned because iSCSI was not certified but now that vendors like Microsoft are endorsing it, IP SANs have a bright future," explains George Thomas, Country Manager, Network Appliance.

As its name suggests, IP SAN is built on top of IP, making deployment relatively easy and quick. Many vendors claim that their solutions can be configured to be up and running in a couple of hours. An IP SAN does not require a data centre environment unlike a FC model, reducing the investments required for storage consolidation. Like a FC SAN, IP SAN can also be accessed from across the network by appropriately configuring the firewall. "IP SAN can be accessed from both servers and workstations, unlike the FC SAN, which is typically designed for access within the data centre," says C Kajwadkar, Vice President, NSE.IT.

When it comes to management, IP SANs can be managed by existing IT teams with TCP/IP network administration skills and basic training. Refer to Box: Empowering your team to make your existing team compatible with IP SANs.

On the storage centralisation front, IP SANs present a good option for SMBs who want to consolidate their storage from distributed DAS systems. For these organisations, the technology provides a low-cost and hassle-free implementation or maintenance centralisation option. "IP-based SANs provide dedicated LAN-attached storage accessible to a variety of platforms using high-level protocols. It is a more mature technology than FC SANs and fits more easily into an existing environment," according to P Rangarajan, AVP, Operation and Systems, Birla Sunlife Distribution.

However, the biggest implementation of IP SANs will be in enterprise DR, tiered storage and Data Lifecycle Management (DLM). "A natural fit for IP SANs is disaster recovery and remote replication as these problems require a broad network reach and cost-effective scaling, which is something that IP/Ethernet excels at," adds B Chandrashekar, Country Manager, India, Intransa.

Yet another application is to augment an existing FC SAN. Most recent FC switches come with iSCSI interfaces and have capabilities like iSCSI redirection that enable IP SANs to be attached to FC SANs. Although most enterprises are still considering these IP SAN applications, maturing technology will make it an attractive proposition cost-wise.

These advantages have ensured that there is a strong demand for IP-based solutions at the enterprise level. Now let us examine how the IP SAN functions.

Inside an IP SAN

Most of the IP SANs available today are essentially a combination of six cost-effective and high performance technologies, namely, iSCSI, Gigabit Ethernet (GbE) switches, Serial ATA (SATA) hard disk arrays, Linux or similar open source OS kernel, virtual LANs (VLAN), and Cat 6 cables.

A basic IP SAN consists of GbE switches, a disk array controller, and a SATA disk RAID array. Depending on the vendor's product design, the controller and hard disks may be a single unit or separate elements. The merits and demerits of these two arrangements in terms of scalability and flexibility are highly debatable. Vendors whose products have separate controller and switch units claim that it is easier to scale up with this arrangement.

The disk array controller is connected via GbE switches to the drive arrays and servers using Cat 6 cables. These controllers are usually powered by applications that run on an open source OS like Linux. This OS is suitably hardened for data security.

IP SANs are natural fits in disaster recovery and remote replication as these problems require a broad network reach and cost-effective scaling, which is something that IP/Ethernet excels at
B Chandrashekar,
Country Manager, India, Intransa

Next comes the initiator part at the server end. Although the server CPU can handle the IP encapsulation required for iSCSI transmission, it is best to use a TCP offload engine (ToE). Most popular operating systems available today have initiator support for iSCSI. However, it is better to use the ToE for data crunching to avoid overloading the processors. The ToE is a hardware TCP card which will do all the TCP processing required for encapsulation. ToEs help free the processor(s) from the heavy duty crunching required for the conversion.

The targets for the server(s) are the disk array(s). The disk array controller is responsible for de-encapsulation of iSCSI and packet routing required for RAID. The controller(s) do the processing required to convert iSCSI traffic from servers to SCSI packets for storage on the SATA disks and route it to the target(s).

Although IP SANs can be situated in the primary LAN itself, it is best to have a secondary dedicated LAN. The secondary LAN should be located in the DMZ (De-Militarised Zone) and connected to the servers to avoid issues like traffic contention. This will enable extraction of maximum performance and efficiency from the IP SAN.

Refer to Figure: Typical IP SAN architecture to see an IP SAN layout using four storage controllers.

Action perspective

Now let us see how the data transmission happens. iSCSI data transmission sessions involve a login phase and a full-feature data transmission phase.

Once the initiator (server) and target (hard disk array) have identified each other, data transmission is initiated. On the IP SAN side, the required iSCSI-SCSI conversion and routing is performed by the controller.

Security features include use of virtual SANs (VSANs) within the IP SAN. This is basically the virtual LAN (VLAN) facility itself available in most GbE switches. Using VSANs helps maintain security by limiting access to storage devices from the servers. Access control lists (ACL) at the switches and IPSec VPNs are also being used by vendors to secure data exchange between the primary LAN or external networks and the IP SAN.

Some security consultants also suggest encrypting data in the disk arrays, but this can affect SAN performance. Work is also on to incorporate more security features in IP SAN switches.

Empowering your team

IT teams are very familiar with TCP/IP administration and it will take them only a short time to acclimatise to administering the IP SAN environment. IP SAN vendors will also provide initial training.

Although IP SANs are familiar territory, it is important to have a dedicated storage administrator. Sharing the same system administrators can create issues in the long run since storage administration requires different skill sets than network administration. Training an existing system administrator solely for this purpose is the best way.

If IP SANs are connected to the existing FC SAN, the existing SAN administrator(s) can take over the entire administration. It will involve an existing level of expertise in SAN management from the administrator since this part of iSCSI technology still has to mature.

There is high probability that interoperability and performance issues might pop up. FC SAN administration exposure along with strong TCP/IP and RAID skill sets will be of assistance here.

Possible cons in IP Land

Whatever the pros, IP SAN technology is yet to mature. Although most original storage manufacturers have started support, it remains to be seen if they will accept the technology in the long run.

On the other hand, FC SANs have a strong operational history which will still make them the first choice in high performance or availability solutions. "We are seeing movement on the IP-based solutions front only recently, but it is still some time away. Till this happens, buyers will explore iSCSI for the sheer kick of deploying IP-based storage and will be restricted to non-critical applications," feels Srikant Chakrapani, Consulting Director, Hitachi Data Systems.

Next in line comes the issue of varying speeds. GbE technology is yet to mature enough to provide a constant guaranteed throughput. While this has been a drawback of Ethernet technology from the beginning, rectifying this drawback is necessary if IP SANs are to really compete with FC SANs in the large enterprise space.

One of the known limitations of IP layer is the overheads for every frame. "IP SAN has to ride on top of the IP layer and so it inherits all the overheads associated with the IP layer. This slows down the performance to some extent," admits Kajwadkar.

Although FC is also subject to many security attacks, IP being more widely used is more vulnerable. At present, IP SAN vendors are working on ironing out these concerns. In the meanwhile, FC vendors are capitalising on it by preaching the higher security and performance levels of FC SANs.

Works on Fibre Channel link and uses FCP Works over TCP/IP and uses iSCSI over Gigabit Ethernet
Operates on a dedicated FC network Can work on internal LAN, but dedicated LAN is recommended
Proprietary technology Interoperability issues might arise Uses open standards and freely available technology. Proprietary nature might be limited only to controller or advanced tool sets and has very few known interoperability issues
Expensive to implement, deploy, and maintain Much lower implementation, deployment and maintenance costs than FC SANs
Requires dedicated and experienced storage administrators Regular network administrators can be trained to handle an IP SAN.
Can operate at throughputs of up to 10 Gbps Can operate at a maximum throughput of less than 1 Gbps
Monolithic storage architecture Available in monolithic as well as separate controller plus disk array architecture
Ideal for large enterprises and applications that require high performance Ideal for SMBs and for low-cost backup or DR set-ups

The future of FC?

In high-performance computing, the FC SAN will still remain a better choice. The trend seems to suggest that storage systems are moving towards support for both IP SAN and FC SAN natively
C Kajwadkar, Vice President, NSE.IT

Now the questions that arise are the following. Is FC SAN on the way out? Is IP the only way ahead? The answer is no.

IP SAN will not be making FC SANs obsolete any time in the near future. IP SANs will certainly grow to have a strong presence in the SMB and DR segments as well as in departmental applications. FC SANs will continue to dominate in the large enterprise and mission-critical applications.

"In high-performance computing, the FC SAN will still remain a better choice. The trend seems to suggest that storage systems are moving towards support for both IP SAN and FC SAN natively," says Kajwadkar.

On the storage horizon

The most recent development for IP SAN technology is 10 Gigabit Ethernet (10 GbE). The present distance restraint in 10 GbE will not limit its usage in IP SANs since their cabling does not exceed this.

According to Chandrasekhar, 10 GbE will be a cost-effective driver in helping IP SANs provide reliable storage to mission-critical data. Many 10 GbE vendors claim to have solutions that overcome the distance limitations, but the costs remain prohibitive. "It will be a year or two before 10 GbE becomes affordable for a majority of applications but once that happens, adoption will continue apace," predicts Chandrasekhar.

Anil Patrick R can be reached at

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.