Template Version: @(#)onepager.txt 1.32 07/08/08 SMI This information is Copyright 2007 Sun Microsystems 1. Introduction 1.1. Project/Component Working Name: NPIV (N_Port_ID Virtualization) for FibreChannel 1.2. Name of Document Author/Supplier: Aaron Dailey 1.3. Date of This Document: 8/28/2007 1.4. Name of Major Document Customer(s)/Consumer(s): 1.4.1. The PAC or CPT you expect to review your project: Solaris PAC 1.4.2. The ARC(s) you expect to review your project: PSARC 1.4.3. The Director/VP who is "Sponsoring" this project: Scott Tracy 1.4.4. The name of your business unit: Solaris Storage 1.5. Email Aliases: 1.5.1. Responsible Manager:roger.dong@sun.com 1.5.2. Responsible Engineer:aaron.dailey@sun.com 1.5.3. Marketing Manager: 1.5.4. Interest List:jack.meng@sun.com, allan.ou@sun.com 2. Project Summary 2.1. Project Description: N_Port_ID Virtualization (NPIV) allows one physical FibreChannel (FC) port to represent many FC ports, thus virtualizing the hardware. Using these virtual ports, administrators can use existing management schemes such as LUN Masking and Switch Zoning to perform access control. This functionality is especially useful for virtual machine environments such as Xen or Solaris Logical Domains. 2.2. Risks and Assumptions: Dependent on code from third parties. Mitigated by requesting code early in schedule. Will contribute this code to Xen, but unfamiliar with Xen integration processes and policies. Mitigated by working with Xen community both internal and external to Sun. 3. Business Summary 3.1. Problem Area: Storage Area Network (SAN) administrators use LUN Masking and Zoning to segregate visibility of devices on the SAN. This can simplify SAN management, and is common practice. LUN Masking and zoning are based on an HBA's world wide name (WWN) a world wide unique identifier. Today, this is based a value contained in non volatile memory on each HBA. With virtual machine environments each virtual machine must share an HBA's WWN. Additionally, if migration is allowed, every machine's HBAs must be in the same zone. NPIV allows virtual ports to be created, so that SAN administrators can continue to use existing SAN management schemes. 3.2. Market/Requester: Target customer is any customer who deploys a complicated SAN and uses Solaris virtual machine technology (including zones). We have also had specific requests from third parties wishing to use in NPIV non virtualized environments. 3.3. Business Justification: NPIV is important to maintain our FC stack competitiveness. 3.4. Competitive Analysis: There have been several public demonstrations of NPIV: SUSE Linux with Xen VMWare with NPIV Microsoft virtual server with NPIV 3.5. Opportunity Window/Exposure: Expected that OS competitors will commercially release similar products in first half of CY08. 3.6. How will you know when you are done?: System administrators are able to create NPIV virtual port devices on a system. They are able to use these within virtual machines including Logical Domains and Xen. 4. Technical Description: 4.1. Details: This project has several distinct modules. The first is the changes in the Leadville FibreChannel device driver stack (PSARC 1997/385). The hardware dependent drivers (called Fibre Channel Adapter or FCA) will be changed to support NPIV. The interface between the FCA driver and fp/fctl drivers will change. To manage NPIV, we will change the HBA-API interface (PSARC 2002/644). These changes will be proprietary. T11, the standards organization responsible for HBA-API is working on extensions to HBA-API to support NPIV. Today this work is still in conceptual phase. It is intended that the T11 standard will be included either in the first putback or in a future project, depending on maturity of the standard. To manage NPIV, we will extend the existing fcinfo command (PSARC 2004/291). Because the command will allow changing of configuration, it will be implemented as a hard link to a new command called fcadm. Backward compatibility will be maintained. Xen, Logical Domains and Containers will all be extended to associate an NPIV WWN with a guest operating system. If that DOMU is activated, newly visible block devices will be (optionally) automatically mapped to that guest operating system. Xen and Logical Domains are conceptually similar in that they use a split block device driver to map block devices between host and guest and operating system. This is the driver that will be modified. In containers, zonecfg will be modified to automatically create links between a global zone and a non global zone. Note: Due to hardware limitations on the FibreChannel adapters, there are insufficient resources to support IP over FibreChannel. Existing permanent WWN ports will continue to support IP over FibreChannel. 4.2. Bug/RFE Number(s): None. 4.3. In Scope: Xen, Logical Domains and Containers will be covered by this case. Additionally, NPIV will be supported in a non virtual machine environment. 4.4. Out of Scope: Dynamic System Domains will not be addressed. 4.5. Interfaces: Driver Interfaces: Interfaces Exported ------------------------------------------------------------ interface | Classification | Comments | | ------------------------------------------------------------ FCA |Project Private |Interface between FCA and fp/fctl | | HBA-API |Committed |existing interfaces remain unchanged | |(SNIA/T11 Standard) | | HBA-API ext |Consolidation Priv. |Any proprietary extensions | |to HBA API (future standard) | | LV ioctl for |Consolidation Priv. |New ioctls to support NPIV HBA-API | | management | | fcinfo CLI |Committed |CLI options fcinfo output|Uncommitted | | | xm (Xen CLI) |Committed |CLI for Xen | | zonecfg |Committed |CLI for Zones | | ldm |Committed |CLI for logical domains 4.6. Doc Impact: Man pages: fcinfo(1M) Xen: None integrated Logical Domains: ldm(1) Logical Domains Administration Guide Containers zonecfg(1) System Administration Guide: Solaris Containers-Resource Management and Solaris Zones 4.7. Admin/Config Impact: New command fcadm(1M) (hard link to fcinfo) will be created to allow administering NPIV. In general, virtual environments will have the capability to associate an NPIV WWN per HBA per guest operating system. Instead of the current mapping process, to associate a WWN to LUN, the administrator will be able to allow all associated block devices to be mounted when it appears in an associated NPIN zone. 4.8. HA Impact: None 4.9. I18N/L10N Impact: None 4.10. Packaging & Delivery: None 4.11. Security Impact: NPIV allows arbitrary WWNs to be created on a SAN. This allows malicious administrators to access zones on SANs or LUN Masked targets for which they are not intended by impersonating another HBA's WWN. However, Solaris NPIV does not significantly increase security issues: 1) LUN Masking and Zones are not intended as secure access control. FC-SP addresses FibreChannel security but is not widely implemented. 2) Other operating systems that implement NPIV will allow similar access - for example a system running Xen/Suse Linux on a customer's SAN with NPIV will allow impersonation. 3) There are special drivers available today which allow arbitrary WWN assignment to non NPIV HBAs. 4.12. Dependencies: None. 5. Reference Documents: None. 6. Resources and Schedule: 6.1. Projected Availability: Q3FY08 Nevada putback 6.2. Cost of Effort: test: 3 person months Design/Architecture: 6 person months driver development: 6 person months Xen/LDOM/Container development: 6 Person month Documentation: 2 Person months 6.3. Cost of Capital Resources: minimal new capital 6.4. Product Approval Committee requested information: 6.4.1. Consolidation or Component Name: 6.4.3. Type of CPT Review and Approval expected: standard 6.4.4. Project Boundary Conditions: 6.4.5. Is this a necessary project for OEM agreements: No, not necessary 6.4.6. Notes: 6.4.7. Target RTI Date/Release: Nevada build 84, February 2008 6.4.8. Target Code Design Review Date: November 1, 6.4.9. Update approval addition: 6.5. ARC review type: standard 6.6. ARC Exposure:open 6.6.1. Rationale: n.a. 7. Prototype Availability: 7.1. Prototype Availability: Demonstrate driver changes to add and delete NPIV WWN 7.2. Prototype Cost: Use existing captial resources 6 person months to prototype change