Archive for January 2013

Understand and apply LUN masking using PSA-related commands

January 10, 2013 Objective 1 Storage No comments

index

What is LUN Masking?

LUN (Logical Unit Number) Masking is an authorization process that makes a LUN available to some hosts and unavailable to other hosts.LUN Masking is implemented primarily at the HBA (Host Bus Adapter) level. LUN Masking implemented at this level is vulnerable to any attack that compromises the HBA. Some storage controllers also support LUN Masking.

LUN Masking is important because Windows based servers attempt to write volume labels to all available LUN’s. This can render the LUN’s unusable by other operating systems and can result in data loss.

How to MASK on a VMware ESXi Host

  • Step 1: Identifying the volume in question and obtaining the naa ID
  • Step 2: Run the esxcli command to associate/find this naa ID with the vmhba identifiers
  • Step 3: Masking the volume when you want to preserve data from the VMFS volumes for later use or if the volume is already deleted
  • Step 4: Loading the Claim Rules
  • Step 5: Verify that the claimrule has loaded:
  • Step 6: Unclaim the volume in question
  • Step 7: Check Messages
  • Step 8: Unpresent the LUN
  • Step 9: Rescan all hosts
  • Step 10 Restore normal claim rules
  • Step 11: Rescan Datastores

Step 1

  • Check in both places as listed in the table above that you have the correct ID
  • Note: Check every LUN as sometimes VMware calls the same Datastore different LUN Numbers and this will affect your commands later

claim3

  • Example Below

LUN

  • Make a note of the naa ID

Step 2

  • Once you have the naa ID from the above step, run the following command
  • Note we take the : off
  • -L parameter will show a compact list of paths

CLAIM2

  • Example below

lun3

  • We can see there are 2 paths to the LUN called C0:T0:L40 and C0:T1:L40
  • C=Channel, T=Target, L=LUN
  • Next we need to check and see what claim rules exist in order to not use an existing claim rule number
  • esxcli storage core claimrule list
  • Note I had to revert to the vSphere 4 CLI command as I am screenprinting from vSphere 5 not 4!

claimrule

Step 3

  • At this point you should be absolutely clear what LUN number you are using!

claim4

  • Next, you can use any rule numbers for the new claim rule that isn’t in the list above and pretty much anything from 101 upwards
  • In theory I have several paths so i should do this exercise for all of the paths

claim5

Step 4

claim6

  • The Class for those rules will show as file which means that it is loaded in /etc/vmware/esx.conf but it isn’t yet loaded into runtime.

Step 5

claim

  • Run the following command to see those rules displayed twice, once as the file Class and once as the runtime Class

Step 6

claim8

  • Before these paths can be associated with the new plugin (MASK_PATH), they need to be disassociated from the plugin they are currently using. In this case those paths are claimed by the NMP plugin (rule 65535). This next command will unclaim all paths for that device and then reclaim them based on the claimrules in runtime.

claim

Step 7

  • Check Messages

claim9

  • See example below

grep

  • Refresh the Datastore and you should see it vanish from the host view
  • Run the following command to check it now shows no paths
  • esxcfg-mpath -L | grep naa.60050768028080befc00000000000050 again will now show no paths

Step 8

  • Now get your Storage Team to remove the LUN from the SAN

Step 9

  • Rescan all hosts and make sure the Datastore has gone

Step 10

  • To restore normal claimrules, perform these steps for every host that had visibility to the LUN, or from all hosts on which you created rules earlier:

claim10

  • Run esxcli corestorage claimrule load
  • Run esxcli corestorage claimrule list
  • Note that you do not see/should not see the rules that you created earlier.

claimrule

  • Perform a rescan on all ESX hosts that had visibility to the LUN. If all of the hosts are in a cluster, right-click the cluster and click Rescan for Datastores. Previously masked LUNs should now be accessible to the ESX hosts

Step 11

  • Next you may have to follow the following KB Article if you find you have these messages in the logs or you cannot add new LUNs
  • Run the following commands on all HBA Adapters

unclaim

Useful Video of LUN Masking

http://www.youtube.com/watch?feature=player_embedded&v=pyNZkZmTKQQ

Useful VMware Docs (ESXi4)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1029786

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1015252

Useful VMware Doc (ESXi5)

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2004605

 

Understand and apply VMFS resignaturing

January 10, 2013 Objective 1 Storage, Objective 6 Advanced Troubleshooting 2 comments

VMFS LUN UUID

Every VMFS based LUN is assigned a Universally Unique Identifier (UUID). The UUID is stored in the metadata of your file system called a superblock and is a unique hexadecimal number generated by VMware.

When a LUN is copied or a replication made of an original LUN, the copied LUN ends up being absolutely identical to the original LUN including having the same UUID. This means the newly copied LUN must be resignatured before it is mounted. ESXi can determine whether a LUN contains a VMFS copy and does not mount it automatically

VMFS resignaturing does not apply to NFS Datastores

VMFS Resignaturing

  1. Creating a new signature for a drive is irreversible
  2. A datastore with extents (Spanned Datastore) may only be resignatured if all extents are online
  3. The VMs that use a datastore that was resignatured must be reassociated with the disk in their respective configuration files. The VMs must also be re-registered within vCenter
  4. The procedure is fault tolerant. If interrupted, it will continue later

Resignature a datastore using vSphere Client

  1. Log into vCenter using vClient
  2. Click Configuration > Storage
  3. Click Add Storage in the right window frame
  4. Select Disk/LUN and click Next
  5. Select the device to add and click Next
  6. You then have 3 options

sig

  1. Keep the existing signature: This option will leave the VMFS partition unchanged
  2. Assign a new signature: This option will delete the existing disk signature and replace it with a new one. This option must be selected if the original VMFS volume is still mounted (It isn’t possible to have two separate volumes with the same UUID mounted simultaneously)
  3. Format the disk: This option is the same as creating a new VMFS volume on an empty LUN
  4. Select Assign new signature and click Next
  5. Review your changes and then click Finish

Applying resignaturing using ESXCLI

  • SSH into a host using Putty or login into vMA
  • Type esxcli storage vmfs snapshot list. This will list the copies
  • esxcli storage vmfs snapshot mount -l (VolumeName)
  • esxcli storage vmfs snapshot resignature -l (VolumeName)

Troubleshooting

As of ESXi/ESX 4.0, it is no longer necessary to handle snapshot LUNs via the CLI. Resignature and Force-Mount operations have full GUI support and vCenter Server does VMFS rescans on all hosts after a resignature operation.

Snapshot LUNs issue is caused when the ESXi/ESX host cannot confirm the identity of the LUN with what it expects to see in the VMFS metadata. This can be caused by replaced SAN hardware, firmware upgrades, SAN replication, DR tests, and some HBA firmware upgrades. Some ESXi/ESX host upgrades from 3.5 to 4.x (due to the change in naming convention from mpx to naa) have also been known to cause this, but this is a rare occurrence. For more/related information, see Managing Duplicate VMFS Datastores in the vSphere Storage Guide for ESXi 5.x.

Force mounting a VMFS datastore may fail if:

  1. Multiple ESXi/ESX 4.x and 5.0 hosts are managed by the same vCenter Server and these hosts are in the same datacenter.
  2. A snapshot LUN containing a VMFS datastore is presented to all these ESXi/ESX hosts.
  3. One of these ESXi/ESX hosts has force mounted the VMFS datastore that resides on this snapshot LUN.
  4. A second ESXi/ESX host is attempting to do an operation at the same time.

When one ESXi/ESX host force mounts a VMFS datastore residing on a LUN which has been detected as a snapshot, an object is added to the datacenter grouping in the vCenter Server database to represent that datastore.

When a second ESXi/ESX host attempts to do the same operation on the same VMFS datastore, the operation fails because an object already exists within the same datacenter grouping in the vCenter Server database.

Since an object already exists, vCenter Server does not allow mounting the datastore on any other ESXi/ESX host residing in that same datacenter.

ESXCLI Commands for troubleshooting

Snapshot1

Useful YouTube Link

http://www.youtube.com/watch?feature=player_embedded&v=CFJTjbPGlY4

VMware Article Link

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1011387

Apply VMware storage Best Practices

January 10, 2013 Objective 1 Storage No comments

best-practice

Datastore supported features

ds

VMware supported storage related functionality

ds3

Storage Best Practices

  • Always use the Vendors recommendations whether it be EMC, NetApp or HP etc
  • Document all configurations
  • In a well-planned virtual infrastructure implementation, a descriptive naming convention aids in identification and mapping through the multiple layers of virtualization from storage to the virtual machines. A simple and efficient naming convention also facilitates configuration of replication and disaster recovery processes.
  • Make sure your SAN fabric is redundant (Multi Path I/O)
  • Separate networks for storage array management and storage I/O. This concept applies to all storage protocols but is very pertinent to Ethernet-based deployments (NFS, iSCSI, FCoE). The separation can be physical (subnets) or logical (VLANs), but must exist.
  • If leveraging an IP-based storage protocol I/O (NFS or iSCSI), you might require more than a single IP address for the storage target. The determination is based on the capabilities of your networking hardware.
  • With IP-based storage protocols (NFS and iSCSI) you channel multiple Ethernet ports together. NetApp refers to this function as a VIF. It is recommended that you create LACP VIFs over multimode VIFs whenever possible.
  • Use CAT 6 cabling rather than CAT 5
  • Enable Flow-Control (should be set to receive on switches and
    transmit on iSCSI targets)
  • Enable spanning tree protocol with either RSTP or portfast
    enabled. Spanning Tree Protocol (STP) is a network protocol that makes sure of a loop-free topology for any bridged LAN
  • Configure jumbo frames end-to-end. 9000 rather than 1500 MTU
  • Ensure Ethernet switches have the proper amount of port
    buffers and other internals to support iSCSI and NFS traffic
    optimally
  • Use Link Aggregation for NFS
  • Maximum of 2 TCP sessions per Datastore for NFS (1 Control Session and 1 Data Session)
  • Ensure that each HBA is zoned correctly to both SPs if using FC
  • Create RAID LUNs according to the Applications vendors recommendation
  • Use Tiered storage to separate High Performance VMs from Lower performing VMs
  • Choose Virtual Disk formats as required. Eager Zeroed, Thick and Thin etc
  • Choose RDMs or VMFS formatted Datastores dependent on supportability and Aplication vendor and virtualisation vendor recommendation
  • Utilise VAAI (vStorage APIs for Array Integration) Supported by vSphere 5
  • No more than 15 VMs per Datastore
  • Extents are not generally recommended
  • Use De-duplication if you have the option. This will manage storage and maintain one copy of a file on the system
  • Choose the fastest storage ethernet or FC adaptor (Dependent on cost/budget etc)
  • Enable Storage I/O Control
  • VMware highly recommend that customers implement “single-initiator, multiple storage target” zones. This design offers an ideal balance of simplicity and availability with FC and FCoE deployments.
  • Whenever possible, it is recommended that you configure storage networks as a single network that does not route. This model helps to make sure of performance and provides a layer of data security.
  • Each VM creates a swap or pagefile that is typically 1.5 to 2 times the size of the amount of memory configured for each VM. Because this data is transient in nature, we can save a fair amount of storage and/or bandwidth capacity by removing this data from the datastore, which contains the production data. In order to accomplish this design, the VM’s swap or pagefile must be relocated to a second virtual disk stored in a separate datastore
  • It is the recommendation of NetApp, VMware, other storage vendors, and VMware partners that the partitions of VMs and the partitions of VMFS datastores are to be aligned to the blocks of the underlying storage array. You can find more information around VMFS and GOS file system alignment in the following documents from various vendors
  • Failure to align the file systems results in a significant increase in storage array I/O in order to meet the I/O requirements of the hosted VMs

vCenter Server Storage Filters

January 10, 2013 Objective 1 Storage No comments

filter_data

What are the vCenter Server Storage Filters?

They are filters provided by vCenter to help avoid device corruption or performance issues which could arise as a result of using an unsupported storage device.

Storage Filter Chart

filter

How to access the Storage Filters

If you want to change the filter behaviour, please do the following

  • Log into the vSphere client
  • Select Administration > vCenter Server Settings
  • Select Advanced Settings
  • In the Key box, type the key you want to change
  • To disable the key, type False
  • Click Add
  • Click OK
  • Note the pic below is from vSphere 4.1

advsettings

Determine appropriate RAID levels for various Virtual Machine workloads

January 10, 2013 Objective 1 Storage No comments

storage

Choosing a RAID level for a particular machine workload relies on the consideration of a lot of different factors if you want your machine/machines to run at their maximum potential and with Best Practices in mind

Other factors

  • Manufacturers Disk IOPs values
  • Type of Disk. E.g SATA, SAS, NSATA, SSD and FC
  • Speed of Disk. E.g 15K or 10K RPM etc
  • To ensure a stable and consistent I/O response, maximize the number of VM storage disks available. This strategy enables you to spread disk reads and writes across multiple disks at once, which reduces the strain on a smaller number of drives and allows for greater throughput and response times.
  • Controller and transport speeds affect VM performance
  • Disk Cost.
  • Some vendors have their own proprietary RAID Level. E.g Netapp RAID DP
  • The RAID level you choose for your LUN configuration can further optimize VM performance. But there’s a cost-vs-functionality component to consider. RAID 0+1 and 1+0 will give you the best virtual machine performance but will come at a higher cost, because they utilize only  50% of all allocated disks
  • RAID 5 will give you more storage for your money, but it requires you to write parity bits across drives. However slower SANs or local VM storage can create a resource deficit which can create bottlenecks
  • Cache Sizes
  • Connectivity. E.g. ISCSI, FC or FCOE. Fibre Channel and iSCSI are the most common transports and within these transports, there are different speeds. E.g. 1/10 GB iSCSI and 4/8 GB FC
  • Thin provisioning. This will take up less space on the SAN but create extra I/O utilisation due to the zeroing of blocks on write
  • De-deuplication. This does not necessarily improve storage performance but it stops duplicate data on storage which can save a great deal of money
  • Predictive Scheme. Create several LUNs with varying storage characteristics
  • Adaptive Scheme. Create large datastores and place VMs on and monitor performance

Please see the following links for general information on RAID and IOPS

http://www.electricmonk.org.uk/2013/01/03/raid-levels/

http://www.electricmonk.org.uk/2012/01/30/iops/