مفاهیم پایه ای iSCSI
Terminology: iSCSI (for “Internet SCSI”) is a protocol that allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers. It is a popular Storage Area Network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the illusion of locally-attached disks. Unlike Fibre Channel, which requires special-purpose cabling, iSCSI can be run over long distances using existing network infrastructure.
IQN is the iSCSI Qualified Name and has the format iqn.yyyy-mm.<reversed domain name>.<scsi alias and or hash>
The default TCP ports for iSCSI are 860 and 3260.
Source and more information on wikipedia:http://en.wikipedia.org/wiki/ISCSI
Implementation
Implementation target software on netware
The implementation of the target software in netware is covered in three steps:
-
Create an iSCSI partition
-
Run the target software
-
Configure access control to the target === Create an iSCSI partition Using NSSMU
-
Start the NSSMU utility by entering nssmu at the target server console.
-
Select Partitions from the Main menu.
-
Press Insert and select the device where you want to create the partition.
-
Select iSCSI as the partition type.
-
Specify the partition size, then select Create to create the partition. === Run the target software During the installation of the server, if you selected to install the “iSCSI SAN Storage Server” or the “iSCSI Target” component the target software is installed and configured to run during startup of the system. That’s done by adding the ton.ncf to the autoexec.ncf file and by running the ton.ncf and tinit.ncf files. Note that you can unload and load the iSCSI software by running ton and toff at the console prompt. === Configure access control to the target If your iSCSI target is in the same eDirectory tree as the iSCSI initiators that will access it, make each initiator server that you want to access the target a trustee of the Target object. You don’t need to assign specific access rights, you just need to make each Initiator object a trustee of the Target object.When iSCSI target software is first started on a server, an iSCSI target object for each iSCSI partition is automatically created in the same eDirectory context as the target server. == Implementation initiator software on netware The implementation of the initiation software in netware is covered in three steps:
-
Install the software
-
Connect to the target server
-
Automate the connect === Install the software The iSCSI software is already shipped with Netware 6.5, starting with SP3. If you want the latest software please follow these directions: Download the software from the Novell website to your workstation. Extract it, and copy all the extracted .zip and .ncf files to the root of the SYS volume. Issue the next command on the command line:
-
ISCSINST This will copy all the files to the appropriate directories. === Connect to the target server To load the initiator software issue the next command at the command line:
-
ion Note that for unloading the initiator software you can use the ioff command.
To discover and test the connection to the target server issue the next command:
-
iscsinit discover <ip-address> Note that the ip-address mentioned is the ip-address of the target server.
To connect to the target server issue the next command at the command line:
-
iscsinit connect <ip-address> <target_name> Again, the ip-address is the one from the target server. The target_name is the name discovered using the previous command.
Automate the connect
If you want netware to load and connect to the iSCSI target automatically after a reboot you’ll have to edit the autoexec.ncf. Add the folllowing lines:
# # iSCSI load and connect # ion iscsinit connect <ip-address> <target_name>
You’re now ready to format your iSCSI disks! Note: If you intend to install cluster services, do so after configuring the iSCSI initiator software but before formatting the iSCSI disks.
Implementation initiator software on AIX
The implementation of the initiation software in AIX is covered in two steps:
-
Install the software
-
Connect to the target server === Install the software You need to install the software using the software supplied by the iSCSI target supplier. In this case it’s Netapp:
-
tar -xf netapp_aix_SAN_kit_1.1.tar
-
cd netapp_aix_SAN_kit_1.1
-
./install Running the install script choose to install the kit and the iSCSI software. You don’t need the FibreChannel software, so don’t install it. Reboot the server after the installation. === Connect to the target server To connect to the target server you have to complete these steps:
-
Configure the network card connected to the SAN
-
Define the target server
-
Create iSCSI nodename
-
Discover the LUNS ==== Configure the network card connected to the SAN In case you have a dedicated network you’ll need to configure a dedicated NIC on the server to connect to the SAN. Using smitty go to “Communications Applications and Services”, select “TCPIP” and select “Minimum Configuration & Startup”. In this menu you’ll be able to configure your network card. You’ll at least need the ip-address and the subnetmask. If the target server is in another subnet or VLAN you’ll also need to know the gateway. ==== Define the target server Using vi add the following line to /etc/iscsi/targets:
<ip-address> 3260 <iqn.1992-08.com.netapp:sn.12345678>
That is, the ip-address of the target server, the iSCSI port (3260 is the default) and the iSCSI nodename of the target server, in this case a netapp. ==== Create the iSCSI nodename Than create the iSCSI nodename on the server using the next command:
-
chdev -l iscsi0 -a initiator_name=iqn.1996-04.com.ibm:<ininame> Note that <ininame> is the initiator name as defined on the target server. You can verify the previous command by issuing this command:
-
lsattr -El iscsi0 ==== Discover the LUNS You can discover the LUNS created at the target by issuing this command:
-
cfgmgr -l iscsi0 And you can verify this by issuing this command:
-
sanlun lun show all You should now see the LUNS displayed. You can now add the discovered disks into an appropriate volume group.
Implementation initiator software on SLES / Linux
Install and configure the software
On SLES or other suse core versions iSCSI is installed through yast. Start yast and go to Network Services → iSCSI initiator:
After you’ve selected this you might get a warning to install the software first. If so, follow the prompts to install. In case you have the proper installation servers selected this will give no problems. After the installation you’ll see this screen:
The iSCSI initiator name is the name you need to configure on the target to be allowed to contact the iSCSI target. You also might want to change the Service Start from ‘Manual’ (default) to ‘When booting’. After you’ve setup the iSCSI target to allow the iSCSI initiator to connect you can discover the device and connect to it. To do so, go to Discovered Targets and select Discovery. Fill in the ip-address of the target, and click next. If everything is going well, you’ll receive the targets your initiator can connect to. Select the target you want to connect to and select ‘Log In’. Fill in, if desired, the authentication credentials and select Next. If everything went fine you now have a connected target:
Note that the Start-UP default is manual. Select ‘Toggle Start-Up’ to change this. To use the storage simply go to Partitioner and partition your newly added storage:
iSCSI and VMware
iSCSI Types
Below are the types of iSCSI supported by VMware
Software iSCSI Initiator
Software iSCSI initiator is VMware code built into the VMkernel. It used standard network adapters.
Booting is supported for ESXi
Dependent Hardware iSCSI Initiator
A dependent hardware iSCSI initiator (or adapter) depends on VMware networking and on iSCSI configuration and management interfaced provided by VMware. This type of adapter presents a standard network adapter and iSCSI off-load functionality for the same port. To make this adapter functional , you must set up networking for the iSCSI traffic and bind the adapter and an appropriate VMkernel iSCSI port.
Booting is supported for ESXi
This type is supported since vSphere 4.1
Independent Hardware iSCSI Initiatior
An independent hardware iSCSI adapter handles all iSCSI and network processing and management.
Booting is supported for ESX
iSCSI Discovery Methods
Static Discovery
The initiator does not need to perform a discovery. The initiator knowns in advance all the targets and uses IP addresses and domain names to communicate with them.
Dynamic Discovery (SendTargets)
Each time the initiator contacts a specified iSCSI server it sends a SendTargets request to the server. The server responds with a list of available targets to the initiator. The names and IP addresses of these targets appear as static targets in the vSphere Client. Removed targets may return on rescans, HBA reset or host reboot.
iSCSI Security (CHAP)
CHAP uses a three-way handshake to verify the identity of hosts and or targets. The verification is based on a predefined private value, called a CHAP secret. CHAP is supported on the adapter level. On this level, all targets use the same CHAP secret. For software iSCSI, also per-target CHAP secrets are supported.
CHAP Authentication Method: Unidirectional (one-way CHAP)
The target authenticated the initiator, but the initiator does not authenticate the target. A CHAP secret must be specified for initiator to access the target.
CHAP Authentication Method: Bidirectional (mutual CHAP)
Provides an additional level of security which enabled the initiator to authenticate the target. Different secrets must be used for target and initiator secrets.
This is available for software iSCSI only.
CHAP Options
Do not use CHAP
The host does not use CHAP and disable authentication if it is currently enabled.
Do not use CHAP unless required by target
The host prefers a non-CHAP connection but allows for authentication when the target requires it.
This is available for software iSCSI only.
Use CHAP unless prohibited by target
The host prefers CHAP connections but can use nono-CHAP connections when the target requires it.
Use CHAP
This option requires successful CHAP authentication. This option is required for mutual CHAP.
This is available for software iSCSI only.
Disabling CHAP
If you disable CHAP on a system that requires CHAP authentication, existing iSCSI sessions remain active until you reboot your ESX/ESXi host or the storage system forces a logout. After the session ends, you can no longer connect to targets that require CHAP.
iSCSI Possibilities Overview
Software iSCSI | Dependent Hardware iSCSI | Independent Hardware iSCSI | |
---|---|---|---|
Boot | ESXi | ESXi | ESX |
Static Targets | Yes | Yes | Yes |
SendTargets | Yes | Yes | Yes |
Unidirectional | Yes | Yes | Yes |
Bidirectional | Yes | No | No |
Do not use CHAP | Yes | Yes | Yes |
Do not use CHAP unless required by target | Yes | No | No |
Use CHAP unless prohibited by target | Yes | Yes | Yes |
Use CHAP | Yes | No | No |