This Silverton Consulting (SCI) Storage Intelligence (StorInt™) Dispatch provides a summary of Cisco’s recent SAN OS3.2 announcement that introduces new fabric functionality Storage Media Encryption (SME), Data Mobility Manager (DMM), and N-Port Virtualizer (NPV) as well as new hardware the MDS 9222i a new version of their 9216i multi-service modular switch, the MDS 18/4-Port multiservice module, and the MDS 9134 multi-layer fabric switch a new version of the MDS 9124.
Fabric functionality franchise
In an affront to all the security and storage virtualization appliances Cisco announces support for encryption and data migration as part of the fabric. The debate on where data migration functionality should reside (fabric, separate appliance, or storage subsystem) has been going on for over 2 years now. Cisco is adding fuel and encryption to this fire.
In this debate, to Cisco’s credit, fabric based migration and encryption can easily handle heterogeneous storage subsystems, can make better use of your current investment in fabric hardware, may provide a more redundant solution than a single point product can provide, and Cisco is not the first to offer fabric level functionality.
To the oppositions benefit, non-fabric solutions have historically touted heterogeneous storage support, Cisco did not announce pricing so the TCO of the various solutions is hard to analyze, the current products are available in redundant, high availability configurations, the current products have been out much longer, and finally, the current products support much more functionality.
Nonetheless, a case can be made that some of the functionality provided by current products is overkill, the install base of Cisco switches is much larger than most of the appliance solutions, and as the migration option appears to be software, pricing can be one of Cisco’s competitive advantages. So, where this debate ends up is mostly a function of market adoption and its not too late to have another option on the table
As far as where the functionality should really reside there is no clear winner. Yes additional hardware for the other solutions costs additional money but there are other solutions in the storage subsystem and the fabric that can negate this advantage. Regarding performance impacts of fabric vs. appliance vs. storage subsystem the only thing that can be said is that performance of the overall storage network must be retained and any of these solutions can adhere to that. TCO issues are mostly driven by the market and the aspirations of the vendors touting their solutions so is hard to nail down.
Storage Media Encryption (SME)
Cisco is introducing SAN based encryption to provide for heterogeneous disk and tape device encryption. It can be configured to encrypt all traffic from one VSAN to another VSAN thus allowing it to select a single port to all the ports in a VSAN. SME comes with the MDS 9222i and MDS 18/4. MDS 18/4 can be installed in MDS 9126i/A, MDS 9506, MDS 9509, or MDS 9513 and can provide encryption to any port in the director. Each MDS 9222i or MDS 18/4 can sustain encryption throughput of up to 10Gbps/s.
There are a number of point products for tape drive encryption on the market. A few encryption appliances that can encrypt all traffic in or out. But this is the first encryption capability in the fabric itself. .
Full 10G encryption should suffice for today’s tape drives, but by doing encryption in the fabric we negate the tape drive compression and the VTL de-duplication functionality that is emerging. Nonetheless, SME can provide significant advantage to customers not using these features.
Data Mobility Manager (DMM)
Cisco is introducing DMM throughout their SAN-OS family of products. Essentially they offer a LUN to LUN migration capability with QoS constrained operations. Migration can take place while the source LUN is accessed/updated and the target LUN will be synched up with the source before migration completes. Also they support Secure Erase of the source data. Multiple LUNs can also be migrated concurrently. Migration is used for technology change out, workload balancing, and storage consolidation. Migration can be done between unequal sized LUNs as long as the target is bigger than the source. Migration can be done across fabrics. Finally migration only moves data up to the switch and back down not using host connections or server cycles.
N-Port Virtualization (NPV)
In order to simplify management of the proliferation of blade servers Cisco offers NPV. This allows all the ports from a blade switch to be managed as a single port. This helps simplify blade switch deployment by reducing the number of Domain Ids, minimizing interoperability issues with Core SAN switches, and minimizing Server and SAN admin coordination. Cisco also intends to broaden NPV to support port channel and other features over time.
MDS 9222i Multiservice Modular Switch & MDS 18/4-Port Multiservice Module
As discussed above SME is being rolled out with MDS 9222i and MDS 18/4-Port hardware. The MDS 18/4-Port module is a blade version of the MDS 9222i. This hardware supports FC, FICON, FCIP, and iSCSI with 18X4Gbps ports and 4X1Gbps Ethernet ports with SAN routing on each port. This is the first 4Gbps support for this equipment and also includes HW based IPsec&FCIP compression as well as FCIP Disk and Tape I/O acceleration support
MDS 9134 Multilayer Fabric Switch
Cisco has introduced another version of their fabric switch the MDS 9134, suitable for standalone applications as well as enterprise core-edge scenarios. 2-MDS 9134s can be stacked to support up to 64-4Gbps ports. The MDS 9134 has 2-10Gbps FC ports for inter –switch links. Also it comes with On-demand ports with 24 base 4Gbps ports with an 8-port extension and the 2-10G ports can also be licensed.
Cisco is throwing down the gauntlet by offering services in the fabric. It makes sense if you are a fabric vendor to move functionality to the fabric but there is much debate as to where the functionality should truly reside and the market is the place to answer this question definitively.
As for the hardware announcements, the hardware encryption engine combined with the multiservice modules is a good idea and one that can be expanded over time. The other hardware announcements are consistent with the march of technology over time.
A PDF version of this can be found at:Cisco 2007 July 24 SAN OS3.2 announcement