Don't you wish there was a way to keep that from ever happening again? Big companies and service providers can't afford to have any downtime, so they have elaborate systems of redundant hardware that automatically take over when something goes wrong. Until recently, smaller businesses couldn't easily afford redundant systems. Now there are plenty of affordable options that can harden a small business network.
Divide and Conquer with SANs
The first step in hardening computer networks is to take a divide and conquer approach. This is where you separate the file storage from computing power through the use of Storage Area Networks, or a SAN.
A SAN presents persistent storage to a Windows or Linux server completely transparently. Both Windows and Linux effectively use a SAN just like how an operating system uses a local hard drive.
With a SAN one may easily create backup computer resources and even have off-site backups. With a full SAN deployment it only takes a few keystrokes and mouse clicks to recover from a hard drive failure. A SAN recovers from hardware and software failures within minutes instead of days.
I Want a SAN Now!
Sounds exciting, but how exactly does one buy a SAN? Just a few years ago, the answer would be "call up a SAN vendor and pay a whole bunch of money." The reason was that the SAN computer interconnects and networks were specialized products. The computer boxes that were sold as SAN storage servers were also specialized and commanded a high price to guarantee compatibility.
Fortunately the march of computer technology has make everything cheaper, so that even SAN technology is now affordable. Through the use of standard network and computer equipment, the cost of a SAN has come down nearly ten-fold in the last five years.
Two factors share the honor of bringing SANs to the masses: iSCSI running on Gigabit Ethernet and Free Open Source Software (FOSS). Cheap and fast gigabit Ethernet replaces the specialized computer interconnects sold by SAN vendors. The FOSS stacks FreeNAS and OpenFiler both turn standard computer server hardware into SAN storage servers using a TCP/IP protocol called iSCSI. FreeNAS and OpenFiler used the tried-and-true FreeBSD and CentOS operating systems, respectively.
Servers built with FreeNAS or OpenFiler are called NAS devices, where NAS stands for Network Attached Storage. NAS devices are standard computers configured as a server, with persistent, redundant storage being fast hard drives or maybe SSDs.
As a Dell Partner, Berkeley Logic has found an extremely practical way to create an OpenFiler or FreeNAS server is to order a low-end Dell server with the necessary storage. We make it a single-socket system with 16 GB of RAM. The R310 has worked fine for us. We prefer to use hardware RAID with the PERC controllers, but OpenFiler and FreeNAS are perfectly happy without the extra card. Use a 4 GB SATA DOM (Disk On Module) to install the NAS operating system. Set the server to boot to the SATA device, and away you go!
If you don't feel like rolling your own NAS device with FOSS, there are plenty of affordable iSCSI NAS devices are coming onto the market all the time. Many of them are based on the same Linux and FreeBSD kernels as OpenFiler and FreeNAS.
Be careful, though. Most NAS devices on the market are not iSCSI-compatible. One of the latest compatible market entries is the Buffalo TerraStation iSCSI, which comes in 4 TB mini tower and rack-mount configurations for well under $2,000.
A SAN gets its power by switching connections between servers quickly and easily. Here's a scenario on how a SAN works. A basic SAN configuration is to segregate all of your file shares into an iSCSI volume on a NAS. A separate server computer has Windows Server 2008R2 installed and running. The Windows server attaches the iSCSI volume and publishes the file shares using enhanced Windows DFS file sharing.
Suppose your Windows file server goes down due to a new malware infection. A backup file server can be brought online and attach to the same iSCSI volume and take over where the old server left off. The advanced capabilities of Windows DFS (Distributed File System) makes the server switch invisible to end users.
NAS devices are much more reliable than standard Windows servers due to their small attack surface and advanced security capabilities. Nevertheless, it is reassuring to have a backup NAS sitting around somewhere ready to take over if the main server goes down or needs maintenance.
The combination of Windows DFS replication and iSCSI makes is simple to make an exact, dynamically-updated backup of one iSCSI volume to another iSCSI volume. This backup can be made even better by putting the backup NAS at a branch office location connected by the company Wide Area Network (WAN), thus helping to implement a sophisticated disaster recovery plan.
Upgrading to a basic SAN architecture mainly involves carefully reviewing all of your file shares and organizing them into a Windows DFS hierarchy. After you've implemented DFS, then it's time to bring your new NAS online. Configure the NAS to publish an iSCSI volume, and attach it to your server. Copy all of your files into the new iSCSI volume, move the DFS targets, and your're in business!
DFS can be quite an undertaking in terms of learning Windows. Be sure to check out some links at the end of this post for some resources to get you going.
But, Windows DFS isn't technically needed to get going with iSCSI. DFS is strongly recommended, however, because it implements fail-over transparently to your users. DFS has the added bonus of making iSCSI volume replication a snap.
You may also be wondering how to affordably have a backup to your Windows and Linux servers. One way is to use a Virtual Machine Hypervisor like VMware or Windows HyperV and "physical to virtual" tools to create a backup of all of your servers and keep them on stand-by in your hypervisor host. More on the power of virtualization in hardening a small business network in a future post!
Affordable SANs are now within the reach of many small business network owners. Best wishes as you undertake this exciting upgrade that makes sys admins sleep easier. If you're in the East Bay be sure to give Berkeley Logic a call to help you with your SAN network needs at 510-228-4500.
Vernon Keenan -- June 23, 2012
Fortunately the march of computer technology has make everything cheaper, so that even SAN technology is now affordable. Through the use of standard network and computer equipment, the cost of a SAN has come down nearly ten-fold in the last five years.
Two factors share the honor of bringing SANs to the masses: iSCSI running on Gigabit Ethernet and Free Open Source Software (FOSS). Cheap and fast gigabit Ethernet replaces the specialized computer interconnects sold by SAN vendors. The FOSS stacks FreeNAS and OpenFiler both turn standard computer server hardware into SAN storage servers using a TCP/IP protocol called iSCSI. FreeNAS and OpenFiler used the tried-and-true FreeBSD and CentOS operating systems, respectively.
My NAS must do iSCSI?
Servers built with FreeNAS or OpenFiler are called NAS devices, where NAS stands for Network Attached Storage. NAS devices are standard computers configured as a server, with persistent, redundant storage being fast hard drives or maybe SSDs.
As a Dell Partner, Berkeley Logic has found an extremely practical way to create an OpenFiler or FreeNAS server is to order a low-end Dell server with the necessary storage. We make it a single-socket system with 16 GB of RAM. The R310 has worked fine for us. We prefer to use hardware RAID with the PERC controllers, but OpenFiler and FreeNAS are perfectly happy without the extra card. Use a 4 GB SATA DOM (Disk On Module) to install the NAS operating system. Set the server to boot to the SATA device, and away you go!
If you don't feel like rolling your own NAS device with FOSS, there are plenty of affordable iSCSI NAS devices are coming onto the market all the time. Many of them are based on the same Linux and FreeBSD kernels as OpenFiler and FreeNAS.
Be careful, though. Most NAS devices on the market are not iSCSI-compatible. One of the latest compatible market entries is the Buffalo TerraStation iSCSI, which comes in 4 TB mini tower and rack-mount configurations for well under $2,000.
How do I recover with a SAN?
A SAN gets its power by switching connections between servers quickly and easily. Here's a scenario on how a SAN works. A basic SAN configuration is to segregate all of your file shares into an iSCSI volume on a NAS. A separate server computer has Windows Server 2008R2 installed and running. The Windows server attaches the iSCSI volume and publishes the file shares using enhanced Windows DFS file sharing.
Suppose your Windows file server goes down due to a new malware infection. A backup file server can be brought online and attach to the same iSCSI volume and take over where the old server left off. The advanced capabilities of Windows DFS (Distributed File System) makes the server switch invisible to end users.
NAS devices are much more reliable than standard Windows servers due to their small attack surface and advanced security capabilities. Nevertheless, it is reassuring to have a backup NAS sitting around somewhere ready to take over if the main server goes down or needs maintenance.
The combination of Windows DFS replication and iSCSI makes is simple to make an exact, dynamically-updated backup of one iSCSI volume to another iSCSI volume. This backup can be made even better by putting the backup NAS at a branch office location connected by the company Wide Area Network (WAN), thus helping to implement a sophisticated disaster recovery plan.
Sounds Good, What's Next?
Upgrading to a basic SAN architecture mainly involves carefully reviewing all of your file shares and organizing them into a Windows DFS hierarchy. After you've implemented DFS, then it's time to bring your new NAS online. Configure the NAS to publish an iSCSI volume, and attach it to your server. Copy all of your files into the new iSCSI volume, move the DFS targets, and your're in business!
DFS can be quite an undertaking in terms of learning Windows. Be sure to check out some links at the end of this post for some resources to get you going.
But, Windows DFS isn't technically needed to get going with iSCSI. DFS is strongly recommended, however, because it implements fail-over transparently to your users. DFS has the added bonus of making iSCSI volume replication a snap.
You may also be wondering how to affordably have a backup to your Windows and Linux servers. One way is to use a Virtual Machine Hypervisor like VMware or Windows HyperV and "physical to virtual" tools to create a backup of all of your servers and keep them on stand-by in your hypervisor host. More on the power of virtualization in hardening a small business network in a future post!
Good Luck!
Affordable SANs are now within the reach of many small business network owners. Best wishes as you undertake this exciting upgrade that makes sys admins sleep easier. If you're in the East Bay be sure to give Berkeley Logic a call to help you with your SAN network needs at 510-228-4500.
Vernon Keenan -- June 23, 2012
Resources
- SAN Vendor: EMC - web
- SAN Vendor: Dell - web
- SAN Vendor: HP - web
- NAS Software: OpenFiler - web
- NAS Software: FreeNAS - web
- FOSS: CentOS Linux - web
- FOSS: FreeBSD Unix - web
- Microsoft DFS How It Works - web
- Microsoft DFS Step-by-Step Guide - web
- Microsoft DFS Replication Overview - web
- NAS Vendor Information - WhichNAS - web