Joe Bloggs, a data center architect, was recently assigned the task of figuring out how to use FlexClones.
The value of FlexClones around speed, simplicity and cost savings was so obvious that Joe was really motivated to make this work.
Joe looked at the problem and broke it down into four pieces:
- Create a consistent image of the database on the production system
- Copy the consistent image to test and development system
- Enable DBA's to use clones to do their development.
- Move final image back into production.
Now it turns out that Joe had tools and processes that he was comfortable with for solving steps 1, 2 and 4. After all he had been supporting database administrators (DBA's) for a while. So his plan was to continue to use those tools and processes. The challenge was step 3.
The naive and impractical solution would have been to give the DBA' s the root password on the FAS system and pray that they did not make a mess of things. Since Joe was not into faith based storage administration, he decided that he needed a more regimented process.
His requirements were:
- Multiple distinct business groups must be able to use the same FAS system.
- Each distinct business group must be prevented from impacting other business groups.
- The DBA' s must able to perform the following operations without involving the storage group:
- Create a clone
- Destroy a clone
- Mount a clone
The first and second requirement were reasonably easy to satisfy. Joe's plan was to give each business group an storage pool (an aggregate) within a FAS. The DBA's would share the controller, but would get their own private storage sandbox. The amount of capacity for each sandbox would depend on how much the line of business wanted to spend for their DBA's.
But the third requirement was problematic. The challenge was that the FAS system does not provide the fine level of role-based access control that he wanted. But even if it did, he was not sure that he wanted to expose DBA's to the full richness of the ONTAP command set.
What Joe wanted was a tool that the DBA's could use to manage clones, and that was integrated with some form of role based access control so that DBAs never accidentally managed someone else's clone.
Joe then asked NetApp for a solution to his problem. Ryan Cox, an engineer that is part of NetApp's Rapid Response Engineering (RRE) Team came up with a tool that leveraged the Manage ONTAP API's. The tool used the FAS APIs for manipulating storage objects and the APIs that are part of the Operations Manager product to manage Role Base Access Control. In a follow on post I'll talk about this tool in more detail.
