Dell™ PowerVault™ NF500/NF600 Systems End-to-End Deployment Guide for iSCSI w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes and Notices NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ____________________ Information in this document is subject to change without notice. © 2007 Dell Inc. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . . . . . . . . . . 6 iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . 6 iSNS . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Terminology Naming Convention . . . . . . . . . . . . . . . . . . Features of iSCSI Software Target . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . .
3 Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol . . . . . . . . . . . . . 31 CHAP vs IPSec . . . . . . . . . . . . . . . . . . . . . . One-Way CHAP Authentication iSCSI Target Settings . . . . . . . . . . . . . 32 . . . . . . . . . . . . . . . . 32 iSCSI Initiator Settings . . . . . . . . . . . . . . . Mutual CHAP Authentication 33 . . . . . . . . . . . . . . . . . . 33 . . . . . . . . . . . . . . . . . . . 34 Initiator Settings Continued .
Introduction This document provides information about configuring the Dell™ PowerVault™ 500 or PowerVault 600 storage system as an Internet Small Computer System Interface (iSCSI) Software Target. This document also provides information on setting up the PowerVault 500 or PowerVault 600 storage system that has been configured as iSCSI Target as a block storage device. NOTE: The term Dell PowerVault 500 refers to the hardware platform.
The following topics are discussed in further sections: • Quick install steps—Instructions about creating an iSCSI Target and establishing connection with a Microsoft iSCSI Initiator • End-to-End iSCSI configuration – • Detailed instructions on installing and configuring the Microsoft iSCSI Initiator Software and the Microsoft iSCSI software Target Configuring the Initiator-Target connections – Setting up secure iSCSI connections – Microsoft iSNS Server and other advanced configuration details NOT
You can download and install the iSNS server from the Microsoft website at www.microsoft.com on a separate server that does not have Microsoft iSCSI Initiator or Target installed. Naming Convention The term Dell PowerVault 500 refers to the hardware platform. PowerVault NF500 refers to the configuration of PowerVault 500 storage system and Microsoft Windows Storage Server 2003 R2 with SP2 operating system. The term Dell PowerVault 600 refers to the hardware platform.
• Snapshots are useful for fast system recovery of files and volumes, in case of accidental data deletion by a user, overwritten data, or data corruption resulting from a malicious program. • Snapshots can be mounted locally or exported to facilitate backup and recovery operations. NOTE: Snapshots are not an alternative to system/data backup.
Pre-Requisites Before you set up the iSCSI Target, ensure that you perform the following steps: 1 Download the Microsoft iSCSI Initiator software from the Microsoft Support website at support.microsoft.com and install the Initiator (Host). 2 Turn on the PowerVault 500/PowerVault 600 storage system. Create one or more volumes on the internal hard drives and use them for creating Virtual Disks for iSCSI Targets. 3 On the iSCSI Target, right-click Microsoft iSCSI Software Target and click Properties.
2 In the Microsoft iSCSI Software Target console, right-click iSCSI Target, and then click Create iSCSI Target. The Welcome to the Create iSCSI Target wizard screen appears. Click Next. The wizard guides you through the process of Target creation. 3 The Create iSCSI Target wizard displays the iSCSI Target Identification option. Enter a Name and Description (optional) for the iSCSI Target. Click Next. 4 The iSCSI Initiators Identifiers screen appears.
c Enter the value or choose the value through the Browse option, and then click OK. The IQN identifier is displayed in the Advanced Identifiers screen and the fields IQN, DNS Domain Name, IP address, and MAC Address are populated. d Select the populated value and click OK. e In the iSCSI Initiator Identifiers screen, the IQN identifier field is populated with appropriate information. Click Advanced to view alternate identifiers. f Click Next. 7 The Completing the Create iSCSI Target wizard appears.
5 The Access screen appears. In the Add option, specify the iSCSI Targets that can access the Virtual Disk that you have created. The Target that you chose in step 1 is listed in the Access list. NOTE: Go to Access→ Add→ Add Target to add additional iSCSI Targets. To add additional Targets and configure the Targets to access the Virtual Disk that you created, select the iSCSI Targets available in the list and click OK. You are redirected to the Access screen and the list of chosen Targets is displayed.
3 In Advanced Settings window, select General tab, and select the following options from drop-down menu and click OK. – Local adapter—Microsoft iSCSI Initiator – Source IP—One of the host IP addresses – Target Portal—iSCSI IP address of the PowerVault 500/PowerVault 600 storage system 4 In the Log On to Target window, click OK. The Targets tab displays the status of Target as Connected.
NOTE: Do not install the iSNS Server software on Initiator (host) or Target (PowerVault500/PowerVault 600 storage system). Install the software on a separate Client/Server running Windows operating system. 3 Turn on the PowerVault 500/PowerVault 600 storage system. 4 Create one or more volumes on the local drives for creating Virtual Disks for iSCSI Targets. From Initiator Server/Client 1 Configure the Microsoft iSCSI Initiator with iSNS server's information.
Detailed End-to-End iSCSI Setup This section describes the end-to-end iSCSI setup, including settings for the iSCSI Initiator, Target, and establishing connections. Configuring iSCSI Devices The following sections provide detailed information about installing and configuring the Initiator and Target in Dell™ PowerVault™ 500/PowerVault 600 storage system. Installing Microsoft iSCSI Initiator You can download the Microsoft® iSCSI Initiator for free from the Microsoft website at www.microsoft.com.
3 The Microsoft iSCSI Initiator Installation screen appears. The options Initiator Service and Software Initiator are selected by default. The Microsoft MPIO multipathing is unchecked. You must select this option as all installations in this document use the Multipath I/O (MPIO) feature. Click Next. NOTE: You must select the Microsoft MPIO support for iSCSI during installation to accomplish load balancing and failover among multiple NICs and iSCSI host bus adapters (HBAs).
General Tab The General tab displays the Initiator node name which is the Initiator's iSCSI Qualified Name (IQN). Figure 2-1. General Tab The General tab includes three options namely—Change, Secret, and Tunnel. • Change—Allows you to rename the Initiator node name that is displayed. • Secret—iSCSI security provided CHAP. • Tunnel—Allows you to perform advanced configuration using IPsec. Discovery Tab The Discovery tab provides information about Target Portals and iSNS Servers.
system. If no Target portals are listed, you can add them using the IP address or DNS name of Target server. In the following example, two iSCSI Target portals are already added. Figure 2-2. Discovery Tab • iSNS Servers—You can also perform Target discovery using iSNS servers. Add the iSNS Server IP address or DNS name. If the iSNS service is up and running on a server, all clients (Initiators and Targets) that are registered with the iSNS server are listed in the Registered Clients screen.
Figure 2-3. Targets Tab If you use the Direct Portals option the Discovery tab, the Targets of the IP address that you provided are listed. If you use the iSNS servers option in the Discovery tab, the Targets created in all PowerVault 500/PowerVault 600 storage systems that are registered with iSNS server are displayed. Log On...—To gain access to the Target, the Initiator must Log On to the Target. If only one path is available to the Target, only one step is required for log on. Click Log On..
3 Select Automatically restore this connection when the system boots to ensure continuous connection and to avoid establishment of Target-Initiator association during power spike or system reboots. 4 Repeat the Log on process for each iSCSI NIC. Figure 2-4. Log On to Target Window For MPIO connection, you must select the Target that displays status as Connected and select Log On. In the Log On to Target window, select Advanced and configure redundant iSCSI Target IP address.
Figure 2-5. Persistent Targets Tab Bound Volumes/Devices Tab If a host service or application depends on the availability of an iSCSI volume, you must configure it as bound so that the iSCSI service includes each bound volume as part of its initialization.
Figure 2-6. Bound Volumes/Devices Tab Configuring Microsoft iSCSI Software Target The Microsoft iSCSI Software Target software package is available in the iSCSI software target application CD. Before configuring iSCSI Targets, you must create a few LUNs and reserve storage space to create Virtual Disks for iSCSI Targets. The following sections provide step-by-step instructions to create storage space.
Configuring the Target 1 Configure Network Settings on the iSCSI Target device—The PowerVault 500/600 storage system is configured to use DHCP for network settings by default. The PowerVault 500/600 storage system is designed for multipath operations and is equipped with two RJ45 Ethernet connectors. You can add an optional additional NIC. NOTE: It is recommended that you configure dedicated iSCSI NICs on separate subnets and not on the public network.
The following steps describe the procedure to create two iSCSI Targets that use two dedicated NICs for iSCSI traffic as shown in Figure 2-7. Each Target is made available to a different application on the host server. The Target in the Microsoft-based iSCSI Target solution only defines the path that the iSCSI storage traffic uses from the iSCSI Initiator. Figure 2-7.
d You must associate each iSCSI Target with an iSCSI Initiator. The iSCSI Initiator is the host that requests access to the storage that is represented by the iSCSI Target name. • In the iSCSI Initiators Identifiers screen, enter the iSCSI Qualified Name (IQN) of the iSCSI Initiator. You can manually enter the IQN or use the Browse option and choose the iSCSI Initiator from the list. • You can also provide alternate ways to identify the iSCSI Initiator by using the Advanced option.
e In the iSCSI Initiator identifiers screen, choose the identifier and click Next. f The Completing the Create iSCSI Target Wizard screen appears indicating that the iSCSI Target has been created. The Microsoft iSCSI Software Target Console now displays the newly-created iSCSI Target. The Console also displays the devices available for the iSCSI Targets. The storage that is used by the iSCSI Initiators (application hosts) are defined in a later step when the Virtual Disks are created.
e The Access screen appears. Click Add and enter the iSCSI Target information. You must associate the Virtual Disk with an iSCSI Target for the application host to use the Virtual Disk as an iSCSI storage volume. f Click Next. The Completing the Create Virtual Disk Wizard appears indicating the successful completion of the Virtual Disk creation. g Repeat step a through step f to create an additional Virtual Disk.
a Choose this option to enable MPIO and select Advanced. b Go to Advanced Settings→ General tab and select the following options from the drop-down menu: c • Local Adapter — Microsoft iSCSI Initiator • Source IP — one of the host IP addresses • Target Portal — iSCSI IP address of the PowerVault NF500/NF600 storage system. In the Advanced Settings window, click OK. In the Log On to Target window, click OK. The Targets tab now displays the Target status as Connected.
9 In the right pane, the iSCSI disk that is Connected is displayed as Unknown Not Initialized and Unallocated. 10 The Welcome to the Initialize and Convert Disk Wizard option is displayed. Run the Initialize and Convert Disk Wizard. a Retain the default settings and select Next in all screens. b The Completing the Initialize and Convert Disk Wizard screen appears. Click Finish. 11 Go to the Disk Management. The Unallocated iSCSI disk is now identified as Basic and Unallocated.
Detailed End-to-End iSCSI Setup
Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol Few security features for the iSCSI protocol are included in the iSCSI layer itself, apart from any security layers that may be present in the lower TCP/IP and Ethernet layers. You can enable and disable the iSCSI security features as required. The Microsoft® iSCSI Initiator uses the Challenge-Handshake Authentication Protocol (CHAP) to verify the identity of iSCSI host systems attempting to access iSCSI Targets.
One-Way CHAP Authentication In One-Way CHAP authentication, only the iSCSI Target authenticates the Initiator. The secret is set only for the Target and all Initiators that are accessing the Target must use the same secret to start a logon session with the Target. To set one-way CHAP authentication, configure the settings described in the following sections on Target and Initiator.
iSCSI Initiator Settings 1 Log in to the Target on which you have enabled CHAP in "iSCSI Target Settings" on page 32 by clicking iSCSI Initiator Properties→ Targets tab→ Log On.... 2 In the Log On to Target window, select Advanced. 3 In the Advanced Settings window, select the check box for CHAP logon information. The User name fields displays the IQN of the Initiator automatically. 4 In the Target secret field enter the same value of the target secret that you set in the iSCSI Target and click OK.
Target Settings 1 Configure the Target settings of CHAP as described in "iSCSI Target Settings" on page 32 and perform the following steps: a In the Properties window, select the Authentication tab. b Select the check box for Enable reverse CHAP authentication. In the User name field, enter the IQN of the Initiator. c In the Reverse secret field enter the Secret value that you set in the Initiator. NOTE: Ensure that the Reverse secret is not the same as the CHAP secret.
Appendix The previous chapters in this document describe the procedures for basic iSCSI session/connection information. This chapter briefly describes procedures for a few advanced configuration settings.
Using the Advanced Option You can use the Advanced option to perform the following functions: • Go to iSCSI Initiator Properties→ Targets tab→ LogOn...→ Log On to Target window→ Advanced option. The Advanced Settings screen appears and consists of two tabs namely—Advanced and IPSec. The General tab allows you to set CRC/Checksum, CHAP and choose source IP address and Target Portal—IP address of iSCSI Target. You can use the Multi-path option to configure load balancing and failover settings.
Devices Tab The Devices tab of Target Properties screen provides generic device details like the Virtual Disks that are associated with the Target. Click Advanced to view information about MPIO and Launch the Device Details screen. To modify the MPIO settings, you can use the MPIO tab. Properties Tab The Properties tab of Target Properties screen provides information about Target Alias, Authentication, Associated Network portals, and other details of the Target.
• Round Robin With Subset—The round robin subset policy executes the round robin policy only on paths designated as active. The stand-by paths will be tried on a round-robin approach upon failure of all active paths. • Least Queue Depth—The least queue depth policy compensates for uneven loads by distributing proportionately more I/O requests to lightly loaded processing paths. • Weighted Paths—The weighted paths policy allows the user to specify the relative processing load of each path.
5 The Installing Microsoft iSNS Server screen indicates the installation progress. The Microsoft iSNS Installation Program prompts you to choose from the iSNS Installation Options. Choose Install iSNS Service and click OK. 6 The End User License Agreement screen appears. Read the agreement and click Agree to install the program. 7 The Microsoft iSNS Service Setup Program windows indicates that the program is installed successfully. 8 The Microsoft iSNS Server Information screen appears.
To configure the iSNS Server, perform the following steps. 1 Log on to the server where you have installed the iSNS Server 3.0 and go to Start→ Programs→ Microsoft iSNS Server→ Configure iSNS server. The iSNS Server screen consists of three tabs namely—General, Discovery Domains, and Discovery Domain Sets. The General tab lists all devices (iSCSI Initiators and Targets) that are registered with the iSNS Server.
Best Practices for Efficient Storage Management Storage Manager for SANs Storage Manager for SANs is a Microsoft Management Console snap-in that system administrators can use to create and manage the logical unit numbers (LUNs) that are used to allocate space on storage arrays in both Fibre Channel and iSCSI environments.
Related Links For more information on storage for Microsoft Windows Storage Server 2003 operating systems and iSCSI in particular, see the following websites: 42 • Microsoft Storage website at http://www.microsoft.com/storage/ • Microsoft iSCSI Storage website at http://www.microsoft.com/WindowsServer2003/technologies/storage/iscsi /default.mspx • Microsoft Windows Storage Server website at http://www.microsoft.com/windowsserversystem/wss2003/default.
Index C S CHAP, 31 Mutual CHAP, 33 One-Way CHAP, 32 Snapshots, 7 I iSCSI, 5 Configuring, 15 Configuring Target, 22 L Load Balance Policy, 37 Storage Manager for SANs, 41 V Virtual Disk, 7, 11 W Wizards, 8 Create iSCSI Target Wizard, 8 Create Virtual Disk Wizard, 8 M Multi-Path, 35 P PowerVault 500, 7 PowerVault 600, 7 PowerVault NF500, 7 PowerVault NF600, 7 Index 43
Index
