3.3 Storage Configuration

The storage providers in an Oracle VM environment must also be configured in a way that exposes them only to the servers and virtual machines that make use of them. Access to the management functionality of each storage provider must be restricted to the administrators in charge of storage configuration.

First of all, connect the storage servers to a private network that is accessible from the Oracle VM Manager and Oracle VM Servers. The storage providers need not be reachable from outside the Oracle VM environment. This network can be the management network or, preferably, a separate storage network. Locking down the storage servers to the individual IP addresses of the Oracle VM servers (including the Manager) in the storage subnet, is the most restrictive and most secure way to provide access to storage. As a minimum, expose the storage only to the storage subnet.

In Oracle VM we distinguish between file servers and SANs. For both categories the recommendations above apply, because most non-local storage is both managed and provisioned over the network, meaning based on IP addresses. The exception is directly attached storage, such as Fibre Channel or InfiniBand: to prevent unauthorized access you must make sure that only the Host Bus Adapters (HBAs) of the required servers are physically connected to the Fibre Channel or InfiniBand switch. NFS-based file servers and iSCSI-based SAN servers can be restricted to a subset of IP addresses via configuration.

The management of the Oracle VM storage servers may be different depending on the Oracle VM Storage Connect plug-in used for interaction with the storage provider. If you are using generic NFS or iSCSI providers with the corresponding generic Oracle VM Storage Connect plug-in, then configuration occurs almost entirely on the storage host. If you are using a custom third-party Oracle VM Storage Connect plug-in, then you can perform a much larger portion of the storage configuration from within Oracle VM Manager. Regardless of whether you use generic or non-generic iSCSI storage, make sure that your targets, initiators and access groups are configured in the most restrictive way possible.

For information about how to configure access to your storage providers, consult the following topics in the Oracle VM documentation:

For a technical overview of Oracle VM Storage Connect, see the Oracle VM Storage Connect white paper at:


For specific details about the configuration of your storage hardware, consult the hardware manufacturer's documentation.