0 Replies Latest reply: Dec 12, 2011 7:49 PM by 904904 RSS

    Suggestions for 7xxx storage and ESXi LUNs, boot-to-san, initiator groups

    904904
      So we have a 7320, that we bought as a follow up to our 7310, which we used for NFS/ESXi guest storage.

      This time around we decided to try out FC HBAs (to/from our Cisco UCS blades). All the basic setup is done, and we actually have a few VMs running on a 'wide open' LUN; and we decided to be extra fancy and use Boot-to-san within the blades, so that the servers have no local storage (plug-n-play). I was pretty happy, not having much of a FC background.

      But now I have a bit of a paradox:
      -In order to 'boot-to-san', each blade needs a boot LUN* .
      -and to be a boot LUN, it must have ID0.
      -obviously we can't have multiple ID0 LUNs visible to the same host, so we made an initiator group (IG) for each host, and made the (10GB) boot lun ID0 for each init-group. Easy.
      -next we wanted a shared storage LUN for the VMs (smallish 750G LUN), and during initial configuration we marked as accessible by 'default' initiators (all FC peers), and that worked fine.
      -However, now, we'd like to 'limit' access to that VM storage LUN, so I went to make an IG with only our ESXi servers in it....
      -But I couldn't, those WWN were already in use, by the mini-IGs needed for boot LUN ID0, and the BUI forbids a WWN from being in more then one IG.

      *( I presume if you booted all blades to the same boot lun and esxi image, you'd have all sorts of problems, to start with duplicate IPs)

      So, now I don't see any way for me to define a new IG that will allow me to restrict access to a intentionally shared LUN (but not shared to all the attached servers), since I have IGs for each server that talks to the SAN in order to allow boot-to-san.

      Am I stuck? Is this simply a limitation of the Sun's FC 'zoning' ability? Is this simply the point when you 'should' upgrade to a FC switch, and do real zoning?
      Any suggestions on how to keep my 'simple' connection between blade servers/SAN, and yet get the reduced LUN visibility I wanted?

      Thanks in Advance.

      (Also, for completeness, I know I didn't mention anything about Target Groups. I don't think I'm interested in using TGs, since I want 'anything' on the SAN to be fully accessible, regardless of which HBA the traffic comes in on. We have HA configuration with the UCS blade chassis; 2x chassis heads ( each with 2x HBAs ), each server heads connected to each of the SAN heads. So, I'm only concerned with the source of the traffic, not how it got 'into' the SAN. )