Objective 3.2 – Configure iSCSI SAN Storage Print E-mail
Written by Matthijs van den Berg   
Wednesday, 14 October 2009 22:28

Knowledge

  • Identify iSCSI SAN hardware components
    Like a Fibre channel SAN a iSCSI SAN is build up out of three components (normal setup). We find:
    • iSCSI Target
      This is the controller of the disk and the device that converts the undelaying disk technology (for example SCSI) to iSCSI traffic on a network.
    • Switch
      The iSCSI target is connected to the network. The iSCSI initiators talk to the iSCSI target over this network layer. A regular ethenet switch can be used, but a dedicated VLAN, or even better, a dedicated switch with jumbo frame support is recommended. Minimum speed must be gigabit.
    • iSCSI initiator
      The iSCSI initiator is the ESX host. On this host a software of hardware iSCSI initiator can be installed. Read further down for a comparison between the soft- and hardware initiators.
  • Determine use cases for hardware vs. software iSCSI initiators
    You can use both a hardware as well as a software iSCSI initiator within VMware. Both will do the job, but there are some differences:
    • Software iSCSI initiator
      The software iSCSI initiator uses code from the vmkernel and requires only regular NIC’s in you ESX host. Best is to use a dedicated NIC, but using a VLAN is possible as well. The main benefits of an iSCSI software initiator is the low cost (regular NIC of VLAN) that provides most of the functionality needed for most of the environments.
    • Hardware iSCSI initiator
      The hardware initiator allows for some extra functionality and less of a performance penalty on the system processor than the software initiator. Because the handling of IP packets is not done on the system processor, but on the iSCSI hardware initiator. Also hardware initiators allow a boot from iSCSI SAN setup. Generally only the most demanding setups require a hardware initiator but in those environments a fibre channel SAN is another way to go.
  • Configure the iSCSI Software Initiator
    When you need a iSCSI software initiator you need to:
    • Create a VMkernel port for physical network adapters
      • Select a ESX host
      • Select the tab “Configuration”
      • Select “Networking”
      • Select “Add Networking”
      • Select “VMkernel”
      • Select “Create a virtual switch”
      • Select “Select the NICs
      • Go to “Port Group Properties” and enter a friendly name under Network label
      • Enter the IP settings
      • Finish
    • Enable the software iSCSI initiator
      • Select a ESX host
      • Select the tab “Configuration”
      • Select “Storage Adaptors”
      • Select the iSCSI Initiator
      • Select properties
      • Click “Enabled”
    • If you use multiple network adapters, activate multipathing on your host using the port binding technique. You can find all about multipathing here op page 33
    • If needed, enable Jumbo Frames
      Jumbo Frames must be enabled for each vSwitch through the vSphere CLI. Also, if you use an ESX host, you must create a VMkernel network interface enabled with Jumbo Frames. This can only be done from the Command Line.
      • To set the MTU size for the vSwitch 
        vicfg-vswitch -m <MTU> <vSwitch>
      • To check if the creation succeded successfully you can use the command: 
        vicfg-vswitch -l
      • To create a Jumbo frames enabled VMkernel interface: 
        esxcfg-vmknic -a -I <ip address> -n <netmask> -m <MTU> <port group name>
        • Make sure that you use the Jumbo frames enable vSwitch to create the VMkernel interface in. To check if the VMkernel interface is jumbo frames enabled: 
        esxcfg-vmknic -l
  • Configure Dynamic/Static Discovery
    • Dynamic Discovery
      With Dynamic Discovery, each time the initiator contacts a specified iSCSI server, it sends the Send Targets request to the server. The server responds by supplying a list of available targets to the initiator.
    • Static Discevery
      With iSCSI initiators, in addition to the dynamic discovery method, you can use static discovery and manually enter information for the targets.
    • To set-up the discovery:
      • Select a ESX host
      • Select the tab “Configuration”
      • Select “Storage Adaptors”
      • Select the iSCSI Initiator, properties
      • Click the tab “Dynamic Discovery”  or “Static Discovery”  and add a server or target.
  • Configure CHAP Authentication
    CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI target when the host and target establish a connection. The verification is based on a predefined private value, or CHAP secret, that the initiator and target share.

    ESX/ESXi supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP name and secret from the iSCSI initiator. For software iSCSI, ESX/ESXi also supports per-target CHAP authentication, which allows you to configure different credentials for each target to achieve greater level of security.

    Before setting up CHAP parameters for software iSCSI, determine whether to configure one-way or mutual CHAP. Hardware iSCSI does not support mutual CHAP.
    • In one-way CHAP, the target authenticates the initiator.
    • In mutual CHAP, both the target and initiator authenticate each other. Make sure to use different secrets
      for CHAP and mutual CHAP.
  • Configure VMkernel port binding for iSCSI Software multi-pathing
    When there are two or more NICs available for iSCSI you can configure multipathing for redundancy and performance purposes. To do so please read here on page 32 and 33.

    Important: when you would like to configure multipathing for iSCSI you must connect the iSCSI software initiator to  the VMkernel ports. This can be done only by hand via the ESXCLI.
  • Discover LUNs
    When you have added the iSCSI initiator and added an iSCSI target you can start discovering targets:
    • Select a ESX host
    • Select the tab “Configuration”
    • Select “Storage Adaptors”
    • Click “Rescan” in the upprt right corner of the screen.
  • Identify iSCSI addressing in the context of the host
    Not really sure if they mean IP addressing or iSCSI naming here. IN regards to IP addressing, make sure that the iSCSI initiator can reach the iSCSI target. For iSCSI naming iSCSI qualified names take the form 
    iqn.yyyy-mm.naming-authority:unique name
    • yyyy-mm is the year and month when the naming authority was established.
    • naming-authority is usually reverse syntax of the Internet domain name of the naming authority. For example, the iscsi.vmware.com naming authority could have the iSCSI qualified name form of iqn. 1998-01.com.vmware.iscsi. The name indicates that the vmware.com domain name was registered in January of 1998, and iscsi is a subdomain, maintained by vmware.com.
    • unique name is any name you want to use, for example, the name of your host. The naming authority must make sure that any names assigned following the colon are unique, such as: 
      iqn.1998-01.com.vmware.iscsi:name1
      iqn.1998-01.com.vmware.iscsi:name2
      iqn.1998-01.com.vmware.iscsi:name999

 

Tools

< Prev   Next >
 

VCP4 Studie Guide - Fast Find