iSCSI Connectivity: SAN Administration On Data ONTAP 7.3

SAN Administration
on Data ONTAP 7.3

iSCSI Connectivity
2008 NetApp. All rights reserved.
Objectives
At the end of this module, you should be able to:
Describe single-path implementation with
iSCSI connectivity
Describe how to configure network ports on
Windows, Solaris, and NetApp systems
Describe commands/utilities to identify the
worldwide node (WWN) on Windows, Solaris,
and NetApp systems

2
iSCSI Connectivity
3
NetApp
FAS
iSCSI Connectivity
Data ONTAP
Windows
Solaris
Type of Topologies:
1.Direct-attached
2.Network
iSCSI
Ethernet
2008 NetApp. All rights reserved. 4
Direct-attached Topology
Solaris
Storage System 1
Windows
iSCSI
Direct-attached Topology (Cont.)
Solaris
Storage System 1
Windows
iSCSI
X
Windows no
longer has
connectivity
with Storage
System 1
1. Does not scale
2. No fault tolerance
Network Topology
Solaris
Storage System 1
Windows
0 1 2 3 4 5 6 7
2
4 6
iSCSI
iSCSI Adapters Types
Since iSCSI implements SAN over IP,
administrators have choices on how to connect
to an iSCSI network:

7
NIC & iSCSI
Soft Initiator
TOE & iSCSI
Soft Initiator
iSCSI Hardware
Initiator/HBA

Network
Interface
IP
TCP
iSCSI
SCSI
Application
Network
Interface
IP
TCP
iSCSI
SCSI
Application
Other
Protocols
Network
Interface
IP
TCP
iSCSI
SCSI
Application
Other
Protocols
Server
Processing
NIC/HBA
Processing
Topology Summary
Single path connectivity:
Is simple
Doesnt provide redundancy for losing a switch
or cable
NOTE: In Module 9, we will discuss a multipath
iSCSI implementation that overcomes some of
the limitations of a single-path design

8
Compatible Operating Systems
Target operating system (OS):
Data ONTAP
Initiator OS:
Solaris
Windows
AIX
HP-UX
VMware
Linux (Red Hat, SuSE, Oracle)
NOTE: This course will focus only on Solaris,
Windows, and Data ONTAP 7.3
9
Discovery
For an initiator and target to communicate, the
initiator must discover the target
Proper configuration of the initiator OS is
required for discovery
Discovery is accomplished over TCP port 3260
We will investigate:
Data ONTAP setup
Windows Server 2003/2008 software initiator
with a standard NIC
Solaris 10 native software initiator with a
standard NIC

10
Data ONTAP as an iSCSI Target
Data ONTAP 6.4 and later has support for iSCSI
Data ONTAP features:
Built-in iSCSI service
Simple LUN creation and management
Data ONTAP must be properly configured for
iSCSI connectivity
1. Configure IP interfaces
2. Configure iSCSI services
3. Configure the iSCSI interfaces
4. Identify the worldwide name (WWN)
11
FC Connectivity
Data ONTAP
Windows
Solaris
Configuring Interfaces
1. List the available interfaces
ifconfig -a
2. Take an interface offline
ifconfig interface_name down
3. Configure the interface
ifconfig interface_name ipaddress
4. Bring an interface online
ifconfig interface_name up
12
NOTE: virtual interfaces may also be configured
to be used with the iSCSI service
Configuring iSCSI Services in Data ONTAP
1. Verify iSCSI service is running
iscsi status
2. Verify iSCSI is licensed (license it if needed)
license
license add XXXXXX
3. Start the iSCSI service
iscsi start

13
Verify Interfaces
Verify the interface is enabled for iSCSI
iscsi interface show
By default, all interfaces are enabled
To enable the interface for iSCSI traffic
iscsi interface enable
interface_name
To disable iSCSI traffic for a particular
interface
iscsi interface disable
interface_name

14
Interface Access List
Administrators may force initiators to access
a storage system through certain interfaces
iscsi interface accesslist add
initiator_name {-a|interface_name}
By default, all initiators may use any interface
that is enabled for iSCSI traffic
To display the current access list, use
iscsi interface accesslist show
To remove an entry from the access list, use
iscsi interface accesslist remove
initiator_name {-a|interface_name}
15
Identifying WWN in Data ONTAP
WWN uniquely identifies the storage system
The default WWN is based upon the IQN
nomenclature
iqn.yyyy-mm.backward_naming_authority:device
yyyy-mm is the month and year in which the naming
authority acquired the domain name
backward_naming_authority is the reverse domain name
of the entity responsible for naming this device
device is the unique host name for the device
To identify the WWN:
system> iscsi nodename
iSCSI target nodename: iqn.1992-08.com.netapp:
sn.101169724
Remember WWPNs are not used within iSCSI
16
Windows as an iSCSI Initiator
NetApp has supported Windows as an iSCSI
Initiator OS since Windows Server 2000
Windows Server 2008 has many advantages
over previous versions
New tools
Storage Explorer
Storage Manager for SANs
Better iSCSI support
Windows must be properly configured for
iSCSI connectivity over a standard network
interface
17
FC Connectivity
Data ONTAP
Windows
Solaris
Windows Server 2003/2008 Configuration
1. Verify host operating system releases, required patches, and
NetApp iSCSI Host Utility Kit with Interoperability Matrix
Use System Properties Dialog
Interoperability Matrix can be found on the NOW site
2. Identify and verify a network interface is properly configured or
install a supported iSCSI HBA or TOE
3. If using standard network interface with Windows Server 2003,
install Microsoft iSCSI Software Initiator. In Windows Server
2008, the Software Initiator is preinstalled
4. Install compatible NetApp iSCSI Host Utility Kit for Windows
Provides Perl scripts to monitor and diagnose iSCSI on
Windows
Example: msiscsi_info.exe provides information about
the iSCSI configuration
18
Windows/NIC Implementation
After installation, to configure a Windows /
standard NIC / software initiator implementation:
Identify the local network interface(s) to use
Verify iSCSI Initiator driver is enabled and the
service is started
Identify the WWN for the local Windows host
Configure authentication security if necessary
Identify which method of discovery to use and
enter the storage systems portal IP address
Verify discovery and log on to the storage system

19
Windows/NIC Implementation (Cont.)
Identify and configure the local interfaces
20
Verify iSCSI Initiator
driver is enabled
Verify iSCSI Initiator
service is started
21
Windows 2008
version shown.
NOTE: In
Windows 2003,
this is called
SCSI and RAID
controllers
iSCSI Initiator may be configured through:
Windows Server 2008s Storage Explorer
iSCSI Initiator Properties Dialog
22
Select
and then
configure
iSCSI Initiator Properties Dialog - WWN
23
Current WWN
To change
the WWN
Discovery
Windows
Storage System
Ethernet
Ethernet
Initiator
Target
Discovery
is not
automatic
iSCSI Initiator Properties Dialog - Discovery

25
Click here to discovery
target portal
or add iSNS
server to poll
Add storage
systems IP address
To set security
iSCSI Authentication in Windows
To increase security, iSCSI may be configured
to require authentication
Authentication methods:
CHAP
Unidirectional - targets will authenticate initiators
Bidirectional - initiators and targets will
authenticate each other
RADIUS
This course will discuss using CHAP
authentication, but will not use it in the
exercise
26
iSCSI Unidirectional CHAP Authentication
Configure the discovery
to use the CHAP
authentication
27
system2> iscsi security add
-i iqn.1991-05.com.microsoft:win
-s CHAP
-n iqn.1991-05.com.microsoft:win
-p thisismysecret

To configure
bidirectional,
check here
and then...
iSCSI Bidirectional CHAP Authentication
Set Windows CHAP secret
28
Set CHAP
secret from switch -o
On the storage system:

system2> iscsi security add
-i iqn.1991-05.com.microsoft:win
-s CHAP
-n iqn.1991-05.com.microsoft:win
-p thisismysecret
-o thisismysecret2
-m iqn.1991-05.com.microsoft:win
iSCSI Initiator Properties Dialog - Discovered

29
Storage
system is
discovered
Binding
iSCSI binding or logging on is the process of
creating a session between an initiator and a
target
Persistent binding ensures that an initiator
binds to a target after a reboot of the initiator
OS
30
iSCSI Initiator Properties Dialog - Target

31
Storage
system is
discovered
Click here to
connect
To change the interface
used to connect with
iSCSI Initiator Properties Dialog - Connection

32
Note: console message appears

[system2: iscsi.notice:notice]:
ISCSI: New session from initiator
iqn.1991-05.com.microsoft:dev-
san20wn.development.netappu.com at
IP addr 10.254.134.40
iSCSI Initiator Properties Dialog - Disconnect

33
Select session and click
iSCSI persistent binding
34
Solaris as an iSCSI Initiator
NetApp has supported Solaris as an iSCSI
Initiator OS since Solaris 8
Solaris 10 has many advantages over previous
versions with:
Packages providing iSCSI device drivers and
utilities
iSCSI software initiator for standard network
interfaces
Solaris must be configured properly for iSCSI
connectivity over a standard network interface
35
FC Connectivity
Data ONTAP
Windows
Solaris
Solaris 10 Native OS Configuration
1. Verify host operating system releases, required patches, and
NetApp iSCSI Solaris Host Utility Kit with Interoperability Matrix
/etc/release
Interoperability Matrix can be found on the NOW site
2. Install iSCSI software packages and patches
SUNWiscsiu
SUNWiscsir
SPARC Patch 119090 or x86 Patch 119091 (prior to Update 4)
3. Identify and verify a network interface is properly configured
4. Install compatible iSCSI Solaris Host Utility Kit for Native OS
Provides Perl scripts to configure and tune Solaris for iSCSI
Example: sanlun application to manage LUNs from Solaris

36
Solaris/NIC Implementation
After installation, to configure a Solaris /
standard NIC / software initiator implementation:
Identify the local network interface(s) to use
Verify the WWN for the Solaris host
Configure authentication security if necessary
Identify which method of discovery to use and
enter the storage systems portal IP address
Verify discovery and binding to the storage
system

37
Solaris/NIC Implementation (Cont.)
Solaris 10 Update 2 and later has a software
initiator that supports a standard network
interface
Investigate current interface configuration
# ifconfig -a
lo0:
flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,
VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask
ff000000
eri0:
flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>
mtu 1500 index 2 inet 10.254.134.38 netmask fffffc00
broadcast 10.254.135.255 ether 0:3:ba:d:d0:9e

38
Interface to use
View the iSCSI initiator node name

39
#iscsiadm list initiator-node
Initiator node name: iqn.1986-03.com.sun:01:sun
Initiator node alias: -
Login Parameters (Default/Configured):
Header Digest: NONE/-
Data Digest: NONE/-
Authentication Type: NONE
RADIUS Server: NONE
RADIUS access: unknown
Configured Sessions: 0
Solaris WWN
Discovery
Solaris
Storage System
Ethernet
Ethernet
Initiator
Target
Discovery
is not
automatic
iSCSI Authentication in Solaris 10
To increase security, iSCSI maybe configured
to require authentication
Authentication methods:
CHAP
Unidirectional - targets will authenticate initiators
Bidirectional - initiators and targets will
authenticate each other
RADIUS
This course will discuss using CHAP
authentication, but will not use it in the
exercise
41
iSCSI Unidirectional CHAP Authentication
To configure unidirectional CHAP, set the CHAP
secret:

Enable unidirectional CHAP:

On the storage system, register the CHAP secret:

42
# iscsiadm modify initiator-node --CHAP-secret
Enter secret: thisismysecret
Re-enter secret: thisismysecret
# iscsiadm modify initiator-node --authentication CHAP
system> iscsi security add
-i iqn.1986-03.com.sun:01:sun
-s CHAP
-p thisismysecret
-n iqn.1986-03.com.sun:01:sun
Default name is the
same as the WWN
Not visible when typing
iSCSI Bidirectional CHAP Authentication
Configure unidirectional CHAP and then configure the
reverse direction:

On Solaris, register the storage systems CHAP secret:

On Solaris, enable bidirectional authentication

43
# iscsiadm modify target-param --CHAP-secret
iqn.1992-08.com.netapp:system
Enter secret: thisismysecret2
Re-enter secret: thisismysecret2
system> iscsi security add
-i iqn.1986-03.com.sun:01:sun
-s CHAP
-p thisismysecret
-n iqn.1986-03.com.sun:01:sun
-o thisismysecret2
-m iqn.1986-03.com.sun:01:sun

# iscsiadm modify target-param -B enable
iqn.1992-08.com.netapp:system
Set CHAP secret
from switch -o above
user name and password
of inbound and outbound
cannot be the same
Storage
systems
WWN
Discovery is possible through either:
Static discovery
iSCSI targets added manually
Send-targets discovery
IP address of the target is added
Initiator communicates to target over port 3260
Internet Storage Name Service (iSNS)
Centralized management of discovery and
configuration of iSCSI networks
This course will focus on the send-targets
discovery method
44
Add iSCSI discovery targets
# iscsiadm add discovery-address
10.254.134.36:3260

Enable dynamic iSCSI target discovery
# iscsiadm modify discovery
--sendtargets enable

45
Storage
systems IP
address
Explore the iSCSI targets discovered

46
#iscsiadm list target
Target: iqn.1992-08.com.netapp:sn.101169724
Alias: -
TPGT: 1000
ISID: 4000002a0000
Connections: 1
Storage systems
WWN
Solaris 10 iSCSI Binding
A session occurs automatically

To view the session on the storage system

47
#iscsiadm list target
Target: iqn.1992-08.com.netapp:sn.101169724
Alias: -
TPGT: 1000
ISID: 4000002a0000
Connections: 1
Session occurs
automatically with
Solaris 10
system> iscsi session show
Session 72
Initiator Information
Initiator Name: iqn.1986-03.com.sun:01:sun
ISID: 40:00:00:2a:00:00

Summary
A single-path iSCSI architecture is simple to
use but does not provide redundancy of a
multiple path
Unlike FC, iSCSI initiators and targets do not
automatically discover each other
iSCSI binding is the process of creating a
session between the initiator and target

48
FC Connectivity
Data ONTAP
Windows
Solaris
Exercise
Estimated Time: 60 minutes
49 2008 NetApp. All rights reserved.
Module Review
What is the format for the IQN model of WWNs
naming?
iqn.yyyy-mm.backward_naming_authority:device
What are the three possible iSCSI implementations on
a client?
Standard NIC with iSCSI software initiator
TOE card with iSCSI software initiator
iSCSI hardware initiator
What are the two techniques to authenticate iSCSI?
Unidirectional or bidirectional CHAP
RADIUS
51

iSCSI Connectivity: SAN Administration On Data ONTAP 7.3

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

iSCSI Connectivity: SAN Administration On Data ONTAP 7.3

Uploaded by

Copyright:

Available Formats

SAN Administration

on Data ONTAP 7.3

You might also like