Access Logix

LUN Masking with

Access Logix

Access Logix
1 of 30

Objectives
By the end of this lesson, you will be
able to:
Explain features of Access Logix
Understand CLARiiON Access Logix features
in Navisphere
Configure Data Access
Configure Storage Groups

Access Logix
2 of 30

What is Access Logix?

Access Logix allows multiple hosts attach to the
same storage array by providing LUN masking
capabilities.
It allows multiple NT and/or Unix hosts to share
up to four storage arrays not to exceed a total of
80 devices

Single host zoned to no more than 4 arrays

Single array (FC4500) zoned to no more than 15
hosts (4 for FC5300)

Access Logix
3 of 30

What is Access Logix?

Access Logix is part of the core software (LIC)
on the SP. Specific versions of the Flare code
are Access Logix enabled.

FC4500 (6.32.13/5.32.13)

FC5300 (6.24.05/5.24.05)

Access Logix
4 of 30

Access Logix Concepts

Access Logix implements LUN masking through
a concept known as Storage Groups or Virtual
Arrays.
Storage Groups can be dedicated or shared.
(single server or clustered servers)
Other new concepts:

Fair Access - Keeps one server from monopolizing

the SP
Configuration Access Control - Added level of security

Access Logix
5 of 30

Storage Group
Storage Group

a.k.a. virtual array, LUN masking

A subset of logical units (LUNs) in a physical storage

system reserved for one or more hosts and
inaccessible to other hosts.

The CLARiiON Administrator controls which hosts

access which LUNs by assigning the host and LUNs
to the same storage group.

Without Storage Groups, all hosts can access all

LUNs regardless of operating system
Access Logix
6 of 30

Storage Group - Example

Highly-Available NT Cluster
Inventory Host

Admin Host

H
B
A

H
B
A

H
B
A

Email Server

H
B
A

H
B
A

Fibre Channel
Switch

H
B
A

H
B
A

H
B
A

Fibre Channel
Switch

SP A
Admin
Storage Group

Web Server

SP B
LUN
LUN
LUN

Inventory
Storage Group

LUN
LUN
LUN

Email & Web Server

Storage Group

Physical
Storage System

LUN
LUN
LUN
LUN

Access Logix
7 of 30

Storage Groups - In depth

Host can be added to only 1 storage group per array
Storage Group appears to the host as an entire array
(i.e. Virtual Array)
A mapping table is used to keep track of which Host
LUN is mapped to which FLARE LUN .
Each mapping entry includes:

LUN Alias - LUN number presented to the host starting at 0

and incrementing as LUNs are added
Core Software LUN - LUN number created during the array
bind; is visible as LUN number in Manager Storage Tree

Access Logix
8 of 30

Storage Group - LUN Alias

Physical Array
LUN 0

Translation
Table

Virtual Arrays/
Storage Groups
Storage
Group A

LUN 1

Servers

LUN 0
LUN 1
Server A

LUN 2

LUN 2

LUN 3

LUN 3

LUN 4

LUN 0

LUN 5

LUN 1
Server B

LUN 6
LUN 7

LUN 2

Storage
Group B

LUN 3
Access Logix
9 of 30

Default Storage Groups

Default Storage Group for initiators (HBAs) not
explicitly connected to a storage group

Management - mapping table with no LUNs

Physical - all mapping entries are LUN Alias = Core
Software LUN
Shown under
Engineering Mode

Access Logix
10 of 30

Unique Identifiers (UIDs)

Each Storage Group has an Access Control List
based on the Host HBA UIDs and the LUN UIDs for
exclusive access to resources.
Unique Identifiers

128 bit numbers that uniquely identify objects.

For each type of object (e.g. a LUN), no two objects in the

world have the same UID.

Access Logix
11 of 30

Unique Identifiers (UIDs)

HBA UID is composed of the 64 bit node WWN
followed by the 64 bit port WWN.

Access Logix uses HBA UIDs during access control

checks to determine which host issued a request.

LUN UID is generated by the storage system when

a LUN is bound.

Used by ATF and Access Logix to match LUNs to the

HBAs.

Access Logix
12 of 30

Host Registration with Access Logix

Initiator Registration

A process performed during Agent startup, where the Agent

sends initiator registration information to each array through
all paths.
Can also register HBA through the Connectivity Status
window of Navisphere Manager.

Initiator Registration Records are host registration

information stored permanently on every array.

Each includes: sending HBA UID, receiving SP, initiator

type, hostname, and other information.
Used by the GUI to match HBAs from the same host.
Used by the array to prepare access control information.
Access Logix
13 of 30

Checking Registration Records

Right click the Storage Array in the Storage View and
select Connectivity Status.

Access Logix
14 of 30

Delete a Host Registration

Some instances may require deleting an initiator or
host registration (replace HBA)
There are two methods to delete host registration.

Method 1: navicli port command.

Method 2: Engineering Mode from Navisphere
Manager

Either of these methods only deregisters the HBA.

To actually remove the HBA from the table, a
reboot of the storage array is required.
Access Logix
15 of 30

Deleting Host Registration

Entering engineering mode.
Right click the Storage Array in the Storage View and select
Connectivity Status.
A Deregister button should now be available.

Access Logix
16 of 30

Fairness
Fair access to physical storage-system
resources

Balancing of access to logical units (LUNs) to

ensure that one host does not unfairly monopolize
the resources of the physical storage system.
The process learns how the system is being used
and adjusts to meet the needs of the applications /
databases using the storage array.

Can be disabled if it causes user problems

with resource access.
Access Logix
17 of 30

Implementing Access Logix

Enable Data Access Control

Hosts can now only see their LUNs

Newly connected hosts see no LUNs

Set Configuration Access Control Password

Create Storage Groups as needed

Designate as shared/dedicated
Add LUNs to storage groups
Connect hosts to storage groups

Modify storage groups

Add / remove LUNS

Access Logix
18 of 30

Enabling Access Logix

Access Logix
19 of 30

Enabling Access Logix

Enable Access Logix by
checking the Access
Control Enabled box
and then click Apply.
Once enabled, Access
Logix can ONLY be
disabled through CLI or
the GUI engineering
mode.

Access Logix
20 of 30

Data Access Disable

The navicli command, sc_off, will disable data
access control and turn off Access Logix.

Access Logix
21 of 30

Configuration Access Control

Configuration Access Control

Array management password

Configuration access control lets you limit which

host(s) can access configuration functions on a
physical storage system.

By default, all hosts connected to a physical

storage system have configuration access.

Lost password can be changed by connecting

to the array through the serial interface

LAN interface will NOT work

Access Logix
22 of 30

Enabling Configuration Access Control

Enable Access
Control

Change
Password

Show current
Access
Privileges

Enable/disable
access for hosts

Access Logix
23 of 30

Fair Access

Enable
Access
Fairness

Access Logix
24 of 30

Create Storage Group

Access Logix
25 of 30

Connecting a hosts to SG

Access Logix
26 of 30

Storage Group Associations

Access Logix
27 of 30

Seeing the Results

Access Logix
28 of 30

Seeing the Results

Windows NT/2000:

NT: Reboot, run Disk Administrator

Windows 2000: Rescan using Disk Administrator.

UNIX:

drvconfig, disks and devlinks commands to

configure the devices and links to the new
volumes (LUNs)

Then run format to use the volumes and create

new file systems on the LUNs.

Access Logix
29 of 30