...

EMC UNITY: UNITY FILE SYSTEM A Detailed Review ABSTRACT

by user

on
Category: Documents
36

views

Report

Comments

Transcript

EMC UNITY: UNITY FILE SYSTEM A Detailed Review ABSTRACT
EMC UNITY: UNITY FILE SYSTEM
A Detailed Review
ABSTRACT
This white paper explains the Unity File System architecture, functionality, and
features available in EMC Unity™ storage systems.
May, 2016
WHITE PAPER
To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local
representative or authorized reseller, visit www.emc.com, or explore and compare products in the EMC Store
Copyright © 2016 EMC Corporation. All Rights Reserved.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without
notice.
The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with
respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a
particular purpose.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.
VMware is a registered trademark of VMware, Inc. in the United States and/or other jurisdictions. All other trademarks used herein
are the property of their respective owners.
Part Number H15087
2
TABLE OF CONTENTS
EXECUTIVE SUMMARY .............................................................................. 5
Audience ........................................................................................................... 5
Terminology .............................................................................................................. 6
OVERVIEW ................................................................................................ 7
Scalability ................................................................................................................. 8
Availability and recoverability ...................................................................................... 8
Space efficiency ......................................................................................................... 8
Performance .............................................................................................................. 8
Virtualization ............................................................................................................. 9
FILE SYSTEM OPERATIONS ..................................................................... 10
File system shrink and extend.................................................................................... 10
Manual extension ..................................................................................................... 11
Manual shrink .......................................................................................................... 11
Automatic shrink ...................................................................................................... 12
Automatic extension ................................................................................................. 13
QUOTAS .................................................................................................. 13
Quota types ............................................................................................................ 13
Quota limits............................................................................................................. 14
Quota Policy ............................................................................................................ 15
PROTOCOL OPTIONS .............................................................................. 15
SMB ....................................................................................................................... 16
Continuous Availability .............................................................................................. 16
Protocol Encryption .................................................................................................. 16
Access-Based Enumeration ........................................................................................ 16
Branch Cache .......................................................................................................... 16
Offline availability .................................................................................................... 17
NFS ........................................................................................................................ 17
Secure NFS ............................................................................................................. 17
NFSv4 .................................................................................................................... 17
Multiprotocol ........................................................................................................... 18
FTP/SFTP ................................................................................................................ 19
3
DATA SERVICES ...................................................................................... 19
SNAPSHOTS ............................................................................................................ 19
Remote protection .................................................................................................... 20
FAST Suite .............................................................................................................. 20
CONCLUSION .......................................................................................... 21
REFERENCES ........................................................................................... 21
4
EXECUTIVE SUMMARY
The Unity File System is a new 64-bit file system architecture being introduced on the EMC Unity Family of storage systems. This file
system architecture allows for unprecedented scalability, efficiency, and flexibility, as well as a rich set of data services to allow file
storage administrators to leverage Unity storage systems for a wide range of traditional and transactional NAS use cases. Whether
configuring home directories or deploying performance-intensive applications on file storage, the Unity File System provides the
feature set and deep virtualization integration necessary for any storage environment.
The Unity File System was designed to integrate seamlessly with Unity block storage through similar configuration and management
workflows that greatly reduce the management overhead traditionally associated with file storage. Similarly, the architecture allows
file and block to share the same pools and data services, resulting in the most truly unified offering in the storage market today.
Features such as data protection and storage efficiency behave uniformly across file and block storage resources and benefit both
equally.
Unisphere provides a powerful unified management framework composed of an HTML5 graphical user interface, command line
interface, and RESTful API allowing novice and experienced administrators alike to easily manage their file storage environments.
Wizard based file provisioning enables novice administrators to quickly get a file storage environment up and running. The CLI and
RESTful API allow more seasoned administrators to create complex scripts to facilitate specific use cases, while still using the
Unisphere GUI for daily provisioning and management tasks. Most importantly, all block, file, and management functionality is
available from within all interfaces, ensuring a uniform user experience regardless of the task.
AUDIENCE
This white paper is intended for EMC customers, partners, and employees who are interested in or considering the use of file storage
functionality on Unity storage systems. It is assumed that the reader is at least an IT generalist who has experience as a system or
network administrator.
5
TERMINOLOGY
Allocated Space – The size of the storage resource (such as a file system, LUN, or VMware datastore) that is
provisioned from the storage pool. For thick provisioned storage resources, the allocated space is equal to the requested
capacity. For thin provisioned storage resources, the allocated space relates to the capacity that is currently provisioned
from the storage pool which could be less than the requested capacity of the storage resource.
NAS Server – A Unity storage server that uses the SMB and/or NFS protocol to catalog, organize, and transfer files
within designated file system shares. A NAS Server must be available before you can create file-level storage resources
such as SMB or NFS file systems, or VMware file datastores.
Network File System (NFS) –An access protocol that enables users to access files and folders located on a network.
Typically used by Linux/Unix hosts.
Oversubscription – A storage provisioning method that allows administrators to provision more capacity than may be
physically available in a particular storage pool. When thin provisioned storage resources are associated with a common
storage pool, they can potentially request (or subscribe to) more storage capacity than the storage pool contains.
Administrators can then add more drives to the system or assign more drives to the storage pool as needed. Hosts
connected to thin provisioned storage resources are unaware of the pool oversubscription. They see the subscribed (or
maximum) size for each thin provisioned storage resource, not the current allocated size.
Server Message Block (SMB) – An access protocol that allows remote file data access from clients to hosts located on a network.
Typically used in Windows environments.
Storage Pool – A collection of disk drives configured with a particular storage profile. The storage profile defines the
type of disks used to provide storage and the type of RAID configured on the disks. The storage pool’s configuration
defines the number of disks and quantity of storage associated with the pool. Unity uses unified storage pools for both
block and file storage resources.
Thin Provisioned Storage Resource – A storage resource (such as a file system, LUN, or VMware datastore) that is
not fully allocated from the storage pool. The client can see the full size of the storage resource even though only a
portion of the storage resource is allocated from the storage pool.
Total Size – The client visible size of a storage resource as set at the time of creation or afterward, regardless of the
actual amount of space consumed by the storage resource from the pool. Total size may be larger than this actual
allocated size for thin provisioned storage resources, forming the basis for overprovisioning.
Unisphere CLI (UEMCLI) – The command-line interface for managing Unity storage systems.
Unisphere – The HTML5 web-based user interface for managing Unity storage systems.
Used Space – The amount of space in a file system that is actual in use by the clients. This relates to the amount of
data users have stored in the file system, which may be less than the file system allocated space.
Virtual Volumes (VVols) – A VMware storage framework which allows VM data to be stored on individual volumes.
This allows for data services to be applied at a VM-granularity and Storage Policy Based Management (SPBM).
VMware vSphere Storage APIs Array Integration (VAAI) – A set of APIs to enable communication between
VMware vSphere ESXi hosts and storage devices. The APIs define a set of “storage primitives” that enable the ESXi host
to offload certain storage operations to the array, which reduces resource overhead on the ESXi hosts and can
significantly improve performance for storage-intensive operations such as storage cloning, zeroing, and so on. The goal
of VAAI is to help storage vendors provide hardware assistance to speed up VMware I/O operations that are more
efficiently accomplished in the storage hardware.
6
OVERVIEW
Unity storage systems take a unique approach to file storage in that file is tightly integrated with block, resulting in the most unified
storage solution on the market. Unity employs classic storage pools, however these pools are used for all resource types directly,
meaning LUNs, file systems, and even VVols can be provisioned out of the same unified pools without need for a second level “file
pool.” When provisioning file systems, administrators simply provision file systems as they would traditionally provision LUNs, by
choosing a storage pool. Because Unity is truly unified in both its hardware and software architecture, there is no need for the
additional management overhead of provisioning LUNs, presenting to an internal gateway, creating file storage pools, etc. This
drastically simplifies management and also allows the system to leverage a core set of unified data services for both block and file,
since both types of storage are implemented and provisioned at the same level using the same hardware.
Figure 1 – Unified Storage Pool
Because Unity has a single-enclosure, two-storage-processor architecture with no concept of designated file hardware, file data is
served through virtual file servers known as NAS Servers, which may reside on either storage processor. A NAS Server, which is
required before creating file systems, allows for multi-tenancy in that each contains its own distinct set of configuration information
and file interfaces. Because each NAS Server is logically separate, it is possible to segregate access so that clients of one NAS Server
are not able to access data on another NAS Server and vice versa. Each NAS Server may contain up to 10 interfaces and a variety of
configuration information including naming services, sharing protocols, active directory domain settings, a UNIX directory service,
user mapping configuration, data protection settings and more. Once a NAS Server with the appropriate protocol configuration
exists, administrators can create file systems and leverage many of their advanced capabilities available in Unity.
The all new Unity File System brings a number of improvements over existing NAS file system technologies. With the 64-bit
architecture, Unity File System is able to scale far beyond the limitations of previous file systems in many areas, including file system
size. The file system is also flexible and well suited to both traditional and transactional use cases, providing value over existing
technologies in a variety of way including:
•
Scalability
•
Storage Efficiency
•
Availability and Recoverability
•
Virtualization
•
Performance
In addition, Unity File Systems feature a full set of functionality enabling them to be utilized and protected as efficiently as possible.
While several features including quotas, shrink, and reclaim are purpose built for Unity File systems, others leverage Unity’s deep
integration between block and file to provide truly unified data services applicable to both block and file storage resources. Below are
the features that interact with or utilize Unity File Systems:
7
•
•
File features:
o
Quotas
o
Shrink and space reclaim
o
NDMP backup
o
Multiprotocol
o
Antivirus
Unified features:
o
Space efficient snapshots
o
Asynchronous replication
o
FAST Cache and FAST VP
o
Data-at-rest encryption
SCALABILITY
Unity File Systems allow for enhanced scalability in a number of different areas, including maximum file system size. Unity File
Systems can accommodate more data, directories, and files than previous file system architectures, making Unity ideal for traditional
and transactional NAS use cases. The table below covers several of the scalability attributes of file systems in Unity.
Table 1 – File System Scalability
File System Attribute
Unity File System
Maximum file system size
Subdirectories per directory
Files per file system
Filenames per directory
ACL IDs
Timestamp granularity
64TB
~10 million
~32 billion
~10 million
4 million
1 nanosecond
AVAILABILITY AND RECOVERABILITY
Unity File Systems include enhanced availability and recoverability measures in order to minimize downtime. Fault containment and
panic avoidance allow the Unity system to recover corrupted file systems while they remain online in some cases, and avoid
impacting the file system’s associated NAS Server in the case where a corrupted file system must be taken offline for recovery. Due
to Unity’s truly unified architecture, a file system does not share a second level “file pool” with other file systems. This means that
there is no ability for a faulted file pool LUN to potentially affect multiple associated file systems, improving fault isolation.
SPACE EFFICIENCY
Unity’s unique file system architecture and unified storage pools allow for extreme flexibility as changes arise in file storage
environments. When requirements change, file systems can easily be extended to provide more capacity or shrunk to reclaim unused
space back to the unified pool to be available for use by any type of resource. Unity also intelligently monitors existing file systems
continuously for suboptimal space utilization, and will initiate automatic extension and shrink operations as needed to ensure
capacity is being used as efficiently as possible. These operations are fully integrated with all Unity data services to ensure that file
system size can always be modified to best fit changing environments without impacting or being restricted by data protection or
performance requirements.
PERFORMANCE
The Unity File System is an entirely new file system architecture designed with both transactional and traditional NAS use cases in
mind. Because of this, performance is a main priority, even in the presence of extreme scalability. Unity File Systems are able to
scale to maximum size without significant performance degradation, all while leveraging the multicore optimized architecture of Unity
storage systems. For more information on best practices when configuring Unity File Systems, refer to the EMC Unity: Best Practices
Guide on EMC Online Support.
8
VIRTUALIZATION
Unity also includes tight integration with VMware vSphere that benefits file storage administrators and virtualization administrators
alike. In addition to traditional SMB and NFS file systems, Unity allows users to create a special NFS file system type optimized for
VMware use. In Unisphere, this can be accomplished by creating a VMware NFS datastore from the VMware Storage page. When
giving access to an ESXi host previously discovered from the VMware Access page, the VMware NFS datastore will be automatically
detected and mounted as a datastore on the ESXi host with no manual intervention necessary.
In addition, Unity VMware datastores give administrators the unique ability to select the underlying file system block size to best
match the host I/O size of the intended application. A file system block size is the smallest guaranteed physical mapping within a file
system, which is set at 8KB for Unity SMB and NFS file system. However because NFS datastores are often intended for specific
application workloads, Unity provides the ability to set this block size to 8KB, 16KB, 32KB, or 64KB during datastore configuration to
best accommodate the I/O size typically used by particular applications. Because administrators may not always be aware of the host
I/O size of their intended application, Unity maintains an internal mapping of application to I/O size for popular applications, which
allows users to simply specify the intended application instead. Unity will then configure the backend file system block size to match
the I/O size used by this application. Applications with predefined host I/O sizes include:
•
Exchange 2007
•
Exchange 2010
•
Exchange 2013
•
Oracle
•
SQL Server
•
VMware Horizon VDI
•
SharePoint
•
SAP
Figure 2 - Host IO Size
This approach of allowing administrators to specify the file system block size has two advantages over a single fixed block size. First
of all, an 8KB block size is unnecessarily granular for applications that address storage in larger increments such as 64KB, so it is
more performance-efficient to match the file system block size to the application I/O size. Secondly, from a recovery perspective,
fewer larger blocks reduce FSCK (file system check) times considerably when compared to more numerous smaller blocks. This is
especially important for scaling purposes to avoid long FSCK times in the presence of the very large file systems supported in Unity.
While this feature provides potential benefits, it is important to be sure of the correct application or I/O size setting when changing
the default of 8KB. Choosing an incorrect IO size can be detrimental to the performance of the file system and impose unnecessary
flash wear penalties when the configured IO size is larger than the actual IO size of the application. Because of this, it is recommend
to leave the default and minimum IO size of 8KB for general purpose VMware datastores or for those where the intended application
of host IO size is unknown.
9
As an additional point of integration, Unity File Systems support VMware vSphere Storage APIs for Array Integration (VAAI) through
a VAAI plugin, allowing for hardware acceleration and offloading through access to supported file primitives including FAST Copy,
Snap-of-Snap, Extended Statistics, and Reserve Space. Because of Unity’s scalable 64-bit file system architecture, up to 256 levels
of VM snapshots are possible with VAAI. With this capability, administrators can provision multiple levels of snapshots (also called
fast clones) from a single golden image. In the figure below, a base VM is used as a source or golden copy for a snapshot to be
taken. Similarly, a snapshot can then be taken of this snapshot. This process can then continue to create additional levels of
hierarchical snapshots as necessary.
Figure 3 - VAAI Snap-of-Snap
This functionality can be useful in many different cases, such as virtual desktop infrastructure or test and development. For example,
these types of hierarchical snapshots can be leveraged as part of a software development environment where developers need to
test out incremental changes to a base version of an operating system. As updates of minor software patches are installed, the test
environment virtual machine could be snapped at every level in order to test the impact of each level of incremental software
changes. This incremental testing and protection can continue until a final production version of the software is developed.
FILE SYSTEM OPERATIONS
Unity File Systems are built to meet administrators’ changing needs as easily and flexibly as possible. Unity allows for increased
flexibility by providing the ability to shrink and extend all file system types. With manual and automatic file system extension and
shrink with reclaim, Unity makes the most efficient use of pool capacity at all times and allows administrators to respond to changing
environmental factors including file system utilization, pool utilization, and client capacity demands. Each of these space efficiency
operations can be executed or monitored easily through Unisphere, without requiring administrators to meticulously plan file system
size changes or perform complex migrations as requirements change.
FILE SYSTEM SHRINK AND EXTEND
All file systems have three properties related to capacity: size, allocated space, and used space. Size, or total space, is the
provisioned capacity of the file system as specified at creation and exposed to the client. For example, a new 64TB file system will
have a size of 64TB, even though very little space is actually being consumed from the pool. In contrast, allocated space is the
amount of space actually consumed or reserved from the pool. Total size and allocated space are related to the concept of
overprovisioning in that the sum of the total size of all file systems in a pool may exceed the actual size of the pool, as long as the
sum of the allocated space does not exceed the space available in the pool. For example, a 10TB pool may contain four 3TB file
systems, as long as the sum of the file systems’ allocated space does not exceed 10TB. The final type of file system space tracked in
Unity is used space. Used space is the actual user capacity as seen from the client. For example, if one of our 3TB file systems has
reserved 1TB of space from the storage pool but only 500GB of files actually reside in the file system, then Size = 3TB, Allocated
space = 1TB, and Used space = 500GB. As a rule, Total size > Allocated space > Used space.
10
Figure 4 - File System Space
Similarly, these values are also shown in Unisphere on the file system properties page to illustrate file system space utilization. The
figure below shows how a file system might appear in Unisphere, where the allocated and total space are shown using bars similar to
those on the previous figure, and used space is shown as a numeric value.
Figure 5 - Unisphere File System Space
With an understanding of these different values and how they apply to file systems in Unity, we will take a look at the various
extension and shrink operations that can be performed on file systems and how each operation affects file system space.
MANUAL EXTENSION
When manually extending file systems, only the total size is changed. The allocated and used space remains the same as before the
extension. In Unisphere this can be performed by simply changing the Size attribute of the file system from the file system
properties page. After extension, the additional space will be visible to the clients of the file system.
MANUAL SHRINK
When an administrator wishes to reduce the client visible file system size and potentially reclaim space to the underlying storage
pool, a manual shrink operation can be initiated. This is done in the same way as a manual extension, by changing the file system
size in Unisphere to the new desired size. After the shrink operation completes, clients will see the new advertised file system size.
Manual shrink operations may also return unused space to the storage pool, depending on the size of the shrink and the current
allocation of the file system. Manual shrink operations can only return space to the pool if the file system is shrunk into allocated
space, and will return to the pool a maximum of the difference between the allocated space and the new total size after shrinking. To
illustrate this, consider the file system from the previous example: Size = 3TB, Allocated = 1TB, Used = 500GB. Manually shrinking
this file system from 3TB to 1TB would return no space to the pool, as the file system was not shrunk into allocated space. However,
shrinking from 3TB to 0.9TB could potentially return up to 0.1TB to the pool, depending on the existence of snapshots.
11
Figure 6 - Manual Shrink Confirmation
It is never possible to shrink into used space, so attempting to reduce the file system size to less than 500GB would fail in this
example. The figure below shows the confirmation message when attempting to shrink a file system in Unisphere, which will
calculate the expected amount of space to be reclaimed to the storage pool depending on the current allocation of the file system
and requested size. Note that this message indicates that the amount reclaimed depends on the existance of snapshots. This is
because snapshots of the file system are required to preserve a view of the file system associated with a particular point in time, and
therefore the system cannot allow any blocks associated with an existing snapshot to be reclaimed to the storage pool, even if that
space is unused at the current point in time.
For example, suppose a snapshot is taken of a fully allocated 100GB file system. After taking the snapshot, the administrator
immediately shrinks the file system to 80GB. Because the snapshot must preserve the point-in-time view of the 100GB file system,
the file system shrink operation will succeed in reducing the size of the current production file system, but will not return any space
to the storage pool. Despite being shrunk from the production file system, the 20GB is still associated with the snapshot taken
previously, and therefore must be preserved in the event the snapshot needs to be restored in the future. In this circumstance, the
confirmation message would show only a very small amount of metadata space to be reclaimed.
Figure 7 - Manual Shrink Confirmation with Snapshot
Note that this is an extreme example used to illustrate the potential effect of snapshots on file system shrink operations, rather than
a typical case. The amount of space reclaimed is a function of the amount of changed data since the last snapshot was taken. The
less data that has changed since the last snapshot was taken, the larger the apparent disparity in shrunk data and reclaimed space.
In the example above, notice that the shrink operation was initiated immediately after taking the snapshot, meaning the snapshot
and production file system contained exactly the same data at the time of the shrink operation. Because all 20GB being shrunk was
also tied to the snapshot, none of this space could be returned to the pool. However if the shrink operation were instead initiated
later, after some changes had been made to the data, the snapshot and current file system would no longer be identical. In this case
the file system would contain blocks not also associated with any snapshot, and therefore eligible to be reclaimed as part of the
shrink operation. For more information on snapshots, see the EMC Unity: Snapshots white paper on EMC Online Support.
AUTOMATIC SHRINK
Under normal operation, Unity File Systems automatically adjust the allocated space in order to optimize storage pool usage. An
automatic shrink is this automatic adjustment depending on the ratio of used-to-allocated space. This is because a low used-toallocated ratio does not represent ideal space utilization, since the allocated but unused space is essentially wasted, and could
potentially be used by other pool resources if it were reclaimed to the pool. In Unity, file systems become eligible to be automatically
shrunk (have their allocated space reduced) after maintaining an unacceptably low used-to-allocated space ratio for a predefined
period of time. Consider the file system from the previous example: Size = 3TB, Allocated = 1TB, Used = 500GB. The used space is
12
very low relative to the allocated space, utilizing only half of the space reserved from the storage pool. Unless clients begin using
additional space from the file system, the Unity system will eventually de-allocate a portion of the 1TB allocated space back to the
underlying storage pool to potentially be used by other resources requiring this space. This process monitors the file system
utilization for several hours prior to initiating the shrink, in order to avoid shrinking a file system prematurely only to be required to
re-allocate the space when clients begin to add additional data. Once the used-to-allocated ratio has remained at a sufficiently low
value for an appropriate amount of time the shrink will be initiated. As discussed in the previous section, the actual space reclaimed
to the storage pool as a result of a shrink operation will vary based on the existence of snapshots.
AUTOMATIC EXTENSION
As the used space in a file system increases as a result of more data being added to the file system, more space is required to be
reserved from the storage pool in order to accommodate this new data. As a result the file system will reserve additional space from
the pool, increasing the allocated space in the file system. This happens without user intervention, and will continue up to the
advertised total size of the file system. When the allocated space reaches the total size of the file system, no new allocations will be
made unless an administrator first manually extends the total size of the file system.
QUOTAS
Unity includes full quota support to allow administrators to place limits on the amount of space that can be consumed from a user of
a file system or directory, or a directory itself in order to regulate storage consumption. These simple but flexible quotas are
supported on SMB, NFS, and multiprotocol file systems and can easily be configured through any of the available management
interfaces. Note that due to the particular targeted use case of VMware file datastores, quotas are not available for this resource
type.
QUOTA TYPES
Unity supports three types of quotas for all file systems: File system user quotas, Quota trees, and Quota tree user quotas. All three
types of quotas can coexist on the same file system and may be used in conjunction to achieve finer grained control over storage
usage.
File system user quotas are set at a file system level and limit the amount of space a particular user may use from a file system.
Administrators also have the ability to choose whether to enforce user quotas for the file system. If quotas are not enforced they will
still be tracked for the file system however users will not have their file system usage restricted in accordance with the quotas. By
default, quotas are not enforced, however this can be changed in the Manage Quota Settings dialog box along with the default user
quotas. Default file system level quota limits are applied automatically to all users who access a file system, however these can be
overridden for specific users as necessary by creating a new user quota in Unisphere. Because all unspecified users are subject to the
default quota settings by default, there is no ability to “delete” user quotas. Instead a user quota can be set to 0 to allow unlimited
access, or reset to the default limits, in which case the particular entry would be removed from the user quota list in Unisphere but
remain in effect with the default settings.
Quota trees limit the maximum size of a particular directory in a file system. Unlike user quotas, which are applied and tracked on a
user by user basis, quota trees are applied to directories within the file system. In Unity, Quota trees can be applied on new or
existing directories.
If an administrator specifies a nonexistent directory when configuring a new quota tree, the directory will be automatically created as
part of quota configuration. However an administrator may also specify an existing file system directory with existing data when
creating a quota tree, allowing the ability to implement quotas on existing file system and directory structures after they have
already been in production. Note that quota trees may not be nested within a single directory. For example if a quota tree has been
created on /directory1 another quota tree cannot be created on /directory1/subdirectory1. However it is possible to have quota trees
on /directory2, /directory3, etc.
Once a quota tree has been created, it is also possible to create additional user quotas within that specific directory. Similar to file
system level user quotas, the administrator has the option to whether to enforce user quotas specific to this directory and set the
default quota limits for the directory. As an example, user Chuck may have a user quota of 25GB at the file system level, and then
the additional restriction of a 10GB user quota within /directory1 which is limited to 100GB for all users combined. The figure below
shows an illustration of the quota hierarchy possible with the combination of user quotas and quota trees, including directory-specific
user quotas.
13
Figure 8 - Quota Hierarchy
QUOTA LIMITS
All quotas consist of three major parameters which determine the amount of space that may be used in a file system in a certain
scenario, and define the behavior of the file system or directory when a limit is being approached or exceeded. These parameters
are:
•
Soft limit (GB)
•
Grace period (time)
•
Hard limit (GB)
Each of these is configured during quota creation or inherited from the default settings for all quotas. The soft limit is a capacity
threshold above which a countdown timer will begin. While the soft limit may be exceeded, this timer, or grace period, will continue
to count down as long as the soft limit is exceeded. If the soft limit remains exceeded long enough for the grace period to expire, no
new data may be added to the particular directory or by the particular user associated with the quota. However if sufficient data is
removed from the file system or directory to reduce the utilization below the soft limit before the grace period expires, access will be
allowed to continue as usual. A hard limit is also set for each quota configured. Upon reaching a hard limit, no new data will be able
to be added to the file system or directory. When this happens, the quota must be increased or data must be removed from the file
system before additional data can be added. The following figure illustrates this quota behavior.
Figure 9 - Quota Normal Operation
Suppose the following user quota has been configured on a file system for a particular user: Soft limit = 20GB, Grace period = 1 day,
Hard limit = 25GB. The user begins copying data to the file system, and after some time the user has stored 16GB of files on the file
system. Because this is below the limits for the user’s quota, the user is still able to add more data to the file system unimpeded.
14
Figure 10 - Quota Soft Limit Passed
After some time the user continues to add data to the file system, crossing the 20GB soft limit. At this point the user is still able to
add additional data to the file system, however the grace period of 1 day begins to count down. The storage administrator receives
an alert in Unisphere stating that the soft quota for this user has been crossed. If the user does not remove data from the file system
prior to the expiration of the grace period, they will no longer be able to add data to the file system until enough data is removed
from the file system for the usage to fall below the soft limit.
However if the user continues writing to and using additional space from the file system despite passing the soft limit, they may
eventually reach the hard limit. When this happens, the user will no longer be able to add data to the file system. Administrators will
also receive a warning in Unisphere informing them that the hard limit has been reached.
Figure 11 - Quota Hard Limit Passed
QUOTA POLICY
When using quotas, administrators have the option to calculate file system usage in one of two ways. This option, which is
configured on a per file system basis, may be set to File Size or Block based calculation. When using the default setting of File Size,
disk usage is calculated based on logical file sizes in 1K increments. Because of this, it is possible that used space may be reported
from a quota perspective as more than the actual usage if holes exist in a sparse file. This setting is generally recommended for
Windows environments. The Block quota policy calculates disk usage in 8KB file system blocks, and is accurate with regard to the
actual allocation down to the block level. This setting is recommended for UNIX environments. It is possible to change the quota
policy of a file system with existing quotas online, which will initiate a recalculation of the space used for all quotas. If a manual
quota recalculation is desired, one can be performed by changing the quota policy and then resetting the policy back to the original
setting.
PROTOCOL OPTIONS
Unity supports the concurrent use of all major NAS protocols, including SMB, NFS, FTP and SFTP. Protocol support is configured at
the NAS Server level, which allows the creation of file systems that can be accessed over that protocol. It is possible for each NAS
15
Server to be configured to support one or many different protocols depending on the specific needs of the environment. When
enabling a protocol for a NAS Server, there are also additional options that can be enabled both at the NAS Server and share level.
SMB
SMB support is initially enabled on the NAS Server level during or after creation, allowing administrators to create SMB-enabled file
systems on that NAS Server. When enabling SMB support on a NAS Server, the SMB server can either be standalone or Active
Directory domain joined. Each SMB file system and share has additional advanced protocol options that are disabled by default but
can be set by administrators. SMB protocol related options are shown in the table below.
Table 2 - SMB Options
Protocol Options
Sync Writes Enabled
Oplocks Enabled
Notify On Write Enabled
Notify On Access Enabled
Continuous Availability
Protocol Encryption
Access-Based Enumeration
Branch Cache Enabled
Offline Availability
UMASK (multiprotocol only)
Level
Default
File system
File system
File system
File system
Share
Share
Share
Share
Share
Share
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Manual
022
CONTINUOUS AVAILABILITY
Continuous availability is an SMB 3.0 specific feature that can be enabled at the share level in Unity. In the event of a client or
storage processor failure, continuous availability allows persistent access to Unity File Systems without loss of the session state. This
is useful for critical applications such as Hyper-V or SQL, where constant availability to files is of the upmost importance. SMB 3.0
uses persistent handles to enable the Unity NAS Server to save on disk-specific metadata associated to an open handle. In the event
of an SP failure, applications accessing open file content are not affected as long as the NAS Server and file system failover to the
peer SP completes within the timeout of the application. This results in clients transparently reconnecting to the peer SP after the
NAS Server failover without affecting those clients’ access to their files.
Continuous availability also transparently preserves access in the event of a node failure within a client application cluster using the
concept of an application ID. When a failure of one node in the cluster occurs, the application is moved to the other node and
reopens its content on the share from that node using its originally assigned application ID without an interruption in access.
PROTOCOL ENCRYPTION
Protocol encryption is an SMB 3.0-specific share level parameter that can be set in Unity. This option provides in-flight data
encryption between SMB 3.0 compatible clients and the Unity NAS Server. Data is encrypted by the client before being sent to the
NAS Server, and vice versa. It is then decrypted upon reaching its destination, whether that is the NAS Server or SMB client. By
default, any attempted access to an encrypted share by clients that do not support encryption (pre-SMB 3.0) will be rejected. It is
possible to change this setting in the NAS Server registry however, along with the option to encrypt all NAS Server shares, which is
disabled by default.
ACCESS-BASED ENUMERATION
Access-based enumeration is a share-level option that restricts the display of files and folders based on the access privileges of the
user attempting to view them. Without access-based enumeration, all users are able to view all files and folders within a directory to
which they have access. However they will not be able to open or view these files and folders without the appropriate access
privileges. When access-based enumeration is enabled on a share, users will only be able to see files or folders for which they have
at read access or above. For example, without access-based enumeration a user without access to several files would still be able to
see that those files exist in a directory to which they have access. However with access-based enumeration, that same user would
not even see those same inaccessible files in the directory. Administrator users are always able to see all files and folders, even
when access-based enumeration is enabled on a share.
BRANCH CACHE
BranchCache is a share level option that allows users to access data stored on a remote NAS Server locally over the LAN without
being required to traverse the WAN to access the NAS Server. This is most useful in a remote or branch office environment, where
16
branch offices are required to access data stored on a remote server at the main office. BranchCache allows this data to be cache
locally at the branch, either by a single designated branch cache server or distributed across clients, in order to reduce WAN
bandwidth used by many clients constantly and repeatedly traversing the WAN for the same data. With BranchCache enabled, clients
requesting data from the remote NAS Server across the WAN will first search the local area network cache for this data. If all or
some of the data is available locally, either on the designated branch cache or another client computer, the data will be retrieved
locally. Any data that is not cached locally with be retrieved from the NAS Server over the WAN, and then cached locally for future
requests.
OFFLINE AVAILABILITY
Offline Availability is a share-level attribute that allows administrators to determine if and how files and programs in a share will be
available when offline. This allows users to access shares on a server even when they are not connected to the network by storing a
version of the share in a local cache on the client computer. In order for offline availability to function, it must be configured on both
the share and the individual client computers accessing the share. Unity NAS Servers support four options for offline availability,
which are the same options supported by Windows file servers and are shown below.
•
Manual (default) – Only files and programs that the users specify will be available offline. Nothing will be cached without the
user requesting it.
•
Cache all programs and files opened by users – All files and programs that users open from the share are automatically
available offline. Whenever a user accesses a file or program from a share, that content will automatically be cached so as
to be available to that user in offline mode. All files opened will continue to be cached and available for offline access until
the cache becomes full or the user deletes particular files from the cache. Cache content will continue to sync with the
version on the server. Files and programs that have not been opened will not be available offline.
•
Cache all programs and files opened by users, optimize for performance – The same as above, except that executable files
that have been previously cached locally will be run from the cached copy rather than the copy on the share, even when the
share is available. This option is useful for reducing network traffic and performance overhead.
•
None – No files or programs from the share will be available offline. Client computers will not be able to cache any content
from this share for offline access.
NFS
When enabling NFS support on a NAS Server, administrators have several additional options, depending on their environment and
desired configuration. After enabling NFS, administrators have the ability to enable options such as NFSv4 and secure NFS
independently on a per NAS Server basis. Afterward, when creating an NFS file system and share, default host access can also be set
on a share level with exceptions defined for specific hosts. NFS protocol related options are shown in the table below.
Table 3 - NFS Options
Protocol Options
Secure NFS (with Kerberos)
NFSv4
VVols (NFS Protocol Endpoint)
Default Host Access
Level
Default
NAS Server
NAS Server
NAS Server
Share
Disabled
Disabled
Disabled
No Access
SECURE NFS
Traditionally, NFS is not the most secure protocol, because it trusts the client to authenticate users as well as build user credentials
and send these in clear text over the network. With the introduction of secure NFS, Kerberos can be used to secure data
transmissions through user authentication as well as data signing through encryption. Kerberos is a well-known strong authentication
protocol where a single key distribution center, or KDC, is trusted rather than each individual client. When configuring secure NFS in
Unity, a Unix Directory Service must first be enabled, and a Kerberos realm must exist. If an Active Directory domain joined SMB
server existed on the NAS Server, that Kerberos realm may be leveraged. Otherwise a custom realm can be configured for use in
Unisphere.
NFSV4
NFSv4 is a version of the NFS protocol that differs considerably from previous implementations. Unlike NFSv2 and NFSv3, this
version is a stateful protocol, meaning that it maintains a session state and does not treat each request as an independent
17
transaction without the need for additional preexisting information. This behavior is similar to that seen in Windows environments
with SMB. NFSv4 brings support for several new features including NFS ACLs that expand on the existing mode-bit-based access
control in previous versions of the protocol. While Unity fully supports the majority of the NFSv4 and v4.1 functionality described in
the relevant RFCs, directory delegation and pNFS are not supported.
MULTIPROTOCOL
When configuring a NAS Server for protocol access, an administrator has several options. With respect to SMB and NFS, the NAS
Server can be configured in one of the following ways:
•
SMB only
•
NFS only
•
SMB and NFS
•
Multiprotocol (SMB and NFS)
The major difference between enabling both SMB and NFS independently and enabling multiprotocol is that multiprotocol
configurations allow data in a single file system to be accessed through both SMB and NFS concurrently. In contrast, a nonmultiprotocol file system with SMB and NFS enabled individually will require separate file systems to be configured for SMB and NFS,
where SMB users will not be able to access NFS file system data and vice versa. When a NAS Server is designated as multiprotocol,
all file systems on that NAS Server will be multiprotocol accessible.
This allows each SMB user to be mapped to a corresponding NFS user with common access privileges, regardless of which protocol
the user is using to access their file system data. By default, users with the same name in Active Directory and the Unix Directory
service will have their SMB and NFS identities mapped, allowing for multiprotocol access across each protocol. For example, if a user
named Charles possesses a windows domain user account named “charles” and a Unix LDAP account also named “charles,” he would
be able to access the his data with the same privileges across either protocol while being identified as the same user. However if his
windows domain user account name was “charles” but his Unix LDAP account name was “chuck”, his Windows and Linux user names
would not be mapped to one another and identified as the same entity by default. In cases like this where user names differ between
those defined in the Active Directory domain and those defined in the Unix Directory Service (NIS/LDAP), it is necessary to manually
modify the mapping file (NTXMAP) for the NAS Server so that the two disparate user names will be mapped to one another and
identified as the same user. Once this has been done in our example, Charles will be able to access his same data whether accessing
the file system via SMB as “charles” or via NFS as “chuck”.
When creating or managing a multiprotocol NAS environment there are additional configuration options at the NAS Server and file
system levels related to the mapping between SMB and NFS users accessing file system data. These options are shown in the table
below.
Table 4 - Multiprotocol Options
Protocol Options
Default accounts for unmapped users
Access Policy
UMASK (SMB)
Level
Default
NAS Server
File system
NAS Server
Disabled
Native
022
Default accounts for unmapped users allow administrators to designate a specific existing Windows and/or UNIX account to serve as
the mapping destination for all unmapped users wishing to access file system data over the other protocol. For example, in an
environment where many users have only Windows accounts, a default Unix user may be designated in order to allow these
unmapped users to access the multiprotocol file system. Because there is different native security associated with the SMB and NFS
protocols, the access policy is used to define which security is enforced by which protocol. The default of “Native” manages access for
each protocol separately with its own native security.This can be changed to either “Windows” or “Unix” in order to manage the
security for both SMB and NFS in the same way. Setting the access policy to one of these values is recommended when the
multiprotocol environment is heavily weighted toward users of one type or another. The final property, UMASK, works similarly to
UNIX UMASK and restricts default access rights to files and directories created from SMB when the file system access policy is set to
UNIX. However if NFS ALC inheritance is present on the directory, this will take precedence over the UMASK setting.
18
FTP/SFTP
Unity NAS Servers and file systems also support access for FTP and/or SFTP (SSH File Transfer Protocol). FTP access is configured at
the NAS Server level and includes additional options that allow administrators to restrict what users and types of users can access
NAS Server files over FTP. FTP and SFTP can be enabled or disabled individually, as can user access for SMB, UNIX, and anonymous
users. A home directory option restricts access to users who have existing home directories on the file system, however a default
home directory can also be configured to allow all other users access to the file system when this restriction is applied. FTP/SFTP
tracks and records connections and file access for the NAS Server. The audit logging settings also allow administrators to define the
audit log file directory and the maximum size of audit log files.
For more granular control over access, FTP-enabled NAS Servers support defining access control lists. Access can either be allowed
or denied for a user-defined list of users, groups, and hosts in order to restrict FTP access to only the desired users. However users,
groups, or hosts with restricted access to FTP will still be able to access the NAS Server and file systems over SMB or NFS as allowed
by the ACLs or host access configurations for those protocols.
Table 5 - FTP/SFTP Options
Protocol Options
Default
Enable FTP
Enable SFTP
Allow SMB users access to the FTP/SFTP server
Allow UNIX users access to the FTP/SFTP server
Allow anonymous users access to the FTP server
Home directory restriction
Default home directory
Enable FTP/SFTP auditing
Directory of audit files
Maximum size of audit files
Disabled
Disabled
Enabled
Enabled
Enabled
Disabled
/
Disabled
/.etc/log
512 KB
DATA SERVICES
Unity File Systems and NAS Servers support a wide range of data services intended to optimize performance and ensure important
production data is protected in the event of a disaster. These data services range from local snapshots, to remote replication and
backup, to flash efficiency features. Because of Unity’s unique file implementation, pools are truly unified and LUNs and file systems
alike can realize the same benefits from the core unified set of data services.
SNAPSHOTS
Unity snapshots are fully unified and use a common redirect-on-write technology between file and block Unity snapshots are taken,
treated, and scheduled the same way between block and file resources, resulting in a fully unified data protection experience. Unlike
other file snapshot implementations, Unity File System snapshots do not require a separate volume to be set aside to accommodate
snapped data. Instead, changes to snapped file system data are simply written to free space in the same storage pool, as shown in
the following figure. In the figure, a snapshot is taken of a source file system containing data blocks A, B, C, and D.
Figure 12 - Unified Snapshots
19
Afterward, when new data, D’, is written to block D, the new data is redirected to a new location within the same pool and the data
in block D is preserved as part of the snapshot. This works the same way when writing to snapshots that share data with the
production file system. Unless the data is unique to the snapshot, attempting to overwrite a block will redirect the new block to a
new location in the pool.
File snapshots may be restored through Unisphere on a file system level, or by using the Previous Versions in Windows or .ckpt
method in UNIX to copy specific files from a snapshot file system back to the production version. Unity also provides the ability to
provide read/write access to file system snapshots to hosts and clients through shares. In order to do this, the administrator creates
a new file system share using an existing snapshot. As a result, the snapshot data is exposed as a new share of the production file
system, which may then be accessed as a normal share by file system hosts and clients. For more information on Unity’s unified
snapshot technology refer to the Unity Snapshots white paper on EMC Online Support.
REMOTE PROTECTION
By leveraging the unified snapshots technology to preserve point-in-time file and block data, Unity is able to provide unified local and
remote asynchronous replication using the same technology for file and block resources. Unity supports asynchronous replication
down to a 5 minute RPO for NAS Servers and their file systems, and allows failover on a granular resource by resource basis.
Additionally, replication is fully compatible with file system shrink and extend. Whenever a source file system is manually or
automatically shrunk or extended, the replication destination file system will be modified to reflect the same total/allocated space at
the beginning of the next synchronization. In addition, Unity also supports 3-way NDMP, allowing administrators to further protect
file systems through backup to a remote tape library or other supported backup device. Combining these data protection
technologies with local snapshots enable Unity storage systems to be deployed with a wide array of data protection capabilities,
including the ability to replicate to or from multiple arrays in a multisite topology. For more information on Unity remote protection,
refer to the EMC Unity: Replication Technologies white paper on EMC Online Support.
Figure 13 - Asynchronous Replication
FAST SUITE
Unity also provides performance optimization through FAST Cache and FAST VP, and because file systems are provisioned out of the
same unified pools, FAST VP can be applied directly to individual file systems themselves rather than second hand through file LUNs
forming a file storage pool, resulting in greater granularity and efficiency. Because of this, FAST can be leveraged more effectively
and granularly on Unity File Systems. One such example is FAST VP tiering policies, which can be assigned on a per file system basis,
allowing each individual file system to be assigned one of the following policies: Highest Available Tier, Start High then Auto-Tier
(default), Auto-Tier, or Lowest Available Tier. As a consequence it is possible to have a single unified storage pool consisting of many
file systems with different tiering policies, allowing more flexibility when configuring a system to take advantage of FAST VP’s
powerful tiering capabilities. Furthermore, this tiering will be equally as effective for both file or block resources, because the
resources now share a unified storage pool. Similarly, FAST Cache benefits LUNs and file systems equally, ensuring that appropriate
transactional file workloads see a large performance improvement from even a small amount of flash capacity. For more information
on FAST VP and FAST Cache, reference the EMC Unity: FAST Technology Overview white paper on EMC Online Support.
20
CONCLUSION
With the new file capabilities introduced in the Unity storage system, administrators gain access to a much more scalable, efficient,
and high performing file system than previously available. These benefits are a result of the new 64-bit file system architecture,
which also brings improvements in the areas of availability and recoverability. With a rich set of data services, Unity File Systems
have both the power and flexibility to be leveraged for a wide array of traditional and transactional NAS use cases. Also important is
the complete unification of file and block in a single platform. Unity bridges the gap between file and block with truly unified pools
and data services, allowing the core Unity feature set to equally benefit storage environments whether they are NAS, SAN, or a
mixture of both.
REFERENCES
For additional information regarding any of the topics covered in this white paper, refer to the following resources available on EMC
Online Support:
EMC Unity: Snapshots white paper
EMC Unity: Replication Technologies white paper
EMC Unity: FAST Technology Overview white paper
EMC Unity: Unisphere Overview white paper
21
Fly UP