Dell™ PowerVault™ Network Attached Storage (NAS) Solution iSCSI Deployment Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved.
Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . Terms and Definitions . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . 8 iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . 8 iSNS . . . . . . . . . . . . . . . . . . . . . . . . . . 8 PowerVault Storage System Before Setting Up the PowerVault Storage Solution as an iSCSI Target . . . . . . . . . . . . . . . . . . . . . . Best Practices for Setting Up the iSCSI Storage Area Network . . . . . . . . .
3 Target Details Setting Up Target IP Addresses in the PowerVault™ NAS Storage Solution . . . . . . . . . . . . . . . . . ® Configuring Microsoft iSCSI Software Targets . 21 27 . . . . . . . . . . . . . . . . . . 27 . . . . . . . 32 . . . . . . . . . . . . . . . . . . . . 32 . . . . . . . . . . . . . . . . . . . . . 32 From Initiator Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol . . . . . . . . . . . . . 35 CHAP vs IPSec . . . . . . . . . . . . . . .
Advanced Configuration Details . . . . . . . . . . . . . . . . . . . . 45 . . . . . . . . . . . . 46 Enabling Multi-Path on the Initiator Using the Advanced Option Verifying the Properties of the Targets that are Connected . . . . . . . . . . . . . . . . . . . 46 . . . . . . . . 48 . . . . . . . . . . . . 49 Installing and Configuring iSNS Server . Configuring the iSNS Server Best Practices for Efficient Storage Management Storage Manager for SANs . . . 50 . . . . . . . . . . . . 50 . . .
Contents
Introduction This document provides information about configuring the Internet Small Computer System Interface (iSCSI) Software Target on the Dell™ PowerVault™ storage system as a block storage device. iSCSI is a useful and relatively inexpensive way to provide storage for new applications or to provide a network pool of storage for existing applications. Dell and its storage partners provide a variety of storage solutions that can be implemented easily.
Terms and Definitions The following sections describe the terms used in this document. PowerVault Storage System Throughout this document, the term PowerVault storage system refers to the individual storage unit. The term PowerVault storage solution refers to the configuration of the server separately or together with the storage arrays.
Before Setting Up the PowerVault Storage Solution as an iSCSI Target Before you set up your storage solution as an iSCSI Target, read this section completely. You must consider features such as Ethernet settings and security settings for iSCSI Targets. Best Practices for Setting Up the iSCSI Storage Area Network Table 1-1 provides information about configuring NICs (on Target) in different models of iSCSI networks. • You can configure redundant paths on Initiator (hosts).
• It is a good practice to have two ports dedicated for iSCSI. Configure each NIC (or ports if you have a multiport NIC) on a separate subnet. • Secured iSCSI is possible with Challenge-Handshake Authentication Protocol (CHAP). For more information about CHAP settings, see "Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol" on page 35. Table 1-2.
Figure 1-1. Redundant iSCSI Paths and NIC Teaming for Data Sharing With Four NICs public network host (Initiator) public network NIC Teaming dedicated iSCSI traffic switch optional iSNS server switch PowerVault storage system with NIC Teaming for File sharing optional iSNS server NOTE: For a detailed configuration of the iSCSI Target, see "Target Details" on page 21.
Figure 1-2. Redundant iSCSI Paths With Three NICs public network host (Initiator) public network iSCSI traffic switch switch PowerVault storage system optional iSNS server optional iSNS server NOTE: For a detailed configuration of the iSCSI Target, see "Target Details" on page 21.
Setup Steps for Initiator-Target Connection This section provides step-by-step instructions to set up an iSCSI Target and establish connection from an Initiator.
The following steps guide you through setting up an iSCSI Target and establishing connection from an Initiator. Configuring the Initiator (Host) Initiator setup Target setup Log on from Initiator Configure the Microsoft iSCSI Initiator with the IP address of the Target server's information. To configure the Initiator: 1 Go to the system that has Microsoft iSCSI Initiator installed. 2 Click Start→ Programs→ Microsoft iSCSI Initiator→ iSCSI Initiator Properties→ Discovery tab. 3 Select Add portal.
6 The Create iSCSI Target wizard displays the iSCSI Target Identification option. Enter a Name and Description (optional) for the iSCSI Target and click Next. The iSCSI Initiators Identifiers screen appears. 7 Click Browse and select the IQN for the host that connects to the Target. The host is listed only if step 1 in "Configuring the Initiator (Host)" on page 14 was completed successfully. NOTE: You must fill the IQN identifier field.
f Select Next. NOTE: IQNs work regardless of the DNS configuration. You can also specify the IP address or MAC address of the Initiator regardless of DNS configuration. The option of specifying a DNS domain name is built into the iSCSI Software Target snap-in. While using DNS names, you must configure DNS correctly (including forward and reverse lookup zones) and specify the fully qualified domain name (FQDN) of the Initiator.
Log on - Configuring the Initiator-Target Connection From Initiator (Host) Lo Initiator setup Target setup Log on from Initiator 1 From the iSCSI Initiator (host), click Start→ Programs→ Microsoft iSCSI Initiator→ iSCSI Initiator Properties→ Targets tab. 2 Refresh the screen. The PowerVault storage system Target device that you created in "Configuring iSCSI Connection With the PowerVault NAS Storage System" on page 14 is displayed in the IQN name format.
8 To initialize and configure the iSCSI device as local drive and perform iSCSI I/O operations, select Computer Management→ Disk Management option. CAUTION: If multiple hosts access the same Target, data corruption may occur. For more information, see "Enabling Multi-Path on the Initiator" on page 45. Method 2 (Discovery Using iSNS Server) This section describes the procedure for iSCSI Target discovery using the iSNS server. For more information about the iSNS server, see "Appendix" on page 39.
Setting Up the Target (PowerVault Storage System) Initiator setup Target setup Log on from Initiator 1 From the PowerVault storage system, go to Start→ Server Manager→ Storage→ Microsoft iSCSI Software Target. The PowerVault Server Manager Management Console appears. 2 Select Microsoft iSCSI Software Target which is located in the storage snap-in and right-click on Properties. 3 In the Properties window, select the iSNS tab and add the iSNS server information (DNS Name or IP address).
Setup Steps for Initiator-Target Connection
Target Details This section describes the end-to-end iSCSI setup, including settings for the iSCSI Initiator, Target, and establishing connections. Setting Up Target IP Addresses in the PowerVault™ NAS Storage Solution Based on your system configuration (with one or two dedicated iSCSI NICs) assign IP addresses to the iSCSI NICs. Use the IP address that you assigned to the iSCSI NIC(s) in the Target Portals tab of the Initiator for discovery.
2 Preparing LUNs for use—The PowerVault NAS storage solution runs on a Microsoft Windows® operating system based platform. The steps to prepare LUNs for use, such as assigning a drive letter for the internal server, providing a volume name, and so on are to Windows operating system setup. The setup wizard prompts for the required information and then provides a summary screen before performing the necessary tasks to provision the storage. The LUN is now created and ready for use.
4 Creating iSCSI Targets—To create an iSCSI Target: Figure 3-1. Creating iSCSI Targets a In the PowerVault NAS Management Console, right-click iSCSI Targets on the left pane to launch the Create iSCSI Target Wizard. The Welcome to the Create iSCSI Target Wizard screen is displayed. b Click Next. The iSCSI Target identification screen is displayed. c Enter the Target name and Description. You can use the Browse option to view and choose the servers/clients in the network.
• Go to Advanced Identifier→ Add→ Add/Edit Identifier→ Identifier Type and select either IQN, DNS Domain Name, IP address, or MAC Address to add the Initiator identifier. Figure A-5 uses the IP address to identify the iSCSI Initiator. You can use the Browse option to choose the value from the list of available Targets. NOTE: It is recommended that you use IQN as the Identifier. The PowerVault NAS Management Console now displays the newly-created iSCSI Target.
d Choose the size for the virtual disk and click Next. For this example, we choose a size of 100 GB from the available 501 GB on this volume. The Description screen appears. e The Description field is optional. However, enter a description for better management. f Click Next. The Access screen appears. g Click Add and enter the iSCSI Target information. You must associate the virtual disk with an iSCSI Target for the application host to use the virtual disk as an iSCSI storage volume. h Click Next.
• Create Snapshot—You can take a snapshot of the virtual disk contents at any given instance. • Disk Access—Mount Read/Write (Provision of Read/Write access of the virtual disk by mounting it as a volume in the PowerVault NAS storage system. Mounted virtual disk appears as a local disk). CAUTION: Before mounting the virtual disk, disconnect all iSCSI Targets using the same virtual disk. Failure to do so can cause data corruption.
d In the Assign Drive Letter or Path screen, assign the driver letter from drop-down menu. Click Next. e In the Format Partition screen, use the default options to format the partition. Enter a Volume label and click Next. NOTE: Select the Perform quick format check box for faster Format. f In the Completing the New Partition Wizard screen, click Finish. The new partition is successfully created. 4 Go to the Disk Management. The iSCSI disk is identified with the volume label you entered.
Snapshots that are created on the iSCSI Target server are crash consistent. iSCSI snapshots are created using VSS and a storage array with a hardware provider designed for use with VSS. To enable consistent snapshots in Microsoft iSCSI Software Target, you require the Microsoft iSCSI Software Target VSS Hardware Provider. The Microsoft iSCSI Software Target VSS Hardware Provider is available as an installation option in iSCSI Software Target.
3 After making necessary changes, click OK. CAUTION: Even if you do not change the default settings, go to Volume→ Properties→ Shadow Copies→ Settings and click OK. Perform this action to ensure proper snapshot recovery in the event of node failure. When the snapshot size exceeds the maximum size of the storage area, the oldest snapshot is deleted. NOTE: Each volume can have up to 512 snapshots for iSCSI virtual disks, irrespective of the number of virtual disks created in the volume.
7 The Frequency screen appears and lists the different options namely— Daily, Weekly, Monthly, and On-time only. Choose one option and click Next. 8 You must select the Start Time, Days, Months, Start Date, and other time parameters based on the Frequency selection in step 7. Edit these parameters to the preferred time. Click Next. NOTE: You can modify the snapshot schedule later. 9 The Completing the Schedule Snapshot Wizard screen is displayed. Click Finish.
• Delete snapshot—Select the snapshot that you want to delete, right-click the snapshot and click Delete. NOTE: You cannot delete the snapshots that are mounted. You must dismount the snapshot before deleting it. • Disk Access—You can mount the snapshot of an iSCSI virtual disk in read -only mode from the PowerVault NAS storage system and it appears as a local disk. CAUTION: While dismounting a snapshot/virtual disk, ensure that the disk is not in use. Failure to do so may cause data corruption.
Disconnecting/Cleaning Up iSCSI Devices This section describes the procedure for cleanup operations to be performed on iSCSI devices. You must perform the procedure for cleanup operations on both iSCSI Target and iSCSI Initiator. From Initiator Disconnect an active connection with the Target by stopping the iSCSI I/O operations that are running on that Target device by performing the following steps: 1 Click Start→ All Programs→ Microsoft iSCSI Initiator→ iSCSI Initiator Properties→ Targets tab.
3 To delete a virtual disk, choose the Devices option, right-click on the virtual disk from middle pane, and select Delete Virtual Disk. NOTE: Step 3 only deletes the association in the iSCSI Target software, but does not clear the disk space in the volume. You must manually browse to the volume and delete the .vhd file to clear the disk space. 4 To remove an iSNS server entry, right-click Microsoft iSCSI Software Target→ select Properties→ iSNS tab → Remove the DNS name or IP address entry.
Target Details
Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol Few security features for the iSCSI protocol are included in the iSCSI layer itself, apart from any security layers that may be present in the lower TCP/IP and Ethernet layers. You can enable and disable the iSCSI security features as required. The Microsoft® iSCSI Initiator uses the Challenge-Handshake Authentication Protocol (CHAP) to verify the identity of iSCSI host systems attempting to access iSCSI Targets.
CHAP vs IPSec CHAP authenticates the peer of a connection and is based upon the peers sharing a secret (a security key that is similar to a password). IP Security (IPSec) is a protocol that enforces authentication and data encryption at the IP packet layer and provides an additional level of security. One-Way CHAP Authentication In one-way CHAP authentication, only the iSCSI Target authenticates the Initiator.
iSCSI Initiator Settings 1 Go to the Discovery tab. 2 Log in to the Target on which you have enabled CHAP by clicking iSCSI Initiator Properties→ Targets tab→ Log On.... (Please refer "iSCSI Target Settings" on page 36). 3 In the Log On to Target window, select Advanced. 4 In the Advanced Settings window, select the check box for CHAP logon information. The User name fields displays the IQN of the Initiator automatically.
Target Settings Configure the Target settings of CHAP as described in "iSCSI Target Settings" on page 36 and perform the following steps: 1 In the Properties window, select the Authentication tab. 2 Select the check box for Enable reverse CHAP authentication. In the User name field, enter the IQN of the Initiator. 3 In the Reverse secret field enter the Secret value that you set in the Initiator. NOTE: Ensure that the reverse secret is not the same as the CHAP secret.
Appendix The previous chapters in this document describe the procedures for basic iSCSI session/connection information. This chapter briefly describes procedures for a few advanced configuration settings. Initiator Details This section describes the various features included in the iSCSI Initiator Properties window. General Tab The General tab displays the Initiator node name which is the Initiator's iSCSI Qualified Name (IQN).
Figure A-1. General Tab in iSCSI Initiator Properties Window The General tab includes three options namely—Change, Secret and Tunnel. • Change—Allows you to rename the Initiator node name that is displayed. • Secret—iSCSI security provided CHAP. For more information, see "Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol" on page 35. • Tunnel—You can use this option for advanced configuration using IPsec.
Figure A-2. Discovery Tab in iSCSI Initiator Properties Window iSNS Servers—You can also perform Target discovery using iSNS servers. Add the iSNS server IP address or DNS name. If the iSNS service is up and running on a server, all clients (Initiators and Targets) that are registered with the iSNS server are listed in the Registered Clients screen. To retrieve this information on the iSNS server, go to Microsoft iSNS properties→ Registered Clients.
Targets Tab The Targets tab provides the list of individual Targets available to the iSCSI Initiator. In the following example, three Targets are available to the iSCSI Initiator. Figure A-3. Targets Tab in iSCSI Initiator Properties Window NOTE: The above illustration is an example of discovery in the Targets tab. In practice, the Targets are discovered only after you configure the PowerVault NAS storage system as a Target. Log On—To gain access to the Target, the Initiator must log on to the Target.
If multiple-paths to the Target are available, then you must describe each path to the iSCSI Initiator. To describe multiple paths to the Initiator: 1 In the Log On to Target window, select Enable multi-path and click Advanced. The Advanced option provides a drop-down menu with all possible source (Initiator) IP addresses and a separate drop-down menu for all possible Target portal addresses. In this scenario, the Target solution manages the actual paths and IP addresses internally.
Persistent Targets Tab You can configure Persistent Targets so that the connection to the Target is automatically restored when the system reboots. If the Targets are configured to be persistent, they appear in this Persistent Targets tab. Figure A-5.
Figure A-6. Bound Volumes/Devices Tab in iSCSI Initiator Properties Window Advanced Configuration Details Enabling Multi-Path on the Initiator After you establish the iSCSI Initiator-Target connection, perform the following steps to enable multi-path operation: 1 On the Initiator, go to iSCSI Initiator Properties→ Targets tab→ Log On...→ Log On to Target window and select the check box for Enable multi-path option.
Using the Advanced Option You can use the Advanced option to perform the following functions: • Go to iSCSI Initiator Properties→ Targets tab→ LogOn...→ Log On to Target window→ Advanced option. The Advanced Settings screen appears and consists of two tabs namely—Advanced and IPSec. The General tab allows you to set CRC/Checksum, CHAP and choose source IP address and Target Portal—IP address of iSCSI Target. You can use the Multi-path option to configure load balancing and failover settings.
Devices Tab The Devices tab of Target Properties screen provides generic device details like the virtual disks that are associated with Target. Click Advanced to view information about MPIO and launch the Device Details screen. You can use the MPIO tab to modify the MPIO settings. On this tab, you can select the appropriate Load Balance Policy settings. You can configure Load balancing for each connection from the different Load Balance Policy options that are available.
Properties Tab The Properties tab of Target Properties screen provides information about Target Alias, Authentication, Associated Network portals and other details of the Target. Installing and Configuring iSNS Server The Microsoft iSNS server is a free download from the Microsoft website at www.microsoft.com and is available in two versions namely—x86 and IA64. You can use the iSNS Sever for Target discovery on an iSCSI network.
Configuring the iSNS Server iSNS server performs the automatic discovery of iSCSI Initiators and Targets; after you register them with iSNS server. • The Initiators that are registered with iSNS servers can view all Target devices that are registered with iSNS in the Targets tab and logon to the Targets. You do not have to configure Initiators with the IP address or DNS name of individual Target servers in Target Portals. iSNS server performs Target Discovery.
2 You can use the Discovery Domains feature to group certain Initiators with Targets with specific access: a Go to iSNS Server Properties→ Discovery Domains tab→ click Create→ enter a name for the Discovery domain→ select Add. b The Add registered Initiator or Target to Discovery Domain screen appears. Select the specific Initiators and Targets that you want to configure and click OK. 3 You can configure multiple Discovery Domains in the iSCSI network.
Securing data on an iSCSI SAN—To help secure data transfers between the server and the subsystem, configure security for the login sessions between Initiators and Targets. Using Storage Manager for SANs, you can configure one-way or mutual Challenge Handshake Authentication Protocol (CHAP) authentication between the Initiator and Targets, and you can also configure Internet Protocol security (IPsec) data encryption. NOTE: It is recommended that you use CHAP if the iSCSI traffic uses the public network.
The wizard was unable to import one or more virtual disks. Make sure that the files are not in use, and then run the wizard again. • 52 Initiator fails to discover a Target using the DNS domain name— When configuring Initiator access to an iSCSI Target, IQNs are the preferred method and work regardless of DNS configuration. The option of specifying a DNS domain name is built into the Microsoft iSCSI Software Target snap-in.
server running Microsoft iSCSI Software Target has IP addresses that are not used to communicate with the Initiator. The Initiator attempts to connect to each configured IP address and waits up to 100 seconds for a response. This issue can also be caused by automatic private IP address assignments (169.x.x.x). To prevent this issue, use static IP addresses where DHCP is unavailable. The following options provide a workaround for this issue: – Specify the source and target portal by IP address.
Appendix
Index B iSCSI snapshots, 27 best practices setting up the iSCSI storage area network, 9 iSNS, 8 K C CHAP, 35 mutual, 37 one-way, 36 configuring Initiator, 18 Initiator (host), 14 Initiator-Target connection from Initiator (host), 17 iSCSI connection with the PowerVault storage system, 14 iSCSI LUNs, 21 settings from initiator, 18 known issues, 51 P PowerVault storage system, 8 S setting up target, 18 W worksheet, 10 D disconnecting/cleaning iSCSI devices, 32 I iSCSI, 8 Index 55
Index