Five Fibre Channel Switches for the Enterprise
Storage area networks (SANs) are one of the hottest topics in large enterprise IT departments. With the promise of everything from high-speed shared multiplatform storage to serverless backup, Fibre Channel technology is the connectivity solution across which most SAN solutions run. At the center of that technology is the Fibre Channel switch.
For this review, we looked at five Fibre Channel switches to determine how easy these devices were to install, configure, and operate. We discovered that even as the SAN market segment is burgeoning, standards for Fibre Channel switches are still in flux. These devices have a fair distance to go before they will reach the ease-of-use level that Ethernet networks enjoy today.
The products reviewed are SANBox 16 from Ancor Communications Inc.; Silkworm 2800 from Brocade Communications Systems Inc.; Cappellix 2000 from Gadzoox Networks; ED-5000 from McData Corp.; and Vixel 8100 from Vixel Corp.
For this comparison, we focused on ease of installation, configurability, and richness of the management tools. To get a feel for these factors, we set a fairly simple task -- connect two Windows NT servers across each Fibre Channel switch to a tape library, enabling a backup of the two servers. We used a matched pair of IBM Netfinity 5500 servers, running Microsoft Corp.'s (www.microsoft.com) Windows NT Server 4.0 with Service Pack 4 (SP4) installed. Fibre Channel connectivity from these servers was provided by Emulex LightPulse 8000 interface cards over short wave fiber optic cables.
Our data backup target system consisted of a Storage Technology Corp.'s (StorageTek, www.storagetek.com) 9730 tape library connected to the switches through a CrossRoads 4200 Fibre Channel to differential SCSI bridge. Backup functions were supported using Legato Systems Inc.'s (www.legato.com) NetWorker software, version 5.5.1.
Through the course of the test we put each switch through the paces to determine its zoning, connecting to hubs, and connecting to servers functionality.
Zoning defines a set of rules that govern which devices are allowed to communicate with each other and which are not. We made connections that allow both test servers to see and exercise control over the tape library and its drives, and established rules that allowed one server to see the tape devices and prevented the other from doing so. We found that, with some minor differences in the look and feel of the interfaces, all of the switches could easily handle our zoning attempts.
The current Fibre Channel specifications do not adequately define the rules for connecting switches to one another for successful communication. The vendors of each product said their own switches can be connected among themselves, but none claimed that their switches could communicate with a competitor’s product. Connecting arbitrated loop devices along with full-fabric devices was another matter, and each device has different capabilities. McData supports only fabric connectivity; Gadzoox supports only arbitrated loop; Vixel allows either loop or fabric devices but not both simultaneously; and the others support some method of communication between the two.
To connect each server to the switches, we used host bus adapters (HBAs) from Emulex Corp. (www.emulex.com), and the most recent drivers downloaded from Emulex's Web site. Emulex provides both a SCSI miniport driver with limited configurability, as well as a full SCSI driver. The full driver allows the HBA to be configured as an arbitrated-loop, full-fabric, point-to-point, or public-loop device. It also determines whether the server will attempt to automatically detect SCSI devices attached across the Fibre Channel.
We tested for connectivity across each switch with both the miniport driver and the full port driver as arbitrated loop, full fabric and point to point. In all cases, we tested using automatic detection of SCSI devices. What we found was that the selection of which driver to use with each switch was not intuitively obvious. None of the switches allowed the servers to see the tape library using the point-to-point driver; all except the McData switch worked with the miniport and arbitrated-loop drivers. The Ancor and McData switches successfully worked with the full fabric driver. Moving to a later NT Service Pack might have addressed the limited success with the full SCSI drivers, but time constraints prevented us from testing that for ourselves.
The SANBox 16HA is the high-availability model of the SANBox 16. In the case of this device, high availability refers to the presence of two hot-swappable power supplies. Located on the back of the chassis, these items must be unscrewed to be removed, but the screw heads are large, conveniently located, and can be removed with any flat screwdriver -- or even a quarter if necessary.
The chassis supports up to 16 connections, using standard Gigabit interface connectors (GBICs), permitting connectivity over copper or fiber optic lines. TCP/IP connectivity is available through the 10Base-T Ethernet port, but there is no serial port for a console session. One minor quibble we had was the placement of the status lights for each GBIC port. The layout made it a bit difficult to tell at a glance which port went with which light group.
Switch management can be handled through a telnet command line interface or through Ancor’s Java-based Web tool, SAN Surfer, which is embedded in the switch. As with some of the others tested, using this tool with Internet Explorer required the installation of the latest Java Virtual Machine for our browser.
SAN Surfer includes some interesting graphics displays of throughput of the various fiber ports and images of the types of devices connected to each port.
At first, we encountered two glitches in the applet. The contents of our Web browser's View menu became increasingly extended with repeated options -- until several options ran off the screen -- and many subsections of the screens, such as the graphic images mentioned above, were only visible the first time we viewed a particular screen. After checking with Ancor technical support, we found that switching from version 4 to version 5 of Microsoft's Internet Explorer -- being certain to load the most current Java virtual machine -- resolved the problem.
The zoning capabilities on the switch presented two interesting differences from its competitors. First, a hard zoning option allows zone definition at the hardware level, and no overlapping of zones is possible. The other is that SANBox 16HA does not support defining zones by the World Wide Name of the attached devices.
Like its much larger competitor, McData’s ED-5000, Brocade's SilkWorm 2800 boasts a front-panel LCD display with menu control buttons. This display is used for the initial configuration of such things as the IP address of the switch -- necessary before any further configuration is possible -- due to the lack of a serial port. It also displays status and error messages for an operator or repair technician.
The 16 ports on the front panel accept standard GBIC modules, allowing use of copper or fiber optic lines as desired on a port-by-port basis.
The SilkWorm 2800 also includes dual, redundant power supplies. Located on the front panel of the chassis, the supplies are held in place by a tension bar, which may be flipped out by hand without tools, though a fair amount of force is required. No accidental pulls there.
The switch can be managed using a command-line telnet client, through SNMP, or using the Java-based application embedded in the switch. For our connection using Internet Explorer 4.01, the simply named Brocade Web Tools required a Java plug-in, also embedded in the switch, which was offered automatically the first time we connected.
We thought SilkWorm’s Web interface displayed one of the cleanest, easiest to navigate structures of the group we tested. Unfortunately, it also has one of the least secure, requiring a user name and password only when we attempted to execute zoning or administration functions. Otherwise, a great deal of information about things such as port types, port states, and connected devices is visible to anyone who knows the IP address of the switch. While we didn’t come up with any great ideas about how to misuse such information, we fear more cunning hackers could find a way to exploit this lapse.
The Cappellix 2000 is an unpretentious device, offering switched connectivity for arbitrated loop only. There is no support for fabric connectivity at the moment, though officials at Gadzoox say it is planned for a future version.
Using standard GBIC modules, Cappellix 2000 can support connectivity over copper or fiber optic lines, as desired. The only distinguishing physical difference on the slim, rack-mountable chassis is a small reset switch recessed on the left side of the faceplate. This sets a rapid return of the unit to its factory default settings, a rather nice touch for administrators who may need to reallocate a unit.
A unique feature of the Cappellix switch is the availability of a plug-in module that can increase the port count on the device from the standard eight ports to a total of 11 ports. This may make the Cappellix an interesting choice for installations with unusual device counts. These additional ports, however, are located at the back of the switch rather than at the front, which could be inconvenient in some settings.
The switch can be managed through a terminal or emulator across the serial port, via a telnet connection, or using the Java-based Web application embedded on the switch. This tool, called Ventana SANTools GXS, can be accessed with a standard browser such as Internet Explorer or Netscape Communicator. We tested with Internet Explorer 4.01, using the most current Java Virtual Machine. The displays for examining device health and setting zoning policies were all clear and easy to locate.
The ED-5000 from McData was the physical giant of the five products we tested: Two people were needed to unpack and install the unit. It boasts a number of redundancy features not present in the other units, but at slightly over $119,000 those features are not giveaways.
Housed in a large, rack-mountable cabinet enclosure, the ED-5000 dwarfed the other units in the test group. Inside the cabinet, a series of vertical slots hold the various modular components that make up the switch. The memory, controller, and switching modules are redundant and hot swappable, as are the dual, universal power supplies. The cabinet uses a hex-key lock and a special torque tool is required to mount and dismount the modules.
An LCD display and menu buttons, reachable even with the case closed and locked, allow for some rudimentary configuration and checking
The ED-5000 is the only unit in the test group that does not use standard GBIC modules for its connectivity. It uses port cards, each supporting four ports in either short wave or long wave fiber optic. Copper wire connectivity is not supported.
McData, too, has a different approach to the concept of management software. The Enterprise Fabric Connectivity Manager (EFCM) runs as a service on a Windows NT Server, which McData customarily sells with the ED-5000 switch. The software is accessed using a separate client application, which may be run from the same NT server or from any other Windows workstation able to access that server. Using the facilities of the McData-supplied NT server, the EFMC software can be configured for such specialized monitoring operations as paging or "phone home," through which the management server will alert McData or a designated service center when the switch experiences hardware problems.
A unique feature of the EFMC software includes a screen that reports all of the field replaceable units
The only problem we noted in working with the switch was that the Ethernet port did not appear to reset itself reliably. In our test environment we plugged and unplugged a single Ethernet cable from one switch to another -- to ensure that we were only working with one particular switch at any one time. Each time we plugged the cable into the ED-5000, it was necessary to reset the switch to establish an Ethernet connection. Although such switching of cables would be highly unusual in the real world, we found the problem a bit disconcerting.
The Vixel 8100 switch supports eight standard GBIC ports in its somewhat thick rack-mountable chassis. It allows use of copper or fiber optic cabling as desired.
In addition to command line control using telnet, Vixel provides a PC-based management application called SAN InSite. This application is similar in its functions to the Web-based applications embedded in the other switches. The most immediately distinctive feature of the interface is the bold, color-coded status screens that inform an administrator of the general state of the loop or fabric at a glance.
Another feature we liked was the ability to beacon any particular port. Selecting this causes the indicator lights next to that port on the faceplate to flash repeatedly. While it might seem inconsequential, this feature could be extremely useful when working in a crowded wiring closet or when remotely supporting a repair technician.
The Vixel 8100 supports connecting devices that use fabric login or arbitrated loop using what Vixel calls Stealth Mode. Unfortunately, it doesn't support translation between the two types of devices. In fact, though the switch can easily be configured to support one type of connection or the other, it will not support both simultaneously.
Fibre Channel Needs to Mature
Fibre Channel switching technology is still a bit touch-and-go, with vendors not only competing for market share and product sophistication, but also struggling with fundamental issues of standards. The lack of defined interoperability between products from different vendors makes it risky for buyers to adopt the sort of strategy that has become commonplace in networking. It is risky to begin building an infrastructure using lower-capability and lower-cost devices from one vendor while planning to gradually integrate higher-capability devices from other vendors later on.
The message being delivered by vendors is that the standards needed to support such deployment strategies are coming soon -- possibly within the next year. Until those standards emerge, however, current adopters need to choose their equipment carefully, considering overall goals far earlier in the planning process.
One thing was amply demonstrated through our testing process: There is still something of a rocket science to making Fibre Channel devices peacefully coexist. For an experienced network administrator, the analogies between Fibre Channel and networking are sufficient to make it seem that the task at hand should be easy. Yet the differences are great enough that there is still a significant learning curve to be overcome before Fibre Channel will approach being a set it and forget it technology.
Ancor Communications Inc., Eden Prairie, Minn.
+ Redundant hot-swap power supplies
+ Hard zoning possible -- no overlaps
- Display bugs in Java management application
- No zoning by World Wide Name
Brocade Communications Systems Inc., San Jose, Calif.
+ Front panel display
+ Excellent Web interface
+ No-tools hot swap power supplies
- Limited security on Web interface
Gadzoox Networks Inc., San Jose, Calif.
+ Expandable to 11 ports
+ Reset switch
+ No need to support fabric
- No ability to support fabric
- Ports on both front and back with expansion
McData Corp., Broomfield, Colo.
+ Thorough redundancy
+ Extensive management software
- Very high cost
- No support for arbitrated loop
Vixel Corp., Bothell, Wash.
+ Port beaconing
+ Easy configuration
- PC-based management applications
- Cannot mix loop and fabric