Training for NetApp

Hey quick update, we have the storage in and configured but now we need to get some training.

I think I need to get a customized training class so that we can hit all the major points for the entire staff.

We need NetApp Dataontap General, CIFS, NFS and VMWARE ESX w/NFS.

If anyone has any recommendations on training or trainers let me know. I want to bring it on site.

Initial Disk Layout for nSeries 6040 A20

View this document on Scribd

GigE Config for nSeries/NetApp Cluster

I’ve been reading the forums and blogs but not really seeing any best practices or thoughts about configuring the ethernet ports on the nSeries/NetApp.  I’ve found the IBM Red Book for securing the device but really a guide for configuring the ethernet access.  Whether they can be trunked, VLAN Tagging and ACLs.

Code 20 on the nSeries is Complete

IBM nSeries 6040a

The Code 20 was a success.  The nSeries is up and running.

Our “To Do List:”

• Understand How to Construct various Aggregates
• VMWARE NFS vs. VMFS
• Security on the Filer
• FC Connections to McData Switches

We also really need to pay attention and understand the networking side of the nSeries/NetApp Filer.  Currently we have two GigE interfaces on each controller.  We want to ensure that we have throughput for vision of NFS and CIFS.  We may have to consider burning an open slot later this year for 10GigE.

New IBM nSeries 6040 Has Arrived

We are busy with a Code 20 today for the new IBM nSeries 6040 Cluster.  We have added an addtional 60TB to our SAN Foot print.  We are really anxious to get all of our VMWARE moved over to the new platform.  However, first things first!

 

The Code 20 from IBM Field Engineering has a few problems to cure and I will post more information later.

It’s Been A Long Time

I have not done as I committed to in keeping this blog up to date. I will be posting some of the details that have been woefully missing.

After 191 days wihtout a reboot we suffered a catastrophic failure on our main firewall device. The unit had been “Rock Solid.” Yesterday in the midst of a tornado watch and severe weather situation we lost our utility feed for electricity. Our 40KVA UPS Unit kicked without fail. This unit has been rock solid as well. Those black cabinets with the red writing just perform. I would definitely buy from that manufacturer again without hesitation.

The firewall, which is a very high end chassis based unit, serves multiple functions in our core infrastructure. First it is an OSPF Neighbor with our upstream ISP. We connect directly to a fiber based layer two IP network for internet connectivity. Secondly , the device functions as an intrusion detection device. The system has really excelled in repelling attacks from a location boarding the pacific ocean and another location that was located behind the wall in Europe. Thirdly, the device gives us protection from internal and external threats by isolating our ERP and Database Servers. We transparently inspect and control all traffic destined for these servers. It has saved us much headache. So far we have only had to rebuild servers in the DMZ zone as one would expect. I think they corrupted by a combination of bad software and human behavior. Fourth and finally, we are able to scan all inbound and outbound traffic for viruses and spam. Our spam appliance barely see one third of the traffic it use to see before implementing this class of firewall.

Well, once we came back after abandoning a darkened data center with an exhausted UPS Unit last night, we restarted our systems and core routers. The firewall once restarted gave a configuration of lights that was “Not Good.” The blades that were in HA Mode were not receiving power. The DC Powershelf was a blaze with green status lights indicating full voltage. But the blades in the chassis were completely dark.

We immediately opened a call to TAC and began the laborious process of reseting cards. No luck the brains remained dark. What do now??

We contemplated our next steps as this was a major day for payroll. No access to the ERP means no payroll processing. We thought about restoring the old Nokia IP 440 running Check Point. This device served us well for many years. We thought that it would have most of the major rules and would need only minor updates. We racked the unit and powered the unit to a ready state. To our surprise got absolutely nothing. We knew internet access with our upstream neighbor was a non-issue because of OSPF but we figured we could restore base connectivity to the DMZ and the ERP. Well have made some significant changes to the network during the upgrade such as eliminating RIP. Well without RIP the Nokia IP 440, our old and dear friend, was not going to forgive us for removing and replacing it. So what to do next????

One of techs had an old Netscreen 5GT sitting on his desk. We use these devices a lot to isolate segments of the network where they conduct shall we say odd activities from the everyone else. These devices really perform and are cost effective. We had considered the large Netscreen Devices for many years as our Nokia IP 440 aged and was dropped from support. However, the lure of a consolidated platform won us over to our current platform.

Well after resetting the in place configuration we began testing and configuring this little gem. After about an hour and a half we ready to install the device on to our running network. It took about 30 minutes to get the routes installed correctly and get some test policies up and running. SUCCESS!

In a few minutes we had full connectivity to the ERP via the windows gui. A few more rules and we RDP to the Windows Server up and running. After this long hard battle to regain connectivity we informed managemnt and got the customary “well thats nice but had you told us you could get this working earlier it would have been better.” The thrill of victory snatched from our mouthes once again.

Why Bother…….

Out with the Old, In with the New

The new upgrade the will remove all of the copper blades from all chassis based core router units. The only cards in core chassis will be the high density 10 GigE cards and CPU Modules. All copper connectivity will be shifted to edge devices that will be linked into 10 GigE aggregation switches. All aggregation switches will have redundant 10 GigE connections to two different core router chassis units.

We will be using advanced routing features to segregate and isolate VLANs and subnets from each other. This is probably a good idea given that the College Opportunity and Affordability Act of 2007 (HR 137) is going to have some teeth in it. For years we have been deployng package shaping tecnology from one of the leading vendors in that market to control Kazaa, Bearshare, Limewire and Grokster. It has been a learning process of how best to combat these network nuisances. Everyone who has turned a blind eye to this problem is in for tough times should this bill make through the Senate in its current form.

One a positive note our new Firewall has a lot of these bandwidth shaping capabilities in its native feature set. Its a shame that academia has to be threatened with punitive acts against students to evaluate and take responsibility for certain activities that are clearly wrong. No matter how much you turn a blind eye to these applications under the guise of “Academic Freedom” it just plain WRONG.

Standardized on our First High Capacity UPS Unit

Well, as we move forward with bringing a new building online several house keeping issues have been keeping us pretty busy. The POE switches are absolutely power hungry, they require 600 watts of electricity when all 48 ports are POE Enabled. So we had to hunker down and specify 6KVA UPS Units with a built-in 120VAC Inverter. These units require a 30 AMP 208 Volt Circuit. It has been real stretch to isolate the proper PDU and power cables. It looks like we finally found the a metered PDU with an L6 locking plug that will give 14 C13 208 Ports. We are going to purchase C13 to C14 Power Cables to outfit all the electronics. They will operate at 120 or 240 VAC. So all three stacked closets will get the 6KVA Units and the building entrance will get a small 2KVA Unit to power the 10 GigE aggregation devices.

The outside plant crew supervisor was here today doing optical time domain reflectometer(OTDR) testing. Hopefully all the strands will test perfectly.

Well this stuff isn’t very sexy but it has to be done.

Oops almost forgot, we tested a few of the 10 GigE cards in the main chassis on Saturday Night. The test went well with no major problems.

Single Mode Fiber Pulled Today

We are making progress…….. The outside plant crew got the fiber into the core aggregation areas. We have 64 new strands of Corning Single Mode Fiber Optic Cabling.

Thursday will see the next major step. We will be terminating and polishing the cabling, then putting into the Corning LIUs at each end.

The first hole in the plan

We had our first reshuffling and communication failure.

There is a building being turned over from the general contractor.  However, before the building can be turned over, all of the Energy, Environmental and Security Controls must be attached to the controllers in the other buildings.  Well before you install electronics you have to have the building turned over.

But you have to…….But you cant before….But the before is required before the no wait…..Anyway we had to work with the contractor to get the electronics installed and then make our integrator pull their hair out because they were told the building would be delivered in January and had until the end of to get the building connected to our Metropolitan Area Network(MAN).

One good note the Air Blown Fiber(ABF) is going to allow us to do 10 GigE connections to the MAN. So all in all it will work out but I’m sure this wont be last communication failure in the chaos we have come to call home.