Storage : DC, Storage and cluster relationship question
Hi
I'm struggling a bit with the conecpt and relationship between datacentre, storage domain and cluster.
Is it possible to have a single datacentre with two clusters that are visible to two seperate fibre channel based data storage domains? For instance hosts in cluster A can only see shared lun A and hosts in cluster B can only see shared lun B. Or would I have to create two seperate datacentres ?
Responses
The storage domain is a data centre level entity, same as a cluster is. So a host in any cluster can access any SD that belongs to the same DC.
If you want them separated, you need to put the second cluster in a separate DC
Guru
2356 points
Thanks Dan
I don't want to seperate them but if hosts in cluster A are not visible to FC storage attached to hosts in cluster B then my understanding is that they cannot live in the same DC ? Sorry to labour the question....
You mean you want to simply zone them out? That won't work - if the hosts can't access all the SDs in their DC, they will be non-operational.
Marking which SDs a host must always see (andignore the rest) can also make a nice RFE
(sorry to make you file these, but coming from a customer they always weigh more)
Guru
2356 points
Thanks Dan. That's clear now.
I like the idea of masking out hosts from storage domain and will follow up as you suggested.
Actually, I don't see the point in zoning out hosts from LUNs in this case. The hosts are secure, and only the admin can get in. As for the VMs, they will only be ever able to access the virtual disks they are assigned, nothing else.
You could use direct LUNs on VMs, but again, those are speciffied by the RHEV admin, and can be planned securely.
Is this something that will continue to be the case in later versions?
I think it would be more logical to be able to have separate LUNs for separate clusters within the same DC.
The only way to get it done is to file an RFE to RH. I just did it. We are using FC zoning which does not fit with the current implementation of RHEV because of this restriction.
The word "secure" is very relative. We've already seen cases where it was possible to get to the hosts from a VM in different virtualization solutions. Personally, I do not like to let hosts "see" which are not relevant for them (that is for sure more secure ;) ).
On the other site, FC zoning has other benefits not only security. I am not a storage expert but here is a quote from Derek Seaman's blog (http://derek858.blogspot.co.at/2009/10/san-zoning-best-practices-be-prepared.html):
"First, there's a Fibre Channel command called a RSCN. Registered State Change Notifications are a disruptive event which are sent to a fabric when changes happen. Changes can be a new HBA logging in to the fabric, a device removed from the fabric, or other scenarios.RSCNs are disruptive and can interrupt in-flight I/Os. RSCNs should always be minimized and isolated."