ONTAP Hardware
ONTAP Hardware
I need a cheap storage system that can be used in the context of multitenancy. For compliance purposes, I need the following:
-Be able to create two separate IP addresses for iSCSI targets, so that tenant 1's iSCSI network can be on a different vLAN/subnet than tenant 2's iSCSI network.
-Perhaps use a vFiler to separate storage domains for the two tenants.
what is the cheapest FAS series filer that can do this? Does an eSeries filer this? Whatever system I get should be able to separate these two tenants in a way that supports compliance standards like HIPAA, etc.
Thanks!
Solved! See The Solution
Couple of thoughts on E-series vs FAS -
1. E-series is designed specifically to do Block protocols very fast. And it does - the code path/latency through the controller is like only 20% of the code path/latency through a FAS controller. It's a simpler design if all you need is one block protocol type. Possibly cheaper if all you need is one procotol and not a lot of extra fancy snapshot/dedup/etc. that comes with FAS.
2. E-series can do multi-tenancy sort of through LUN groups, in that certain LUNs would only be available through certain interfaces, but it cannot provide 100% isolation. Granted, system admins get full access of course. But with the Multi-Tenancy features in DoT 8.3 FAS can expressly isolate multiple customers from each other. You could in a FAS provide identical "virtual" hardware setups to multiple customers - that is the storage could look exactly identical right down to the IP addresses yet administrators and hosts defined within one customer can be completely isolated from another customer. Available space to allocate storage can similarly be completely isolated (assigning SVMs to unique aggregates if needed). Thus customer level admins can assume they have their own unique storage and only the full cluster admin can see the entire system design.
Direction depends much on the level of isolation and the features you need/want to expose.
Clustered Data ONTAP 8.3 should be able to take care of all of your requirements. Storage Virtual Machines (vserver or SVM) and IP Spaces will take care of the multitenancy requirements you mentinoed. The entry level NetApp platform is the FAS2520 and will be the smallest controller that will run Clustered Data ONTAP 8.3.
OK thanks. Does that mean that I cannot do this with an e-series array?
Also, you did not mention vfiler. Is using a vfiler possible?
How specifically would the tenant storage be isolated?
vFilers are no longer a concept in Clustered Data ONTAP. They equavalent would be the SVM though. The main difference is that SVMs are not tied to a specific piece of hardware. You can find more detailed information on SVMs here . For IP Spaces check out this blog post. If you have any follow up quetions let me know.
OK great thanks. What about e-series - is there an eseries that would meet what I am trying to do cheaper?
To be completley honest I am not an E-Series guy. I can tell you that the E-Series runs SANtricity OS and not Clustered Data ONTAP. I'm not familar with its multitenancy options but my gut reaction is to say it wont support what you are looking for.
Couple of thoughts on E-series vs FAS -
1. E-series is designed specifically to do Block protocols very fast. And it does - the code path/latency through the controller is like only 20% of the code path/latency through a FAS controller. It's a simpler design if all you need is one block protocol type. Possibly cheaper if all you need is one procotol and not a lot of extra fancy snapshot/dedup/etc. that comes with FAS.
2. E-series can do multi-tenancy sort of through LUN groups, in that certain LUNs would only be available through certain interfaces, but it cannot provide 100% isolation. Granted, system admins get full access of course. But with the Multi-Tenancy features in DoT 8.3 FAS can expressly isolate multiple customers from each other. You could in a FAS provide identical "virtual" hardware setups to multiple customers - that is the storage could look exactly identical right down to the IP addresses yet administrators and hosts defined within one customer can be completely isolated from another customer. Available space to allocate storage can similarly be completely isolated (assigning SVMs to unique aggregates if needed). Thus customer level admins can assume they have their own unique storage and only the full cluster admin can see the entire system design.
Direction depends much on the level of isolation and the features you need/want to expose.
ok thanks for the info
