How to Configure NPIV on VMware vSphere 4.0

How to Configure NPIV on VMware vSphere 4.0

 

 

Contents

INTRODUCTION TO NPIV.. 1

SERVER VIRTUALIZATION ADVANTAGES. 3

Addressing and Access Control 3

REQUIREMENTS TO IMPLEMENT NPIV.. 5

Server Administrator Tasks. 8

Storage Administrator Tasks. 14

Configuring Brocade HBA for QoS. 32

Configuring Brocade Switches for QoS. 36

 

 

 

 

 

 

 

 

 

 

INTRODUCTION TO NPIV

 

Provides step-by-step instructions on how to configure NPIV on VMware vSphere 4.0 in a Brocade fabric. Leveraging NPIV gives the administrator the ability to extend all of Brocade’s advanced features and apply storage best practices in a virtualized data center.

 

 

N_Port ID Virtualization (NPIV) is an extension to the Fibre Channel industry standard, which is available across the Brocade®
Host Bus Adapter (HBA) product line and Brocade
Storage Area Network (SAN) platforms. NPIV delivers significant advantages for running multiple Virtual Machines (VMs) and managing the workload across multiple physical servers. Storage Administrators now have the ability to control access to LUNs on a per Virtual Machine basis.

NOTE: The term “switches” is used in this document to reference Fibre Channel Brocade
backbone, director, switch, and embedded switch platforms unless otherwise noted.

In a server virtualization environment, NPIV allows each VM to have a unique Fibre Channel (FC) World Wide Name (WWN), enabling multiple virtual machines to share a single physical HBA and switch port, a virtual HBA port, as shown in Figure 1. By providing a unique virtual HBA port, storage administrators can implement SAN best practices such as zoning for individual VMs. Administrators can also take advantage of SAN management tools, simplifying migration of VMs and their storage resources.

The benefits of deploying NPIV in your storage environment are real and available today:

1.  

Maintaining fewer physical components reduces the number of points of failure, resulting in improved availability and network uptime.

 
Less hardware, portable connections, and VM-level zoning all contribute to simplified SAN and server management.

 
NPIV allows the SAN best practices that are available with physical servers to be used in virtual server environments.

 
More granular security by restricting LUN access to individual Virtual Machines

 

 

 

Figure 1. NPIV in the SAN

SERVER VIRTUALIZATION ADVANTAGES

A number of enhancements are being introduced into server virtualization products, such as VMware®
vSphere 4.0, to augment existing support for Fibre Channel SANs, including NPIV and load balancing across FC ports.

Addressing and Access Control

Each FC port in a fabric has a World Wide Name assigned to it by the equipment manufacturer, which uniquely identifies each node. WWNs play a critical role in determining the visibility and accessibly of storage LUNs (partitions in storage arrays) by servers connected to the fabric. Zoning is the mechanism by which FC ports are grouped together to restrict interference, add security, and simplify management. Zoning utilizes WWNs to allow access to storage. A server can see and access only storage LUNs that share a common zone with that server.

NPIV in a Virtualized Environment

The hypervisor leverages NPIV to assign individual WWNs to each Virtual Machine, so that each Virtual Machine (VM) can be recognized as a specific end point in the fabric. The benefits of this approach are as follows:

2.  

Granular security. Access to specific storage LUNs can be restricted to specific VMs using the VM WWN for zoning, in the same way that they can be restricted to specific physical servers.

 
Easier monitoring and troubleshooting. The same monitoring and troubleshooting tools used with physical servers can now be used with VMs, since the WWN and the fabric address that these tools rely on to track frames are now uniquely associated to a VM.

 
Flexible provisioning and upgrade. Since zoning and other services are no longer tied to the physical WWN “hard-wired” to the HBA, it is easier to replace an HBA. You do not have to reconfigure the SAN storage, because the new server can be pre-provisioned independently of the physical HBA WWN.

 
Workload mobility. The virtual WWN associated with each VM follows the VM when it is migrated across physical servers. No SAN reconfiguration is necessary when the workload is relocated to a new server.

 
Applications identified in the SAN. Since virtualized applications tend to be run on a dedicated VM, the WWN of the VM now identifies the application to the SAN.

 
Quality of Service (QoS). Since each VM can be uniquely identified, QoS settings can be extended from the SAN to VMs, as shown in Figure 2.

 

 

 

Figure 2. End-to-end QoS

REQUIREMENTS TO IMPLEMENT NPIV

There are a few requirements in both the software and hardware to enable NPIV:

• ·
  Switches. NPIV needs to be supported on the switch connected to the HBA. All Brocade FC switches currently support NPIV—specifically starting in Fabric OS® (FOS) 5.3.x or later, M-EOSc 8.1, and M-EOSn 9.6.0. (See the “Troubleshooting” section to find out how to see if NPIV is enabled on the switch.)
• ·
  HBAs. HBAs must support NPIV as well. The following vendors and models of HBAs are supported:

 
Brocade. Any 4 or 8 Gbps FC HBA

 
Emulex. 4 Gbps HBA running firmware level 2.70a5 or later. All Emulex 8 Gbps HBAs running firmware 1.00a9 or later

 
QLogic. Any 4 or 8 Gbps HBA

 

 
Storage. NPIV is completely transparent to storage arrays, so no specific support is required.

 

NOTES:

 
NPIV can be used only with Raw Device Mappings (RDM) disks. VMFS disks do not support NPIV. For more information on RDMs, refer to the current Fibre Channel SAN Configuration Guide for ESX Server 4.0.

 

• ·
  To implement NPIV, the physical HBA WWPN on an ESX Server 4.0 host must have access to all LUNs that are to be accessed by VMs to allow you to VMotion across your physical hosts.
• ·
  If you deploy a VM from a template or a clone, the new VM does not retain the WWN.

Preparing to Set Up NPIV for the Storage Administrator

LUNs for VMFS datastores and RDM disk are already created, zoned, and LUN-masked to the vSphere 4.0 physical HBA or CNA ports. You can confirm that you have disks available for VMFS datastores or RDM disks as follows:

3.  

.
In the vSphere client, select the physical host from the tree menu on the left.

 

.
Select Configuration.

 

.
Select Storage Adapters from the tree menu on the left.

 

.
Select the Fibre Channel port to display the available LUNs in the Details list below. (If the storage has just been zoned and the LUNs masked, then click Rescan to prompt the host to query for its available LUNs).

 

 

 

At least one VMFS datastore has been created. This is required because the pointer to the RDM datastore resides in VMFS. With an RDM, a physical LUN is presented to a VM as a .vmdk-file. From an ESX Server perspective, the VM is still accessing the vmdk-file, even though this file is actually a pointer that redirects all SCSI traffic to the raw LUN.

 

 

At least one free RDM disk is available to be assigned to a Virtual Machine.

Server Administrator Tasks

NOTE: Do not power on the VM for this procedure; the VM needs to be shut down.

1.
Follow the steps below to assign or modify the WWN or the Virtual Machine. (This procedure is also found starting on page 58 of the Fibre Channel SAN Configuration Guide for ESX Server 4.0..
) To assign a WWN to an existing VM using Virtual Center:

a.
From Virtual Center, select the VM to which you want to assign a WWN, right-click and choose Edit the Virtual Machine Settings.

b.
Click the Options tab and click Fibre Channel NPIV.

c.
In the dialog box, select Generate. Here are the available options:

1.  

eave Unchanged: Existing WWNs are retained.

 

enerate New WWN: A new set of WWNs are generated.

 

emove WWN assignment. Removes the WWNs from the VM.

d.
Click Close and exit configuration.

e

.
If an RDM disk has not been assigned to the VM, then add it.

f

.
Right-click on the VM that will be used for NPIV and choose Edit settings.

g

.
Click Add under the VM properties, select Hard Disk, and click Next.

h.
Select Raw Device Mappings and click Next.

i.
Select a disk from the available LUNs and click Next.

 

 

j.
Under Select a Datastore, click the Store with Virtual Machine radio button. NOTE: To use VMotion for VMs with NPIV enabled, make sure that the RDM file is located on the same datastore on which the VM configuration file resides.

 

 

k.
Under Select the Compatibility Mode, click the Virtual radio button. For more information on compatibility modes, refer to the Fibre Channel SAN Configuration Guide for ESX Server 4.0. To use VMotion, select the Virtual Compatibility mode.

 

 

l.
Leave the defaults for the Advanced Options, click Next, and click Finish.

To assign a WWN to a new VM using Virtual Center:

a.
Right-click an ESX Server or cluster and click New Virtual Machine.

b.
Click the Custom radio button, enter a name for the VM, and click Next.

c.
Enter the appropriate information and stop at the Select Disk Type screen.

d.
Select the Raw Disk Mapping and click Next.

e.
Follow steps j through l above under “To assign a WWN to an existing VM using vCenter to add the RDM disk.”

f.
On the last screen, click the check box Edit the virtual machine settings before submitting and click Finish.

g.
Click the Options tab and click Fibre Channel NPIV.

h.
In the dialog box, select Generate New WWN. NOTE: In most cases, if a dual fabric is implemented with an Active/Active array, then two World Wide Node Names (WWNNs) and two World Wide Port Names (WWPNs) should be enough.

i.
Click Close and exit configuration.

NOTE: Do not power on the VM guest after assigning the RDMs a virtual WWWN. If you power on the VM prior to zoing and LUN masking then the VM will fail back to the physical HBA WWN.

2.
Once you have assigned a WWN to the VM, right-click the VM to return to VM settings and choose Edit Settings from the menu.

3.
Click the Options tab and click Fibre Channel NPIV in the left pane.

 

 

4.
Record the WWNNs and the WWPNs. The storage administrator will need this information to zone and mask LUNs in the back-end storage. (Follow the Storage Administrator steps below to zone and mask LUNs.)

5.
After the storage administrator completes zoning and configuration of the storage, you can safely power on the VM.

6.
After you have safely powered on the Virtual Machine, Secure Shell (SSH) or telnet into the physical ESX Server to verify that I/O traffic is actually flowing through the virtual port. If a Brocade HBA is installed, then issue the command on the physical port with the vPort: cat/proc/scsci/bfa/3 (The adapter instance numbers vary depending on the slot number of the HBA and the ports connected).

 

 

When you see the virtual WWNs (also known as vPorts) listed, you know that everything is fine.

 

Storage Administrator Tasks

Prior to zoning the VM, be sure that you have zoned all the physical HBA WWNs to the correct storage array port WWN/s. Storage best practices are to zone a single initiator to single target to maintain security and reduce interference. Once you receive the virtual WWNs from the Server administrator, you then need to create unique zones for each VM to the storage array port WWN/s. However, if you have a very small environment, then you may find it easier to place all the physical HBA port WWNs into one zone and then individually zone each VM to an array port.

High-Level Zoning Steps

• ·
  Z

one physical HBA WWNs to storage WWPNs

• ·
  C

reate an alias for the NPIV-enabled VM

• ·
  M

anually add the WWPN to the newly created alias

• ·
  Z

one the alias to associated storage ports

• ·

Add the new zones to the Zoning configuration

• ·

Save the switch configuration

• ·

Enable the switch configuration

1

.
Log in to the Brocade switch using Brocade Web Tools, Brocade Data Center Fabric Manager (DCFMTM), or the Fabric OS® (FOS) Command-Line Interface (CLI) to configure Zoning. This paper will explain how to Zone using Brocade Web Tools and the CLI.

To zone using Brocade Web Tools (assuming that all the physical HBAs ports and array ports are zoned):

a

.
To log in to Web Tools, open an Internet Explorer window and typing the FQDN or IP address (for example, https://5100edge1.brocade.com).

 

b.
Log in to the switch, and click Zone Admin.

c.
Click New Alias and type a name for the VM guest Node Name (for example, VM1).

 

 

d

.
With the Alias selected from the drop-down men, click Add Other.

e

.
In the dialog box that displays, enter the WWPNs generated by vCenter and click OK. Once you have completed adding WWPNs, the screen should look similar to this:

 

 

f.
Click the Zone tab and click New Zone.

g.
Enter a name for the zone and click OK.

h.
Click the plus sign (+) to expand the Aliases folder in the Zone tab.

i.
From the Member Selection List, select the newly created alias (for example, VM1) and the alias of the storage array ports (for example, Clariion_P1). Click the Add Member button, which adds the aliases to the zone. NOTE: A SAN best practice is to zone one initiator to one target to increase security and to restrict interference from other hosts.

 

 

j.
Follow the steps to configure the second storage initiator.

k.
Click the Zone Config tab.

l.
From the Member Selection List, click the plus sign (+) next to Zones, select the newly created zones (VM1_Clariion_P1, VM1_Clariion_P2), and click Add Member .

 

 

m.
Click Save Config at the top. This operation can take 15 – 30 seconds.. Status is displayed at the bottom of the window.

n.
Once the configuration has been committed, click Enable Config. (This takes 15 – 30 seconds)

 

To zone using the FOS CLI, perform all the steps for each switch in the fabric:

a.
Telnet to the Brocade switch and create a new alias: alicreate “vmguest1″,”28:26:00:0c:29:00:00:07, 28:26:00:0c:29:00:00:0b”

b.
Create a Zone to map the guest to storage: Once again, best practices is one initiator to one target: (The example below uses the name “Clariion” to easily identify the type of storage and is shown in the screen captures. However, the name user-configurable.) zonecreate “vm1_Clariion_P1″,”vm1;Clariion_P1″
zonecreate “vm1_Clariion_P2″,”vm1;Clariion_P2″

c.
Add the zone to the configuration: cfgadd “mycfg”, “vm1_Clariion_P1″ cfgadd “mycfg”, “vm2_Clariion_P2″

d.
Enable the configuration: cfgenable “mycfg”

e.
Press Y to confirm that you want to enable the configuration.

 

2.
Once you have created the zone on the Brocade switch, log in to the storage array and add the WWNN and WWPNs of the VM to the LUNs that the VM will access. NOTE: Depending on the storage array, the WWNN may not be necessary.

Follow the instructions below to configure HDS AMS storage and the EMC Clariion array using NetApp FilerView.

Using NetApp FilerView:

a.
Log in to FilerView on the NetApp appliance (for example, http://netapp3050a.brocade.com/na_admin)

b.
If an initiator group has not been created (makes the LUNs visible to connected hosts), then create one by clicking Add below “Initiator Groups” in the left navigation pane.

 

 

c.
In the Add Initiator Group screen, assign it a group name, a type (FCP), and an OS (VMware).

d.
Enter the VMware guest WWNN and WWPNs that you received from vCenter and the physical HBA WWPNs of the ESX Server host in the Initiators section. If you are using VMotion, be sure that you add the other ESX Server host physical HBA WWNs that participate in the VMotion process to ensure that the NPIV connection is maintained when the VMotion takes place. Otherwise the VM will default back to the physical HBA WWN and will not use NPIV.

e.
Click Add.

 

 

REMINDER: The number of physical HBA ports in the ESX Server device determines how many WWPNs you need to enter in the initiators group.

f.
Fill in the requested information and click Add.

g.
Click Add under LUNs in the left navigation pane.

 

 

h.
In the Add LUN screen, enter the required information and click Add.

i.
Once the LUN is created, click Manage under LUNs in the left navigation panel and select the LUN you created.

j.
Click Map LUN and click Add Groups to Map.

k.
Select the initiator group you just created and click Add.

 

 

l.
Inform your VMware Administrator the VM can be powered on.

Using HDS AMS Storage Navigator:

a.
In the Logical Status tab, select the port group in which the LUNS are located in the left navigation pane.

 

 

b.
Click WWN to select the WWNs that are available to map to this port group.

c.
Click Modify WWN Information at the bottom right.

d.
In the WWN Information screen, click Add.

 

 

e.
In the WWN dialog box, add the virtual WWNs that the Server Administrator gave you. Also add the physical HBA WWNs of the ESX Server host and the physical HBA WWNs of the other ESX Server if you are using VMotion.

f.
Give the WWN a user-friendly name, enter the port WWN without any colons, and click OK.

 

 

g.
Click OK again.

h.
Inform your VMware Administrator to power on the Virtual Machine.

Using EMC AX4 Navisphere:

a.
Log in to Navisphere.

b.
Select Server.

c.
Select Connection from the tree menu on the left and click New.

d.
Enter all the appropriate information and click Apply.

e.
Initiator: Enter both the WWNN and WWPN in this format WWNN:WWPN: (for example, 28:26:00:0c:29:00:00:06: 28:26:00:0c:29:00:00:0b) Operating System: Standard

Type: Click the New radio button and assign it a name and an IP address.

 

 

f.
Select Servers from the left tree menu.

g.
Select the newly created server and click Assign to allow the VM access to the appropriate LUNs.

 

 

h.
Select the LUN(s) that were assigned by the Server Administrator and click Apply.

i.
Ask your Server Administrator to power on the Virtual Machine.

 

Verifying that the VM Is Functioning Correctly

 
Log in to the Brocade switch.

 
Issue the switchShow command. You should see the NPIV ports with a number greater than 1 (“one”) as shown below. If you see only one NPIV port, then the setup has not been successful.

 

 

You can also issue the nsShow command to show the ports logged in to the fabric. You should see the Virtual Machine NPIV ports.

 

 

You could also use the service console on the ESX Server and check the /proc nodes of the HBA to get the details. The procedure to find this information is documented in the “Server Administrator Tasks” section in this document.

 

STREAMLINE WORKLOADS WITH QOS

NPIV is used to present dedicated LUNs into VMs via Raw Device Mapping. NPIV allows a SAN Administrator to isolate traffic for each VM. Combing the Brocade HBA with Brocade FC and Fibre Channel over Ethernet (FCoE) switches, Brocade offers the unique ability to provide true end-to-end QoS. Since virtualization enables dynamic movement of workloads around the data center, Brocade has the ability to maintain the QoS level of a workload even when it migrates to a different physical server. In addition Brocade virtual channel technology provides Adaptive Networking services to monitor resource usage, detect (or predict) congestion in the data path, and dynamically adjust resources to avoid congestion based on QoS priority.

QoS has one prerequisite: a Server Application Optimization (SAO) license needs to be applied on the switches to which HBAs are connected. An SAO license optimizes overall application or VM performance by extending Brocade virtual channel technology to the server infrastructure and application scaling by allowing specific traffic flows to be configured, prioritized, and optimized end-to-end throughout the data center. SAO is an optional Brocade switch license deployed with Brocade FC HBAs.

 

o view the licenses on your switch, telnet to the switch and run the licenseShow command to see if the license is applied.

 

 

 

 

o view the licenses using Web Tools, select License in the tree menu on the left, click the License tab, and ensure that the SAO license has been applied.

 

 

 

Configuring Brocade HBA for QoS

1.
Launch the Brocade Host Connectivity Manager (HCM).

2.
Click Discovery > Setup from the main menu.

3.
Enter the IP address or host name of the ESX Server host, the port number of the HCM agent of the ESX Server (Default is 34568), user ID, and password. NOTE: You will need to open up a port on the ESX Server firewall to allow the HCM agent to communicate with HCM:

a.
Telnet or SSH to the ESX Server host.

b

.
Issue the command (you need the appropriate ESX Server permissions) to run the command: /usr/sbin/esxcfg-firewall -o 34568,tcp,in,https /usr/sbin/esxcfg-firewall -o 34568,udp,out,https

 

 

c

.
Click OK.

d.
Right-click the HBA and from the menu, choose Basic Port Configuration.

 

 

e.
In the Port Configuration dialog box, check QoS enable. Click Yes when prompted to allow the port to disable/enable. NOTE: You will lose connectivity for brief amount of time.

 

 

f.
Once QoS is enabled, the QoS status is reflected in the port properties, which also show the available prioritization levels.

 

 

 

Configuring Brocade Switches for QoS

 
Telnet into the switch

 
Since the zones are already created, the next step is to modify the zone name to apply QoS (If this were a new zone, then just add the prefix below to the zone name). Traffic prioritization is accomplished by the use of special QoS zones. Prefixes in the zone names distinguish QoS zones from normal WWN zones:

QOSH_<zone name>: High priority zone

QOSM_<zone name>: Medium priority zone

QOSL_<zone name>: Low priority zone

 
Using one of the existing zones, rename the zone to apply a QoS priority. From the command prompt:

Zoneobjectrename “VM1_Clariion_P1″, “QOSH_VM1_Clariion_P1″
à Renames first zone

Zoneojbectrename “VM1_Clariion_P1″, “QOSH_VM1_Clariion_P2″
à Renames second zone

Cfgenable Demo
à Enables the configuration

 
Apply this configuration for all the zones that will be using QoS.

 

TROUBLESHOOTING

If you experience any problems, make sure that:

 

he VM is powered off when you set up NPIV. If the VM is running when you make these changes, you will need to shut down, not a restart, the VM and the power it back on.

 

ou have properly zoned the VM virtual ports on the Brocade switch.

 

ou have properly LUN-masked the storage array with the Virtual WWNs of the VM.

 

ou are using an HBA that supports NPIV, requirements for which are listed in a previous section.

 

ou have NPIV enabled on the switch. You can check to see if NPIV is enabled on a switch by running the portCfgShow command. If the port is turned off then issue the portcfgNPIVPort command <port number> <mode>.

Mode 0 – Disables the NPIV capability on the port

Mode 1 – Enable the NPIV capability on the port