iSCSI Tutorial

Introduction to iSCSI Technology

iSCSI (Internet Small Computer System Interface) is a SAN (Storage Area Network) which has been increasing in popularity during recent years as a low-cost alternative to Fibre Channel. As a current SAN standard, Fibre Channel requires specialized network adapters, switches, and long range fibre channel cabling to bridge connection over gigabit network infrastructures. In contrast, an iSCSI network can be deployed using existing routers, switches, network adapters, and Cat5, Cat5e, Cat6 cables (all of which use the common RJ45 connector) that are designed for the well familiarized Ethernet technology. This makes iSCSI a viable solution for small to midrange organizations and businesses as well as consumer usage. An iSCSI network is comprised of clients (iSCSI initiators) which relay SCSI commands to the iSCSI targets (iSCSI storage device) through LAN (Local Area Network), WAN (Wide Area Network), or even directly over the Internet.

Diagram of an iSCSI Implementation

 
Example 1

All forms of servers including File servers, Database servers, Exchange servers, and Web servers with iSCSI initiators installed can expand storage by accessing the iSCSI target (iSCSI storage) connected through Ethernet switches over the LAN.

This allows adding more storage in real time without shutting down the server.

 
Example 2
Users or servers with iSCSI initiators installed can access the iSCSI appliance over the Internet. The iSCSI appliance and firewal must be configured to enable discovery and authentication for the client over the WAN. A Broadband connection or higher is required for reliability and sufficient transfer rates.
 
Example 3

Administrators or power users which requires more high performance storage can connected directly to the iSCSI appliance through the Gigabit switch.


iSCSI Security

iSCSI supports several methods of security during the initialization and detection phase as well as during the actual data transmission process. CHAP (Challenge-Handshake Authentication Protocol) authentication is an optional form of security which can be invoked by the iSCSI target. When CHAP is enabled, the iSCSI client must specify a CHAP “secret” to match what has been designated by the iSCSI target once the initial link is established. As the iSCSI protocol is IP-based, it relies on IP security protocols, including IPSec (IP Security) which is commonly used with VPN (Virtual Private Networks). IPSec is a layer-based security scheme which encrypts the transmission of data by having the iSCSI target and initiator share a public key. There are currently two different types of IPSec encryption: Transport Mode and Tunnel Mode. Transport Mode involves the encryption of all the data being transferred with the exception of the IP header. Tunnel Mode is considered more secure, as it encrypts the entire packet including the data and IP header. iSCSI protocol is also frequently implemented over locally connected networks which are not configured for access over the internet, preventing an unauthorized initiator from outside the network to gain access to the iSCSI appliance. Certain iSCSI appliances such as the Addonics iSCSI Subsystem also support host access control which flag specified IP addresses that are allowed to connect to the target. IP addresses not listed are blocked from gaining entry.

Differences between a SAN and a NAS

With a file-level storage solution such as NAS (Network Attached Storage), data is stored on a standalone system which provides all the file management, file access/retrieval, and low-level drive administration capabilities for the client. The capabilities available for the client to do file management are largely dependent on the features which have been constructed by the developer into the NAS standalone system.

iSCSI technology administers block-level access to the hard drives stored on the iSCSI target. There are several advantages to this approach. With block-level access, the clients are given full file management, file access/retrieval, and low-level drive administration capabilities such as partition and formatting, to the hard drives stored on the iSCSI target (storage). This allows the hard drives to be accessed by the client system in the same way as directly attached storage (or as a local hard drive). With the proper hardware and firmware support, it is even possible to boot the system remotely over the network from an iSCSI target.

SAN and NAS Comparison Chart

Storage Area Network Network Attached Storage
iSCSI, Fibre Channel NFS, SMB/CIFS
Block level access File-level access
Drive management from applications on the client machine (ex. Windows Disk Management, OS X Disk Utility, Linux QTParted), may be available from iSCSI appliance Drive management ability depends on what is available from the NAS interface
Single iSCSI appliance to accommodate all drives by supporting clustering Each NAS appliance operates as a standalone unit
Hard drive data is accessed from OS file management utilities (ex. Windows Explorer, OS X Finder, Linux Konqueror) in the same way as directly attached storage Hard drive data accessed over the Local Area Network as a network drive or mapped as a network folder.
Drive can be shared over the internet securely with IPSec and CHAP authentication Drive can be shared over the internet, level of security dependent on NAS appliance
Hardware/Software RAID may be available through iSCSI appliance, or from OS applications Hardware/Software RAID may be available through NAS appliance only
Client requires hardware or software iSCSI initiator to access iSCSI target Any computer located with the Local Area Network can access the data in the NAS appliance
Capable of booting with supported hardware and firmware Not supported

Addonics iSCSI Appliances

Addonics offer a family of iSCSI subsystems with integrated hardware RAID and dual 1 Gigabit ethernet ports for building a high performance iSCSI Storage appliance. When combined with Addonics family of Storage Towers, Storage Racks and Port Multipliers, you can create a multi-tera bytes storage system with powerful RAID and storage expansion capability that rivals the price performance of many name brand iSCSI solutions in the market. To learn more about the Addonics iSCSI solution, please visit the iSCSI product page.