Chapter 12 Deployment Best Practices : Storage Edge Best Practices
Storage Edge Best Practices
This section describes best practices for deploying Storage Edge. It includes the following topics:
  • Segregate Traffic
  • Pin the LUN and Prepopulate the Blockstore
  • Segregate Data onto Multiple LUNs
  • Ports and Type of Traffic
  • Changing IP Addresses on the Storage Edge, ESXi Host, and Servers
  • Disk Management
  • Rdisk Traffic Routing Options
  • Deploying SteelFusion with Third-Party Traffic Optimization
  • Windows and ESX Server Storage Layout—SteelFusion-Protected LUNs Vs. Local LUNs
  • VMFS Datastores Deployment on SteelFusion LUNs
  • Enable Windows Persistent Bindings for Mounted iSCSI LUNs
  • Set Up Memory Reservation for VMs Running on VMware ESXi in the VSP
  • Boot from an Unpinned iSCSI LUN
  • Running Antivirus Software
  • Running Disk Defragmentation Software
  • Running Backup Software
  • Configure Jumbo Frames
    • Segregate Traffic
    At the remote branch office, Riverbed recommends that you separate storage iSCSI traffic and WAN/Rdisk traffic from LAN traffic. This practice helps to increase overall security, minimize congestion, minimize latency, and simplify the overall configuration of your storage infrastructure.
    Pin the LUN and Prepopulate the Blockstore
    In specific circumstances, Riverbed recommends that you pin the LUN and prepopulate the blockstore. Additionally, you can have the write-reserve space resized accordingly; by default, the Storage Edge has a write-reserve space that is 10 percent of the blockstore.
    To resize the write-reserve space, contact your Riverbed representative.
    Riverbed recommends that you pin the LUN in the following circumstances:
  • Unoptimized file systems - Core supports intelligent prefetch optimization on NFTS and VMFS file systems. For unoptimized file systems such as FAT, FAT32, ext3, and others. Core cannot perform optimization techniques such as prediction and prefetch in the same way as it does for NTFS and VMFS. For best results, Riverbed recommends that you pin the LUN and prepopulate the blockstore.
  • Database applications - If the LUN contains database applications that use raw disk file formats or proprietary file systems, Riverbed recommends that you pin the LUN and prepopulate the blockstore.
  • WAN outages are likely or common - Ordinary operation of SteelFusion depends on WAN connectivity between the branch office and the data center. If WAN outages are likely or common, Riverbed recommends that you pin the LUN and prepopulate the blockstore.
    • Segregate Data onto Multiple LUNs
    Riverbed recommends that you separate storage into three LUNs, as follows:
  • Operating system - In case of recovery, the operating system LUN can be quickly restored from the Windows installation disk or ESX datastore, depending on the type of server used in the deployment.
  • Production data - The production data LUN is hosted on the Storage Edge and therefore safely backed up at the data center.
  • Swap space - Data on the swap space LUN is transient and therefore not required in disaster recovery. Riverbed recommends that you use this LUN as a Storage Edge local LUN.
    • Ports and Type of Traffic
    You should only allow iSCSI traffic on primary and auxiliary interfaces. Riverbed does not recommend that you configure your external iSCSI Initiators to use the IP address configured on the in-path interface. Some appliance models can optionally support an additional NIC to provide extra network interfaces. You can also configure these interfaces to provide iSCSI connectivity.
    Changing IP Addresses on the Storage Edge, ESXi Host, and Servers
    When you have a Storage Edge and ESXi running on the same converged platform, you must change IP addresses in a specific order to keep the task simple and fast. You can use this procedure when staging Edges in the data center or moving them from one site to another.
    This procedure assumes that the Edges are configured with IP addresses in a staged or production environment. You must test and verify all ESXi, servers, and interfaces before making these changes.
    To change the IP addresses on the Storage Edge, ESXi host, and servers
    1.
    Starting with the Windows server, use your vSphere client to connect to the console, login and change it to DHCP or the new destination IP address, and finally shut down the Windows server from the console.
    2.
    Use virtual network computing (VNC) client to connect to the ESXi console, change the IP to the new destination IP address, and shut ESXi down from the console.
    If you did not configure VNC during the ESXi installation wizard, you may also use vSphere Client and change it from Configuration > Networking > rvbd_vswitch_pri > Properties.
    Some devices perform better with TightVNC versus RealVNC.
    3.
    On either Edge appliance Management Console, choose Networking > Networking: In-Path Interfaces, and then change the IP address for inpath0_0 to the new destination IP address.
    4.
    Use the included console cable to connect to the console port on the back of the Edge appliance and log in as the administrator.
    5.
    Enter the following command to change the IP address to your new destination IP address.
    enable
    config terminal
    interface primary ip address 1.7.7.7 /24
    ip default-gateway 1.7.7.1
    write memory
    6.
    Enter the following command to shut down the appliance:
    reload halt
    7.
    Move the Edge appliance to the new location.
    8.
    Start your Windows server at the new location and open the iSCSI Initiator.
  • Select the Discovery tab and remove the old portal.
  • Click OK.
  • Open the tab again and select Discover Portal.
  • Add the new Edge appliance primary IP address.
    • This process brings the original data disk to functioning.
    Disk Management
    Disk management configuration is different for the BlockStream-enabled SteelHead EX versus the SteelFusion Edge appliance.
    You can partition the disk space in the SteelHead EX in different ways based on how you want to use the appliance and which license you purchased. VSP and SteelFusion Storage Mode is the default disk layout configured on the SteelHead EX during the manufacturing process. This mode evenly divides the disk space between VSP and SteelFusion functionalities.
    However, if you plan on using the storage delivery capabilities (Storage Edge feature) of the SteelHead EX, Riverbed recommends that you select the SteelFusion Storage Mode disk layout. In the SteelFusion storage mode, most of the disk space is dedicated to Storage Edge blockstore cache, while leaving the required amount for VSP and WAN optimization functionalities. VSP can then use SteelFusion-delivered storage for its datastores—instead of local unprotected storage. This mode allows you to centralize your data center storage for both the operating system and the production data drives of the virtual servers running at the remote branch.
    On SteelHead EX v2.1.0 and later you can use the Extended VSP and SteelFusion Storage Mode. This mode reclaims disk space that is reserved for updating legacy RSP virtual machines to ESXi format.
    The extended VSP stand-alone storage mode and the legacy VSP stand-alone storage mode are designed for SteelHead EX appliances that do not have the SteelFusion feature.
    Use the extended VSP stand-alone storage mode in cases in which you do not want to consolidate the operating system drive of the virtual servers into the data center storage, but instead wants to keep it locally on the SteelHead EX.
    For SteelFusion Edge appliances you can specify the size of the local LUN during the hypervisor installation. The installation wizard allows more flexible disk partitioning in which you can use a percentage of the exact amount in gigabytes that you want to use for the local LUN. The rest of the disk space is allocated to Storage Edge blockstore. Riverbed recommends that you run the hypervisor installer before connecting the SteelFusion Edge appliance to the Core to set up local storage. That streamlines the ESXi configuration. If local storage is configured during the hypervisor installation, all LUNs provisioned by the Core to the SteelFusion Edge is automatically made available to ESXi of the SteelFusion Edge.
    For more information on disk management, see Configuring Disk Management.
    Rdisk Traffic Routing Options
    You can route Rdisk traffic out of the primary or the in-path interfaces. This section contains the following topics:
  • In-Path Interface
  • Primary Interface
    • For more information about Rdisk, see Network Quality of Service. For information about WAN redundancy, see Configuring WAN Redundancy.
    In-Path Interface
    Riverbed recommends that you select the in-path interface when you deploy the SteelFusion Edge W0 appliance or the BlockStream-enabled SteelHead EX (also know as Granite-only mode). When you configure SteelHead EX to use the in-path interface, the Rdisk traffic is intercepted, optimized, and sent directly out of the WAN interface toward the Core deployed at the data center.
    Use this option during proof of concepts (POC) installations or if the primary interface is dedicated to management.
    The drawback of this mode is the lack of redundancy in the event of WAN interface failure. In this configuration, only the WAN interface needs to be connected. Disable link state propagation.
    Primary Interface
    Riverbed recommends that you select the primary interface when you deploy the SteelFusion Edge W1-W3 appliance or the BlockStream-enabled SteelHead EX. When you configure SteelHead EX to use the primary interface, the Rdisk traffic is sent unoptimized out of the primary interface to a switch or a router that in turn redirects the traffic back into the LAN interface of the SteelHead EX to get optimized. The traffic is then sent out of the WAN interface toward the Core deployed at the data center.
    This configuration offers more redundancy because you can have both in-path interfaces connected to different switches.
    Deploying SteelFusion with Third-Party Traffic Optimization
    The Storage Edges and Cores communicate with each other and transfer data-blocks over the WAN using six different TCP port numbers: 7950, 7951, 7952, 7953, 7954, and 7970.
    Figure 12‑1 shows a deployment in which the remote branch and data center third-party optimization appliances are configured through WCCP. You can optionally configure WCCP redirect lists on the router to redirect traffic belonging to the six different TCP ports of SteelFusion to the SteelHeads. Configure a fixed-target rule for the six different TCP ports of SteelFusion to the in-path interface of the data center SteelHead.
    Figure 12‑1. SteelFusion Behind a Third-Party Deployment Scenario
    Windows and ESX Server Storage Layout—SteelFusion-Protected LUNs Vs. Local LUNs
    This section describes different LUNs and storage layouts. It includes the following topics:
  • Physical Windows Server Storage Layout
  • Virtualized Windows Server on SteelHead EX and SteelFusion Storage Layout
  • Virtualized Windows Server on ESX Infrastructure with Production Data LUN on ESX Datastore Storage Layout
    • Note: SteelFusion-Protected LUNs are also known as iSCSI LUNs. This section refers to iSCSI LUNs as SteelFusion-Protected LUNs.
    Transient and temporary server data is not required in the case of disaster recovery and therefore does not need to be replicated back to the data center. For this reason, Riverbed recommends that you separate transient and temporary data from the production data by implementing a layout that separates the two into multiple LUNs.
    In general, Riverbed recommends that you plan to configure one LUN for the operating system, one LUN for the production data, and one LUN for the temporary swap or paging space. Configuring LUNs in this manner greatly enhances data protection and operations recovery in case of a disaster. This extra configuration also facilitates migration to server virtualization if you are using physical servers.
    For more information about disaster recovery, see Data Resilience and Security.
    In order to achieve these goals SteelFusion implements two types of LUNs: SteelFusion-Protected (iSCSI) LUNs and local LUNs. You can add LUNs by choosing Configure > Manage: LUNs.
    Use SteelFusion-Protected LUNs to store production data. They share the space of the blockstore cache. The data is continuously replicated and kept in sync with the associated LUN back at the data center. The Storage Edge cache only keeps the working set of data blocks for these LUNs. The remaining data is kept at the data center and predictably retrieved at the edge when needed. During WAN outages, edge servers are not guaranteed to operate and function at 100 percent because some of the data that is needed can be at the data center and not locally present in the Storage Edge blockstore cache.
    One particular type of SteelFusion-Protected LUN is the pinned LUN. Pinned LUNs are used to store production data but they use dedicated space in the Storage Edge. The space required and dedicated in the blockstore cache is equal to the size of the LUN provisioned at the data center. The pinned LUN enables the edge servers to continue to operate and function during WAN outages because 100 percent of data is kept in blockstore cache. Like regular SteelFusion LUNs the data is replicated and kept in sync with the associated LUN at the data center.
    For more information about pinned LUNs, see When to PIN and Prepopulate the LUN.
    Use local LUNs to store transient and temporary data. Local LUNs also use dedicated space in the blockstore cache. The data is never replicated back to the data center because it is not required in the case of disaster recovery.
    Physical Windows Server Storage Layout
    When deploying a physical Windows server, Riverbed recommends that you separate its storage into three different LUNs: the operating system and swap space (or page file) can reside in two partitions on the server internal hard drive (or two separate drives), while production data should reside on the SteelFusion-Protected LUN (Figure 12‑2).
    Figure 12‑2. Physical Server Layout
    This layout facilitates future server virtualization and service recovery in the case of hardware failure at the remote branch. The production data is hosted on a SteelFusion-Protected LUN, which is safely stored and backed up at the data center. In case of a disaster, you can stream this data with little notice to a newly deployed Windows server without having to restore the entire dataset from backup.
    Virtualized Windows Server on SteelHead EX and SteelFusion Storage Layout
    When you deploy a virtual Windows server into the VSP SteelHead EX infrastructure, Riverbed recommends that you separate its storage in three different LUNs (Figure 12‑3) as follows:
  • You can virtualize the operating system disk (OS LUN) on a VMDK file and hosted on the SteelFusion-Protected LUN, allowing for data center backup and instant recovery in the event of SteelHead EX hardware failure.
  • You can store Swap and vSwap space containing transient data on to local LUNs because this data does not need to be recovered after a disaster.
  • Production data continues to reside on a SteelFusion-Protected LUN, allowing for data center backup and instant recovery in the event of SteelHead EX hardware failure.
    • Figure 12‑3. Virtual Server Layout 1
    Virtualized Windows Server on ESX Infrastructure with Production Data LUN on ESX Datastore Storage Layout
    When you deploy a virtual Windows server into an ESX infrastructure, you can also store the production data on an ESX datastore mapped to a SteelFusion-Protected LUN (Figure 12‑4). This deployment facilitates service recovery in the event of hardware failure at the remote branch because SteelFusion appliances optimize not only LUNs formatted directly with NTFS file system but also optimize LUNs that are first virtualized with VMFS and are later formatted with NTFS.
    Figure 12‑4. Virtual Server Layout 2
    VMFS Datastores Deployment on SteelFusion LUNs
    When you deploy VMFS datastores on SteelFusion-Protected LUNs, for best performance, Riverbed recommends that you choose the Thick Provision Lazy Zeroed disk format (VMware default). Because of the way we use blockstore in the Storage Edge, this disk format is the most efficient option.
    Thin provisioning is when you assign a LUN to be used by a device (in this case a VMFS datastore for an ESXi server, host) and you tell the host how big the LUN is (for example, 10 GB). However, as an administrator you can choose to pretend that the LUN is 10 GB, and only assign the host 2 GB. This fake number is useful if you know that the host needs only 2 GB to begin with. As time goes by (days or months), the host starts to write more data and needs more space, the storage array automatically grows the LUN until eventually it really is 10 GB in size.
    Thick provisioning means there is no pretending. You allocate all 10 GB from the beginning whether the host needs it from day one or not.
    Whether you choose thick or thin provisioning, you need to initialize (format) the LUN like any other new disk. The formatting is essentially a process of writing a pattern to the disk sectors (in this case zeros). You cannot write to a disk before you format it. Normally, you have to wait for the entire disk to be formatted before you can use it—for large disks, this can take hours. Lazy Zeroed means the process works away slowly in the background and as soon as the first few sectors have been formatted the host can start using it. This means the host does not have to wait until the entire disk (LUN) is formatted.
    Enable Windows Persistent Bindings for Mounted iSCSI LUNs
    Riverbed recommends that you make iSCSI LUNs persistent across Windows server reboots; otherwise, you must manually reconnect them. To configure Windows servers to automatically connect to the iSCSI LUNs after system reboots, select the Add this connection to the list of Favorite Targets check box (Figure 12‑5) when you connect to the Storage Edge iSCSI target.
    Figure 12‑5. Favorite Targets
    To make iSCSI LUNs persistent and ensure that Windows does not consider the iSCSI service fully started until connections are restored to all the SteelFusion volumes on the binding list, remember to add the Edge iSCSI target to the binding list of the iSCSI service. This addition is important particularly if you have data on an iSCSI LUN that other services depend on: for example, a Windows file server that is using the iSCSI LUN as a share.
    The best option to do this is to select the Volumes and Devices tab from the iSCSI Initiator's control panel and click Auto Configure (Figure 12‑6). This binds all available iSCSI targets to the iSCSI startup process. If you want to choose individual targets to bind, click Add. To add individual targets, you must know the target drive letter or mount point.
    Figure 12‑6. Target Binding
    Set Up Memory Reservation for VMs Running on VMware ESXi in the VSP
    By default, VMware ESXi dynamically tries to reclaim unused memory from guest virtual machines, while the Windows operating system uses free memory to perform caching and avoid swapping to disk.
    To significantly improve performance of Windows virtual machines, Riverbed recommends that you configure memory reservation to the highest possible value of the ESXi memory available to the VM. This advice applies whether the VMs are hosted within the VSP of the SteelHead EX or on an external ESXi server in the branch that is using LUNs from SteelFusion.
    Setting the memory reservation to the configured size of the virtual machine results in a per virtual machine vmkernel swap file of zero bytes, which consumes less storage and helps to increase performance by eliminating ESXi host-level swapping. The guest operating system within the virtual machine maintains its own separate swap and page file.
    Boot from an Unpinned iSCSI LUN
    If you are booting a Windows server or client from an unpinned iSCSI LUN, Riverbed recommends that you install the Riverbed Turbo Boot software on the Windows machine. The Riverbed Turbo Boot software greatly improves boot over the WAN performance because it allows Core to send to Edge only the files needed for the boot process.
    Note: The SteelFusion Turbo Boot plugin is not compatible with the branch recovery agent. For more information about the branch recovery agent, see How Branch Recovery Works and the SteelFusion Core Management Console User’s Guide.
    Running Antivirus Software
    There are two types of antivirus scanning mode:
  • Ondemand - Scans the entire LUN data files for viruses at scheduled intervals.
  • Onaccess - Scans the data files dynamically as they are read or written to disk.
    • There are two common locations to perform the scanning:
  • Onhost - Antivirus software is installed on the application server.
  • Offhost - Antivirus software is installed on dedicated servers that can access directly the application server data.
    • In typical SteelFusion deployments in which the LUNs at the data center contain the full amount of data and the remote branch cache contains the working set, Riverbed recommends that you run ondemand scan mode at the data center and onaccess scan mode at the remote branch. Running ondemand full file system scan mode at the remote branch causes the blockstore to wrap and evict the working set of data leading to slow performance results.
    However, if the LUNs are pinned, ondemand full file system scan mode can also be performed at the remote branch.
    Whether scanning onhost or offhost, the SteelFusion solution does not dictate one way versus another, but in order to minimize the server load, Riverbed recommends offhost virus scans.
    Running Disk Defragmentation Software
    Disk defragmentation software is another category of software that can possibly cause the SteelFusion blockstore cache to wrap and evict the working set of data. Riverbed does not recommend that you run disk defragmentation software.
    Riverbed recommends that you disable default-enabled disk defragmentation on Windows 7 or later.
    Running Backup Software
    Backup software is another category of software that will possibly cause the Storage Edge blockstore cache to wrap and evict the working set of data, especially during the execution of full backups. In a SteelFusion deployment, Riverbed recommends that you run differential, incremental, and synthetic full and a full backup at the data center.
    Configure Jumbo Frames
    If jumbo frames are supported by your network infrastructure, Riverbed recommends that you use jumbo frames between Core and storage arrays. Riverbed has the same recommendation for Storage Edge and any external application servers (not hosted within VSP) that are using LUNs from the Storage Edge. The application server interfaces must support jumbo frames. For details, see Configuring Edge for Jumbo Frames.