Hybrid Cloud with IBM Z - Group home

New fabric zoning feature helps to automate the zoning management

By Gerald Hosch posted Tue November 30, 2021 04:45 AM

  
Abstract: Fabric zoning  is a new feature supported on IBM® z/VM® and Red Hat® KVM since IBM Cloud Infrastructure Center 1.1.4.1., helping to automate the zoning management. The blog describes how to register fabrics and connect them to the storage provider in Cloud Infrastructure Center.
Written by Li Ping Hao.


Note: The IBM Cloud Infrastructure Center supports both z/VM and Red Hat KVM as hypervisors. This blog uses the z/VM hypervisor as an example, the workflow is similar for the KVM hypervisor.

Terminology

Storage Provider

Storage Provider is the term used in Cloud Infrastructure Center for any system that provides storage volumes.

Initiator

The Fibre Channel Protocol (FCP) ports from IBM Z or LinuxONE:

  • For Red Hat KVM, the FCP ports of the compute node are the initiator.
  • For z/VM, the FCP ports of the virtual machine are the initiator.

Target

The FC (Fibre Channel) ports on the storage provider.

Zone

A zone provides isolation where initiators and storage targets can communicate with each other if they are the members of the same zone. A zone is used to restrict communication, enhance security, and simplify management.

Zoning policy

  • Initiator: Creates a zone with one initiator and all of the targets for the storage provider.
  • Initiator-target: Creates a zone with one initiator and one target.


Pre-requirements

Before using this feature, read the requirements for the Brocade switch: ibm.com/docs/en/cic/1.1.4?topic=storage-planning-fabric-zoning and ibm.com/docs/en/cic/1.1.4?topic=tasks-working-fabric-zoning


Environment

Figure 1. Overview of our example environment

 

1. Storage provider ‘v7k60’ is added in IBM Cloud Infrastructure Center.

Figure 2: Storage provider is added
For more information about how to add a storage provider, refer to ibm.com/docs/en/cic/1.1.4?topic=storage-add-provider-into-cloud-infrastructure-center.

 

2. A virtual machine (VM) is deployed.
Figure 3: The VM with the name ‘for_blog’ is deployed

For more information about the creation of VMs, refer to ibm.com/docs/en/cic/1.1.4?topic=machines-creating-virtual.


3. Volumes are created from the storage provider.

Figure 4: Three volumes are created
For more information about the creation of volumes, refer to ibm.com/docs/en/cic/1.1.4?topic=provider-create-volumes.


4. Two fabrics are added, they are named ‘fabric A’ and ‘fabric B’. For that, 2 target ports from the storage provider need to be connected to ‘fabric A’, and other 2 target ports from the storage provider need to be connected to ‘fabric B’; see the environment overview (figure 1).

 

5. Using z/VM, the FCP ports are assigned to the VM during the volume attachment.

In our example, we add 2 paths to the ‘FCP List’, separated by a semicolon (see figure 5). 2 FCP ports, 1 FCP per path, are assigned to a VM for the volume attachment.

Figure 5. Two paths defined in the ‘FCP List’

For more information about the 'FCP List', refer to ibm.com/docs/en/cic/1.1.4?topic=hosts-adding.

 

Steps

The following steps describe:

  • How to enable fabric for the storage providers
  • How fabric zoning works in IBM Cloud Infrastructure Center


Register the two fabrics into IBM Cloud Infrastructure Center

For the requirements of using a virtual fabric, refer to ibm.com/docs/en/cic/1.1.4?topic=tasks-working-fabric-zoning. 
 

1)Add ‘fabric A’

On the ‘Fabrics’ panel, click 'Add Fabric' and the 'Add Fabric' panel opens. Figure 6 shows the required information in the 'Add Fabric' panel.  FYI, when the 'Specify Virtual Fabric ID' is not selected, the home logical fabric ID of the specified "User ID" is used as the virtual fabric ID.

Figure 6. Add ‘fabric A’ with the zoning policy 'Initiator'

 

2)Add ‘fabric B’ with the zoning policy 'Initiator' and a specified virtual fabric ID.

Figure 7. Add virtual ‘fabric B’

 

Connect the storage provider to the two fabrics

After adding the fabrics, fabric zoning is not enabled because no storage provider is connected to the fabrics.

Figure 8. No 'Storage Provider Connection' exists for the two fabrics

 

We connect the storage provider to the two fabrics to enable fabric zoning between the fabrics and the storage provider.

1) Connect ‘v7k60’ to ‘fabric A’

On the ‘Fabrics’ panel, select the ‘fabric A’ and click 'Connect Storage Provider' and the 'Connect Storage Provider' panel opens. Select ‘v7k60’ and click 'Connect'. 

Figure 9. Connect ‘fabric A’ to the Storage Provider

2) Connect v7k60 to ‘fabric B’ with the same steps as ‘fabric A’.

Wait till the connection is completed. When completed, the entry in the 'Storage Provider Connection' field shows the storage provider for each fabric.

Figure 10. Storage Provider Connection established for fabrics

 

In the 'Fabric connection' field on the Storage Providers panel, the connected fabrics are displayed.

Figure 11. ‘Fabric connection’ of storage provider

After the storage provider is connected to the fabric, the fabric zoning is enabled.


Optional configuration possibilities

Configure zone-name-prefix

You can configure a zone name prefix by using the command 'icic-config storage fc-zone zone-name-prefix --prefix'. By default, the zone name prefix uses 'openstack'.

In the example below, we configure a custom zone-name-prefix 'blog_’:

Figure 12. Configure zone-name-prefix

For more information about the format of the zone name, refer to ibm.com/docs/en/cic/1.1.4?topic=tasks-working-fabric-zoning.

 

Configure ‘blocklist’ or ‘allowlist’ for storage provider

You can use the command icic-config storage fc-zone zone-masking to configure a ‘blocklist’ or ‘allowlist’ to filter the storage ports that are added into the zones. By default, all ports of the storage provider that are connected to the fabric are added into the zones.

In our example, no ‘allowlist’ or ‘blocklist’ is configured, so the 2 target ports that are connected to ‘fabric A’ are used, as well as the 2 target ports that are connected to fabric B.

 

Attach the 1st volume

1) Select a VM on 'Virtual Machines' panel and click 'Attach Volume'. Select the volume on the 'Attach Volume' panel and click 'Attach'. 

Figure 13. Attach volume


Wait till the volume attach completes, and the volume is displayed on the 'Attached Volumes' tab.

Figure 14. The volume is attached volume

 

2) On ‘fabric A’, check the entries created with the prefix 'blog_'.

Figure 15. Zone created on ‘fabric A’

The zone contains 1 initiator port and 2 target ports that are connected to ‘fabric A’.

Figure 16. Zone on ‘fabric A’ contains 1 initiator port and the 2 target ports connected to ‘fabric A’

 

3) On ‘fabric B’, check the entries created with the prefix 'blog_'.

Figure 17. Zone created on ‘fabric B’

The zone contains 1 initiator port and 2 target ports that are connected to ‘fabric B’.

Figure 18. Zone on ‘fabric B’contains 1 initiator port and 2 target ports connected to ‘fabric B’

 

Attach another volume from the same storage provider to the same VM

1) Continue to attach another volume from the v7k60 storage provider to the same VM by steps as shown in figure 14. Wait for the volume attach completes.

Figure 19. Another volume is attached

2) When checking the fabrics, they show the same result. 

 

Detach volume

 1) Detach a volume

Select an attached volume on the 'Attached Volumes' panel, click 'Detach Volume' and ‘OK’ to detach the volume from the VM.

Figure 20. Detach volume

Wait till the detach completed. The zones have been updated and there is still one ‘v7k60’ volume displayed on the 'Attached Volumes' panel.

Figure 21. Updated ‘Attached volumes’ information

 

2) Detach the last volume

Detach the last volume from storage provider 'v7k60' with the same steps. After the detach has completed, no volume is attached.

Figure 22. Detach the last volume


Checking on ‘fabric A’ and ‘fabric B’, you see that the created zones are removed; see figures below.

Figure 23. Zones removed on ‘fabric A’

Figure 24. Zones removed on ‘fabric B’

 

Disconnect Storage Provider

If you want to disable the fabric zoning between a fabric and the storage provider, select the fabric you want to disable on Fabrics panel, and click 'Disconnect Storage Provider'. Select the storage provider you want to disconnect and click 'Disconnect'. Figure 26 shows how ‘v7k60’ is disconnected from ‘fabric B’.

Figure 25. Disconnect storage provider

Wait till the disconnect is completed, and this entry is no longer shown at the 'Storage Provider Connection' and the ‘'Fabric connection‘ displays; see figures below.

Figure 26. Storage Provider Connection display

Figure 27. Fabric connection display

0 comments
5 views