This article can also be found in the Premium Editorial Download "Storage magazine: Betting on an enterprise-level virtual tape library (VTL)."
Download it now to read this article plus other related content.
The basics: Availability, security|
Most networks offer some type of high-availability or failover mechanisms. They can be hardware-based (like Ethernet bonding) or software-based (like IP multipathing). IP traffic can switch between different interfaces, making for high availability when considering network access.
iSCSI benefits from this characteristic, hence, every iSCSI implementation should have some kind of high-availability mechanism built in. Storage vendors have also upgraded their multipathing software to support iSCSI and FC. The use of such software is recommended in addition to the IP mechanisms cited above.
FC SANs enjoyed an intrinsic sense of security because the networks were isolated from the rest of the infrastructure, minimizing external and internal intrusion. Basic security, such as LUN masking and zoning, is also available in iSCSI networks. But that's not all. By default, iSCSI configurations are insecure and by their nature (being IP-based) are exposed to much more risk than FC SANs. In the IP security world, authentication, authorization and auditing categories are commonly used. Most iSCSI configurations can be secured by the use of IPSec, a protocol commonly used in virtual private networks. iSCSI networks should never be configured for open access, just like a server should never be configured for remote access without passing any login credentials.
Booting from SAN
Booting from the SAN allows you to centrally locate all operating system images and eliminates individual images stored internally on servers. This is especially helpful in diskless blade and virtualized environments. But boot from SAN may be a stretch if you're converting to an iSCSI environment and your systems currently boot from local disk. In that case, you're better served keeping your legacy environment as is and having your newer servers boot from SAN.
In the IP world, TCP/IP tuning can be an exhaustive exercise. Because iSCSI is IP-based, it's not spared this troubleshooting. While the list of tunable parameters can easily fill a few pages, not all parameters apply to all situations; the storage and/or the iSCSI initiator vendor will generally have a list of parameters that need to be examined. The untuned iSCSI system will function, but the slightest load may cause performance issues.
Once you've deployed your first batch of iSCSI storage systems, you can build on top of that comfort level to deploy more complex solutions such as clusters. The basic concepts of clustering on the SAN remain the same as for FC, except the LUNs are now accessed via iSCSI.
So there you have it. iSCSI is a mature protocol for accessing storage and a solid alternative to FC. Fibre Channel may not be going away anytime soon, but iSCSI is definitely here to stay.
This was first published in August 2008