Best Practices for Deploying StorSimple Virtual Arrays
Let’s look at some of the best practices for using the StorSimple 1200 virtual appliance. It was recently made available by Microsoft to small and medium enterprises (SMEs), as well as small and medium businesses (SMBs).
Devolutions Remote Desktop Manager
Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.
The Virtual Machine
The virtual appliance can be deployed on-premises as a virtual machine on one of three virtualization platforms:
- Windows Server 2012 or later Hyper-V
- VMware ESXi 5.5 or later
- Windows Server 2008 R2 SP1 Hyper-V
On Hyper-V hosts:
- Use Generation 2 virtual machines on Windows Server 2012 or later Hyper-V.
- Do not use Dynamic Memory.
- Use dynamic disks.
- Do not use the differencing disks option for the data disk.
- Resizing the disks is not allowed and will lead to data corruption.
On ESXi hosts:
- Use virtual machine versions 8 through 11.
- Thin provisioning should be used for the data disk.
- Resizing the disks is not allowed and will lead to data corruption.
Note that time synchronization for the virtual machine via the VMware Tools or Hyper-V integration services should be enabled.
Sizing the Data Disk
The virtual appliance data disk is where all hot data is stored. This disk must be sized appropriately between 500GiB and 8TiB. This is x1024 instead of 1000. The size of the data disk will directly control how much local plus cloud or total storage can be provisioned in the appliance. Local storage is used as follows:
- Approximately 12 percent of the local disk is reserved for each volume (iSCSI) or share (file server).
- Roughly 10 percent is also reserved for locally pinned volumes.
- Around 15 percent of the local disk is reserved for snapshots.
- If you are going to restore from a cloud snapshot, then there should be free space on the local disk. It needs to be at least the size of the local tier of the largest volume. See the first bullet point for more information.
- You should try to leave some free space for unexpected growth.
The screenshot below is from Excel. I have calculated the local disk requirements. I used the above requirements for a virtual device hosting 3 shares of 5TiB, 5TiB, and 10TiB.
Your virtual appliance can join an Active Directory domain, which is useful for permissible shares. However, it is recommended that the virtual appliance is isolated from group policy. Your policies may have a harmful effect on the function and performance of the storage system. Microsoft recommends:
- Place the virtual appliance into its own organizational unit (OU).
- Block inheritance on the OU to prevent GPOs from being accidentally applied.
When is the last time that you installed anti-virus on your SAN controller? Microsoft also states that anti-virus can adversely affect the operation of the virtual appliance. For example, a scheduled scan of data in the cold tier will be extremely slow. It also might incur unexpected access costs when using blob storage accounts.
This is one of those blanket statements from so-called security experts. They will say, “All Windows machines must have anti-virus and must scan everything.” This can lead to people being fired.
StorSimple is a cloud-connected solution. This means that Internet bandwidth is going to be important. The nature of your data and access is what determines your true bandwidth requirements. We are told that we should have 5Mbps or more of dedicated, reliable, and persistent bandwidth per appliance.
The amount available impacts how quickly Azure can backup your StorSimple volumes or shares. If you have 18GB of data change in a day, 5Mbps of bandwidth allows a backup to complete in 8 hours.
Any appliance configured as an iSCSI device should have:
- A static IP address configuration — not DHCP
- A primary and secondary DNS server for local name resolution
If you require multiple NICs for dedicated iSCSI networking, then note that only the first interface, called Ethernet, can reach the cloud. Other NICs should be bound to other networks. This is the same as VLANs or virtual networks.
Do not throttle bandwidth on the hypervisor because this throttles LAN and Internet access. This would be bad for hot data access. Instead, implement traffic shaping for the appliance on the physical network, which includes switches, firewalls, routers, etc. This will help to control bandwidth usage to the cloud for cold data.
You can use an automatically created storage account with a virtual appliance. You could also use a manually created one in either the same subscription or another subscription.
A virtual appliance can connect to one storage account but many virtual appliances can connect to a single storage account. When doing the latter, understand that:
- The maximum capacity of a virtual appliance is 64TB.
- The maximum size of a storage account is 500TB.
That means you can get 7x the fully assigned virtual appliances per storage account.
Regarding the storage account creation:
- Place the storage account in the region with the lowest latency to the virtual appliance. Try using the customer site.
- You cannot move a storage account between regions.
- LRS, GRS, and ZRS are all supported forms of resiliency for StorSimple.
- You can choose blob storage accounts, which supports hot or cool blobs. You can also choose general storage account, which supports ZRS.
Volumes and Shares
When planning iSCSI volumes or file server/NAS shares, Microsoft offers a number of best practices:
- You can have a maximum of 16 volumes/shares per array. Remember that a share/volume can have permissible subfolders. You can still scale out beyond this apparent limit.
- A volume cannot be expanded to size for future growth and the volume cannot be shrunk, either.
- The file size is relative to the share size. It can impact the performance of tiering to the cloud. Relatively large files, compared to the share size, tier out more slowly. Microsoft recommends that the largest file is no more than 3 percent the size of the share size.
- Volumes that will contain large files of archive data should have the Less Frequently Used Archive Data option enabled. Deduplication is done at 512KB, which is a larger block size than normal. This will speed up the transfer of data to the cloud.
- You can perform quick formats.
- You can format the volume with an allocation unit size of 64KB.
- Do not enable Data Deduplication on any servers connecting to the StorSimple virtual appliance. The appliance will handle data compression and deduplication.
When using StorSimple for iSCSI:
- Do not scan volumes or dynamic disks because this is not supported by StorSimple.
- Always create at least 1 access control record (ACR) per volume.
- Only add multiple ACRS for nodes in a cluster that will share a volume.
When deploying shares in StorSimple:
- Configure the default share administrator as a user group instead of a user account.
- Use normal Windows share administration tools from your PC to manage the share/permissions after it is created.
Data Security and Encryption
When you enable security features to protect the data on your StorSimple, you should follow the below guidance:
- Create an AES-256 cloud-storage encryption key before sending data to the cloud.
- Keep a copy of the cloud-storage encryption key somewhere safe, such as Azure Key Vault.
- Enable SSL mode when adding storage account credentials to the storage account. This will ensure secure data transfer between the appliance and the cloud.
- Whenever administrators change, you should regenerate the storage account keys.