SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

iscsi

iSCSI

iSCSI basics

Terminology: iSCSI (for “Internet SCSI”) is a protocol that allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers. It is a popular Storage Area Network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the illusion of locally-attached disks. Unlike Fibre Channel, which requires special-purpose cabling, iSCSI can be run over long distances using existing network infrastructure.
IQN is the iSCSI Qualified Name and has the format iqn.yyyy-mm.<reversed domain name>.<scsi alias and or hash>

The default TCP ports for iSCSI are 860 and 3260.

Source and more information on wikipedia: http://en.wikipedia.org/wiki/ISCSI

Implementation

Implementation of the iSCSI protocol in a Netware environment using a dedicated network: iscsinetware.jpg

Implementation target software on netware

The implementation of the target software in netware is covered in three steps:

  1. Create an iSCSI partition
  2. Run the target software
  3. Configure access control to the target

Create an iSCSI partition

Using NSSMU

  1. Start the NSSMU utility by entering nssmu at the target server console.
  2. Select Partitions from the Main menu.
  3. Press Insert and select the device where you want to create the partition.
  4. Select iSCSI as the partition type.
  5. Specify the partition size, then select Create to create the partition.

Run the target software

During the installation of the server, if you selected to install the “iSCSI SAN Storage Server” or the “iSCSI Target” component the target software is installed and configured to run during startup of the system. That's done by adding the ton.ncf to the autoexec.ncf file and by running the ton.ncf and tinit.ncf files. Note that you can unload and load the iSCSI software by running ton and toff at the console prompt.

Configure access control to the target

If your iSCSI target is in the same eDirectory tree as the iSCSI initiators that will access it, make each initiator server that you want to access the target a trustee of the Target object. You don’t need to assign specific access rights, you just need to make each Initiator object a trustee of the Target object.When iSCSI target software is first started on a server, an iSCSI target object for each iSCSI partition is automatically created in the same eDirectory context as the target server.

Implementation initiator software on netware

The implementation of the initiation software in netware is covered in three steps:

  1. Install the software
  2. Connect to the target server
  3. Automate the connect

Install the software

The iSCSI software is already shipped with Netware 6.5, starting with SP3. If you want the latest software please follow these directions: Download the software from the Novell website to your workstation. Extract it, and copy all the extracted .zip and .ncf files to the root of the SYS volume. Issue the next command on the command line:

  • ISCSINST

This will copy all the files to the appropriate directories.

Connect to the target server

To load the initiator software issue the next command at the command line:

  • ion

Note that for unloading the initiator software you can use the ioff command.

To discover and test the connection to the target server issue the next command:

  • iscsinit discover <ip-address>

Note that the ip-address mentioned is the ip-address of the target server.

To connect to the target server issue the next command at the command line:

  • iscsinit connect <ip-address> <target_name>

Again, the ip-address is the one from the target server. The target_name is the name discovered using the previous command.

Automate the connect

If you want netware to load and connect to the iSCSI target automatically after a reboot you'll have to edit the autoexec.ncf. Add the folllowing lines:

#
# iSCSI load and connect
#
ion
iscsinit connect <ip-address> <target_name>

You're now ready to format your iSCSI disks! Note: If you intend to install cluster services, do so after configuring the iSCSI initiator software but before formatting the iSCSI disks.

Implementation initiator software on AIX

The implementation of the initiation software in AIX is covered in two steps:

  1. Install the software
  2. Connect to the target server

Install the software

You need to install the software using the software supplied by the iSCSI target supplier. In this case it's Netapp:

  • tar -xf netapp_aix_SAN_kit_1.1.tar
  • cd netapp_aix_SAN_kit_1.1
  • ./install

Running the install script choose to install the kit and the iSCSI software. You don't need the FibreChannel software, so don't install it. Reboot the server after the installation.

Connect to the target server

To connect to the target server you have to complete these steps:

  1. Configure the network card connected to the SAN
  2. Define the target server
  3. Create iSCSI nodename
  4. Discover the LUNS

Configure the network card connected to the SAN

In case you have a dedicated network you'll need to configure a dedicated NIC on the server to connect to the SAN. Using smitty go to “Communications Applications and Services”, select “TCPIP” and select “Minimum Configuration & Startup”. In this menu you'll be able to configure your network card. You'll at least need the ip-address and the subnetmask. If the target server is in another subnet or VLAN you'll also need to know the gateway.

Define the target server

Using vi add the following line to /etc/iscsi/targets:

<ip-address> 3260 <iqn.1992-08.com.netapp:sn.12345678>

That is, the ip-address of the target server, the iSCSI port (3260 is the default) and the iSCSI nodename of the target server, in this case a netapp.

Create the iSCSI nodename

Than create the iSCSI nodename on the server using the next command:

  • chdev -l iscsi0 -a initiator_name=iqn.1996-04.com.ibm:<ininame>

Note that <ininame> is the initiator name as defined on the target server. You can verify the previous command by issuing this command:

  • lsattr -El iscsi0

Discover the LUNS

You can discover the LUNS created at the target by issuing this command:

  • cfgmgr -l iscsi0

And you can verify this by issuing this command:

  • sanlun lun show all

You should now see the LUNS displayed. You can now add the discovered disks into an appropriate volume group.

Implementation initiator software on SLES / Linux

Install and configure the software

On SLES or other suse core versions iSCSI is installed through yast. Start yast and go to Network Services → iSCSI initiator: iscsilinux01.jpg
After you've selected this you might get a warning to install the software first. If so, follow the prompts to install. In case you have the proper installation servers selected this will give no problems. After the installation you'll see this screen: iscsilinux02.jpg
The iSCSI initiator name is the name you need to configure on the target to be allowed to contact the iSCSI target. You also might want to change the Service Start from 'Manual' (default) to 'When booting'. After you've setup the iSCSI target to allow the iSCSI initiator to connect you can discover the device and connect to it. To do so, go to Discovered Targets and select Discovery. Fill in the ip-address of the target, and click next. If everything is going well, you'll receive the targets your initiator can connect to. Select the target you want to connect to and select 'Log In'. Fill in, if desired, the authentication credentials and select Next. If everything went fine you now have a connected target: iscsilinux03.jpg
Note that the Start-UP default is manual. Select 'Toggle Start-Up' to change this. To use the storage simply go to Partitioner and partition your newly added storage: iscsilinux04.jpg

iSCSI and VMware

iSCSI Types

Below are the types of iSCSI supported by VMware

Software iSCSI Initiator

Software iSCSI initiator is VMware code built into the VMkernel. It used standard network adapters.
Booting is supported for ESXi

Dependent Hardware iSCSI Initiator

A dependent hardware iSCSI initiator (or adapter) depends on VMware networking and on iSCSI configuration and management interfaced provided by VMware. This type of adapter presents a standard network adapter and iSCSI off-load functionality for the same port. To make this adapter functional , you must set up networking for the iSCSI traffic and bind the adapter and an appropriate VMkernel iSCSI port.
Booting is supported for ESXi
This type is supported since vSphere 4.1

Independent Hardware iSCSI Initiatior

An independent hardware iSCSI adapter handles all iSCSI and network processing and management.
Booting is supported for ESX

iSCSI Discovery Methods

Static Discovery

The initiator does not need to perform a discovery. The initiator knowns in advance all the targets and uses IP addresses and domain names to communicate with them.

Dynamic Discovery (SendTargets)

Each time the initiator contacts a specified iSCSI server it sends a SendTargets request to the server. The server responds with a list of available targets to the initiator. The names and IP addresses of these targets appear as static targets in the vSphere Client. Removed targets may return on rescans, HBA reset or host reboot.

iSCSI Security (CHAP)

CHAP uses a three-way handshake to verify the identity of hosts and or targets. The verification is based on a predefined private value, called a CHAP secret. CHAP is supported on the adapter level. On this level, all targets use the same CHAP secret. For software iSCSI, also per-target CHAP secrets are supported.

CHAP Authentication Method: Unidirectional (one-way CHAP)

The target authenticated the initiator, but the initiator does not authenticate the target. A CHAP secret must be specified for initiator to access the target.

CHAP Authentication Method: Bidirectional (mutual CHAP)

Provides an additional level of security which enabled the initiator to authenticate the target. Different secrets must be used for target and initiator secrets.
This is available for software iSCSI only.

CHAP Options

Do not use CHAP

The host does not use CHAP and disable authentication if it is currently enabled.

Do not use CHAP unless required by target

The host prefers a non-CHAP connection but allows for authentication when the target requires it.
This is available for software iSCSI only.

Use CHAP unless prohibited by target

The host prefers CHAP connections but can use nono-CHAP connections when the target requires it.

Use CHAP

This option requires successful CHAP authentication. This option is required for mutual CHAP.
This is available for software iSCSI only.

Disabling CHAP

If you disable CHAP on a system that requires CHAP authentication, existing iSCSI sessions remain active until you reboot your ESX/ESXi host or the storage system forces a logout. After the session ends, you can no longer connect to targets that require CHAP.

iSCSI Possibilities Overview

Software iSCSI Dependent Hardware iSCSI Independent Hardware iSCSI
Boot ESXi ESXi ESX
Static Targets Yes Yes Yes
SendTargets Yes Yes Yes
Unidirectional Yes Yes Yes
Bidirectional Yes No No
Do not use CHAP Yes Yes Yes
Do not use CHAP unless required by targetYes No No
Use CHAP unless prohibited by target Yes Yes Yes
Use CHAPYes No No
You could leave a comment if you were logged in.
iscsi.txt · Last modified: 2021/09/24 00:24 (external edit)