redp4496

8/3/2019 redp4496

1/42

Copyright IBM Corp. 2009. All rights reserved. ibm.com/redbooks 1

Redpaper

IBM System Storage N series and

Microsoft Windows Server 2008 Hyper-V

Introduction

This IBM Redpaper publication walks you through the steps required to set up Microsoft

Windows 2008 Hyper-V and failover clustering on IBM System Storage N series. Thisconfiguration merges the high availability and data protection features of IBM System Storage

N series with the virtualization and clustering features of Windows 2008.

Alex Osuna

William Luiz de Souza
http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/

8/3/2019 redp4496

2/42

2 IBM System Storage N series and Microsoft Windows Server 2008 Hyper-V

Overview

Virtual infrastructures are a fantastic solution to the challenges of a distributed serverarchitecture. In recent years, just about every company with an information systems

department has begun some form of consolidation and virtualization effort with the goal ofincreasing asset utilization while reducing management and infrastructure costs. The

virtualization marketplace is filled with solutions from just about every traditional vendor and abevy of startups. However, the native storage virtualization capabilities shipped with MicrosoftHyper-V do not provide the same benefits and hardware reductions as those seen in the

server space.

Many customers have experienced an increase in storage requirements after implementingtheir virtual infrastructure. The reasons for this increase are many, including but not limited to

a requirement for a shared storage platform, inefficiencies in the multiple layers of storagevirtualization, over provisioning, and challenges with backups that can lead to inefficient

disk-to-disk backup solutions.

This book demonstrates how integrating N series technologies in a virtual infrastructure cansolve the unique challenges inherent with Hyper-V deployments in the areas of storage

utilization, fault tolerance, and backups. With N series virtualized storage and datamanagement solutions, customers can make dramatic gains in these areas.

The Hyper-V role enables you to create a vir tualized server computing environment using atechnology that is part of the Windows Server 2008 operating system. This solution is

provided through Hyper-V. You can use a virtualized computing environment to improve theefficiency of your computing resources by utilizing more of your hardware resources.

The failover clustering feature enables you to create and manage failover clusters. A failovercluster is a group of independent computers that work together to increase the availability ofapplications and services. The clustered servers (called nodes) are connected by physical

cables and by software. If one of the cluster nodes fails, another node begins to provideservice (a process known as failover). Users experience a minimum of disruptions in service.

8/3/2019 redp4496

3/42

IBM System Storage N series and Microsoft Windows Server 2008 Hyper-V3

This book shows you how to use these two technologies together to make a virtual machinehighly available. You will do this by creating a simple two-node cluster and a virtual machine,

and then failing over the virtual machine from one node to the other (Figure 1 and Figure 2).

Figure 1 Scenario before failure

Figure 2 Scenario after failure

8/3/2019 redp4496

4/42


Requirements for testing Hyper-V and failover clustering

To test the Hyper-V role on a failover cluster with two nodes, you must have the minimumhardware, software, accounts, and network infrastructure described in the sections that follow.

Hardware requirements for Hyper-VHyper-V requires an x64-based processor, hardware-assisted virtualization, and hardwaredata execution protection. You can identify systems that support the x64 architecture andHyper-V by searching the Windows Server catalog for Hyper-V as an additional qualification.

The Windows Server catalog is available at the Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkId=111228

Hardware requirements for failover clusterThere are some requirements for the cluster service installation. The requirements are:

Administrative rights are necessary on each cluster node.

There should be enough disk space on the system drive and on the share device for

cluster service installation. The appropriate Network Interface Cards (NICs) drivers should be installed.

The NICs should have the proper TCP/IP configurations.

The file and print sharing for Microsoft networks should be installed on each node.

The nodes should have the same hardware and device drivers levels.

Each node should belong to the same Active Directory Domain.

The domain accounts should be the same on each cluster node.

A cluster must have a unique NetBIOS name.

You should use a Microsoft Windows version that allows cluster installation.

The system paging file should have enough space for performance. Analyze the system logs before and after the cluster service installation.

Before adding any new nodes, certify that the current ones are working perfectly.

You can use the Performance Monitor to troubleshoot virtual memory issues.

8/3/2019 redp4496

5/42


Figure 3 shows a typical cluster configuration.

Figure 3 Typical cluster configuration

Additional hardware-related information for the cluster service installation is listed below:

If you are using Fibre Channel Protocol (FCP), all shared drives should be attached to

each cluster node. If you are using Internet Small Computer System Interface (iSCSI), all share drives should

be mapped to each cluster node.

The NTFS file system should be used to format the shared disks.

The shared disk should be in basic mode.

The SCSI drivers and each adapter cannot use the same SCSI ID.

Each node should have a minimum of two NICs.

The storage host adapter for Small Computer System Interface (SCSI) or Fibre Channelshould be separated.

An external drive that has multiple redundant array of independent disks (RAID)

configured drives must be connected to the servers of the cluster. The N series storage system must belong to the same domain or Active Directory.

The cluster nodes must belong to the same domain.

Note: For further information regarding Microsoft Cluster Service requirements and otheruseful information see:

http://www.microsoft.com/windowsserver2003/technologies/clustering/resources.mspx

8/3/2019 redp4496

6/42


Disk layout

When you determine the disk storage layout, you evaluate the type of data to be stored andthe number of volumes that you want to create. For the quorum disk there is not too much to

design. However, when you have Microsoft Hyper-V there are several best practices toachieve high performance, manageability, and data protection.

Sizing

Before you install Microsoft Cluster Service, you must configure your N series storage systemso that the operating system and cluster service have two separate physical devices for

cluster usage. At a minimum, you must create at least one LUN for the quorum disk. The drivemust be formatted as NTFS.

Quorum configurationThe quorum resource plays a crucial role in the operation of the Microsoft Cluster. In every

Microsoft Cluster a single resource is designated as the quorum resource. A quorum

resource can be any resource with the following functionality: It offers a means of persistent arbitration. Persistent arbitration means that the quorum

resource must allow a single node to gain physical control of the node and defend itscontrol. For example, SCSI disks can use reserve and release commands for persistent

arbitration.

It provides physical storage that can be accessed by any node in the cluster. The quorum

resource stores data that is critical to recovery after there is a communication failurebetween cluster nodes.

We recommend that you configure the quorum disk size to be 500 MB. However, we use a1024 Mb partition for the quorum since this is the minimum N series LUN size. We also

recommend that you configure some form of fault tolerance at the N series hardware level tobe used for the quorum drive. The N series uses two types of RAID:

RAID-4 RAID-DP (Double Parity)

Note: We recommend RAID-DP for better protection. Refer to IBM System Storage N

series Implementation of RAID Double Parity for Data Protection, REDP-4169-00,forfurther information.

8/3/2019 redp4496

7/42


The quorum device in a cluster is used to ensure that there is only a single managementprocess for the cluster. This is intended to preventsplit-brain syndrome. Split-brain syndromeis where more than one node claims ownership of some critical resource.

The quorum resource belongs to only a single node of a cluster at a time. The first node to

create the cluster takes ownership of the quorum resource. Since the clusters described inthis document make use of a shared disk as the quorum resource, the way in which the nodetakes ownership and maintains ownership of the quorum resource is through SCSI

commands. When using a disk as a quorum resource, the drive must be a physical diskresource and not a partition, since changing ownership of the quorum involves moving the

entire resource to another cluster node. Both nodes can access the drive but not at the sametime (Figure 4).

Figure 4 Quorum access diagram

In a Microsoft cluster the first node in the cluster becomes the initial quorum owner. The

quorum owner issues a reserve request for the quorum disk, and so long as it continues to bethe quorum owner, it will continue to issue a reserve request every three seconds. Should thecluster enter a regroup event, the quorum owner will be forced to defend its ownership of the

quorum through a challenge/defense mechanism.

When a regroup event is initiated, all nodes issue a device or bus reset. This reset releases

the reservation held by the quorum owner. Once a non-owner has issued a reset request, itwaits 10 seconds before checking to see whether the quorum resource is available. If thequorum owner is functioning correctly, it regains its reservation (through its regularthree-second reservation request) and thus defends its ownership of the quorum resource.

Software requirements

The Microsoft Cluster build is a complex mix of hardware and software requirements and

configurations. There are some software requirements on the N series and Windows Serverportions. We cover these in the following sections.

Node 1 Node 2

IBM N series

Quorum

8/3/2019 redp4496

8/42


Software requirements for Hyper-V and failover clusteringThe following are the software requirements for testing Hyper-V and failover clustering:

Windows Server 2008 Enterprise or Windows Server 2008 Datacenter must be used forthe physical computers. These servers must run the same version of Windows Server

2008, including the same type of installation. That is, both servers must be either a fullinstallation or a server core installation. The instructions in this book assume that both

servers are running a full installation of Windows Server 2008.

If you do not want to install Windows Server 2008 Enterprise or Windows Server 2008Datacenter on the virtual machine, you will need the installation media for the operating

system. The instructions in this guide assume that you will install Windows Server 2008 onthe virtual machine.

Microsoft iSCSI software initiator

For companies that do not have an FCP infrastructure in place or for those that want toaccess storage using their Ethernet infrastructure and knowledge, iSCSI can be used as the

access protocol for communication between the Microsoft Cluster Server and IBM System

Storage N series storage system.

In case there are no iSCSI adapters on your planned environment, the iSCSI Initiator

software can be used to provide the same connectivity to the IBM System Storage N seriesstorage system. The use of multipaths is also recommended when using a hardware-based

or software-based iSCSI solution, as shown in Figure 5.

Figure 5 Multipathing configuration for Windows Server using iSCSI

In Figure 5 on page 8, there are two interfaces on the server (either iSCSI hardware-based orGigabit Ethernet cards) that connect to two different LAN switches. For performance and

8/3/2019 redp4496

9/42


reliability reasons, we recommend that the LAN segments and switches are other than thepublic ones.

The IBM System Storage N series storage system will have two of its adapters alsoconnected to both switches.

Assuming that all the infrastructure is already in place and working and that you are not using

HBA iSCSI-enabled adapters, Microsoft iSCSI Software Initiator must be installed on theserver. After installing and configuring it, SnapDrive should be installed and configured aswell so that the LUNs can be created.

SnapDrive software

The IBM System Storage N series SnapDrive feature provides a number of storage features

that enable you to manage the entire storage hierarchy, from the host-side application-visiblefile, down through the volume manager, to the storage-system-side logical unit numbers

providing the actual repository. In addition, it simplifies the backup of data and helps youdecrease the recovery time.

SnapDrive provides a layer of abstraction between an application running on the hostoperating system and the underlying IBM System Storage N series storage systems

(Figure 6). Applications that are running on a server with SnapDrive use virtual disks (orLUNs) on IBM System Storage N series storage systems as though they were locally

connected drives or mount points. This allows applications that require locally attachedstorage, and several others applications, to benefit from the N series technologies, includingSnapshot, flexible volumes, cloning, and space management technologies.

Figure 6 Example of a typical SnapDrive deployment

Note: Despite the fact that the LUNs can be created from the IBM System Storage Nseries storage system, the recommended procedure is to create the LUNs from the

Windows Server using SnapDrive.

8/3/2019 redp4496

10/42


SnapDrive includes all the necessary drivers and software to manage interfaces, protocols,storage, and Snapshot copies. Snapshot copies are nondisruptive to applications and

functions on execution. Snapshot backups can also be mirrored across LAN or wide areanetwork (WAN) links for centralized archiving and disaster recovery.

Benefits of SnapDrive

Most of todays enterprises use business-critical applications, and their storage managementteam faces a number of challenges. They must:

Support new business initiatives with a minimal increase in operating budget.

Protect data from corruption, disaster, and attacks.

Back up data without any performance degradation, quickly and consistently, without anyerrors.

SnapDrive addresses these challenges by providing simplified and intuitive storage

management and data protection from a host/server perspective. The following list highlightssome of the important benefits of SnapDrive:

It allows hosts and applications administrators to quickly create vir tual disks with a

dynamic pool of storage that can be reallocated, scaled, and enlarged in real time, evenwhile system are accessing data.

Dynamic on-the-fly file system expansion: New disks are usable within seconds.

Snapshot copies provide rapid backup and recovery capability with minimal resource andcapacity requirements.

Supports multipath technology for high performance.

Enables connections to existing Snapshot copies from the original host or a different host.

It is independent of underlying storage access media and protocol. SnapDrive supportsFCP, iSCSI, and Network File System (NFS) as the transport protocols. (NFS supports

only Snapshot management.)

Robust and easy-to-use data and storage management feature and software.

SnapDrive requirementsIBM System Storage N series SnapDrive is a licensed feature.

There are some general requirements for SnapDrive:

Host operating system and appropriate patches

Host file systems

IP access between the host and storage system

Storage system licenses

FCP Host Utilities or iSCSI Host Utilities required software

The operating system requirements and additional information about SnapDrive can be found

in the IBM Network-attached Storage (NAS) Support Web site:

http://www.ibm.com/storage/support/nas

Note: For security reasons, we recommend a separate user account on IBM System

Storage N series storage server.

8/3/2019 redp4496

11/42


Data ONTAP

The IBM N series storage system is a hardware-based and software-based data storage and

retrieval system. It responds to network requests from clients and fulfills them by writing datato or retrieving data from its disk array. It provides a modular hardware architecture running

the Data ONTAP operating system and Write Anywhere File Layout (WAFL) software. With

a reduced operating system, many of the server operating system functions that you arefamiliar with are not supported. The objective is to improve performance and reduce costs byeliminating unnecessary functions normally found in the standard operating systems.

Figure 7 Data ONTAP storage microkernel

Data ONTAP provides a complete set of storage management tools through its command-line

interface, through the FilerView interface, through the Operations Manager interface (whichrequires a license), andfor storage systems with a Remote LAN Module (RLM) or a

Baseboard Management Controller (BMC) installedthrough the RLM or the BMC Ethernetconnection to the system console.

Data ONTAP provides features for:

Network file service Multiprotocol file and block sharing Data storage management Data organization management Data access management Data migration management Data protection system management AutoSupport

Network file serviceData ONTAP enables users on client workstations (or hosts) to create, delete, modify, andaccess files or blocks stored on the storage system.

7/29/2008 NetApp Confidential -- Do Not Distribute | Subject To Change Without Notice 3

Data ONTAP Storage Microkernel

GbE TCP/IP10/100 & GbE

(Fibre & Copper)2 Gbps

Fibre Channel

TCP/IP

Fibre Channel mass storage

File ServicesNFS, CIFS, HTT P, FTP,

WAFL VirtualizationNV RAM

Journaling

WAFL Protection (RAID & Mirroring)

Snapshots

SnapMirror

SystemAdministrationandmonitoring

Block ServicesFCP, iSCSI

Future

File Semantics LUN Semantics

8/3/2019 redp4496

12/42


Storage systems can be deployed in network-attached storage and storage area network(SAN) environments for accessing a full range of enterprise data for users on a variety of

platforms. Storage systems can be fabric-attached, network-attached, or direct-attached tosupport NFS, Common Internet File System (CIFS), HyperText Transmission Protocol

(HTTP), and File Transfer Protocol (FTP) for file access, and Internet SCSI for block-storageaccess, all over TCP/IP, as well as SCSI over FCP for block-storage access, depending on

your specific data storage and data management needs.

Client workstations are connected to the storage system through direct-attached or TCP/IPnetwork-attached connections, or through FCP, fabric-attached connections.

For information about configuring a storage system in a network-attached storage network,

see the Data ONTAP Network Management Guide, GC52-1280.

For information about configuring a storage system in a storage area network fabric, see theData ONTAP Block Access Management Guide, GC52-1282.

Multiprotocol file and block sharingSeveral protocols allow you to access data on the storage system (Figure 8):

NFS: Used by UNIX systems Personal Computer NFS (PC-NFS): Used by PCs to access NFS Common Internet File System: Used by Windows clients FTP: Used for file access and retrieval HTTP: Used by the World Wide Web and corporate intranets FCP: Used for block access in storage area networks iSCSI: Used for block access in storage area networks

Figure 8 N series protocols

N series Gateway Supported Topology Options

Departmental

iSCSI

Enterprise Enterprise

SAN NAS

Departmental

Target

Side

NAS

(File)SAN(Block)

Fibre

Channel

Dedicated

EthernetCorporate

LAN

IBM

N series

Gateway

Host

Side

Target SideTarget

Side

.

FCP

Target

Side

8/3/2019 redp4496

13/42


Files written using one protocol are accessible to clients of any protocol, provided that systemlicenses and permissions allow it. For example, an NFS client can access a file created by a

CIFS client, and a CIFS client can access a file created by an NFS client. Blocks written usingone protocol can also be accessed by clients using the other protocol.

For information about NAS file access protocols, see the Data ONTAP File Access andProtocols Management Guide, GC27-2207-00.

For information about SAN block access protocols, see the Data ONTAP Block AccessManagement Guide, GC52-1282-00.

Data storage managementData ONTAP stores data on disks in disk shelves connected to storage systems. Disks areorganized into RAID groups. RAID groups are organized into plexes, and plexes are

organized into aggregates.

Data organization managementData ONTAP organizes the data in user and system files and directories, in file systemscalled volumes, and optionally in logical unit numbers (LUNs) in SAN environments.

Aggregates provide the physical storage to contain volumes.

For more information see the Data ONTAP Storage Management Guide and the Data ONTAPBlock Access Management Guide, GC52-1282-00.

When Data ONTAP is installed on a storage system at the factory, a root volume is configuredas /vol/vol0, which contains system files in the /etc directory.

Data access managementData ONTAP enables you to manage access to data.

Data ONTAP performs the following operations for data access management:

Checks file access permissions against file access requests. Checks write operations against file and disk usage quotas that you set. For more

information see the Data ONTAP File Access and Protocols Management Guide,GC27-2207.

Takes Snapshot copies and makes them available so that users can access deleted oroverwritten files. Snapshot copies are read-only copies of the entire file system. For more

information about Snapshot copies see the Data ONTAP Data Protection Online Backupand Recovery Guide, GC27-2204.

Data migration managementData ONTAP enables you to manages data migration. Data ONTAP offers the followingfeatures for data migration management:

Snapshot copies Asynchronous mirroring Synchronous mirroring Backup to tape Aggregate copy Volume copy FlexClone

8/3/2019 redp4496

14/42


Data protectionStorage systems provide a wide range of data protection features such as aggregate copy,MetroCluster, NDMP, NVFAIL, SnapLock, SnapMirror, SnapRestore, Snapshot,SnapVault, SyncMirror, tape backup and restore, virus scan support, and volume copy.

System management

Data ONTAP provides a full suite of system management commands that allows you tomonitor storage system activities and performance.

You can use Data ONTAP to perform the following system management tasks:

Manage network connections.

Manage adapters.

Manage protocols.

Configure pairs of storage systems into active/active pairs for failover.

Configure SharedStorage storage systems into a community.

Manage storage.

Dump data to tape and restore it to the storage system.

Mirror volumes (synchronously and asynchronously).

Create vFiler units. For information about vFiler units, see the Data ONTAP MultiStoreManagement Guide, GC52-1281.

For information about all Data ONTAP commands, see the Data ONTAP Commands: Manual

Page Reference, Volume 1, GC27-2202,and the Data ONTAP Commands: Manual PageReference, Volume 2, GC27-2203.

AutoSupportAutoSupport automatically sends AutoSupport Mail notifications about storage system

problems to technical support and designated recipients.

N series licenses

Several things must be done when preparing an IBM N series storage system host to create areliable system with optimal performance. You must license all of the necessary protocols andsoftware on the storage system. NAS requires the NFS (UNIX) and CIFS (Windows) licenses

to be activated, and SAN requires a FCP license with FCP services up and running. For SANconfiguration using iSCSI, an iSCSI license must be enabled and the iSCSI service must be

running.

Verify that the licenses for SnapDrive, ISCSI, and CIFS are enabled and that CIFS and iSCSIservices are running on the IBM N series storage devices.

Before creating a network share, verify that a CIFS license is enabled and the CIFS setup is

complete. On our test setup, we used a clustered N5500.

Based on your company policy, you must prepare the storage. If the CIFS protocol is used,configure the CIFS setup and have the necessary CIFS shares available.

Note: Refer to the latest SnapDrive and SnapManager administration guides to ensure

that the proper licenses and options are enabled on IBM N series storage regarding thelicense requirement.

8/3/2019 redp4496

15/42


Active Directory requirements

There are some domain requirements that must be checked to install the Microsoft Cluster.

Verifying domain membershipAll nodes in the cluster must be members of the same domain and be able to access a

domain controller and a DNS server. They can be configured as member servers or domaincontrollers. You should have at least one domain controller on the same network segment asthe cluster. For high availability another domain controller should also be available to remove

a single point of failure. In this paper all nodes are configured as member servers.

Setting up a cluster user accountThe cluster service requires a domain user account that is a member of the localadministrators group on each node, under which the cluster service can run. Because setuprequires a user name and password, this user account must be created before configuring the

cluster service. This user account should be dedicated only to running the cluster service andshould not belong to an individual.

The cluster service account does not need to be a member of the domain administratorsgroup. For security reasons, we do not recommend granting domain administrator rights tothe cluster service account.

The cluster service account requires the following rights to function properly on all nodes in

the cluster. The Cluster Configuration Wizard grants the following rights automatically:

Act as part of the operating system. Adjust memory quotas for a process. Back up files and directories. Increase scheduling priority. Log on as a service. Restore files and directories.

8/3/2019 redp4496

16/42


You can configure these settings on the Security Policy MMC Console (Figure 9).

Figure 9 Security settings console

Note: For additional information, see the 269229 How to Manually Re-Create the ClusterService Accountarticle in the Microsoft Knowledge Base.

8/3/2019 redp4496

17/42


N series and Active Directory supportMicrosoft's Active Directory service allows organizations to efficiently organize, manage, andcontrol resources. Active Directory is implemented as a distributed, scalable databasemanaged by Windows 2000, Windows 2003, and Windows 2008 domain controllers.

N series storage systems can join and participate in mixed-mode or native-mode Active

Directory domains. Mixed-mode domains support a mix of Windows NT 4.0, Windows 2000Server, and Windows 2003 Server domain controllers for directory lookups andauthentication. Native-mode domains consist of Active Directory domain controllers only, anddo not emulate Windows NT 4.0 domains for previous generation computers. N series

storage systems adhere to the environment in which they are installed and support bothActive Directory and previous generation computers.

Name resolutionSimilar to Windows 2000, Windows 2003, and Windows 2008 computers in an Active

Directory environment, N series storage systems query Domain Name System (DNS) serversto locate domain controllers. Because the Active Directory service relies on DNS to resolve

names and services to IP addresses, the DNS servers that are used with N series storagesystems in an Active Directory environment must support service location (SRV) resourcerecords (per RFC 2782).

When using non-Windows 2000 DNS servers, such as Berkeley Internet Name Domain

(BIND) servers, verify that the version that you use supports SRV records or update it to a

version that supports SRV records.

Locating domain controllersAn N series storage system attempts to sense automatically the type of domain that exists on

the network when one of the two following events occurs:

You run a CIFS setup, the process that prepares the N series storage system for CIFS.

CIFS restarts on an N series storage system. It accomplishes this by identifying the type

of domain controllers that are available.

The N series storage system searches first for an Active Directory domain controller byquerying DNS for the SRV record of an Active Directory domain controller. (This is the same

method used by Microsoft Windows-based computers.) If the N series storage system cannot

locate an Active Directory domain controller, it switches to NT4 mode and then searches for aWindows NT 4.0 domain controller using the Windows Internet Naming Service (WINS) andNetBIOS protocol or by using b-node broadcasts.

If the N series storage system can locate an Active Directory domain controller, the followingconditions apply:

Clients obtain their session credentials by contacting a domain controller/Kerberos KeyDistribution Center (DC/KDC).

NetBIOS is not required to access an N series storage system in a native-mode domainwhere NetBIOS-over-TCP/IP has been disabled.

Note: Both domain styles support previous generation computers. The difference lies in

how the previous generation computers interact with Active Directory.

Note: Microsoft recommends using DNS servers that support dynamic updates (per RFC

2136), so that important changes to SRV records about domain controllers areautomatically updated and available immediately to clients.

8/3/2019 redp4496

18/42


CIFS/SMB is supported on TCP port 445.

Registering with WINS servers is optional and can be turned on or off for each network

interface.

If the N series storage system is configured in or switches to NT4 mode, the following

conditions apply:

N series storage systems can register each interface with WINS. (WINS registrationcan be turned on or off for each interface.)

N series storage systems authenticate incoming sessions against a Windows domain

controller using the Windows NT LAN Manager (NTLM) authentication protocol.

Active Directory site supportActive Directory sites are used to logically represent an underlying physical network. A site is

a collection of networks connected at local area network (LAN) speed. Slower and lessreliable wide area networks (WANs) are used between sites (locations) that are too far apartto be connected by a LAN.

N series storage systems are Active Directory site-aware. Therefore, N series storage

systems attempt to communicate with a domain controller in the same site instead ofselecting a domain controller at a different location. It is important to place the N series

storage system in the proper Active Directory site so that it can use the resources that arephysically close to it.

AuthenticationN series storage systems can operate in a Windows workgroup mode or use Kerberos

authentication. Workgroup authentication allows local Windows client access and does notrely on a domain controller. With Kerberos authentication, the client negotiates the highest

possible security level when a connection to the N series storage system is established.

During the session-setup sequence, Windows computers negotiate which authenticationmethods support standalone Windows NT 4.0, Windows 2000, Windows 2003, and Windows

2008 computers. Those that are not part of an Active Directory domain use only NTLM forauthentication. By default, Windows 2003, Windows XP, and Windows 2000 computers thatare part of an Active Directory domain try to use Kerberos authentication first and then use

NTLM. Windows NT 4.0, Windows NT 3.x, and Windows 95/98 clients always authenticate

using NTLM.

Data ONTAP includes native implementation of the NTLM and Kerberos protocols. Therefore,

it provides full support for the Active Directory and existing authentication methods.

Kerberos authenticationThe Kerberos server, or KDC service, stores and retrieves information about security

principles in the Active Directory. Unlike the NTLM model, Active Directory clients that want to

establish a session with another computer, such as an N series storage system, contact aKDC directly to obtain their session credentials.

8/3/2019 redp4496

19/42


Using Kerberos, clients contact the KDC service that runs on Windows 2000 or Windows2003 domain controllers. Clients then pass the authenticator and encrypted Kerberos ticket to

the N series storage system, as shown in Figure 10.

Figure 10 Kerberos authentication workflow

Network requirements

The network requirements are:

A unique NetBIOS name.

Static IP addresses for all network interfaces on each node.

Access to a domain controller. If the cluster service is unable to authenticate the useraccount used to start the service, it could cause the cluster to fail. We recommend that you

have a domain controller on the same local area network as the cluster to ensureavailability.

Each node must have at least two network adaptersone for connection to the clientpublic network and the other for the node-to-node private cluster network. A dedicatedprivate network adapter is required for HCL certification.

All nodes must have two physically independent LANs or vir tual LANs for public andprivate communication.

If you are using fault-tolerant network cards or network adapter teaming, verify that you

are using the most recent firmware and drivers. Check with your network adaptermanufacturer for cluster compatibility.

N series

Note: Server clustering does not support the use of IP addresses assigned fromDynamic Host Configuration Protocol (DHCP) servers.

Note: The network adapter teaming is not recommended for the heartbeat NICs.

8/3/2019 redp4496

20/42


Setting up networksEach cluster node requires at least two network adapters with two or more independentnetworks, to avoid a single point of failure. One is to connect to a public network and one is toconnect to a private network consisting of cluster nodes only.

Microsoft requires that you have two Hardware Compatibility List (HCL) signed Peripheral

Component Interconnect (PCI) network adapters in each node.

Communication between server cluster nodes is critical for smooth cluster operations, so toeliminate possible communication issues, remove all unnecessary network traffic from the

network adapter that is set to Internal Cluster communications only.

Configure one of the network adapters on your production network with a static IP addressand configure the other network adapter on a separate network with another static IP address

on a different subnet for private cluster communication.

The private network adapter is used for node-to-node communication, cluster status

information, and cluster management. Each node's public network adapter connects thecluster to the public network where clients reside and should be configured as a backup routefor internal cluster communication. To do so, configure the roles of these networks as eitherinternal cluster communications only or all communications for the cluster service. See aconfiguration example in Figure 3 on page 5.

To verify that all network connections are correct, private network adapters (this adapter is

also known as the heartbeat or private network adapter) must be on a network that is on adifferent logical network from the public adapters. This can be accomplished by using across-over cable in a two-node configuration or a dedicated dumb hub in a configuration of

more than two nodes. Do not use a switch, smart hub, or any other routing device for theheartbeat network.

SAN requirements

The IBM System Storage N series storage system must be configured prior to running theMicrosoft Cluster server on it. The aggregates, volumes, LUNs, and Snapshots must be

created and configured to support the Microsoft Cluster server environment.

Aggregates

An aggregate is a collection of physical disks from which the space is allocated to the

volumes. When creating the aggregates on the IBM System Storage N series storage system,there are some considerations:

On each aggregate, one or more flexible volumes can be created.

Each aggregate has its own RAID configuration and set of assigned physical disks.

The available space on the aggregate can be increased by simply adding disks to the

existing RAID group or by adding new RAID groups.

Performance is proportional to the number of disk spindles on the aggregate.

Note: For additional information, see the 258750 Recommended private "Heartbeat"configuration on a cluster serverarticle in the Microsoft Knowledge Base.

8/3/2019 redp4496

21/42


For detailed information about aggregates, the WAFL file system, and Data ONTAP V7.3,refer to the document IBM System Storage N series Data ONTAP 7.3 Storage Management

Guide, GC27-2207.

Creating aggregatesWhen creating the aggregate, a name should be defined. There are some naming

conventions for the aggregate name. The name should:

Begin with either a letter or an underscore. Contain only letters, digits, and underscores. Contain no more than 255 characters.

After you have the name, size, and disk configurations planned, these are the steps to createan aggregate:

1. Open the FilerView for the IBM System Storage N series storage system where you wantto create the aggregate.

2. On the FilerView, select Aggregates Add. This brings up the Add New Aggregate

window, as shown in Figure 11. Click Next.

Figure 11 Add new aggregate window

8/3/2019 redp4496

22/42


3. The aggregate name window appears (Figure 12). Type in the name for the aggregate thatyou are creating. Select whether this aggregate will be a mirrored aggregate (check box

Mirror checked) or an unmirrored aggregate (check box Mirror unchecked). The parityshould also be defined in this window. As mentioned earlier, we are creating a

RAID-DP-based aggregate, so select the Double Parity check box. If the Double Paritycheck box is unchecked, the aggregate will be created using RAID 4. Click Next.

Figure 12 Aggregate name window

8/3/2019 redp4496

23/42


4. In the RAID Parameters window (Figure 13) select the number of disks that will be usedon each RAID Group created for the aggregate. The recommended number of disks per

RAID group is 16. If you are using fewer than 16 disks per RAID group, protection againstdisk failure is increased, but performance will decrease because there will be fewer disk

spindles for accessing the data. If you are using more than 16 disks per RAID group,performance will be increased (more disk spindles to access the data), but protection

against disk failure will decrease. Click Next.

Figure 13 RAID parameters window

8/3/2019 redp4496

24/42


5. In the Disk Selection Method window (Figure 14) select the method that should be used toidentify the disks used on the aggregate. The default method is automatic so that the IBM

System Storage N series storage system will automatically select the disks based on yourchoices for the size and number of disks from the next windows. If for any reason you need

to select specific disks to compose the RAID groups, click Manual and select the numberand size of disks to be included on the aggregate. Click Next.

Figure 14 Disk Selection Method window

8/3/2019 redp4496

25/42


6. If you select the automatic method selection for the disks, the Disk Size window will beshown (Figure 15). Select the disk size from the available options or select Any Size and

click Next.

Figure 15 Disk Size window

8/3/2019 redp4496

26/42


7. Select the number of disks of the selected size to be used on the aggregate in the Numberof Disks window (Figure 16). Click Next.

Figure 16 Number of Disks window

8/3/2019 redp4496

27/42


8. Review your selection in the Commit changes window (Figure 17) and click Commit.

Figure 17 Commit changes window

8/3/2019 redp4496

28/42


9. The last window is just a confirmation (Figure 18). In our test environment it took about 50minutes to create the aggregate. That time it takes depends on how many disks you

selected. Click Close.

Figure 18 Confirmation window

8/3/2019 redp4496

29/42


10.The aggregate will be created. In the FilerView, select Aggregates Manage and a listof the existent aggregates will be shown, along with their status, RAID level, size, available

size, and other information (see Figure 19).

Figure 19 Manage aggregates window

Volumes

Volumes on the IBM System Storage N series storage system can be designated as

traditional volumes or flexible volumes.

Traditional volumes are tied to the physical disks on the aggregate on which they are created.This means that the disks used on a traditional volume cannot be used on a different volume,

whether it is a traditional volume or a flexible volume.

Traditional volumes do not allow much flexibility and the only way to increase the size of atraditional volume is to add disk spindles to the volume array. This type of volumes does not

allow downsizing.

On the other hand, flexible volumes created on aggregates can use disks from and share

disks with different flexible volumes. This is due to the fact that flexible volumes are not tied tothe physical disks on which they are created but to the aggregate collection of disks. That iswhy using a flexible volume is always the best option.

Flexible volumes provide more management flexibility and allow for dynamic volume size

expansion and shrink without impact on the host client. For the Microsoft Cluster Quorum diskthis is not a useful feature since what is important is the disk availability, not the storage

capacity. But for the Microsoft Hyper-V disks, this is a very useful feature.

8/3/2019 redp4496

30/42


In this scenario, one volume and only one aggregate is necessary so that the MicrosoftCluster quorum files can be moved to different paths on the IBM System Storage N series

storage system.

Creating volumesEvery volume on the IBM System Storage N series storage system must be created on an

aggregate. The volume name must follow these naming conventions:

Begin with either a letter or an underscore. Contain only letters, digits, and underscores. Contain no more than 255 characters.

To create the volume on the aggregate:

1. Open the FilerView for the IBM System Storage N series storage system where you want

to create the volume.

2. In the FilerView, select Volumes Add. This brings up the add new volume window, asshown in Figure 20. Click Next.

Figure 20 Add new volume window

8/3/2019 redp4496

31/42


3. The Volume Type Selection window appears (Figure 21). Select Flexible for flexiblevolumes or Traditional for traditional volumes. The recommended type for Microsoft

Cluster Server is FlexVol. Click Next.

Figure 21 Volume Selection Type window

8/3/2019 redp4496

32/42


4. In the Volume Parameters window (Figure 22), type in the volume name and select thelanguage used on the volume. By default, the root volume language is selected. Click

Next.

Figure 22 Volume Parameters window

8/3/2019 redp4496

33/42


5. In the FlexVol parameters window (Figure 23), select the aggregate on which you want tocreate the volume. Select the type of space guarantee to be used. The default, which we

recommend, is volume. This option pre-allocates the entire volume size on the aggregate.Other options are file space guarantee and none. Click Next.

Figure 23 FlexVol parameters window

8/3/2019 redp4496

34/42


6. In the FlexVol volume size window (Figure 24), select the size type Total Size for theentire volume size (including SnapShots and other features) or Usable Size to ensure that

the volume size available will be the specified. Type in the volume size in KB, MB, GB, orTB, and set the SnapShot Reserve percentage. Click Next.

Figure 24 FlexVol size parameters window

8/3/2019 redp4496

35/42


7. Review the selections in the Commit changes window (Figure 25) and click Commit.

Figure 25 Commit changes window

8/3/2019 redp4496

36/42


8. The last window is just a confirmation. Click Close.

Figure 26 Confirmation window

8/3/2019 redp4496

37/42


9. The volume will be created. In the FilerView, select Volumes Manage and a list of theexisting volumes will be shown, along with their status, RAID level, size, available size, and

other information (Figure 27).

Figure 27 Manage volumes window

8/3/2019 redp4496

38/42


After the volume is created for the Microsoft Cluster server, it must be shared. This is doneby using the CIFS option on the FilerView. In the FilerView, select CIFS Shares

Add. The Add a CIFS Share window appears (Figure 28). Type in the followinginformation:

Share Name: This is the name that will be used to access the volume for the LUN

creation on the Microsoft Cluster server.

Mount Point: The path to connect to this volume on the N series storage system, such

as /vol/Vol_clu_q.

Share Description: General description for the share.

Max. Users: Maximum number of concurrent users at a time on the share.

Force Group: Not used for volumes accessed by Windows hosts.

10.Click Add.

Figure 28 Add a CIFS share window

LUNs

Logical unit numbers are the logical units of storage. They are created on the volumes andappear to host systems (in this case, the Microsoft Cluster Server) as SAN disks. The LUNs

are virtual disks that will be accessed by the hosts.

The recommended way to create LUNs is using the SnapDrive utility on the Microsoft Cluster

server.

8/3/2019 redp4496

39/42


The team that wrote this IBM Redpaper publication

This paper was produced by a team of specialists from around the world working at theInternational Technical Support Organization, Tucson Center.

Alex Osuna is a Project Leader at the International Technical Support Organization, Tucson

Center. He writes extensively and teaches IBM classes worldwide on all areas of storage.Before joining the ITSO three years ago, Alex worked in the field as a Tivoli Principal

Systems Engineer. Alex has over 30 years of experience in the IT industry and holdscertifications from IBM, RedHat, and Microsoft.

William Luiz de Souza is a System Management Engineer at the Brazil's Wintel Global

Resources Team, Brazil SDC. He works at third-level support for severity ones andinfrastructure projects. Before working for the BR Wintel GR Team two years ago, he worked

as Wintel Primary for Brazil's USF. William has more than eight years of experience in the ITindustry and focused on Microsoft technologies. He holds cer tifications from IBM, Microsoft,

Citrix, and ITIL.

8/3/2019 redp4496

40/42


8/3/2019 redp4496

41/42

Copyright International Business Machines Corporation 2009. All rights reserved.

Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by

GSA ADP Schedule Contract with IBM Corp. 41

Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area. Anyreference to an IBM product, program, or service is not intended to state or imply that only that IBM product,program, or service may be used. Any functionally equivalent product, program, or service that does notinfringe any IBM intellectual property right may be used instead. However, it is the user's responsibility toevaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. Thefurnishing of this document does not give you any license to these patents. You can send license inquiries, inwriting, to:IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A.

The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR

IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer ofexpress or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM may makeimprovements and/or changes in the product(s) and/or the program(s) described in this publication at any timewithout notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in anymanner serve as an endorsement of those Web sites. The materials at those Web sites are not part of thematerials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurringany obligation to you.

Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirm theaccuracy of performance, compatibility or any other claims related to non-IBM products. Questions on thecapabilities of non-IBM products should be addressed to the suppliers of those products.

This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs in

any form without payment to IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operating platform for which the sampleprograms are written. These examples have not been thoroughly tested under all conditions. IBM, therefore,cannot guarantee or imply reliability, serviceability, or function of these programs.

8/3/2019 redp4496

42/42

Redpaper

This document REDP-4496-00 was created or updated on February 5, 2009.

Send us your comments in one of the following ways: Use the online Contact us review Redbooks form found at:

ibm.com/redbooks Send your comments in an email to:

[email protected] Mail your comments to:

IBM Corporation, International Technical Support OrganizationDept. HYTD Mail Station P0992455 South RoadPoughkeepsie, NY 12601-5400 U.S.A.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business MachinesCorporation in the United States, other countries, or both. These and other IBM trademarked terms aremarked on their first occurrence in this information with the appropriate symbol ( or ), indicating USregistered or common law trademarks owned by IBM at the time this information was published. Suchtrademarks may also be registered or common law trademarks in other countries. A current list of IBM

trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml

The following terms are trademarks of the International Business Machines Corporation in the United States,other countries, or both:

IBM

Redbooks (logo)

System Storage

Tivoli

The following terms are trademarks of other companies:

ITIL is a registered trademark, and a registered community trademark of the Office of GovernmentCommerce, and is registered in the U.S. Patent and Trademark Office.

Snapshot, RAID-DP, WAFL, SyncMirror, SnapVault, SnapRestore, SnapMirror, SnapManager, SnapLock,SnapDrive, MultiStore, FlexVol, FlexClone, FilerView, Data ONTAP, and the NetApp logo are trademarks or

registered trademarks of NetApp, Inc. in the U.S. and other countries.

Active Directory, Hyper-V, Microsoft, Windows NT, Windows Server, Windows, and the Windows logo aretrademarks of Microsoft Corporation in the United States, other countries, or both.

"Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation."

UNIX is a registered trademark of The Open Group in the United States and other countries.

Other company, product, or service names may be trademarks or service marks of others.
http://www.redbooks.ibm.com/http://www.ibm.com/redbooks/http://www.redbooks.ibm.com/contacts.htmlhttp://www.ibm.com/legal/copytrade.shtmlhttp://www.ibm.com/legal/copytrade.shtmlhttp://www.redbooks.ibm.com/contacts.htmlhttp://www.ibm.com/redbooks/http://www.ibm.com/redbooks/http://www.redbooks.ibm.com/

Documents

redp4496