Over iSCSI

Over iSCSI (in behandeling)
Met de opkomst van 10Gb Ethernet ziet men steeds vaker IP SAN oplossingen op basis van iSCSI en FCoE. Om het overzichtelijk te houden heb ik besloten vanuit de betreffende secties naar dit stuk te verwijzen en hier alles te verzamelen wat iSCSI betreft. FCoE wordt later behandeld. In de betreffende 4 secties worden de volgende stappen behandeld:

  1. Current iSCSI implementation details
  2. Plan iSCSI configuration
  3. iSCSI Connectivity Tasks
  4. Test LUN availability during failover scenarios (multipathing)

1. Hoe iSCSI geïmplementeerd is en welke details hier bij horen kan men zich de volgende vragen stellen:

  • wat is de gebruikte topologie,
  • wat wordt er als connectie naar het netwerk gebruikt,
  • wat is de configuratie van de iSCSI initiator en multipathing  configuratie,
  • wordt CHAP gebruikt,
  • wordt iSNS gebruikt

Gebruikte en Supported iSCSI Topologies:

  • Direct attached (not supported in HA pares)
  • Network-attached
  • Single or Multiple network (VLANs)

NetApp recommended Ethernet topology for iSCSI: LAN with VLANs implemented.

Zie ook: Fibre Channel and iSCSI Configuration Guide

Op welke manieren maakt een iSCSI host connectie naar een netwerk:

  • NICs,
  • TCP offload engine (TOE) cards with software initiators,
  • converged network adapters (CNAs),
  • or dedicated iSCSI host bus adapters (HBAs).

Wat is de configuratie van de iSCSI initiator en multipathing configuratie:

You must ensure that the iSCSI service is licensed and running on your system.

De iSCSI initiator die een sessie of sessies hebben opgebouwd naar NetApp Storage is inzichtelijk te maken door de volgende commando’s:

iscsi session show -v : cDOT CLI command to see if iSCSI digests are enabled.

show iscsi service is running:

  • iscsi status

Identify the target iqn in OTAP 8.1 cDOT and later:

  • vserver iscsi show

Voorbeeld van een iSCSI initiator node name: iqn.1991-05.com.microsoft:server3
iscsi security show : cDOT CLI command to display current CHAP settings.

An iSCSI session is established when the host initiator logs into the iSCSI target. Within a session you can have one or more connections.
?? hoe het zit met sessies en multiple connections per session (MCS)

Plan: NetApp supports the following for iSCSI with Microsoft Windows solutions (3):

  • VLANs,
  • Jumbo Frames,

In het examen NSO 502 7-mode wordt MCS (Multiple Connections per session) voor Windows ondersteund maar dit is niet meer het geval in cDOT.

Zie hiervoor het volgende document: Windows Multipathing Options with Data ONTAP: Fibre Channel and iSCSI

In dit document wordt uitgelegd in welke situaties er ondersteuning is voor het volgende:

MCS is not supported with clustered Data ONTAP. While iSCSI with MCS is supported in certain 7-Mode environments, it is not supported in clustered Data ONTAP.

In cDOT wordt aangegeven dat onder Windows 2012 host link aggregation wordt ondersteund, wat weer neerkomt op NIC teaming.

Port Aggregation in iSCSI environments: Also known as:

  • Trunking
  • EtherChannel
  • NIC Teaming

Voor ondersteuning voor ALUA zie hiervoor de volgende informatie:  ALUA support and requirements

ALUA zou ook een optie kunnen zijn als antwoord.

NetApp C-dot support for iSCSI with MS Windows 2012:

  • Jumbo frames
  • VLANs
  • NIC teaming

NetApp support for iSCSI with Microsoft Windows:

  • Jumbo frames
  • VLANs
  • ALUA

Informatie over iSCSI authentification en iSNS:

How iSCSI authentication works
During the initial stage of an iSCSI session, the initiator sends a login request to the storage system to begin an iSCSI session. The storage system will then either permit or deny the login request, or determine that a login is not required.

iSNS server registration
If you decide to use an iSNS service, you must ensure that your Vservers are properly registered with an Internet Storage Name Service server.

2 Plan iSCSI configuration (plan)

Microsoft iSCSI Initiator best practices. The following best practices are recommended for your Microsoft iSCSI Initiator configuration:

  • Deploy on a fast network (a GigE or faster network).
  • Ensure physical security.
  • Use strong passwords for all accounts.
  • Use CHAP authentication because it ensures that each host has its own password.
  • Mutual CHAP authentication is also recommended.
  • Use iSNS to discover and manage access to iSCSI targets.

The two functions of iSCSI access list:

  • Control the network interfaces on the storage system that an initiator can access
  • limit the number of network interfaces advertised by the storage system

Gebruik de volgende documentatie: iSCSI Configuration and Provisioning for Windows Express Guide

By default, the iSCSI service is enabled on all iSCSI logical interfaces.
A direct connect topology allows for guaranteed maximum network performance for iSCSI in 7-mode niet in cDOT.

Over Connectivity en VLANs purposes:

  • To isolate iSCSI traffic from LAN/WAN traffic
  • To isolate management traffic from other IP traffic

What are two functions of iSCSI access lists:

  • control the network interfaces on the storage system that an initiator can access
  • limit the number of network interfaces advertised by the storage system

3 iSCSI Connectivity Tasks (Configureer)

NOT a prerequisite for serving data using iSCSI in cluster mode:

  • The vserver must have logical (LIFs) configured to serve data via the iSCSI protocol
  • The cluster must have an iSCSI license

HOW TO configure multipathing, configure iSCSI tasks

Perform ALUA controller configuration.
ALUA (Asymmetric Logical Unit Access) is a set of SCSI commands for discovering and managing multiple paths to LUNs of Fibre Channel and iSCSI SANs. It allows the initiator to query the target about path attributes, such as primary path and secondary path. ALUA no longer requires proprietary SCSI commands.

The Data ONTAP DSM (device-specific module ) for Windows MPIO enables you to have multiple Fibre Channel (FC) and iSCSI paths between a Windows host computer and a NetApp storage system.

Perform ALUA configuration tasks.
A LUN can be mapped to an ALUA-enabled igroup and a non-ALUA-enabled igroup.

Configure host multipathing both FC and iSCSI.
The Data ONTAP DSM for Windows can handle FCP and iSCSI paths to the same LUN.

iSCSI Naming Service (iSNS) : Helps with ease-of-management and controlled discovery in larger environments.

CHAP : Allows one-way and mutual CHAP to authenticate Microsoft iSCSI Initiator and the target.

IPsec : Helps ensure privacy by encrypting the data.

Microsoft Multipath I/O (MPIO)   Helps ensure high availability of data by utilizing multiple paths between the CPU on which the application is executing and the iSCSI target where the data is physically stored

For information about how to install Microsoft iSCSI Initiator on Windows Server 2003 or Windows XP, see Microsoft iSCSI Initiator Version 2.08 on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=44352).

Security
Microsoft iSCSI Initiator supports using and configuring Challenge Handshake Authentication Protocol (CHAP) and Internet Protocol security (IPsec). All supported iSCSI HBAs also support CHAP; however, some may not support IPsec.

For more information about CHAP, see the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=159074.

IPsec
IPsec is a protocol that provides authentication and data encryption at the IP packet layer.

For more information about IPsec, see the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=159075.

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *