Professional Documents
Culture Documents
Microsoft Corporation
December 2003
Abstract
Booting from a storage area network (SAN), rather than from local disks on individual servers, can enable
organizations to maximize consolidation of their IT resources, minimize their equipment costs, and realize the
considerable management benefits of centralizing the boot process.
This white paper describes boot from SAN technology in a Windows environment, the advantages and
complexities of the technology, and a number of key SAN boot deployment scenarios. Boot from SAN
technologies are supported on Microsoft Windows Server 2003 and Microsoft Windows 2000 Server
platforms.
Contents
Introduction ...................................................................................................................................... 2
Summary ....................................................................................................................................... 21
Additional Resources..................................................................................................................... 22
Appendix........................................................................................................................................ 23
The Boot Process: Details....................................................................................................... 23
Pre-boot ............................................................................................................................ 23
Boot Sequence ................................................................................................................. 23
Intel IA-64 Architecture Differences.................................................................................. 25
Local Boot
The most common booting approach is to boot from a direct-attached disk. The server BIOS
locates the SCSI adapter BIOS, which contains the instructions allowing the server to determine
which of the internal disks is the boot disk necessary to load the operating system.
Remote Boot
Remote booting (also called network boot) is the ability of a computer system to boot over a local
area network (LAN) from a remote boot server. Critical to remote boot is the network adapter
card, which contains the instructions necessary for booting. Remote boot is not a new concept;
UNIX systems have had remote boot capabilities for about 30 years.
Remote booting confers a number of advantages, including remote administration of client
workstations, greater control over distribution of software, and cost reduction by eliminating the
need for local hard drives. However, the downside of remote boot is that booting over the LAN is
a considerable security risk.
1
While Microsoft Windows NT Server 4.0 enables remote boot, Microsoft has not made this
capability widely available in its other operating system products because of the inherent security
risks. Windows does, however, support a much more secure remote boot technology, boot from
SAN.
1
Windows NT Server 4.0 uses the Remoteboot Service, which requires a special chip on each client network interface
card to enable remote booting of MS-DOS, Windows 3.1, Windows 95 and Windows 98. This boot programmable read-
only memory (PROM) chip redirects the standard startup process from the client to the network adapter card and
establishes the network connection to the server. The client can then obtain a boot imagethe minimum necessary
information for startup and configurationdirectly from the server. The Remoteboot Service requires installation of the
NetBEUI and DLC protocols on the server.
Advantages
Boot from SAN technologies help businesses continue the trend toward consolidated and
effective management of storage resources, decoupled from the server.
Server Consolidation. Boot from SAN alleviates the necessity for each server to boot from
its own direct-attached disk, since each server can now boot from an image of the operating
system on the SAN. Thin diskless servers take up less facility space, require less power to
operate, and, because they have fewer hardware components, are generally less expensive.
Internal disk failure is very common in large datacenters.
Centralized Management. Since operating system images can be stored to disks on the
SAN, all upgrades and fixes can be managed at a centralized location. This eliminates the
need to manually install upgrades on each system. Changes made to the disks in the storage
array are readily accessible by each server.
Simplified Recovery from Server Failures. Recovery from server failures is simplified in a
SAN environment. Rather than a lengthy process of re-installing the operating system and a
backup copy of the data from tape to a spare server, the spare can simply be booted from the
SAN and then access the data stored on the SAN, returning to production with maximum
efficiency.
Rapid Disaster Recovery. All the boot information and production data stored on a local
SAN can be replicated to a SAN at a remote disaster recovery site. If a disaster destroys
functionality of the servers at the primary site, the remote site can take over with minimal
downtime.
Rapid Redeployment for Temporary Server Loads. Businesses that experience temporary
but high production workloads can take advantage of SAN technologies to clone the boot
image, and distribute the image to multiple servers for rapid deployment. Such servers may
only need to be in production for hours or days, and can be readily removed when the
production need has been met; the highly efficient deployment of the boot image makes such
temporary deployment a cost effective endeavor.
2
A logical disk. A LUN may map onto a single or multiple physical disks, and may constitute a whole or only part of any given disk or disks.
Hardware Requirements
The sections that follow outline the basic hardware components necessary for correctly deploying
a boot from SAN solution. It is recommended that key components (HBAs, switches etc) are
duplicated for redundancy in the event of hardware failure.
Servers
Each new server designated to be connected to the SAN storage array should be installed as
per vendor instructions.
If the server has already been in production, ensure that all disks are backed up before
connecting it to the SAN.
Ensure that the operating system supports boot from SAN. Windows Server 2003, Windows
Storage Server 2003, Windows 2000 Server, and Windows NT 4.0 are capable of booting
from the SAN.
Storage Array
Storage controllers control communication between the disks on the array and the ports to
which the servers connect. Storage arrays should have at least two controllers for
redundancy.
Create the RAID sets and LUNs for each server on the storage array. The logical units are
either numbered automatically by the storage array, or they can be assigned by the user.
Many storage arrays have the capability of managing disk security so that servers can only
access those LUNs that belong to them. Disks and LUNs are assigned to ports; hence a
single port connects to multiple disks or LUNs. These storage resources must be shared
among the multiple servers; LUN management through masking is critical to prevent multiple
hosts from having access to the same LUN at the same time. Microsoft only supports boot
from SAN when used with LUN masking.
Boot Bios
Ensure that the correct boot BIOS is on the HBA; without this the HBA may not detect any
disks on the SAN.
The default setting for the HBA boot BIOS is typically disabled; this must be enabled on only
one adapter per server in order to boot from SAN.
HBA Driver
Ensure that the HBA driver is appropriate for the boot configuration design. The SCSIport
driver, which was designed for parallel SCSI solutions, is not the appropriate driver for high
performance SAN configurations; instead use a Storport miniport driver with Windows
Server 2003, as it is specifically designed for such solutions.
The Storport driver features improved reset handling, which makes it possible to boot from
SAN and have clusters running on the same adapters. Storport also allows for queue
management, which is critical in a SAN fabric where fabric events such as adding or
removing devices are common. Further details on the Storport driver can be found in the
white paper, Storport in Windows Server 2003: Improving Manageability and Performance in
Hardware RAID and Storage Area Networks.
Basic SAN
The simplest SAN configuration, shown in Figure 1, is to deploy two diskless servers, each with a
3
single HBA, connected to Fibre Channel storage . (For simplicitys sake, this configuration does
not employ redundant components, even though it is recommended that they are deployed.) For
Windows boot from SAN solutions to work correctly, each server must have access to its own
dedicated boot device.
3
One of the simplest SAN configurations is a Fibre Channel arbitrated loop (FC-AL) configuration in which up to 126 devices are
connected. However, this configuration is not supported in Windows boot from SAN, since the addition or removal of devices from a FC-AL
configuration may result in all the devices acquiring a new network address. Moreover, the interruptions that occur when loop events occur
can cause I/O to fail, which can cause the whole system to stop booting or to crash.
4
Depending on the vendor, the default state of the LUNs is either masked or unmasked to the server. Thus, whether the administrator
unmasks or masks depends on the default state of the LUNs on the storage array.
Adding redundancy to this basic configuration introduces a further layer of complexity. This is
discussed in the next section, Multipath Configurations.
Multipath Configurations
Using the same two-server configuration introduced in the previous section, the administrator can
add redundant HBAs, cabling, switches, controllers, and ports on each controller. This
configuration, which confers high availability and high performance to the deployment, is shown in
Figure 2.
Continue with all installation activities, as outlined in the basic SAN configuration. Note that, since
only one boot device can be exposed to the BIOS as the boot LUN, the BIOS requires a manual
reset to boot from HBA A if HBA A fails.
Clustered Servers
When implementing a Microsoft clustering solution (MSCS) in a SAN boot environment, the
MSCS servers must keep the boot LUNs separate from the shared cluster LUNs. Whether or not
dedicated HBAs must be used to accomplish this separation depends on whether the loaded
Windows driver is SCSIport or Storport.
5
Vendors can use the Microsoft MPIO driver package to develop effective path management solutions that work with Windows. See the
white paper, Highly Available Storage: Multipathing and the Microsoft MPIO Driver Architecture, available at the storage website.
Storport Driver
The most significant limitation to deploying a clustering solution in a SAN boot environment using
the SCSIport driver is the HBA slot limit. Since separate HBAs must be used to access boot
LUNs and shared cluster LUNs, to implement a fully redundant solution, 4 HBAs (or two dual
channel HBAs) are necessary in each server. If the server cannot accommodate 4 HBA cards, or
if the cost of obtaining those cards is too great, a high availability multipathing solution is not
possible.
The Storport driver overcomes this limitation. With Storport, given its hierarchical reset
6
capabilities , bus-level resets are rare events, eliminating the necessity for multiple HBAs to
separate boot and cluster LUNs. The basic configuration (without multipathing redundancy) is
shown in Figure 4.
6
See the Storport white paper, Storport in Windows Server 2003, for further details.
Figure 4. Boot from SAN and Clustering, Using the Storport Driver
Storport also allows miniport controllable queue management, which allows HBA vendors to build
drivers that can survive SAN transients (such as Fibre events) without crashing the system. This
is of considerable importance in cluster configurations.
7
The boot files are the files required to run the Windows operating system. The system files are the files required to boot Windows. These
files include boot.ini, Ntldr and Ntdetect. The paging file is typically called pagefile.sys.
8
INT 13 are device service routines (DSRs) that communicate with hard drives (or diskettes) before other system drivers are loaded. The
INT13 extensions enable systems to see partitions up to 2 TB, well beyond the original 7.8GB limitation of the original INT13 functionality.
These problems can be solved by implementing HBA-based LUN mapping, described in the next
topic. HBA mapping must be available on the HBA controller.
9
Switch and storage controllers both have limitations.
Pre-boot
The pre-boot process is common to all operating systems. During this stage of the process, the
following steps occur:
POST. The system BIOS (stored on read-only memory chips) performs a power-on self test
to ensure that there are no problems with the hardware, such as voltage irregularities or hard
disk failure. If the hardware is working correctly, the CPU can begin operations
The BIOS locates and initializes all bootable devices. The BIOS first locates all add-in
devices (such as network interface cards and host bus adapters), as well as the local system
hard and floppy drives, then it determines which devices are bootable.
The BIOS sets the boot device. Although multiple devices are potentially able to supply the
boot files (including multiple hard drives if the BIOS provides multi-boot support), the boot
device actually used is either the first bootable device found (the default), or is set by the user
in the case of multi-boot capable systems. The BIOS gives this device the address drive=80,
which is the boot drive. (Note that, in configurations with multiple adapters, the order in which
the devices are enumerated becomes critical to this determination because the BIOS
assigns, by default, the first bootable drive it finds as the boot device.)
Load boot sector. Having assigned the device from which the system will boot, the system
will then search that device for the boot sector. All x86 systems require that the first sector of
the primary disk contain the Master Boot Record (MBR). The MBR contains the system
partition that contains the code and configuration files (Ntldr, boot.ini, and Ntdetect.com)
necessary to boot Windows. This partition must be set as active (bootable) in order to
proceed. Once the boot sector is loaded into memory, it can execute the next steps of the
boot process.
Boot Sequence
The boot sequence described in this section is Windows specific. The file Ntldr controls much of
this process. Once control is passed to Ntoskrnl.exe, the boot process is nearly complete.
1. Initial boot loader phase. The boot sector loads the Ntldr file, which begins loading the
operating system in a series of phases, the first of which is the initial boot loader phase.
During this phase, the Ntldr code enables the system to access all physical memory
(protected-mode). Prior to this, only the first 1 MB of system memory was available (real-
mode). At this point Ntldr also enables paging, which is the normal mode of Windows
operation.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of
publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you
any license to these patents, trademarks, copyrights, or other intellectual property.
2001 Microsoft Corporation. All rights reserved.
Microsoft, Windows 2000 Server, and Windows Server 2003 are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.