As we know with vSAN 6.5, VMware released feature iSCSI Target and with new release of vSAN version 6.7, they have enhanced this feature. vSAN 6.7 now supports iSCSI target with SCSI Persistent Reservations for iSCSI shared disks. We can present the iSCSI-shared disks from vSAN to Virtual machines on the same vSAN cluster and officially support Microsoft WSFC “Windows Server Failover Clusters “. In this post, I will cover how to configure iSCSI target on vSAN 6.7 environment and about WSFC will discuss on another post as continuation of this .

iSCSI target service will support to enable the hosts and physical workloads that reside outside the vSAN cluster to access the vSAN datastore.This feature enables an iSCSI initiator on a remote host to transport block-level data to an iSCSI target on a storage device in the vSANcluster.

After you configure the vSAN iSCSI target service, you can discover the vSAN iSCSI targets from a remote host. To discover vSAN iSCSI targets, use the IP address of any host in the vSAN cluster, and the TCP port of the iSCSI target. To ensure high availability of the vSANiSCSI target, configure multipath support for your iSCSI application. You can use the IP addresses of two or more hosts to configure the multipath.

Enable the iSCSI target service  and add required details and Click Apply

You have to select the default network , TCP port, Authentication method and a vSAN Storage Policy.

You Can monitor the progress on the recent tasks

Once the Target service is enabled you will the options to configure the iSCSI Targets and do other related configurations

Create an iSCSI target

Click on ” + ”  Add button  to create new iSCSI target and  from same window you can create the LUN and assign to the same target or you can skip this potion by remove the ” tick ”  , you can use the vSphere Flex Client to do these configuration .

While creating iSCSI Target and LUN  you have to fill various details

• VMKernel Interface
• iSCSI target Alias name
• TCP Port Number
• Authentication Method (CHAP and Mutual CHAP supported)
• The Storage Policy to be applied to the iSCSI Target
• LUN ID
• Alias for LUN
• Size of the LUN
• LUN ID

Storage Policy vSAN storage allocation for LUN , it gives you an example on the right hand side of what this looks like from a vSAN Perspective

After you create iSCSI target and LUN you will see similar configuration  like below

You have Option to configure the access to iSCSI target , you may specify the IQNs / Add them to Group or Everyone

Additionally you can configure iSCSI initiator Groups to manage  access to Targets

Navigate to vSAN Cluster->Configure ->vSAN -> iSCSI Initiator Groups to configure .

From a vSAN side iSCSI Target configuration and LUN maping has been completed, now you can login to Windows Machine  configure the iSCSI Initiator  .

Navigate to Administrative Tools -> iSCSI Initiator service -> Discovery Tab

and enter the IP Address of your iSCSI Target, my scenario host 1 and iSCSI IP is 192.168.1.50

If you are using CHAP/Mutual CHAP you can configure that also in advanced setting

After adding the IP of iSCSI target , Click on the “Targets” tab and you  will find Target IQN as “Inactive”, click on Connect and select “Enable Multi Path” also .

 

Another main thing if you need MPIO for iSCSI, this has to enabled if it is not listed under “Administrative Tools” ,you can enable the feature from Server Manager -> Add Roles and Features

If MPIO is enabled make sure you have selected “Add support for iSCSI devices” , if you enable this a Reboot is required for Windows Machine . Also need to add another path ( ip of vmk of another host in vSAN cluster  ) .

And you can configure the MPIO policy from -> iSCSI Targets -> Properties – > MCS / devices options

After adding the of  iSCSI target and enable MPIO you will be able see the devices from device manager and you can enable and configure the new iSCSI disk on windows .

Navigate to Computer Management ->Disk Management , you will see newly added un-partitioned disk in offline mode .

You can Change to Online Mode -> Initialize ->Format and start using the disk .

 

Additional Information 

CHAP

In CHAP authentication, the target authenticates the initiator, but the initiator does not authenticate the target.

Mutual CHAP

In mutual CHAP authentication, an extra level of security enables the initiator to authenticate the target.

iSCSI Targets

You can add one or more iSCSI targets that provide storage blocks as logical unit numbers (LUNs). vSAN identifies each iSCSI target by a unique iSCSI qualified Name (IQN). You can use the IQN to present the iSCSI target to a remote iSCSI initiator so that the initiator can access the LUN of the target.

Each iSCSI target contains one or more LUNs. You define the size of each LUN, assign a vSAN storage policy to each LUN, and enable the iSCSI target service on a vSAN cluster. You can configure a storage policy to use as the default policy for the home object of the vSAN iSCSI target service.

iSCSI Initiator Groups

You can define a group of iSCSI initiators that have access to a specified iSCSI target. The iSCSI initiator group restricts access to only those initiators that are members of the group. If you do not define an iSCSI initiator or initiator group, then each target is accessible to all iSCSI initiators.

A unique name identifies each iSCSI initiator group. You can add one or more iSCSI initiators as members of the group. Use the IQN of the initiator as the member initiator name.

Reference 

Recommended to read the iSCSI Target Configuration from VMware Library  and iSCSI target usage guide for more information about using the vSAN iSCSI target service