6XY7WDnD

1Digital Universe - - a world that is created and defined by software
2- 4.4 trillion gigabytes (GB) of data annually
3
4Internet of Things IoT - technology trend wherein "smart" devices with embedded electronics, software, and sensors exchange data with other devices over the Internet
5
6Needs for Information Storage and Management - - continuous and reliable access to information
7- store, protect, process, manage and leverage information
8- intelligent storage systems (store and manage information, gain competitive advantage, derive new business opportunities)
9
10Data - collection of facts, typically collected for the purpose of analysis or reference
11
12Digital Data - collection of facts that is transmitted and stored in electronic form, and processed through software
13
14Types of Data - - unstructured
15- quasi-structured
16- semi structured
17- structured
18
19Unstructured data - - no inherent data
20- text documents, pdf, jpg
21
22Quasi-structured data - - textual data with erratic formats that can be formatted using software
23- clickstream data
24
25Semi-structured data - - textual files with apparent pattern
26- xml files, spreadsheets
27
28Structured - - has defined data model, format, structure
29- database
30
31Information - processed data that is presented in a specific context to enable useful interpretation and decision making
32
33Information storage - - stored on nonvolatile media
34- stored within an array
35- housed in a data center
36
37Types of storage devices - - magnetic storage devices (hard disk drive & magnetic tape)
38- optical storage device (blue ray, dvd, cd)
39- flash based storage device (SSD, memory card, USB)
40
41Data center - dedicated facility where an organization houses, operates, and maintains back-end IT infrastructure including compute systems, storage systems, and network equipment along with other supporting infrastructure
42
43Data center components - - facility
44- IT equipment
45- support infrastructure
46
47Data center key characteristics - - availability
48- data integrity
49- performance
50- scale-ability
51- capacity
52- security
53- manageability
54
55Data center management processes - - monitoring
56- reporting
57- provisioning 
58- planning
59- maintenance
60
61Platform 1 - - Terminals (mini computer, mainframe)
62- millions of users
63- thousands of apps
64
65Platform 2 - - Computers (LAN/Internet, client/server)
66- 100 million users
67- 10 thousand apps
68
69Platform 3 - - Mobile Devices (cloud, big data, mobile, social)
70- billions of users
71- millions of apps
72- disruptive technology
73
74Mainframes - compute systems with very large processing power, memory, and storage capacity and are primarily used for centrally hosting mission-critical applications and databases in an organization's data center
75- users connect through workstations or terminals
76- high CAPEX and OPEX
77
78Client/Server model - distributed application architecture, in which a compute system called "server" runs a program that provides services over a network to other programs running on various end- point devices called "clients"
79
80Challenges of client/server model - - IT silos
81- HW and Software maintenance overhead
82- scalability
83
84
85-----------------------------------
86Cloud computing - a model for enabling ubiquitous, convenient, on demand network access to a pool of configurable computing resources that can be provisioned and released with minimal management or effort or service provider interaction
87
88Cloud - collection of IT resources including hardware and software resources is deployed in a single data center or across geographically disbursed data centers connected over a network
89
90Cloud service - combination of hardware and software resources that are offered for consumption by a provider
91
92Essential Cloud characteristics - - measured service
93- rapid elasticity
94- resource pooling
95- on demand self service
96- broad network access
97
98Cloud Service Models - - IaaS
99- PaaS
100- SaaS
101
102IaaS - - consumer manages application, database, programming interface, OS
103- provider manages compute, storage and network
104
105PaaS - - consumer manages application
106- provider manages database, programming interface, OS, compute, storage and network
107
108SaaS - - consumers access apps running on cloud infrastructure
109- consumers do not manage any of cloud infrastructure
110
111Cloud deployment models - - public cloud
112- private cloud
113- community cloud
114- hybrid cloud
115
116Public cloud - - cloud infrastructure provisioned for open use and general public
117- owned and managed by business, public org, or govt
118- multi tenancy risks, viability risks
119
120Private cloud - - provisioned for use by single organization comprising of multiple users 
121- on premise or externally hosted
122
123On Premise private cloud - - deployed by an organization in its data center within its premises
124
125Externally hosted private cloud - - organization outsources implementation of private cloud to external cloud service provider 
126- cloud infrastructure is hosted on premises of the provider and may be shared by multiple tenants
127- private cloud resources are secured separately between tenants
128
129Community cloud - - provisioned for exclusive use by a specific community of users from organizations that have shared concerns
130
131On-premise community cloud - - one or more organizations provide cloud services that are consumed by the community 
132- cloud infrastructure is deployed on premise of service provider 
133- tenants connect to cloud over secure network
134
135Externally-hosted community cloud - - organizations of the community outsource implementation of cloud to an external service provider 
136- infrastructure is hosted on premises of provider 
137- facilitates an exclusive community cloud environment
138
139Hybrid cloud - - cloud infrastructure is composed of two or more distinct cloud infrastructures that remain unique entities but are bound by standardized proprietary technology that enables data and application portability
140
141Hybrid cloud model use cases - - cloud bursting
142- web application hosting 
143- migrating packaged applications
144- application and development testing
145
146Cloud bursting - - provisioning resources for a limited time from a public cloud to handle peak workloads
147
148Big data - information assets whose high volume high velocity and high variety require the use of new technical architectures and analytical methods to gain insights and for deriving business value
149
150Characteristics of big data - - volume
151- velocity 
152- variety 
153- variability
154- veracity
155- value
156
157Data warehouse - central repository of integrated data gathered from multiple different sources
158
159Data lake - - collection of structured and unstructured data assets that are stored as exact or near exact copies of the source formats 
160- store everything approach
161
162Big data analytics solution components - - known as SMAQ stack
163- query
164- MapReduce
165- Storage
166
167MapReduce - - parallel computation across many servers to group layers
168- batch processing model
169- runs over multiple compute nodes
170- data split into chunks and distributed to multiple compute systems
171
172Storage - - non destributed architecture
173- non relational, non-structured
174- multiple compute systems called a cluster
175
176Big Data Analytics use case - - healthcare
177- government 
178- finance
179- retail
180
181Social networking use cases - - brand networking
182- enterprise collaboration 
183- marketing
184- customer support
185
186Mobile computing - the use of mobile devices to remotely access applications and information on the go over a wireless network
187
188Mobile computing use cases - - enterprise mobility
189- mobility based products and services
190- mobile cloud computing
191
192Enterprise mobility - - provides employees with ubiquitous access to info and apps
193- byod
194
195Mobility based products and services - ubiquitous access to mobility based solutions
196- social networking, ecommerce, location based services
197
198Mobile cloud computing - - access to cloud services via mobile device
199- cloud storage travel and expense management, CRM
200
2013rd platform drivers - - new business models
202- agility
203- intelligent operations
204- new products and services
205- mobility
206- social networking
207
2083rd platform infrastructure characteristics - - availability
209- security
210- scale ability
211- performance
212- ease of access 
213- interoperability
214- manageability
215
216Interoperability - multiple systems or components share and use information and services through APIs, web services or middleware
217
218Imperatives for 3rd platform transformation - - operating model transformation
219- operational transformation
220- technology transformation
221- skills transformation
222
223Operating model tranformation - - ITaaS
224- resources provisioned by LoBs through self service portal
225
226Organizational transformation - - new roles and responsibilities
227- service manager, cloud architect, capacity planner, service operation manager
228
229Technology transformation - - application transformation
230- infrastructure transformation
231
232Skills transformation - - need for developing technical and soft skills
233
234vCloud Air - - IaaS public cloud
235- hybrid adoption of cloud model for (extending and migrating workloads, new application development, disaster recovery)
236
237Cloud Foundry - - PaaS offering based on industry open source project 
238- streamlined and agile app development
239- multiple programming platforms and data services
240
241Syncplicity - - SaaS solution for file sharing and data protection (web and mobile, BYOD)
242- sync files across devices in real time
243
244GemFire - - in memory distributed database for high scale NoSQL applications 
245- automatic distribution across the cluster
246- support for multiple programming languages
247
248Greenplum Database - - complete SMAQ solution for BI and analytics
249- linear scalability and parallel processing
250- SQL, Hadoop, MapReduce, and programmable analytics
251
252
253--------------------------------------------------------
254
255Logical layers - • Physical infrastructure
256• Virtual Infrastructure
257• Software defined infrastructure
258• Orchestration
259• Services
260
261Cross function layers - • business continuity
262• security
263• management
264
265Physical infrastructure - - foundation layer of infrastrucure
266- physical components: compute systems, storage, network devices (requires OS, system software, protocols)
267- executes request defined by virtual software defined layers
268
269Virtual infrastructure - - virtual compute, virtual storage, virtual network
270- created from resource pools using virtualization software
271
272Virtualization - is the process of abstracting physical resources, such as compute, storage, and network, and creating virtual resources from them
273
274Resource pool - an aggregation of computing resources, such as processing power, memory, storage, and network bandwidth.( virtual compute (virtual machines), virtual storage (LUNs), and virtual networks)
275
276Software-defined infrastructure - - deployed on virtual or physical layer
277- infrastructure components are virtualized and aggregated into pools
278- centralized, automated and policy driven management of heterogeneous resources
279
280Key components of software defined infrastructure - - software defined compute
281- SDS (software defined storage)
282- SDN (software defined network)
283
284Data center infrastructure - - orchestration 
285- provides workflows for executing automated tasks
286- interacts with various components across layers and functions to invoke provisioning tasks
287
288Workflow - series of inter-related tasks that perform a business operation.
289
290Services - - delivers IT resources as services to users
291- service catalog, self service portal
292- stores information from service catalog and presents to users
293
294IT service - means of delivering IT resources to the end users to enable them to achieve the desired business results and outcomes without having any liabilities such as risks and costs associated with owning the resources (application hosting, storage capacity, file services, and email)
295
296Service catalog - database of information about the services and includes a variety of information about the services, including the description of the services, the types of services, cost, supported SLAs, and security mechanisms
297
298Business continuity - cross-layer function specifies the adoption of proactive and reactive measures that enable an organization to mitigate the impact of downtime due to planned and unplanned outages
299
300Proactive - measures include activities and processes such as business impact analysis, risk assessment, and technology solutions such as backup, archiving, and replication
301
302Reactive - measures include activities and processes such as disaster recovery and disaster restart to be invoked in the event of a service failure. This function supports all the layers—physical, virtual, software-defined, orchestration, and services—to provide uninterrupted services to the consumers
303
304Security - • Security specifies the adoption of administrative and technical mechanisms that mitigate or minimize the security threats and provide a secure data center environment. 
305o Administrative mechanisms include security and personnel policies or standard procedures to direct the safe execution of various operations. 
306o Technical mechanisms are usually implemented through tools or devices deployed on the IT infrastructure (firewall, intrusion detection and prevention systems, and antivirus software
307
308GRC governance risk and compliance - specifies processes that help an organization in ensuring that their acts are ethically correct and in accordance with their risk appetite (the risk level an organization chooses to accept), internal policies, and external regulations
309
310Management - cross-layer function specifies the adoption of activities related to data center operations management.
311
312• Storage operation management enables IT administrators to manage the data center infrastructure and services (handling of infrastructure configuration, resource provisioning, problem resolution, capacity, availability, and compliance conformance) 
313• This function supports all the layers to perform monitoring, management, and reporting for the entities of the infrastructure
314
315Best of breed infrastructure - organizations integrate the best-of-breed infrastructure components (hardware and software) purchased from multiple different vendors
316
317Best of breed advantages - o This enables the organizations to leverage the advantages of high quality products and services from the respective leading vendors in the segment. 
318o It provides the flexibility to change the individual vendors in case the committed support is not provided and the SLAs are not met.
319o Allows organizations to repurpose the existing infrastructure components, providing a cost benefit
320
321Disadvantages of best of breed infrastructure - o Requires significant CAPEX, OPEX
322o More time & it involves evaluation, purchase, testing, deployment, configuration, and integration of multiple disparate hardware and software components
323o Scaling of such an infrastructure takes longer because each new component goes through the process from evaluation to integration
324
325Converged infrastructure - integrates hardware and software components that make up a data center into a single packaged solution. This package is a self- contained unit that can be deployed independently, or aggregated with other packages to meet the additional capacity and performance requirements
326
327Converged infrastructure advantages - o The package is pre-configured and optimized, which reduces the time to acquire and deploy the infrastructure. 
328o Lowers power and space requirements. 
329o Vendors also provide cloud-ready converged infrastructure with built-in capabilities for secure multi-tenancy. 
330o Single management software capable of managing all hardware and software within the package.
331
332Converged infrastructure disadvantages - Lack of flexibility to use infrastructure components from different vendors
333
334Compute system - is a computing device (combination of hardware, firmware, and system software) that runs business applications. (physical servers, desktops, laptops, and mobile devices)
335
336Compute system hardware - - processor 
337- RAM
338- ROM
339- Motherboard
340- Chipset
341- Secondary storage
342
343Logical compute system components - - OS 
344- virtual memory
345- logical volume manager
346- file system
347
348Compute cluster - group of two or more compute systems that function together, sharing certain network and storage resources, and logically viewed as a single system
349
350RAM - - main memory is an IC that serves as a volatile data storage internal to a compute system
351- directly accessible by the processor, and holds the software programs for the execution and the data used by the processor
352
353ROM - - non-volatile semiconductor memory from which data can only be read but not written to
354- contains the boot firmware (that enables a compute system to start), power management firmware, and other device-specific firmware
355
356Memory virtualization - presents physical memory to applications as a single logical collection of contiguous memory locations
357
358VMM (virtual memory manager) - manages the virtual-to-physical memory mapping and fetches data from the secondary storage when a process references a virtual address that points to data at the secondary storage
359
360Swap file - - space used by the VMM on the secondary storage is used as physical memory.
361- In a virtual memory implementation, the memory of a system is divided into contiguous blocks of fixed-size pages
362
363Paging - moves inactive physical memory pages onto the swap file and brings them back to the physical memory when required
364
365LVM (logical volume manager) - - software that runs on a compute system and manages logical and physical storage. 
366- intermediate layer between the file system and the physical drives. 
367- Can partition a larger-capacity disk into virtual, smaller-capacity volumes (partitioning)
368- Aggregate several smaller disks to form a larger virtual volume (concatenation). 
369- enabled dynamic extension of file system capacity and efficient storage management.
370- provides optimized storage access and simplifies storage resource management.
371- hides details about the physical disk and the location of data on the disk.
372- enables administrators to change the storage allocation even when the application is running
373
374Volume group - grouping of one or more physical volumes
375
376Physical extents - equal size data blocks
377
378LVM components - - logical volume groups
379- physical volumes 
380- logical volumes
381
382LV (logical volume) - - created within a given volume group and can be thought of as a disk partition, whereas the volume group itself can be thought of as a disk
383- appears as physical volume to OS
384- file system created
385
386Disk partitioning - disk drive is divided into logical containers called logical volumes
387
388Concatenation - the process of grouping several physical drives and presenting them to the host as one big logical volume
389
390File - a collection of related records or data stored as a single named unit in contiguous logical address space
391
392File system - - OS component that controls and manages the storage and retrieval of files in a compute system. 
393- consists of logical structures and software routines that control access to files.
394- enables users to perform various operations on files, such as create, access (sequential/random), write, search, edit, and delete
395- tree hierarchy
396
397Block - - smallest unit allocated for storing data
398- contiguous area on the physical disk
399
400Tower - also known as a tower server, is a compute system built in an upright standalone enclosure called a "tower", which looks similar to a desktop cabinet. 
401o Robust build, and have integrated power supply and cooling.
402o Individual monitors, keyboards, and mice
403
404Rack-mounted compute system - known as a rack server, is a compute system designed to be fixed inside a frame called a "rack"
405
406Rack - standardized enclosure containing multiple mounting slots called "bays", each of which holds a server in place with the help of screws
407
408Rack Unit - is a unit of measure of the height of a server designed to be mounted on a rack (1.75 inches (44.45 mm). 
409o A 1 U rack server is typically 19 inches (482.6 mm) wide. 
410o standard rack cabinets are 19 inches wide
411o common rack cabinet sizes are 42U, 37U, and 27U. 
412o The rack cabinets are also used to house network, storage, telecommunication, and other equipment modules
413
414Compute virtualization - technique of abstracting the physical hardware of a compute system from the operating system (OS) and applications
415
416Hypervisor - - compute virtualization software that is installed on a compute system. It provides a virtualization layer that abstracts the processor, memory, network, and storage of the compute system and enables the creation of multiple virtual machines. 
417- Each VM runs its own OS 
418- multiple operating systems to run concurrently on the same physical compute system
419- provides standardized hardware resources to all the VMs
420
421Hypervisor Kernel - provides the same functionality like the kernel of any OS, including process management, file system management, and memory management. It is designed and optimized to run multiple VMs concurrently
422
423VMM (virtual memory manager) - abstracts the physical hardware, and appears as a physical compute system with processor, memory, I/O devices, and other components that are essential for an OS and applications to run
424
425Hypervisor components - - Kernel
426- VMM
427
428Hypervisor types - - Bare-metal 
429- hosted
430
431Bare-metal hypervisor - directly installed on the physical compute hardware in the same way as an OS. It has direct access to the hardware resources of the compute system and is therefore more efficient than a hosted hypervisor. 
432o designed for enterprise data centers and third platform infrastructure.
433o supports the advanced capabilities such as resource management, high availability, and security.
434
435Hosted hypervisor - - installed as an application on an operating system. The hosted hypervisor does not have direct access to the hardware, and all requests pass through the OS running on the physical compute system. 
436- adds an overhead compared to a bare-metal hypervisor.
437- more suitable for development, testing, and training purposes.
438
439VM (virtual machine) - logical compute system with virtual hardware on which a supported guest OS and its applications run. A VM is created by a hosted or a bare-metal hypervisor installed on a physical compute system
440
441VM Files - - config file
442- virtual disk file
443- memory state file
444- snapshot file
445- log file
446
447Application virtualization - technique of decoupling an application from the underlying computing platform (OS and hardware) in order to enable the application to be used on a compute system without installation
448
449Application virtualization techniques - - application encapsulation
450- application presentation
451- application streaming
452
453Application encapsulation - application is aggregated within a virtualized container, along with the assets, such as files, virtual registry, and class libraries that it requires for execution. This process, known as packaging or sequencing, converts an application into a standalone, self- contained executable package that can directly run on a compute system
454
455Application presentation - application's user interface (UI) is separated from its execution. The application executes on a remote compute system, while its UI is presented to an end-point client device over a network
456
457Desktop virtualization - - decouples the OS, applications, and user state (profiles, data, and settings) from a physical compute system. These components, collectively called a virtual desktop, are hosted on a remote compute system, and can be accessed by a user from any client device, such as laptops, desktops, thin clients, or mobile devices
458- uses RDP (remote display protocol)
459
460Remote desktop services - - OS and applications are hosted on a remote compute system and are shared by multiple users
461
462DaaS (desktop as a service) - cloud service in which a virtual desktop infrastructure (VDI) is hosted by a cloud service provider. The provider offers a complete, business-ready VDI solution, delivered as a cloud service with either subscription-based or pay- as-you-go billing
463
464Server-centric storage - each server has a limited number of storage devices, and each storage device exists only in relation to the server to which it is connected
465
466SAN (storage area network) - - used for information exchange between compute systems and storage systems, and for connecting storage systems. It enables compute systems to share storage resources, improve the utilization of storage systems, and facilitate centralized storage management
467
468SAN deployment types - Fibre Channel SAN (FC SAN), Internet Protocol SAN (IP SAN), and Fibre Channel over Ethernet SAN (FCoE SAN)
469
470Storage devices - - magnetic disk drive
471- solid state (flash) drive
472- magnetic tape drive
473- optical disk drive
474
475Storage virtualization - - technique of abstracting physical storage resources to create virtual storage resources
476- the ability to pool and abstract physical storage resources, and present them as a logical storage resources, such as virtual volumes, virtual disk files, and virtual storage systems
477
478Connectivity - communication paths between IT infrastructure components for information exchange and resource sharing
479
480Compute to compute connectivity - - uses protocols based on the Internet Protocol (IP). Each physical compute system is connected to a network through one or more host interface devices, called a network interface controller (NIC)
481
482Physical components connecting compute to storage - - host interface device (HBA)
483- port
484- cable
485
486HBA (host bus adapter) - - host interface device that connects a compute system to storage or to a SAN
487- application-specific integrated circuit (ASIC) board that performs I/O interface functions between a compute system and storage, relieving the processor from additional I/O processing workload
488
489Port - port is a specialized outlet that enables connectivity between the compute system and storage
490
491Interface protocols for compute to storage - Integrated Device Electronics/Advanced Technology Attachment (IDE/ATA), Small Computer System Interface (SCSI), Fibre Channel (FC) and Internet Protocol (IP)
492
493Protocol - - enables communication between the compute system and storage
494- implemented using interface devices (or controllers) at both the source and the destination devices
495
496SCSI (small computer system interface) - - preferred connectivity protocol in high-end compute systems. This protocol supports parallel transmission and offers improved performance, scalability, and compatibility compared to ATA
497- supports up to 16 devices on a single bus and provides data transfer rates up to 640 MB/s (for the Ultra-640 version)
498
499Network virtualization - technique of abstracting physical network resources to create virtual network resources
500
501SDDC (software defined data center) - - an architectural approach to IT infrastructure that extends virtualization concepts such as abstraction, pooling, and automation to all of the data center's resources and services to achieve IT as a service (ITaaS)
502- compute, storage, networking, security, and availability services are pooled, aggregated, and delivered as a service
503- services are managed by intelligent, policy-driven software
504
505Control path - sets and manages the policies for the resources
506
507Data path - performs the actual transmission of data
508
509SDC (software defined controller) - - software with built-in intelligence that automates provisioning and configuration based on the defined policies
510- enables organizations to dynamically, uniformly, and easily modify and manage their infrastructure
511- controller discovers the available underlying resources and provides an aggregated view of resources
512- abstracts the underlying hardware resources (compute, storage, and network) and pools them
513- enables the rapid provisioning of resources from the pool based on pre-defined policies that align to the service level agreements for different consumers
514
515Software defined architecture benefits - - agility
516- cost efficiency
517- improved control
518- centralized management
519- flexibility
520
521VBlock (EMC Product) - - IT infrastructure component for 3rd platform deployment
522- combines compute, storage, network virtualization, security and management in one package
523- validated solution ready for employment
524
525VSPEX (EMC Product) - - IT infrastructure solution for best of breed 3rd platform deployment
526- compute, storage, network, virtualization, and backup
527- choice of hypervisor, compute system, and network technology
528
529ESXi (EMC Product) - - bare metal hypervisor
530- comprises underlying VMkernel OS that supports running multiple VMs
531
532ThinApp (EMC Product) - - application virtualization software
533- encapsulates app into single file
534- deployed or streaming mode
535
536Horizon (EMC Product) - - VDI solution 
537- RDS, thinapp, SaaS can be accessed from unified workstations across devices and locations
538- supports windows and linux
539
540NSX (EMC Product) - - network virtualization platform for SDDC
541- virtual networks are programatically provisioned and managed independently of underlying hardware
542- enables logical library of network elements such as logical switches, routers, firewalls and load balancers
543
544
545
546-----------------------------
547
5483rd platform requirements for storage - - process massive amount of IOPS
549- elastic and nondisruptive horizontal scaling of resources
550- intelligent resource management
551- automated and policy driven
552- multiple protocols for data access
553- APIs for software defined and cloud integration
554- centralized management and chargeback in multi-tenancy environment
555
556Intelligent storage system - - feature-rich RAID arrays that provide highly optimized I/O processing capabilities
557- meet the requirements of today's I/O intensive third platform applications
558- require high levels of performance, availability, security, and scalability
559- support SSDs, encryption, compression, deduplication, and scale-out architecture
560
561Components of ISS - - controller
562- storage
563
564Controller - - compute system that runs a purpose-built operating system that is responsible for performing several key functions for the storage system
565- serving I/Os from the application servers, storage management, RAID protection, local and remote replication, provisioning storage, automated tiering, data compression, data encryption, and intelligent cache management
566- block based, file based, object-based, unified
567
568Controller Characteristics - - has more than one controller for redundancy. 
569- consists of one or more processors and a certain amount of cache memory to process a large number of I/O requests. 
570- connected to the compute system either directly or via a storage network. 
571- receive I/O requests from the compute systems that are read or written from/to the storage by the controller. 
572- can either be classified as block-based, file-based, object-based, or unified
573
574HDD Key components - platter, spindle, read-write head, actuator arm assembly, and controller board
575
576Platter - - flat circular disks
577- data is recorded in binary codes (0s and 1s)
578- rigid, round disk coated with magnetic material on both surfaces (top and bottom)
579- data is encoded by polarizing the magnetic area or domains of the disk surface. 
580- Data can be written to or read from both surfaces
581
582HDA (Head Disk Assembly) - set of rotating platters sealed in a case
583
584Drive capacity determinants - - number of platters and the storage capacity of each platter
585
586Spindle - - connects all the platters and is connected to a motor. 
587- Common speeds are 5,400 rpm, 7,200 rpm, 10,000 rpm, and 15,000 rpm.
588
589Tracks - - concentric rings on the platter around the spindle. 
590- numbered, starting from zero, from the outer edge of the platter. 
591- number of tracks per inch (TPI) on the platter (or the track density) measures how tightly the tracks are packed on a platter.
592
593Sector - - smallest, individually addressable unit of storage
594- holds 512 bytes of user data
595- stores other information, such as the sector number, head number or platter number, and track number
596
597Cylinder - - set of identical tracks on both surfaces of each drive platter. The location of R/W heads is referred to by the cylinder number
598
599LBA (logical block addressing) - - simplified the addressing by using a linear address to access physical blocks of data
600- disk controller translates LBA to a CHS address, and the compute system needs to know only the size of the disk drive in terms of the number of blocks
601- The logical blocks are mapped to physical sectors on a 1:1 basis
602
603CHS (physical address) - - earlier drives used physical addresses consisting of cylinder, head, and sector (CHS) number to refer to specific locations on the disk, and the OS had to be aware of the geometry of each disk used
604
605Disk service time - -Time taken for a disk to completed an I/O request
606
607Seek Time + rotational latency + data transfer rate - Service time
608
609Seek time - - time taken to position the R/W heads across the platter with a radial movement (moving along the radius of the platter)
610- measured in MS
611- avg is 3 to 15ms
612
613Full stroke - - time taken by the R/W head to move across the entire width of the disk, from the innermost track to the outermost track
614
615Average Seek Time - average time taken by the R/W head to move from one random track to another, normally listed as the time for one-third of a full stroke
616
617Track to track - time taken by the R/W head to move between adjacent tracks
618
619Rotational Latency - - time taken by the platter to rotate and position the data under the R/W head
620- depends on the rotation speed of the spindle and is measured in milliseconds
621
622Average Rotational Latency - 30000/X or 50/(x/60) or (1/2 / 1000)/(x/60)
623
624Transfer rate - the average amount of data per unit time that the drive can deliver to the HBA
625
626Read operation - - data first moves from disk platters to R/W heads; then it moves to the drive's internal buffer. Finally, data moves from the buffer through the interface to the compute system's HBA
627
628Write operation - data moves from the HBA to the internal buffer of the disk drive through the drive's interface. The data then moves from the buffer to the R/W heads. Finally, it moves from the R/W heads to the platters
629
630Internal transfer rate - - speed at which data moves from a platter's surface to the internal buffer (cache) of the disk. - takes into account factors such as the seek time and rotational latency
631
632External transfer rate - rate at which data can move through the interface to the HBA
633- generally the advertised speed of the interface, such as 133 MB/s for ATA
634
635Queue - location where an I/O request waits before it is processed by the I/O controller and disk I/O controller processes I/Os waiting one by one
636
637Service Time - Service Time/(1-utilization)
638
639SSD I/O interface - - enables connecting the power and data connectors to the solid state drives
640
641SSD Controller - - includes a drive controller, RAM, and non-volatile memory (NVRAM)
642- manages all drive functions.
643
644SSD NVRAM - used to store the SSD's operational software and data
645
646Page - - smallest object that can be read or written on a solid state drive
647- do not have a standard capacity
648- capacities are 4 KB, 8 KB, and 16 KB.
649
650Block - - is made up of pages
651- may have 32, 64, or 128
652- total capacity is dependent on the solid state chip's page size
653
654Garbage collection - - the process of providing new blocks
655
656SSD (solid state drives) - - semiconductor, random-access devices; these result in very low response times compared to hard disk drives. This, combined with the multiple parallel I/O channels on the back end, gives SSDs performance characteristics that are better than HDD
657- performs random reads the best
658
659RAID - - technique in which multiple disk drives are combined into a logical unit and data is written in blocks across the disks
660- protection against drive failures
661- improves system performance
662
663RAID array - - an enclosure that contains a number of disk drives and supporting hardware to implement RAID
664- subset of disks can be grouped to form logical associations called logical arrays, also known as a RAID set or a RAID group
665
666Striping - technique of spreading data across multiple drives (more than one) in order to use the drives in parallel. All the read-write heads work simultaneously, allowing more data to be processed in a shorter time and increasing performance, compared to reading and writing from a single disk
667
668Strip Size or Stripe Depth - - number of blocks in a strip
669- the maximum amount of data that can be written to or read from a single disk in the set, assuming that the accessed data starts at the beginning of the strip
670
671Stripe width - number of data strips in a stripe. Striped RAID does not provide any data protection unless parity or mirroring is used
672
673Write penalty - write operation translates into more I/O overhead for the disks
674
675RAID 0 - - Data striped across all disks in RAID set
676- Performance driven
677- Provides no protection
678
679Raid 1 - - mirroring technique
680- 2 disk minimum
681- 2 write penalty
682
683Raid 1+0 - - striping performance benefits
684- mirroring benefits
685- striped mirror
686- 4 disk minimum
687- 2 write penalty
688
689Raid 3 - - stripes data for performance uses parity for fault tolerance
690- 3 disk minimum
691- 4 write penalty
692
693Raid 4 - - striping and parity
694- parity written to dedicated drive
695
696Raid 5 - - striping and parity
697- parity distributed across all drives
698- 3 disk minimum
699- 4 write penalty
700
701Raid 6 - - striping and parity
702- includes second parity element to enable survival of two disk failures
703- 4 disk minimum
704- 6 write penalty
705
706Hot sparing - process that temporarily replaces a failed disk drive with a spare drive in a RAID array by taking the identity of the failed disk drive
707
708Block level access - file system is created on a compute system, and data is accessed on a network at the block level
709
710File level access - file system is created on a separate file server or at the storage side, and the file-level request is sent over a network
711
712Object level access - intelligent evolution, whereby data is accessed over a network in terms of self-contained objects with a unique object identifier
713
714Scale up - - capability to scale the capacity and performance of a single storage system based on requirements. 
715- involves upgrading or adding controllers and storage
716- fixed capacity ceiling, which limits their scalability and the performance also starts degrading when reaching the capacity limit
717
718Scale out - - capability to maximize its capacity by simply adding nodes to the cluster. 
719- Nodes can be added quickly to the cluster, when more performance and capacity is needed, without causing any downtime
720- provides the flexibility to use many nodes of moderate performance and availability characteristics to produce a total system that has better aggregate performance and availability. -
721- pools the resources in the cluster and distributes the workload across all the nodes
722
723HDD - - persistent storage device that stores and retrieves data using rapidly rotating disks (platters) coated with magnetic material
724
725
726------
727
728
729Block based storage system - - provides compute systems with block-level access to the storage volumes
730- file system is created on the compute systems and data is accessed on a network at the block
731- can either be based on scale-up or scale-out architecture
732- consists of one or more controller(s) and storage.
733
734Controller - - front end ports
735- cache
736- back end ports
737- I/O request received from the compute system at the front-end port is processed through cache and back end, to enable storage and retrieval of data from the storage
738
739Front end controllers - - route data to and from cache via the internal data bus
740- When the cache receives the write data, the an acknowledgment message is sent back to the compute system
741
742Read hit - - request found in cache and sent directly back to compute system without any back end operation
743
744Read miss - - data not found in cache and has to be retrieved from storage
745- copied to cache 
746- data sent to compute system
747
748Prefetch or Read ahead - sequential read request, a contiguous set of associated blocks is retrieved
749
750Fixed prefetch - intelligent storage system prefetches a fixed amount of data. It is most suitable when compute system I/O sizes are uniform.
751
752Variable prefetch - the storage system prefetches an amount of data in multiples of the size of the compute system request
753
754Maximum prefetch - limits the number of data blocks that can be prefetched to prevent the storage from being rendered busy with prefetch at the expense of other I/Os
755
756Write through cache - - Data is placed in the cache and immediately written to the storage, and an acknowledgment is sent to the compute system
757- risks of data loss are low, but the write-response time is longer because of the storage operations
758
759Write back cache - - Data is placed in cache and an acknowledgment is sent to the compute system immediately. Later, data from several writes are committed (de-staged) to the storage
760- Write response times are much faster because the write operations are isolated from the storage devices
761- uncommitted data is at risk of loss if cache failures occur
762
763Dedicated cache - separate sets of memory locations are reserved for reads and writes
764
765global cache - both reads and writes can use any of the available memory addresses
766
767LRU (last recently used) - - algorithm that continuously monitors data access in cache and identifies the cache pages that have not been accessed for a long time
768- frees up these pages or marks them for reuse
769
770MRU (most recently used) - pages that have been accessed most recently are freed up or marked for reuse
771
772Flushing - process that commits data from cache to the storage
773
774Watermarks - high and low levels set in cache to manage flushing process
775
776Idle flushing - It occurs continuously, at a modest rate, when the cache utilization level is between the high and the low watermark
777
778High watermark flushing - - activated when cache utilization hits the high watermark
779- dedicates some additional resources for flushing
780- some impact on I/O processing
781
782Forced flushing - large I/O burst when cache reaches 100 percent of its capacity, which significantly affects the I/O response time
783
784Cache mirroring - - Each write to cache is held in two different memory locations on two independent memory cards
785- write data will still be safe in the mirrored location
786- reads are staged from the storage drive to the cache
787
788Cache coherency - - data in two different cache locations must be identical at all times
789
790Cache vaulting - - powering the memory with a battery until the AC power is restored or using battery power to write the cache content to the storage drives
791
792Vault drive - physical storage drives to dump the contents of cache during power failure
793
794Back end controller - - provides an interface between cache and the physical storage drives
795- consists of two components: back-end ports and back-end controllers
796- controls data transfers between cache and the physical drives
797
798Storage provisioning - - the process of assigning storage resources to compute systems based on capacity, availability, and performance requirements
799- performed in two ways: traditional and virtual.
800
801Traditional provisioning - - physical storage drives are logically grouped together on which a required RAID level is applied to form a set, called RAID set
802- number of drives in the RAID set and the RAID level determine the availability, capacity, and performance of the RAID set
803- create the RAID set from drives of the same type, speed, and capacity to ensure maximum usable capacity, reliability, and consistency in performance
804- remaining capacity of the larger drives remains unused
805
806Logical units - created from the RAID sets by partitioning (seen as slices of the RAID set) the available capacity into smaller units
807
808LUN (logical unit number) - - logical unit created from a raid set and assigned a unique ID
809
810Thick LUN - logical unit created using traditional storage methods
811
812MetaLUN - - method to expand LUNs that require additional capacity or performance
813- can be created by combining two or more LUNs. - consists of a base LUN and one or more component LUNs
814- concatenated or striped
815
816Concatenated LUN - - expansion simply adds additional capacity to the base LUN. In this expansion, the component LUNs are not required to be of the same capacity as the base LUN
817- quick expansion, no performance benefit
818
819Striped LUN - - restripes the base LUN's data across the base LUN and component LUNs
820- all LUNs must be of the same capacity and RAID level
821- provides improved performance due to the increased number of drives being striped
822
823Virtual Provisioning - creating and presenting a LUN with more capacity than is physically allocated to it on the storage system
824
825Thin LUN - - LUN created using a virtual provisioning method
826- do not require physical storage to be completely allocated to them at the time they are created and presented to a compute system
827- Physical storage is allocated to the compute system "on-demand" from a shared pool of physical capacity
828
829Shared pool - - consists of physical storage drives
830- supports a single RAID protection level
831- shared pool might contain large numbers of drives
832
833LUN masking - - process that provides data access control by defining which LUNs a compute system can access
834- implemented on the storage system
835- ensures that volume access by compute system is controlled appropriately, preventing unauthorized or accidental use in a shared environment
836
837Storage tiering - - technique of establishing a hierarchy of different storage types (tiers)
838- enables storing the right data to the right tier, based on service level requirements, at a minimal cost
839- based on parameters (frequency, access)
840- automated processes
841
842Intra-array storage tiering - process of LUN tiering within a storage system
843
844LUN tiering - - moves an entire lun from one tier to another
845- does not provide effective cost and performance benefits
846
847Sub-LUN tiering - - broken down into smaller segments and tiered at that level
848- provides effective cost and performance benefits
849
850Cache tiering - - creation of large capacity secondary cache using SSDs
851- tiering between DRAM cache and SSDs
852- reads are served directly from high performance tired cash
853- enhances performance during peak workloads
854- non-disruptive and transparent apps
855
856Server-flash caching technology - - uses intelligent caching software and a PCI Express-based (PCIe) flash card installed on the compute system
857- dramatically improves application performance by reducing latency, and accelerates throughput
858- works in both physical and virtual environments and provides performance acceleration for read-intensive workloads
859- uses minimal CPU and memory resources from the compute system by offloading flash management onto the PCIe card.
860
861XtremIO (EMC product) - - all flash, block based, scale out enterprise storage system 
862- uses clustered design to grow capacity as required
863- powerful XIOS (os) manages storage cluster
864- simplified and effective provisioning and management
865
866VNX-F (EMC product) - - block based SSD only storage system
867- consistent performance and low latency
868- supports FC, FCoE, and iSCSI block protocols
869
870FAST VP - - storage tiering at sub-LUN level
871- data movement between tiers are defined by user policies
872- optimizes performance and cost
873- increases storage efficiency
874
875XtremSF - - server-flash cache solution
876- PCIe flash card deployed in compute system to improve performance
877
878XtremCache - - intelligent caching software
879- leverages XtremSF to reuce latency 
880- accelerates reads and protects data using write through cache
881
882
883-----
884
885File sharing - - enables users to share files with other users
886- user who creates the file (the creator or owner of a file) determines the type of access (such as read, write, execute, append, delete) to be given to other users
887- locking scheme is required to maintain data integrity and at the same time make this sharing possible
888
889File sharing methods - - P2P
890- FTP
891- DFS
892
893FTP (file transfer protocol) - - client-server protocol that enables data transfer over a network
894- uses TCP as transport protocol
895
896P2P (peer to peer) - - enables client machines to directly share files with each other over a network
897- Clients use a file sharing software that searches for other peer clients
898- uses file servers to store files for sharing
899
900DFS (distributed file system) - - file system that is distributed across several compute systems
901- provide compute systems with direct access to the entire file system, while ensuring efficient management and data security
902
903NAS (network attached storage) - - dedicated, high-performance file sharing and storage device. 
904- enables its clients to share files over an IP network
905- eliminates the need for multiple file servers
906- consolidates the storage used by the clients onto a single system, making it easier to manage the storage
907- TCP/IP, (CIFS), (NFS), HDFS
908- enables both UNIX and Microsoft Windows users to share the same data seamlessly
909
910NAS system components - - controller/NAS head
911- storage
912- scale up/scale out architecture
913
914Scale up NAS - - provides the capability to scale the capacity and performance of a single NAS system based on requirements
915- involves upgrading or adding NAS heads and storage
916- fixed capacity ceiling, which limits their scalability
917- performance of these systems starts degrading when reaching the capacity limit
918
919Integrated NAS - - contains one or more NAS heads and storage in a single system
920- NAS heads are connected to the storage (SAS, ATA, FC, and solid state drives)
921- front-end Ethernet ports, which connect to the IP network
922- front-end ports provide connectivity to the clients
923- back-end ports to provide connectivity to the attached storage
924- NAS management software that can be used to perform all the administrative tasks for the NAS head and storage
925- scale up NAS
926
927Gateway NAS - consists of one or more NAS heads and uses external and independently managed storage
928- NAS gateway shares the storage from a block-based storage system
929- requires more administration (NAS gateway/storage system)
930- can use the FC infrastructure, such as switches and directors for accessing SAN-attached storage arrays or direct-attached storage arrays
931- scale up NAS
932
933Scale out NAS - - pools multiple NAS nodes together in a cluster
934- node may consist of either the NAS head or the storage or both
935- capability to scale its resources by simply adding nodes to a clustered NAS architecture
936- ease of use, low cost, and theoretically unlimited scalability.
937- uses a distributed clustered file system that runs on all nodes in the cluster
938- stripes data across all nodes in a cluster along with mirror or parity protection
939
940NAS file access methods - - CIFS
941- NFS
942- HDFS
943
944CIFS (common internet file system) - - client-server application protocol that enables client programs to make requests for files and services on remote computers over TCP/IP
945- public or open variation of Server Message Block (SMB) protocol.
946- enables remote clients to gain access to files on a server
947- enables file sharing with other clients by using special locks
948- encoded using unicode characters 
949- uses file and record locking to prevent users from overwriting the work of another user on a file or a record.
950- can automatically restore connections and reopen files that were open prior to an interruption
951- stateful protocol because the CIFS server maintains connection information regarding every connected client. If a network failure or CIFS server failure occurs, the client receives a disconnection notification
952- embedded intelligence to restore the connection
953
954NFS (network file system) - - client-server protocol for file sharing that is commonly used on UNIX systems
955- based on UDP
956- uses a machine-independent model to represent user data
957- uses Remote Procedure Call (RPC) as a method of inter-process communication between two computers
958- creates common connection between client and remote system to transfer data
959
960NFS RPC operations - - Searching files and directories
961- Opening, reading, writing to, and closing a file
962- Changing file attributes
963- Modifying file links and directories
964
965NFSv2 - - uses UDP to provide a stateless network connection between a client and a server
966- locking is handled outside the protocol
967
968NFSv3 - - uses UDP or TCP, and is based on the stateless protocol design
969- 64-bit file size, asynchronous writes, and replies containing additional file attributes to avoid subsequent calls
970
971NFSv4 - - uses TCP and is based on a stateful protocol design
972- enhanced security
973- session model, parallel NFS (pNFS), and data retention
974
975HDFS (hadoop distributed file system) - - file system that spans multiple nodes in a cluster and allows user data to be stored in files
976- traditional hierarchical file organization so that users or applications can manipulate (create, rename, move, or remove) files and directories
977- streaming interface to run any application of choice using the MapReduce framework
978- requires programmatic access because the file system cannot be mounted
979- layered on top of the TCP/IP protocol
980- has master/slave architecture.
981
982File level virtualization - - eliminates the dependencies between the data accessed at the file level and the location where the files are physically stored
983- logical pool of storage, enabling users to use a logical path rather than a physical path, to access files
984- global namespace is used to map the logical path of a file to the physical path names
985- enables the movement of files across NAS devices, even if the files are being accessed by the clients
986
987HSM (hierarchical storage management) - file mobility concept where a policy-engine, which can be software or hardware where policies are configured, facilitates moving files from the primary tiered storage to the secondary tiered storage that meets the predefined policies
988
989File level storage tiering - - moves files from a higher to lower tier
990- defined based on cost, performance, and availability
991- uses policy engine to move files from one tier to another
992- used for archive
993
994Scale-out data lake characteristics - - Accepts data from a variety of sources like file shares, archives, web applications, devices, and the cloud, in both streaming and batch processes
995- Enables access to this data for a variety of uses from conventional purpose to mobile, analytics, and cloud applications
996- Scales to meet the demands of future consolidation and growth as technology evolves and new possibilities emerge for applying data to gain competitive advantage in the market place
997- Provides a tiering ability that enables organizations to manage their costs without setting up specialized infrastructures for cost optimization
998
999Isilon (Dell EMC Product) - - scale out NAS
1000- pooling of nodes to create clustered system
1001- OneFS OS environment creates single cluster
1002
1003VNX Gateway (Dell EMC Product) - - gateway NAS
1004- one or more NAS heads "X-blades" that run VNX environment
1005- multi-protocol network file system access
1006
1007Cloud Tiering Appliance (DELL EMC Product) - - policy based file tiering
1008- cloud as a tier
1009- integrates with APIs to leverage native functionality
1010
1011
1012----------------------
1013
1014
1015Object based storage device - - stores data in the form of objects on flat address space based on its content and other attributes rather than the name and the location 
1016- contains user data, related metadata (size, date, ownership, etc.), and user defined attributes of data (retention, access pattern, and other business-relevant attributes)
1017- additional metadata or attributes enable optimized search, retention and deletion of objects
1018
1019Object ID - - unique identifier
1020- easy access to objects without the need to specify the storage location
1021- generated using specialized algorithms (such as a hash function) ensures uniqueness
1022- Any changes in the object, like user- based edits to the file, results in a new object ID
1023
1024Flat address space - - objects exist at the same level and one object cannot be placed inside another object
1025- no hierarchy of directories and files, and as a result, billions of objects are to be stored in a single namespace
1026- enables the OSD to meet the scale-out storage requirement of third platform
1027
1028Components of object based storage - - OSD nodes (controllers)
1029- internal network
1030- storage
1031
1032Node - - server that runs the OSD operating environment and provides services to store, retrieve, and manage data in the system
1033- provides both compute and storage resources, and scales linearly in capacity and performance by simply adding nodes
1034- metadata service and storage service
1035
1036Metadata service - - responsible for generating the object ID from the contents (may also include other attributes of data) of a file
1037- maintains the mapping of the object IDs and the file system namespace
1038- runs inside an application server
1039
1040Storage service - manages a set of disks on which the user data is stored
1041
1042Key features of OSD - - scale out architecture
1043- multi-tenancy
1044- metadata driven policy
1045- global namespace
1046- flexible data access method
1047- automated system management
1048- data protection-geo distribution
1049
1050Scale out architecture - - each node in the cluster contributes with its resources to the total amount of space and performance
1051- Nodes are independently added to the cluster that provides massive scaling to support petabytes and even exabytes of capacity with billions of objects that make it suitable for cloud environment
1052
1053Multi-tenancy - - Enables multiple applications to be securely served from the same infrastructure
1054- Each application is securely partitioned and data is neither co-mingled nor accessible by other tenants
1055- ideal for businesses providing cloud services for multiple customers or departments within an enterprise.
1056
1057Metadata driven policy - information management capabilities combine to intelligently (automate) drive data placement, data protection, and other data services (compression, deduplication, retention, and deletion) based on the service requirements
1058
1059Global namespace - - abstracts storage from the application and provides a common view, independent of location and making scaling seamless
1060- provides the ability to transparently spread data across storage systems for greater performance, load balancing, and non-disruptive operation
1061- important when the infrastructure spans multiple sites and geographies.
1062
1063Automated system management - - self-configuring and auto-healing capabilities to reduce administrative complexity and downtime
1064- no single point of failure
1065
1066Data protection - - protected using erasure coding replication
1067
1068Erasure coding - - provides space-optimal data redundancy to protect data loss against multiple drive failures
1069- ensure data integrity without using RAID
1070- data protection for very large storage systems without the risk of very long RAID rebuild cycles. -
1071- breaks the data into fragments, encoded with redundant data and stored across a set of different locations, such as disks, storage nodes, or geographic locations
1072- set of n disks is divided into m disks to hold data
1073- k disks to hold coding information
1074- n, m, and k are integers
1075- coding information is calculated from the data. If up to k of the n disks fail, their contents can be recomputed from the surviving disks
1076- similar to parity
1077
1078Object based storage implementations - - hardware based
1079- software based
1080
1081Software based storage implementation - - object storage software is installed on any compatible hardware (compute system)
1082- provides the flexibility to reuse the existing IT infrastructure including compute systems and file-based or SAN-based storage
1083- object storage software can also be installed on virtual machines that acts as nodes and enables to leverage the existing storage
1084
1085Hardware based storage implementation - - object storage software is installed on purpose-built hardware, and typically pre-configured and pre-tested by the vendor
1086- provides better performance
1087
1088Unified storage - single integrated storage infrastructure that simultaneously supports Fibre Channel (FC), Fibre-Channel-over-Ethernet (FCoE), IP Storage Area Networks (iSCSI), Network Attached Storage (NAS) data protocols, along with REST and SOAP protocols
1089
1090Benefits of unified storage - - single pool of storage resources that can be managed with a single management interface.
1091- lower overall system cost and administrative time, thus reducing the total cost of ownership (TCO).
1092- plan the overall storage capacity consumption. -
1093- Increased utilization, with no stranded capacity. 
1094- integrates with software-defined storage environment to provide next generation storage solutions for mobile, cloud, big data, and social computing needs
1095
1096Unified controller - - provides the functionalities of block storage, file storage, and object storage
1097- contains iSCSI, FC, FCoE, and IP front-end ports for direct block access to application servers and file access to NAS clients.
1098- For block-level access, the controller configures LUNs and presents them to application servers and the LUNs presented to the application server appear as local physical disks
1099- file system is configured on these LUNs at the server and is made available to applications for storing data
1100- NAS clients, configures LUNs and creates a file system on these LUNs and creates a NFS, CIFS, or mixed share, and exports the share to the clients. Some storage vendors offer REST API to enable
1101
1102Atmos (Dell EMC product) - - scale out object based cloud storage platform
1103- global namespace
1104- REST API driven storage
1105- multi-tenancy and self service
1106- Metering and chargeback
1107
1108ECS Appliance (Dell EMC product) - - hyper scale storage infrastructure
1109- universal accessibility with support for object and HDFS
1110- single platform for all web, mobile, big data and social media apps
1111
1112VNX (Dell EMC product) - - unfied storage platform
1113- consolidates block, file, and object
1114- built for SMBs and enterprise
1115- suited for apps with predictable workloads
1116
1117VMAX3 (Dell EMC product) - - high end enterprise unified storage for hybrid cloud
1118- eNAS services
1119- built around scalable Dynamic Virtual Matrix architecture to support storage growth
1120
1121CloudArray (Dell EMC product) - - cloud storage gateway solution 
1122- integrates existing apps with cloud using SAN and NAS interfaces
1123- multi layer encryption and local key management guard against unauthorized access
1124
1125Cloud based object storage gateway - - provides a local cache to reduce latency associated with having the storage capacity far away from the data center
1126- interface to the cloud and provides a layer of management that can even help to determine what data should be sent to the cloud and what data should be held locally
1127
1128-------
1129
1130
1131Needs for software defined storage - - complex IT silos in data centers
1132- critical functionality and management tied to storage system
1133- difficult to satisfy capacity requirements in real time
1134- traditional architecture is unsuitable for 3rd platform
1135
1136Software defined storage - - storage infrastructure that is managed and automated by software
1137- abstracts heterogeneous storage systems and their underlying capabilities, and pools the storage resource
1138- Storage capacity is dynamically and automatically allocated from the storage pools based on policies to match the needs of applications
1139- combination of hardware and software
1140
1141Attributes of software defined storage - - storage abstraction and pooling
1142- automated, policy driven storage provisioning
1143- unified management
1144- self service
1145- open and extensible
1146
1147Storage abstraction and pooling - - abstracts and pools storage resources across heterogeneous storage infrastructure
1148- creates a single large storage pool with the underlying storage resources, from which several virtual storage pools are created
1149- decouples the storage control path from the data path
1150
1151Automated, policy-driven storage provisioning - - combination of capacity, performance, protection, encryption, and replication
1152- storage services are dynamically composed from available resources
1153- application policies to create a "just-in-time" model for storage service delivery
1154- Storage assets and capabilities are configured and assigned to specific applications only when they are needed
1155
1156Unified management - - unified storage management interface that provides an abstract view of the storage infrastructure
1157- provides a single control point for the entire infrastructure across all physical and virtual resources
1158
1159Self service - - Resource pooling enables multi-tenancy, and automated storage provisioning
1160- Users select storage services from a self- service catalog and provision them
1161
1162SDS controller - - software that manages, abstracts, pools, and automates the physical storage systems into policy-based virtual storage pools
1163- enables self-service access to a catalog of storage resources
1164- Users provision storage using data services, which may be block, file, or object services
1165
1166Compute based SAN - - software-defined virtual SAN created from the direct- attached storage located locally on the compute systems in a cluster
1167- creates a large pool of block-based storage that can be shared among the compute systems (or nodes) in the cluster
1168- creates a large-scale SAN without storage systems, and enables leveraging the local storage of existing compute systems
1169- ensures that the local storage on compute systems, which often goes unused, is not wasted
1170
1171Client program - - block device driver that exposes shared block volumes to an application on the compute system
1172
1173IB (infiniband) - a high-speed, low latency communication standard for compute networking
1174
1175Metadata manager - - monitoring and configuration agent
1176- holds cluster-wide mapping information and monitors capacity, performance, and load balancing
1177- responsible for decisions regarding migration, rebuilds, and all system-related functions
1178- not on the virtual SAN data path
1179- does not perform data operations
1180- runs on a compute system within the compute-based SAN, or on an external compute system
1181
1182Benefits of SDS - - simplified storage management
1183- operational efficiency
1184- agility
1185- reuse existing infrastructure
1186- cloud support
1187
1188Simplified storage environment - - breaks down storage silos and their associated complexity
1189- provides centralized management across all physical and virtual storage environments
1190
1191Operational efficiency - - Automated policy-driven storage provisioning improves quality of services, reduces errors, and lowers operational cost
1192- provides faster streamlined storage provisioning
1193
1194Agility - - ability to deliver self-service access to storage via a service catalog provides agility and reduces time-to-market
1195
1196Reusing existing infrastructure - - SDS supports multi-vendor storage systems and commodity hardware, which enables organizations to work with their existing infrastructure
1197- SDS environment to be managed through external management interfaces
1198- protects the current investments of organizations
1199
1200Cloud support - - SDS enables an enterprise data center to connect to external cloud storage services for consuming services such as cloud-based backup, and disaster recovery
1201- mobile and cloud apps on existing infrastructure
1202
1203Key control pane functions - - asset discovery
1204- resource abstraction and pooling
1205- provisioning resources for services
1206- support for data protection
1207
1208Asset discovery - - controller automatically detects assets when they are added to the SDS environment
1209- recognizes (storage systems, storage networks, compute systems and clusters, data protection solutions)
1210
1211Virtual storage system or virtual array - - abstraction of physical storage systems, and the network connectivity between compute systems and the storage systems
1212- provides a more abstract view of the storage environment for provisioning and applying policy
1213
1214Virtual storage pool - - an abstraction that represents a standardized storage service offering out of which storage may be provisioned
1215- block, file, and object
1216
1217Virtual data center - - collection of storage infrastructure that can be managed as a cohesive unit by data center administrators
1218- enables an administrator to discover physical storage and abstract it into virtual storage systems and virtual storage pools
1219- high bandwidth and low latency are assumed
1220- used for HA and DR
1221
1222Multi tenant configuration - - multiple tenants, where each tenant is a group of multiple users
1223- tenants are configured with an authentication system, and users with specific assigned roles can be mapped into tenants
1224- block, file and object storage resources can be grouped logically into collections, which can be assigned to the tenants
1225- administrators can restrict access to resources, based on tenant
1226
1227Resource provisioning - Service catalog/self storage - - administrator creates storage services and organizes them into categories in service catalog
1228- service catalog provides users with access to predefined storage services
1229- SDS controller automates provisioning of resources
1230- administrators can view details of requests in real time
1231
1232Resource provisioning - Block data service - - provides block volume of required size performance and protection levels
1233- (create, delete, bind, unbind, mount, unmount, expand)
1234
1235Resource provisioning - File data service - - enables users to create file shares and export them to compute systems
1236- (create-NFS/CIFS, expand, delete-NFS/CIFS)
1237
1238Resource provisioning - Object data service - - enables data to be stored, accessed, and manipulated as objects
1239- namespace connects the object data service to an object virtual pool
1240- (create, edit, delete, ingest file share into object bucket)
1241
1242Bucket - - logical grouping of objects and is similar to a directory of files
1243- can be used to control access to objects and to set properties that define attributes for all contained objects, such as retention periods and quotas
1244
1245Namespace - - connects the object data service to an object virtual pool
1246
1247Data protection - - controller leverages protection technology of storage systems or external solutions
1248- Block protection (config failover, snapshots, continuous data protection)
1249- file protection (file system snapshots)
1250- object protection (replication, erasure coding)
1251
1252API (application programming interface) - - set of programmatic instructions and specifications that provides an interface for software components to communicate with each other
1253- specifies a set of routines (operations), input parameters, outputs/responses, data types, and errors
1254- pre-compiled code that is leveraged in programming languages, and can also be web- based
1255
1256Needs for APIs - - 3rd party data service integration with existing architecture
1257- orchestration and provisioning from pools
1258- REST API provides interface to underlying resources (storage provisioning, management, metering)
1259- extension of functionality and integration with external platforms and apps
1260
1261REST (representational state transfer) - - client-server software architecture approach that was originally introduced for building large-scale, distributed hypermedia (for example, hypertext, audio, video, image, and text) systems
1262- do not require XML-based web service protocols such as SOAP to support their light-weight interfaces
1263
1264REST design principles - - resource identification using URI
1265- standard HTTP methods
1266- self-descriptive resource services
1267- stateless design
1268
1269URI (uniform resource identifier) - - a string of characters that uniquely identifies a resource
1270- typically have a directory-like structure
1271- provide a global addressing space for resource and service discovery
1272
1273ViPR Controller (DELL EMC Product) - - software defined storage platform
1274- supports data protection across data centers
1275- extensible through REST API
1276- driven by open source community
1277
1278ECS (DELL EMC Product) - - software defined cloud storage platform
1279- installed on servers or commodity disks
1280- protects data against node, disk, and site failures
1281
1282ScaleIO (DELL EMC Product) - - software for creating computer based SAN from local storage
1283- supports physical and virtual servers
1284- scale out elastic architecture with massively parallel processing
1285
1286
1287
1288-------
1289
1290
1291SAN (storage area network) - - network that primarily connects the storage systems with the compute systems and also connects the storage systems with each other
1292- enables multiple compute systems to access and share storage resources
1293- enables data transfer between the storage systems
1294- extended across geographic locations
1295- provides access to block-based storage systems
1296
1297SAN Benefits - - enable both consolidation and sharing of storage resources across multiple compute systems
1298- improves the utilization of storage resources compared to a DAS environment and reduces the total amount of storage that an organization needs to purchase and manage
1299- centralized and less complex
1300- enables organizations to connect geographically dispersed compute systems and storage systems
1301- enables the compute systems across locations to access shared data and enables the replication of data between storage systems that reside in separate locations
1302
13033rd platform requirements for SAN - - high throughput
1304- interconnectivity among wide number of devices over great distances
1305- elastic and non disruptive scaling
1306- automated and policy driven
1307- simple flexible and agile management operations
1308
1309SAN implementations - - FC SAN
1310- IP SAN
1311- FCoE SAN
1312
1313Software defined networking - - an approach to abstract and separate the control plane functions from the data plane functions
1314- the software external to the components takes over the control functions
1315
1316Network controller - - software runs on a compute system or a standalone device 
1317- interacts with the network components to gather configuration information and to provide instructions for data plane in order to handle the network traffic
1318
1319Data plane - transfer the network traffic from one physical port to another port by following rules that are programmed into the component
1320
1321Control plane - provide the programming logic that the data plane follows for switching or routing of the network traffic
1322
1323Software Defined SAN benefits - - centralized control
1324- policy based automation
1325- simplified agile management
1326
1327Centralized control - - single point of control for the entire SAN infrastructure that may span across data centers
1328- provides that programming logic for transferring the SAN traffic, which can be uniformly and quickly applied across the SAN infrastructure
1329- programming logic can be upgraded centrally to add new features and based on application requirements
1330
1331Policy based automation - - Management operations may be programmed in the network controller based on business policies and best practices
1332- hardware based SAN management operations can be automated
1333
1334Simple agile management - - easy to configure
1335- configuration responds to the changing application requirements
1336
1337FC SAN (fiber channel storage area network) - - used to transport data, commands, and status information between the compute systems and the storage systems
1338- SAN that uses FC protocol for communication
1339- supports data transmission speeds of 16gb/s
1340- enables data transmission without dropping frames
1341- provides high scalability
1342- can accommodate 15 million devices
1343
1344FC (fiber channel) - - high-speed network technology that runs on high-speed optical fiber cables and serial copper cables
1345- developed to meet the demand for the increased speed of data transfer between compute systems and mass storage systems
1346- throughput of 3200 MB/s 
1347- supports credit-based flow control mechanism
1348
1349FC SAN components - - network adapters (FC HBA in compute, front end adapters in storage)
1350- Cables (copper for short distance, optical fiber for long distance)
1351- innerconnecting devices (FC hubs, FC switches, FC directors)
1352
1353Network adapters - - provide a physical interface for communicating with other nodes
1354- FC host bus adapters (HBAs) and storage system front-end adapters
1355- FC HBA has SCSI-to-FC processing capability
1356- encapsulates OS or hypervisor storage I/Os (usually SCSI I/O) into FC frames before sending the frames to the FC storage systems over an FC SAN
1357
1358Cables - - optical fiber cabling
1359- copper for distances up to 30m
1360
1361MMF (Multimode fiber) - carries multiple beams of light projected at different angles simultaneously onto the core of the cable
1362- multiple light beams traveling inside the cable tend to disperse and collide
1363- collision weakens the signal strength after it travels a certain distance
1364- due to modal dispersion, used for short distances, commonly within a data center.
1365
1366Modal dispursion - - light beams in cabling weaken signal over a certain distance
1367
1368SMF (Single-mode fiber) - - carries a single ray of light projected at the center of the core
1369- small core and the single light wave help to limit modal dispersion
1370- provides minimum signal attenuation over maximum distance (up to 10 km)
1371- used for long-distance cable runs, and the distance usually depends on the power of the laser at the transmitter and the sensitivity of the receiver - connector is attached at the end of a cable to enable swift connection and disconnection of the cable to and from a port
1372- (SC) and a lucent connector (LC) are two commonly used connectors for fiber optic cables
1373
1374FC hubs - - physically connect nodes in a logical loop or a physical star topology
1375- All the nodes must share the loop because data travels through all the connection points
1376
1377FC switches - - more intelligent than FC hubs and directly route data from one physical port to another
1378- nodes do not share the data path
1379- each node has a dedicated communication path
1380- commonly available with a fixed port count
1381- number of active ports can be scaled-up non-disruptively
1382- components such as power supplies and fans are redundant and hot-swappable
1383
1384FC directors - - high-end switches with a higher port count
1385- modular architecture and its port count is scaled-up by inserting additional line cards or blades to the director's chassis
1386- contain redundant components with automated failover capability
1387- high availability for business critical applications
1388- hot swappable components
1389
1390FC interconnectivity options - - point to point
1391- arbitrated loop
1392- FC switched fabric
1393
1394Point to point - - two nodes are connected directly to each other
1395- provides a dedicated connection for data transmission between nodes
1396- offers limited connectivity and scalability and is used in a DAS environment
1397
1398FC-AL - - devices are attached to a shared loop
1399- Each device contends with other devices to perform I/O operations
1400- The devices on the loop must "arbitrate" to gain control of the loop
1401- only one device can perform I/O operations on the loop
1402- overall performance in FC-AL environments is low
1403
1404FC-SW - - single FC switch or a network of FC switches (including FC directors) to interconnect the nodes. - referred to as fabric connect
1405- high scalability
1406- addition or removal of a node is minimally disruptive; it does not affect the ongoing traffic between other nodes
1407
1408Fabric - logical space in which all nodes communicate with one another in a network
1409
1410ISL (interswitch link) - - link between any two switches
1411- enable switches to be connected together to form a single, larger fabric
1412- enable the transfer of both storage traffic and fabric management traffic from one switch to another
1413
1414N_Port - - end point in the fabric
1415- also known as the node port
1416- Typically, it is a compute system port (FC HBA port) or a storage system port that is connected to a switch in a switched fabric
1417
1418E_Port - - port that forms the connection between two FC switches
1419- also known as the expansion port
1420- connects to the E_Port of another FC switch in the fabric ISLs
1421
1422F_Port - - port on a switch that connects an N_Port
1423- also known as a fabric port
1424
1425G_Port - - generic port on a switch that can operate as an E_Port or an F_Port
1426- determines its functionality automatically during initialization
1427
1428FC-4 layer - - uppermost layer in the FCP stack
1429- defines the application interfaces and the way Upper Layer Protocols (ULPs) are mapped to the lower FC layers.
1430
1431FC-2 layer - - provides FC addressing, structure, and organization of data (frames, sequences, and exchanges)
1432- defines fabric services, classes of service, flow control, and routing
1433
1434FC-1 layer - - defines how data is encoded prior to transmission and decoded upon receipt
1435- FC links, with a speed of 10 Gbps and above, use 64-bit to 66-bit encoding algorithm
1436- defines the transmission words such as FC frame delimiters, which identify the start and the end of a frame
1437- performs link initialization and error recovery
1438
1439FC- 0 layer - - lowest layer in the FCP stack
1440- defines the physical interface, media, and transmission of bits
1441- includes cables, connectors, and optical and electrical parameters for a variety of data rates
1442- FC transmission can use both electrical and optical media
1443
1444FC Addressing - - assigned to node ports during fabric login 
1445- Domain ID (23-16 bits), Area ID (15-8 bits), Port ID (7-0 bits)
1446- unique number provided to each switch in the fabric
1447- max domains 15,663,104
1448
1449WWN - - 64 bit unique identifier
1450- static to node ports on FC network
1451
1452WWNN - - used to physically identify FC network adapters
1453
1454WWPN - - used to physically identify FC adapter ports or node ports
1455
1456Exchange - - enables two node ports to identify and manage a set of information units
1457- Each upper layer protocol (ULP) has its protocol-specific information that must be sent to another port to perform certain operations
1458- composed of one or more sequences.
1459
1460Information Unit - - protocol specific information that must be sent to another port to perform certain operations
1461
1462Sequence - - contiguous set of frames that are sent from one port to another
1463- corresponds to an information unit, as defined by the ULP
1464
1465Frame - - frame is the fundamental unit of data transfer at FC-2 layer
1466
1467Frame parts - - SOF 
1468- header
1469- data field
1470- CRC
1471- EOF
1472
1473Frame header - - 24 bytes long and contains addressing information for the frame
1474
1475Data field - - contains the data payload, up to 2,112 bytes of actual data - in most cases the SCSI data
1476
1477CRC (clynical redundancy check) - - checksum facilitates error detection for the content of the frame
1478- verifies data integrity by checking whether the content of the frames are received correctly
1479- calculated by the sender before encoding at the FC-1 layer
1480- calculated by the receiver after decoding at the FC-1 layer
1481
1482Fabric services - - fabric login server
1483- name server
1484- fabric controller
1485- management server
1486
1487Fabric login server - - located at the predefined address of FFFFFE and is used during the initial part of the node's fabric login process
1488
1489Name server - - (formally known as Distributed Name Server)
1490- located at the predefined address FFFFFC
1491- responsible for name registration and management of node ports
1492- Each switch exchanges its Name Server information with other switches in the fabric to maintain a synchronized, distributed name service
1493
1494Fabric controller - - located at the predefined address FFFFFD
1495- provides services to both node ports and other switches
1496- responsible for managing and distributing Registered State Change Notifications (RSCNs) to the node ports registered
1497- generates Switch Registered State Change Notifications (SW-RSCNs) to every other domain (switch) in the fabric
1498
1499Management server - - FFFFFA is the FC address
1500- distributed to every switch within the fabric
1501- enables the FC SAN management software to retrieve information and administer the fabric
1502
1503Fabric login types - - FLOGI
1504- PLOGI
1505- PRLI
1506
1507FLOGI (fabric login) - - performed between an N_Port and an F_Port
1508- node sends frame to WWN to fabric login server
1509- node obtains FC address from switch
1510- immediately after login, N_Port registers with name server on switch
1511- N_Port queries name server about all other logged on ports
1512
1513PLOGI (port login) - - occurs between two N_Ports to establish a session
1514- exchange service parameters relevant to session
1515
1516PRLI (process login) - - occurs between two N_Ports to exchange ULP related parameters
1517
1518Flow control - - process to regulate the data transmission rate between two devices so that a transmitting device does not overflow a receiving device with data
1519
1520BB_Credit (buffer to buffer credit) - - flow control mechanism used by fabric
1521- occurs between any two FC ports
1522- ensures that the FC ports do not run out of buffers and do not drop frames
1523- transmitting and receiving ports agree on the number of buffers available during the port login process
1524- (R_RDY) is sent from the receiving port to the transmitting port for every free buffer on the receiving side
1525- frames are counted and sent until the count of credits is zero
1526- frames are suspended until credit count becomes nonzero
1527
1528Single switch topology - - fabric consists of only a single switch
1529- compute systems and storage systems connected to same switch
1530- No ISLs required for compute to storage traffic
1531- every port is usable for node connectivity
1532
1533Full mesh topology - - each switch is connected to every other switch
1534- maximum of one ISL required for compute to storage traffic
1535- compute systems and storage systems can be connected to any switch
1536
1537Partial mesh topology - - not all the switches are connected to every other switch
1538- several hops or ISLs may be required for the traffic to reach its destination
1539- offers more scalability
1540- traffic management might be complicated and ISLs could become overloaded due to excessive traffic aggregation
1541
1542Core edge topology - - consists of edge and core switch tiers
1543- storage systems connected to core tier
1544- maximum one ISL for compute to storage traffic
1545- fabric can be scaled by adding more core and edge switches
1546
1547Edge tier - - usually composed of switches and offers an inexpensive approach to adding more compute systems in a fabric
1548- switches are not connected to each other
1549- each switch is attached to a switch at the core tier through ISLs
1550
1551Core tier - - usually composed of directors that ensure high fabric availability
1552- all traffic must either traverse this tier or terminate at this tier
1553- storage systems are connected to enable compute-to-storage traffic to traverse only one ISL
1554
1555Link aggregation - - combines two or more parallel ISLs into a single logical ISL, called a port- channel, yielding higher throughput than a single ISL could provide
1556- optimizes fabric performance by distributing network traffic across the shared bandwidth of all the ISLs in a port-channel
1557- number of ISLs can be scaled up
1558
1559Zoning - - FC switch function that enables node ports within the fabric to be logically segmented into groups and communicate with each other within the group
1560- when changes occur fabric controller sends a Registered State Change Notification (RSCN) to all the nodes impacted by the change
1561- limits the number of RSCNs in a fabric
1562- fabric sends the RSCN to only those nodes in a zone where the change has occurred
1563- provides access control, along with other access control mechanisms, such as LUN masking
1564- allowing only the members in the same zone to establish communication with each other
1565
1566Zone set - - composed of a group of zones that can be activated or deactivated as a single entity in a fabric
1567- only one can be active at a time
1568- also referred to as zone configuration
1569
1570Members - - nodes within the FC SAN that can be included in a zone
1571- FC switch ports, FC HBA ports, and storage system ports
1572
1573WWN zoning - - uses World Wide Names to define zones
1574- zone members are the unique WWN addresses of the FC HBA and its targets (storage systems)
1575- flexibility
1576- static to the node port
1577- nodes maintain connectivity to zone partners when moved to different switch port by administrator
1578
1579Port zoning - - switch port ID to define zones
1580- access to node is determined by the physical switch port to which a node is connected
1581- zone members are the port identifiers (switch domain ID and port number) to which FC HBA and its targets (storage systems) are connected
1582- if node is moved to another zone port must be modified
1583- if FC HBA or storage system port fails only failed device must be replaced
1584
1585Mixed zoning - - combines the qualities of both WWN zoning and port zoning
1586- enables a specific node port to be tied to the WWN of another node
1587
1588NPIV (N_Port ID virtualization) - - enables a single N_Port (such as an FC HBA port) to function as multiple virtual N_Ports
1589- has a unique WWPN identity in the FC SAN
1590- allows a single physical N_Port to obtain multiple FC addresses.
1591- acts as a virtual FC HBA port
1592- enables a VM to directly access assigned LUNs
1593- enables an administrator to restrict access to specific LUNs to specific VMs using security techniques like zoning and LUN masking
1594
1595NPV (N_Port virtualization) - - addresses this concern by reducing the number of domain IDs in a fabric
1596- Edge switches do not require a domain ID
1597- edge switches do not perform any fabric services, and instead forward all fabric activity, such as login and name server registration to the core switch.
1598- All ports at the NPV edge switches that connect to the core switch are established as NP_Ports (not E_Ports)
1599
1600NP_Port - connect to an NPIV-enabled core director or switch
1601
1602Block level storage virtualization - - provides virtualization layer in SAN
1603- abstracts block based storage systems
1604- aggregates LUNs to create storage pool
1605- virtual volumes from storage pool are assigned to compute systems
1606- virtualization layer maps virtual volumes to LUNs
1607- non disruptive data migration
1608- online expansion of virtual volumes
1609
1610VSAN (virtual fabric) - - logical fabric on an FC SAN, which enables communication among a group of nodes regardless of their physical location in the fabric
1611- group of node ports communicate with each other using a virtual topology defined on the physical SAN
1612- extended across sites, enabling communication among a group of nodes, in either site with a common set of requirements
1613- improve SAN security, scalability, availability, and manageability
1614- provide enhanced security by isolating the sensitive data and by restricting the access to the resources
1615
1616VSAN configuration - - define VSANs on fabric using specific VSAN IDs
1617- assign VSAN IDs to F_Ports
1618- N_Port connected to F_Port becomes member of VSAN
1619- switch fords FC frames between F_Ports that belong to same VSAN
1620
1621VSAN trunking - - allows network traffic from multiple VSANs to transverse a single ISl
1622- inables E_Port to send or receive multiple VSAN traffic over trunk link
1623- Reduces number of ISLs between switches configured with multiple VSANs
1624
1625VSAN tagging - - process of adding or removing a marker or tag to the FC frames that contains VSAN-specific information
1626- helps isolate FC frames from multiple VSANs that travel through and share a trunk link. Whenever an FC frame enters an FC switch, it is tagged with a VSAN header indicating the VSAN ID of the switch port (F_Port) before sending the frame down to a trunk link
1627- receiving FC switch reads the tag and forwards the frame to the destination port that corresponds to that VSAN ID
1628- tag is removed once the frame leaves a trunk link to reach an N_Port
1629
1630Connectrix (DELL EMC Product) - - networked storage connectivity products (enterprise directors, departmental switches, multi-purpose switches)
1631- support FC iSCSI, FCIP, FCoE protocols
1632
1633VPLEX (DELL EMC Product) - - solution for block level storage virtualization and data mobility both within and across data centers
1634- capability to mirror data of virtual volume both within and across locations 
1635- deployed as a set of virtual appliances on VMware ESXi infrastructure
1636
1637
1638
1639--------
1640
1641
1642IP SAN - - uses Internet Protocol (IP) for the transport of storage traffic
1643- transports block I/O over an IP-based network
1644- iSCSI & FCIP protocols
1645
1646FC SAN - - high performance and scalability
1647- no distance limitations
1648- existing IP based network infrastructure can be leveraged
1649- used for DR
1650- robust and mature security options
1651
1652iSCSI - - IP-based protocol that establishes and manages connections between compute systems and storage systems over IP
1653- encapsulates SCSI commands and data into IP packets and transports them using TCP/IP
1654- widely adopted for transferring SCSI data over IP between compute systems and storage systems and among the storage systems
1655- relatively inexpensive and easy to implement, especially environments in which an FC SAN does not exist
1656
1657iSCSI network components - - iSCSI initiators (iSCSI HBA)
1658- iSCSI targets (storage system with iSCSI ports)
1659- IP based network (gigabit ethernet LAN)
1660
1661iSCSI initiators - - standard NIC with software iSCSI adapter
1662- TOE NIC with iSCSI adapter
1663- iSCSI HBA
1664
1665Standard NIC with software iSCSI adapter - - software iSCSI adapter is an operating system (OS) or hypervisor kernel-resident software that uses an existing NIC of the compute system to emulate an iSCSI initiator
1666- least expensive and easy to implement
1667- requires only a software initiator for iSCSI functionality
1668- TCP/IP processing and the encapsulation of SCSI data into IP packets are carried out by the CPU of the compute system
1669- CPU of the compute system might become a bottleneck
1670
1671TOE NIC with software iSCSI adapter - - offloads the TCP/IP processing from the CPU of a compute system and leaves only the iSCSI functionality to the CPU
1672- sends the information to the destination using TCP/IP
1673- iSCSI functionality is still handled by a software adapter that requires CPU cycles of the compute system
1674
1675iSCSI HBA - - hardware adapter with built-in iSCSI functionality
1676- capable of providing performance benefits
1677- offloads the entire iSCSI and TCP/IP processing from the CPU of a compute system
1678
1679iSCSI connectivity - - native 
1680- bridged
1681
1682Native iSCSI - - compute systems with iSCSI initiators may be either directly attached to the iSCSI targets (iSCSI-capable storage systems) or connected through an IP-based network
1683- FC components are not required
1684- After an iSCSI initiator is logged on to the network, it can access the available LUNs on the storage system
1685
1686Bridged iSCSI - - allows the initiators to exist in an IP environment while the storage systems remain in an FC SAN environment
1687- enables the coexistence of FC with IP by providing iSCSI-to-FC bridging functionality
1688- iSCSI initiatiors attached to IP network
1689- storage systems attached to FC SAN
1690
1691SCSI - - command protocol that works at the application layer of the Open System Interconnection (OSI) model
1692- initiators and the targets use SCSI commands and responses to talk to each other
1693- SCSI commands, data, and status messages are encapsulated into TCP/IP and transmitted across the network between the initiators and the targets
1694
1695iSCSI - - session-layer protocol that initiates a reliable session between devices that recognize SCSI commands and TCP/IP
1696- session-layer interface is responsible for handling login, authentication, target discovery, and session management
1697
1698TCP - - used with iSCSI at the transport layer to provide reliable transmission
1699- controls message flow, windowing, error recovery, and retransmission
1700- relies upon the network layer of the OSI model to provide global addressing and connectivity
1701- OSI Layer 2 protocols at the data link layer of this model enable node-to-node communication through a physical network
1702
1703iSCSI address - - location of an iSCSI initiator or target on the network and the iSCSI name
1704- location is a combination of the host name or IP address and the TCP port number
1705- iSCSI initiators, the TCP port number is omitted from the address
1706
1707iSCSI name - - unique worldwide iSCSI identifier that is used to identify the initiators and targets within an iSCSI network to facilitate communication
1708- names of the department, application, manufacturer, serial number, asset number, or any tag that can be used to recognize and manage the iSCSI nodes
1709
1710IQN (iSCSI qualified name) - - organization must own a registered domain name
1711- date is included in the name to avoid potential conflicts caused by the transfer of domain names
1712- enables storage administrators to assign meaningful names to the iSCSI initiators and the iSCSI targets, and therefore, manages those devices more easily
1713
1714EUI (extended unique identifier) - - globally unique identifier based on the IEEE EUI-64 naming standard
1715- composed of the eui prefix followed by a 16-character hexadecimal name, such as eui.0300732A32598D26
1716
1717NAA (network address authority) - - worldwide unique naming format as defined by the InterNational Committee for Information Technology Standards (INCITS) T11 - Fibre Channel (FC) protocols and is used by Serial Attached SCSI (SAS)
1718- enables the SCSI storage devices that contain both iSCSI ports and SAS ports to use the same NAA- based SCSI device name
1719- composed of the naa prefix followed by a hexadecimal name, such as naa.52004567BA64678D
1720- maximum size of 32 characters (128 bit identifier).
1721
1722iSCSI discovery - - iSCSI initiator must discover the location of its targets on the network and the names of the targets available to establish a session
1723- SendTargets discovery
1724- internet Storage Name Service (iSNS).
1725
1726SendTargets Discovery - - initiator is manually configured with the target's network portal (IP address and TCP port number) 
1727- initiator issues the SendTargets command, and thereby the target network portal responds to the initiator with the location and name of the target.
1728
1729iSNS (internet storage name service) - - equivalent in function to the Name Server in an FC SAN
1730- enables automatic discovery of iSCSI devices on an IP-based network
1731- initiators and targets can be configured to automatically register themselves
1732
1733iSNS discovery domains - - function in the same way as FC zones
1734- provide functional groupings of devices (including iSCSI initiators and targets) in an IP SAN
1735- For devices to communicate with one another, they must be configured in the same discovery domain
1736
1737SCNs (state change notifications) - - inform the registered devices about network events that affect the operational state of devices such as the addition or removal of devices from a discovery domain
1738
1739Link aggregation - - combines two or more parallel network links into a single logical link (port-channel)
1740- enables obtaining higher throughput than a single link could provide
1741- enables distribution of network traffic across the links that ensure even link utilization
1742- can be performed for links between two switches and between a switch and a node
1743
1744Switch aggregation - - combines two physical switches to make them appear as a single logical switch
1745- All network links from these physical switches appear as a single logical link
1746- enables nodes to use a port-channel across two switches
1747- network traffic is also distributed across all the links in the port-channel
1748- allows ports in both the switches to be active and to forward network traffic simultaneously
1749
1750Self forming network - - allows an Ethernet switch to join an Ethernet network automatically
1751- new switch is simply powered-up and cabled to an existing switch in the network
1752- Ethernet network automatically detects the new switch and populates its routing table to start forwarding network traffic immediately
1753
1754Self forming link aggregation - - enables an Ethernet network to automatically include new ISLs into a port-channel and redistributes network traffic among all the links in the port-channel
1755- port-channels are automatically formed when new connections (links) are added between the switches
1756- enables an organization to scale network bandwidth between the Ethernet switches quickly
1757
1758VLAN (virtual LANs) - - logical networks created on a LAN
1759- enables communication between a group of nodes (compute systems and storage systems) with a common set of functional requirements independent of their physical location in the network
1760- well-suited for iSCSI deployments as they enable isolating the iSCSI traffic from other network traffic (for example, compute-to-compute traffic) when a physical Ethernet network is used to transfer different types of network traffic
1761
1762VLAN trunking - - network traffic from multiple VLANs may traverse a trunk link
1763- trunk port, is used for sending or receiving traffic from multiple VLANs over a trunk link. -
1764 Both the sending and the receiving network components must have at least one trunk port configured for all or a subset of the VLANs defined on the network component
1765
1766VLAN tagging - - The tagging is performed by inserting a 4-byte tag field containing 12-bit VLAN ID into the Ethernet frame (as per IEEE 802.1Q standard) before it is transmitted through a trunk link
1767- receiving network component reads the tag and forwards the frame to the destination port(s) that corresponds to that VLAN ID
1768- tag is removed once the frame leaves a trunk link to reach a node port
1769
1770Stretched VLAN - - VLAN that spans across multiple sites over a WAN connection
1771- extends a VLAN across the sites and enables nodes in two different sites to communicate over a WAN as if they are connected to the same network
1772- allow the movement of virtual machines (VMs) between sites without the need to change their network configurations
1773
1774FCIP - - IP-based protocol that enables distributed FC SAN islands to be interconnected over an existing IP network
1775- frames are encapsulated onto the IP payload and transported over an IP network
1776- creates virtual FC links over IP network to transfer FC data between FC SANs
1777- tunneling protocol in which FCIP entity such as an FCIP gateway is used to tunnel FC fabrics through an IP network
1778- extensively used in disaster recovery implementations in which data is replicated to the storage located at a remote site
1779
1780FCIP tunnel - - consists of one or more independent connections between two FCIP ports on gateways
1781- transports encapsulated FC frames over a TCP/IP network
1782- nodes in either fabric are unaware of the existence of the tunnel
1783
1784FCIP tunnel config - merged fabric - - E_Port on FCIP gateway connects E_Port of an FC switch
1785- VE_Ports are on both ends of the FCIP tunnel (virtual ISLs through FCIP tunnel)
1786
1787FCIP tunnel config - separate fabric - - vendor specific features to route network traffic between specific nodes without merging fabric
1788- EX_Port on FCIP gateway connects to E_Port of an FC switch (enables FC-FC routing without merging fabrics)
1789
1790VSAN & FCIP tunnel - - FCIP tunnel uses vendor specific features to transfer multiple VSAN through it 
1791- virtual TE_Ports are used on both ends of FCIP tunnel (allows VSAN tagged traffic to trasverse FCIP tunnel)
1792
1793
1794--------------
1795
1796
1797FCoE SAN - - Converged Enhanced Ethernet (CEE) network that is capable of transporting FC data along with regular Ethernet traffic over high speed (such as 10 Gbps or higher) Ethernet links
1798- uses FCoE protocol that encapsulates FC frames into Ethernet frames
1799- defined by the T11 standards committee
1800- supports Data Center Bridging (DCB) functionalities (also called CEE functionalities). -
1801 ensures lossless transmission of FC traffic over Ethernet
1802
1803FCoE benefits - - provides the flexibility to deploy the same network components for transferring both compute-to-compute traffic and FC storage traffic
1804- mitigate the complexity of managing multiple discrete network infrastructures
1805- reduces the number of network adapters, cables, and switches, along with power and space consumption required in a data center
1806
1807FCoE SAN components - - network adapters (CNA, software FCoE)
1808- cables (copper, fiber optical)
1809- FCoE switch
1810
1811CNA (converged network adapter) - - physical adapter that provides the functionality of both a standard NIC and an FC HBA in a single device
1812- consolidates both FC traffic and regular Ethernet traffic on a common Ethernet infrastructure
1813- connect compute systems to the FCoE switches
1814- encapsulate FC traffic onto Ethernet frames and forwarding them to FCoE switches over CEE links
1815- eliminate the need to deploy separate adapters and cables for FC and Ethernet communications
1816- offloads the FCoE protocol processing task from the compute system
1817
1818Software FCoE adapter - - OS or hypervisor kernel-resident software that performs FCoE processing
1819- consumes compute system CPU cycles
1820- OS or hypervisor implements FC protocol in software that handles SCSI to FC processing
1821- performs FC to Ethernet encapsulation
1822- Both FCoE traffic (Ethernet traffic that carries FC data) and regular Ethernet traffic are transferred through supported NICs on the compute system
1823
1824FCoE switch - - both Ethernet switch and FC switch functionalities
1825- Fibre Channel Forwarder (FCF), an Ethernet Bridge, and a set of ports that can be used for FC and Ethernet connectivity
1826- If the Ethertype of the frame is FCoE, the switch recognizes that the frame contains an FC payload and then forwards it to the FCF
1827- If the Ethertype is not FCoE, the switch handles the traffic as usual Ethernet traffic and forwards it over the Ethernet ports
1828
1829Ethertype - used to indicate which protocol is encapsulated in the payload of an Ethernet frame
1830
1831FCoE with existing SAN - FCoE switches interconnect a CEE network containing compute systems with an FC SAN containing storage systems
1832
1833End to end FCoE - FCoE switches interconnect FCoE compute systems with FCoE storage systems (suitiable for new systems)
1834
1835VLAN & VSAN in FCoE - - VLAN and VSAN may exist in FCoE with existing FC SAN environment
1836- FCoE switch supports VSAN to VLAN mapping
1837- dedicated VLAN is configured for each VSAN
1838- VLANs configured for VSANs should not carry regular traffic
1839
1840VN_Port - - end point in an FCoE SAN. Typically, it is a CNA port or an FCoE storage system port that is connected to an FCoE switch in the FCoE SAN
1841
1842VF_Port - - port on an FCoE switch that connects a VN_Port
1843
1844VE_Port - - port that forms the connection between two FCoE switches
1845- connects to the VE_Ports of another FCoE switch in an FCoE SAN
1846
1847CEE (converged enhanced ethernet) - - provides a new specification to the existing Ethernet standard
1848- eliminates the lossy nature of Ethernet and enables convergence of various types of network traffic on a common Ethernet infrastructure
1849- eliminates the dropping of frames due to congestion and thereby ensures lossless transmission of FCoE traffic over an Ethernet network
1850- high-speed (such as 10 Gbps or higher) Ethernet network a viable storage networking option
1851
1852CEE requirements - - Priority based flow control
1853- enhanced transmission selection
1854- congestion notification
1855- data bridging exchange protocol
1856
1857PFC (priority based flow control) - - link-level flow control mechanism
1858- creates eight separate virtual links on a single physical link and allows any of these links to be paused and restarted independently
1859- enables the PAUSE mechanism based on user priorities or classes of service
1860
1861ETS (enhanced transmission selection) - - provides a common management framework for the allocation of bandwidth to different traffic classes, such as LAN, SAN, and Inter Process Communication (IPC)
1862- When a particular class of traffic does not use its allocated bandwidth, other traffic classes to use the available bandwidth
1863
1864CN (congestion notification) - - provides end-to-end congestion management for protocols, such as FCoE, that do not have built-in congestion control mechanisms
1865- provides a mechanism for detecting congestion and notifying the source to move the traffic flow away from the congested links
1866- enables a switch to send a signal to other ports that need to stop or slow down their transmissions
1867
1868DCBX (data center bridging exchange protocol) - - discovery and capability exchange protocol, which helps CEE devices to convey and configure their features with the other CEE devices in the network
1869- used to negotiate capabilities between the switches and the network adapters, which allows the switch to distribute the configuration values to all the attached adapters
1870- helps to ensure consistent configuration across the entire network
1871
1872FCoE frame - - Ethernet frame that contains an FCoE Protocol Data Unit (PDU)
1873- includes a version field that identifies the version of FCoE being implemented and some reserved bits
1874- standard FCoE frame has a 2112-byte payload, a 24- byte header, and an FCS
1875- standard Ethernet frame has a default payload capacity of 1500 bytes
1876- must use jumbo frames to prevent an FC frame from being split into two Ethernet frames
1877
1878FCoE processes - - discovery phase
1879- login phase
1880- data transfer phase
1881
1882Discovery phase - - FCFs discover each other and form an FCoE fabric
1883- FCoE nodes also find the available FCFs for login
1884- FCoE nodes and the FCFs discover potential VN_Port to VF_Port pairing
1885
1886Login phase - - virtual FC links are established between VN_Ports and VF_Ports as well as between VE_Ports
1887- VN_ports perform FC login (including FLOGI, PLOGI, PRLI) to the discovered FCFs and obtain FC addresses
1888- Each VN_Port also obtains a unique MAC address
1889
1890Data transfer phase - - VN_Ports can start transferring regular FC frames (encapsulated) over the CEE network
1891
1892FIP (FCoE initialization process) - - used for discovering FCFs and establishing virtual links between FCoE nodes and FCoE switches
1893- frames do not transport FC data but contain discovery and login parameters
1894
1895FIP operations - - FCoE node sends multicast FIP Solicitation frame to find which FCFs are available for login.
1896- Each FCF replies to the FCoE node by sending unicast FIP Advertisement frame.
1897- After the FCoE node decides which FCF is appropriate, it sends FIP FLOGI request to the FCF.
1898- The selected FCF sends FIP FLOGI Accept which contains both FC address and MAC address for the VN_Port. The reason for using FIP for FLOGI instead of a regular FLOGI is that the FIP FLOGI Accept has a field for the FCF to assign a MAC address to the VN_Port.
1899
1900FCoE addressing - - FCoE SAN uses MAC address for frame forwarding (assigned to VN, VF, and VE ports)
1901- VF_Ports and VE_Ports obtain MAC address from FCoE switch
1902- supports SPMA and FPMA addressing
1903
1904SPMA (server provided mac address) - - compute systems provide MAC addresses to the associated VN_Ports
1905- MAC addresses are issued in accordance with Ethernet standards
1906- addresses are either burned-in by the manufacturers of the network adapters or are configured by an administrator
1907- can use a single MAC address exclusively for FCoE traffic or it can have different MAC address for each VN_Port
1908
1909FPMA (fabric provided mac address) - - VN_Ports receive MAC addresses from the FCoE switches dynamically during login
1910- VN_Ports then use their granted MAC addresses for communication
1911- derived by concatenating the 24-bit FC MAC address prefix (FC-MAP) and the 24-bit FC address assigned to the VN_Port by the FCoE switch
1912- ensures that the MAC addresses are unique within an FCoE SAN
1913
1914
1915
1916----
1917
1918
1919
1920Business Continuity - process that prepares for, responds to, and recovers from a system outage that can adversely affect business operations
1921
1922Business Continuity - - enables continuous availability of information and services in the event of failure to meet required SLA
1923- proactive and reactive countermeasures
1924- automated to reduce manual intervention
1925- ensures information availability
1926
1927Business Continuity Drivers - - Proactive and reactive in nature
1928- Continuous information access ensures smooth functioning business operations
1929- Generates revenue, productivity not impacted, reputation maintained
1930- SLAs must be met
1931- Many threats to BC
1932- Process must be in place to overcome challenges
1933
1934Information Availability - the ability of an IT infrastructure to function according to business requirements and customer expectations during its specified time of operation
1935
1936Components of Information Availability - - Accessibility
1937- Reliability
1938- Timeliness
1939
1940Causes of Information Unavailability - - Application Failure
1941- Data Loss
1942- Infrastructure component failure 
1943- Data center or site down (power failure or disaster)
1944- Refreshing IT infrastructre
1945- Planned and unplanned outages
1946
1947Impact of Information Unavailability - - Lost productivity
1948- Damaged reputation
1949-Lost revenue
1950- Financial performance 
1951- Other expenses
1952
1953Mean Time Between Failure (MTBF) - average time available for a system or component to perform its normal operations between failures
1954
1955MTBF - total uptime / number of failures
1956
1957Mean Time To Repair (MTTR) - average time required to repair a failed component
1958
1959MTTR - total downtime / number of failures
1960
1961IA - MTBF/(MTBF+ MTTR)
1962
1963Disaster Recovery - part of BC process which involves a set of policies and procedures for restoring IT infrastructure, including data that is required to support the ongoing IT services, after a natural or human-induced disaster occurs
1964
1965- has secondary center
1966- pre planned level of operational readiness during outage
1967
1968Disaster Recovery-as-a-Service (DRaaS) - solution to strengthen the portfolio of a cloud service provider, while offering a viable DR solution to consumer organizations
1969
1970Recovery Point Objective (RPO) - point-in-time to which systems and data must be recovered after an outage
1971
1972Recovery Time Objective (RTO) - time within which systems and applications must be recovered after an outage
1973
1974BC lifecycle - 1. establishing objective
19752. analyzing
19763. design and develop
19774. implementation
19785. training, testing, assessing, and maintaining
1979
1980Business impact analysis (BIA) - identifies which business units, operations, and processes are essential to the survival of the business
1981
1982BIA - - Determine the business areas.
1983- For each business area, identify the key business processes critical to its operation.
1984- Determine the attributes of the business process in terms of applications, databases, and hardware and software requirements.
1985- Estimate the costs of failure for each business process.
1986- Calculate the maximum tolerable outage and define RTO for each business process.
1987- Establish the minimum resources required for the operation of business processes.
1988- Determine the recovery strategies and the cost of implementing them.
1989- Optimize the business recovery strategy based on business priorities.
1990- Analyze the current state of BC readiness and optimize the future BC planning
1991
1992BC 3rd platform requirements - - continuous availability of business services -
1993(eliminates single points of failure across data centers)
1994- automated service failover
1995- seamless integration of data protection software (enterprise, mobile, social cloud apps, SDS)
1996- resource optimization reduces CAPEX and OPEX
1997- controlled unified management
1998
1999BC Technology solutions - - fault tolerance mechanisms (redundancy at infrastructure, component level, and site level)
2000- deploying data protection solutions such as backup and replication resilient applications
2001
2002(SPOF) Single Point of Failure - any individual component or aspect of an infrastructure whose failure can make the entire system or service unavailable, can occur at component, site, or data center level
2003
2004Eliminating Single Points of Failure - - Fault tolerance mechanisms (redundancy)
2005- High availability mechanisms that enable automated application / service failover
2006
2007Redundancy at Component Level - - Protect compute (clustering, VM live migration)
2008- Protect network connectivity (link and switch aggregation, NIC teaming, multipathing, hot swappable components)
2009- Protect storage (RAID, erasure coding, dynamic disk sparing, redundant disk components)
2010
2011Compute clustering - key fault tolerance mechanisms that provide continuous availability of service even when a VM instance, physical compute systems, OS, or hypervisor fails
2012
2013active/active clustering - - nodes in a cluster are all active participants and run the same service of their clients
2014- If one of the nodes fails, the surviving nodes take the load of the failed one
2015- constantly running
2016
2017Active/passive clustering - - uses a heartbeat mechanism to determine the health of each node in the cluster
2018- exchange of heartbeat signals, usually happens over a private network, allows participating cluster members to monitor one another's status
2019- passive node used for failover
2020- not constantly running
2021
2022Compute cluster example - - multiple hypervisors running on different systems
2023- continuous availability of services running on VMs even if hypervisor fails
2024
2025Link aggregation - - combines two or more network links into a single logical link, called port- channel, yielding higher bandwidth than a single link could provide
2026- enables distribution of network traffic across the links and traffic failover in the event of a link failure
2027
2028NIC teaming - - groups NICs so that they appear as a single, logical NIC to the OS or hypervisor
2029- provides network traffic failover to prevent connectivity loss in the event of a NIC failure or a network link outage
2030- enables aggregation of network bandwidth of individual NICs
2031
2032Multipathing - - enables organizations to meet aggressive availability and performance service levels
2033- enables a compute system to use multiple paths for transferring data to a LUN on a storage system
2034- enables automated path failover that eliminates the possibility of disrupting an application or service due to the failure of an adapter, cable, port, and so on
2035- multiple paths must exist between the compute and the storage systems
2036- redirects I/O from failed path to another
2037- load balancing by distributing I/O across active paths
2038
2039Fault tolerance mechanisms - - Raid
2040- erasure coding
2041- dynamic disk sparing (hot spare 1 for every 30)
2042- VPLEX (virtual volume created using virtual appliance, virtual volume is continuously available to compute system)
2043
2044Availability zone - - a location within its own set of resources and isolated from other zones
2045- can be data center
2046- typically connected through low latency network
2047
2048Resilient Application Overview - designed to deal with IT resource failure to gurantee required availability, used to prevent downtime
2049
2050Graceful degration - the ability of an application to maintain limited functionality even when some of the components, modules, or supporting services are not available
2051
2052Retry logic - - logic in code to improve availability
2053- detects and retries services that are temporarily down
2054- may result in successful drive restoration
2055
2056Persistent Application State Model - - application state information is stored out of memory
2057- stored in data repository
2058- if instance fails data is still available in repository
2059
2060PowerPath (EMC product) - - host based multipathing software
2061- path failover and load balancing 
2062- auto detection and recovery from host to array
2063- V/E software allows optimizing virtual environment
2064
2065VMware HA (EMC product) - - high availability for running apps on VM
2066- physical compute failure affected VMs are automatically restarted on other compute systems
2067
2068VMware FT (EMC product) - - continuous availability for app in event of server failure 
2069- live shadow instance of VM in virtual backup with primary instance
2070- eliminates smallest chance of data loss or disruption
2071
2072
2073--------------------
2074
2075
2076Backup - additional copy of production data, created and retained for the sole purpose of recovering the lost or corrupted data
2077
2078- app data and server configurations are backed up to restore data and serves in the event of an outage 
2079-implement backup solutions in order to comply with regulatory retirements
2080- backup solutions, recovery solutions, retention requirements
2081
2082Primary purposes of backup - - Disaster recovery
2083- Operational restores
2084- Long term storage
2085
2086Disaster recovery - addresses the requirement to restore all, or a large part of, an IT infrastructure in the event of a major disaster
2087
2088Operational Backup - backup of data at a point-in-time (PIT) for the purpose of restoring data in the event of data loss or logical corruptions that may occur during routine processing
2089
2090Backup architecture - - backup client
2091- backup server
2092- storage node
2093- backup device (backup target)
2094
2095Backup client - gather the data that is to be backed up and send it to the storage node, can be installed on application servers, mobile clients, and desktops, sends the tracking information to the backup server
2096
2097Backup server - manages the backup operations and maintains the backup catalog, which contains information about the backup configuration and backup metadata, when to run backups, which client data to be backed up, and so on
2098
2099Storage node - responsible for organizing the client's data and writing the data to a backup device, controls one or more backup devices, backup devices may be attached directly or through a network to the storage node
2100
2101Backup targets - - tape library
2102- disk library
2103- virtual tape library
2104
2105Tape library - - contains one or more tape drives that records and retrieves data on a magnetic tape
2106- long-term, off-site storage
2107- stored in locations with a controlled environment to ensure preservation of the media and to prevent data corruption
2108- data integrity and recoverability are major issues with tape-based backup media
2109
2110Disk library - - enhanced backup and recovery 
2111- no off site availability
2112- disk based 
2113- deduplication
2114- compression 
2115- encryption and replication
2116
2117Virtual Tape Library - - disk drives that are emulated and presented as tapes to the backup software
2118- does not require the usual maintenance tasks associated with a physical tape drive, such as periodic cleaning and drive calibration
2119- easy installation and administration because it is preconfigured by the manufacturer
2120
2121Backup granularity - - full backup
2122- incremental backup 
2123- cumulative backup
2124- synthetic backup 
2125- incremental forever backup
2126
2127Full backup - - full copy of the entire data set
2128- requires more storage space and also takes more time to back up
2129- provides a faster data recovery
2130
2131Incremental backup - copies the data that has changed since the last backup
2132
2133Cumulative (differential) backup - - copies the data that has changed since the last full backup
2134- shorter restore times
2135
2136Key Backup/Recovery Considerations - - requires integration between backup applications and management source of virtualized environment
2137- appliation awareness
2138- backup and recover operations need to be automated 
2139- deduplication and WAN technology
2140- on demand recovery of data at file and VM
2141- supports secure multitenancy
2142- centralized management of backup and recovery environment
2143
2144Agent based backup - - agent or client is installed on a virtual machine or a physical compute system, streams the backup data to the backup device as shown in the figure on the slide
2145- agent runs inside application servers (physical and virtual)
2146- impacts performance of applications running on compute systems
2147
2148Image based backup - - makes a copy (snapshot) of the virtual disk and configuration associated with a particular VM
2149- The backup is saved as a single entity called as VM image
2150- suitable for restoring an entire VM in the event of a hardware failure or human error such as the accidental deletion of the VM
2151- changed block training for backup 
2152- changed block tracking for restore
2153
2154Changed block tracking for backup - - increase the efficiency of image-based backup, some vendors support incremental backup through tracking changed blocks
2155- identifies and tags any blocks that have changed since the last VM snapshot
2156
2157Changed block tracking for restoring - reduces recovery time (RTO) compared to full image restores by only restoring the delta of changed VM blocks
2158
2159Recovery in place - - running a VM directly from the backup device, using a backed up copy of the VM image instead of restoring that image file
2160- eliminates the need to transfer the image from the backup area to the primary storage area before it is restarted, so the application that are running on those VMs can be accessed more quickly
2161- reduces network bandwidth to restore files
2162
2163NDMP - - industry-standard TCP/IP-based protocol specifically designed for a backup in a NAS environment
2164- backs up and restores data without losing the data integrity and file system structure (with respect to different rights and permission in different file systems)
2165- backup data is sent directly from the NAS head to the backup device, whereas metadata is sent to the backup server
2166
2167Components of NDMP - - client
2168- server
2169
2170NDMP backup operation - 1. Backup server uses NDMP client and instructs the NAS head to start the backup
2171
21722. The NAS head uses its data server to read the data from the storage
2173
21743. The NAS head then uses its media server to send the data read by the data server to the backup device
2175
2176Drivers for Cloud- based backup - - large CAPEXto procure backup infrastrucure for large volume of data 
2177- continous investment to meet needs/changing tech
2178- weeks of planning, justification procurement and setup
2179- difficulty in meeting SLA and compliance requirements
2180- complexity in managing backup technology
2181
2182BaaS - - enables customers to procure backup services on demand through self service portal
2183- reduces backup management and overhead
2184- CAPEX to OPEX
2185- pay per use/subscription based
2186- ensures regular and automated backup of data
2187- gives consumers flexibility based on current requirements
2188
2189Backup Service deployment options - - managed backup service
2190- remote backup service
2191- replicated backup service
2192
2193Managed backup service - - suitable when a cloud service provider is already providing some form of cloud services (example: compute services, SaaS) to the consumers. 
2194- backup operation is completely managed by the service provider
2195
2196Remote backup service - - consumers do not perform any backup at their local site
2197- data is transferred over a network to a backup infrastructure managed by the cloud service provider
2198
2199Replicated backup service - - service provider only manages data replication IT infrastructure at DR site
2200- local backups managed by consumer organizations
2201
2202Mobile device backup - - organizations critical data resides on mobile devices
2203- backup client app on mobile device
2204- deduplication, compression, encryption 
2205- provides network and backup storage optimization and security
2206
2207Mobile device backup challenges - - support multiple OS
2208- data backed up only when device is online
2209- security threat when device is not on company network
2210- backup impacted due to intermittent network connectivity
2211
2212Data archiving - - process of moving data (fixed content) that is no longer actively accessed to a separate low cost archival storage tier for long term retention and future reference
2213- where fixed content is stored
2214- organizations set their own policies for qualifying data to archive
2215
2216Key requirements for data archiving - - automated policy driven archiving
2217- scalability, authenticity, immulatability, availability, and security
2218- single instance storage and variety of online storage options
2219- content addressed
2220- rapid retrieval of archived data
2221- capable of handling variety of electronic documents
2222- indexing, searching and reporting
2223
2224Data archiving solution architecture - - archiving agent
2225- archiving server
2226- archiving storage device
2227
2228Archiving agent - - software installed on the application servers (example: File servers and E-mail servers)
2229- responsible for scanning the data and archiving it, based on the policy defined on the archiving server (policy engine)
2230
2231Archiving server - software installed on a server that enables administrators to configure the policies for archiving data
2232
2233Content addressed storage (CAS) - - special type of object based storage for storing fixed content
2234- online accessibility to archived data
2235- accessed via AP running on application server
2236
2237CAS key features - - data integrity
2238- content authenticity
2239- single instance storage
2240- retention enforcement
2241- scalability
2242- location independence
2243- data protection
2244- peformance
2245- self healing
2246- audit trails
2247
2248Cloud based archiving - - no CAPEX pay as you go option
2249- reduced management overhead IT
2250- supports massive data growth and retention requirements
2251
2252Key considerations for Cloud based archiving - - SLA
2253- Vendor lock-in
2254- compliance
2255- data security
2256- pricing
2257
2258NetWorker (EMC Product) - - primary backup solution
2259- Supports heterogeneous platforms such as Windows, UNIX, Linux, and also virtual environments.
2260- Supports different backup targets - tapes, disks, Data Domain purpose-built backup appliances and virtual tapes.
2261- Supports multiplexing (or multi-streaming) of data multiple clients writing to tape as quickly as possible
2262- Provides both source-based and target-based deduplication capabilities by integrating with EMC Avamar and EMC Data Domain respectively.
2263- The cloud-backup option in NetWorker enables backing up data to public cloud configurations
2264
2265Avamar (EMC Product) - - disk based backup and recovery solution that provides inherent sourse based deduplication
2266- provides a variety of options for backup including guest OS level backup and image level backup
2267
2268Data Domain (EMC Product) - - target based data deduplication solution
2269- boost software increases backup performance by distributing parts of deduplication processes to the backup server
2270- provides secure multi-tenancy
2271- supports backup and archive in a single system
2272
2273ProtectPoint (EMC Product) - - backs up data directly from primary storage (EMC VMAX) to data domain
2274-eliminates the backup impact on application server
2275- leverages primary storage change block tracking technology
2276
2277EMC Mozy (EMC Product) - Saas solution for secure cloud based backup and recovery
2278- provides automatic and scheduled backups
2279- mobile backups
2280
2281Spanning (EMC Product) - - backup and recovery for Saas Apps
2282- helps organizations protect and manage thier information in the cloud
2283- allows administrators to search, restore, and export data
2284
2285EMC Centera (EMC Product) - - purpose built archiving for storage archiving
2286- facilitates governance and compliance, needs retention and preservation
2287
2288EMC SourceOne (EMC Product) - - helps customers archive email and SharePoint content
2289
2290EMC InfoArchive (EMC Product) - - unified archiving platform that stores structured and unstructured data in single consolidated repository
2291- provides ability to audit and preserve data to meet regulatory requirements
2292- open industry standard format for long term retention and easy access
2293
2294vSphere Data Protection Advanced - - backup and recovery solution designed for vSphere environments and supported by EMC avamar
2295- agentless, image-level backups to disk as well as guest level application consistent protection
2296- network efficient, encrypted replication to replicate backups to one or more DR sites
2297
2298Backup operations - 1. backup server initiates backup process
22992. backup server retrieves backup related information from backup catalog
23003a. backup server instructs storage node to load backup media in backup device
23013b. backup server instructs backup clients to server data to be backed up to storage node
23024. clients send data to storage node and update backup catalog on backup server
23035. storage node sends data to backup device
23046. storage node sends metadata information to backup server
23057. backup server updates backup catalog
2306
2307Drivers for data deduplication - - limited budget
2308- limited backup window
2309- network bandwidth constrain
2310- longer retention period
2311
2312Data deduplication - process of detecting and identifying unique data segments within a given set of data to eliminate redundancy
2313- chunk data set
2314- identify duplicate chunk
2315- eliminate redundant chunk
2316- can be performed in backup or production
2317- effictiveness is expressed as deduplication ration (ratio:1, ratio:x)
2318
2319Factors affecting deduplication ratio - - retention period
2320- frequency of full backup
2321- change rate
2322- data type
2323- deduplication method
2324
2325Deduplication granularity - - file level
2326- sub file level
2327
2328File level deduplication granularity - - detects and removes redundant files
2329- only one copy is stored 
2330- subsequent copies are replaced with pointer to original
2331
2332Sub-file level deduplication granularity - - breaks down into smaller segments
2333- fixed length block
2334- variable length block
2335
2336Recovery operation - 1. backup client requires backup server for data restore
23372. backup server scans backup catalog to identify data to be restored and sent to client
23383. backup server instructs storage node to load backup media in backup device
23394. data is read and sent to backup client
23405. storage node sends restore metadata to backup server
23416. backup server updates backup catalog
2342
2343
2344
2345
2346------------------------
2347
2348
2349
2350Replication - process of creating an exact copy of the data to ensure business continuity in the event of a logical outage or disaster
2351-restore and restart operations
2352-replicated to one or more locations
2353
2354Replica uses - - alternate source for backup
2355- fast recovery and fast restart
2356- decision support activities
2357- testing platform
2358- data migration
2359
2360Replica characteristics - - recoverability/restartability
2361- consistency (clean copy of source, consistant)
2362- point in time replica (non-zero RPO, snapshot, clone, measurable difference between production)
2363- continuous replica (near-zero RPO, mirror)
2364
2365Replica Constancy - - offline file system (unmount file system)
2366- online file system (flush compute system buffers)
2367- offline database (shutdown database)
2368- online database (dependent write I/O principle, hold I/)s to source before creating replica)
2369
2370Types of Replication - - local
2371- remote
2372
2373Local replication - - replicating data within the same location (data center, storage center)
2374- operational restore in the event of data loss
2375- implemented at compute storage and network
2376
2377Remote replication - - replicating data at remote locations
2378- synchronously or asynchronously replicated
2379- mitigate risks associated with regional outages
2380- replicate data to cloud for DR purposes
2381- implemented at compute storage and network
2382
2383Compute based replication - - uses compute resources to perform and manage the replication operation
2384- supports both local and remote replication
2385
2386Remote replication - - log shipping
2387- hypervisor based
2388
2389File System snapshot (local replication) - - creates a copy of an FS at a specific point in time
2390- uses CoFW copy on first write
2391- uses bitmap and block map
2392- requires a fraction of the space used by the production FS
2393
2394Hypervisor-based Local replication - - clone is a copyof an existing VM (parent VM)
2395- deployed when many identical VMs are required (reduces time to deploy new VM)
2396- full clone
2397- linked clone
2398
2399Full clone - independent copy of a VM that shares nothing with the parent VM
2400
2401Linked clone - created from a snapshot of parent VM
2402
2403Remote replication Log shipping - - relevant components of source and target databases are synchonized prior to start of replication
2404- transactions captured in logs and periodically transfered to remote compute system
2405
2406Hypervisor based remote replication - - replicates VMs between a primary site and remote site
2407- initial synchronization is required between source and target
2408- only changes are replicated that reduces network utilization
2409- supports both synchronous and asynchronous replication
2410
2411Storage system based replication - - replicating from one array to another
2412- storage system operating environment performs the replication process
2413- local and remote replication
2414
2415Full volume replication (clone) - - provides the ability to create full volume PIT copies (clone) of a source LUN
2416- initial full synchronization is performed between the source LUN and the replica (clone)
2417- changes made to both source and replica can be tracked at some predefined granularity
2418- enables incremental resynchronization (source to target) or incremental restore (target to source)
2419- clones must be exactly the same size of the source LUN
2420
2421Pointer based virtual replication (snapshot) - - instantaneous virtual copy
2422- no data is copied
2423- immediately available when session is started
2424- CoFW and RoW (redirect on write) are used to preserve PIT snapshot
2425- requires small fraction of the size of the source volumes 30%
2426
2427Redirect on Write (RoW) - - redirects new writes destined for the source LUN to a reserved lun in the storage pool
2428- no need for separate pool of private luns
2429- improves overall performance
2430- replica snapshot still points to the source LUN
2431- reserved LUN and source are in the same storage pool
2432
2433Remote replication: Synchronous - - write is committed to both the source and remote replica before it is acknowledged to the compute system
2434- allows to restart business operations at a remote site with zero data loss
2435- near zero RPO
2436- requires high bandwidth
2437- expensive
2438- distance limitation less than 200 KM
2439
2440Remote Replication: Asynchronous - - write is committed to the source immediately acknowledged to the compute system
2441- source site is always ahead
2442- does not maintain write ordering
2443- writes are sequenced/timestamped for ordering at source
2444- no distance limitation
2445- application write response is not dependent on the latency of the link
2446
2447Remote replication: Multi site - - data from source site is replicated to multiple remote sites for DR purposes
2448- mitigates the risk 
2449- bunker site used for secondary storage via sync or async
2450
2451Network based Replication: CDP (continuous data protection) - - the ability to restore data and VMs to any previous PIT
2452- supports heterogeneous compute and storage platforms
2453- supports both local and remote replication
2454- supports WAN optimization techniques to reduce bandwidth requirements
2455
2456CDP components - - Journal volume
2457- CDP appliance
2458- Write splitter
2459
2460Journal volume - all data that has changed form the time of the replication started to production volume
2461
2462CDP appliance - Intelligent hardware platform that runs in CDP, virtual CDP running inside VMs
2463
2464Write splitter - intercept writes to production volume from compute system and splits into two copies
2465
2466hypervisor based CDP - - protects single or multiple VMs locally or remote
2467- restore VM to any PIT
2468
2469Data migration - - specialized replication technique that moves the date and VM from one system to another
2470- non disruptive live migration solutions in place to meet SLAs
2471
2472Data migration benefits - - data center maintenance without downtime
2473- disaster avoidance
2474- technology refresh
2475- data center migration or consolidation
2476- workload balancing across data centers
2477
2478Storage system based data migration - - moves data between heterogeneous storage systems
2479- push: data pushed from control to remote system
2480- pull: data pulled to the control system to remote system
2481- point of view from control array
2482
2483Virtualization appliance based data migration - - virtualization layer handles the migration of data
2484- support data migration between multi vendor heterogeneous storage systems
2485
2486Virtual machine live migration - - running services on VMs are moved from one physical compute system to another without any downtime
2487- scheduled maintenance with no downtime
2488- VM load balancing
2489
2490Virtual machine storage migration - - migrates VM disk files from one storage system to another with no disruption
2491- enables organizations to perform proactive storage migrations and dynamically optimize storage I/O performance
2492
2493Disaster recovery as a service DRaaS - - allows org to have DR site in the cloud
2494- resources at the service provider location may be dedicated to consumer or shared
2495- IT services run on site during normal production
2496- in the event of disaster moved to cloud
2497
2498TimeFinder SnapVX (Dell EMC Product) - - allows user to create targetless snapshots
2499- souce can have 256 snapshot and each snapshot has 4 linked targets
2500- access a point in time copy, a link must be gcreated from the snapshot to a host mapped target device
2501
2502VNX Snapshot (Dell EMC Product) - - creates PIT copy of a source LUN
2503- uses redirect on first write tech
2504- snapshots are limited to pool based provisioned LUNs
2505- instant restore when a LUN level restore is initiated, restored view is available immediately
2506
2507VNX SnapSure (Dell EMC Product) - - provides read only or write point in time view of VNX file data
2508- snapshots can be read or write only
2509- pointers to track changes to the primary file system and reads data from either primary system or copy area
2510
2511RecoverPoint (Dell EMC Product) - - provides solution for both local and remote CDP
2512-enables to access the data for any previous PIT
2513- lighweight splitting tech to mirror a write
2514- utilizes network bandwith
2515- hypervisor based CDP solution
2516
2517SRDF (Dell EMC Product) - - remote replication solution provides DR and data mobility solutions for VMAX3 storage system
2518- ability to maintain host independent, remotely mirrored copies of data
2519SRDF family includes (SRDF/S and SRDF/A, SRDF/DM, SRDF/AR, concurrent and cascaded SRDF)
2520
2521MirrorView (Dell EMC Product) - - native VNX block remote replication for DR
2522- replicates the contents of primary volume to secondary volume that resides on different VNX solution
2523- 2 storage systems based on mirroring
2524
2525vMotion (Dell EMC Product) - - performs live migration of running VM from one physical server to another withough any downtime
2526- VM retains its network identity and connections ensuring a seamless migration process
2527- enables to perform maintenance without disrupting business operations
2528
2529Storage vMotion (Dell EMC Product) - - enables live migration of VM disk files within across storage systems without any downtime
2530- zero downtime storage migrations with complete transaction integrity
2531- migrates disk files of VMs running any supported OS on server hardware
2532
2533vCloud Air Disaster Recovery - - DRaaS owned and operated by VMware built on vSphere replication and vCloud Air
2534- enhanced recovery times for running mission critical apps running on vSphere
2535- Scalable DR protection capacity in the cloud to address changing business requirements
2536
2537
2538-------------------
2539
2540
2541Physical security - - foundation of overall IT security
2542- badging
2543- security
2544- surveillance cameras
2545
2546Information security - includes a set of practices that protect information and information systems from unauthorized access, use, destruction, deletion, modification and disruption
2547
2548Trust - Visibility + Control
2549
2550Goals of information security - - confidentiality (secrecy of information, only authorized users can access data)
2551- integrity (unauthorized changes are not allowed)
2552- availability (reliable and timely access to resources)
2553
2554Authentication - - ensure users or assets are who they claim to be
2555- single or multi factor
2556
2557Authorization - rights of a user and actions can only be performed when authorized
2558
2559Auditing - evaluating effectiveness of security controls
2560
2561Asset - - information, hardware and software
2562
2563security considerations - - easy access to authorized users
2564- difficult for attackers to compromise
2565- cost of securing asset should not be worth more than asset
2566
2567Threat - potential attacks that can be carried out
2568- passive (curiosity, attempt to gain access)
2569- active (funded denial of service, repudiation attacks)
2570
2571DoS - Denial of service
2572
2573Repudiation - attacks on auditing program
2574
2575Vulnerabilities - - weakness that an attacker exploits to carry out attacks
2576
2577Security considerations - - attack surface
2578- attack vectors
2579- work factor
2580
2581Managing vulnerabilities - - minimize attack surface
2582- maximize the work factor
2583- install security controls
2584
2585Security controls - - reduce the impact of vulnerabilities
2586- technical: AV, firewalls, IDPS
2587- non-technical: administrative, policies and physical controls
2588
2589Controls - - preventive
2590- detective
2591- corrective
2592
2593IDPS - Intrusion detection prevention system
2594
2595Defense-in-depth - - strategy in which multiple layers of defense are deployed thought the infrastructure to help mitigate the risk of security threats in case one layer of the defense is compromised
2596- layered approach
2597- reduces scope of security breach
2598
2599Defense-in-depth - 1. perimeter security
26002. remote access controls
26013. network security
26024. compute security
26035. storage security
2604
2605Infrastructure security considerations - - pertains to second and third platforms
2606- multi-tenancy
2607- information ownership
2608- mobile defense security
2609
2610Storage security domains - - management access
2611- application access
2612- backup replication and archive
2613- BAM
2614
2615Key security threats across domains - - unauthorized access
2616- Denial of service (DoS)
2617- distributed DoS
2618- loss of data
2619- malicious insiders
2620- account hacking
2621- insecure APIs
2622- shared technology vulnerabilities
2623- media theft
2624
2625Denial of Services (DoS) - - prevents legitimate users from accessing resources or services
2626- variant of DoS attack
2627- control measure (limits on consumption)
2628
2629Loss of Data - - accidental deletion
2630- destruction from natural disaster
2631
2632Malicious insiders - an organizations current or former employee, contractor, or other business partner who has or had authorized access to an organizations compute systems network or storage
2633
2634Malicious insiders protection - - strict access control policies
2635- security audit and data encryption
2636- disable AD accounts
2637- segregation of duties
2638- background checks
2639
2640Account hacking - - phishing
2641- installing keystroke-logging malware
2642- man-in-the-middle
2643
2644Insecure APIs - - used to integrate with management software to perform activities such as: resource provisioning & config, resource monitoring, orchestration
2645- may be open or proprietary
2646
2647Shared technology vulnerabilities - - attacker may exploit the vulnerabilities of tools used to enable multi tenant environments
2648
2649Hyperjacking - hacking of the hypervisor
2650
2651Identity and access management - process of managing users identifiers and their authentication and authorization to access storage infrastructure resources
2652
2653Authentication - - prove who you are (Windows ACLs, UNIX permissions, oAuth)
2654
2655Authorization - - what can you do (multi-factor, kerberos, CAPH, openID)
2656
2657Windows ACL - - supports object ownership in addition to ACLs
2658- child objects inherit parent
2659- uses SID to control object access
2660
2661Unix permission - - read write or execute
2662- specifies operations by ownership relation with respect to a file
2663
2664OAuth - authorization control allows a client to access protected resources from a resource server on behalf of a resource owner
2665
2666Multi-factor authentication - - access granted only when all factors are validated (password, token, biometric)
2667
2668Kerberos - network authentication protocol which provides strong authentication for client/server applications by using secret key cryptography, client and server can prove their identity to each other across an insecure network connection
2669
2670Challenge handshake authentication protocol - - method for initiators and targets to authenticate each other by using a secret code
2671- challenges sent back and forward and secret code must match
2672
2673OpenID - open standard for authentication in which an organization sees authentication services from a provider
2674
2675Role-based access control - - restrict access to authorized user based on respective roles
2676- separation of duties
2677
2678Network monitoring and analysis - - proactive measure to detect and prevent network and performance problems
2679- active
2680- passing
2681- used to monitor, detect and prevent attacks
2682
2683Firewall - - security control designed to examine data packets traversing a network and compare them to a set of filtering rules
2684- filter traffic based on source or destination
2685- deployed at compute, network, and hypervisor level
2686- physical and virtual
2687- parameters for traffic filtering
2688
2689DMZ (demilitarized zone) - Area between two firewalls
2690
2691Intrusion detection and prevention system - - security tool that automates the process of detecting and preventing events that can compromise the confidentiality, integrity, or availability of IT resources
2692- signature based detection technique (scans for signatures to detect an intrusion)
2693- anomaly based detection technique (detects differences in events)
2694
2695Adaptive security - - control that integrates with the org standalone controls such as IDPS and firewalls and uses heuristics to learn user behavior and detect fraudulent activity
2696- identifies and blocks anomalies
2697
2698VPN - - extends users private network across public network
2699- remote access
2700- site to site vpn
2701
2702Port binding - - limits the devices that can be attached to specific switch port
2703- FC SAN and ethernet
2704
2705Fabric binding - - only authorized switches to join a fabric
2706
2707Securing hypervisor and managment server - - updates
2708- harden hypervisor using specifications provided by CIS and DISA
2709- restrict core functionality to admin
2710- encrypt network traffic
2711- rotate or delete log files when they reach certain size
2712
2713DISA - Defense Information Systems Agency
2714
2715VM Hardening - - process used to change the default config of VM
2716- tune config of VM features to operate in secure manner
2717- VM templates must be hardened to a known security baseline
2718
2719OS Hardening - - Configure per CIS and DISA hardening checklist
2720- delete unused files and apps 
2721- OS updates
2722
2723Application Hardening - 
2724
2725Malware protection software - - detects prevents and removes malware
2726- protects OS against attacks that modify areas
2727
2728MDM server component - responsible for performing device enrollment, administration, and management of mobile devices
2729
2730MDM client component - installed on the mobile device that needs access to the organization's resources, receives commands from the server component which it executes on the mobile device
2731
2732LUN Masking - refers to the assignment of LUNs to specific host bus adapter world wide names
2733
2734LUN Masking implementations - - host 
2735- switch 
2736- storage system (array) done here at EMC
2737
2738Data encryption - - cryptographic technique in which data is encoded and made indecipherable to eavesdroppers or hackers
2739- in flight and at rest
2740- deployed at compute network and storage
2741
2742Data shredding - process of deleting data or residual representation and making it unrecoverable
2743
2744GRC (governance risk and compliance) - encompassing processes that help an org ensure that their acts are ethically correct and in accordance with their risk appetite, internal policies, and external regulations
2745
2746Governance - purpose, strategy, and operational rules by which companies are directed and managed
2747- based on business strategy
2748- defining directing, controlling, and executing decisions
2749- information required to make decisions
2750- handling exceptions
2751
2752Risk and Risk Management - - the effect of uncertainty on business objectives
2753- systemateic process of assessing its assets, placing a realistic valuation on each asset and creating a risk profile that is rationalized for each information access across the business
2754
2755Risk Management - 1. risk identification
27562. risk assessment
27573. risk mitigation
27584. monitoring
2759
2760Compliance - the act of adhering to and demonstrating adherence to external laws and regulations and to corporate policies and procedures
2761- internal policy
2762- external policy
2763
2764Auditing - determines the validity and reliability of information about the enforcement of controls presented by an organization, provides an assessment of the organizations security controls and their ability to provide the org the logs to verify controls
2765
2766RSA SecurID - - two factor authentication
2767- user must combine secret pin with token code
2768- new token code is generated at pre defined intervals
2769
2770RSA Security Analytics - - detect and investigate threats often missed by other security tools
2771- captures and analyzes large amounts of network logs and other data 
2772- analyze terabytes of data, log data, network sessions
2773
2774RSA Adaptive Authentication - - authentication and fraud detection platform
2775- measures login and post login activities
2776- provides authentication when protecting: websites, portals, mobile apps
2777
2778VMware vCloud Networking and Security - - virtualizes networking and security to enable greater agility, efficiency and extensible in the data center
2779- delivers SDN and security with services including: virtual firewall, VPN, load balances and VXLAN
2780
2781VMware Airwatch Mobile Device Management - - secure access to corporate resources
2782- configs and updates device settings over-the-air and secure mobile devices
2783- manages different types of devices from single console
2784
2785RSA Archer eGRC - - manage risk
2786- demonstrate compliance 
2787- automate business processes
2788- gain visibility to corporate risk and security controls
2789- single point of visibility and coordination for physical, virtual, and cloud assets
2790
2791
2792----------
2793
2794
2795
2796Storage Infrastructure Management - all the storage infrastructure-related functions that are necessary for the management of the infrastructure components and services, and for the maintenance of data throughout its lifecycle
2797- high utilization
2798
2799Service focused approach - - storage infrastructure management is liked to SLA
2800- appropriate processes
2801- DR to meet RTO
2802
2803Software defined infrastructure aware - - more valued over hardware specific management
2804- management functions move to external software controller
2805- strategic value driven activities
2806- management operations are independent of underlying hardware
2807
2808End to end visibility - - looking at entire environment
2809- visibility of a storage infrastructure enables centralized management
2810- provided by monitoring tools
2811
2812Orchestration - - automated arrangement, coordination and management of various system or component function in a storage infrastructure
2813
2814Storage infrastructure management functions - - infrastructure
2815- discovery
2816
2817Discovery - - management function that creates an inventory of infrastructure components and provides information about the components including their config, connectivity,functions, performance, capacity, availability, utilization, 
2818- provides availability
2819- scheduled activity, uses resources
2820
2821Monitoring - - Basis for performing management operations
2822- provides the performance and availability status of various infrastructure components and services. 
2823- helps to measure the utilization and consumption of various storage infrastructure resources by the services
2824
2825Monitoring Parameters - - configuration
2826- availability
2827- capacity
2828- performance 
2829- security
2830
2831Monitoring configuration - - involves tracking configuration changes and deployment of storage infrastructure components and services
2832- detects configuration errors, non-compliance with configuration policies, and unauthorized configuration changes
2833
2834Monitoring availability - identifies failure of any component or process that may lead to service unavailability or degraded performance
2835
2836Monitoring capacity - tracks the amount of storage infrastructure resources used and free
2837
2838Monitoring performance - evaluates how efficiently the infrastructure components and services are performing
2839
2840Monitoring security - tracks unauthorized access and configuration changes to the storage infrastructure and services
2841
2842Alerting - - system to user notifications
2843
2844Levels of alerts - - information (creation of zone or LUN)
2845- warning (storage pool is becoming full)
2846- fatal (orchestration failure)
2847
2848Chargeback - ability to measure storage resource consumption per business unit or user group and charge them back accordingly
2849
2850Configuration Management - - maintains information about CIs that are required to deliver service
2851- discovers and maintains information on CIs in a configuration
2852- updates CMS when new CIs are deployed or CI attributes change
2853
2854CI Configuration Items - - attributes such as name, manufacture name, serial number, license status, version, location, and inventory status
2855
2856Performance management - monitors, measures, analyzes and
2857
2858Availability management - ensures availability requirements are all the components and services are constantly met
2859- hot swappable components
2860
2861Change management - standardizes change related procedures in storage infrastructure
2862
2863Indecent management - returns services to users as quickly as possible when unplanned events called incidents interrupt services or degrade service quality
2864- main goal is to get environment up and running
2865
2866Problem management - prevents incidents that share common symptoms or root causes from reoccurring and minimizes the adverse impact of incidents that cannot be prevented
2867
2868Security management - ensures the confidentiality, integrity, and availability of information in a storage infrastructure. It prevents the occurrence of security-related incidents or activities that adversely affect the infrastructure components, management processes, information, and services
2869
2870ViPR SRM - - shows relationships and topology of components
2871- shows capacity utilization and configuration compliance
2872- helps in capacity planning and chargeback reporting
2873
2874Service Assurance Suite - - Discovers infrastructure components
2875- detects and correlates events to find problems
2876- identifies root causes and risk conditions
2877
2878UIM - - discovers vblock and VSPEX components and shows toplogy 
2879- UI
2880
2881vRealize Operations - - identifies performance capacity and config issues and helps remediate them
2882- optimizes the usage of capacity and performs capacity trend analysis
2883- verifies configuration compliance and recommends/triggers actions
2884- end to end visibility in single console
2885
2886vRealize Orchestrator - - orchestrates service delivery and operational functions
2887- use pre-defined workflows from library
2888- create customized workflows
2889- can execute hundreds or thousands of workflows concurrently