01-16-2013 11:55 AM
Hi All ,
Could any body provide me with the zoning Architecture between the datasores LUN's and the VMware Backup host HBA? Any official article or document will be good.
- Linux Vmware backup host ( appliance)
-for windows it is clear but for linux machine not!!
what is main concept of this Architecture.
I know that zoning is type of direct SAN connection (path) between the LUN's and the backup host wher the data store should be visible to the VMware backup host .From the appliance I can see the wwn of the datastores but the path is not shown.Is it mandatory the path should be shown too beside seeing the device?
Solved! Go to Solution.
05-01-2013 12:04 AM
Having zoned the Appliance and the SAN storage device together does not necessarily mean the specific LUNs you required are presented. It just means the Appliance has a path(s) to the SAN storage device, as shown in your screenshots.
Can you verify by looking at the EVA / 3PAR configuration interfaces that it really has presented the VMware Datastore LUNs - via the already established zoning paths - to the Nbu Appliance? I think HP calls this "exporting" LUNs to a host, or something. Please post the screenshots of the EVA / 3PAR config interface that shows this, if possible.
The reason why I'm asking is because your SAN people told you that it was a "security risk to give you such access". So they might have done the zoning for you (begrudgingly), but not the LUN presenting/exporting.
The vmdk snapshots you wish to backup via SAN Transport must exist in the Datastore LUNs that the Appliance has SAN visibility to.
could you give more details about this and how it related to zoning with the appliance?
For one, if ESX hosts are running their VMs off NFS connections to the storage (I.e., NFS Datastores), then SAN Transport backup is not possible.
01-16-2013 12:49 PM
Correct. Manual only says:
The backup host must have access to the datastores of the virtual machines.
Figure 1-2 shows a NetBackup for VMware environment on a SAN. The backuphost accesses the VMware datastore directly over the SAN.
To use the SAN transport type, set up the datastore on FibreChannel or iSCSI. In this configuration, the VMware backup host must beable to access the datastore over the SAN.Note: The NetBackup appliance does not support iSCSI.
■ Ensure that the hardware and the SAN are configured properly. The VMwaredatastore where the target virtual machine files exist must be accessible tothe VMware backup host.Note:ASANconnection between the backup host and the datastore is optionalif you use the NBD transfer type or NBDSSL transfer type.■ VMware has specific hardware and configuration requirements. VMware SANrequirements can be found in the appropriate VMware SAN Configurationguide.
NetBackup never mounts the VMDKs anywhere. It is reading at the raw disk read performance while enabling granular recovery using a time tested mapping technology known as Veritas Mapping Services (VxMS).
No special configuration is required in most cases. All that you do is to add the FC adapters World Wide Names to SAN such that it can see the datastore LUNs. Use your favorite device scanning tool (or just do cat /dev/scsi/scsi) to make sure that your SLES media server can see datastore LUNs.
You may need to adjust max_scsi_luns if you have large number of datastore LUNs. I believe (don't quote me on this) the default number of maximum scsi LUNs for SLES is now 512. This is enough in many cases.
01-16-2013 01:01 PM
Thanksssssssss alot for your efforts
please find attached snapshots. could you see any thing wrong in the zoning here!!
are the path should be visible?
Regards,
01-16-2013 01:15 PM
Sorry, I don't have access to our demo unit right now to compare....
Screen shot is also difficult to read (please rather copy text in future).
01-16-2013 01:28 PM
Thats ok .Don't worry, you are always and really trusted advisor.
01-16-2013 05:41 PM
What type of storage are you using as datastore? 3PAR is listed, but it isn't datastore storage, right?
If port WWN is present, it is possible that LUNs is not present to appliance at storage side. Please check if datastore LUNs are mapped to this port WWN and if acccess from appliance's port WWN is allowed.
01-17-2013 12:22 AM
- storage type :3PAR and EVA from HP
you are right .It is shown as device for this I'm fighting with the customer about this but the path is not shown or mapped .As I mentioned before when I'm running command lsscsi it showing that no path (see snapshot attached)
-SAN team confirmed that there are no previliges for zoning.
check if datastore LUNs are mapped to this port WWN and if acccess from appliance's port WWN is allowed.
do you mean to run cat /dev/scsi/scsi as mentioned in Marriane post or there other command showing the mapped path.
the conclusion is that the device is visible to the appliance but the path not mapped to be able to access the VMKD files and read the data inside the LUN's !!!!
01-17-2013 02:24 AM
What I suggested in previous post is that the storage used for datastore does not provide any LUNs to the appliance. Modern storage system has its own ACL and mapping mechanism, and it can control which port in SAN can accesss which LUNs in backing store.
I'm not sure 3PAR and EVA have such functionality, but it is worth to check. It is better to ask storage admin or HP engineer to check and review LUN configuration.
01-17-2013 04:06 AM
You do have masking and mapping inside the 3PAR as well as the EVA, However I have yet to see the zones here. Can your SAN administrator send you the zone information this device is a member of?
01-17-2013 06:36 AM
What I suggested in previous post is that the storage used for datastore does not provide any LUNs to the appliance
Ok , but do you have any idea how the LUN's should be appear inside the appliance?
Here is the issue that I could not see any LUN's ,only device!!
Modern storage system has its own ACL and mapping mechanism, and it can control which port in SAN can accesss which LUNs in backing store.
I believe that SAN team should know this mechanism not me .I provided them all documents reletaed to our backup requirment,but they still not understanding what needed.
I explained them many times the same thing that all datastores (LUN's should be visible to the VMware backup host and this host should be able to enter the LUN's and can read and get the snapshot from there.if there are any read /write permission .it should be given . the path between the storage and appliance should exist and visible.
Regards,
01-17-2013 05:59 PM
Ok , but do you have any idea how the LUN's should be appear inside the appliance?
Sorry, I have no NetBackup Appliance in my lab so I can not confirm that.
But, by device naming, Applicance is based on Linux(SUSE?). LUN should be visible as /dev/sgX if zoning is correctly done AND LUNs are serviced to Appliance's port as soon as LUNs are present in SAN. Or please reboot appliance if possible. LUNs must be recognized after reboot if LUNs are present on Appliance.
Well, storage ports are visible from Appliance, so zoning have been already done correclty. But it is still possible that storages does not serve any LUNs to Appliance. It depends on storage configuration. If storage administrators want to allow minimam access to datastore LUNs when initial setup of storages for VMware datastore, they might configure storage ACL or LUN mappings so as to only ESX hosts can access datastore LUNs.
Is SAN team responsible for both SAN switch and 3PAR/EVA configuration, or only for SAN switch? Please ask who is responsible for 3PAR/EVA configuration in this site to check which posts(WWN) can access datastore LUNs.
01-17-2013 11:51 PM
Appreciate your efforts.
by device naming, Applicance is based on Linux(SUSE?). LUN should be visible as /dev/sgX if zoning is correctly done AND LUNs are serviced to Appliance's port as soon as LUNs are present in SAN. Or please reboot appliance if possible. LUNs must be recognized after reboot if LUNs are present on Appliance.
It is visible as /dev/sgX .Symantec support saw this but hesaid that no path exist between the appliance and the SAN LUN's under path column and this is the issue.the appliance was rebooted then I scan the FC connection but nothing new.
but LUN's are serviced to appliance's port ,what do you mean here?
But it is still possible that storages does not serve any LUNs to Appliance
they might configure storage ACL or LUN mappings so as to only ESX hosts can access datastore LUNs
This is very close to the fact what we looking for .There are limitation to access the LUN's .why?
when I informed them that after the snapshot is done the appliance shpould access the LUN's and will open the VMDK to read that snapshot then send it to the storage,thier answer was impossible there are a security risk to give you such access
Regards,
01-18-2013 11:19 AM
Do any one believe that this is not zoning issue ,but appliance issue? Should the appliance netbackup version be in the same version as master server?
-master server version is 7.5.0.4
-appliance version 2.5 (netbackup 7.5.0.2)
please advice!!
Regards,
01-22-2013 03:35 AM
You do have masking and mapping inside the 3PAR as well as the EVA, However I have yet to see the zones here. Can your SAN administrator send you the zone information this device is a member of?
Unfortunatly , SAN team only confirmed that the zoning is done , and as you can see the wwn of the storage from the appliance this mean that mean that from thier side nothing to do more.
LUN Mapping/LUN masking in the 3PAR and EVA I don't know if they complete such configurarion:
Symantec sent me the following and from my side I shared it with the customer.
Regards,
01-22-2013 03:48 AM
appliance version upgraded to 2.5.1b
Regards,
01-24-2013 04:45 PM
Sorry to be late.
Do any one believe that this is not zoning issue ,but appliance issue?
SAN transport is common use case, so I believe it must have been reported in Late Breaking News or Alerts if Appliance or NetBackup has such defect.
We don't have complete information about your environment, so what we can only to do is providing sugestions and possible scenarios.
BTW, we can not confirm that /dev/sgX is device file for datastore because you masked WWN in screenshots. WWN and LU Number(1 and 2) of /dev/sgX is exactly same with that of datastore LUN shown in ESXs? Does it provide Mirror/Copy/Seconday LUs to the appliance that can not be allowed to read while syncing with original LUs used for datastore?
when I informed them that after the snapshot is done the appliance shpould access the LUN's and will open the VMDK to read that snapshot then send it to the storage,thier answer was impossible there are a security risk to give you such access
This means that your customer does not give the appliance access to datastore LUNs for security reason, right? If so, the reason of this issue is simple. If access from the appliance to datastore LUNs are not allowed, SAN transport is not possible.
04-29-2013 09:52 AM
do you have any update !!!!!!!!!!!!it still not solved
04-30-2013 05:45 AM
I believe that you have more than enough information in above posts.
As per Yasuhisa's last comment:
This means that your customer does not give the appliance access to datastore LUNs for security reason, right? If so, the reason of this issue is simple. If access from the appliance to datastore LUNs are not allowed, SAN transport is not possible.
04-30-2013 06:28 AM
Really I believe now that this issue related to the appliance it self ,because this is third customer where I worked and facing the same issue.the luns are presented andshown but SAN method still not functioning properly
Regards,
04-30-2013 06:57 AM
If you believe this is Appliance issue, please log a support call with Symantec.
You will see many users in Appliance forum using Appliance as fibre transport media server.
Are you 100% sure you have model "D" appliances?