Symmetrix DMX iSCSI Implementation in a …...3 Supported Symmetrix hardware EMC Symmetrix DMX iSCSI Implementation in a Microsoft Windows Environment Technical Note or software alternatives

1

EMC® Symmetrix DMX™

iSCSI Implementation in a Microsoft Windows Environment

Technical Note P/N 300-008-024

REV A02 October 8, 2008

This technical note contains information on these topics:

Introduction ................................................................................................ 2 Supported Symmetrix hardware ............................................................. 3 iSCSI review................................................................................................ 5 Symmetrix iSCSI configuration.............................................................. 13 Microsoft iSCSI configuration ................................................................ 17 Conclusion ................................................................................................ 34

2

Introduction

EMC Symmetrix DMX iSCSI Implementation in a Microsoft Windows Environment Technical Note

Introduction

This technical note is designed to familiarize the audience with implementing iSCSI into a Symmetrix DMX™ enterprise within a Microsoft Windows environment. The availability of the Microsoft iSCSI initiator software makes it cost-effective for storage administrators to introduce iSCSI-capable Windows hosts into the storage enterprise.

This document shows how iSCSI solutions offered by the Symmetrix DMX storage system can be easily implemented with a few best practices. It also outlines how the iSCSI technology can be introduced and monitored in an environment that typically demands scalability. The ability to manage the environment from Symmetrix Solutions Enabler is the traditional way of setting up iSCSI parameters. However, management of Symmetrix iSCSI features can be efficiently facilitated through EMC’s Symmetrix Management Console (SMC). This GUI-based tool allows storage administrator to effectively provision the necessary iSCSI storage resources as well as deliver key iSCSI security managements functions for CHAP, IPsec, and Radius authentication, all from a single location. Also introduced in the Symmetrix Enginuity™ 5773 code release are the enhanced features of IPv6 and IPsec. These can provide the necessary levels of IP addressability and security required in enterprise IP storage accounts.

Executive summary

In today’s storage area networks, there exists an industry-wide interest among data center and network administrators to seek cost-effective solutions. Industry technologists have developed several methods to accomplish this goal. The need to consolidate and provide scalability for growing fabrics has been primarily provided by Fibre Channel technologies. However, by combining TCP/IP networks and standard Fibre Channel block I/O SCSI customers can lower costs by using existing IP network components. Protocols such as Fibre Channel over IP (FCIP) and internet Fibre Channel protocol (iFCP) are used to extend or bridge a fabric to another over IP. Internet SCSI (iSCSI) is designed to accommodate host-to-target communications. Whereas the latter solution provides distance extension and smart utilization of the network, iSCSI ideally creates a scalable host front end by expanding the number of initiators capable of transferring data to a target.

There are two ways to introduce iSCSI into a SAN fabric. One option would be to introduce an intermediate (bridging) switch device (or use an existing switch) that is capable of translating data from block level I/O to TCP/IP. The other option is to introduce either native hardware

3

Supported Symmetrix hardware


or software alternatives. Hardware-based native solutions utilize host bus adapters (HBAs) with TCP/IP Offload Engine (TOE) cards, but these options can be expensive when adding iSCSI into an existing storage area network. On the other hand, a software-based native solution like Microsoft iSCSI initiator can utilize the IP network to the target device through a NIC component or Gigabit Ethernet adapter, providing a less expensive solution. In the past, iSCSI implementations were best suited to smaller-size fabrics with little concern for imminent scalability or in fabrics that need remote host to storage, low I/O, and management over distance. Today, the adoption of iSCSI solutions in the enterprise looks more appetizing as virtualization products such as VMware can provide multiple virtual machine (or host) instances in a single server.

Audience

This technical note is intended for IT and storage decision makers with organizations that use DMX-3 and DMX-4.


The Symmetrix DMX Multi-Protocol Channel Director, through the use of mezzanine card technology, supports GigE, iSCSI, and FICON protocols. These include four-port configurations (DMX1000, DMX2000, DMX3000 and DMX4000) supporting up to four mezzanine cards located on the back adapter. In two-port configurations (all DMX models), two mezzanine cards are located on the director. The mezzanine card technology that is supported on each director is limited to four per Symmetrix, including GigE, Fibre Channel, and FICON technologies. Multimode and single-mode optics are available. Also, in addition to iSCSI, FICON and Gigabit Ethernet (GigE), and iSCSI combinations can be configured on a single MPCD.

Also, six-slot GigE IPv4/6 channel directors are supported on DMX-3 and DMX-4 systems. They also support “advanced IP features” with the capability to combine IPv4 and IPv6 as well as IPsec and no-IPsec in the same system. They can coexist in the same system as all existing DMX-3 and DMX-4 channel directors. For more hardware configurations and director board combinations, see the latest Symmetrix DMX hardware guides on Powerlink®.

Restrictions

EMC does not support NIC teaming

http://en.wikipedia.org/wiki/Link_aggregation

4



Veritas DMP is not supported with Windows (qualifications pending)

http://www.iarchive.com/_library/whitepapers/_articles/DMPv3.pdf

Bound volumes/devices

If a service or application uses an iSCSI volume and/or device then that volume and/or device should be persistently bound so that it will be available when the service or application is started by Windows.

Persistent targets

In addition to persistently binding volumes/devices, the target must also be added as a persistent target by selecting “Automatically restore this connection” in the Logon to Target dialog box.

Booting from external storage for software-based iSCSI clusters is not supported (software).

EMC PowerPath® 5.x is not supported with iSCSI Initiator and Microsoft Cluster Server (MSCS).

Microsoft dynamic disks are not supported

http://en.wikipedia.org/wiki/Logical_Disk_Manager

VLAN packet tagging is not supported by the Symmetrix channel directors

Ethernet switch port-based VLANs are supported

Terminology

Host bus adapter (HBA) – A bus card in a host system that allows the host system to connect to the storage system. Typically the HBA communicates with the host over a PCI or PCI Express bus and has a single Fibre Channel link to the fabric. The HBA contains an embedded microprocessor with onboard firmware, one or more ASICs, and a Small Form Factor Pluggable module (SFP) to connect to the Fibre Channel link.

Initiator (SCSI host adapter) — Host endpoint of a SCSI session.

Logical Unit Number (LUN) – A number, assigned to a storage volume, that in combination with the storage device

5

iSCSI review


node’s World Wide Port Name (WWPN) represents a unique identifier for a logical volume on a storage area network.

Maximum Segment Size (MSS) — In the TCP protocol, MSS is the byte-size segment of data that a HBA or device can handle in a single, unfragmented piece. The number of bytes in the segment and packet header cannot exceed the MTU size.

Maximum Transmission Unit (MTU) — Byte size of the largest packet or frame that a communications protocol such as TCP can transmit through Ethernet.

Product Data Unit (PDU) – Other name for “packets” in the iSCSI environment. It is a data message with a defined set of parameters for initiator and targets to place their information.

SCSI (small computer system interface) — A parallel interface standard used by systems for attaching peripheral devices to hosts. iSCSI interfaces provide for faster data transmission rates (up to 80 megabytes per second) than standard serial and parallel ports. In addition, you can attach many devices to a single SCSI port, so that SCSI is really an I/O bus rather than simply an interface.

Target — Storage-device side endpoint of a SCSI session TCP Offload Engine (TOE) – Network adapter that performs

TCP/IP processing on an Ethernet adapter (typically 1 Gig) in order to allow the CPU to maintain high-speed transmissions.

iSCSI review

iSCSI is a protocol that uses the TCP/IP infrastructure to transport SCSI commands and present SCSI to an endpoint via the said infrastructure. It directly links initiators and targets, as well as present SCSI LUNs to iSCSI initiators. The iSCSI session is built on Protocol Data Units (PDUs). The PDU is a message that carries the initiator or target read/write information and is sent reliably by TCP/IP, which guarantees delivery and routing via Ethernet.

http://en.wikipedia.org/wiki/IP_fragmentation

http://en.wikipedia.org/wiki/Packet_(information_technology)

http://en.wikipedia.org/wiki/Frame_(telecommunications)

http://www.webopedia.com/TERM/S/parallel_interface.html

http://www.webopedia.com/TERM/S/standard.html

http://www.webopedia.com/TERM/S/system.html

http://www.webopedia.com/TERM/S/peripheral_device.html

http://www.webopedia.com/TERM/S/SCSI.html

http://www.webopedia.com/TERM/S/data.html

http://www.webopedia.com/TERM/S/megabyte.html

http://www.webopedia.com/TERM/S/serial.html

http://www.webopedia.com/TERM/S/parallel_port.html

http://www.webopedia.com/TERM/S/I_O.html

http://www.webopedia.com/TERM/S/bus.html

http://en.wikipedia.org/wiki/SCSI

6

iSCSI review


Figure 1 iSCSI PDU

Basic environment layout

The iSCSI environment is made up of endpoints that are commonly referred to as nodes. There is an initiator and a target. The initiator is the endpoint that controls the iSCSI environment. The initiator and the target are both presented by either software or hardware defining the relevant iSCSI layers.

Figure 2 iSCSI Microsoft and Symmetrix layers

7

iSCSI review


iSCSI nodes also have unique naming conventions or globally unique identification. Ideally, as shown in Figure 3, redundant hosts would be placed on separate subnets to assure network connectivity, much like designing hosts for FC fabrics wherein the mirrored design across switches provides high availability.

Figure 3 Basic iSCSI environment layout

Native and bridged scalability

In the native iSCSI solution a target Symmetrix can accommodate in a single MPCD up to four iSCSI ports. Each port is equal to one processor on the director, which can support up to 256 target LUNs. The maximum per director would be 1,020 LUNs for iSCSI. Symmetrix DMX-4 supports 512 initiators per director while Symmetrix DMX-3 supports a maximum of 128 initiators. Therefore using four iSCSI ports would be overprovisioning in either situation. Having ports available for other purposes such as GigE replication also enhances the use of the MPCD, therefore no port is wasted. The best use case for a native environment is using VMware1. VMware can support up to 256 simultaneous virtual machine (host) instances per ESX Server machine. For redundant

1 iSCSI with VMware and Symmetrix is currently supported in software ESX versions 3.01, 3.02 and 3.5

8

iSCSI review


purposes up to four servers could be needed; there is instant consolidation for low I/O applications. 2

Figure 4 Native iSCSI environment

In a bridged environment, a multiprotocol switch is introduced to handle the transport of iSCSI traffic from the initiators to target LUNs but the “bridge” changes the iSCSI packets to FC frames destined for the target. The common platforms for bridging are Cisco and Brocade iSCSI switch products through Connectrix®3. The number of LUNs in the Symmetrix FC director is much higher from that of the MPCD because it contains two ports per processor as opposed to one. Even though this number increases, the number of initiators allowed is still limited to 512 per director. Also, the maximum number of iSCSI initiations from a multiprotocol switch (Cisco) is 2,000 with proxy features enabled so it calls into question whether adding additional hardware is useful in this case and/or the FC connections via ISL are underutilized.

Figure 5 Bridged iSCSI environment

2 See configuration guidelines in the EMC Host Connectivity Guide for VMware ESX Server on Powerlink

3 See the EMC Networked Topology Guide for specific Connectrix product guidelines.

9

iSCSI review


Design considerations

High availability

High availability of Symmetrix connectivity to Microsoft iSCSI Initiators is recommended via PowerPath for Windows (minimum version 5.1). Further information can be obtained via the relevant release notes and installation manuals available on Powerlink. PowerPath for Windows is an intelligent path management application specifically designed to work within the Microsoft Multipathing I/O (MPIO) framework.

EMC PowerPath is host-based software that provides:

Automatic failover in the event of hardware failure Dynamic multipath load balancing.

PowerPath improves a host system's ability to manage I/O workloads by continually balancing the load across the available configured paths, eliminating the need for repeated static reconfigurations. Automatic path failover allows I/O to be dynamically and transparently redirected to an alternate path in the event of a failure. PowerPath also periodically tests idle paths so problems can be reported and addressed, thereby avoiding delays that may occur when attempting to use a defective path. It is particularly beneficial in cluster environments, as it can prevent operational interruptions and costly downtime. PowerPath failover capability avoids node failover, maintaining uninterrupted application support on the active node in the event of a path disconnect.

For interoperability information, such as information about the hardware, software, and networked storage components that are tested and compatible with EMC storage systems and third-party storage systems, refer to the E-Lab™ Interoperability Navigator through EMC Powerlink. It also includes information about supported host models, operating system revisions, host bus adapters, and connectivity devices.

When installing the PowerPath with Microsoft MPIO framework ensure the MPIO button is selected when the iSCSI initiator installation is done as indicated in Figure 6.

10

iSCSI review


Figure 6 PowerPath selection

During the iSCSI target logon session initiation select Enable multi-path for targets that require PowerPath multipath functionality.

Figure 7 Enabling the multipath feature

Network

iSCSI is an open network protocol, so any host system running a supported iSCSI initiator can establish an iSCSI network session with a Symmetrix MPCD iSCSI target and access the block storage devices that have been allocated to that target. The risks and challenges that exist in networking servers, especially public and wide area networks (WANs), can affect the efficiency of the iSCSI session and subsequent exposure to

11

iSCSI review


confidential data. Because it is possible to run iSCSI over a public or private Ethernet network, dedicated VLANs for these hosts should be considered by the network administrators at the customer site. While VLAN packet tagging is not supported by the Symmetrix channel directors, Ethernet switch port-based VLANs are supported.

Overall, best practice is to contain an iSCSI environment within a local area network (LAN); it reduces the risk of packet loss due to the limited number of devices and proximity of the source and the destination nodes. When implemented in a dedicated switched environment, the efficiency of the network (and thus the iSCSI deployment) is significantly increased. Since there may be a considerable amount of data transmitted across the network, it should be isolated as much as possible.

Jumbo frames

In the Ethernet environment, frames are typically 1,500 bytes. iSCSI segments the 2112k FC frames. It is possible to configure the iSCSI HBAs to use larger frames on the iSCSI network. This is, of course, in conjunction with the network switches and routers also being able to support these “jumbo” or larger frames. If both the HBAs and network can handle jumbo frames, the maximum transmission unit size is 9,000 bytes configurable with Windows. This should improve the performance between host(s) and target(s). It is recommended to be wary of sharing VLANs with jumbo and non-jumbo frames. In a jumbo environment, non-jumbo TCP applications should be able to traverse the network if the MTU size if set larger than their maximum segment size (MSS) but unpredictable broadcast type protocols such as UDP and DNS would be better off traversing a different network segment. Again, isolation of the iSCSI environment is much more desirable overall.

Security

Securing iSCSI connections is important to assuring integrity of data movement in the proposed environment. Network and security administrators all have specific policies surrounding the introduction of host traffic into the data center. Depending on what policy is adhered to, data storage administrators’ roles assure the network and security auditors of the options available to them when introducing technology to the data center. Since iSCSI is an IP based protocol, it is more important to secure the connectivity.

CHAP

Challenge Handshake Authentication Protocol (CHAP) is a type of authentication in which the authentication agent (typically a network server) sends the client program a random value that is used only once

http://www.webopedia.com/TERM/C/authentication.html

http://www.webopedia.com/TERM/C/server.html

http://www.webopedia.com/TERM/C/client.html

12

iSCSI review


and an ID value. Both the sender and peer share a predefined secret. During the CHAP process, the CHAP target sends out a random challenge message and hashes it with the locally stored key. The requester builds hash with its locally stored key and sends it back. The target compares hashes; if they match, passwords must be the same. The key is never sent over the link and the hash function is one-way. The key cannot be mathematically derived from the hash.

For configuration of Symmetrix CHAP please refer to the Solutions Enabler CLI symconnect command set or Symmetrix Management Console help file. For implementation of Microsoft iSCSI Initiator CHAP please refer to the Microsoft iSCSI Software Initiator Users Guide.

IPsec

IPsec is the security protocol designed to encapsulate entirety of IP data over a network between hardware endpoints. It has the capacity to combine strong authentication and complementary encryption algorithms to create Secure Associations (SAs) between local and remote entities. IPsec operates at Layer 3 (network layer) of the OSI reference model and has been integrated into IPv6 extension headers. This has reduced the dependency on hardware vendors from having to “hook” this protocol into the IP stack to do secure connectivity. This has not, however, changed for the IPv4 standard. The entirety of IPsec is made up of the Authentication Header (AH), Encapsulating Security Protocol (ESP), and Internet Key Exchange (IKE). The minimum criterion for IPsec is to use ESP and IKE with pre-shared keys. This implementation is primarily what the advanced multiprotocol boards will use with Enginuity 57734.

IPsec uses IKE inside an Internet Security Association Key Management Protocol (ISAKMP) framework to negotiate protocols and algorithms based on the policies set up locally on the entity. ISAKMP is the local policy generated to dictate the encryption and authentication methodology in how the preshared keys will be used by the endpoint negotiation for a secure session. These policies will be set up through Solutions Enabler (CLI) or Symmetrix Management Console5.

4 IPsec is not qualified with Enginuity 5773. Refer to EMC documentation for subsequent releases on when it is supported in the Microsoft configuration 5For in-depth details on Symmetrix Management Console configuration of IPsec for Symmetrix for DMX-3 or DMX-4 please refer to the EMC Enginuity 5773 GigE and Multiprotocol IPv4/6 Channel Directors IPv6 and IPsec Configuration and Best Practices Technical Note.

13

Symmetrix iSCSI configuration



Using Symmwin

The Symmwin application is used to initially set up the parameters being used by the director processors to enable iSCSI as the communication protocol. These configuration settings are implemented through onsite or remote EMC CS personnel only. When the director is configured for iSCSI, ports are known as SE ports. The basic outline of parameters and steps are as follows:

Parameters Primary iSCSI Target IPV4 addresses – 10.243.156.94/24 and 10.243.156.95/24

Max Transmission size – 1500 bytes

Net Mask – (24) 255.255.255.0

IP DSN Group – N/A

SNMP – yes

Default Gateway – 10.243.156.2

iSNS IP address -10.2.155.90

The Symmetrix Edit Directors extracts in Figures 8, 9, and 10 display the configured parameters for SE 5a, 5c, and 5d. These are configured for IPv4 addressing and as shown in Figure 8, IPv6 can also be configured for iSCSI through Symmwin.

Figure 8 iSNS addressing and default gateway

14



Figure 9 IP addressing type

Figure 10 Processor port and IP specification

Using Symmetrix Management Console (SMC)

Solutions Enabler6 can be used to configure iSCSI as well as Symmetrix Management Console (SMC). This technical note demonstrates the simplicity of configuring, monitoring, and maintaining iSCSI through SMC.

6 EMC Solutions Enabler Version 6.5 Installation Guide and EMC Solution Enabler Version 6.5 Release Notes

15



Figure 11 Locating iSCSI HBA in SMC

Figure 12 Setting iSCSI “SE” port attributes

16



Figure 13 Configuring iSCSI “SE” port attributes

Figure 14 Configuring CHAP

17

Microsoft iSCSI configuration


Figure 15 iSCSI HBA Status


The following overview describes the steps required for configuring iSCSI initiator ports and iSNS and setting up iSCSI security. The requirements and best practices in general are as follows:

The latest versions of Microsoft’s iSCSI Initiator and iSNS software can be downloaded from Microsoft’s website.

Install the appropriate iSCSI capable network interface card (NIC) or HBA.

Assign an IP address for the NICs or iSCSI HBAs. Install PowerPath for HA options. Install iSCSI MS initiator software on each server with dual

Gigabit Ethernet configurations. Install iSNS software on a central server with network

connectivity to all required Windows servers and Symmetrix storage systems.

EMC CS personnel are required to configure Symmetrix GigE director bin files with relevant IP and iSNS network

18



connectivity options. Install Solutions Enabler and SMC on a central server with

network access to all iSCSI resources Use SMC to configure VCMDB LUN assignments, ACL, and

Dynamic LUN addressing as necessary Use SMC to configure iSCSI Symmetrix security for

CHAP/IPsec to specific iSCSI targets. Establish MS iSCSI Initiator Discovery and Login procedures

with required CHAP, IPsec, and LUN MPIO parameters, respectively.

Format, label, and assign iSCSI drive letters.

Components

Microsoft Initiator

In the Symmetrix/iSCSI environment, the initiators used for this white paper are Microsoft iSCSI initiators version 2.0.x (Figure 16). Installation of Microsoft iSCSI Initiator is simple. The software can be downloaded from the Microsoft website and is free7. They are on Windows Server 2003 Enterprise x64 Edition host machines with identical (dual) 1Gigabit Ethernet adapter cards. The TCP/IP Offload Engine is optional to load. The Broadcom adapters used in this example have NetXtreme II Gigabit Ethernet controller chips that can deliver high-performance storage networking. On installation of TOE, the Microsoft Scalable Networking Pack is installed as well to support the drivers necessary for the NIC to use TOE.

There is also the 2003 Scalable Networking Pack, which helps optimize server performance and network throughput for crucial applications such as storage, backup, Web hosting, and TCP-based media streaming8.

The naming convention of the iSCSI initiators is automatically set by Microsoft. The purpose of the naming convention is designed to create a unique global identification so that no two initiators have the same name.

7http://www.microsoft.com/windowsserver2003/technologies/storage/iscsi/default.mspx8 http://support.microsoft.com/kb/912222

http://support.microsoft.com/kb/912222

19



iqn.1991-05.com.microsoft:licoa254 is an example of the Microsoft generated name for the initiator. In this example, licoa254 is the name of the machine. This is known as an Internet Qualified Name (IQN) and is chosen automatically through the Microsoft iSCSI initiator service. If for example the computer or domain name is changed, this IQN name would also change. The name can also be fixed by the administrator. If the name string is incorrect, the initiator service will return an error.

Figure 16 Microsoft Initiator user interface

General tab Provides the unique name of the iSCSI adapter or source initiator; as well as CHAP and IPsec.

CHAP entry allows the user to configure a “secret” password (shared secret) that also would be configured on the target. 1-WAY and/or 2-WAY CHAP can be configured via the GUI for each target.

IPsec entry allows the user to configure tunnel “mode” for both the initiator source IP address and an “outer mode” address and whether or

http://technet.microsoft.com/en-us/library/cc737154.aspx

20



not the connection will be persistent. Tunnel mode is typically used when an intermediate piece of hardware terminates the IPsec connection prior to complete transmission to a target endpoint.

Discovery tab Provides the target portal TCP/IP addresses to add to the configuration, along with IP Address and Port specification for the connection; advanced features such as CHAP secret and IPsec encryption strengths are assigned to the target specifically.

The iSNS Server TCP/IP address is provided an insertion area when it is active. This provides an alternative to manual insertion of the iSCSI Target portal address in the MS Initiator Discovery GUI panel (not shown in Figure 17).

All iSCSI targets registered with the iSNS server will appear in the MS iSCSI Initiator GUI login panel under the Targets tab.

Figure 17shows the registration of the iSCSI Microsoft initiator named Licoa254 and EMC Symmetrix 2000 iSCSI/GigE Storage Directors, 50060048ad52e7c0a and 5006048ad52e7c1a.

Figure 17 Discovery Domains tab

21



Targets tab Allows “Log On” ability with the target, as well as whether or not activity should occur during bootup. Multipath can be turned on only if the multipathing software exists.

The Microsoft iSCSI Initiator and iSNS server can be managed via the respective GUI applications. In addition to the GUI both the iSCSI Initiator and the iSNS Server can be managed and monitored via respective CLI commands through the Microsoft Windows CLI.

> scsicli

> listinitiators

Initiators List:

Root\SCSIADAPTER\0000_0

The operation completed successfully.

[iqn.1991-05.com.microsoft:licoa254]

Enter command or ^C to exit

> C:\Documents and Settings\Administrator>isnscli listnodes

Nodes:

iqn.1992-04.com.emc:5006048ad52e7c1a

iqn.1992-04.com.emc:5006048ad52e7c0a

iqn.1992-04.com.emc:50060482d52e654a

iqn.1992-04.com.emc:50060482d52e655a

MSiSNSControlNode:00000b74

iqn.1991-05.com.microsoft:licoa254

MSiSNSControlNode:00000f64

Success

22



iSCSI Initiator Discovery and Login overview

Symmetrix storage arrays support two methods of iSCSI target discovery: “SendTargets” through the initiator GUI or CLI and iSNS server, and standard discover protocols designed for all iSCSI applications.

SendTargets The SendTarget portals are statically configured using the iSCSIcli GUI. The iSCSI initiator service will perform an iSCSI discovery login followed by a SendTargets operation at the time the target portal is added and whenever the service starts or whenever a management application requests a refresh.

To discover targets from the initiator administrators can use either the Microsoft iSCSI Initiator “GUI” tool or the iSCSIcli, which can be opened through the standard command utility in Windows.

In the applet, the Discover tab is used to add devices, wherein from the iSCSIcli, the targets can be added through the following command:

iSCSIcli AddTargetPortal <TargetPortalAddress> <TargetPortalSocket>

iSCSIcli AddTargetPortal 10.243.156.70 3260

C:\>iSCSIcli ListTargets T

Microsoft iSCSI Initiator version 2.0 Build 3273

Targets List:

iqn.1992-04.com.emc:50060482d52e649a

iqn.1992-04.com.emc:50060482d52e648a

iqn.1992-04.com.emc:50060482d52e654a

iqn.1992-04.com.emc:50060482d52e655a

The operation completed successfully.

23



Figure 18 and Figure 19 show two Symmetrix iSCSI targets as a result of the SendTargets and two additional Symmetrix iSCSI targets that have registered with the iSNS service. At this stage no log-in procedure has taken place as indicated by the Inactive status of all Symmetrix targets.

Figure 18 Target discovery

24



Figure 19 Symmetrix targets logged and connected to the MS Initiator

Internet Storage Name Service (iSNS) The iSNS protocol is designed to facilitate the automated discovery, management, and configuration of iSCSI and Fibre Channel devices on a TCP/IP network. Similar to Fibre Channel management tools known as “fabric managers” it facilitates a seamless integration of IP and Fibre Channel networks due to its ability to emulate Fibre Channel fabric services and manage both iSCSI and Fibre Channel devices.

Figure 20 indicates the iSNS TCP/IP address entry that provides the reference to registration for the iSCSI initiator and associated iSCSI targets that have registered with the iSNS services.

25



Figure 20 iSNS identification

If needed, final validation can be done by EMC CS through Inlines. Figure 21 shows a successful iSCSI login session between the Microsoft Initiator licoa254 and Symmetrix Director 11c at TCP/IP portal address 10.243.156.91.

Figure 21 Inlines validation

26



Troubleshooting Since iSCSI is a TCP/IP network-based application, troubleshooting connectivity is done similarly to the way network administrators would troubleshoot host-to-target connections. The most common area of difficulty is the initialization of the host and target relationship if the IP network is not properly configured and the two entities cannot associate to one another.

There are simple ways of detecting problems that can be determined by using readily available tools as outlined with the output examples that follow. These tools are available through Symmetrix, Wireshark TCP/IP utility, Windows Operating System CLI, and Microsoft iSCSIcli commands. Application-based troubleshooting would need to be done by the customer’s IT resources as the MS iSCSI Initiator and ISNS would be loaded on their machine; this is beyond the scope of this technical note.

Symmetrix Service Processor CLI EMC CS personnel also have the ability from the Symmetrix that contains the GigE Director to run Ping, Tracert, Arp and Netstat in addition to other network analysis commands. The TX/RX status and power levels can also be validated on the iSCSI Ethernet cable. These standard troubleshooting commands are shown in the next four outputs.

27



Ping 10.243.155.254

Figure 22 Symm. CLI output: Ping for network availability

Tracert 10.243.155.254

Figure 23 Symm. CLI output: Traceroute to the host

Netstat –i provides network Input/Output statistics that can be analyzed to check for errors.

Figure 24 Symm. CLI output: Network status

28



Netstat –s provides network indications of Segments Retransmitted, Retransmitted Timeouts, Bad Segments Received, and Resets Sent. All are good indications of potential network problems or bandwidth issues.

Figure 25 Symm CLI output: Network status

29



FC,BKAD,STAT

Figure 26 Symm. CLI output: Back adapter status

For reference:

dBm = 10 * log(mW) RX example: 0.245mW -> 10 * log(0.377) = -4.7dBM Avg

dBm = 10 * log(mW) TX example: 0.337mW -> 10 * log(0.245) = -6.1 dBm Avg

Link Type RX Min RX Max TX Min TX Max

Multimode GbE -19 dBm -3 dBm -11.5 dBm -3 dBm

Symmetrix link connectivity check procedure Is the link configured correctly / <tg –s link> Is the link up / <tg status> Does the interface respond to a ping / <ping IP address> Is TCP in the correct state / <netstat> Is the initiator connected / iscsi state <8F,> Are commands being sent / iscsi cmd count <8F,CMDS,SCSI>

Wireshark (Ethereal) Formerly known as Ethereal, the network protocol analyzer Wireshark can be used to analyze and inspect iSCSI traffic from initiator and target packets. This freeware has the ability to inspect all TCP/IP traffic in addition to iSCSI and iSNS packets. The typical output of a packet trace will provide the administrator with a series of traces based on protocol and is easily filtered based on any protocol. To look for iSCSI traffic the iSCSI protocol would be chosen through the toolbar in the Analzye > Enabled Protocols option. Other protocols such as TCP, IP, and ICMP

30



should also be chosen and when the Wireshark application is started and stopped through the toolbar in Capture > Start, administrators can filter the information to determine whether or not traffic is moving. When there is conclusive evidence of a problem, the IT network administrators for the customer site would need to be alerted. Also, no one should be placing analyzers on a customer network without permission. They are sometimes mistaken as someone attacking or spying on the network.

Figure 27 Enabling protocols

31



Figure 28 Filtering trace (sample output)

Symmetrix Trace/Log facilities A CS invoked TCP dump facility allows global or specific traces of TCP and IP sequences. In addition a Syslog facility provides the ability to monitor TCP Event sequences

Microsoft CLI commands Additional iSCSI diagnostic analysis information can be acquired through the use of the iSCSI and ISNS Command Line Interface in the operating system’s CLI. This CLI level of detail can be valuable when diagnosing iSCSI-related issues. Refer to the Microsoft iSCSI and ISNS Users Guides, respectively, for detailed CLI command strings that are not shown here.

32



The following example is the result of the CLI command ReportTargetMappings. As denoted with the circular markings, the output provides details on the MS Initiator version and build, number of iSCSI Target Sessions active, Session ID, Target name, Initiator, Target ID, and associated LUNs plus additional Initiator variables.

Figure 29 CLI output: Report target mappings

This extract from the iSCSI CLI SessionList command provides detailed information in regards to Session, Connection and Device variables.

33



Figure 30 CLI output: Session list

Beyond simple network issues, congestion can create latency that can affect scalability of iSCSI traffic, especially since the 2112k frame size of block I/O is segmented to work with TCP transmission. A network link is said to be congested if contention for it causes queues to build up and packets start getting dropped. A poorly configured or overutilized network can result in unacceptable iSCSI performance.

Other factors that could impact overall iSCSI performance that are beyond the scope of this technical note are:

Network NIC or HBA features (TOE, iSCSI Assist)

34

Conclusion


Server processing power and memory utilization Server application and services loading Router and/or switch port buffers MTU size Header and/or data digest MPIO (PowerPath) not operational IPsec

Troubleshooting these applications is done through either the vendor’s documentation or advanced IT technical assistance of which the customer would have to provide.

Conclusion

EMC Symmetrix with iSCSI multiprotocol channel directors is capable of extending connectivity topology options to allow a customer’s host machines to access storage locally via LAN or WAN networks. With ease-of-use products from Microsoft and improvements to Symmetrix Enginuity code, the scalability and security for IP solutions in the Enterprise environment have become more viable as solutions for host to storage management. Management of the environment has improved as well with GUI applications such as the Symmetrix Management Console (SMC), which gives EMC CS as well as customers a more-visible window inside their environment.

The future of IP solutions for the data center is rapidly changing and new technologies are being introduced. Each solution has its place within the data center determinant on where it makes the most value. For iSCSI, it is clearly useful still for small I/O generating hosts but the scalability for the Symmetrix enterprise will be palatable with the advance of virtualized machines and Microsoft Windows flexibility. This technical note serves to lay the foundation for those implementations!

References

The following can be found on Powerlink:

EMC Networked Storage Topology Guide EMC Fibre Channel and iSCSI with QLogic Host Bus Adapters in

the Windows Environment EMC Host Connectivity Guide for VMware ESX Server EMC PowerPath and MPIO Technical Notes (internal use only)

https://elabnavigator.emc.com/emcpubs/elab/esm/pdf/emc_topo_guide.pdf

35

Conclusion


EMC Solutions Enabler Symmetrix Array Control CLI Product Guide

EMC Solutions Enabler Version 6.5 Installation Guide EMC Solutions Enabler Version 6.5 Release Notes Symmetrix Management Console Installation Guide Symmetrix Management Console Release Notes

The following can be found on Microsoft’s website:

iSCSI Software Initiator 2.0 download Microsoft iSNS Server 3.0 Microsoft Support for iSCSI Microsoft Deploying iSCSI SANs Microsoft Highly Available Storage: Multipathing and the Microsoft

MPIO Driver Architecture white paper Copyright © 2008 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.

All other trademarks used herein are the property of their respective owners.

http://www.microsoft.com/downloads/details.aspx?familyid=12CB3C1A-15D6-4585-B385-BEFD1319F825&displaylang=en

http://www.microsoft.com/downloads/details.aspx?familyid=0DBC4AF5-9410-4080-A545-F90B45650E20&displaylang=en

http://download.microsoft.com/download/9/4/b/94ba64d1-959e-44b8-b221-206297e832bb/Deploying%20iSCSI%20SANs.doc

http://download.microsoft.com/download/9/4/b/94ba64d1-959e-44b8-b221-206297e832bb/Deploying%20iSCSI%20SANs.doc

http://download.microsoft.com/download/3/0/4/304083f1-11e7-44d9-92b9-2f3cdbf01048/mpio.doc

http://download.microsoft.com/download/3/0/4/304083f1-11e7-44d9-92b9-2f3cdbf01048/mpio.doc