Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
安全网管技术 PowerPoint Presentation
Download Presentation
安全网管技术

安全网管技术

223 Views Download Presentation
Download Presentation

安全网管技术

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. 安全网管技术 张焕杰 中国科学技术大学网络信息中心 james@ustc.edu.cn http://202.38.64.40/~james/nms Tel: 3601897(O)

  2. 第5章 数据安全与存储技术介绍(2) • 本章主要内容 • 数据完整性简介 • 容错与网络冗余 • 网络备份系统 • 存储技术介绍

  3. 参考资料 • 机械出版社 SAN存储区域网络(2) • HP公司培训资料

  4. 存储技术介绍 • 3个功能元素 • 连接 wiring • 将存储和主机连接的技术 • 存储 stroing • 稳定的、非易失的、可靠的保存数据 • 文件组织 filing • 组织存储数据的智能过程 • 目的:以尽量低的代价,提供对数据24X7操作的可靠性和保护。

  5. 从操作系统层面 • 存储系统提供连续的磁盘块 • OS的卷管理器(Volume Manager)组合这些物理设备,对上层提供连续的磁盘块 • 卷管理器可以提供对多个物理设备连接、镜象、Soft RAID等功能 • 文件组织在Volume Manager上存放数据信息

  6. 文件组织 • 下层提供连续的磁盘块,保证这些磁盘块是稳定、非易失、可靠的 • 文件组织在连续的磁盘块上存储数据 • 数据库系统 • 为了适应数据库系统的操作,数据库系统可以直接管理磁盘块 • 文件系统 • FAT、NTFS、UNIX类(I-node)

  7. HP Online JFS • Maximizes System Availability • fast fsck (intent log) • Online defragmentation of directories and files • Online resizing of file systems • Online backup of file systems (snapshot) • Improves Performance • Extent-based allocation • Cache, buffer and allocation management • File alignment, file space preallocation/reservation • Simplifies Administration • Support for greater than 2 gigabyte files • Dynamic inode allocation • Guaranteed UNIX semantics

  8. Defragmentation, Optimizing, Reorganizing Allocation Unit Administration Information Inode Inode Inode directory Extent (contiguous area of data blocks) file 1 file 2 Free extent file 1

  9. Resizing logical volume needed space n megabyte Increasing JFS file system: JFS JFS Increase Increase logical JFS file system volume freed space n megabyte Reducing JFS file system: JFS JFS Reduce Reduce JFS file logical system volume a60217

  10. Process writes data / 1 Buffer Cache home/ /snap 3 modified block copy of original 2 original block block original file system to back up snapshot file system Online Backup via Snapshot

  11. Performing a Snapshot Backup 1. Create a snapshot: /org_vol /aux_vol /aux_dir # mount -F vxfs -o snapof= / org_vol file system, which has to be backed up / aux_vol logical volume/disk for snapshot (without file system) / aux_dir auxiliary directory for mounting the snapshot 2. Back up from snapshot file system: aux_dir # cd / # tar cvf /dev/rmt/0m . 3. Unmount the snapshot: aux_dir # umount /

  12. pkgB pkgA Introducing MC/ServiceGuard System B System A pkgA root root pkgB hub

  13. pkgB pkgA High Availability with MC/ServiceGuard System B System A pkgA root root pkgB hub

  14. pkgA pkgB pkgC Service Processes: App_Process_1 App_Process_2 Middleware_1 Middleware_2 Volume Groups: /dev/vg01 /dev/vg02 IP Address: 156.152.194.134 MC/ServiceGuard Packages • Simple, flexible • Packages group all the resources for an applications, including:- volume group - IP address - service process • Packages are the entities that are managed and moved within a cluster environment

  15. pkgA pkgB pkgC pkgE pkgF pkgG pkgH pkgI pkgJ pkgA pkgB pkgC Redistributing Application Packages • Balancing workload after a node failure • Minimizes impact on remaining nodes If Node 1 fails...

  16. I A G I G E J H C B J F H E D C A B Minimizing Planned Downtime • Move packages to alternate nodes • Perform hardware or softwareupgrades, maintenance • Move packages back Backward compatibility: - OS - MC/ServiceGuard Upgrade from HP-UX 10.20 to HP-UX 11.00 HP-UX 10.20 Upgrade from HP-UX 10.20 to HP-UX 11.00 HP-UX 11i HP-UX 10.20 HP-UX 10.20 HP-UX 10.20 HP-UX 10.20

  17. 现在的存储系统 Clients NAS DAS SAN

  18. What Is A SAN? Storage Area Network A solution not just a technology A high-speed data storage network which helps to exploit the value of a business’s information A system technology that provides any-to-any interconnection of server and storage elements organised and controlled by appropriate system software.

  19. In The Beginning Standalone Computer User Interface Processing Data-Centric or Compute-Centric Data Storage

  20. The Enterprisewas Created Sales Department Personnel Department Operations Department Finance Department LAN LAN LAN LAN

  21. Paradigm ShiftAND Evolutionary Process LAN SAN Storage User Interface Processing

  22. Servers are BecomingPeripherals $50 $40 Server $30 $Billions $20 Storage $10 $0 1998 1999 2000 2001 2002 Source - Dataquest Annual Server/Storage Hardware Revenue Relationship

  23. Enabling Forces Computing Power – Doubling every 18 months Storage Capacity – Doubling every 12 months Optical Networks Speed – Doubling every 8-9 months Yr1 Qtr1 Yr1 Qtr2 Yr1 Qtr3 Yr1 Qtr4 Yr2 Qtr1 Yr2 Qtr2 Yr2 Qtr3 Yr2 Qtr4 Source - SNIA What is enabling the increase in networked storage?

  24. Is This a SAN? JBOD Beware of Marketechture! Tape System Server Bridge Fibre Channel Fabric Hub A SAN is more than just high Speed interconnections Array

  25. The SAN Jigsaw Storage Devices High Speed Connectivity Storage Devices High Speed Connectivity SAN System Management SAN Device Management SAN System Management SAN Device Management A SAN is not just a set of interconnected Storage devices, it requires all the elements to be in place to be fully functional and capable of delivering to the User A SAN is made up of: • Storage Devices • High Speed Connectivity • SAN Device Management • SAN System Management

  26. Storage Devices Storage Devices • RAID Storage • JBOD Storage • Backup Storage

  27. Storage Devices - JBOD Loop Backup Loop (Just a Bunch Of Disks)

  28. Storage Devices – RAID Switch Switch Fibre Channel Connection Fibre Channel Connection RaidController RaidController FC LoopDisks SCSIDisks Fibre Channel Connection but not part of SAN Fabric

  29. Storage Devices - Tape BackupWorkstation Tape Subsystem Fabric Switch FC-SCSI Bridge Server Disk Arrays

  30. High Speed Connectivity High Speed Connectivity • Fibre Channel? • ESCON? • Ficon? • Gigabit Ethernet? • SoIP? • iSCSI • iFCP

  31. Parallel Bus Basics Computer Buses, both internal (e.g. PCI) and external (e.g. SCSI) have to deal with a particular problem. They have to keep the data bits across the connectors in line so that they all arrive together, within a very tight time period The further the information moves down a parallel bus the more the minute differences between individual connections come into play and the original data starts to scatter (skew) becoming corrupt and unusable. This skew effect limits the distance over which high speed, parallel bus connections can be used

  32. Parallel Bus Basics To meet the demand for faster and faster data transfer, the parallel bus approach has been to double or quadruple the connections and speed up the clock rate. Extra connections mean that there is more opportunity for the individual signals to get out of time with each other. Faster signalling speed means that there are tighter time windows in which a signal must arrive. This effect means that as the speeds increase, parallel buses need more expensive circuitry and the length of the bus reduces dramatically

  33. SCSI Multidrop Bus Topology SCSI Initiator (Host Bus Adaptor) Data/Address Bus Control Signals Interface Interface Interface SCSI Disk Drive SCSI Disk Drive SCSI Disk Drive • Bandwidth ranges from 5MB/s to 320MB/s • Supports up to 4, 8 or 16 devices attached to the bus • Speed is FAST, ULTRA, ULTRA2 or ULTRA3 • Data/Address bus is 8 bit or 16 bit (WIDE) plus parity • Interface is Single Ended (SE), 5volt (HVD) or 3volt (LVD) • Maximum distance is from 1.5 metres to 25 meters depending upon implementation

  34. 25 Metres 12 Metres SCSI Bus Limitations At fairly low speeds (10 to 20 MB/sec) the SCSI parallel bus is capable of operating over a total cable length of 25 metres (Fast and Wide SCSI) At the higher speeds required today (80 to 160 MB/sec) and using some expensive circuitry, this distance has been reduced to 12 metre TOTAL length (Wide Ultra 3 SCSI) SCSI busses are limited by the maximum number of devices that can be connected together on the cable. (4, 8 or 16 devices)

  35. ATA/IDE接口 • ATA/IDE接口 • UDMA 133MB • 单设备性能高,价格低,适合桌面应用 • 缺点 • 不支持重叠操作(overlapped),不适应多任务系统

  36. Escon System Channel Channel Escon Director Escon Director Escon Director Control Unit Control Unit Control Unit • Introduced in 1989 by IBM • Dominant in mainframe and enterprise computing environments • Combines fast block multiplex channel interface with high speed optical fiber • Serialization of IBM Bus and Tag communications methods • Not scaleable • Now being implemented using native Fibre Channel protocol - Ficon

  37. Serial architecture can use copper or optical fiber Reduces cost and complexity of link cabling Long links because clock and data in same signal Easily scaled for higher link rates Fibre Channel, Infiniband and Gigabit Ethernet are designed to use the same basic physical components and signalling techniques. GBE optical connections share physical protocols with FC and IB GBE Copper connections use different physical protocols Serial Architecture Benefits

  38. FC-VI FC-AV FC-VI FC-AV FC-AE Ficon FC-AE Ficon Native Protocols Native Protocols Information Transfer 0 0 1 0 1 0 1 0 0 1 1 0 0 1 SCSI-3 SCSI-3 SCSI - FCP SCSI - FCP FC-4 Protocol Mapping Layer FC-4 Protocol Mapping Layer FC-3 FC-3 Common Services Common Services FC-2 FC-2 Framing Protocol / Flow Control Framing Protocol / Flow Control FC-1 FC-1 Encode / Decode Encode / Decode FC-0 FC-0 Physical Layer Physical Layer

  39. Fibre Channel Bringing Together the Best of Bus and Network Architecture Fibre Channel • Reliable Transfers • Low Latency • High Data Integrity • High Data Rates • Long Distance • High Connectivity

  40. Fibre ChannelPerformance Specifications • Up to 16 million potential addresses • Full duplex, serial • 100 Mbytes and 200 Mbytes in each direction • Optical and/or copper • Can communicate all information types concurrently

  41. Busses and Networks Bus/Channel Network • Hardware Reliable Transfer • High Speed • Low Latency • Short Distance • High cable and connector costs • Software Reliable Transfers • High Connectivity Nos. • High Latency • Long Distance

  42. Network Performance Throughput (MB/s) CPU Utilization (%) 100 100 90 90 80 80 70 70 Fibre Channel Fibre Channel 60 60 50 50 TCP/IP TCP/IP 40 40 30 30 20 20 10 10 0 0 2 4 8 16 32 2 4 8 16 32 Block Size (KB) Block Size (KB) 450 MHz Pentium-II Source: IBM Corporation, 2000

  43. Fibre Channel Topologies Point-to-Point Switched Fabric Arbitrated Loop

  44. SCSI, IP etc. SCSI, IP etc. Node N_Port Node N_Port Point-to-Point Topology Fibre Channel Fibre Channel

  45. Fabric F_Port Switch Fibre Channel E_Port E_Port Fibre Channel Fibre Channel Fibre Channel Fibre Channel Fibre Channel Fibre Channel Fibre Channel Fibre Channel Fabric Switch Up to 16 million Port Addresses in one Fabric Potential Bottleneck SCSI, IP etc. Node N_Port F_Port Fabric Switch Node N_Port F_Port N_Port Node F_Port SCSI, IP etc. Node N_Port F_Port F_Port N_Port Node SCSI, IP etc.

  46. FL_Port NL_Port Node on a Loop NL_Port Node Switch FL_Port Switched Fabric to Loop Interconnection Arbitrated Loop NL_Port Node NL_Port NL_Port Node Node Up to 126 NL_Ports and 1 FL_Port on each loop

  47. FC-AL HUBS Basic Loop NL_Port C Fibre Channel Arbitrated Loop Hub FL_Port NL_Port B NL_Port A FL_Port D Fibre Channel Switch

  48. Loops & Switches FL_Port Node NL_Port Node N_Port F_Port Fabric Switch Node N_Port F_Port Node F_Port NL_Port Node N_Port F_Port F_Port

  49. Switch TopologyGeneric Model Node Node Node Node Node Node Node Node Fabric EnvironmentAppears as a single entity to nodesConsists of one or more fabric elementsProvides a homogenous addressing space Fabric Transparency to nodesFabric TopologyRouting path selectionInternal structure

  50. Fibre ChannelPort Terminology Single Fabric N_Port NL_Port N_Port F_Port F_Port FL_Port E_Port B_Port E_Port E_Port NL_Port F_Port F_Port N_Port N_Port NL_Port N_Port N_Port Node Node Node WAN WAN Bridge Fabric Element LoopTopology Fabric Element Node S_Port Node Node Node Point to Point Port - generic Fibre Channel Port N_Port - port on Node F_Port - port on Fabric E_Port - port on Fabric Interswitch Link S_Port - Service Port inside Fabric B_Port - Bridge Port to WAN NL_Port - port on FC_AL FL_Port - port on FC_AL Note: May have Multiple Ports per node