Internet Small Computer System Interface

From Hill2dot0
Jump to: navigation, search

The Internet Small Computer System Interface (iSCSI) is a strategy for extending a SCSI connection across a traditional TCP/IP network. SCSI is a mechanism for attaching peripheral devices, typically storage devices, to a computer system. iSCSI extends that capability using a client/server model. It makes it possible for an organization to collect all of the SCSI-attached storage around the network and consolidate it in a central location without changing the essential nature of the relationship between the individual computers and their assigned storage devices. It can also be used to enhance disaster preparedness by providing copies of critical data at remote locations. Because iSCSI performs block-level I/O, it is considered a storage area network (SAN) technology.

iSCSI Architecture

In iSCSI, the client is called an initiator. The initiator appears to the host computer to be a traditional SCSI interface. It can be implemented as software drivers or it can be implemented as a hardware interface. The latter, also known as a host bus adapter (HBA) offloads the host computer from needing to process the SCSI command set and can significantly improve performance. It typically looks to the host computer like a SCSI adapter, but provides an Ethernet interface to the network.

Internet Small Computer System Interface

The server end of the iSCSI relationship is called a target. More specifically, a target is a particular storage resource that is located on an iSCSI server. The iSCSI server may host one or more targets and provide access to them via the iSCSI protocols, depicted in the image to the right. The specific storage technology implemented by the iSCSI server is transparent to iSCSI. The target can be implemented by a storage appliance that is part of an storage array, or it can be implemented as software drivers in a conventional operating system such as Windows or Linux.

From the rest of the network’s point of view, iSCSI devices are identical to any other IP device and must follow the same conventions as other hosts for addressing and routing. This integration with existing IP networks is one of the primary benefits of the iSCSI technology.

TCP carries iSCSI to provide reliability in data exchanges. The iSCSI protocol data unit (PDU) synchronizes the initiator and target and provides a transport for the iSCSI protocol used to access the storage devices.

iSCSI Addressing

iSCSI hosts comply with all other applicable IP addressing and naming conventions such as fully qualified domain names. At the iSCSI level however, there must be another form of addressing to allow initiators and targets to discover and communicate with each other. An iSCSI initiator communicates with an iSCSI target through as least two types of addresses. The first is the network portal, the IP address of the device and the TCP port number being used for communications. An iSCSI device might have multiple network portals. Above the network portal is an iSCSI node name. The node name represents specific SCSI targets inside a storage system. A single storage system may present multiple portals to multiple internal nodes to the network.

Separating the node name from the portal address ensures that if the iSCSI storage device is moved around the network, it can still be found through the use of the node name in the same way that the Domain Name System (DNS) allows independence from IP addresses for device names.

The iSCSI name can be up to 255 characters and is typically represented using a fully qualified name (FQN). The FQN looks similar to a domain name with a different format. The goal of the naming structure is that humans can read it.

When an iSCSI network has been combined with a Fibre Channel (FC) network, the iSCSI naming convention will also accommodate the World Wide Name (WWN) used to name Fibre Channel devices.

iSCSI Security

iSCSI supports the use of CHAP to provide authentication between the initiators and the targets. Since iSCSI is implemented over TCP/IP, it is also possible to implement IPsec to enhance security. Security can also be enhanced by implementing iSCSI over a separate IP network infrastructure. Making the iSCSI network physically separate would defeat the benefits of iSCSI, but a similar effect can be obtained using VLAN technology.

It is important to note that iSCSI by itself is a cleartext technology. This means that transmissions are unencrypted and vulnerable to interception and replication. To prevent this, some form of encryption technology is required. IPsec can provide this functionality, but at the cost of performance.

iSCSI Implementations

iSCSI is normally deployed as part of a LAN due to the inherent speed compared to WAN access, but given sufficient bandwidth, there is no reason that iSCSI information cannot also be exchanged over an IP backbone. This flexibility has made iSCSI a very popular protocol for remote data warehousing and disaster recovery planning (DRP).


<mp3></mp3> | Internet Small Computer System Interface (iSCSI)