TECHNICAL REPORT

Best Practices Guide for Data Protection with NetApp Filers Running iSCSI
Brett P. Cooper and Nicholas Wilhelm-Olsen, Network Appliance, Inc. April 29, 2003 | TR 3250

TECHNICAL REPORT Network Appliance, a pioneer and industry leader in data storage technology, helps organizations understand and meet complex technical challenges with advanced storage solutions and global data management strategies.

Network Appliance Inc.

TECHNICAL REPORT

Table of Contents
1. Abstract 2. Introduction 3. Data Protection Overview 3.1. Backup and Data Consistency 3.2. Snapshot Technology 3.3. SnapRestore 3.4. SnapMirror 3.5. SnapVault 3.6. SnapDrive 3.7. Native Tape Backup and Recovery 3.8. Network Data Management Protocol (NDMP) 3.9. File Systems That Are Not Capable of Snapshots 3.10. Raw Partitions 3.11. Snapshots 3.12. SnapRestore 3.13. SnapMirror 3.14. SnapVault 3.15. NDMP and Native Tape Backup and Recovery 4. Configuration Models 5. Summary 6. References

Network Appliance Inc.

TECHNICAL REPORT

1. Abstract
Network Appliance is committed to providing fast, simple, highly available, and flexible solutions. In keeping with this tradition, Network Appliance has now added support for the iSCSI protocol to its core line of filers. Now iSCSI, SAN, and NAS technologies are available together on the same physical device with the same level of performance, availability, and simplicity that Network Appliance is known for providing.

2. Introduction
Enterprise corporations around the globe are facing a wide variety of challenges. Challenges from competitors, economic conditions, resource limitations, and other factors make it difficult for a corporation to thrive and grow. In order for these companies to succeed, they rely on their enterprise storage vendors to provide constant data availability and absolute protection from data loss and corruption. Network Appliance has always been a leader in providing the highest level of availability and protection to corporations, as well as educating customers on the best methods for protecting data in their unique environments. The purpose of this document is to educate the reader on the best methods for protecting filers utilizing the iSCSI protocol. This document is intended for storage administrators and systems administrators that have some familiarity with iSCSI, Network Appliance filers, the Network Appliance Data ONTAP operating system, and host-based backup solutions. This document opens with a brief discussion of available data protection technology from Network Appliance. Next, it outlines potential configurations for data protection of iSCSI-only filers as well as filers configured for iSCSI, FCP, and NAS data storage. This document is not intended to be a detailed integration guide for iSCSI backup or third-party backup applications, nor is it an exhaustive list of backup options that may be considered for deployment of iSCSI.

3. Data Protection Overview

In order to discuss models for data protection, it is necessary to first describe the technologies used in these models. This section briefly describes all of these elements. Further explanation as well as command syntax and examples can be found in the Data ONTAP Data Protection Guide, available online at the Network Appliance NOW Web siteregistration is required.

3.1. Backup and Data Consistency

Backing up data to secondary or tertiary storage resources requires the data to be consistent on the primary storage media before it can be copied. Without a consistent image, backups or Snapshot images would be unrecoverable. This is also true for open files on file systems such as NTFS in which major third-party backup tools integrate an open file option as well as a Bare Metal restore option, which will copy operating system files such as the Microsoft Windows registry. Without utilities that can coordinate file system and application consistency on disk, there is a complex process involved in leveraging Network Appliance Snapshot technology. This process is outside the scope of this document and may be referenced in other documentation.

Network Appliance Inc.

TECHNICAL REPORT

3.2. Snapshot Technology

The Network Appliance Write Anywhere File Layout, or WAFL, supports Snapshots, a unique feature that allows administrators to maintain multiple read-only versions online per filer volume. Snapshots, an included component of Data ONTAP software, allow users to recover accidentally damaged or deleted data by utilizing a version of the data from within a Snapshot directory.

3.3. SnapRestore
SnapRestore software leverages the Snapshot feature of Data ONTAP software by restoring a file system to an earlier preserved state. It can be used to recover from a corrupted database, application, or damaged file system. The system administrator can restore a single logical unit number (LUN) or the entire volume containing the LUN to any existing Snapshot. Restored LUNs are available for full production use without rebooting the filer, having returned to the precise state that existed when the selected Snapshot was created. Restoration will take less than a minute regardless of the size of the LUN or volume being restored.

3.4. SnapMirror
SnapMirror software provides a fast, flexible enterprise solution for asynchronous mirroring or replicating data from one filer to another over local or wide area networks. SnapMirror transfers Snapshots from specific points in time to other filers or NearStore appliances. These replication targets can be in the same data center connected via a LAN (local area network) or distributed across the globe connected via MANs (metropolitan area network) or WANs (wide area network) networks. Since it operates at the changed block level instead of transferring entire files or file systems, it greatly reduces bandwidth and time requirements for replication.

3.5. SnapVault
SnapVault software builds on the asynchronous, block-level incremental transfer technology of SnapMirror by providing archival technology. This allows data to be backed up via Snapshots on a filer and transferred on a scheduled basis to a destination filer or NearStore appliance. These Snapshots can be retained on the destination for many weeks or even months, allowing recovery operations to occur nearly instantaneously from this destination system to the original filer.

3.6. SnapDrive
SnapDrive software offers a rich set of capabilities to virtualize and enhance storage management for Microsoft Windows environments. It is tightly integrated with Microsoft NTFS, providing a layer of abstraction between application data and physical storage associated with that data. It facilitates creation and management of virtual devices on the filer, and allows the creation and management of Snapshots either from the Microsoft MMC or via a command line interface. Storage managed by SnapDrive logically appears to the Windows host as locally attached storage. In reality, the capacity comes from a centrally managed pool of networked storage equipped with enhanced attributes. SnapDrive runs on a Windows 2000 host and complements native NTFS volume management with virtualization capabilities. It allows administrators to easily create virtual disks from pools of storage that can be distributed among several storage appliances.

Network Appliance Inc.

TECHNICAL REPORT

Since the iSCSI protocol is a relatively new integration with Network Appliance, utilities including SnapDrive will be forthcoming.

3.7. Native Tape Backup and Recovery

Network Appliance filers support backup and recovery from local, Fibre Channel, and Gigabit Ethernet SAN-attached tape devices. Support for most existing tape drives is included as well as a method for tape vendors to dynamically add support for new devices. In addition, the Remote Magnetic Tape (RMT) protocol is fully supported, allowing backup and recovery to any capable system. Backup images are written using a derivative of the BSD dump stream format, allowing full file-system backups as well as nine levels of differential backups.

3.8. Network Data Management Protocol (NDMP)

The Network Data Management Protocol, or NDMP, is an open standard for centralized control of enterprise-wide data management. The NDMP architecture allows backup application vendors to control native backup and recovery facilities in Network Appliance filers and other file servers by providing a common interface between backup applications and file servers. NDMP separates the control and data flow of a backup or recovery operation into separate conversations. This allows for greater flexibility in configuring the environment used to protect the data on Network Appliance filers. Since the conversations are separate, they can originate from different locations, as well as be directed to different locations, allowing greater flexibility in designing NDMPbased topologies. Available NDMP topologies are discussed in detail in the Data Protection Solutions Overview at http://www.netapp.com/tech_library/3131.html.

3.9. File Systems That Are Not Capable of Snapshots

Applications that are implemented on top of file systems that are not capable of Snapshots, such as NTFS, represent the simplest scenario from a backup and recovery perspective. When backing up these applications, applications must be first quiesced, or taken offline, in order to avoid open files or files changing during the backup operation. Then, file system caches must be first committed before the backup operation commences. The application remains quiesced, or offline, until the backup is completed, at which point normal application operation can resume. This can result in a significant period of unavailability for the application. Some applications have a built-in hot backup mode, allowing a backup to occur while the application operates at a reduced efficiency and often, limited capabilities. This type of mode is typical in messaging and database applications such as Microsoft Exchange and Oracle. It will result in higher overall application availability than not using hot backup mode. However, it can potentially still result in a long interval of reduced efficiency and limited performance. One final alternative is to use an open file manager from a backup software vendor. These applications are designed to handle backup operations on files that are still locked by an application. They work well for simple applications, such as home directories and shared documents. However, they should be avoided with complex applications, such as messaging applications or databases.

Network Appliance Inc.

TECHNICAL REPORT

3.10. Raw Partitions

Some applications have the ability to work directly with raw device partitions, allowing significant performance benefits. In order to back up this application data, however, it is necessary to use specialized modules from a backup software vendor tailored for each application. Without these modules, there is no means of knowing if the data is in a consistent state for backup. When backing up raw partitions, it is usually necessary to place the application in hot backup mode to ensure that the data is consistent. As there is no file system exposed outside of the application, there is no method of performing Snapshots from the host system. Thus, the application must remain in hot backup mode for the duration of the backup operation. Further instructions for backup and recovery of databases utilizing Network Appliance SAN configurations can be found in the Network Appliance Technical Library.

3.11. Snapshots
Snapshots are the most basic element of all filer-based data protection scenarios discussed in this paper. All of the methods discussed below operate with either explicitly named Snapshots or will create, use, and destroy Snapshots as required. Since the internal scheduling mechanism for Snapshot creation within Data ONTAP has no means of ensuring that the data within a LUN is in a consistent state, scheduled Snapshots should be disabled for all volumes that contain LUNs. Either SnapDrive or batch files and scripts should be used on a host that has administrative access to the filer. These scripts must first make the data within the LUN consistent. This could be accomplished by quiescing a database, placing an application in hot backup mode, or even taking the application offline in extreme cases. Next, use the rsh or ssh command to create the Snapshot on the filer. Snapshot creation will take only a few seconds, regardless of volume size or utilization. Finally, the application is returned to normal operation. The Windows Task Scheduler service can then be used to execute this script at specified intervals. To recover a LUN from a Snapshot, the LUN can be cloned as described in the Data ONTAP SAN System Administrator Guide available online at the Network Appliance NOW Web siteregistration is required. Cloning a LUN from a version contained in a Snapshot will cause that Snapshot to be locked. Thus, the Snapshot can only be deleted if the LUN is destroyed and recreated. LUN cloning is typically only done when the cloned LUN is needed for a short amount of time. If the LUN needs to be restored to a previous version permanently, the SnapRestore feature discussed in the next section should be used.

3.12. SnapRestore
SnapRestore will revert a LUN or an entire volume containing LUNs to a previous state in only a few seconds, regardless of size or utilization. Furthermore, the SnapRestore operation takes effect immediately, without requiring a reboot of the filer. When restoring a single LUN, it must be taken offline or unmapped prior to recovery if the LUN has not been destroyed. This makes SnapRestore ideal for environments where very large LUNs are in use, or environments where transaction logs are maintained, such as database applications. Host-based methods would require that all the data within the LUN be recovered block-by-block or file-by-file. This will be extremely time-consuming for large LUNs. On the other hand, SnapRestore can revert the LUN to a previous version nearly instantaneously.
Network Appliance Inc.

TECHNICAL REPORT

SnapRestore dramatically increases application availability, providing extremely fast recovery times for business-critical applications such as databases and groupware.

3.13. SnapMirror
SnapMirror asynchronously transfers volumes or qtrees from a source filer to a destination filer or NearStore appliance. This involves an initial baseline transfer, and block-level incremental updates thereafter. As a result, SnapMirror works very well in LAN and WAN environments where bandwidth is limited. Normally, SnapMirror Snapshot creation and updates are controlled by a schedule local to the filer. Due to the issues discussed previously, Snapshot creation with LUNs must be controlled by host systems. Scripts are set up to create Snapshots as previously mentioned, and then initiate the SnapMirror update to the remote filer or NearStore appliance. These operations can be scheduled on the host system using the Windows Task Scheduler service. SnapMirror is often used for disaster recovery (DR) planning. Here, volumes containing LUNs would be mirrored asynchronously to a filer at a DR facility. Preferably, application servers would be mirrored to this facility as well. In the event that the DR facility needs to be made operational, applications can be switched over to the servers at the DR site and all application traffic directed to these servers as long as necessary to recover the primary site. Once the primary site is online, SnapMirror can be used to transfer the data efficiently back to the production filers. After the production site takes over normal application operation again, SnapMirror transfers to the DR facility can resume without requiring a second baseline transfer. SnapMirror can also be used for backup consolidation or offloading tape backup overhead from production servers. This facilitates centralized backup operations, reducing backup administrative requirements at remote locations. It can also dramatically reduce overhead from stressful backup operations caused by small backup windows on production filers. Since backup operations are not occurring on the production systems, small backup windows are not as important.

3.14. SnapVault
SnapVault builds on the Network Appliance SnapMirror software by providing greater flexibility in the retention of Snapshots on the destination appliance. This makes SnapVault ideal for backing up or archiving Snapshots to a filer or NearStore system. SnapVault can be used in this manner to perform disk-based backups of LUNs to a second filer or NearStore appliance, greatly reducing the time to back up or recover these LUNs when compared to tape-based backup and recovery. Keep in mind that SnapVault, as well as all host-based methods, can only back up and recover an entire LUN. SnapVault will work well with applications that maintain transaction logs, such as databases. The LUN is restored and then transaction logs are rolled forward to bring the LUN to the desired state. With SnapVault, there can be two separate schedules maintained. One schedule controls creation of the Snapshots on the source filer. The second schedule controls transfer of these Snapshots to the destination filer and the amount of time to retain these Snapshots. It is recommended that Snapshots on the source filer be created manually when FCP data is contained on the file system. Scripts should
Network Appliance Inc.

TECHNICAL REPORT

be used to quiesce the application or place it in hot backup mode before creating a Snapshot. Once the Snapshot is created, the application should be returned to normal operation. The Windows Task Scheduler service can then be used to execute these scripts at specified intervals.

3.15. NDMP and Native Tape Backup and Recovery

Tape backup and recovery operations of LUNs should generally only be performed on the filer for disaster recovery scenarios, applications with transaction logging, or when combined with other filerbased data protection elements, such as SnapMirror and SnapVault. All tape operations local to the filer operate on the entire LUN and cannot interpret the data or file system within the LUN. Thus, LUNs can only be recovered to a specific point-in-time unless transaction logs exist to roll forward. Where finer granularity is required, host-based backup and recovery must be used. If the operator does not specify an existing Snapshot when performing a native or NDMP backup operation, the filer will create one before proceeding. This Snapshot will be deleted when the backup completes. When a file system contains FCP data, one should always specify a Snapshot that was created at a point in time when the data was consistent. As mentioned earlier, this is ideally done in a script by quiescing an application or placing it in hot backup mode before creating the Snapshot. After Snapshot creation, normal application operation can resume and tape backup of the Snapshot can occur at any convenient time. When attaching a filer to a Fibre Channel SAN for tape backup, it is necessary to first ensure that Network Appliance certifies the hardware and software in use. A complete list of certified configurations is available in the Network Appliance Data Protection Portal. Redundant links to Fibre Channel switches and tape libraries are not currently supported by Network Appliance in a Fibre Channel tape SAN. Furthermore, a separate host bus adapter must be used in the filer for tape backup. This adapter must be attached to a separate Fibre Channel switch that contains only filers, NearStore appliances, and certified tape libraries and tape drives. The backup server must either communicate with the tape library via NDMP or have library robotic control attached directly to the backup server. Figure 5 in section 3 illustrates a unified storage architecture in which a Fibre Channel tape SAN is utilized with a tape library controlled over NDMP.
4. Configuration Models

Presented below are some of the possible models for data protection with iSCSI-enabled filers. This is not intended to be a complete list, but rather a collection of some of the best models for most environments. Using the guidelines and recommendations presented in this document as well as other documents from Network Appliance, it should be possible to adapt these configurations to each unique environment. Initially, host-based data protection models are examined, including utilizing an iSCSI-connected NearStore as a backup target disk pool, traditional SCSI and an FCP-connected NearStore system, or tape array. Finally, a unified backup architecture will be explored that brings together iSCSI, FCP, and NAS architectures into a singular architecture for backup.

Network Appliance Inc.

TECHNICAL REPORT

Figure 1. Host-Based iSCSI Backup to iSCSI Connected Network Appliance NearStore. iSCSI data is backed up using a third-party backup utility with an open file option and, optionally, an application integration option may be purchased to back up live application data. The data is backed up to iSCSI disk targets on the NearStore through the backup server.

Figure 2. Host-Based iSCSI Backup to SCSI Tape Array. iSCSI data is backed up using a third-party backup utility with an open file option and, optionally, an application integration option may be purchased to back up live application data. The data is backed up via SCSI to a direct-connected SCSI tape array.
Network Appliance Inc.

TECHNICAL REPORT

Figure 3. Host-Based iSCSI Backup to FCP Using an FCP SAN-connected NearStore system. iSCSI data is backed up using a third-party backup utility with an open file option and optionally an application integration option may be purchased to backup live application data. The data is backed up via FCP to an FCP-connected NearStore appliance.

Network Appliance Inc.

10

TECHNICAL REPORT

Figure 4. Host-Based iSCSI Backup to FCP Using FCP Tape Array. iSCSI data is backed up using a third-party backup utility with an open file option and, optionally, an application integration option may be purchased to back up live application data. The data is backed up via FCP to an FCP-connected SCSI tape array.

Figure 5. Unified Backup (iSCSI, FCP, and NAS). The above graphic illustrates how multiple best practices for data availability across multiple protocols can be combined to create a single unified backup solution. For more information on the best practices for a given protocol, please review the following technical reports:
Network Appliance Inc.

11

TECHNICAL REPORT

Best Practices Guide for Data Protection with Filers Running FCP Data Protection Strategies for Network Appliance Filers Data Protection and Recovery for Network-Attached Storage over IP/Ethernet Networks

Additional information is available on application integration with data availability solutions including Oracle, Exchange, and other applications at the Network Appliance Technical Library

5. Summary
There are many methods to back up data stored on a filer via iSCSI. Host-based methods provide the finest granularity of data protection, allowing selective backup and recovery of data within a LUN. Filerbased methods provide very fast and efficient disaster recovery solutions, but may compromise file system consistency. There is no single best method for meeting all data protection requirements. One must prioritize requirements and combine methods to meet and exceed these requirements. Data protection is a constantly changing entity for any enterprise. As needs and usage patterns change, so must data protection policies and technologies. Network Appliance is committed to providing industry-leading data protection solutions now and in the future. As needs and technology change, Network Appliance will continue to exceed customer expectations, providing the constant data availability and absolute data integrity they rely upon for success.

6. References
Network Appliance Data Protection Portal http://www.netapp.com/solutions/data_protection.html Data Protection Solutions Overview http://www.netapp.com/tech_library/3131.html Network Data Management Protocol home page http://www.ndmp.org/ Best Practices Guide for Data Protection with Filers Running FCP http://www.netapp.com/tech_library/3202.html Data Protection and Recovery for Network-Attached Storage over IP/Ethernet Networks http://www.netapp.com/tech_library/3163.html Network Appliance Technical Library http://www.netapp.com/tech_library/

Network Appliance, Inc. 2003 Network Appliance, Inc and SAS Institute. All rights reserved. Specifications subject to change without notice. NetApp, the Network Appliance logo, FAServer, FilerView, NetCache, SecureShare, SnapManager, SnapMirror, SnapRestore, and WAFL are registered trademarks and Network Appliance, ApplianceWatch, BareMetal, Camera-to-Viewer, Center-to-Edge, ContentDirector, ContentFabric, ContentReporter, DataFabric, Data ONTAP, EdgeFiler, HyperSAN, InfoFabric, MultiStore, NearStore, NetApp Availability Assurance, NetApp ProTech Expert, NOW, NOW (NetApp on the Web), RoboCache, RoboFiler, SecureAdmin, Serving Data by Design, Smart SAN, SnapCache, SnapCopy, SnapDirector, SnapDrive, SnapFilter, SnapMigrator, Snapshot, SnapSuite, SnapVault, SohoCache, SohoFiler, The evolution of storage, Vfiler, and Web Filer are trademarks of Network Appliance, Inc. in the U.S. and other countries. All other brands or products are trademarks or registered trademarks of their respective holders and should be treated as such.

Network Appliance Inc.

12