What is iSCSI?
iSCSI (Internet Small Computer System Interface) is a protocol that allows SCSI commands to be transmitted over a network. SCSI commands are transferred via TCP/IP in a SAN (Storage Area Network) environment to allow servers to connect and access data storage facilities. The iSCSI protocol enables storage consolidation and sharing for flexible allocation. Moreover, it helps achieve storage virtualization and faster data backup and recovery.
Sample iSCSI architecture
The iSCSI protocol refers to host clients as initiators (ESXi hosts) and iSCSI servers (storage appliances) as targets. The iSCSI targets offer Logical Unit Number (LUN) as the shared block storage to its clients so they can initialize it and mount it as a local storage device. This following diagram illustrates how a simple iSCSI SAN deployment could leverage the existing investments in IP protocol and share the same Ethernet infrastructure as the rest of the computers on the network. And the iSCSI target and initiator are the two major roles of this iSCSI SAN implementation.
- iSCSI target: An iSCSI target is any device that receives iSCSI commands. The device can be an end node, such as a storage device, or it can be an intermediate device, such as a network bridge.
- iSCSI initiator: It is a system, such as a server that attaches to an IP network and initiates requests and receives responses from an iSCSI target.
Use iSCSI Datastore in a vSphere environment
Use a QNAP NAS as external iSCSI-based storage will be safe, efficient, and you will be able to use all other features that help you utilize storage resources. For example, the online storage pool expansion and thin provisioning of the ES NAS allow you to extend datastores online without downtime. To use iSCSI storage area networks (SANs), you create a LUN on the iSCSI target (i.e. the ES NAS) and then mount it as a datastore on a host. The following diagram illustrates the utilization of iSCSI storage in a vSphere environment.
A gigabit Ethernet adapter that transmits 1000 megabits per second (Mbps) is recommended for the connection to an iSCSI target.
Preparation for installation
We have learned that ESXi hosts are able to connect to the ES NAS via iSCSI. And you can set up datastores (repositories for virtual machines) on the ES NAS that the ESXi hosts discover in your vSphere environment. We will demonstrate this implementation.
In our demonstration, the following configuration is used:
Storage device: QNAP ES NAS series with QES 1.1.1 (NAS operating system) or later.
vSphere ESXi hosts: VMware ESXi 6.0
IP addressing: Static IP addresses are recommended for both ESXi hosts and the ES NAS.
|vSphere ESXi hosts Network Settings|
|ESXi host A||192.168.217.1||VMware ESXi host|
|Data Network 1||10.10.10.1||10G Data port 1 on ESXi host|
|Data Network 2||10.10.20.1||10G Data port 2 on ESXi host|
|Storage Network Settings|
|SCA Management IP||192.168.217.61||Management IP of Storage Controller A (SCA)|
|SCA Ethernet1 IP||10.10.10.61||Data port 1's IP address (SCA)|
|SCA Ethernet2 IP||10.10.20.61||Data port 2's IP address (SCA)|
|SCB Management IP||192.168.217.62||Management IP of Storage Controller B (SCB)|
|SCB Ethernet1 IP||10.10.10.62||Data port 1's IP address (SCB)|
|SCB Ethernet2 IP||10.10.20.62||Data port 2's IP address (SCB)|
|Storage Pool owned by Storage Controller A (SCA)||Pool1||A storage pool with RAID6 configuration owned by SCA|
Configure the ES NAS
Create a storage pool
Follow these steps to create a new storage pool:
- Go to "Storage Manager" > "STORAGE" > "Storage Space".
- Click "Create" > "New Storage Pool".
- Specify the pool name, choose the controller that the pool belongs to and select the enclosure unit, hard disk drive(s), RAID type, and then click "Next".
- Review the pool creation summary and click “Create”.
Please note that all data on the selected hard disk drive(s) will be erased. Click "OK" if you are certain about this.
A new storage pool will be created.
Add ESXi hosts to the trusted host list
1. Go to "Storage Manager" > "Hosts" to add a host.
2. To add a host, click "Create Host" and complete the alias name, description, IPv4 address, IPv6 address, network name, iSCSI IQN, and operating system fields for the host. Then click "Apply". For the IPv4, IPv6 address, network name, and iSCSI IQN fields, use "+" or "-" to add or remove an entry.
3. The added host will be shown on the trusted host list. You can edit or remove any host on the list.
Create an iSCSI target and LUN on the ES NAS
Follow the steps below to create an iSCSI target and LUN on the NAS.
1. Go to "Storage Manager" > "iSCSI Storage" > "Create" to launch the Quick Configuration Wizard.
2. Select "iSCSI Target with a mapped LUN".
3. Confirm that the wizard will help you create an iSCSI target with a mapped LUN. Then click "Next."
4. Enter the target name and alias. The "Data Digest" and "Header Digest" are optional fields (under "CRC/Checksum") and are the parameters for which the iSCSI initiator is verified using cyclic redundancy check. Click "Next."
5. Enter the CHAP authentication settings and click "Next". Check "Use CHAP authentication" and only the target authenticates the initiator, and users of the initiators are required to enter the username and password specified here to access the target. Check "Mutual CHAP" for two-way authentication between the iSCSI target and the initiator. The target authenticates the initiator using the first set of username and password. A separate secret is set in the "Mutual CHAP" setting for the initiator to authenticate the target. Observer the following limitation on username and password:
- Username limitation: The only valid characters are 0-9, a-z, A-Z and the maximum length is 256 characters.
- Password limitation: The only valid characters are 0-9, a-z, A-Z and must contain 12-16 characters.
Note: CHAP is a protocol that is used to authenticate the peer of a connection and is based upon the peers sharing a secret (a security key that is similar to a password). It can be used as the first level for iSCSI security. The ES NAS supports both one-way and mutual CHAP.
6. Select the interface the target uses for data transfer. Then click "Next".
7. Specify the access rights for existing hosts to access the target or add a new host (more on add a new host below). Note that at least one host on the list must have the "All Access" access right (you can click the field under "Access" to edit the access right for that host.) Click "Next".
8. Create an iSCSI LUN by completing the following:
- Specify the name of the LUN
Choose the LUN allocation method
- Thin Provisioning: Allocate the disk space in a flexible manner. The disk space can be allocated to the target anytime regardless of the current storage capacity available on the NAS. Over-allocation is allowed as the storage capacity of the NAS can be expanded using online RAID capacity expansion.
- Instant Allocation: Allocate the disk space to the LUN instantly. This option guarantees the disk space assigned to the LUN but may require more time to create the LUN.
- Choose the LUN location (storage pool on the NAS), the capacity, and the alert threshold.
- Choose the performance profile (generic, Hyper-V, VMware, database, or customized) from the drop-down list. Each option will set a different block size for the created LUN for optimized performance. If you are not sure about which one to choose, select “generic”. We should select” vmware” as it best fits our demonstration settings.
- SSD cache: Enable SSD cache on this share folder. An SSD cache can be used to accelerate the performance of the NAS. Please note that at least one SSD needs to be installed to enable this function.
- Deduplication: ZFS deduplication is the other data reduction method available on the ES NAS. This option allows the system to reduce the amount of storage needed by eliminating duplicate copies of data. However, it must be used with caution as it can become very computationally intensive in some workloads (e.g. streaming workloads). If enabling this option, it is recommended only to use this shared folder for workloads for which it works well and put other workloads on other shared folders that use compression instead.
- Compression: The ES NAS utilizes ZFS’s inline data reduction, offering compression and deduplication options. When this option is enabled, more CPU resources of the NAS will be used but the size of the shared folder can be reduced.
- Encryption: Enter the encryption password to encrypt the LUN. The password must be 8-16 characters long. Symbols (! @ # $ % ^ & * ( )_+ = ?) are supported. The iSCSI LUN can be encrypted using 256-bit AES encryption to provide data breach protection. Encrypted LUNs can only be mapped to an iSCSI target for normal read/write access with the authorized password. Select “Save the encryption key” for automatic unlocking and mapping the encrypted LUN when the NAS restarts.
9. Confirm the settings and click "Next".
10. Click "Finish" and the target and the mapped LUN will both show up in the list.
Add iSCSI targets on VMware ESXi hosts
After you have configured iSCSI LUNs in the ES NAS, you must set up your iSCSI adapters and storage for ESXi to access the SAN.
1. Log in to the vSphere Client, and select a host from the inventory panel. Click the "Configuration tab" and click "Storage Adapters" in the Hardware panel.
2. A new software iSCSI adapter will be added to the Storage Adapters list. After it has been added, select the software iSCSI adapter in the list and click "Properties".
3. Make sure that the adapter is enabled. If not, click "Configure" to enable it and click "OK".
4. After enabling the adapter, please set up target discovery addresses so that the iSCSI adapter can determine which storage resource on the network is available for access. Click the "Dynamic Discovery" tab and click "Add" to add the data ports' IP addresses of both controllers. Then click the "Static Discovery" tab and you should see the names and IP addresses of these targets appear in the list. If you remove a static target added by dynamic discovery, the target might be returned to the list the next time a rescan happens, the HBA is reset, or the host is rebooted.
5. Click "Close" to close the Properties window. The "Rescan" window appears.
6. You can now find the corresponding iSCSI device for the added iSCSI adapter.
Configure the path for iSCSI connection
Generally, you do not have to change the default multipathing settings your host uses for a specific storage device. However, for better performance, we will modify the path selection policy and specify the preferred path for the fixed policy.
1. Right-click on an iSCSI disk and select "Manage Path….".
2. Select "Fixed (VMware)" from "Path Selection" drop-down menu as the path selection policy. VMware supports these 3 path selection policies: Fixed Most Recently Used, and Round Robin. Then click "Change" to apply the changes.
3. Specify the preferred path by right-clicking the path you want to assign as the preferred path, and selecting "Preferred". Then click "OK" to save your settings and exit the dialog box.
Note: For better iSCSI performance, please select the path or Ethernet port which belongs to the Storage Controller that owns the iSCSI LUN. In our example, we will choose port(s) that belong to SCA on which Pool 1 was created.
Create a VMFS Datastore in the vSphere client
Before creating datastores, you must install and configure any adapters that your storage requires as described in the previous section. Remember to use the "Rescan" function for the adapters to discover newly added storage devices.
1. Log in to the vSphere Client and select the host from the Inventory panel. Click the "Configuration" tab and click "Storage" in the Hardware panel. Then click "Datastores" > "Add Storage".
2. Select the "Disk/LUN" storage type and click "Next".
3. Select the iSCSI device to use for your datastore and click "Next".
4. The "Current Disk Layout" page presents the information about this iSCSI disk and its space usage. Confirm the settings and click "Next".
5. On the "Properties" page, type a datastore name and click "Next".
6. Adjust the capacity values. By default, the entire space on the storage device is available. Then click "Next".
7. In the "Ready to Complete" page, review the datastore configuration information and click "Finish".
8. A datastore on the iSCSI-based storage device is created.