You are on page 1of 4

What is ISCSI and How iSCSI Works

iSCSI stands for internet SCSI, or internet Small Computer Systems Interface. iSCSI is the transmission of SCSI commands and data over IP (Internet Protocol) Networks. How iSCSI Works: When an end user or application sends a request, the operating system generates the appropriate SCSI commands and data request, which then go through encapsulation and, if necessary, encryption procedures. A packet header is added before the resulting IP packets are transmitted over an Ethernet connection. When a packet is received, it is decrypted (if it was encrypted before transmission), and disassembled, separating the SCSI commands and request. The SCSI commands are sent on to the SCSI controller, and from there to the SCSI storage device. Because iSCSI is bi-directional, the protocol can also be used to return data in response to the original request. iSCSI is one of two main approaches to storage data transmission over IP networks; the other method, Fibre Channel over IP (FCIP), translates Fibre Channel control codes and data into IP packets for transmission between geographically distant Fibre Channel SANs. FCIP (also known as Fibre Channel tunneling or storage tunneling) can only be used in conjunction with Fibre Channel technology; in comparison, iSCSI can run over existing Ethernet networks. A number of vendors, including Cisco, IBM, and Nishan have introduced iSCSI-based products (such as switches and routers).

How iSCSI authentication works
During the initial stage of an iSCSI session, the initiator sends a login request to the storage system to begin an iSCSI session. The storage system will then either permit or deny the login request, or determine that a login is not required.
iSCSI authentication methods are:

Challenge Handshake Authentication Protocol (CHAP)—The initiator logs in using a CHAP user name and password. You can specify a CHAP password or generate a random password. There are two types of CHAP user names and passwords:

Inbound—The storage system authenticates the initiator.

Inbound settings are required if you are using CHAP authentication.

Outbound—This is an optional setting to enable the initiator to authenticate the storage system.

You can define a list of initiators and their authentication methods. Essentially a protocol carrying SCSI commands over IP networks. the CHAP authentication settings are configured separately for each vFiler unit.   deny—The initiator is denied access to the storage system. an IP-based storage networking standard for connecting data storage entities.You can use outbound settings only if you defined an inbound user name and password on the storage system. . If you use iSCSI with vFiler units. developed by the Internet Engineering Task Force (IETF). none—The storage system does not require authentication for the initiator. The default iSCSI authentication method is none. Internet Storage Name Service References Introduction iSCSI (Internet Small Computer System Interface). However. which means any initiator not in the authentication list can log in to the storage system without authentication. You can also define a default authentication method that applies to initiators that are not on this list. You are here: Home / Quick and Dirty Guide to iSCSI Implementation Quick and Dirty Guide to iSCSI Implementation A Quick and Dirty Guide to iSCSI Implementation -Rajeev Karamchedu Introduction How does it work? Implementation Environment Target Setup on the Filer Initiator Setup Automounting iSCSI How Fast Is It ? Implementing iSCSI Security iSNS. Each vFiler unit has its own default authentication mode and list of initiators and passwords. iSCSI can be a cheap and effective alternative for storage administrators who are otherwise struggling to strike a balance between the high-cost and complex implementations of FC-SAN (Fibre Channel Storage Area Networks) and the performance limitations and overhead of NAS (Network Attached Storage). you can change the default method to deny or CHAP.

akin to the DNS resolution. Currently. partitioning. no more than one initiator can have read/write access to the specific iSCSI device at a time. then that packet can be sent to the target (server). iSCSI uses iSCSI addresses. iSCSI-HBAs are used to offload the processing overhead from the primary CPU(s) to the dedicated HBA. it translates that request into pure SCSI commands and assembles that into an IP packet (additionally performing encapsulation and/or encryption). iSCSI-HBAs are referred to as “hardware initiators”.x Fibre Channel implementation uses WWPN (World Wide Port Names) and WWNN (World Wide Node Names) to identify devices. That can be solved by using iSCSI-HBAs which are much like Fibre Channel HBAs but for iSCSI. The protocol is also bi-directional so the data can be sent back as a reply to the request. In an iSCSI implementation.For the sake of completeness. “Software Initiators” are simply drivers loaded into the OS that will enable iSCSI communications. iFCP translates a Fibre Channel frame to IP and then translates it back after it reaches the destination. they can . FCIP is a tunneling protocol to send FC frames in tact over IP. Once they are aware of each other. iSCSI HBAs are relatively much cheaper than the FC-HBAs. it is possible that you can mount a iSCSI device as read-only on multiple initiators. How does it work? iSCSI is a Client-Server based protocol. the storage that is offered by the target appears as local disk to the initiator. Those who have accounts with Cisco can also download the Cisco iSCSI driver for Linux. Windows and Solaris. Both of those protocols are NOT implemented on a server but are rather used to connect remote SANs together. Implementation Environment This document reflects the following environment-specific implementation details and command sets. When the initiator (client) receives request for a piece of data on the server. Target: Network Appliance Filer running Initiator: Intel P4 Desktop running Suse 9. HPUX. On the target. Consult the Resources section for links to other implementations. The client can make block-based operations on that storage. the iSCSI protocol extracts the SCSI commands (performing de-capsulation and/or de-cryption in the process) and sends the SCSI commands to the SCSI controller. these “nodes” need to know about each other. it should be noted that there are TWO other protocols similar to iSCSI where IP networks are used to move data packets. at the time of this writing.2 (2. the iSCSI Linux Initiator software and the iSCSI NetWare Initiator software.5. However. The downside of iSCSI is that all this processing can be a burden on the client’s cpu. Since this involves formatting the disk.8-24. Using the IP networks.6. creating a file system on the disk. without any distance limitations that traditional SCSI suffers. we can use the following software initiators for free: the iSCSI Microsoft Windows Initiator software. iFCP and FCIP. except that the client process requesting data is called an “initiator” and the server process serving the data is called a “target”.14-smp) Data ONTAP 6. Once all the targets and initiators are assigned and configured with iSCSI addresses.

the iSCSI initiator address may look like his: iqn. A (very) brief discussion of the two formats is below.communicate and the initiator can access the storage from the on a linux box.nnnnnnnnnnnnnnnn eui Format is used when a manufacturer is already registered with the IEEE Registration Authority and uses EUI-64 formatted worldwide unique names for its products The iscsi driver/initiator software found in today’s Linux distributions is a open-source version of the one Cisco provides and uses the iqn format.12a14c2dcab9 eui Format: eui.backward_naming_authority:unique_device_name For e.yyyy-mm. The Network Appliance file servers also use an iqn format for target addressing. Details of how this is accomplished is discussed later in this document.   iqn Format: iqn.g. iSCSI addresses come in two formats: iSCSI Qualified Name (iqn) or IEEE EUI-64 (eui) format.