VMA02 iSCSI For AIX and VIO Leibl Andreas

iSCSI for AIX and VIO Server
Introduction and Configuration
Andreas Leibl (andreas.leibl@rstc-ltd.co.uk)

RSTC Ltd, Bristol, UK
STG Technical Conferences 2009 © 2009 IBM Corporation
Monday, 19 October 2009

STG Technical Conferences 2009
Andreas Leibl
 RSTC Ltd
 based in Bristol, UK
 and Ulm, Germany
 http://www.rstc-ltd.co.uk/
 Email: andreas.leibl@rstc-ltd.co.uk
 If you have any questions about the talk feel free to send me an
email!
 Or contact me in
 LinkedIn: http://www.linkedin.com/in/aleibl
 Xing: https://www.xing.com/profile/Andreas_Leibl
2 iSCSI for AIX and VIOS | Introduction and Configuration © 2009 IBM Corporation

Questions?
 If you have a question ask right away
 If you don’t ask I can’t answer!
 Or email me later: andreas.leibl@rstc-ltd.co.uk

What you should know already....
 AIX administration in general
 Device and disk management in AIX
 TCP/IP configuration in AIX

Agenda
 What is iSCSI?
 iSCSI storage example: Openfiler
 Configuring iSCSI targets
 Configuring iSCSI in AIX
 Configuring iSCSI in the Virtual I/O (VIO) Server

What is iSCSI?
 Open standard RFC 3720

 (http://tools.ietf.org/html/rfc3720)
 SCSI commands over IP
 Does not require dedicated, special-purpose cabling like

Fibre Channel (FC)
 Allows to build Storage Area Networks (SAN) over an existing

infrastructure

What does iSCSI offer?
 Offers block devices like FC
 Not to be confused with Network Attached Storage

 Although many NAS devices also offer iSCSI
 NAS refers to filesystem type exports like NFS or SMB/CIFS
 Long distances supported (although signal run-time might be an

issue)
 Can be an alternative to FC or an intermediate step for storage

consolidation

How does iSCSI work?
 Uses TCP/IP
 typically ports 860 and 3260
 iSCSI client is called initiator

 typically an AIX, Linux or other operating system
 Initiators can be hardware or software

 Hardware: dedicated iSCSI adapters
 Software: operating system
 iSCSI “server” is called target

 Storage arrays
 NAS gateways
 Some operating systems or appliances like Openfiler
 Disks are LUNs associated with a target

Support for iSCSI?
 Basically in all modern operating systems
 AIX supports iSCSI since AIX 5.2
 Power Systems can boot from iSCSI

Address formats in iSCSI
 Three formats
 Most common: iSCSI Qualified Name (IQN)

 Format: iqn.yyyy-mm.<reversed domain name>:<arbitrary text>
 Example: iqn.2009-10.uk.co.rstc-ltd.openfiler02:disk.for.tlpar1.rootvg
 Extended Unique Identifier (EUI)

 Format: eui.<EUI-64 bit address>
 Example: eui.1234567890ABCDEF
 T11 Network Address Authority (NAA)

 Format: naa.<NAA 64 or 128 bit identifier>
 Example: naa.1234567890ABCDEF

Addressing initiators and targets in iSCSI
 To address an iSCSI participant (target or initiator) one requires:
 Hostname or IP address
 e.g. openfiler02.mydomain.com, 192.168.178.99
 Port number
 usually 3260
 iSCSI name
 e.g. iqn.2009-10.uk.co.rstc-ltd.openfiler02:disk.for.tlpar1.rootvg
 A CHAP secret
 Authentication with CHAP secrets is optional

Name Service for iSCSI: iSNS
 Internet Storage Name Service (iSNS)
 Management Model analogue FC SANs
 Useful for large iSCSI deployments
 Not covered in this talk

iSCSI Authentication
 Authentication is optional
 Authentication by CHAP protocol

 challenge-response
 three-way handshake
 No clear text passwords
 But vulnerable to certain attacks

 need to choose the passwords carefully
 Mitigation: restrict network access

 VLANs
 IPSec
 Other VPNs

iSCSI Access Control
 In addition to authentication LUN mapping prevents unauthorized

access
 Analogue to SAN LUN mapping
 Targets (disks, tapes) are explicitly mapped to initiators

Advantages of iSCSI over FC
 Can use existing IP infrastructure
 Even if dedicated infrastructure is deployed (switches, cards) the

price is significantly lower
 iSCSI storage devices usually attractively priced
 iSCSI storage can be created using standard hardware
 Ideal for less critical data

 Test systems
 Less frequently accessed data
 Data with less strict requirements on latency
 Temporary data
 Scratch data

iSCSI Performance Considerations
 Throughput depends on free network bandwidth
 Special iSCSI cards can increase speed and reduce latency and
CPU load
 Alternatively, ethernet cards with TCP Offload Engine (TOE) can

provide a performance boost

iSCSI Storage
 Dedicated storage systems, e.g. IBM N series

 N3000 (up to 68TB)
 N5000 (up to 504TB)
 N6000 (up to 804TB)
 N7000 (up to 1.176PB)
 iSCSI to SAN gateway

 e.g. IBM System Storage N series Gateway
 Most Unix servers (including Linux and AIX)
 Standard PC/Linux based appliances

 e.g. Openfiler

Agenda
 What is iSCSI?

What is Openfiler
 Openfiler is a Linux based appliance (x86 and x64)
 Can be installed natively (bare metal) or in a virtual machine

 VMware
 Xen
 Virtual Iron
 Parallels
 Free download: http://www.openfiler.com/

 Support not free
 Disclaimer: not affiliated with Openfiler

 The author, RSTC Ltd and IBM are not affiliated with the Openfiler project

Openfiler Features
 Web-based interface
 Not only iSCSI

 NFS
 SMB/CIFS
 FTP
 Rsync
 Storage Consolidation
 Alternative SAN gateway

Agenda
 What is iSCSI?

iSCSI targets
 Need to select an iSCSI name

 e.g. iqn.2009-10.uk.co.rstc-ltd.openfiler02:disk.for.tlpar1.rootvg
 Text after the colon is useful to identify a target and it’s purpose
 Should select a CHAP secret

 CHAP secrets are optional but highly recommended
 Choose different secrets for different initiators

Creating an iSCSI target in Openfiler
 Go to “Volumes” - “iSCSI Targets”
 In “Target IQN” enter a new name or select the generated default
 Hit the add button

Creating an iSCSI target disk in Openfiler
 Go to “Volume Groups”
 Enter the disk details and select type “iSCSI”
 Hit the create button

Map the disk to the target device
 Go to “iSCSI targets”
 Select the target IQN
 Go to the “LUN Mapping” tab
 Click on the “Map” button
 You’re done (on the storage side)

Agenda
 What is iSCSI?

Configuring iSCSI in AIX: iSCSI Adapter or Protocol Device
 If a special iSCSI card is installed configure iSCSI Adapter
 If normal ethernet adapter is used configure iSCSI Protocol Device
 SMIT shortcut: smit iscsi

Configuring iSCSI in AIX: iSCSI Adapter or Protocol Device
 Example: iSCSI Protocol Device

Change / Show Characteristics of an iSCSI Protocol Device
Type or select values in entry fields.

Press Enter AFTER making all desired changes.
[Entry Fields]
iSCSI Protocol Device iscsi0
Description iSCSI Protocol Device
Status Available File or ODM
iSCSI Initiator Name [iqn.clienthostname.ho> or iSNS
Maximum number of commands to queue to driver [200] +#
Discovery Policy file +
Maximum Targets Allowed [16] +#
Apply change to DATABASE only no +
F1=Help F2=Refresh F3=Cancel F4=List

Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do

Configuring iSCSI in AIX: Target Configuration
 Flat file configuration

 simple
 easy to understand and debug
 not suitable for disks needed during boot time
 ideal to get started
 ODM configuration
 suitable for boot disks

iSCSI Flat File Configuration in AIX
 Configuration file: /etc/iscsi/targets
 Format: one line per target (fields separated by spaces)

 Hostname or IP address
 Port number (usually 3260)
 IQN
 CHAP secret (optional)
 Example:
10.1.2.3 3260 iqn.2006-01.com.of:tsn.tmachine1.t01 "bigsecret"

iSCSI ODM Configuration in AIX
 Set the iSCSI protocol device to “odm”
 smit iscsi
 “Add an iSCSI Target Device in ODM” - “Add a Statically Discovered iSCSI Target
Device in ODM”
Add a Statically Discovered iSCSI Target Device in ODM
Type or select values in entry fields.

Press Enter AFTER making all desired changes.
[Entry Fields]
iSCSI Adapter iscsi0
iSCSI Target Name []
IP Address of iSCSI Target []
Port Number of iSCSI Target []
Password []

Discovering an iSCSI disk: cfgmgr
 Example: iSCSI Protocol Device
# cfgmgr -vl iscsi0

----------------
Attempting to configure device 'iscsi0'
Time: 0 LEDS: 0x25b0
Invoking /usr/lib/methods/cfgiscsi -l iscsi0
Number of running methods: 1
----------------
Completed method for: iscsi0, Elapsed time = 0
Return code = 0
***** stdout *****
hdisk1
*** no stderr ****
----------------
...
...
# lsdev -Cc disk

hdisk0 Available Virtual SCSI Disk Drive
hdisk1 Available Other iSCSI Disk Drive

Agenda
 What is iSCSI?
 Configuring iSCSI in the Virtual I/O Server

Configuring iSCSI on the VIO Server
 iSCSI for VIO Server is supported
 VIOS command line interface (CLI) does not offer iSCSI

configuration commands
 Need to use oem_setup_env
 Configuration identical to normal AIX

 VIOS is an AIX based appliance

Questions?
Thank you for your attention!

VMA02 iSCSI For AIX and VIO Leibl Andreas

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VMA02 iSCSI For AIX and VIO Leibl Andreas

Uploaded by

Copyright:

Available Formats

iSCSI for AIX and VIO Server

Introduction and Configuration

Andreas Leibl (andreas.leibl@rstc-ltd.co.uk)

STG Technical Conferences 2009 © 2009 IBM Corporation

Monday, 19 October 2009

Monday, 19 October 2009

 If you have a question ask right away

 If you don’t ask I can’t answer!

 Or email me later: andreas.leibl@rstc-ltd.co.uk

Monday, 19 October 2009

What you should know already....

 AIX administration in general

 Device and disk management in AIX

 TCP/IP configuration in AIX

Monday, 19 October 2009

 iSCSI storage example: Openfiler

 Configuring iSCSI targets

 Configuring iSCSI in AIX

 Configuring iSCSI in the Virtual I/O (VIO) Server

Monday, 19 October 2009

 Open standard RFC 3720

 SCSI commands over IP

 Does not require dedicated, special-purpose cabling like

 Allows to build Storage Area Networks (SAN) over an existing

Monday, 19 October 2009

What does iSCSI offer?

 Offers block devices like FC

 Not to be confused with Network Attached Storage

 Long distances supported (although signal run-time might be an

 Can be an alternative to FC or an intermediate step for storage

Monday, 19 October 2009

How does iSCSI work?

 iSCSI client is called initiator

 Initiators can be hardware or software

 iSCSI “server” is called target

Monday, 19 October 2009

Support for iSCSI?

 Basically in all modern operating systems

 AIX supports iSCSI since AIX 5.2

 Power Systems can boot from iSCSI

Monday, 19 October 2009

Address formats in iSCSI

 Most common: iSCSI Qualified Name (IQN)

 Extended Unique Identifier (EUI)

 T11 Network Address Authority (NAA)

Monday, 19 October 2009

Addressing initiators and targets in iSCSI

 To address an iSCSI participant (target or initiator) one requires:

Monday, 19 October 2009

Name Service for iSCSI: iSNS

 Internet Storage Name Service (iSNS)

 Management Model analogue FC SANs

 Useful for large iSCSI deployments

 Not covered in this talk

Monday, 19 October 2009

 Authentication by CHAP protocol

 No clear text passwords

 But vulnerable to certain attacks

 Mitigation: restrict network access

Monday, 19 October 2009

iSCSI Access Control

 In addition to authentication LUN mapping prevents unauthorized

 Analogue to SAN LUN mapping