Many IT departments have consolidated their data centers and SANs, achieving great efficiencies along the way. Large enterprises with consolidated SANs have hundreds or thousands of servers running business applications interconnecting through a common network fabric, making the network fabric an ideal nexus from which to deploy solutions such as SAN extension, acceleration, and encryption of data. The Cisco® MDS 9000 16-Port Storage Services Node provides a high-performance, flexible, unified platform for deploying enterprise-class disaster recovery, business continuance, and intelligent fabric applications (Figure 1).
The Cisco MDS 9000 16-Port Storage Services Node hosts four independent service engines, which can each be individually and incrementally enabled to scale as business requirements change, or be configured to run separate applications. Based on the single service engine in the Cisco MDS 9000 18/4-Port Multiservice Module, this four-to-one consolidation delivers dramatic hardware savings and frees valuable slots in the Cisco MDS 9500 Series Multilayer Directors chassis.
The Cisco MDS 9000 16-Port Storage Services Node integrates transparently into the Cisco MDS 9500 Series Multilayer Directors and the Cisco MDS 9222i Multiservice Modular Switch. Each of the four service engines supports 4 Gigabit Ethernet IP storage services ports, for a total of 16 ports of Fibre Channel over IP (FCIP) connectivity. Traffic can be switched between an IP port and any Fibre Channel port on a Cisco MDS 9000 Family switch. The Cisco MDS 9000 16-Port Storage Services Node supports the full range of services available on other Cisco MDS 9000 Family Fibre Channel switching modules, including virtual SANs (VSANs), security, and traffic management.
The Cisco MDS 9000 16-Port Storage Services Node uses Cisco expertise and knowledge of IP networks to deliver outstanding SAN extension performance, reducing latency for disk and tape with FCIP acceleration features, including FCIP write acceleration and FCIP tape write and read acceleration. Hardware-based encryption helps secure sensitive traffic with IP Security (IPsec), and hardware-based compression dramatically enhances performance for both high- and low-speed links, enabling immediate cost savings in expensive WAN infrastructure. Multiple Gigabit Ethernet ports within a single engine or across service engines can be grouped into a PortChannel of up to 16 links for high availability and increased aggregate throughput. PortChannels can also be enabled for FCIP tape read and write acceleration by running the optional Cisco MDS 9000 I/O Accelerator (IOA) Package on a service engine anywhere in the fabric.
In the IBM System z mainframe environment, the Cisco MDS 9000 16-Port Storage Services Node provides high-density Integrated Channel Extension capabilities, such as the acceleration of FICON read and write traffic for virtual and physical tape (sometimes referred to tape pipelining). Updates for IBM's z/OS Global Mirror, still commonly known as XRC, can also be accelerated across a WAN using Cisco's XRC Acceleration feature. All of these capabilities utilize the same hardware-based data compression and IPsec encryption as the open systems solutions described above. The Cisco MDS 9000 16-Port Storage Services Node is especially well suited to maximize channel extension bandwidth in valuable MDS 9500 Series director slots. FICON and open systems traffic can run on the same service engine, and even on the same GbE port, though they must use separate FCIP tunnels and VSANs.
Natively integrating support for intelligent fabric applications, the Cisco MDS 9000 16-Port Storage Services Node provides a platform for distributed fabric services such as Cisco Storage Media Encryption (SME), which encrypts data at rest on heterogeneous disk arrays, tape drives, and virtual tape libraries (VTLs), and the Cisco MDS 9000 IOA feature, which provides acceleration and compression for backup and replication applications. These advanced functions are available to any device connected to the fabric, facilitating ease of deployment, scalability, and high availability through clustering.
Main Features and Benefits
The Cisco MDS 9000 16-Port Storage Services Node is designed for mission-critical enterprise storage networks that require secure, robust, cost-effective business-continuance services. The Cisco MDS 9000 16-Port Storage Services Node offers the following main features:
• FCIP for remote SAN extension:
– Simplifies data-protection and business-continuance strategies by enabling backup, remote replication, and other disaster-recovery services over WAN distances using open standards FCIP tunneling.
– Optimizes utilization of WAN resources for backup and replication by enabling hardware-based compression, hardware-based encryption, XRC Acceleration for IBM System z-based replication, FCIP write acceleration, and tape read and write acceleration for both FCIP and FICON over IP. Up to 48 virtual Inter-Switch Link (ISL) connections are provided on the 16-Gigabit Ethernet ports through tunneling.
– Preserves Cisco MDS 9000 Family enhanced capabilities, including VSANs, advanced traffic management, and security, across remote connections.
• Cisco IOA
– Optimizes utilization of metropolitan area network (MAN) resources for backup and replication by enabling hardware-based compression, Fibre Channel write acceleration, and Fibre Channel tape read and write acceleration.
– Through transport- and speed-independent implementation, provides a unified solution for 1-, 2-, 4-, 8-, and 10-Gbps links over MANs and WANs.
– With transparent insertion of the Cisco IOA service, requires no fabric reconfiguration or rewiring.
– Enables port channels for FCIP tape acceleration to provide high availability and resiliency.
– Provides a high availability, resilient, and scalable environment with PortChannels, service clustering, and Lightweight Reliable Transport Protocol (LRTP).
• Cisco SME
– Secures data stored on heterogeneous disk arrays, tape drives, and VTLs in a SAN environment using secure Advanced Encryption Standard (AES) 256-bit algorithms. Protects against data breaches from lost or stolen tapes, and allows replacement of failed disk drives or retirement of old storage arrays without leakage of sensitive data.
– Enables scaling of Cisco SME performance, throughput, and availability by enabling and clustering additional service engines on Cisco MDS 9000 16-Port Storage Services Nodes, MDS 9000 18/4-Port Multiservice Modules, and MDS 9222i Multiservice Modular Switches.
• Integrated IP storage services in a high-density form factor: The module supports 16 Gigabit Ethernet ports for FCIP. Individual ports can be configured with hot-swappable shortwave and longwave Small Form-Factor Pluggables (SFPs) for connectivity up to 200 kilometers.
• Integrated hardware-based VSANs and Inter-VSAN Routing (IVR): The module enables deployment of large-scale multisite and heterogeneous SAN topologies. Integration into port-level hardware allows any port in a system or fabric to be partitioned into any VSAN. Integrated hardware-based IVR provides line-rate routing between any ports in a system or fabric without the need for external routing appliances.
• Intelligent network services: The module uses VSAN technology for hardware-enforced, isolated environments in a single physical fabric, access control lists (ACLs) for hardware-based intelligent frame processing, and advanced traffic management features such as fabricwide quality of service (QoS) to facilitate migration from SAN islands to enterprise-wide storage networks.
• Sophisticated diagnostics: The module provides intelligent diagnostics, protocol decoding, and network analysis tools as well as integrated Call Home capability for added reliability, faster problem resolution, and reduced service costs.
• Comprehensive network security framework: The module supports RADIUS and TACACS+, Fibre Channel Security Protocol (FC-SP), Secure File Transfer Protocol (SFTP), Secure Shell (SSH) Protocol, and Simple Network Management Protocol Version 3 (SNMPv3) implementing the AES, VSANs, hardware-enforced zoning, ACLs, and per-VSAN role-based access control (RBAC). RBAC provides separate control over management functions and access on a per-VSAN basis, enabling separation of duties among administrators on the same physical switch. Gigabit Ethernet ports support IPsec authentication, data integrity, and hardware-assisted data encryption.
• IP Version 6 (IPv6) support: The module supports IPv6 as mandated by the U.S. Department of Defense (DoD), Japan, and China. IPv6 support is provided for FCIP and for management traffic routed in band and out of band.
Integrated FCIP for Remote SAN and Mainframe Channel Extension
Data-distribution, data-protection, and business-continuance services are significant components of today's information-centered businesses. The capability to efficiently replicate critical data on a global scale helps ensure a higher level of data protection for valuable corporate information, and it also increases utilization of backup resources and lowers total cost of storage ownership. The Cisco MDS 9000 16-Port Storage Services Node uses the open standards FCIP protocol to extend the distance of current Fibre Channel and FICON solutions, enabling interconnection of SAN islands over extended distances.
Advanced SAN Extension Features
The Cisco MDS 9000 16-Port Storage Services Node supports hardware-based FCIP compression to increase the effective WAN bandwidth of SAN extension solutions. The module can deliver up to a 40:1 compression ratio, with typical ratios of 4:1 or 5:1 over a wide variety of data sources.
The Cisco MDS 9000 16-Port Storage Services Node supports IPsec encryption for secure transmission of sensitive data over extended distances. Hardware enablement of IPsec helps ensure line-rate throughput. Together, hardware-based compression and hardware-based encryption provide a high-performance, highly secure SAN extension capability.
Additionally, the Cisco MDS 9000 16-Port Storage Services Node supports FCIP write acceleration, a feature that can significantly improve application performance when storage traffic is extended across long distances. When FCIP write acceleration is enabled, WAN throughput is optimized by reducing the latency of command acknowledgments. XRC Acceleration is the equivalent feature for IBM's z/OS Global Mirror mainframe-based replication, accelerating the updates to reduce latency and maximize bandwidth utilization. Similarly, the module supports FCIP and FICON over IP tape acceleration, which significantly improves throughput over WAN links for remote tape backup and restore operations.
Cisco I/O Accelerator Feature
Replication and backup applications over MANs and WANs can benefit from Cisco IOA feature services such as Fibre Channel disk write acceleration (FCWA), Fibre Channel tape read and write acceleration, Fibre Channel data compression over MAN links, and PortChannels for FCIP tape acceleration.
Cisco Storage Media Encryption
Cisco SME offers solutions that enable companies to address PCI DSS 2.0 compliance or other legislative regulations such as HIPPA, etc. that require companies to store and protect data at rest for a specified number of years while publicly disclosing security breaches. Complementing features such as IP Security (IPsec) and Cisco TrustSec security that address data security while the data is in motion, Cisco SME addresses data security for data at rest. Cisco SME is a fabric-based service and thus is scalable and nondisruptive and supports heterogeneous disk, tape, server, and host bus adapter (HBA) and converged network adapter (CNA) environments.
• Cisco SME enables encryption of data for disk arrays, tape, and virtual tape.
• Cisco SME authenticates host access to encrypted devices for centralized security management and data management and recovery.
• Cisco SME compresses data written to tape and virtual tape before encrypting it.
• Cisco SME services employ clustering technology to create a highly available solution. The cryptographic cluster formed enhances reliability and availability, provides automated load balancing and failover capabilities, and simplifies provisioning as a single SAN fabric service rather than as individual switches or modules.
• The Cisco Key Management Center (KMC) provides comprehensive key management for Cisco SME, with support for single- and multiple-site deployments. Cisco KMC provides essential features such as key archival, secure export and import and translation for distribution, and key shredding.
• On each service engine, the Cisco SME license can be used for enabling encryption of either tape or disk. It is recommended that separate service engines be used for SME tape and disk services (these service engines can be on the same Cisco MDS 9000 16-Port Storage Services Node module).
Ideal for efficient, secure SAN consolidation, ANSI T11-standard VSANs enable more efficient storage network utilization by creating hardware-based isolated environments with a single physical SAN fabric or switch. Each VSAN can be zoned as a typical SAN and maintained with its own fabric services for added scalability and resilience. VSANs allow the cost of SAN infrastructure to be shared among more users, while helping ensure segregation of traffic and retaining independent control of configuration on a VSAN-by-VSAN basis.
Integrated SAN Routing
In another step toward deployment of efficient, cost-effective, consolidated storage networks, the Cisco MDS 9000 16-Port Storage Services Node supports IVR, the industry's first and most efficient routing function for Fibre Channel. IVR allows selective transfer of data between specific initiators and targets on different VSANs while maintaining isolation of control traffic within each VSAN. With IVR, data can transit VSAN boundaries while maintaining control plane isolation, thereby maintaining fabric stability and availability. IVR eliminates the need for external routing appliances, greatly increasing routing scalability while delivering line-rate routing performance, simplifying management, and eliminating the challenges associated with maintaining separate systems. IVR lowers total cost of SAN ownership.
Advanced Traffic Management
The advanced traffic management capabilities integrated into the Cisco MDS 9000 16-Port Storage Services Node simplify deployment and optimization of large-scale fabrics.
• Virtual output queuing: Helps ensure line-rate performance on each port, independent of traffic pattern, by eliminating head-of-line blocking
• PortChannels: Allow users to aggregate up to 16 physical ISLs into a single logical bundle, providing optimized bandwidth utilization across all links; the bundle can consist of any speed-matched ports from any module in the chassis, helping ensure that the bundle can remain active even in the event of a module failure
• Fabric Shortest Path First (FSPF)-based multipathing: Provides the intelligence to load balance across up to 16 equal-cost paths and, in the event of a switch failure, dynamically reroute traffic
• QoS: Can be used to manage bandwidth and control latency, to prioritize critical traffic
Advanced Diagnostics and Troubleshooting Tools
Management of large-scale storage networks requires proactive diagnostics, tools to verify connectivity and route latency, and mechanisms for capturing and analyzing traffic. The Cisco MDS 9000 Family integrates the industry's most advanced analysis and diagnostic tools. Power-on self-test (POST) and online diagnostics provide proactive health monitoring. The Cisco MDS 9000 16-Port Storage Services Node implements diagnostic capabilities such as Fibre Channel Traceroute to detail the exact path and timing of flows and Switched Port Analyzer (SPAN) to intelligently capture network traffic. After traffic has been captured, it can be analyzed with the Cisco Fabric Analyzer, an embedded Fibre Channel analyzer. Comprehensive port-based and flow-based statistics facilitate sophisticated performance analysis and service-level agreement (SLA) accounting. With the Cisco MDS 9000 Family, Cisco delivers a comprehensive toolset for troubleshooting and analysis of storage networks.
Comprehensive Solution for Robust Network Security
Addressing the need for fail-proof security in storage networks, the Cisco MDS 9000 16-Port Storage Services Node offers an extensive security framework to protect highly sensitive data moving in today's enterprise networks. The module employs intelligent frame inspection at the port level, including the application of ACLs for hardware enforcement of zones, VSANs, and advanced port security features.
• Extended zoning capabilities restrict broadcasts to only the selected zones (broadcast zones)
• VSANs are used to achieve higher security and greater stability by providing complete isolation among devices that are connected to the same physical SAN
• FC-SP provides switch-switch and host-switch Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) authentication supporting RADIUS and TACACS+, to help ensure that only authorized devices can access protected storage networks
• For FCIP deployments, the comprehensive IPsec protocol suite delivers secure authentication, data integrity, and hardware-based encryption
Table 1 lists the product specifications for the Cisco MDS 9000 16-Port Storage Services Node.
Table 1. Product Specifications
Cisco MDS 9000 Family
Cisco MDS 9000 NX-OS Software Release 4.2(1) or later
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.
For More Information
For more information about the Cisco MDS 9000 16-Port Storage Services Node, visit http://www.cisco.com/go/storage or contact your local account representative.