Howdy everyone,
Ive watched Toms video on properly designing and setting up network storage but im just very confused. Im not getting it.
Very simple scnerio. I have a NAS with one network port. Its an older Synology but regardless one interface on the Server-VLAN. I should be placing my Xen server in that vlan as well so it has direct access to the Synology where all the VDIs are stored. I get that.
What i dont understand is how users who are on a different VLAN should be set up. They will have no choice but to cross through the firewall to get to the Synology where its functions as a file server.
What about a much larger enterprise network where users do have SMB shares set up to a Windows file share. I assume the backend is connectivity to an iSCSI but according to Toms video the NAS/Fileshares are on the same network as users. How is this possible if its a multi-site environment? Which each design scenario pointed out in the video the NAS/SAN is on the same network with users and thats the part that i dont understand. Are we just assuming one flat network ?!?
I’ve never used Synology, but I assume you can have multiple interfaces with different VLANs using the one NIC. So the NAS would directly be connected to multiple networks without the need for traffic passing through a router.
The specifics I imagine will vary from place to place based on needs, but in my environment, the NAS has an interface on the workstation VLAN so that traffic doesn’t have to be routed. Only SMB is allowed to connect on that interface and there’s a second interface on my servers network that shares NFS to a virtualization cluster. The workstation VLAN isn’t allowed to that interface. I’m not using synology, but I’d do it the same either way. I’d just have a couple VLANs on a single interface.
The whole point of that discussion was so that iscsi traffic is on its own VLAN. It is fine that its all over a single 10Gb link with multiple VLAN’s, for example. What you want is a non routable network from your SAN/NAS to you hypervisors with iscsi connection’s. The rest of the VLAN’s don’t matter if they are accessing the data from the VM’s themselves.
I also think they misspoke when talking about SMB also being on a non-routable VLAN. You are fine to have a routable SMB share as long as it is on a local network BUT it is not good performance to run SMB over VPN or the internet in general.
Ahh gotcha. So XCPNG and the NAS/SAN should be just layer 2. if its ISCSI or something else it should all reside on the same broadcast domain.
But if im an end-user connecting to an SMB share i can map to a Windows file share which behind the scenes is on the SAN?
If you have TrueNAS with SMB shares, for example, you can setup a VLAN on TrueNAS that is assessable from your workstations and bind the SMB service to the newly created interface.