Data access using iSCSI

iSCSI is Internet SCSI (Small Computer System Interface), an Internet Protocol (IP)-based storage networking standard for linking data storage connections. By offering SCSI commands over IP networks, iSCSI is used to transmit data over intranets. For further details, see http://en.wikipedia.org/wiki/ISCSI.

iSCSI concepts

Authentication Group: A grouping of multiple iSCSI users.

Use this option if you use CHAP or mutual CHAP. You can configure Authentication group at both VSM and Storage Volume levels.

CHAP: An authentication method which uses a user/secret or IQNs for outgoing authentication. The Storage Volumes on CloudByte ElastiStor authenticate the initiator.

Mutual CHAP: A super set of CHAP which uses peer user/peer secret for outgoing/incoming authentication between Storage Volumes and initiator.

Initiator group: Defines who can initiate the LUN.

It is a combination of multiple IQNs. By default, CloudByte ElastiStor creates two initiator groups (all where everyone can initiate the LUN and none where no one can). After you create the Storage Volume, when you manage the iSCSI options, you are prompted to choose an initiator group. You can either select the default one or the ones that you create. You configure initiator group in the Storage Volume.

Configuring Data Access using iSCSI_1

iSCSI configuration workflow

You configure iSCSI at the following levels:

  • Account
  • VSM
  • Storage Volume

The following figure illustrates the work flow for configuring the iSCSI protocol options:

ConfiguringiSCSIprotocolOptions

Account iSCSI options

Configuring iSCSI at account level involves the following tasks:

  1. In the ElastiCenter, select Accounts.
  2. In the Accounts page, select the account for which you want to specify the protocol options.
  3. In the actions pane, select the protocol option and then specify the details.

data_access_protocol_options_iscsi

The following options are available:

Manage iSCSI Authentication Groups

In the Add Authentication Group dialog box, specify the following details:

Field Description
Name A unique name for the authentication group.
Description A meaningful description for the authentication group.
CHAP Username Username for CHAP authentication. For uniqueness, specify the initiator IQN name as username.
CHAP Secret Password for CHAP authentication in alpha-numeric format. The password must have 12 to 16 characters.
Mutual CHAP Username Username for mutual CHAP authentication. For uniqueness, specify the initiator IQN name as username. The value must be same as that of the CHAP user.
Mutual CHAP Secret Password for mutual CHAP authentication (should be different from CHAP secret). The password must have 12 to 16 characters.

Intiator Groups

In the Add Intiator Group dialog box, specify the following details:

Field Description
Name Unique name of the initiator group.
Allowed Intiator List of allowed initiators, separated by comma.
Authorized Networks List of allowed networks followed by subnet mask in the format 10.0.0.0/8, separated by comma.

VSM iSCSI Options

This is the set of iSCSI options specific to a VSM. By default, CloudByte ElastiStor creates a default VSM iSCSI options group named default which contains industry standard options.

After you create the VSM, when you manage the iSCSI options, you are prompted to choose the VSM iSCSI options group. You can either select the default one or the ones that you create.

Field Description
IQN Name Specify a unique IQN.
Number of worker threads Select the number of worker threads.
Discovery Auth Method Specify the authentication method.
Discovery Auth Group Specify the authentication group.
Timeout Sets the limit on how long an I/O can be outstanding before an error occurs. Values range from 0 to 300 with a default of 30.
NOPIN Interval  The frequency of sending a NOP-IN packet in seconds. The values range from 0 to 300. The default value is 20
MAX R2T Specify a value between 1 and 255. The default value is 32
Max Sessions Specify a value between 1 and 64. The default value is 8.
Max Connections Specify a value between 1 and 64. The default value is 16.
First Burst Length Maximum data in bytes that an iSCSI software initiator may send to the target during the execution of a single iSCSI command unsolicited. Values range from 1 to 2^32. The default value is 65,536.
Max Burst Length Maximum WRITE size in bytes the target is willing to receive between R2Ts. Values range from 1-2^32. The default value is 262,144.
Max Receive Data Segment length In bytes. Values range from 1 to 2^32 with a default of 262,144.
Max Outstanding R2T Maximum number of ready to receive packets (R2Ts) the target can have as outstanding. This is for a single iSCSI command,where larger values should yield performance increases until MaxOutstandingR2T exceeds the size of the largest Write I/O divided by MaxBurstLength. Values range from 1 to 255. The default value is 16.
Default time to wait Minimum time in seconds to wait before attempting a logout or an active task reassignment after an unexpected connection termination/ reset. Values range from 1 to 300. The default value is 2
Default time to retain Maximum time in seconds after Time2Wait before which an active task reassignment is still possible after an unexpected connection termination/reset. Values range from 1 to 300. The default value is 60.

Volume iSCSI Options

This is the set of iSCSI options specific to a Storage Volume. By default, CloudByte ElastiStor creates a default Volume iSCSI options group default which contains industry standard options. After you create the VSM, when you manage the iSCSI options, you are prompted to choose the Volume iSCSI options group. You can either select the default one or the ones that you create.

Field Description
Status Select either Enabled or Disabled.
IQN Name Specify the unique IQN.
Authentication Method Specify the authentication method.
Authentication Group Specify the authentication group.
Initiator Group Specify the initiator group.
Initial Digest Select one of the advanced data integrity options.
Block Length By default the value is set to 512 bytes.
Queue Depth Pending I/O requests for the Volume. The values range from 0-255. 0 implies that the status disabled. The default value is 32.

Configuration scenarios

The following scenarios explain iSCSI configuration in detail:

Scenario 1: Assigning the same iSCSI initiator groups to two Storage Volumes under a VSM

iSCSIConfigurations-I

iSCSI initiator groups can be configured for only Storage Volumes based on initiator groups in the account. For example, Storage Volumes under the VSM can have different iSCSI initiator groups.

Scenario 2: Assigning different authentication groups to multiple Storage Volumes under a VSM

iSCSIConfigurations

You can have different authentication groups for VSMs and Storage Volumes.

iSCSI access control workflow

An initiator group defines who can initiate the LUN. After you create the Storage Volume, when you manage the iSCSI options, you are prompted to choose an initiator group.

Data access to the iSCSI Storage Volume can be restricted to either a single machine or to multiple machines in a Subnet.

Configuring initiator group and restricting access

  1. In the ElastiCenter, select Accounts.
  2. In the Accounts page, select the account for which you want to specify the protocol options.
  3. Select Manage iSCSI Initiator Groups in the Actions pane.
  4. select_manage_iscsi_initiator_groups

  5. Select Add Initiator Group in the Tasks menu.
  6. (In the following page)Provide the required details.
  7. Field Description
    Name Unique name of the initiator group.
    Allowed Intiator List of IQNs, separated by comma for restricting the access to iSCSI Storage Volume from multiple machines in a Subnet.
    Authorized Networks List of allowed networks, followed by subnet mask in the format 10.0.0.0/8, separated by comma.
  8. Click OK.
  9. In the Storage Volumes page, select the Storage Volume to which you want to assign the initiator.
  10. Select Manage iSCSI Configuration (Actions pane > Tasks).
  11. select_manage_iscsi_configuration1

  12. Click Edit, enter the required details, and then save the changes.
  13. manage_iscsi_initiator_group_selectinitgroup

  14. At the confirmation prompt, click Modify.

iSCSI authentication workflow

An iSCSI Authentication Group is a grouping of multiple iSCSI users. You can select the users who can access the iSCSI software target. After you create users, you can group them as iSCSI users for authentication.

  1. In the ElastiCenter, select Accounts.
  2. In the Accounts page, select the account for which you want to specify the protocol options.
  3. Select Manage iSCSI Authentication Groups in the Actions pane.
  4. select_manage_authentication_group

  5. Click Add Authentication Group in the following page:
  6. Enter the required details and then save the changes.
  7. manage_iscsi_auth_group_addauthgroup_details

    Field Description
    Name A unique name for the authentication group.
    Description A meaningful description for the authentication group.
    CHAP Username Username for CHAP authentication. For uniqueness, specify the initiator IQN name as username. CHAP is an authentication method which uses a user/secret or IQNs for outgoing authentication. The Storage Volumes on CloudByte ElastiStor authenticate the initiator.
    CHAP Secret Password for CHAP authentication in alpha-numeric format.The password must have 12 to 16 characters.
    Mutual CHAP Username Username for mutual CHAP authentication. For uniqueness, specify the initiator IQN name as username. The value must be same as that of the CHAP user. Mutual CHAP is a super set of CHAP which uses peer user/peer secret for outgoing/incoming authentication between Storage Volumes and initiator.
    Mutual CHAP Secret Password for mutual CHAP authentication (should be different from CHAP secret).
    Description The password must have 12 to 16 characters.
  8. Click OK.
  9. In the Storage Volumes page, select the Storage Volume for which you want to assign the authentication group.
  10. Select Manage iSCSI Configuration (Actions pane > Tasks).
  11. select_manage_iscsi_configuration1

  12. Click Edit, enter the required details, and then click Save. In the following screen, you have selected CHAP as the authentication method.
  13. manage_iscsi_auth_group_choose_authmethod

  14. At the confirmation prompt,click Modify.

Restricting access to iSCSI VSM by managing Authentication Groups

The procedures are same as in the section Restricting access to iSCSI Storage Volume by managing Authentication Groups except that, instead of Storage Volume, you have to select VSM from step 7 onward.

Installing MPIO on Windows Server

Multipath I/O (MPIO) is a Microsoft-provided framework that allows storage providers to develop Multipath solutions that contain hardware-specific information required to optimize connectivity with storage arrays.

MPIO provides an alternate data path between storage devices and Windows operating system. MPIO is protocol-independent and can be used with Fibre Channel (FC), Internet SCSI (iSCSI) and Serial Attached SCSI (SAS) interfaces.

Installing MPIO functionality involves the following procedures:

Note: The following documentation is for Windows Server 2008. The procedures are similar for other versions of Windows Server. However, there might be minor variations owing to the differences in UI strings and navigation.

  1. On Windows Server, select Multipath I/O and then click Install (Server Manager Console > Add Features Wizard).
  2. Note: This step can be skipped if Multipath I/O is already installed.

    mpio_multipath_1

  3. Restart the Windows Server after you complete the installation.
  4. After reboot, configure Multipath as follows:
    1. Open MPIO application (Start > Administrative Tools > MPIO).
    2. Click Discover Multi-paths tab.
    3. Enable Add support for iSCSI devices.
    4. Click Add.

    mpio_configure_4

  5. In the Reboot required dialog box click Yes. After reboot, a new device called “MSFT2005IBusType 0x9” (or similar ID) appears in the MPIO Properties.
  6. mpio_mpio_properties_6

Configuring Multipath on ElastiCenter

Prerequisites:

  • In the Network Interface Cards page (Nodes> Network Interface Cards), configure static IP addresses for each interface to configure multipath.

config_static_ip

Procedures

  1. In the VSMs page, click Provision VSM and then complete the procedures to create a VSM.
  2. Select the provisioned VSM and then in the VSM page select Advanced Settings.
  3. tsm_page_advanced_settings_edit

  4. In the Advanced Settings page, click Edit. Provide the required details and then click Save.
  5. tsm_page_advanced_settings_edit

    Field Description
    Secondary IP Address Alternate IP Address to configure multipath for a single LUN.
    Secondary Subnet Subnet address for multipath configuration.
    Secondary Interface Alternate Interface to configure multipath.
  6. Provision a Storage Volume in the VSM on which Multipath I/O is configured.
  7. (In the following page) Enter the required details and complete the procedures.

Configuring MPIO on Windows Server for a LUN in ElastiStor

Adding the first path to the iSCSI target

  1. Add two target portal IP addresses of the Disk Station (iSCSI Initiator Properties > Discovery)
  2. mpio_iscsiinitiatorprop_12

  3. Select a target that uses MPIO and then click Log On (iSCSI Initiator Properties page > Target
  4. Select the option Automatically restore this connection when the computer starts.
  5. Select the option Enable multi-path.
  6. Click Advanced.
  7. mpio_iscsiinitiatorprop_logon_13

  8. In the Advanced Settings page, check the following options:
    • Microsoft iSCSI Initiator.
    • First Subnet of the Initiator Computer
    • First Subnet of the DiskStation (both the IP addresses of the initiator and the target are within the same Subnet)
    • Click OK and ensure that the target has been connected.

    mpio_advancedsettings_14

  9. Close the iSCSI Initiator Application.

Adding the second path to the iSCSI target

  1. In the iSCSI initiator properties page:
    1. Select the Target to use MPIO (ensure that it is connected).
    2. Click Log on.
  2. mpio_logon2_15
  3. In the Advanced Settings page, check the following:
    1. Microsoft iSCSI inititator
    2. Second Subnet of the Initiator Computer
    3. Second Subnet of the DiskStation (both the IP addresses of the Initiator and the Target are within the same Subnet).
    4. Click OK.
  4. mpio_advancedsettings_OK_16
  5. Select Details in the iSCSI Initiator Properties page.
  6. mpio_iscsiinitiatorprop_details_17
  7. In the Target Properties page, click Devices tab.
  8. mpio_targetprop_devices_18
  9. Select a device name and then click Advanced.
  10. mpio_targetpropadvanced_19
  11. Select a load balance policy and then click OK. The following screenshot shows Round Robin with Subset as the Load balance policy.
  12. mpio_devicedetails_mpio_20