Chapter 13. Administration - iSCSI
319
Draft Document for Review March 28, 2011 12:24 pm
7914Admin_iSCSI.fm
and in order to protect the integrity of the data in your DS3500 Storage Subsystem, and its
continuous access, we suggest that, whenever possible, to try to isolate the iSCSI traffic in a
dedicated network. The iSCSI multipathing architecture provides failover to the alternate
controller in the event of an outage situation. Also with MPIO, IBM provides DSM, which also
offers load-balancing algorithms.
For better redundancy, you can increase the availability of your connections using redundant
networks, so a failure in one does not interrupt the remaining redundant connection.
Aside from the basic iSCSI connectivity parameters, such as IP address per target Ethernet
port and associated iSCSI Qualified Names, you could plan in advance several optional
configuration parameters, including enablement of jumbo frames, configuration of a VLAN,
and setting a specific Ethernet priority:
Jumbo frames are created when the MTU is adjusted above 1500 bytes per frame, and
they are set by port. The frame sizes supported are between 1501 and 9000 bytes. When
using jumbo frames, ensure that all of the devices on your iSCSI network, including
switches, initiators, and targets, are configured to use the same maximum jumbo frame
size.
VLAN: As previously mentioned, we suggest, for performance and availability reasons,
having separate networks for redundant interfaces. If it is not possible to segregate an
iSCSI storage system onto a physically separate LAN, with the IBM DS3500 storage
subsystems that are connected by iSCSI, you can use VLANs to maximize the potential
performance.
Ethernet priority: Ethernet priority, sometimes referred to as quality of service or class of
service, is supported in the DS3500 series of storage systems. You can set the Ethernet
priority of the target iSCSI interfaces to increase the class of service received within the
network itself.
Security
Unlike FC SANs or direct SAS connection, Ethernet networks can be more open, so in order
to provide additional security, you can configure the following additional authentication
protocols on the DS5000 storage subsystems:
The Internet Storage Name Service (iSNS) protocol allows for automated discovery,
management, and configuration of iSCSI devices on a TCP/IP network. iSNS servers offer
additional security services through explicitly defined initiator-to-target mappings and
simplified asset locators, similar to that provided by DNS and WINS for IP address lookup
facilities
Challenge Handshake Authentication Protocol (CHAP) provides an additional security
layer within the iSCSI network on the IBM Storage System DS3500 subsystem.
13.2 iSCSI Configuration summary
We cover settings of all mentioned parameters above, in the following topics:
Managing iSCSI Settings
– Target Authentication
– Mutual Authentication
– Target Identification
– Target Discovery
Configuring iSCSI host ports on DS3500
Session and statistics
Summary of Contents for DS3500
Page 2: ......
Page 5: ...iii Draft Document for Review March 28 2011 12 24 pm 7914edno fm ...
Page 789: ......