Welcome!

@CloudExpo Authors: Liz McMillan, Zakia Bouachraoui, Dana Gardner, Yeshim Deniz, Elizabeth White

Related Topics: @CloudExpo, Containers Expo Blog, SDN Journal

@CloudExpo: Article

The Rise and Fall of SANTap | @CloudExpo #Cloud

A decade later, the Holy Grail of seamless live data tapping from SAN remains elusive

I am not sure how many people remember Cisco SANTap. About ten years ago, Cisco introduced a data tapping mechanism in the MDS 9000 fibre channel switches. The idea was to allow the data path to be "tapped" at-will. Tapping in this case meant using a mechanism in the switch to split the data being written from client hosts to the storage, allowing the identical "split" data to be routed through a second, separate path.

SANTap therefore allowed a copy of the data to be seamlessly "mirrored" through the switch and subsequently used by other applications for multiple purposes (especially for backup). It facilitated real-time protection of critical data, and allowed advanced functions such as migration, snapshots, etc.

It was a great idea. However while it might sound like a simple solution, the details were exceedingly complicated. Two considerations immediately reveal how convoluted such a seemingly simple proposition could become:

  1. Fibre channel SAN inevitably involves multipath. For a LUN to be protected, all paths involved must be tapped. None can be left out. When using high-availability, this means paths will also travel through another switch. Every bit of data from these paths through different switches must be tapped without missing a single command.
  2. The application or appliance that receives the data must be fast enough to receive real-time tapping. The smallest hiccup in data cannot be tolerated, since the tapping mechanism will not wait for the receiving application or appliance to "catch up," or client performance will be affected. When this happens, SANTap switches to error mode and tracks the changed data in a dirty data map. The appliance then has to perform recovery - meaning copy the missed data first - and get back in sync. Unfortunately, SANTap's primary design intent was for use with backup storage, and organizations rarely implement their highest-performing servers and devices in the backup space. It wasn't surprising then to see these applications and devices struggle with data ingress off the "tap" when administrators tried out this new technology.

These two real-world scenarios are just the tip of the iceberg when it comes to tapping data from SAN. The scope and complexity cannot be exaggerated, and it could be the reason why SANTap was not adopted pervasively by many vendors for their applications. The most recent material referencing the technology was from 2007, where EMC announced SANTap with RecoveryPoint.

Years ago when SANTap was at its infancy, while I was still in my previous company, I met with the Cisco engineering team working on SANTap and tried to persuade them to adjust certain aspects of the feature so we could integrate it into our own data protection product, which was perfect for SANTap. In fact we had already demonstrated a functional version, but were running into issues when many paths were tapped.

However that was another era at another time. For various inexplicable and non-technical reasons, the project just faded into oblivion. There were no other well-known products publicized that used SANTap. Nearly a decade later, the Holy Grail of seamless live data tapping from SAN remained elusive.

That is, until now. Newly available technologies allow third parties to build SANTap-like mechanisms.

Appliances which can tap live data with a Transparent Data Intercept technique have been developed that allow live insertion of interception points into the data path of fibre channel links. This technique is normally described as physical insertion by unplugging the storage or host ports, plugging that connection into the tapping appliances, and then connecting the appliance ports back to the switches. By doing this one link at a time, the data path can be intercepted transparently without downtime, and without any changes to the SAN environment.

This works extremely well. However, the same appliance can be inserted into the data paths without having to physically unplug cables. Using switches that support virtual SAN, such as most Cisco (vSAN) or Brocade (Virtual Fabric) switches, appliances with the Transparent Data Intercept capability can be simply plug into the switch ports, and tap into the data links. No changes to the original cable configuration are necessary.

This technique brought back the memory of SANTap. With an appliance and virtual SAN, this is exactly what it is - simply plug the appliances into the switches, then use virtual SAN to map into the links to be intercepted. Once inserted, the SAN environment is automatically discovered and organized by LUNs and hosts, and all detailed paths can be clearly identified, even across switches. All the related complexity can be hidden by clever software.

The implication is quite significant, if not earth-shattering. This means using this type of technology, after plugging the appliances into the switches and creating a few small virtual SANs, selected storage or host ports can be intercepted seamlessly. The entire SAN configuration can potentially be graphically illustrated. Individual LUNs can be selected and tapped, and the data can be migrated, or backed up for disaster recovery, periodically or continuously, local or remote. In addition, this process can enable cache, anti-virus, or even just SAN system health and performance analysis.

Through advanced Transparent Datapath Intercept technology, this tapping mechanism may soon be opened up via APIs for all storage solution developers to build their own applications - fulfilling the promise originally proposed by SANTap. One can only imagine what other great innovative products people can come up with once this interface is made available.

Come to think of it, maybe Cisco should adopt this and consider it as a "SANTap, redux"...

More Stories By Wai Lam

Wai Lam is co-founder and CTO of Cirrus Data Solutions (www.cdsi.us.com), a developer of Data Migration Server and Data Caching Server for storage area networks (SANs). He was previously CTO and VP of Engineering at FalconStor, a company he co-founded in 2000. There, he was the chief architect, holding 18 of 21 company patents. His inventions and innovations include many industry "firsts" in advanced storage virtualization, data protection, and disaster recovery. Wai received the prestigious China national "Top 1000 Technological Leaders" award in 2013

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
"There is a huge interest in Kubernetes. People are now starting to use Kubernetes and implement it," stated Sebastian Scheele, co-founder of Loodse, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.
Here to help unpack insights into the new era of using containers to gain ease with multi-cloud deployments are our panelists: Matt Baldwin, Founder and CEO at StackPointCloud, based in Seattle; Nic Jackson, Developer Advocate at HashiCorp, based in San Francisco, and Reynold Harbin, Director of Product Marketing at DigitalOcean, based in New York. The discussion is moderated by Dana Gardner, principal analyst at Interarbor Solutions.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust that they are being taken care of.