Readers who have installed and configured VMware ESX in a storage area network (SAN) environment know that all the VMware ESX servers in an environment need to see the same LUNs with the same LUN IDs. This is necessary in order to avoid problems with VMFS resignaturing.
Similarly, readers who are familiar with configuring and managing NetApp storage arrays will know that NetApp igroups (initiator groups) are the mechanism whereby a host—or a group of hosts—are granted access to see a particular LUN on a specific LUN ID.
Because the igroup configuration is core to how LUNs are presented to hosts, and because VMware ESX has specific configuration requirements with regards to LUN presentation, it’s necessary to take a closer look at strategies for how NetApp igroups should be configured and managed in a VMware ESX environment. There are basically two approaches:
- Create a single igroup for all the VMware ESX hosts in the environment, then map LUNs to LUN IDs using that single igroup.
- Create a single igroup for each VMware ESX host in the environment, and then map LUNs to LUN IDs for each igroup.
Obviously, each approach has its advantages and disadvantages:
Using a Single Initiator Group:
- Adding a new LUN to the entire group requires only one change: mapping a LUN to a LUN ID for that one initiator group.
- Similarly, only a single change is required to remove a LUN from the entire group of VMware ESX servers, by removing the one group-LUN ID map.
- Storage administrators and VMware ESX administrators are assured that all the VMware ESX hosts will see the same LUNs with the same LUN IDs because all the hosts are placed into one group-LUN ID map. There is very little possibility for error.
- On the downside, there’s no way to prevent a particular host from seeing a particular LUN. All hosts in the initiator group will see the LUN.
- The storage administrator kind of “loses track” of which hosts see the LUNs. Because all the initiators are thrown into the same group, it’s more difficult to track down which hosts see a particular LUN. This is less true for iSCSI—where the hostname is often embedded in the IQN—but more prevalent for Fibre Channel, as the initiator group only contains World Wide Port Names (WWPNs). Mapping WWPNs to actual servers requires some additional steps.
Using Multiple Initiator Groups:
- It’s easier for storage administrators to match hosts to initiators, because each host has its own initiator group on the NetApp storage array.
- The storage administrators and VMware ESX administrators have greater flexibility in determining which hosts see which LUNs, so it’s possible to have a LUN visible to some VMware ESX servers and not others.
- There’s greater room for error in accidentally mapping a LUN to a different LUN ID for one or more of the hosts, which can lead to an inability to access the VMFS datastore on that LUN.
- Multiple changes are required to add or remove a LUN from the entire set of VMware ESX servers; each LUN will have to be individually modified.
One could also mix-and-match these approaches to a certain extent; for example, an organization could employ a “hybrid” model that has the full set of base LUNs exposed to all servers via one large initiator group, but other LUNs exposed on a more granular basis via smaller initiator groups. Since an initiator can be included in more than one initiator group (as long as the initiator group uses the same OS type), this gives some additional flexibility.
I guess the purpose of this post is less to explain the different ways of using initiator groups and more to try to generate some discussion around the various ways they can be used. Hopefully, the initial explanation will be helpful to some readers, but what I’d really like to see is some more advanced and experienced readers sharing their strategies for using initiator groups in larger VMware ESX environments and what “best practices” they may be employing.
Tags: ESX, FibreChannel, iSCSI, NetApp, Storage, Virtualization, VMware
-
“The storage administrator kind of “loses track” of which hosts see the LUNs. Because all the initiators are thrown into the same group, it’s more difficult to track down which hosts see a particular LUN. This is less true for iSCSI—where the hostname is often embedded in the IQN—but more prevalent for Fibre Channel, as the initiator group only contains World Wide Port Names (WWPNs). Mapping WWPNs to actual servers requires some additional steps. ”
Aha…ONTAP 7.3 now provides the ability to Alias each WWPN so you can tell where LUNs are mapped:
> fcp-wwpn-alias set
> fcp wwpn-alias set myESX1_HBA1_Port0 10:00:00:00:c9:48:ce:9f
> igroup create -f -t vmware esx1 myESX1_HBA1_Port0All operations are supported on the aliases
-
looks like I can’t use less or greater than signs so I’ll try using parenthesis:
> fcp-wwpn-alias set (alias_name) (wwpn)
-
On the surface it makes the most sense to me to create iGroups for each ESX Cluster and not for each host. I guess that’s a possible “hybrid”. This way you know that each host in a cluster will see the same LUNs, and the administration benefits of one change (per ESX Cluster) can be realized too. In my experience the need for a LUN to visible to only a few ESX hosts within the same Cluster is extremely rare.
-
VMware best practice is to use single initiator zoning. This has been known to clear up some bizarre problems in unusual situations. It may not be the best idea to throw a bunch of initiators into a group and present them to a bunch of hosts.
-
Steve, you are correct–single initiator zoning (or even single initiator/single target zoning) is a best practice. However, NetApp igroups are independent of zoning; they are a way of managing LUN presentation, not initiator/target visibility. So, it would be very possible to use a SI or SI/ST zoning method but still place all the initiators into a single igroup so that they can see a LUN.
Zoning works at the fabric level, while NetApp igroups work at the storage array level. They are two different things.
I hope this makes sense to you. Thanks for reading!
-
Understood. I had mistakenly been under the assumption we were dealing with iSCSI. Of course zoning is done at the fabric level. Using Fiber Channel where you can set up SI/ST zoning, I believe it would be best to choose the strategy that works best for your environment and Administrators (which is most likely going to be having separate iGroups for individual ESX clusters as Rich suggested). However on iSCSI I would still be wary of presenting all the LUNs from the same iGroup, because you lose the ability to set up proper zoning as iSCSI works on the TCP/IP protocol for switching and routing, instead of FCP.
-
How about when you want a windows host to access the VMware LUNs for VCB(VMware Consolidated Backup)? Should the initiator group os type for the Windows host be Windows or VMware?
-
John,
You’ll want to create a separate igroup (type Windows) for the VCB proxy server, and place the VCB proxy in that igroup. Then map the LUNs (using the same LUN IDs as for the ESX/ESXi hosts!) and you should be OK. Hope this helps!
-
Thank you very much, I had this question/concern for a while.
-
One good reason for going with multiple igroups is if you are hosting VMs in a MSCS cluster and using RDM LUNs; AND only certain ESX hosts in the cluster have participating MSCS guest VMs. According to KB article 1009287 (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009287); “For ESX machines that are exposed to the LUNs used by Microsoft Clustering and no virtual machine on these hosts are involved in MSCS, VMware recommends that you do not expose the LUNs used by MSCS to ESX hosts that are not part of the Cluster configuration. “
-
When mapping a Windows machine to see the ESX LUNs for vRanger, using VCB..they recommend making the LUNs read only to the Windows machine. How do you do that in the NetApp filer?
-
Hi Scott,
What should one do when using RDMs on a NetApp Filer presented to ESX?
Consider, I have a VMFS LUN and an RDM LUN, both need to be presented to my ESX hosts. NetApp advises that my VMFS LUN be setup as a VMware ‘type’ and as the RDM is native to the guest OS it should be configured as needed, for me it’ll be a Windows ‘type’.
When it comes to the iGroup it NEEDS to match the LUN type it is being mapped against. This is fine I will create 2 iGroups (esx_vmfs & esx_rdm) – 1 for each ‘type’….BUT, I can not have my ESX HBA WWNs added to more than 1 iGroup if it is of a differnent ‘type’!!!Im stuck as to what to do for the best.
Do I create both LUNs as either Windows or VMware or go a bit complicated and use iSCSI for my VMFS LUN (I’m only using this VMFS LUN to store the RDM mapping files – everything else is NFS). But I dont see that as the answer becuase ‘what if’ my VMFS LUNs were used by VMs etc. Also I really didnt want to use all 3 protocols in my enivronment!!
Are these LUN types and iGroup types really that crucial?
Would appreciate any thoughts you have on this
Also David, surely suggesting only the ESX hosts that have a running MCSC VM have the LUNs exposed to them, will that not actually limit HA/DRS quite considerably.
Rich.
-
Rich, I think i saw same question from you on now site. I
am stuck with the same problem, did you find an answer for this? If
so can you please share. Thanks Y -
Rich and Yasir, I’m in EXACTLY the same situation. I have setup individual iGroups for each ESX host and when I present a LUN using the NetApp I make sure to map it to each IGroup(ESX host).
Now, I need to have an RDM connected to a VM but can I create another iGroup as type “Windows” (instead of VM) but still use the same WWN as the other ESX iGroups?
I guess the only way to know is to test it, but my environment is EXTREMELY new and we are running short on time before our migration.
Anyone? Anyone? Bueller? Bueller?
Site Sponsors
14 comments
Comments feed for this article
Trackback link: http://blog.scottlowe.org/2008/10/03/netapp-igroup-strategies-for-vmware-esx/trackback/