Theory and practice of iSCSI. Merezheve's convulsion on iSCSI, what is it? Navantazhennya for the safety of robots iscsi lies

After five years of working with Fiber Channel (SAN) data-saving measures, I am very careful about the emergence of iSCSI: why it is necessary to develop this protocol and, what is more important, how it works and how it is possible to use iSCSI to solve the real problems of customers . Well, after many intense months of searching with a wealth of fahives on this topic, I present in this article a number of powerful views on iSCSI.

What exactly is iSCSI?

Other protocols: FCIP - sends Fiber Channel blocks over IP, directly expanding Fiber Channel connections; There really is nothing to do with SCSI. On the other hand, iFCP ensures mapping of FCP (last SCSI over Fiber Channel) from IP. In other words, it introduces a routing protocol between Fiber Channel (fabric) layers, which allows connections via IP.

Otherwise, iSCSI is a SCSI over IP protocol that connects a server to a data storage device. Other protocols will ensure the connection of Fiber Channel - Fiber Channel with different levels of intelligence.

How do iSCSI devices know each other?

Currently, the IP world uses two mechanisms for detecting iSCSI devices. The first is SLP (service locator protocol) - a protocol of the TCP/IP family, which allows automatic configuration of various resources. This service detection protocol has already been in use in the world of IP for many hours. However, recently many vendors, including Microsoft, began to introduce a new protocol - Internet Simple Name Server. Just seemingly, the principles of a simple domain name server for Fiber Channel were adopted as a basis and then expanded to the level that allows you to cope with the size of an IP network, without sacrificing the peculiarities of the work and the analogy of SLP.

How can I use iSCSI as a vikorist?

1. A specialized iSCSI server that develops into a specialized iSCSI server.
2. A specialized iSCSI server that expands to a Fiber Channel-connected server through an iSCSI-to-Fiber Channel router.
3. Fiber Channel server that extends to the iSCSI network via a Fiber-Channel-to-iSCSI router.

So, what is the most reliable and/or practical for a victor? To confirm the nutritional value, you need to step back a little and remember that as much as possible, preserving the data is important because the products are used in different ways. Today, the use of iSCSI in servers is new, but simple, with the support of Microsoft for Windows Server 2000 and 2003.

For this reason, one of the ways to use iSCSI is to connect iSCSI servers to the original Fiber Channel backend through an iSCSI-to-Fiber Channel router, most commonly a Fiber Channel SAN. This means that the same ports of the same storage arrays can provide data storage services for both Fiber Channel and iSCSI servers. Therefore, it allows you to get more benefits from the use of SAN and Fiber Channel connections, but you can also get it right away - the market sells all the necessary products.

Following my suggestions, similar ideas will appear on the NAS market, and in fact they are already appearing. Shard NAS devices already connect disks to IP management, sharing services via the intermediate file system (NFS) and/or the proprietary Internet file access protocol (CIFS), then for NAS it is possible to simply transfer data on the same block through the same ports using iSCSI , Which again allows you to explore new data saving solutions in a new way.

There are also a number of other - simple and non-standard solutions that should be watched for the emergence of a specialized storage system, including iSCSI, that can be successfully implemented in a new location, where the storage storage has not yet been consolidated, And only products of the same solution appear.

Who is vikorystvuvatime iSCSI?

However, iSCSI can be marketed to everyone, but perhaps the greatest potential market is Intel servers, as well as high-power and ultra-thin servers (Intel or others). In addition, iSCSI inodes can be used for high-performance servers, in some remote offices for transferring to the central data center via SAN, and in other cases, where it is too early to use Fiber Channel, it will be decided that there is still a lot to be done Connections to servers and data storage devices .

NIC, TOE and HBA: In what types of episodes is it necessary to vikorize?

1. Standard interface card (NIC) with iSCSI driver
2. TOE (TCP Offload Engine) NIC with iSCSI driver
3. HBAs (Host Bus Adapters) are designed for iSCSI by traditional Fiber Channel adapter manufacturers.

The key point here lies in the fact that when replacing Fiber Channel adapters, iSCSI frame prices vary from low (cost-free) to high productivity (accelerators) and thus can be selected from a variety of up to could benefit from additional information. Towed the build-up of the navigan in vichend (fan-out abedsubscription) allowed Vikoristovati Bilsh Ekononichni Port Ethernet (Yak Shvidki, so I GE) The deputy of the specialized fc Romutators, the brushes of the brush more vitrati. With iSCSI TOE cards, costing 300 dollars or less, the connection cost to the host is significantly lower, lower than FC, for TOE productivity.

FC chips can run at 2Gbps, Fiber Channel is better for high-performance servers (2 GB Ethernet is not enough), although, frankly, there aren’t many servers that can handle such bandwidth, like Fiber Channel. Insanely, from the vantage point of the convergence, 2Gbps is more powerful, the docks did not provide 10 GB FC or 10 GB Ethernet/iSCSI ports. iSCSI opens the door to hundreds and thousands of servers, especially Intel systems, many of which can be less powerful, and many still bring benefits from increased cost savings.

Just an hour will show you what will happen, although in one way you can sing - it will be a very useful resource for edge-saving and for iSCSI.

If you have ever installed servers or a corporate computer network, you are constantly faced with the problem of a sudden increase in the capacity of the basic infrastructure. And although such solutions, in principle, appear, they seem to be of high cost and low flexibility.

19″ systems do not have enough space to accommodate additional hard drives. As a result, there is only one alternative: connecting to the server of several 19″ devices via a SCSI or Fiber Channel interface. However, all the same, the server data and data saving functions change.

And large server cases with additional storage compartments for hard drives are also not the ideal solution - again, the task is inevitable.

Wait, the ideal monster may be even worse. In such a way that it can be easily launched, used from a variety of settings, different operating systems and, of course, can be easily expanded. That productivity should not be missed out of respect. The connection for all this power supply can be called iSCSI - Internet SCSI. The solution “packages” the SCSI protocol into TCP/IP packets, resulting in a universal gateway interface for all back-end infrastructure. In addition, iSCSI makes it possible to consolidate data storage systems.

How does iSCSI work?

The diagram shows the operating principle of iSCSI. Security subsystems are responsible for vikoristing the core middle-of-the-road infrastructure, independent of servers. The consolidation of saving systems, as we have guessed, means that the system may be more accessible from any server, ensuring the minimization of costs for storage. In addition, additional capacity can be added to existing systems.

The advantages of this approach are many and obvious. Many corporations have already developed an effective network infrastructure, often relying on technology like Ethernet. There is no need to implement or test new technologies for iSCSI or other systems such as SAN (Storage Area Networks). Of course, here you can save money on expensive specialists from wastage.

In general, managing clients and iSCSI servers can be managed by a network administrator after a little practice. Even iSCSI runs on the existing infrastructure. In addition, iSCSI is characterized by high availability, iSCSI server fragments can be connected to up to several switches or edge segments. It turns out that the architecture is initially affected by the high scalability of Ethernet switching technologies.

In principle, an iSCSI server can be implemented in both software and hardware. However, due to the high demand for a software solution on the processor, it is better to still pursue the remaining option. The main purpose of the iSCSI server lies in the encapsulation of SCSI packets from TCP/IP packets, and everything can be wrapped in real time. It appears that the software server has a central processor, and the hardware solution has special TCP/IP and SCSI engines.

In support of the iSCSI client, the storage resources of the iSCSI server can be integrated into the client system in a device similar to the local hard drive. Here, it is a great advantage to level the basic hemlock folders (share) to ensure high security. iSCSI specifically emphasizes the correct authentication of iSCSI packets, and through a network they are transmitted in encrypted form.

Consequently, you are sacrificing a little less productivity than local SCSI systems - and at the same time make your own adjustments. However, daily connections with a throughput capacity of up to 1 Gbit/s (128 MB/s) will still provide sufficient speed, otherwise most of them will not be subject to corruption.

Each iSCSI node is assigned its own name (up to a maximum of 255 bytes) and an alias (short name), which does not include the IP address. Thus, access to the shelter will be secured after its transfer to another subdivision.

iSCSI is on the right

Of course, in addition to this, the main benefit for iSCSI deployment is the organization of an iSCSI server. We protested a number of solutions, both software and hardware.

We decided to use all iSCSI capabilities, ensuring access to a host of client computers. The client system may be equipped with an iSCSI adapter, which replaces the need for a central processor (even handy for workstations).

In principle, iSCSI can be used at 100-Mbit/s speeds, or even with local drives, and you get the same upgrade. Naturally, gigabit Ethernet is a significant solution - the throughput of the building is likely to become a “university center” with multiple RAID 5 arrays. At the same time, the same cannot be said about RAID 0 arrays, but similarities It is also rare to connect in between.

To access the client, an iSCSI initiator is required. The stink has been released from almost all operating systems. Search Google for a combination of the words “Microsoft”, “iSCSI” and “Initiator”, which is a common example.

Then the initiator program needs to configure the connection to the server. Connected server drives appear on your computer as hard drives, and they can be used as primary drives.

The iSCSI protocol provides packet encryption based on IPsec, although it is not obligatory. For example, in the middle of a corporation, it is always possible to encrypt packets. A similar option will be most useful for WAN.

Additional information

iSCSI is also a wonderful way of backing up data, and information can be easily copied to another hard drive. Get online, use the shadow copy function of Windows. iSCSI can be connected via a DSL connection, but the deciding factor is the line speed. However, everything depends on the nature of the stagnation.

The great advantage of iSCSI can be appreciated by those who no longer have classic redundancy surrounded by one place of expansion - and should not be underestimated. For example, devices such as cassette streamers can now be installed without barriers. This will be better if iSCSI can be updated in a minimum hour.

If the iSCSI solution is implemented in software, then the interface adapter will have to transfer the data. Fragments of the original edge adapters will not always be affected by various hardware acceleration technologies, and some of them can replace the central processor. SCSI is a block protocol, while Ethernet is a packet protocol. It is important to encapsulate and extract SCSI information from TCP/IP packets. A similar task is required to tie up the current processor.

To solve the problem, special TOE engines (TCP/IP Offload Engines) were separated to handle all complex iSCSI operations immediately after the edge adapter. As a result, the load on the system processor is reduced, and the computer system can continue to operate normally.

I’m sure it’s now become a little clearer that such edge connections on iSCSI are gone.

Internet Small Computer System Interface (iSCSI) is a data transfer protocol for exchanging data between servers and data storage systems (Storage Area Network, SAN). iSCSI is a combination of the SCSI protocol and the TCP/IP protocol stack and the purpose of transferring blocks of data over Ethernet layers. Essential SCSI commands are transmitted in the middle of IP packets, and the TCP protocol ensures the flow and reliability of data transmission.

With iSCSI virtualization, data between the server and the storage system is transferred in blocks, in an unbroken manner. This allows the SAN to be used virtually as if it were connected to the server directly, and not through a barrier. The host system can create logical partitions on the SAN, format them and convert them like primary local hard drives. This is the main responsibility of the SAN as Network Area Storage (NAS), which operates on file systems and file transfer protocols such as SMB or CIFS.

iSCSI technology has been developed as a cheaper alternative to Fiber Channel (FC). iSCSI-based systems support standard protocols and can be built on any back-end infrastructure that supports the IP protocol. For iSCSI, you can use primary edge devices (switches, routers, edge adapters, etc.), while FC requires special HBA adapters, optical cables, and other equipment.

The iSCSI architecture is client-server and includes the following components:

iSCSI Initiator- a client component that forces connections to the iSCSI Target located on the server side. The initiator can be implemented in software, as a driver, or in hardware, as a special iSCSI adapter.

iSCSI Target- a server component that listens to client requests and ensures the establishment of a connection between the client and the iSCSI server. In addition, the target is associated with iSCSI virtual disks, and after installation, all virtual disks associated with this target become accessible through the initiator. Both iSCSI Target can be either a specialized storage system or a simple Windows server with the iSCSI Target role installed.

iSCSI virtual disks - Vikorist for distribution of disk space on logical partitions (Logical Unit Number, LUN). For Windows Server 2012, iSCSI LUNs are native virtual disks in the VHD\VHDX format. Before speaking, Windows Server 2012 for iSCSI only supported the VHD format, which put 2TB of space on the maximum LUN size. Windows Server 2012 R2 supports the VHDX format, which allows you to create LUNs up to 64TB in size.

And now let’s clarify some points:

Each iSCSI server can have one or more iSCSI Targets;
iSCSI Target can connect up to one or many virtual disks;
The iSCSI Target can be serviced in the same way as the iSCSI Initiator;
However, each iSCSI Initiator can connect to one or more iSCSI Targets and, in turn, up to one or more virtual disks.

In addition, Windows Server 2012 supports loopback configuration, in which both Target and Initiator can be located on the same server.

In Microsoft operating systems, iSCSI support has been available for a long time. The first version of Microsoft iSCSI Initiator was installed as an integrated component in Windows 2000, Windows XP SP2 and Windows Server 2003 SP1, and starting with Windows Server 2008 and Vista iSCSI Initiator was included in the operating system.

As for iSCSI Target, you will initially be using a special version of the server OS Windows Data Storage Server 2003, which was designed to encourage storage systems to work only in the previously installed view. In 2011, the Microsoft iSCSI Software Target 3.3 component became available for installation on Windows Server 2008R2, and Windows Server 2012 became integrated into the system and installed as a server role.

With that, let’s finish the theoretical part and let’s get down to practice. For setup, the simplest option is to use two servers with Windows Server 2012 R2 installed: SRV2 for the iSCSI Target role and SRV3 for the iSCSI Initiator.

Starting the iSCSI Initiator service

Now let’s check the initiator service state on SRV3. To open Server Manager, select the iSCSI Initiator item in the Tools menu.

As you know, the service has not been started for the Promvchans. By clicking Yes in the dialog box, we start the iSCSI Initiator service and set it to automatic startup mode.

Then, in the power window, go to the “Configuration” tab and memorize the IQN values, which will help us when setting up the server.

IQN (iSCSI qualified name) is a unique identifier assigned to each iSCSI Target and Initiator. IQN is formed from the date (month and year) of registration of the domain, the official name of the domain, written in reverse order, and any good name, such as the server name. It goes something like this: iqn:1991-05.com.microsoft:srv3.contoso.com

You can start the iSCSI Initiator service and set its startup mode from the PowerShell console using the following commands:

Start-Service msiscsi
Set-Service msiscsi -StartupType automatic

Installing the iSCSI Target Server role

Now let's move on to SRV2 and start setting up the server part. First of all, what we need to do is install the iSCSI Target role on the server. Open Server Manager and follow the “Add roles and features” option

I select the “iSCSI Target Server” role, which is located in the File and Storage Services \ File and iSCSI Services section.

Or quickly use the PowerShell command:

Install-WindowsFeature -Name FS-iSCSITarget-Server

Preparing the disc

Now we are preparing a physical disk that will be used for storing virtual iSCSI disks. Especially for this purpose, a new hard drive with a size of 120GB is connected to the server. Currently the disk is inactive (Offline). To activate it in Server Manager, go to the File and Storage Services -> Disks section, click on the disk and transfer it to Online.

Now on which disk you need to create a new partition (or volume), select the New Volume item in the context menu.

Select the physical disk on which the volume is located

we can tell the size of this

And select the drive letter.

Then we select a file system for the disk, sector size and specify a label for it. Let me remind you that iSCSI virtual disks can only be created on NTFS volumes; the new ReFS (Resilient File System) file system is not supported.

We see the summary information, and if everything is correct, then we press Create, launching the creation of the volume.

You can do the same with PowerShell. Known required disk:

Get-Disk | where ($_.OperationalStatus -eq ″Offline″)

We translate it online:

Set-Disk -Number 1 -IsOffline $false

Initialized:

Initialize-Disk-Number 1

Created section:

New-Partition -DiskNumber 1 -UseMaximumSize -DriveLetter D

I format it in NTFS:

Format-Volume -DriveLetter D -FileSystem NTFS -NewFileSystemLabel iSCSI Storage

Creating iSCSI virtual disks

The next step in the program is the creation of virtual iSCSI disks. To do this, go to the iSCSI section and click on the instructions, launching the worm master.

We select those on which the virtual disk is saved.

Give the disk a name and description.

The size of the virtual disk and its type are indicated. You can choose from three options:

Fixed size - the disk that is being created immediately takes up the entire space. This is the most productive and least economical option;
Dynamically expanding - a disk of minimal size is initially created, which then dynamically changes according to the amount of data it records. The best option is to use up disk space;
Differencing (reznitsevy) - for this option it is necessary to specify the separation of the father's disk, with which the disk that will be created will be connected. The secondary disk can be either fixed or dynamic, in a storage type. This type of disk has its own advantages, but I don’t really care about using them for iSCSI.

Now you need to specify the iSCSI Target before which disk will be connected. The fragments on the server are not completely created, select “New iSCSI target”.

Give the target a name and description.

I specify servers that can deny access to a new one.

When choosing servers, you can speed up in two ways. If the initiator is on Windows Server 2012 or Windows 8, you can simply click “Browse” and select the required server from the list. For older systems, you will need to manually enter the server ID. As an identifier, you can enter the IQN of the initiator, the DNS name, the IP address of the server, or the MAC address of the adapter.

Let's go further. On the next page, you can configure authentication using the CHAP protocol between servers. CHAP (Challenge Handshake Authentication Protocol) is a protocol for verifying the authenticity of a connection partner based on the wrong password or secret. For iSCSI, you can perform both one-way and two-way (reverse) CHAP verification.

We check the correctness of the setup and start the creation of the disk.

Let's try to use PowerShell for help. Let’s create another 20GB virtual iSCSI disk with the command:

New-IscsiVirtualDisk -Path D:\iSCSIVirtualDisks\iSCSI2.vhdx

Please note that a dynamic disk is created behind the scenes; to create a VHD of a fixed size, you need to quickly use the key -UseFixed.

Now we create another iSCSI Target with the name iscsi-target-2 and as an access server, let's say IQN SRV3:

New-IscsiServerTarget -TargetName iscsi-target-2 -InitiatorIds ″IQN:iqn.1991-05.com.microsoft:srv3.contoso.com″

I check the result with the command:

Get-IscsiServerTarget | fl TargetName, LunMappings

Connection

We turn to SRV2, open the initiator authorities window, go to the Discovery tab and press the Discover Portal button.

Enter the name or IP address of the portal and press OK.

Behind the iSCSI connection, all available IP addresses are selected, and if you want iSCSI traffic to flow only through the previous edge interface, you need to go to the configuration extension and enter the required IP in the “Connect using” field.

Now go to the Targets tab, where all iSCSI Targets available for connecting will be displayed. Select the desired target and stamp “Connect”.

Don’t forget to check the “Add this connection to the list of Favorite Targets” checkbox, which will ensure automatic connection to the target whenever the machine is turned on or restarted.

The connection has been restored, and if you open the Disk Management snap-in, a new disk will appear there. Then this disk can be repaired in the same way as with a normal hard drive, connected locally - transferred to Online, initialized, created on a new partition and formatted.

You can also visit PowerShell for additional help. A list of available destinations is displayed:

Get-IscsiTarget | fl

I connect as required:

Connect-IscsiTarget -NodeAddress ″iqn.1995-05.com.microsoft:srv2-iscsi-target-2-target″ -IsPersistent $true

Key -IsPersistent $true will ensure automatic connection when disconnected or restarted.

Well, to connect, you can quickly use the Disconnect-IscsiTarge command, like this:

Disconnect-IscsiTarget -NodeAddress ″iqn.1995-05.com.microsoft:srv2-iscsi-target-2-target″ -Confirm:$false

Visnovok

Finally, the adjustment is complete. As I said, this is the simplest, basic option for adjusting the monster. iSCSI has a lot more possibilities. For example, you can use the iSCSI service (iSNS) for ease of use, rich input-output (MPIO) to ensure security, and for security, set up authentication using the CHAP protocol and encrypting traffic using IPSec. I plan to write about the actions of these features in upcoming articles.

And the last important points that need to be taken into account when organizing an iSCSI storage system:

iSCSI devices are required in Sweden, not lower than Gigabit Ethernet;
It is recommended to increase iSCSI traffic fencing and move it to the edge, for example, behind an additional VLAN or physical subdivision;
To ensure high availability at the middle level, it is necessary to use MPIO technology or multi-connection sessions (MCS). NIC teaming to connect to iSCSI storage devices is not supported;
With the Storage Spaces technology, you can save iSCSI virtual disks on Storage Spaces, but you cannot save iSCSI LUNs for the Storage Spaces folder;
To save iSCSI virtual disks, you cannot use CSV (Cluster Shared Volume) cluster volumes.

The toolkit for helping you save data is great by itself. These standards and technologies have gained great popularity. After Fiber Channel, another popular protocol is iSCSI.

Secret information about iSCSI

iSCSI – the first litera in the term Internet Small Computer System Interface. It is sometimes easy to decipher either Internet SCSI or IP SCSI, and, regardless of the fact that such interpretations do not completely escape from the cob, they completely taint the right to life, which is why they accurately describe the essence of iSCSI - the ZiSTE protocol ku TCP/IP for connecting external edge systems for saving data in block access mode.

As it was intended, the basis of the method is the translation of SCSI commands over an IP network. The process uses TCP/IP ports, between 860 and 3260. The iSCSI principle is a kind of transport to the escalator for moving SCSI instructions and data through external connections. The final implementation is a middle ground for emulating a local SCSI bus in the form of an external Ethernet layer.

In addition to many other protocols (FCIP, FCoE, etc.), which are essentially the same as Fiber Channel, the iSCSI protocol is an independent implementation and a new standard for operation over TCP/IP.

iSCSi target and iSCSi initiator

To organize any kind of data saving, three warehouses are needed: a data saving system, a client part and a data transmission middle. In the iSCSI section, to describe the first two storage devices, the terms “ target"ta" initiator"It's obvious.

Target, or target device, - Simple as it seems, the basis of the saving system can be software implementation in a pure form, software-hardware and surface hardware.

Initiator– a module, most often a program, sometimes a hardware solution with its own firmware, which allows you to create (initiate) a connection and provide the required functionality on the client side – transmission of SCSI commands and data via IP-interface i.

iSCSI target addressing

For successful trouble-free operation of the saving system, connecting to the boundary, a unique boundary address is required. For example, measures for saving data based on the protocol Fiber Channel Vikorist special WWWN addresses. iSCSI-based SANs also support the IQN addressing system ( iSCSI Qualified Name).

Each such address has a unique identifier, which serves for precise identification of saving devices. How can such uniqueness be achieved? Let's take a look at the IQN format.

Let's say we have an iSCSI target with the address: iqn.2017 - 02.com.example:storage:diskarrays-sn-a9786410.

What does this mean in more detail:
>iqn– a prefix that indicates that the address belongs to the IQN format.
> Next, you should enter a date in the form “yyyy-mm” (“Russian month”), most often indicating the date of creation of the target. > Reserved domain names, most often owned by the vendor.
> After the double box, you will see the unique ID of the iSCSI target.

This system is designed to make decisions that need to be made. After reading the IQN, you can easily find additional information about the hour of creation, type of ownership and/or vendor.

Note. For the analogy with Fiber Channel service iSNS (Internet Storage Name Service) allows keruvati, zocrema, and iSCSI routes. This gives the opportunity to become victorious iSNS the role of a single centralized entry point to the SAN robot.

iSCSI target implementation options

Program implementation

As an example of software implementation, you can create a software product StarWind iSCSI Target Software This will ensure the implementation of iSCSI target on primary servers running operating systems of the MS Windows family. Just install the program, do some minor adjustments, and the cob block is ready to connect to another server.

Hardware implementation

As a hardware implementation, specialized devices can be represented, for example, from the HP company – HP P2000 MSA, with special firmware, special interfaces with a special chip and Firmware, which take on most of the traffic processing functions.

Software and hardware implementation

This is a kind of compromise solution - for example, a secondary server based on the platform Intel x86_64, as well as special edge adapters (TOE) and an adapted operating system, for example NexentaStor, which allows you to organize iSCSI target, which is called “right out of the box.”

What is an iSCSI HBA?

In some cases, a persistent virus can be absorbed iSCSI HBA (Host Bus Adapter). In fact, we are talking about special hardware edge modules that allow you to dismantle the processor by transferring some of the functionality to the edge adapter.

There are two types of such devices:
> TCP Offload Engines, abbreviated TOE. These devices can be used where it is necessary to increase productivity and at the same time reduce the load on the heating system (processor). This device is designed to handle only TC/IP-enabled operations and not to use all other features to improve the productivity of iSCSI systems.

> Full offload iSCSI HBA is a comprehensive solution that includes the transfer of Windows functions from TCP/IP and iSCSI support to these devices. It is important to make the best choice to ensure productivity, but it’s worth it, wisely, more expensively, lower TOE.

However, what is best suited for any other specific situation is practical tests. Note. Most current 10 Gigabit Ethernet adapters include support for the iSCSI protocol. Therefore, when choosing a bridging adapter for iSCSI SAN, you should focus not only on the price of components, but also on additional functionality. The specific characteristics of the trace can be found on the manufacturer’s website.

Properties File Extent and Device Extent

In addition to traffic transmission systems, there are various approaches to saving data in the middle of the convergence.

The section of the storage system that represents the location of data accessed via the iSCSI protocol is called Extent.

File Extent or container file

This method is often found to be easy to implement. The essence of this lies in the use of a special file of large size, in which, like a container, the client’s data is located. The closest analogue is a virtual disk (for example, created by a virtualization system), which is available as a standard hard drive or portable device. Other analogues are an archive file, in which data is recorded “on the lot”, or a container file, which is created by a data encryption program when the device is stolen.

With this approach, the physical disk or disk array is initially formatted under a single file system, from which file system a large file container is created, in the middle of which there is its own internal file system, and the client data is already located on it (div. Fig. 1).

Obviously, when a new disk is created, a small part of the disk space is used to record service information. As a result, the final iSCSI volume based on File Extent will be less than the cost of a logical volume, in which hidden costs can be even greater.

This way results in greater implementation iSCSI target. This method of saving will last for the benefit of the people. The slightest change to the file system when writing to a large file - and all data will be lost. Such defects easily fail in the case of unauthorized, cold, re-engineered, incorrect operation of the RAID controller (particularly problematic for RAID controllers supplied with the motherboard). Do not use routine checks or programs CheckDisk in some other way. All hope is lost in creating a backup copy in a timely manner.

Despite low security and a lot of space, this method is, to put it mildly, not very productive. The all-in-one-file robotic method is a direct analogue of the archiver robotic program.

Invoices can also be redeemed while the archiver program is still running in active mode.

Device Extent

This method is a simpler and more economical solution. The name implies that to save vikoryst it is not just the file itself that is being saved, but the entire device. In this case, there is no need to create your own “matryoshka”: external file system – file container – internal file system. In fact, the data is written directly to a disk volume in RAW format. This allows you to significantly reduce the cost of spending and eliminate potential benefits, for example, through “cold re-engagement”.

Device Extent allows you to ensure greater productivity during the time of data transfer, and avoid problems due to the characteristics of the same operating system, the specific implementation of the iSCSI initiator, etc. Obviously, all these benefits will be available, including the corresponding driver for hardware implementation iSCSI target. In other cases, devices simply cannot be used.

Device Extent You can use systems on the BSD – FreeBSD and similar platforms: FreeNAS and NAS4Free.

Security protection when using iSCSI SAN

Supporters of the Fiber Channel protocol, when discussing power supply and security, connect, you will need to figure out Zoning - the mechanism that FC measures have. Similar mechanisms exist in iSCSI SAN.

Extending access through the iSCSI target

Almost all iSCSI target implementations have the ability to programmatically limit access from all addresses to a small group of servers that require SRS resources. This method can be compared with software zoning for Fiber Channel, if the attribute is used, the address of the port (device) is selected: IP addresses for iSCSI or WWWN for Fiber Channel.

Interim access through external means

Another possibility, as far as I know, is the use of external systems for intermediary access. Thus, in most cases, iSCSI networks will be based on Ethernet, viewing certain segments behind an additional VLAN - a good practice for strengthening iSCSI SAN, effectively protecting against unauthorized access. In principle, VLAN for iSCSI can be aligned according to Hardware Zoning for Fiber Channel. In one or the other, access interconnection occurs from the ports to which devices are connected.

Checking CHAP authenticity

Most often to check the legitimacy of the connection iSCSI initiator with iSCSI target the protocol becomes stagnant CHAP (Challenge Handshake Authentication Protocol). The basis of this method is to create a secret key (similar to a password) between the client and the server.

Most implementations iSCSI target The following CHAP implementations may be stuck:
Primary or single-direct CHAP authentication ( one-way CHAP authentication). In this case, the availability of the initiator is controlled by the iSCSI target. To connect all initiators, a new identifier, for example, a password, is required.
Bidirectional CHAP authentication (mutual CHAP authentication). This method transfers what i iSCSI target and iSCSI initiator control the consistency of one another. When a participant exchanges data, a unique descriptor (for example, login and password) is created. Verifying RADIUS authenticity

Note. This protocol implements to support authentication, authorization and withdrawal of information about virtual resources. Zastosovavsya, among other things, for systems of tariffication of services, such as those provided by koristuvache, and for billing.

The peculiarity of this solution is that, under the control of CHAP, the RADIUS reliability check is determined between the RADIUS server and the RADIUS client. If initiator requests access to resources iSCSI target, the client forces the client to connect to the RADIUS server. Responsibility for verification of authentication goes through RADIUS server. The exchange of data and service information between iSCSI initiator and iSCSI target.

It turns out that in order to implement this security scheme, you need one RADIUS server per network.

Authentication verification with vicoristan encryption

In addition to the most important methods - authentication and access control through the barrier - to ensure advanced security when working with iSCSI, you can use different types of encryption. Varto means that it is not at all obligatory to choose just one method of authenticity. For example, you can use both encryption and authentication using CHAP or RADIUS.

The most well-known method is the use of the IPsec protocol - a protocol that combines basic authentication and data encryption at the level of IP packets. When IPsec is enabled, all IP packets are subject to encryption and translation. Apparently, all participants in the measured exchange share the same key for verifying the authenticity of one and the same encrypting packets.

The ability to encrypt iSCSI resources like disk partitions has also proven to be very effective. Such a volume can only be connected through a special agent program with the obligatory password entry and connection of a private certificate.

iSCSI storage areas

In principle, the scope of storage devices based on iSCSI is the same as for Fiber Channel, as well as for any other types of data storage systems that allocate resources in block access mode.

Until recently, due to the low throughput of the Gigabit Ethernet network, the iSCSI network began to deteriorate. The situation has changed dramatically with the release of the 10 Gigabit Ethernet standard and the beginning of the mass release of wireless technology.

iSCSI is recommended for remote storage systems, backup systems, and the creation of Class C storage systems.

At the same time, the possibility of a moderate availability of 10 Gigabit Ethernet allows you to use iSCSI SAN both when running virtualization systems and to save databases, in a word, for all tasks, without adopting the Fiber Channel standard.

How fast does iSCSI operate?

Instead of replacing the internal SCSI bus, which ensures direct access to devices, iSCSI packet transmission is carried out using a potentially unreliable edge-to-edge connection. To ensure stable operation, control the exchange of data and SCSI commands in these minds, the iSCSI protocol is set to supernumerary. This arrogance is evident in the transmission of additional service information, which is used for monitoring block transmission, verifying the correct completion of input/output operations, and processing executions. Also, service information is required by the device identification system for additional types of names. Another concern that arises during the exchange of data is security. Obviously, all at once from the process of encapsulation - deincapsulation leads to additional overhead deposits (div. Fig. 2).

In order to demonstrate the prospects for the real development of this technology, as a butt, there is a small expansion.

Let's say we have a single connection via a Gigabit Ethernet network. (1 Gb/s). Converted to megabytes per second, we remove: 1024/8 = 128 Mb/s.

In order to eliminate the throughput of the building from the arrangement of all overhead costs, let us add to the rough neighbor, we can separate the value 2: 128/2 = 64 Mb/s.

The following values ​​can be equalized due to the speed of data transfer of older IDE PATA hard drives to the standard UDMA66 (66 Mb/s).

Note. Connecting two links, for example, using the LACP protocol does not result in 100% productivity gains. The specific program implementation of the transmission system plays a great role. It is really possible to experience the coefficient of increased channel width in the range 1,4-1,7 as a primary value.

How effective are iSCSI storage systems so cheap?

Soon the iSCSI standard was dropped as “Fibre Channel for the poor”. At that time, at the very beginning of the development, it was believed that all it would take was a handful of edge cards and a simple switch and you could save data as a measure. Over the years it became clear that this was not entirely true.

According to the first, The throughput of the Ethernet family has long been limited to maximum speed 1 Gb/s. At that time, Fiber Channel was already supporting boundaries SAN for 2 and 4 Gb/s

In a different way, Practically all the requirements for ensuring iSCSI operation lie on the end devices of the iSCSI target and iSCSI initiator. Therefore, running iSCSI will require additional system resources. This itself was prompted by the creation of devices for the destruction of obtrusive strains. TOE and Full iSCSI HBA.

On the third, Don't forget that iSCSI storage will require additional resources if needed. Merezhevy adapters, switches, patch panels - all cost pennies. For example, the varity of a 10 Gigabit Ethernet edge card can be equal to the varty FC HBA 8 or 16 Gb/s

From this it turns out that there are no universal solutions behind the principle “take this and it will be cheap and cheerful.” Skin option, whether it is a measure of saving data on the basis iSCSI or Fiber Channel, emphasizes careful development both from a technical and from a financial point of view.

On the other hand, the implementation of the iSCSI protocol at the initial stage is much simpler, rather than building a SAN based on Fiber Channel from scratch. Sufficient mother-to-face server with edge adapters, edge-to-edge software and software for installation iSCSI target and iSCSI initiator. In this case, there is no need to take expensive courses or buy expensive literature to acquire specific knowledge and knowledge.

How to speed up an iSCSI SAN robot?

• Vikorist the vision switch. When working iSCSI target“At the edge” switches, in addition to access to the storage system, are obliged to handle non-competitive transactions, for example, between office computers, which reduces the actual speed of the edge exchange. The same vision of the switch is a miraculous approach to security (div. below).
• Do not abuse your security. The more security mechanisms are used, the more the SRS is involved. Thus, daily iSCSI servers allow you to implement instant access security software, bidirectional authentication and IPsec encryption. To what extent is everything necessary in an emergency situation? With the most simple tasks, it is easy to vikorist the vision switch.
• Vikorista naishvidsha merezha. However, a memory trace: the most obvious measure will be marked, since other components with weak or outdated configurations, for example, an old processor or disk subsystem controller, are still alive.
• Find a small place and modernize the equipment SRS (iSCSI target). Don't forget about the ability to use edge adapters with iSCSI support features.
• Vikorist if possible Device Extent to reduce overhead costs per hour of work with the iSCSI target disk subsystem.
• Enjoy the wide open space. Identify the number of iSCSI volumes that are connected more frequently 75-80% It is our responsibility to avoid productivity degradation. Remember, be it a storage system, be it a hard drive or a SAN storage device, after moving the specified boundaries, it will work better.
• Don't create large disk volumes. Large disk partitions that are connected through a fringe in block access mode can result in decreased productivity due to problems with indexing, problems with information being placed on the disk partition. It is also understandable that in case of known measures it is possible that errors may appear on the file system of block resources that are connected. It is possible to check the majestic volume for the presence of pardons even more complex orders.

Using the latest standards and iSCSI technology, you can easily connect a data storage system as a block access device. However, with further development of the IT infrastructure, financial and technical resources are needed to ensure reliability and pleasant speed of data transfer.

The iSCSI protocol is partitioned to work as a means of saving data and as a way to access block devices via the SCSI protocol over TCP/IP. This makes it possible to organize inexpensive data storage networks (SAN) in addition to basic Ethernet networks. This capability is widely explored in the future of high availability systems and is seen within the iSCSI-based solution cycle itself. Today we will look at the creation of such a monster on the Windows Server 2008 R2 platform.

Thank you for all the words about the important features of iSCSI over other edge-based data storage systems. Data saving measures - SAN(Storage Area Network) transfer data to the network in a "raw" form of the SCSI protocol, as well as they were transmitted between the system and the local disk at a low level. iSCSI devices are treated by the system in the same way as local disks - they need to be partitioned and formatted before being used.

The water hour is special for everyone merezhevy tissue - NAS (Network Area Storage) provide access to file system levels using additional file transfer protocols, such as SMB or NFS.

To put it simply: NAS are the most important folders, SAN are drives that are connected along the edge. From whose friend the importance of humility is important. The folder folder can serve a wide range of clients. A SAN device can connect to a single client, just like a basic HDD can only connect to one PC. Blame - clusters, if up to one SAN device can be accessed at the same time, in which case there is an additional level of abstraction - cluster file system, for example Microsoft Cluster Shared Volumes (CSV) or else VMware VMFS.

Before you begin to practically master this technology, you should become familiar with the accepted terminology:

• iSCSI Initiator- the client part, which directly writes iSCSI tags, either in software, in the form of a driver, or in hardware, in the form of an iSCSI adapter;
• iSCSI purpose (iSCSI Target) - the server part, accepts connections from the initiator and gives it access to the associated block devices - virtual disks, LUNs. It can be implemented both in software and as a hardware storage system.

One iSCSI meta can be connected to several block devices, which will be available to the initiator who connects to the meta. One initiator can connect to many purposes and control all devices associated with them. One device can also accept connections from multiple initiators, but each device may only be accessible to one of the initiators.

One more point, now related to the practical implementation of iSCSI devices. For a SAN at the edge, it is necessary to see the edge of the network as isolated from the business network.

This is necessary to ensure sufficient data throughput while preserving data and avoiding overloading the primary data with iSCSI traffic. It also makes no sense to organize iSCSI in areas with a throughput capacity of less than 1 Gbit/sec.

Until Windows Server 2008 R2, the iSCSI tag role is not included and for this purpose it is necessary to enable the Microsoft iSCSI Software Target. We unpack and install the package iscsitarget_public.msi from x64 folders. Installation is extremely simple and we do not bother with it.

After installation, let's go to the iSCSI console: Start - Administration - iSCSI Program Target. Let's create something new in front of us purpose (target). To do this, click with the right button on iSCSI Goals - Create iSCSI meta.

The master appears, who has the name and description. Let us understand the names for the purpose and do not hesitate to create descriptions, so that later you do not have to guess why you have created this or that other meta.

Next, we will need to specify the IDs of the iSCSI initiators that will be allowed access to the site. IQN identifier is a special name for the format iqn. .: , which is unique to the skin iSCSI device while saving data. De:

• year-mo- registration of a domain name;
• reversed_domain_name-Domain name, written down;
• unique_name- I will add a unique name, for example, the target here is the name you entered, and the initiator is the host name.

For example, Microsoft IQN software solutions use the following format: iqn.1991-05.com.microsoft:unique_name.

To recognize IQN, let's switch to the iSCSI initiator, our version has a server running Windows Server 2012, and the algorithm will be the same for any other versions of Windows. Let's go to Caravan Panel - iSCSI Initiator, the proposition of setting the automatic start is firmly confirmed:

Then in the window we go to the bookmark Configuration, where the searched identifier is located:

You can copy it and paste it with customized notes, or another way. For whom go to the bookmark Kintsevo objects, in the field Object enter the server name from the installed iSCSI software method and press Shvidke connection.

It’s clear that we won’t be able to connect to anything yet, otherwise we have something else to do. Let's go back to the tag server and stamp the button on the page with the initiator's ID Look around.

Now we are becoming sensible, we finally tried to connect. The iSCSI target server saves a list of the remaining initiators that connected before it and allows them to be selected.

Once the creation is completed, we can create and attach one or more disks to it. For this reason, let’s move on to point Extensions and in the menu of the right mouse button select Create a virtual disk.

The next master will appear, in which it is necessary to expand and expand the name of the virtual disk, to raise awareness that it is necessary to indicate outside the name of the file, along with the extensions .vhd.

Then, perhaps, the size of the MB is as large as possible

І iSCSI target (target) before any connection of this virtual disk.

At this point, the adjustment of the disk will also be completed. As a result of these clumsy steps, we removed the configured iSCSI metadata with the virtual disk linked to it. Now let's go back to the initiator. You can quickly connect to fast connections and automatically connect disks with the specified name. Let us remember that our goal is not only to connect the disks, but also to separate the data storage and local storage systems.

So let's go to the bookmark Viyavlennya and we are under pressure Viyaviti portal, then enter the server name using the iSCSI tag.

After which we turn to the bookmark Kintsevo objects, selecting the revealed meta, as he is in the camp Not active, and we are pressing Powerful.

At the window that opened, in the field IP addresses of the terminal portal Select the address for your data storage:

We turn back and press Connect. The attached devices can be found in the equipment Disk management.

The further algorithm for working with them does not differ in any way from working with the original disk: connect, map, format.

In this material we looked at the simplest option for adjusting the congestion. In the approaching materials, we turn to the right ones to adjust, without sticking to the hidden ones of the creased tendon.