Dell™ PowerVault™ NX1950 Systems End-to-End Deployment Guide for iSCSI Model EMU01 w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes, Notices, and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2007–2008 Dell Inc. All rights reserved.
Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . Terms and Definitions . . . . . . . . . . . . . . . . . . . PowerVault NX1950 Storage Solution Vs. PowerVault NX1950 Cluster Solution . . . 8 . . . . . . 8 iSCSI . . . . . . . . . . . . . . . . . . . . . . . . . 8 iSNS . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Active/Passive Vs. Active/Active iSCSI . . . . . . . Before Setting Up the PowerVault NX1950 Storage Solution as an iSCSI Software Target . . . . . .
Method 2 (Discovery Using iSNS Server) Pre-Requisites . . . . . . . . 24 . . . . . . . . . . . . . . . . . . . 25 Configuring Settings From the Initiator Server/Client . . . . . . . . . . . . . . . . . . . . Setting Up the Target (PowerVault NX1950 Storage Solution and PowerVault NX1950 Cluster Solution) . . . . . . . . . . . . . . 3 Detailed End-to-End iSCSI Setup . . . . . 27 . . . 27 Setting up Target IP Addresses in the PowerVault NX1950 Cluster Solution . . . . . . . . . . . . . . . . .
4 Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol . . . . . . . . . . . . . 51 CHAP vs IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 . . . . . . . . . . . . . . . . 52 One-Way CHAP Authentication iSCSI Target settings iSCSI Initiator Settings . . . . . . . . . . . . . . . 53 . . . . . . . . . . . . . . . . . . 53 . . . . . . . . . . . . . . . . . . . 54 Initiator Settings Initiator Settings Continued A Appendix 53 . .
Best Practices for Efficient Storage Management Storage Manager for SANs . . . . 67 . . . . . . . . . . . . 67 LUN Management for iSCSI Subsystems . . . . . . 67 . . . . . . . . . . . . . . . . . . . . . . 68 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Related Links .
1 Introduction This document provides information about configuring the Internet Small Computer System Interface (iSCSI) Software Target on the Dell™ PowerVault™ NX1950 storage system as a block storage device. iSCSI is a useful and relatively inexpensive way to provide storage for new applications or to provide a network pool of storage for existing applications. Dell and its storage partners provide a variety of storage solutions that can be implemented easily.
Terms and Definitions The following sections describe the terms used in this document. PowerVault NX1950 Storage Solution Vs. PowerVault NX1950 Cluster Solution Throughout this document, the term PowerVault NX1950 storage system refers to the individual storage unit. The term PowerVault NX1950 storage solution refers to the configuration of the storage unit along with the storage arrays.
Active/Passive Vs. Active/Active iSCSI In a PowerVault NX1950 cluster solution that is configured with a 3.0 iSCSI Target, only one node that owns the Cluster Resources can create and own the iSCSI Targets. The iSCSI Target service is operative in only one node at a time (Active/Passive configuration). In a PowerVault NX1950 cluster solution that is configured with 3.
• You can configure Initiators with one or two dedicated NICs for iSCSI, based on your requirement. NOTE: Table 1-1 and Table 1-2 provide information about the iSCSI Target NIC configuration. The optimal connection information is also provided as options. You can configure the iSCSI NICs according to your network requirements. Table 1-1.
Table 1-2.
Figure 1-1.
Figure 1-2.
Figure 1-3. Non-Redundant iSCSI Path With Three NICs public network host (Initiator) public network NIC Teaming switch dedicated iSCSI traffic PowerVault NX1950 storage solution with NIC teaming for Data Sharing NOTE: For 3.0 iSCSI Target—In Figure 1-4 and Figure 1-5, both Initiators can communicate to the Active PowerVault NX1950 storage node through the dedicated iSCSI link (indicated by blue links from Initiators to switch and Active PowerVault NX1950 storage node).
Figure 1-4.
Figure 1-5.
Quick Install Steps for Initiator-Target Connection 2 This section is targeted towards advanced users that are familiar with the following concepts: • Operations of iSCSI protocol • iSCSI Initiator - Target connection information • Install and setup of Microsoft® iSCSI Initiator and Microsoft iSNS server • Basic RAID operations of Dell™ PowerVault™ NX1950 storage system The following sections provide quick step-by-step instructions to set up an iSCSI Target and to establish connection from an Init
3 If you are using the PowerVault NX1950 cluster solution with a storage array, perform the following tasks: a Turn on all nodes of the cluster. b Create one or more volumes on the storage array and assign them to the Cluster Group. c Use the volumes that you created to create Virtual Disks for iSCSI Targets.
Configuring iSCSI Connection With the PowerVault NX1950 Storage Solution Creating the Target 1 From the PowerVault NX1950 storage solution, select Start→Programs→ Administrative Tools→Windows Unified Data Storage Server. The PowerVault NX1950 Management Console appears. 2 Select Microsoft iSCSI Software Target option. The options iSCSI Targets, Devices, and Snapshots are displayed. 3 Select iSCSI Targets and either right-click or select the More Actions option in the Actions tab.
9 If you choose the Advanced option, you can select the IQN identifier by performing the following steps: a When you choose the Advanced.. option, the Advanced Identifiers screen appears and displays the Add option. Select Add. b The Add/Edit Identifier appears and provides four options namely— IQN, DNS Domain Name, IP address, and MAC Address to add the IQN identifier. Choose any one of the four options. c Type in the value or choose the value through the Browse option, and then select OK.
5 The Access screen appears. In the Add option, specify the iSCSI Targets that access the Virtual Disk that you have created. The Target that you chose in step 1 is listed in the Access list. NOTE: Go to Access→Add→Add Target to add additional iSCSI Targets. To configure the Targets to access the Virtual disk that you created, select the iSCSI Targets available in the list and click OK. You are redirected to the Access screen and the list of chosen Targets is displayed.
3 To create a target, follow the instructions in "Creating the Target" on page 19 and to create a virtual disk, follow the instructions in "Creating a Virtual Disk" on page 20. The active node is the node on which the cluster resources are running. From any cluster node, click Start→Administrator Tools→Cluster Administrator→Groups→Cluster Group. The active node is listed in the middle pane in the Owner section.
Verify the iSCSI HA Instance Creation (Optional) 1 In any PowerVault NX1950 cluster node, go to Start→Programs→ Administrative Tools→Cluster Administrator and verify the newly created iSCSI highly-available instance under Groups section. Verify the name, IP address, and other properties of the resource. 2 Create one or more volumes on the storage array and assign them to iSCSI highly-available instances or use the Cluster Administrator to move the existing volumes to iSCSI highly-available instances.
5 In the Log On to Target window, click OK. The Targets tab displays the status of the Target as Connected. 6 To accomplish Multipathing, you can use Microsoft MPIO to establish multiple sessions from host to the same Target device. To establish multiple sessions: a Go to the Targets tab and select the Target that is Connected. b Repeat step 1 to step 4. c In the Advanced Settings→Target Portal address, choose the redundant host IP address and the IP address of the PowerVault NX1950 storage solution.
Pre-Requisites Before you perform iSCSI Target discovery, perform the following steps: 1 Download the Microsoft iSCSI Initiator software from Microsoft Support website at support.microsoft.com and install the Initiator (Host). 2 Download the Microsoft iSNS Server software from Microsoft Support website at support.microsoft.com and install the software on a client/server running Microsoft® Windows® operating system.
4 To create a target, follow the instructions in "Creating the Target" on page 19 and to create a virtual disk, follow the instructions in "Creating a Virtual Disk" on page 20. During step 7 of "Creating the Target" on page 19, use the Browse option to ensure that the iSCSI Initiator Identifier screen displays all Initiators that are registered with iSNS server. NOTE: The 3.0 iSCSI Software Target does not query the iSNS server for registered iSCSI Initiators during Target creation.
Detailed End-to-End iSCSI Setup 3 This section describes the end-to-end iSCSI setup, including settings for the iSCSI Initiator, Target, and establishing connections. Setting Up Target IP Addresses in the PowerVault NX1950 Storage Solution Based on configuration (with one or two dedicated iSCSI NICs) assign IP addresses to the iSCSI NICs. Use the IP address that you assigned to the iSCSI NIC(s) in the Target Portals tab of the Initiator for discovery.
2 Add the newly-created highly available iSCSI instances as a resource group. The newly-created highly available iSCSI instances are then listed in Active Resources of cluster nodes. 3 When you configure the Initiators, add the highly available iSCSI instance IP address in the Target Portals tab. 4 After you complete the setup, the iSCSI Targets created on individual nodes that have highly available iSCSI instances.
3 The Microsoft iSCSI Initiator Installation screen appears. The options Initiator Service and Software Initiator are selected by default. The Microsoft MPIO multi-pathing is unchecked. You must check this options as the installation requires the use of Multipath I/O (MPIO) feature. Click Next. NOTE: You must select the Microsoft MPIO support for iSCSI during installation to accomplish load balancing and failover among multiple NICs and iSCSI host bus adapters (HBAs).
Configuring the Microsoft iSCSI Initiator After the installation is complete, you can use the iSCSI Initiator to manage the iSCSI environment. This section describes the initial configuration steps. If you use the Direct Portals option in the Discovery tab of the iSCSI Initiator Properties window, add iSCSI NIC IP address of the PowerVault NX1950 storage system. If you are configuring a PowerVault NX1950 cluster solution: a Add the highly-available iSCSI instance IP address in the Target Portals tab (3.
Figure 3-1. The PowerVault NX1950 Configuration Tasks Window 2 Launch the PowerVault NX1950 Management Console—When you close the PowerVault NX1950 Configuration Tasks window, the PowerVault NX1950 Management Console is launched. You can use the PowerVault NX1950 Management Console to perform all storage management functions for PowerVault NX1950 storage solution.
Figure 3-2. PowerVault NX1950 Management Console In Figure 3-2, the Scenarios section in the middle pane provides several scenarios to help you through each of the storage management processes. 3 Create LUNs on Disk Array—To create the LUNs on the Disk Array, select the Provision Storage and Create Volume scenario from the Scenarios section. The scenario walks you through the procedure to provision storage and create volumes.
Figure 3-3. Provision Storage Wizard b The Storage Subsystem screen appears and prompts you to select at least one storage subsystem. Select at least one subsystem and click Next. c The LUN Type screen appears. You can choose the LUN type from the available types of LUNs. Each LUN type has a maximum size that is calculated depending on the LUN type. Choose the appropriate LUN type and click Next.
e The Server Assignment screen appears. Choose the This server only option and click Next. NOTE: The LUN that you have created is assigned to the internal storage server only. The iSCSI Targets that are created are configured to be assigned to external application servers later. NOTE: If you are configuring a PowerVault NX1950 cluster solution as the Target, select the All servers in this cluster option in the Server Assignment screen. f The Server Access screen appears.
c The Review Settings and Create Storage screen appears. Review the storage settings and click Create. The Storage provisioning occurs and the Confirmation screen appears indicating a successful provisioning operation. The LUN is now created and ready for use. The step 5 creates iSCSI Targets and associates the iSCSI Targets with the newly-created LUN. The PowerVault NX1950 storage solution uses Windows Unified Data Storage Server 2003 with Microsoft Virtual Disk Service (VDS) internally.
6 Configuring NICs for iSCSI traffic in the PowerVault NX1950 storage solution in cluster mode— If you are setting up PowerVault NX1950 cluster solution as an iSCSI Target, perform the following prerequisites: – Follow the steps listed in the section Creating a Highly Available iSCSI Target in the Dell PowerVault NX1950 Cluster Systems Installation and Troubleshooting Guide on the Dell Support website at support.dell.com.
To configure the iSCSI HA instance perform the following steps in all nodes of cluster system: NOTE: To perform this procedure, you must have Administrator rights on the local computer. For best practices, use the Run option to perform this procedure. a Open the PowerVault NX1950 Management Console, right-click Microsoft iSCSI Software Target, and then click Create HA Instance for iSCSI. b In the Create Highly Available Instance for iSCSI Storage dialog box, click Add.
7 Perform the following steps to create iSCSI Targets: Figure 3-4. Creating iSCSI Targets NOTE: In the PowerVault NX1950 Management Console, right-click Microsoft iSCSI Software Target, and select Properties. In the Networks tab, select the corresponding iSCSI NIC IP address and deselect the remaining IP addresses. If you are using the 3.1 iSCSI Target, select the highly available iSCSI instance IP address only.
e In the iSCSI initiators identifiers screen, enter the iSCSI Qualified Name (IQN) of the iSCSI Initiator. You can manually enter the IQN or use the Browse option and choose the iSCSI Initiator from the list. • You can also provide alternate ways to identify the iSCSI Initiator by using the Advanced option. When you click Advanced, the Advanced Identifiers screen appears. In the Advanced Identifier screen, click Add, and enter the Identifier type and the specific identifying information.
a Right-click on the Target name to launch the Create Virtual Disk Wizard. b Click Next. The File screen appears. Create the Virtual Disk on the internal disk volume (the RAID volumes available from the attached storage array) that is available to the iSCSI Target. NOTE: In the File screen, use the Browse option to choose the internal disk volume using browse and enter a name for Virtual Disk file with a .vhd extension. c Click Next. The Size screen appears.
Configuring Devices You can perform all operations related to Virtual Disks (Devices) using the following options in PowerVault NX1950 Management Console: • Create/Delete Virtual Disk—Virtual Disks are represented with a .vhd extension. You can create or delete Virtual Disks using this option. • Extend Virtual Disk—You can dynamically increase the size of an iSCSI Virtual Disk without losing data and without restarting the iSCSI Target.
2 Go to iSCSI Initiator Targets tab. The IQN of the Targets is listed and status is displayed as Inactive. Select one Target device and select Logon. 3 The Log On to Target screen appears. You can select the Automatically restore this connection when the system reboots option for re-establishing connection during probable reset/reboot of the Initiator. 4 You can use the Enable Multi-path option for load balancing/failover settings. a Choose this option to enable MPIO and select Advanced.
c In the Advanced Settings window, select the redundant iSCSI IP address of the PowerVault NX1950 storage system. Selecting the redundant iSCSI IP address ensures that the iSCSI network traffic and the public network traffic are on separate subnets. This also allows load balancing/Failover. The iSCSI connection is now established and the device is ready for block I/O operations.
c In the Specify Partition size screen, specify the partition size. Click Next. d In the Assign Drive Letter or Path screen, assign the driver letter from drop-down menu. Click Next. e In the Format Partition screen, use the default options to format the partition. Enter a Volume label and click Next. NOTE: Select the Perform quick format check box for faster Format. f In the Completing the New Partition Wizard screen, click Finish. The new partition is successfully created.
To automate the creation of snapshots and the mounting of iSCSI Virtual Disks for regular backups, you can use the Schedule Snapshot Wizard. Snapshots of Virtual Disks that reside on an NTFS file system volume are persistent, which means they remain after a system restart. Snapshots that are created on the iSCSI Target server are crash consistent. iSCSI Snapshots are created using VSS and a storage array with a hardware provider designed for use with VSS.
3 After making necessary changes, click OK. NOTICE: Although you do not change the default settings, go to Volume→ Properties→Shadow Copies→Settings and click OK. Perform this action especially in a PowerVault NX1950 cluster solution to ensure proper Snapshot recovery in the event of cluster node failure. Active snapshots may be lost on account of a cluster node failure, if you do not have enough space or if you have not configured the Snapshots properly.
7 The Virtual Disks screen appears and displays two options. Include all Virtual Disks (default) Include only the selected Virtual Disks You can select all or selected Virtual Disks for snapshots. NOTE: In a PowerVault NX1950 storage solution, all Virtual Disks are listed in the Virtual Disks screen. In a PowerVault NX1950 cluster solution, Virtual Disks of the volumes that are available in the selected Resource Group are listed.
• Export Snapshot—Use this option to make Snapshot available to a remote system or to take a redundant copy of a Snapshot. Use the Export Snapshot wizard to export the Snapshot to one or more iSCSI Targets. The Snapshot can then be accessed by Initiators (read-only access). To export snapshot perform the following steps: a Go to the Active Snapshots tab, select the snapshot that you want to export from the middle-pane, right-click and select Export Snapshot.
• Rollback—Use this option to rollback an iSCSI Virtual Disk to a previous Snapshot. This operation uses the temp directory located at C:\Windows\Temp. Ensure that the temp directory contains sufficient space to store the differential data. The rollback fails if enough space. is not available. a Right-click on the snapshot and select Rollback to Snapshot. In the pop-up message, select Yes. b To check the status of rollback, go to the Devices tab.
5 If you want to remove Target IQN name entries, go to the Discovery tab and remove the IP address/DNS name of the PowerVault NX1950 storage system in the Target Portals section or remove the IP address/DNS name entry of the iSNS server. 6 Go to the Targets tab and click the Refresh. The Target IQN name is not listed.
Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol 4 Few security features for the iSCSI protocol are included in the iSCSI layer itself, apart from any security layers that may be present in the lower TCP/IP and Ethernet layers. You can enable and disable the iSCSI security features as required. The Microsoft® iSCSI Initiator uses the Challenge-Handshake Authentication Protocol (CHAP) to verify the identity of iSCSI host systems attempting to access iSCSI Targets.
CHAP vs IPSec CHAP authenticates the peer of a connection and is based upon the peers sharing a secret (a security key that is similar to a password). IP Security (IPSec) is a protocol that enforces authentication and data encryption at the IP packet layer and provides an additional level of security. One-Way CHAP Authentication In One-Way CHAP authentication, only the iSCSI Target authenticates the Initiator.
iSCSI Initiator Settings 1 Go to the Discovery tab. 2 Log in to the Target on which you have enabled CHAP in "iSCSI Target settings" on page 52 by clicking iSCSI Initiator Properties→Targets tab→ Log On.... 3 In the Log On to Target window, select Advanced. 4 In the Advanced Settings window, select the check box for CHAP logon information. The User name fields displays the IQN of the Initiator automatically.
Target Settings Configure the Target settings of CHAP as described in "iSCSI Target settings" on page 52 and perform the following steps: 1 In the Properties window, select the Authentication tab. 2 Select the check box for Enable reverse CHAP authentication. In the User name field, enter the IQN of the Initiator. 3 In the Reverse secret field enter the Secret value that you set in the Initiator. NOTE: Ensure that the Reverse secret is not the same as the CHAP secret.
A Appendix The previous chapters in this document describe the procedures for basic iSCSI session/connection information. This chapter briefly describes procedures for a few advanced configuration settings.
Figure A-1. General Tab in iSCSI Initiator Properties Window The General tab includes three options namely—Change, Secret and Tunnel. • Change—Allows you to rename the Initiator node name that is displayed. • Secret—iSCSI security provided CHAP. For more information, see "Configuring Secured iSCSI Connections Using Challenge-Handshake Authentication Protocol" on page 51. • Tunnel—You can use this option for advanced configuration using IPsec. For more information, see "Appendix" on page 55.
Figure A-2. Discovery Tab in iSCSI Initiator Properties Window NOTE: If you are using the PowerVault NX1950 cluster solution configured with Target 3.0 iSCSI Target software, you must add a virtual iSCSI IP that is part of the Cluster Resource in the Target Portals field. This IP address must be a virtual IP address in the same subnet where iSCSI NICs are configured.
Targets Tab The Targets tab provides the list of individual Targets available to the iSCSI Initiator. In the following example, three Targets are available to the iSCSI Initiator. Figure A-3. Targets Tab in iSCSI Initiator Properties Window NOTE: The above illustration is an example of discovery in the Targets tab. In practice, the targets are discovered only after you configure the PowerVault NX1950 storage/cluster system as a Target.
If multiple-paths to the Target are available, then you must describe each path to the iSCSI Initiator. To describe multiple paths to the Initiator: 1 In the Log On window, select Enable multi-path and select Advanced. The Advanced option provides a drop-down menu with all possible source (Initiator) IP addresses and a separate drop-down menu for all possible Target portal addresses. In this scenario, the Target solution manages the actual paths and IP addresses internally.
Persistent Targets Tab You can configure Persistent Targets so that the connection to the Target is automatically restored when the system reboots. If the Targets are configured to be persistent, they appear in this Persistent Targets tab. Figure A-5.
Figure A-6. Bound Volumes/Devices Tab in iSCSI Initiator Properties Window Advanced Configuration Details Enabling Multi-Path on the Initiator After you establish the iSCSI Initiator-Target connection, perform the following steps to enable multi-path operation: 1 On the Initiator, go to iSCSI Initiator Properties→Targets tab→Log On...→Log On to Target window and select the check box for Enable multi-path option.
Using the Advanced Option You can use the Advanced option to perform the following functions: • Go to iSCSI Initiator Properties→Targets tab→LogOn...→Log On to Target window→Advanced option. The Advanced Settings screen appears and consists of two tabs namely—Advanced and IPSec. The General tab allows you to set CRC/Checksum, CHAP and choose source IP address and Target Portal—IP address of iSCSI Target. You can use the Multi-path option to configure load balancing and failover settings.
Devices Tab The Devices tab of Target Properties screen provides generic device details like the Virtual Disks that are associated with Target. Click Advanced to view information about MPIO and Launch the Device Details screen. To modify the MPIO settings, you can use the MPIO tab. Properties Tab The Properties tab of Target Properties screen provides information about Target Alias, Authentication, Associated Network portals and other details of the Target.
• Round Robin With Subset—The round robin subset policy executes the round robin policy only on paths designated as active. The stand-by paths will be tried on a round-robin approach upon failure of all active paths. • Least Queue Depth—The least queue depth policy compensates for uneven loads by distributing propeortiaonately more I/O requests to lightly loaded processing paths. • Weighted Paths—The weighted paths policy allows the user to specify the relative processing load of each path.
6 The End User License Agreement screen appears. Read the agreement and click Agree to install the program. 7 The Microsoft iSNS Service Setup Program windows indicates that the program is installed successfully. 8 The Microsoft iSNS Server Information screen appears. Read the information and click Next. 9 The Installation Complete screen appears indicating the completion of program installation. Click Close.
To configure the iSNS Server, perform the following steps. 1 Log on to the server where you have installed the iSNS Server 3.0 and go to Start→Programs→Microsoft iSNS Server→Configure iSNS server. The iSNS Server screen consists of three tabs namely—General, Discovery Domains, and Discovery Domain Sets. The General tab lists all devices (iSCSI Initiators and Targets) that are registered with the iSNS Server.
Best Practices for Efficient Storage Management Storage Manager for SANs Storage Manager for SANs is a Microsoft Management Console snap-in that system administrators can use to create and manage the logical unit numbers (LUNs) that are used to allocate space on storage arrays in both Fibre Channel and iSCSI environments.
Related Links For more information on storage for Microsoft Windows Storage Server 2003 operating systems and iSCSI in particular, see the following websites: 68 • Microsoft Storage website at http://www.microsoft.com/storage/ • Microsoft iSCSI Storage website at http://www.microsoft.com/WindowsServer2003/technologies/storage/iscsi /default.mspx • Microsoft Windows Storage Server website at http://www.microsoft.com/windowsserversystem/wss2003/default.
Index Numerics 3.0 iSCSI Target, 9 3.
Index
