IP multi-tenancy is implemented by adding a tenant to the storage system, associating
a set of VLANs with the tenant, and then creating one NAS server for each of the
tenant's VLANs, as needed. It is recommended that you create a separate pool for the
tenant and that you associate that pool with all of the tenant's NAS servers.
Note the following about the IP multi-tenancy feature:
l
There is a one-to-many relationship between tenants and NAS servers. A tenant
can be associated with multiple NAS servers, but a NAS server can be associated
with only one tenant.
l
You can associate a NAS server with a tenant when you create the NAS server.
Once you create a NAS server that is associated with a tenant, you cannot change
any of its properties.
l
During replication, data for a tenant is transferred over the service provider's
network rather than the tenant's network.
l
Because multiple tenants can share the same storage system, a spike in traffic for
one tenant can negatively impact the response time for other tenants.
About VLANs
VLANs are logical networks that function independently of the physical network
configuration. For example, VLANs enable you to put all of a department's computers
on the same logical subnet, which can increase security and reduce network broadcast
traffic.
When a single NIC is assigned multiple logical interfaces, a different VLAN can be
assigned to each interface. When each interface has a different VLAN, a packet is
accepted only if its destination IP address is the same as the IP address of the
interface, and the packet's VLAN tag is the same as the interface's VLAN ID. If the
VLAN ID of an interface is set to zero, packets are sent without VLAN tags.
There are two ways to work with VLANs:
l
Configure a switch port with a VLAN identifier and connect a NAS server port or
iSCSI interface to that switch port. The Unity system is unaware that it is part of
the VLAN, and no special configuration of the NAS server or iSCSI interface is
needed. In this case, the VLAN ID is set to zero.
l
Implement IP multi-tenancy using VLANs. In this scenario, each tenant is
associated with a set of one or more VLANs, and the NAS server is responsible for
interpreting the VLAN tags and processing the packets appropriately. This enables
the NAS server to connect to multiple VLANs and their corresponding subnets
through a single physical connection. In this method, the switch ports for servers
are configured to include VLAN tags on packets sent to the server.
Management support for FIPS 140-2
Federal Information Processing Standard 140-2 (FIPS 140-2) is a standard that
describes US Federal government requirements that IT products should meet for
Sensitive, but Unclassified (SBU) use. The standard defines the security requirements
that must be satisfied by a cryptographic module used in a security system protecting
unclassified information within IT systems. To learn more about FIPS 140-2, refer to
FIPS 1402-2 publication.
The storage system supports FIPS 140-2 mode for the SSL modules that handle client
management traffic. Management communication into and out of the system is
encrypted using SSL. As a part of this process, the client and the storage
management software negotiate a cipher suite to use in the exchange. Enabling FIPS
140-2 mode restricts the negotiable set of cipher suites to only those that are listed in
Communication Security
About VLANs 49
To Next Page
Loading...
Need help?
General
