As we know with vSAN 6.5, VMware released feature iSCSI Target and with new release of vSAN version 6.7, they have enhanced this feature. vSAN 6.7 now supports iSCSI target with SCSI Persistent Reservations for iSCSI shared disks. We can present the iSCSI-shared disks from vSAN to Virtual machines on the same vSAN cluster and officially support Microsoft WSFC “Windows Server Failover Clusters “. In this post, I will cover how to configure iSCSI target on vSAN 6.7 environment and about WSFC will discuss on another post as continuation of this .
iSCSI target service will support to enable the hosts and physical workloads that reside outside the vSAN cluster to access the vSAN datastore.This feature enables an iSCSI initiator on a remote host to transport block-level data to an iSCSI target on a storage device in the vSANcluster.
After you configure the vSAN iSCSI target service, you can discover the vSAN iSCSI targets from a remote host. To discover vSAN iSCSI targets, use the IP address of any host in the vSAN cluster, and the TCP port of the iSCSI target. To ensure high availability of the vSANiSCSI target, configure multipath support for your iSCSI application. You can use the IP addresses of two or more hosts to configure the multipath.
Note:- vSAN iSCSI target service does not support other vSphere or ESXi clients or initiators, third-party hypervisors, or migrations using raw device mapping (RDMs).
How to Enable iSCSI Target
First verify iSCSI Target service status by following below , by default this service will be disabled
Navigate to the vSAN cluster – > Configure -> vSAN -> iSCSI Target Service
Click on the Enable Option , new window will appear with enable vSAN option
Enable the iSCSI target service and add required details and Click Apply
You have to select the default network , TCP port, Authentication method and a vSAN Storage Policy.
You Can monitor the progress on the recent tasks
Once the Target service is enabled you will the options to configure the iSCSI Targets and do other related configurations
Create an iSCSI target
Click on ” + ” Add button to create new iSCSI target and from same window you can create the LUN and assign to the same target or you can skip this potion by remove the ” tick ” , you can use the vSphere Flex Client to do these configuration .
While creating iSCSI Target and LUN you have to fill various details
- VMKernel Interface
- iSCSI target Alias name
- TCP Port Number
- Authentication Method (CHAP and Mutual CHAP supported)
- The Storage Policy to be applied to the iSCSI Target
- LUN ID
- Alias for LUN
- Size of the LUN
- LUN ID
Storage Policy vSAN storage allocation for LUN , it gives you an example on the right hand side of what this looks like from a vSAN Perspective
After you create iSCSI target and LUN you will see similar configuration like below
You have Option to configure the access to iSCSI target , you may specify the IQNs / Add them to Group or Everyone
Additionally you can configure iSCSI initiator Groups to manage access to Targets
Navigate to vSAN Cluster->Configure ->vSAN -> iSCSI Initiator Groups to configure .
From a vSAN side iSCSI Target configuration and LUN maping has been completed, now you can login to Windows Machine configure the iSCSI Initiator .
Navigate to Administrative Tools -> iSCSI Initiator service -> Discovery Tab
and enter the IP Address of your iSCSI Target, my scenario host 1 and iSCSI IP is 192.168.1.50
If you are using CHAP/Mutual CHAP you can configure that also in advanced setting
After adding the IP of iSCSI target , Click on the “Targets” tab and you will find Target IQN as “Inactive”, click on Connect and select “Enable Multi Path” also .
Another main thing if you need MPIO for iSCSI, this has to enabled if it is not listed under “Administrative Tools” ,you can enable the feature from Server Manager -> Add Roles and Features
If MPIO is enabled make sure you have selected “Add support for iSCSI devices” , if you enable this a Reboot is required for Windows Machine . Also need to add another path ( ip of vmk of another host in vSAN cluster ) .
And you can configure the MPIO policy from -> iSCSI Targets -> Properties – > MCS / devices options
After adding the of iSCSI target and enable MPIO you will be able see the devices from device manager and you can enable and configure the new iSCSI disk on windows .
Navigate to Computer Management ->Disk Management , you will see newly added un-partitioned disk in offline mode .
You can Change to Online Mode -> Initialize ->Format and start using the disk .
In CHAP authentication, the target authenticates the initiator, but the initiator does not authenticate the target.
In mutual CHAP authentication, an extra level of security enables the initiator to authenticate the target.
You can add one or more iSCSI targets that provide storage blocks as logical unit numbers (LUNs). vSAN identifies each iSCSI target by a unique iSCSI qualified Name (IQN). You can use the IQN to present the iSCSI target to a remote iSCSI initiator so that the initiator can access the LUN of the target.
Each iSCSI target contains one or more LUNs. You define the size of each LUN, assign a vSAN storage policy to each LUN, and enable the iSCSI target service on a vSAN cluster. You can configure a storage policy to use as the default policy for the home object of the vSAN iSCSI target service.
iSCSI Initiator Groups
You can define a group of iSCSI initiators that have access to a specified iSCSI target. The iSCSI initiator group restricts access to only those initiators that are members of the group. If you do not define an iSCSI initiator or initiator group, then each target is accessible to all iSCSI initiators.
A unique name identifies each iSCSI initiator group. You can add one or more iSCSI initiators as members of the group. Use the IQN of the initiator as the member initiator name.