Trending Topics

Implement and configure AWS Backup for VMware Cloud on AWS VM workloads

In our previous post we saw the design of the AWS Backup on VMC. In this post we’re going through the implementation steps As per the design and best practice, we are going to use the ENI for the Backup traffic CREATE A VPC ENDPOINT  TO CREATE AN INTERFACE ENDPOINT FOR AN AWS SERVICE 1. Open the Amazon VPC console at    2. In the navigation pane, choose Endpoints 3. Choose Create endpoint 4. Name the endpoint   5. For Service category, choose AWS services 6. For Service name, search “ Backup ” and select “ backup-gateway ” service from the dropdown 7. For VPC, select the VPC which we used for SDDC deployment and extension 8. To create an interface endpoint for Amazon S3, you must “uncheck” Additional settings, Enable DNS name. This is because Amazon S3 does not support private DNS for interface VPC endpoints 9. For  Subnets , select one subnet per Availability Zone which we used for SDDC VMC selection  10. For Security group , sel

LUN Masking vs. Zoning


Many devices and nodes can be attached to a SAN. When data is stored in a single cloud, or storage entity, it is important to control which hosts have access to specific devices. Zoning controls access from one node to another. Zoning lets you isolate a single server to a group of storage devices or a single storage device, or associate a grouping of multiple servers with one or more storage devices, as might be needed in a server cluster deployment.
Zoning is implemented at the hardware level (by using the capabilities of Fibre Channel switches) and can usually be done either on a port basis (hard zoning) or on a World-Wide Name (WWN) basis (soft zoning). WWNs are 64-bit identifiers for devices or ports. All devices with multiple ports have WWNs for each port, which provides more detailed management. Because of their length, WWNs are expressed in hexadecimal numbers, similarly to MAC addresses on network adapters. Zoning is configured on a per-target and initiator basis. Consequently, if you need to attach multiple nonclustered nodes to the same storage port, you must also use LUN masking.

LUN masking

LUN masking, performed at the storage controller level, allows you to define relationships between LUNs and individual servers. Storage controllers usually provide the means for creating LUN-level access controls that allow access to a given LUN by one or more hosts. By providing this access control at the storage controller, the controller itself enforces access policies to the devices. LUN masking provides more detailed security than zoning, because LUNs provide a means for sharing storage at the port level.
When properly implemented, LUN masking fully isolates servers and storage from events such as resets. This is critical for preventing the problems previously noted. It is important to thoroughly test your design and implementation of LUN masking, especially if you use LUN masking in server clusters.

Popular posts from this blog


DNS Scavenging.

AD LDS – Syncronizing AD LDS with Active Directory