Managing and protecting all enterprise data


Manage Learn to apply best practices and optimize your operations.

Special Supplement: iSCSI: Low-cost alternative to FC

Based on the familiar TCP/IP networking protocol, iSCSI arrays are easy to implement and manage, and cheaper than Fibre Channel (FC)-based systems. They're also becoming a popular alternative to NAS and DAS for SMBs and remote office locations.

Storage August 2006 Special Supplement

iSCSI is less complex and cheaper than Fibre Channel, making it a good choice for small- to medium-sized businesses replacing DAS.

Deployments of IP SANs by small- and medium-sized businesses (SMBs) are growing rapidly and many large data centers are starting to use iSCSI-based storage to support non-mission-critical applications. Stamford, CT-based Gartner Inc. forecasts that the number of servers connected to an iSCSI SAN will exceed Fibre Channel (FC)-attached servers by 2009.

SMBs are embracing iSCSI because of the following:

  • iSCSI SANs are less expensive than FC SANs.
  • An iSCSI SAN is based on the familiar and ubiquitous TCP/IP protocol.
  • iSCSI SANs are less complex and easier to manage than FC SANs.


Storage August 2006 Special Supplement

Despite the obvious benefits of iSCSI vs. FC, iSCSI isn't impinging on FC's dominance in the enterprise. iSCSI SANs are replacing DAS, not FC. "Fibre Channel and iSCSI are complementary technologies today," says David Dale, chairman of the Storage Networking Industry Association (SNIA) IP Storage Forum.

DAS has been an IT administration pain point for many years because it lacks scalability, is very difficult to expand and more susceptible to failure. Companies that based their storage infrastructure on DAS ended up with many distributed, standalone storage islands, all managed independently. "By deploying an iSCSI SAN from LeftHand Networks [Inc.], we were able to consolidate 86 servers with [DAS] down to 40 servers that are connected to an iSCSI-connected storage pool," says Charlie Maner, chief information officer at Fitchburg State College in Fitchburg, MA. "Besides drastically simplified administration, we ended up with a less-expensive, yet more robust and easier to expand, storage infrastructure."

One of the driving forces for transitioning from DAS to SAN is accelerating data growth. Looking to expand capacity and get a better handle on backup and disaster recovery, Terence Choy, network manager at Nancy's Specialty Foods in Newark, CA, decided to replace an overburdened DAS environment with an iSCSI SAN from StoneFly Inc., San Diego. "We have slashed administrative costs while optimizing our storage in ways that weren't possible before implementing the StoneFly IP SAN," explains Choy.


Storage August 2006 Special Supplement

The TCP/IP protocol
iSCSI uses TCP/IP instead of a proprietary storage protocol such as FC. As a result, iSCSI SANs can be built with commodity network components, eliminating the need for costly FC host bus adapters (HBAs), which are typically priced between $800 and $1,200, and FC switches. In fact, most servers are equipped with dual on-board gigabit network adapters and gigabit switches are available for less than $500. A regular network admin can easily manage the iSCSI storage network rather than requiring the help of an FC expert.

iSCSI products, especially from pure iSCSI players like EqualLogic Inc., Intransa Inc., LeftHand Networks and StoneFly, focus on simplified storage administration, providing wizard-based configuration and plain English dialogues for tasks like storage provisioning and expansion. Despite the attention to simplicity and low cost, almost all first-generation iSCSI arrays provide sophisticated data protection capabilities, including mirroring, snapshots and remote replication.

The vast majority of iSCSI deployments today are on Windows, followed by Linux, reports Dale. "Unix vendors were initially slow to embrace iSCSI, but that's changing fast," he says. One of the reasons iSCSI is predominantly seen in Windows environments is Microsoft Corp.'s firm support of iSCSI since its ratification as a standard in 2003. With the 2.0 release of its iSCSI Software Initiator, Microsoft was the first OS vendor to offer a full-fledged initiator that includes high-end features like multipathing I/O (MPIO), which enables the same level of reliability as FC. "As far as Linux and Unix are concerned, they should be caught up by the second half of 2006," says Dale.

While SMBs use iSCSI SANs as their primary storage, large enterprises use iSCSI to complement their FC storage for less mission-critical departmental apps, remote offices and data protection purposes. Typical applications for iSCSI are messaging apps like Microsoft Exchange, databases, Web apps, file serving and disk-to-disk backup.


Storage August 2006 Special Supplement


Security issues: iSCSI vs. FC
When Fibre Channel (FC) was initially specified in the mid-1990s, security was of little concern. As a result, the FC protocol is inherently insecure, depending on external methods such as zoning and LUN masking to authorize access. While Ethernet switches in iSCSI SANs are used only for transport, FC switches perform both transport and security functions. This means that a security breach on an FC switch is far more severe, as an intruder can access the data. While FC backers argue that iSCSI is risky because it's connected to nonstorage networking components, this is somewhat hypocritical because the great majority of storage administrators use TCP/IP-based methods to manage FC gear.

On the other hand, iSCSI defines authentication, authorization and encryption in its specification. iSCSI supports the Challenge-Handshake Authentication Protocol (CHAP) for authorization. While FC depends on zoning and LUN masking for access, iSCSI authorization is based on CHAP users. Because the iSCSI protocol resides above the transport layer of the OSI protocol stack, IPsec can be used to encrypt iSCSI traffic. Encryption isn't defined in the FC specification and only the rarely used Internet variations of FC-- Fibre Channel over IP (FCIP) and the Internet Fibre Channel Protocol (iFCP)--can take advantage of IPsec.

Storage management is one of the weaker aspects of iSCSI. Storage management vendors are just starting to add iSCSI support to their suites. While FC switches are well supported by all major storage management apps, only some aspects of Ethernet switches--like availability--are addressed by storage management suites. Security is another controversial aspect: Although FC proponents are quick to point out security concerns with iSCSI, in reality, iSCSI is an inherently more secure protocol than Fibre Channel (see "Security issues: iSCSI vs. FC," at right).

With the reliability and feature gap closed, the slower performance of iSCSI is now the primary technical argument FC advocates use for not considering iSCSI for enterprise-level applications. But iSCSI speeds are beginning to catch up with FC, and the two protocols are on a leap-frog path with each one boasting new product releases that bests the other, but not for very long. However, the FC protocol has a slightly lower latency than TCP/IP.

"With all things equal, we have seen a 5% to 15% performance advantage of Fibre Channel for transactional applications like e-mail, databases and file access," says Brian Garrett, technical director at ESG Lab, Milford, MA. "For bandwidth-intense applications such as backup or video editing, Fibre Channel clearly eclipses iSCSI."

Obviously, 10Gb/sec Ethernet iSCSI surpasses FC in performance. But with an average 10GigE port price of $2,000, 10Gb/sec Ethernet isn't ready for widespread use in iSCSI SANs. For 10GigE to be widely used in iSCSI SANs, it will take the final ratification of 10GigE over copper and CAT7 copper cabling, the availability of 10GigE copper ports on switches, iSCSI targets supporting 10GigE and the cost per 10GigE port to drop to near 4Gb/sec FC port pricing. According to James Opfer, research vice president for Gartner's storage research group, 10Gb/sec Ethernet won't start ramping up until 2007.


Storage August 2006 Special Supplement


Components of an iSCSI SAN
iSCSI initiator: The host-side endpoint of an iSCSI session. iSCSI initiator software runs on the operating system or in an iSCSI host bus adapter (HBA) to communicate with an iSCSI target.

TCP/IP Offload Engine (TOE): A PCI or PCI-X adapter that offloads TCP/IP processing from a server's CPU. With TCP/IP overhead less than 10% for 1Gb/sec sessions, TOEs will become more important with 10Gb/sec Ethernet.

iSCSI HBAs: A PCI or PCI-X adapter that offloads TCP/IP and iSCSI processing. iSCSI HBAs typically provide an on-board iSCSI initiator and have been required to boot from iSCSI storage.

iSCSI target: The endpoint of an iSCSI session. Examples of iSCSI targets are storage arrays, tape drives and iSCSI gateways.

Ethernet switches: Standard Ethernet switches connect clients running iSCSI initiators and iSCSI targets.

iSCSI gateways: Multiprotocol routers that support iSCSI and Fibre Channel (FC); mainly used to provide access to back-end FC storage via iSCSI.

The iSCSI product landscape
iSCSI target vendors can be grouped into three categories: pure iSCSI players, traditional storage vendors adding iSCSI support to their existing arrays and iSCSI gateway vendors (see "Components of an iSCSI SAN," at right).

Among the pure iSCSI players are iSCSI pioneers EqualLogic, Intransa, LeftHand Networks, StoneFly and Sanrad Inc., as well as younger startup companies such as Nimbus Data Systems Inc. Most offerings in this group are running iSCSI target software on a server--in most cases concealed in an appliance form factor--with attached storage and some flavor of a general-purpose OS. Vendors in this category have added storage features previously available only in FC SANs, including snapshotting, remote replication, load balancing and virtualization, which enables them to compete head to head with FC vendors.

Traditional storage array vendors such as EMC Corp., Hewlett-Packard (HP) Co., Hitachi Data Systems and Network Appliance (NetApp) Inc. have added iSCSI support to their arrays to more effectively support their large customer bases. "EMC is protocol-agnostic and supports FC, iSCSI and NAS ... enterprises run more than one protocol," says Ken Steinhardt, EMC's chief technology officer. Conspicuously absent from the list is IBM Corp., which hasn't added iSCSI support to its high-end arrays. With the exception of the low-end TotalStorage DS300, IBM depends on its partnership with NetApp to fulfill higher end iSCSI customer requests.

"If the demand for iSCSI increases at the higher end, IBM will respond to the market demand," says Craig Butler, IBM's brand manager for midrange storage products.

Similar to large array vendors, FC switch vendors Brocade Communications Systems Inc., Cisco Systems Inc. and McData Corp. have either added iSCSI support to some of their FC switches or are offering dedicated iSCSI gateways to enable enterprise customers to attach iSCSI servers to existing FC storage.

"By adding iSCSI support to our MDS 9000 series directors and switches, we enable midrange and workgroup servers to inexpensively connect to FC storage," says Rajeev Bhardwaj, product management manager for Cisco's data center and storage technology group.


Storage August 2006 Special Supplement


iSCSI boot from SAN not so easy
One of the shortcomings of iSCSI has been the inability to boot from iSCSI-attached storage through a regular network interface card (NIC). The boot process is performed by the system BIOS and with the iSCSI software initiator running at the OS level, iSCSI storage is out of reach until the OS has booted. The only practical solution in the past was adding an iSCSI host bus adapter from companies like QLogic Corp., which provides the interrupt 13 (INT13) extensions required for booting, as well as an on-board iSCSI initiator.

This changed in April when Microsoft Corp. announced support for software-based SAN boot of Windows using the Microsoft iSCSI Software Initiator and standard NICs through a technology co-developed by Microsoft and IBM Corp. Software-based SAN boot requires a NIC firmware upgrade or an upgrade of the System Options ROM of blade servers.

Although the Microsoft announcement is a big step forward, iSCSI boot still requires a dedicated LUN for each server. "Microsoft is looking into a single-boot image solution that allows multiple servers to boot from a single LUN, but this is post-Longhorn," says Claude Lorenson, Microsoft's group product manager for storage. For a single Windows boot image to become reality, Microsoft needs to eliminate System Identifiers (SIDs), rework Windows licensing and possibly eliminate the notorious registry. The upside, however, is huge: Multiple systems booting from a single LUN will let corporations extend iSCSI-to-desktop computers and eliminate DAS by booting desktop computers directly from an iSCSI SAN.

Trends and developments
One could argue that the popularity of NAS was the main reason for the ever-increasing interest in iSCSI. NAS dependency on higher level file-system protocols (CIFS/NFS) makes NAS less suitable for block-based transactional applications like databases; as a result, NAS vendors are adding iSCSI support to their offerings. Because NAS and iSCSI are both based on TCP/IP, iSCSI is a more natural SAN supplement than FC in NAS environments.

NetApp provided iSCSI support for its filers after iSCSI was ratified, and has been a staunch promoter ever since. Microsoft will release a Feature Pack for Windows Storage Server 2003 R2 this summer to make its NAS an iSCSI target through WinTarget software acquired from String Bean Software. And EMC's Multi-Path File System for iSCSI lets the Celera NAS use iSCSI to return a NAS request, resulting in a big performance boost for large file requests.

The number of innovations and companies developing for the TCP/IP and iSCSI space today greatly surpasses the number of FC developments. Besides 10GigE, network packet processors--from companies like Broadcom Corp. and Cavium Networks--for packet inspection, prioritization, encryption, compression and TCP optimization are the building blocks for next-generation TCP/IP and iSCSI products.

An example of the high level of innovation in the networking space is Broadcom's development of 2.5Gb/sec Ethernet components that support 1Gb/sec and 2.5Gb/ sec Ethernet on a part-by-part basis. The 2.5Gb/sec Ethernet components are targeted mostly toward blade servers, enabling blade-server vendors to offer transparent upgrades of server blades to 2.5Gb/sec Ethernet, resulting in a 2.5 times performance boost. Unlike 10Gb/sec, 2.5Gb/sec Ethernet allows leveraging of existing backplanes and cabling.

There's no doubt iSCSI will dominate the SMB storage space and will be the preferred storage option for workgroup servers and, eventually, corporate desktops (see "iSCSI boot from SAN not so easy," this page). What's still unclear is if iSCSI can push FC out of the enterprise data center. With FC's large installed base, long-standing support for mission-critical apps and the availability of 8Gb/sec FC, it's the preferred technology for most large data center storage. For a transition to happen, it will take large storage vendors like EMC, HP and IBM to recommend iSCSI over FC, which is unlikely to happen in the near future.

Article 1 of 21

Dig Deeper on Ethernet storage

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Storage

Access to all of our back issues View All