background image

Involved System Components

RAID
 
RAID mainly exists in order to make failure of one or several disks possible without data loss. It may include 
Self-Healing Features, meaning that corrupted or changed files can be repaired or restored on access. Contrary 
to RAID-similar backup solutions (like Snapraid and Unraid), RAID protects the data in real time because it 
distributes, stripes or mirrors data blocks to different drives on every write..
In addition, the sequential performance of a real time RAID scales with the number of drives and the IOPS scale 
with the number of RAID sub systems (for example doubled performance on a RAID50 or RAID60). This means 
that RAID boosts not only availability but also performance.

But still there is one major problem with RAID: If more disks fail than allowed by the selected RAID level, the 
whole array is lost. With ZFS RAID-Z3, up to three disks per vdev can fail without data loss.

Addtionally, on a powerloss or crash a RAID1/5/6 might have corrupted data because the data is written to 
the different disks of the array sequentially, which leads to different data on each disk for RAID1 or only partly 
written data stripes on a RAID5 or RAID6. That problem is called the „Write hole“ phenomenon in RAID5, RAID6, 
RAID1, and other arrays. A newer CopyOnWrite (COW) file system with software RAID like ZFS can fix the write 
hole problem as a data modification is then done on all disks or completely cancelled. Still, an SSD without 
powerloss protection might introduce a problem nevertheless when the firmware of the controller does 
garbage collection in the background. When using a RAID1, a system would need to have additional checksums 
in order to detect bad data and restore the good version of a datablock from the other disk which may be not 
corrupted.

Another problem is posed by storage systems with a write-cache. On a crash, all data in the cache is lost. The 
logical conclusion would be to disable the write-cache, but that would result in unbearably slow operations 
as safe sync write without using a RAM write cache can slow down write performance up to 10%. If you use a 
write cache some seconds of last writes may get lost on a crash.  Older file systems may have corruption prob-
lems even without a cache because data may be written to disk but meta data might not have been updated.

More recent CopyOnWrite file systems like ZFS use atomic operations to either update data and meta data as 
one operation or not at all. Such file systems will never become corrupt after a crash.  
One problem remains. If you need filelocking or transactions for a database or store older filesystems for  
example on a VM datastore for ESXi these databases may become inconsistent or the older filesystems become 
corrupted after a crash - even when ZFS remains intact as on application or guest OS level you do not have any 
way to control what goes into the cache and what is written to disk directly.

There is a solution, though. One can use a controller with cache and BBU for Hardwareaid on older file 
systems. When an operating system receives a confirmation for a write-action, it will really be on stable disk 
– or in case of a crash after the next system boot. But all in all a RAID controller cache is quite small and slow 
compared to system RAM and the Write Hole Problem remains so this is not perfect.

In the case of ZFS, the problem was solved with a logging function of the cached data which was committed  
as “written to disk” to the OS. ZFS always uses a RAM-based write-cache which can buffer several seconds of 
data to write multiple small random write operations as a single large and fast sequential one. The logging of 
cached data can be done additionally on a device called ZIL to guarantee a secure write behaviour.  
 
For performance reasons, one may not use the pool as ZIL, but rather an extra logging device called Slog, which 
is optimized for this kind of operation. The following hardware might be used for this kind of device: 8GB 
ZeusRAM, NVMe like Intel P-Series (750, 3600, 3700) or an Intel S 3700/3710 SATA SSD that offer powerloss 
protection, ultra low latency and high and constant write-iops for QD/QueueDepth=1. 

Of course all those techniques do not help when a user program, like Word, writes files to the disk. In case of a 
crash, they will be lost. Only the user program can prevent that kind of failure by creating temp-files.  
Versioning and snapshots can help to recover older versions of a file. 

Summary of Contents for ZFS Storage

Page 1: ...napp it ZFS Storage Server User s Guide Setup on OmniOS First steps published 2016 Oct 12 c napp it org Licence CC BY SA see http creativecommons org licenses by sa 2 0...

Page 2: ...Groups Active Directory 13 NFS server 14 iSCSI FC server 15 Data scrubbing 16 Data snapshots versioning backup 17 Data replikation availability 18 Rollback and Clones 19 Operational settings 20 Applia...

Page 3: ...le behind them Organizations don t innovate people do As the rise of Linux forced the market price of OS aquisition to zero that open sourcing the Solaris operating system was the right business decis...

Page 4: ...ctive development with a stable every 6 months long term stable editions minimal OS just enough for a fully functional ZFS server for best stability free but with a commercial support option Just enou...

Page 5: ...the GUI in production systems prefer Solaris Alternatively you can use the text edition of OpenIndiana or Solaris or OmniOS a minimalistic and very stable OpenSource distribution for storage and othe...

Page 6: ...2 3 Storage Management via napp it on OmniOS OpenIndiana or Oracle Solaris ZFS Filesystems and disk details...

Page 7: ...s for HA solutions based on Multipath IO prefer Sata disks with multiple HBAs without expander prefer 24 7 enterprise disks Rules for high capacity storage prefer raid Z2 vdevs with 6 or 10 disks or Z...

Page 8: ...3 1 ZFS Configurations...

Page 9: ...to add images with different mainboards disk sizes and napp it Step 3 Boot your server from the CloneZilla USB stick to restore napp it Select your keyboard type device image mode and a the source of...

Page 10: ...2 select device image mode 3 select local_dev USB drive 4 Clonezilla is now ready to read the napp it image If the image is on an USB 3 stick or disk insert the stick now wait 5s press enter and selec...

Page 11: ...ot working do a manual network setup see 5 2 2 Image is not compatible with your SSD use the ones that were used to create the image 3 Image is incompatible with your hardware do a manual setup and cr...

Page 12: ...root Unix and SMB no password press enter twice passwd root 6 enable SSH root access via napp it menu Services SSH 7 Login via Putty to copy paste commands with a mouse right click 8 set TLS for encry...

Page 13: ...setup a different OS version or a different ditribution ex OpenIndiana or Oracle Solaris or if the default cloning method of a preconfigured image fails Use a 32 GB or larger Sata SSD disk or Sata DOM...

Page 14: ...te addr T dhcp e1000g0 dhcp add nameserver echo nameserver 8 8 8 8 etc resolv conf use DNS name resolution copy over DNS template cp etc nsswitch dns etc nsswitch conf install napp it online default f...

Page 15: ...et O www napp it org nappit perl reboot or set current bootenvironment as default reboot set a root password this password is valid for Unix shell logins and SMB connects passwd root optional check cu...

Page 16: ...laris 11 Express http archive is snZaS The archive is page refers to the old Solaris Express 11 page If you click on a description you are forwarded to the current Solaris 11 page If you click on Down...

Page 17: ...t a remote console keyboard and the ability to mount ISOs like a lokal CD DVD drive IPMI window Java applet with a virtual keyboard and a console preview that can be displayed full size You can enable...

Page 18: ...UI in menu Services SSH allow root As this can be a security problem you should disable remote root afterwards with menu Services SSH deny root Tips You can copy paste CLI commands with a right mouse...

Page 19: ...LAN check modify Unix permissions and ownership To use WinSCP you must enable SSH on OmniOS This is the case per default but per default only allows that regular users can login not root An option is...

Page 20: ...is menu set in production environments As Solaris is an enterprise OS you can use it for other services or applications as well example a Webserver or Databese Server You can use these services withou...

Page 21: ...features that are needed to manage a ZFS storage appliance Napp it free is not crippleware or a product that is limited in essential features It is sufficient for many cases It is a stable state of na...

Page 22: ...gn goal of ZFS Similar to oldstyle partitions you create ZFS filesystems on your pool but unlike old partitions you do not set a size of a filesystem as it can grow dynamically up to the poolsize If y...

Page 23: ...have different ZFS properties can be replicated and has its own snapshots it is common to use as many filesystems as you like up to thousands example one filesystem per user create a ZFS pool with men...

Page 24: ...the row of a filesystem example tank userdata to the entry under the column RES or RFRES enable sync write for a filesystem click in the row of a filesystem example tank userdata to the entry under th...

Page 25: ...server on any X system can act as AD server a lot of sharing options nested shares shares independent from ZFS filesystems permissions are based on Unix UID GID Posix ACL this is a plus if you work ma...

Page 26: ...et sharesmb off SMB permissions In contrast to other Unix services Solarish CIFS uses Windows alike NFS4 ACL with permission inheritance not traditional Unix permissions like 755 or Posix ACLs https e...

Page 27: ...these users to all files even when there was no explicit permission set for admins as root has always full access ID mapping is available in menu Users napp it ACL extension Attention Do not map local...

Page 28: ...sions with the usr bin chmod command per Windows or per napp it ACL extension Modifying ACL via CLI command is really stupid Especially with napp it free you can use Windows beside Home editions to mo...

Page 29: ...data You can set share level ACL via napp it ACL extension or remotely via Windows server management You must connect a share server management as a user that is a member of the SMB admin group exampl...

Page 30: ...t affects the mode The default mode for the aclinherit is passthrough napp it only aclmode Modifies ACL behavior when a file is initially created or controls how an ACL is modified during a chmod oper...

Page 31: ...behaves different This is the reason why the Solaris CIFS server come with an own SMB group management that works independently from Unix groups If you need groups to restrict SMB access you must do...

Page 32: ...ot restrict ownership when creating folders folder tank data allow everyone readx read and execute no inherit this folder only allow everyone create_folder_set inherit to folders and subfolders allow...

Page 33: ...Server can be either a member of a workgroup use local user or a domain can use either local or domain user If you switch from domain to workgroup mode remove all mappings with idmap remove a If you j...

Page 34: ...s this approach was replaced by COMSTAR a enterprise framework to manage iSCSI and FC environments When should you use iSCSI FC when you need a non ZFS filesystem like ext4 HFS NTFS or VMFS ex ESXi en...

Page 35: ...pointers are not updated old data keeps valid and verified 3 If anything goes wrong this will be detected by checksums on next read and auto repaired self healing That does not mean that you cannot h...

Page 36: ...ata no autorepair This may be different in future with ReFS but currently this is not a comparable option to ZFS ZFS snapshots ZFS snapshots are far better than the former solutions ZFS is a CopyOnWri...

Page 37: ...Replikation If you need realtim sync with the exact same datastate at any time you can use a mirror between appliances You need two or more storage nodes independent ZFS storage servers that offer a Z...

Page 38: ...s the snapshot from which it was created Creating a clone is nearly instantaneous and initially consumes no additional disk space In additi on you can snapshot a clone Clones can only be created from...

Page 39: ...job Jobs backup create backup job tp backup basic OS and napp it settings to a pool Restore all user SMB groups idmappings and other napp it settings then via User Restore ACL extension Set autoscrub...

Page 40: ...orts to a secure environment either based on a network adapter link or based on your networks Restrict access to file services Fileserveices like NFS3 do not offer authentication Access can be only li...

Page 41: ...ks about 100MB s came up many years ago this was sufficient as storage capacity was quite low and performance of an average internal disk and network performance was quite similar Now storage is in th...

Page 42: ...h faster than the e1000 vnic with the base vmxnet3 tuning The other tuning aspects are main ly relevant for external access or if you use a 10G nic in pass through mode for fastest external access Rem...

Page 43: ...u need a switch with enough 10G ports This introduces two problems One is that 10G switches with more than two ports are quite expensive Then they are quite loud and only an option in a serverroom In...

Page 44: ...nd assign disks to the map You can then printout a screenshot of a map an place it on the server as a reference If a disk fails the map allows to identify the slot of the failed disk Example demo maps...

Page 45: ...Example Map Chenbro 50 x 3 5 Bay...

Page 46: ...metadate update is done completely or discared ex due a crash So different states of mirrored disks or partly written raid stripes are not possible on ZFS by design So for daily use you are protected...

Page 47: ...or overwriting un less you do not block with a snap A write action on ZFS that affects filestructure or Raid consistency is done ompletely or discared completely on a crash Result The CopyOnWrite mech...

Page 48: ...e that contains all committed data what means that it only need to be able to store about 10s of writes Even with a single 10G connection about 8GB is enough This is why one of the fastest Slog device...

Page 49: ...on the backup system From time to time replace the backup pool with a second one and keep the disks on a safe location outside Level 3 Professional use Care additionally about two backups on different...

Page 50: ...e is updated only from time to time or to fix severe bugs After the eval period functionality is automatically reduced to the free features napp it Pro extends the functionality of napp it Free It is...

Page 51: ...filesystem used IDmappings via Web UI Menu user Restore all napp it user smbgroup and idmapping settings from backup job data Menu user restore settings Without the extension you can control file per...

Page 52: ...a common DNS server or manual host entries How replication works On initial run it creates a source snap jobid nr_1 and transfers the complete ZFS dataset over a netcat highspeed connection When the...

Page 53: ...bers with Extensions Appliance group delete members and rebuild the group Replication requires that the napp it webserver is running on port 81 on source and target machine The replication itself is d...

Page 54: ...anually With napp it Pro and the ACL extension you can easily restore all user group and napp it settings in menu User Restore Settings If you do not have a backup of the job and group settings first...

Page 55: ...SID as an extended ZFS attribute Solarish SMB this is really troublefree Even in a Windows AD environment you only need to import a pool takeover the ip of the former server and your clients can acce...

Page 56: ...d switch NFS SMB services over a common virtual HA ip You can extend this with two dedicated Storageheads for the Initiator part that creates the Z RAID Pool on LUNs from up to 6 Storagenodes for a ne...

Page 57: ...is menu shows the state of the network Z RAID and allows to change the state of heads Master Slave and nodes You can do a manual failover between heads or a role switch from this menu more see Z RAID...

Page 58: ...is the current default professional HA solution RSF 1 RSF 1 brings advanced HA High Availability features to ZFS providing a more resilient and robust storage offering tolerant to system failures Act...

Page 59: ...ferent location on the drive Transaction Problems Disks are preferring RAM cached writes as this offers a much better write performance Database applications cannot tolerate this File or dataset locki...

Page 60: ...che some seconds of last writes may get lost on a crash Older file systems may have corruption prob lems even without a cache because data may be written to disk but meta data might not have been upda...

Page 61: ...ity of RAM errors increase with RAM size With several Gigabyte of RAM ECC is mandatory for a storage server Backup is used to restore a certain data version after a disk or array crash There are diffe...

Page 62: ...ill be freed in order to be overwritten unless it is protected by a snapshot Checksums They are needed on order to detect and repair errors When using redundant data like in a RAID all data will be re...

Page 63: ...pdf SMB 10G Tunings on OSX Windows http napp it org doc downloads performance_smb2 pdf Advanced user http www napp it org doc downloads advanced_user pdf Tuning http napp it org manuals tuning_en html...

Reviews: