iSCSI Connectivity 2008 NetApp. All rights reserved. Objectives At the end of this module, you should be able to: Describe single-path implementation with iSCSI connectivity Describe how to configure network ports on Windows, Solaris, and NetApp systems Describe commands/utilities to identify the worldwide node (WWN) on Windows, Solaris, and NetApp systems
2 2008 NetApp. All rights reserved. iSCSI Connectivity 3 NetApp FAS iSCSI Connectivity Data ONTAP Windows Solaris Type of Topologies: 1.Direct-attached 2.Network iSCSI Ethernet 2008 NetApp. All rights reserved. 4 Direct-attached Topology Solaris Storage System 1 Windows iSCSI 2008 NetApp. All rights reserved. 5 Direct-attached Topology (Cont.) Solaris Storage System 1 Windows iSCSI X Windows no longer has connectivity with Storage System 1 1. Does not scale 2. No fault tolerance 2008 NetApp. All rights reserved. 6 Network Topology Solaris Storage System 1 Windows 0 1 2 3 4 5 6 7 2 4 6 iSCSI 2008 NetApp. All rights reserved. iSCSI Adapters Types Since iSCSI implements SAN over IP, administrators have choices on how to connect to an iSCSI network:
7 NIC & iSCSI Soft Initiator TOE & iSCSI Soft Initiator iSCSI Hardware Initiator/HBA
Network Interface IP TCP iSCSI SCSI Application Network Interface IP TCP iSCSI SCSI Application Other Protocols Network Interface IP TCP iSCSI SCSI Application Other Protocols Server Processing NIC/HBA Processing 2008 NetApp. All rights reserved. Topology Summary Single path connectivity: Is simple Doesnt provide redundancy for losing a switch or cable NOTE: In Module 9, we will discuss a multipath iSCSI implementation that overcomes some of the limitations of a single-path design
8 2008 NetApp. All rights reserved. Compatible Operating Systems Target operating system (OS): Data ONTAP Initiator OS: Solaris Windows AIX HP-UX VMware Linux (Red Hat, SuSE, Oracle) NOTE: This course will focus only on Solaris, Windows, and Data ONTAP 7.3 9 2008 NetApp. All rights reserved. Discovery For an initiator and target to communicate, the initiator must discover the target Proper configuration of the initiator OS is required for discovery Discovery is accomplished over TCP port 3260 We will investigate: Data ONTAP setup Windows Server 2003/2008 software initiator with a standard NIC Solaris 10 native software initiator with a standard NIC
10 2008 NetApp. All rights reserved. Data ONTAP as an iSCSI Target Data ONTAP 6.4 and later has support for iSCSI Data ONTAP features: Built-in iSCSI service Simple LUN creation and management Data ONTAP must be properly configured for iSCSI connectivity 1. Configure IP interfaces 2. Configure iSCSI services 3. Configure the iSCSI interfaces 4. Identify the worldwide name (WWN) 11 FC Connectivity Data ONTAP Windows Solaris 2008 NetApp. All rights reserved. Configuring Interfaces 1. List the available interfaces ifconfig -a 2. Take an interface offline ifconfig interface_name down 3. Configure the interface ifconfig interface_name ipaddress 4. Bring an interface online ifconfig interface_name up 12 NOTE: virtual interfaces may also be configured to be used with the iSCSI service 2008 NetApp. All rights reserved. Configuring iSCSI Services in Data ONTAP 1. Verify iSCSI service is running iscsi status 2. Verify iSCSI is licensed (license it if needed) license license add XXXXXX 3. Start the iSCSI service iscsi start
13 2008 NetApp. All rights reserved. Verify Interfaces Verify the interface is enabled for iSCSI iscsi interface show By default, all interfaces are enabled To enable the interface for iSCSI traffic iscsi interface enable interface_name To disable iSCSI traffic for a particular interface iscsi interface disable interface_name
14 2008 NetApp. All rights reserved. Interface Access List Administrators may force initiators to access a storage system through certain interfaces iscsi interface accesslist add initiator_name {-a|interface_name} By default, all initiators may use any interface that is enabled for iSCSI traffic To display the current access list, use iscsi interface accesslist show To remove an entry from the access list, use iscsi interface accesslist remove initiator_name {-a|interface_name} 15 2008 NetApp. All rights reserved. Identifying WWN in Data ONTAP WWN uniquely identifies the storage system The default WWN is based upon the IQN nomenclature iqn.yyyy-mm.backward_naming_authority:device yyyy-mm is the month and year in which the naming authority acquired the domain name backward_naming_authority is the reverse domain name of the entity responsible for naming this device device is the unique host name for the device To identify the WWN: system> iscsi nodename iSCSI target nodename: iqn.1992-08.com.netapp: sn.101169724 Remember WWPNs are not used within iSCSI 16 2008 NetApp. All rights reserved. Windows as an iSCSI Initiator NetApp has supported Windows as an iSCSI Initiator OS since Windows Server 2000 Windows Server 2008 has many advantages over previous versions New tools Storage Explorer Storage Manager for SANs Better iSCSI support Windows must be properly configured for iSCSI connectivity over a standard network interface 17 FC Connectivity Data ONTAP Windows Solaris 2008 NetApp. All rights reserved. Windows Server 2003/2008 Configuration 1. Verify host operating system releases, required patches, and NetApp iSCSI Host Utility Kit with Interoperability Matrix Use System Properties Dialog Interoperability Matrix can be found on the NOW site 2. Identify and verify a network interface is properly configured or install a supported iSCSI HBA or TOE 3. If using standard network interface with Windows Server 2003, install Microsoft iSCSI Software Initiator. In Windows Server 2008, the Software Initiator is preinstalled 4. Install compatible NetApp iSCSI Host Utility Kit for Windows Provides Perl scripts to monitor and diagnose iSCSI on Windows Example: msiscsi_info.exe provides information about the iSCSI configuration 18 2008 NetApp. All rights reserved. Windows/NIC Implementation After installation, to configure a Windows / standard NIC / software initiator implementation: Identify the local network interface(s) to use Verify iSCSI Initiator driver is enabled and the service is started Identify the WWN for the local Windows host Configure authentication security if necessary Identify which method of discovery to use and enter the storage systems portal IP address Verify discovery and log on to the storage system
19 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) Identify and configure the local interfaces 20 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) Verify iSCSI Initiator driver is enabled Verify iSCSI Initiator service is started 21 Windows 2008 version shown. NOTE: In Windows 2003, this is called SCSI and RAID controllers 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI Initiator may be configured through: Windows Server 2008s Storage Explorer iSCSI Initiator Properties Dialog 22 Select and then configure 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI Initiator Properties Dialog - WWN 23 Current WWN To change the WWN 2008 NetApp. All rights reserved. 24 Discovery Windows Storage System Ethernet Ethernet Initiator Target Discovery is not automatic 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI Initiator Properties Dialog - Discovery
25 Click here to discovery target portal or add iSNS server to poll Add storage systems IP address To set security 2008 NetApp. All rights reserved. iSCSI Authentication in Windows To increase security, iSCSI may be configured to require authentication Authentication methods: CHAP Unidirectional - targets will authenticate initiators Bidirectional - initiators and targets will authenticate each other RADIUS This course will discuss using CHAP authentication, but will not use it in the exercise 26 2008 NetApp. All rights reserved. iSCSI Unidirectional CHAP Authentication Configure the discovery to use the CHAP authentication 27 system2> iscsi security add -i iqn.1991-05.com.microsoft:win -s CHAP -n iqn.1991-05.com.microsoft:win -p thisismysecret
To configure bidirectional, check here and then... 2008 NetApp. All rights reserved. iSCSI Bidirectional CHAP Authentication Set Windows CHAP secret 28 Set CHAP secret from switch -o On the storage system:
system2> iscsi security add -i iqn.1991-05.com.microsoft:win -s CHAP -n iqn.1991-05.com.microsoft:win -p thisismysecret -o thisismysecret2 -m iqn.1991-05.com.microsoft:win 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI Initiator Properties Dialog - Discovered
29 Storage system is discovered 2008 NetApp. All rights reserved. Binding iSCSI binding or logging on is the process of creating a session between an initiator and a target Persistent binding ensures that an initiator binds to a target after a reboot of the initiator OS 30 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI Initiator Properties Dialog - Target
31 Storage system is discovered Click here to connect To change the interface used to connect with 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI Initiator Properties Dialog - Connection
32 Note: console message appears
[system2: iscsi.notice:notice]: ISCSI: New session from initiator iqn.1991-05.com.microsoft:dev- san20wn.development.netappu.com at IP addr 10.254.134.40 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI Initiator Properties Dialog - Disconnect
33 Select session and click 2008 NetApp. All rights reserved. Windows/NIC Implementation (Cont.) iSCSI persistent binding 34 2008 NetApp. All rights reserved. Solaris as an iSCSI Initiator NetApp has supported Solaris as an iSCSI Initiator OS since Solaris 8 Solaris 10 has many advantages over previous versions with: Packages providing iSCSI device drivers and utilities iSCSI software initiator for standard network interfaces Solaris must be configured properly for iSCSI connectivity over a standard network interface 35 FC Connectivity Data ONTAP Windows Solaris 2008 NetApp. All rights reserved. Solaris 10 Native OS Configuration 1. Verify host operating system releases, required patches, and NetApp iSCSI Solaris Host Utility Kit with Interoperability Matrix /etc/release Interoperability Matrix can be found on the NOW site 2. Install iSCSI software packages and patches SUNWiscsiu SUNWiscsir SPARC Patch 119090 or x86 Patch 119091 (prior to Update 4) 3. Identify and verify a network interface is properly configured 4. Install compatible iSCSI Solaris Host Utility Kit for Native OS Provides Perl scripts to configure and tune Solaris for iSCSI Example: sanlun application to manage LUNs from Solaris
36 2008 NetApp. All rights reserved. Solaris/NIC Implementation After installation, to configure a Solaris / standard NIC / software initiator implementation: Identify the local network interface(s) to use Verify the WWN for the Solaris host Configure authentication security if necessary Identify which method of discovery to use and enter the storage systems portal IP address Verify discovery and binding to the storage system
37 2008 NetApp. All rights reserved. Solaris/NIC Implementation (Cont.) Solaris 10 Update 2 and later has a software initiator that supports a standard network interface Investigate current interface configuration # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4, VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.254.134.38 netmask fffffc00 broadcast 10.254.135.255 ether 0:3:ba:d:d0:9e
38 Interface to use 2008 NetApp. All rights reserved. Solaris/NIC Implementation (Cont.) View the iSCSI initiator node name
39 #iscsiadm list initiator-node Initiator node name: iqn.1986-03.com.sun:01:sun Initiator node alias: - Login Parameters (Default/Configured): Header Digest: NONE/- Data Digest: NONE/- Authentication Type: NONE RADIUS Server: NONE RADIUS access: unknown Configured Sessions: 0 Solaris WWN 2008 NetApp. All rights reserved. 40 Discovery Solaris Storage System Ethernet Ethernet Initiator Target Discovery is not automatic 2008 NetApp. All rights reserved. iSCSI Authentication in Solaris 10 To increase security, iSCSI maybe configured to require authentication Authentication methods: CHAP Unidirectional - targets will authenticate initiators Bidirectional - initiators and targets will authenticate each other RADIUS This course will discuss using CHAP authentication, but will not use it in the exercise 41 2008 NetApp. All rights reserved. iSCSI Unidirectional CHAP Authentication To configure unidirectional CHAP, set the CHAP secret:
Enable unidirectional CHAP:
On the storage system, register the CHAP secret:
42 # iscsiadm modify initiator-node --CHAP-secret Enter secret: thisismysecret Re-enter secret: thisismysecret # iscsiadm modify initiator-node --authentication CHAP system> iscsi security add -i iqn.1986-03.com.sun:01:sun -s CHAP -p thisismysecret -n iqn.1986-03.com.sun:01:sun Default name is the same as the WWN Not visible when typing 2008 NetApp. All rights reserved. iSCSI Bidirectional CHAP Authentication Configure unidirectional CHAP and then configure the reverse direction:
On Solaris, register the storage systems CHAP secret:
# iscsiadm modify target-param -B enable iqn.1992-08.com.netapp:system Set CHAP secret from switch -o above user name and password of inbound and outbound cannot be the same Storage systems WWN 2008 NetApp. All rights reserved. Solaris/NIC Implementation (Cont.) Discovery is possible through either: Static discovery iSCSI targets added manually Send-targets discovery IP address of the target is added Initiator communicates to target over port 3260 Internet Storage Name Service (iSNS) Centralized management of discovery and configuration of iSCSI networks This course will focus on the send-targets discovery method 44 2008 NetApp. All rights reserved. Solaris/NIC Implementation (Cont.) Add iSCSI discovery targets # iscsiadm add discovery-address 10.254.134.36:3260
45 Storage systems IP address 2008 NetApp. All rights reserved. Solaris/NIC Implementation (Cont.) Explore the iSCSI targets discovered
46 #iscsiadm list target Target: iqn.1992-08.com.netapp:sn.101169724 Alias: - TPGT: 1000 ISID: 4000002a0000 Connections: 1 Storage systems WWN 2008 NetApp. All rights reserved. Solaris 10 iSCSI Binding A session occurs automatically
To view the session on the storage system
47 #iscsiadm list target Target: iqn.1992-08.com.netapp:sn.101169724 Alias: - TPGT: 1000 ISID: 4000002a0000 Connections: 1 Session occurs automatically with Solaris 10 system> iscsi session show Session 72 Initiator Information Initiator Name: iqn.1986-03.com.sun:01:sun ISID: 40:00:00:2a:00:00
2008 NetApp. All rights reserved. Summary A single-path iSCSI architecture is simple to use but does not provide redundancy of a multiple path Unlike FC, iSCSI initiators and targets do not automatically discover each other iSCSI binding is the process of creating a session between the initiator and target
48 FC Connectivity Data ONTAP Windows Solaris 2008 NetApp. All rights reserved. 49 Exercise Estimated Time: 60 minutes 49 2008 NetApp. All rights reserved. 2008 NetApp. All rights reserved. Module Review What is the format for the IQN model of WWNs naming? iqn.yyyy-mm.backward_naming_authority:device What are the three possible iSCSI implementations on a client? Standard NIC with iSCSI software initiator TOE card with iSCSI software initiator iSCSI hardware initiator What are the two techniques to authenticate iSCSI? Unidirectional or bidirectional CHAP RADIUS 51