Sie sind auf Seite 1von 19

IP SAN Fundamentals: An Introduction to IP SANs and iSCSI

Updated April 2007

Sun Microsystems, Inc.

2007 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 5054 !SA All ri"#ts reser$e%. &#is 'ro%uct or %ocument is 'rotecte% (y co'yri"#t an% %istri(ute% un%er licenses restrictin" its use, co'yin", %istri(ution, an% %ecom'ilation. No 'art o) t#is 'ro%uct or %ocument may (e re'ro%uce% in any )orm (y any means wit#out 'rior written aut#ori*ation o) Sun an% its licensors, i) any. &#ir%+'arty so)tware, inclu%in" )ont tec#nolo"y, is co'yri"#te% an% license% )rom Sun su''liers. ,arts o) t#e 'ro%uct may (e %eri$e% )rom -erkeley -S. a''liances, license% )rom t#e !ni$ersity o) Cali)ornia. Sun, Sun Microsystems, Sun Stor/%"e, t#e Sun lo"o, an% Solaris are tra%emarks, re"istere% tra%emarks, or ser$ice marks o) Sun Microsystems, Inc. in t#e !.S. an% ot#er countries. !NI0 is a re"istere% tra%emark in t#e !nite% States an% ot#er countries, e1clusi$ely license% t#rou"# 023'en Com'any, 4t%. 5in%ows is a re"istere% tra%emark o) Microso)t Cor'oration in t#e !nite% States an% ot#er countries. All S,A6C tra%emarks are use% un%er license an% are tra%emarks or re"istere% tra%emarks o) S,A6C International, Inc. in t#e !.S. an% ot#er countries. ,ro%ucts (earin" S,A6C tra%emarks are (ase% u'on an arc#itecture %e$elo'e% (y Sun Microsystems, Inc. &#e 3,/N 4337 an% Sun8s 9ra'#ical !ser Inter)ace was %e$elo'e% (y Sun Microsystems, Inc. )or its users an% licensees. Sun acknowle%"es t#e 'ioneerin" e))orts o) 0ero1 in researc#in" an% %e$elo'in" t#e conce't o) $isual or "ra'#ical user inter)aces )or t#e com'uter in%ustry. Sun #ol%s a non+e1clusi$e license )rom 0ero1 to t#e 0ero1 9ra'#ical !ser Inter)ace, w#ic# license also co$ers Sun8s licensees w#o im'lement 3,/N 4337 9uise an% ot#erwise com'ly wit# Sun8s written license a"reements. 6/S&6IC&/. 6I9:&S; !se, %u'lication, or %isclosure (y t#e !.S. 9o$ernment is su(<ect to restrictions o) =A6 52.227+14>"?>2?>@2A7? an% =A6 52.227+ 1 A7?, or .=A6 252.227+7015>(?>@2 5? an% .=A6 227.7202+B>a?. .3C!M/N&A&I3N IS ,63CI./. DAS ISE AN. A44 /0,6/SS 36 IM,4I/. C3N.I&I3NS, 6/,6/S/N&A&I3NS AN. 5A66AN&I/S, INC4!.IN9 ANF IM,4I/. 5A66AN&F 3= M/6C:AN&A-I4I&F, =I&N/SS =36 A ,A6&IC!4A6 ,!6,3S/ 36 N3N+ IN=6IN9/M/N&, A6/ .ISC4AIM/., /0C/,& &3 &:/ /0&/N& &:A& S!C: .ISC4AIM/6S A6/ :/4. &3 -/ 4/9A44F INCA4I..

Sun Microsystems, Inc.

Table of Contents
Introduction: W ! "uild Stora#e Area Net$or%s&''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''( Terminolo#!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2 iSCSI Fundamentals'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''') Internet Stora#e Name Ser*ice''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''+ ,UN -as%in#''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''. IP SAN Securit!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''7 iSCSI /ost "us Adapters''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0 "ootin# 1*er iSCSI''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2 iSCSI Tar#ets and iSCSI 3outers''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(0 45tendin# IP SANs 1*er Wide Area Net$or%s'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(( Positionin# IP SANs $it NAS and Fibre C annel SANs''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(2 -a%in# a C oice bet$een an IP SAN or a Fibre C annel SAN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''() 3eferences'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''(+

1 Intro%uction; 5#y -uil% Stora"e Area NetworksG

Sun Microsystems, Inc.

Introduction: W ! "uild Stora#e Area Net$or%s&


In a .irect Attac#e% Stora"e >.AS? en$ironment, more stora"e ca'acity t#an a''lications reHuire is commonly 'urc#ase% as insurance a"ainst runnin" out o) s'ace; t#is is calle% o$er+'ro$isionin". Stora"e Area Networks >SANs? allow multi'le #etero"eneous #osts to s#are stora"e su(+systems. .isks are 'oole% (e#in% an array controllerI 6AI. $olumes are create% )rom t#e %isksI t#e 6AI. $olumes are car$e% u' into $olumesI an% t#e $olumes are 'resente% to #osts. &#is re%uces t#e nee% to o$er+'ro$ision resultin" in; )ewer su(+systems in t#e .ata CenterI #i"#er utili*ation o) t#e a$aila(le stora"eI an% sa$in"s on s'ace, #eat an% 'ower. =i(re C#annel SANs (ecame 'o'ular in t#e late 1 0s an% are wi%ely use% to%ay (ut, %es'ite 'rices )allin" in recent years, t#e costs o) a =i(re C#annel Switc# in)rastructure, =i(re C#annel :ost -us A%a'ters an% trainin" sta)) in t#e new skills reHuire% to mana"e a SAN remain a (arrier to entry )or many or"ani*ations an% I& "rou's; I, (ase% SANs o))er many o) t#e (ene)its o) =i(re C#annel SANs, (ut at a lower cost. &#is %ocument 'ro$i%es a #i"# le$el tec#nical o$er$iew o) I, SANs an% iSCSI, an% 'ositions I, SANs relati$e to =i(re C#annel SANs an% NAS.

2 &erminolo"y

Sun Microsystems, Inc.

Terminolo#!
iSCSI
iSCSI >Internet Small Com'uter System Inter)ace? is a %ata trans'ort 'rotocol use% to carry (lock+le$el %ata o$er I, networks.

IP SAN
An I, SAN is a Stora"e Area Network t#at uses t#e iSCSI 'rotocol to trans)er (lock+le$el %ata o$er a network, "enerally /t#ernet.

Initiator
In t#is %ocument t#e term JinitiatorJ is use% interc#an"ea(ly to re)er to a ser$er, #ost or %e$ice %ri$er t#at initiates >i.e. (e"ins? iSCSI comman% seHuences.

Tar#et
iSCSI tar"ets (reak %own iSCSI comman% seHuences )rom initiators an% 'rocess t#e SCSI comman%s. /1am'les o) iSCSI tar"ets are a %isk or ta'e %e$ice wit# an iSCSI 'ort an% a NAS a''liance wit# iSCSI tar"et su''ort.

Fibre C annel SAN


A =i(re C#annel SAN is a =i(re C#annel network o$er w#ic# t#e SCSI+=C, >=i(re C#annel SCSI? 'rotocol runs. See 6e)erences )or a resource t#at %iscusses =i(re C#annel SANs in %etail.

B iSCSI =un%amentals

Sun Microsystems, Inc.

iSCSI Fundamentals
iSCSI 4nablin# /osts
So)tware (ase% iSCSI initiators are a$aila(le )or most o'eratin" systems inclu%in"; t#e Solaris&M 3SI Microso)t 5in%owsI AI0, :,+!0I an% 4inu1. &#ese work wit# stan%ar% NICs. iSCSI :ost -us A%a'ters >:-As? are a$aila(le to 'ro$i%e iSCSI su''ort )or some o'eratin" systems >or $ersions o) o'eratin" systems? t#at %o not #a$e so)tware initiators a$aila(le. See re)erence >$? )or a list o) Solaris 6ea%y iSCSI :-As.

iSCSI Node Names


/$ery iSCSI initiator an% tar"et #as a worl%wi%e uniHue i%enti)ier calle% a no%e name. A tar"et8s no%e name is assi"ne% (y t#e manu)acturer. 3n a #ost, a worl%wi%e uniHue no%e name is "enerate% (y t#e iSCSI initiator so)tware w#en it is )irst ena(le%I t#e no%e name can also (e set manually. A #ost8s no%e name is use% to re'resent all o) t#e network 'orts )or t#at #ost, i.e. it is uniHue to t#e #ost, not to an in%i$i%ual network 'ort on t#e #ost. &#ere are two )ormats )or iSCSI no%e names; /1ten%e% !niHue I%enti)ier >/!I? an% iSCSI Kuali)ie% Name >IKN?. /!I8s look $ery like =i(re C#annel 5orl%wi%e Num(ers. e.". eui.020045@7A425@7AA. IKN8s look like an unusual .NS name. An e1am'le o) an IKN is iHn.1 A@+0B.com.sun;01;e00000000000.441A0a0A. &#e IKN )ormat is 'ro$in" to (e more 'o'ular. Note t#at t#e %omain name style in)ormation in an IKN no%e name is not %eri$e% )rom t#e #ost8s actual %omain (ut is %e)ine% (y t#e com'any w#ic# wrote t#e initiator stackI t#e a(o$e e1am'le is )rom t#e iSCSI so)tware initiator in t#e Solaris 10 3S.

iSCSI ,o# In
An iSCSI lo" in is t#e 'rocess o) esta(lis#in" an iSCSI session.

iSCSI Sessions and Portals


&#e association (etween an iSCSI initiator an% an iSCSI tar"et is known as an iSCSI session. &o esta(lis# an iSCSI session t#e initiator lo"s into t#e tar"et usin" t#e tar"et8s I, a%%ress an% a &C, 'ort num(er. &#is I, a%%ress an% &C, 'ort num(er 'air is known as an iSCSI ,ortal.

4 iSCSI =un%amentals

Sun Microsystems, Inc.

iSCSI 6isco*er!
iSCSI .isco$ery is t#e 'rocess (y w#ic# an iSCSI initiator can learn w#ic# tar"et iSCSI no%e names are a$aila(le to it. &#ere are a num(er o) %i))erent met#o%s o) %isco$ery; Static Confi#uration &#e initiator is tol% t#e com'lete tar"et name inclu%in" 'ortal a%%resses, etc. &#is in)ormation is con)i"ure% manually. Send7Tar#ets &#e initiator is tol% to Huery a %isco$ery I, a%%ress. &#e initiator communicates wit# t#e %isco$ery a%%ress to recei$e all t#e con)i"uration %ata a$aila(le to t#is initiator )or t#at tar"et, e.". all o) t#e $olumes it #as access to. &#is nee%s to (e re'eate% )or eac# tar"et. Internet Stora#e Name Ser*ice =or small I, SANs t#e met#o%s %escri(e% a(o$e will su))ice. =or lar"er I, SANs t#e Internet Stora"e namin" Ser$ice >iSNS? remo$es t#e nee% to manually enter %isco$ery in)ormation on eac# initiator (y 'ro$i%in" centrali*e% namin" ser$ices, iSNS is a lar"e to'ic an% is co$ere% in a later section.

iSCSI -ultipat in#


5#ere iSCSI multi'at#in" is reHuire%, t#ere are a num(er o) o'tions a$aila(le. Sun #as 'u(lis#e% a Sun -lue,rints&M %ocument w#ic# %iscusses a ran"e o) iSCSI multi'at#in" solutionsI see 6e)erences.

5 Internet Stora"e Name Ser$ice

Sun Microsystems, Inc.

Internet Stora#e Name Ser*ice


&#e Internet Stora"e namin" Ser$ice >iSNS? remo$es t#e nee% to manually enter %isco$ery in)ormation on e$ery initiator (y 'ro$i%in" centrali*e% namin" ser$ices )or t#e I, SAN. &#e iSNS ser$er can (e im'lemente% on a ran"e o) 'lat)orms inclu%in" network switc#es an% as an a''lication runnin" on a #ost; Cisco im'lements an iSNS ser$er in some o) its SAN switc#es >w#ic# su''ort =i(re C#annel an% iSCSI? an% Microso)t o))ers a )ree iSNS ser$er t#at runs on a ser$er usin" Microso)t 5in%ows. &#ere are also 'lans to su''ort an iSNS ser$er in a )uture release o) t#e Solaris 10 3S. Initiators an% tar"ets must #a$e iSNS client su''ort (uilt in to (e a(le to work wit# an iSNS ser$er. &#e iSCSI %e$ices will nee% to (e con)i"ure% to re"ister t#emsel$es wit# t#e iSNS ser$er w#en t#ey come online. 5#en %e$ices re"ister t#ey 'ro$i%e in)ormation a(out t#emsel$es to t#e name ser$ice >e.". i) t#ey are a tar"et or an initiator? an% tell t#e iSNS ser$er w#ic# e$ents t#ey wis# to (e noti)ie% o). Initiators t#en Huery t#e iSNS ser$er )or tar"et in)ormation as 'art o) t#e %isco$ery 'rocess, an% lo" in to t#e tar"ets to )in% out more a(out t#em. It is not always %esira(le t#at all initiators see all %e$ices, an% t#e iSNS A%ministrator can set u' .isco$ery .omains t#at %e)ine w#ic# tar"ets an initiator is "i$en access to w#en it Hueries t#e iSNS ser$er. I) a %e$ice is a%%e% or remo$e% )rom t#e I, SAN a State C#an"e Noti)ication >SCN? is sent (y t#e iSNS ser$er to iSCSI no%es re"istere% to recei$e t#em. =or e1am'le, i) a tar"et "oes o))line initiators nee% to (e noti)ie% so t#at t#ey can )la" 4!Ns as o))line at t#e #ost 3S le$el. Normally only initiators re"ister to recei$e SCNs. I, SANs are usually (uilt usin" /t#ernet switc#es w#ic# are not aware o) iSNS. &#e iSNS ser$er is aware o) new %e$ices <oinin" t#e SAN as t#ey re"ister wit# it, (ut t#e ser$ice will not (e noti)ie% (y /t#ernet switc#es o) %e$ices (ein" remo$e%. &o ensure t#at it #as an u' to %ate 'icture o) t#e I, SAN, t#e iSNS ser$er 'erio%ically sen%s an /ntity Status InHuiry >/SI? to all t#e re"istere% %e$ices to c#eck t#at t#ey are still 'resent an% i) it )in%s t#at a %e$ice #as "one o))line it will sen% SCNs to t#e a))ecte% initiators. Note t#at in a =i(re C#annel SAN t#e =i(re C#annel Sim'le Name Ser$ice runs on all t#e =i(re C#annel switc#es in t#e SAN; t#ere is no reHuirement to c#eck i) %e$ices #a$e (een remo$e% $ia %irect 'ollin", as t#e in%i$i%ual switc# will see t#at a %e$ice connecte% to it #as "one o))line an% will noti)y all t#e ot#er switc#es in t#e =a(ric o) t#e e$ent. See 6e)erences )or more on t#is to'ic.

@ 4!N Maskin"

Sun Microsystems, Inc.

,UN -as%in#
I) a tar"et is an array or NAS a''liance wit# iSCSI su''ort, many #osts may (e initiatin" a"ainst it. A met#o% o) controllin" access to t#e tar"et8s $olumes is necessary, ot#erwise multi'le #osts can %isco$er an% try to use t#e same $olume an%, wit# t#e e1ce'tion o) certain a''lications w#ic# su''ort or reHuire s#are% stora"e, %ata corru'tion woul% almost certainly result. &o ac#ie$e t#is, t#e A%ministrator maintains Access Control 4ists >AC4s? on t#e iSCSI tar"et w#ic# contain a list o) t#e initiator no%e names t#at are 'ermitte% to access eac# iSCSI $olume. Initiators cannot %isco$er $olumes t#at t#ey #a$e not (een "i$en access to. &#e $olume >also known commonly as a 4!N? is Jmaske%J; t#ey cannot see it.

7 I, SAN Security

Sun Microsystems, Inc.

IP SAN Securit!
8,ANs
Cirtual 4ocal Area Networks >C4ANs? are t#e most common met#o% o) securin" I, SANs. C4ANs can (e use% to isolate iSCSI no%es )rom ot#er %e$ices on t#e network.

C/AP
&#e C#allen"e :an%s#ake Aut#entication ,rotocol >C:A,? is use% )or aut#entication (etween iSCSI tar"ets an% iSCSI initiators. C:A, can (e !ni%irectional or -i%irectional; usin" !ni%irectional C:A,, an iSCSI initiator aut#enticates itsel) wit# an iSCSI tar"et usin" a secret key >i.e. a 'asswor%? known as t#e C:A, secretI usin" -i%irectional C:A, t#e tar"et t#en also aut#enticates itsel) wit# t#e initiator usin" a secon% C:A, secret. A 6A.I!S ser$er can (e use to sim'li)y C:A, secret key mana"ement w#en usin" -i%irectional C:A, aut#entication >A 6A.I!S ser$er is a centrali*e% aut#entication ser$ice?. 5#ile you must still s'eci)y t#e initiatorLs C:A, secret, you are no lon"er reHuire% to s'eci)y eac# tar"etLs C:A, secret on eac# initiator.

IPsec
I, Security >I,sec? is a set o) 'rotocols %e$elo'e% (y t#e Internet /n"ineerin" &ask =orce >I/&=? to su''ort t#e secure e1c#an"e o) 'ackets at t#e I, layer. I,sec is %e'loye% wi%ely to im'lement Cirtual ,ri$ate Networks >C,Ns?. I,sec can o'erate in &rans'ort Mo%e or &unnel Mo%e; In &rans'ort Mo%e, 'rotection is 'ro$i%e% all t#e way )rom t#e source to t#e %estination. =or iSCSI t#is woul% reHuire t#at t#e initiator an% t#e tar"et su''ort I,sec. &unnel mo%e 'ro$i%es "ateway+to+"ateway transmission security. &#is reHuires no s'ecial su''ort in t#e iSCSI #ost %ri$er or tar"et. .ata in transmission remains un'rotecte% until it reac#es a network "ateway. 3nce at t#e "ateway, it is secure% wit# I,Sec until it reac#es t#e %estination "ateway. At t#is 'oint, %ata 'ackets are %ecry'te% an% $eri)ie%. &#e %ata is t#en sent to t#e recei$in" #ost un'rotecte%. &unnel mo%e is o)ten em'loye% w#en %ata must lea$e t#e secure con)ines o) a local 4AN or 5AN an% tra$el (etween #osts o$er a 'u(lic network suc# as t#e Internet.

A iSCSI :ost -us A%a'ters

Sun Microsystems, Inc.

iSCSI /ost "us Adapters


=i"ures o) (etween 500 M:* an% 1 9:* o) C,! are o)ten Huote% as (ein" reHuire% to %ri$e an iSCSI so)tware stack at line s'ee% t#rou"# a 9i"a(it /t#ernet NIC. Most o) t#ese C,! cycles are actually consume% 'rocessin" t#e &C,2I, stack trans'ortin" t#e %ata. iSCSI :-As 'rocess t#e &C,2I, an% iSCSI comman%s usin" on+(oar% custom c#i's, so o))+loa%in" t#e #ost8s C,!>s?. iSCSI :-As 'ro$i%e t#e a%%e% con$enience o) 'resentin" iSCSI $olumes as stan%ar% SCSI; no nati$e iSCSI su''ort is reHuire% in t#e #ost 3S. 5#ilst t#e $ast 'ro'ortion o) iSCSI users are #a''y usin" an iSCSI so)tware stack, t#e C,! loa% "enerate% (y I23 intensi$e a''lications can (ecome an issue in some casesI w#en t#is occurs, iSCSI :-As can (e use% to resol$e t#e 'ro(lem. See re)erence >$? )or a list o) Solaris 6ea%y iSCSI :-As.

-ootin" 3$er iSCSI

Sun Microsystems, Inc.

"ootin# 1*er iSCSI


!ntil recently, t#e only way to su''ort (ootin" o$er iSCSI was to use iSCSI :-As. In)ormation a(out t#e #ost8s iSCSI (oot %e$ice is 'ro"ramme% %irectly into t#e :-A an%, so )ar as t#e #ost 3S, is concerne% it is (ootin" o)) a local SCSI %isk. So)tware+only (ase% iSCSI (oot solutions are now a$aila(le )or some 3S t#at work wit# stan%ar% NICs. Microso)t announce% so)tware+only su''ort )or %iskless (ootin" o) Microso)t 5in%ows o$er iSCSII see re)erence >i$?. Solutions are a$aila(le )or 4inu1. In a%%ition, t#ere are 'lans to su''ort t#is in a )uture release o) t#e Solaris 10 3S.

10 iSCSI &ar"ets an% iSCSI 6outers

Sun Microsystems, Inc.

iSCSI Tar#ets and iSCSI 3outers


&#e most 'o'ular iSCSI tar"ets are NAS a''liancesI iSCSI su''ort allows NAS a''liances to 'ro$i%e (lock ser$ices as well t#e tra%itional )ile ser$ices. 3t#er o'tions are to a%% iSCSI connecti$ity to an e1istin" =i(re C#annel array or use an iSCSI 6outer to 'ro$i%e connecti$ity )or iSCSI initiators to arrays in an e1istin" =i(re C#annel SAN. iSCSI 6outers route SCSI tra))ic (etween I, SANs an% =i(re C#annel SANs. &#ey are ty'ically use% w#ere an or"ani*ation #as a =i(re C#annel SAN an% wis#es to "i$e a num(er o) #osts access to %e$ices in t#at SAN wit#out t#e e1'ense o) =i(re C#annel :-As. =or e1am'le, we wis# to "i$e iSCSI initiators access to $olumes on a =i(re C#annel array connecte% to a =i(re C#annel SAN. 5e connect t#e iSCSI 6outer to t#e =i(re C#annel SAN, 'resent $olumes )rom t#e array to t#e router o$er =i(re C#annel, an% t#e router t#en %oes t#e necessary 'rotocol con$ersion (etween SCSI+=C, an% iSCSI to 'resent t#ose $olumes to #osts on t#e I, SAN.

11 /1ten%in" I, SANs 3$er 5i%e Area Networks

Sun Microsystems, Inc.

45tendin# IP SANs 1*er Wide Area Net$or%s


/1ten%in" =i(re C#annel SANs o$er lon" %istances reHuires s'eciali*e% #ar%ware to route =i(re C#annel o$er I, network links. iSCSI runs nati$ely o$er I, networks an% (ene)its )rom t#e &C,2I, )low control mec#anisms an% o'timi*ations t#at allow t#em to work e))iciently o$er lon" %istances. &#is means t#at iSCSI initiators can connect %irectly to tar"ets o$er an e1istin" network in)rastructure wit#out any a%%itional s'eciali*e% eHui'ment (ein" reHuire%.

12 ,ositionin" I, SANs wit# NAS an% =i(re C#annel SANs

Sun Microsystems, Inc.

Positionin# IP SANs $it NAS and Fibre C annel SANs


NAS and IP SANs
NAS clients access )iles in )ile systems on a =ile Ser$er or NAS a''liance o$er an I, network usin" CI=S or N=S 'rotocols. iSCSI 'ro$i%es #osts wit# (lock+le$el access to %ata o$er an I, network. Most NAS a''liances now su''ort iSCSI, an% can ser$ice iSCSI tra))ic on t#e same 'orts as t#ey ser$ice CI=S an% N=S. -lock+le$el access is more suita(le )or some a''lications t#an N=S or CI=S, 'articularly %ata(ases an% some email systems; Microso)t %oes not su''ort Microso)t /1c#an"e or Microso)t SK4 Ser$er o$er CI=S or N=S, (ut %oes su''ort t#em o$er iSCSI. &o 'ro$i%e an iSCSI 4!N to an initiator an e1tent o) stora"e on a NAS a''liance is %esi"nate% as a raw iSCSI $olume. An iSCSI initiator sees t#is $olume as a 4!N an% can create a )ile system on it. It is im'ortant to note t#at you cannot access t#e same stora"e or %ata t#rou"# (ot# iSCSI an% CI=S or N=S, t#e NAS a''liance #as no $isi(ility o) t#e %ata in t#e )ile system (uilt on t#e iSCSI $olume (y t#e client, an% t#e raw iSCSI $olume cannot (e s#are% to CI=S or N=S clients.

Fibre C annel SANs and IP SANs


=i(re C#annel SANs reHuire a =i(re C#annel switc# in)rastructure to (e installe% an% all t#e #osts reHuire =i(re C#annel :-As. &#is can (e cost+'ro#i(iti$e )or smaller or"ani*ations an% I& "rou's, so =i(re C#annel SANs ten% to (e %e'loye% in .ata Centers w#ere an or"ani*ation8s lar"est ser$ers, stora"e su(+systems an% t#e most im'ortant a''lications are #ouse%I Core .ata Centers "enerally can <usti)y t#e costs an% #a$e t#e necessary skills to mana"e a =i(re C#annel SAN. I, SANs can (e %e'loye% at lower costs t#an =i(re C#annel SANs; I, SANs run o$er e1istin" I, networksI #osts can (e connecte% $ia stan%ar% Network Inter)ace Car%s >NICs?I an% so)tware iSCSI initiators 'ro$i%e% as 'art o) t#e #ost 3S can (e use% to connect to iSCSI tar"et %e$ices. &o a lar"e %e"ree, e1istin" networkin" skills an% tools can (e use% to mana"e an I, SAN, (ut it must not (e o$erlooke% t#at I& sta)) will nee% to (ecome )amiliar wit# 4!N mana"ement tasks on tar"ets an% #osts.

1B Makin" a C#oice (etween an I, SAN or a =i(re C#annel SAN

Sun Microsystems, Inc.

-a%in# a C oice bet$een an IP SAN or a Fibre C annel SAN


5#at i) you #a$e to make a %ecision a(out 'ro'osin" or (uyin" an I, SAN (ase% solutionG &#is section o))ers some areas to consi%er ot#er t#an cost, an% )inis#es wit# a c#ecklist.

Support and Interoperabilit!


=i(re C#annel tec#nolo"y is mature an% well un%erstoo% (y #ar%ware an% so)tware $en%ors, so a (roa% le$el o) su''ort an% intero'era(ility is a$aila(le. I, SANs are a relati$ely new tec#nolo"y area, so su''ort (y #ar%ware an% so)tware $en%ors an% t#e (rea%t# o) intero'era(ility are less well %e$elo'e%.

Performance
"and$idt Most =i(re C#annel SANs in 'ro%uction to%ay are (uilt on 2 9(it =i(re C#annel. 4 9(it =i(re C#annel %e$ices are now a$aila(le, an% A 9(it is 'lanne%. Most or"ani*ations run a com(ination o) 100 M(it an% 1 9(it /t#ernet networks. 10 9(it /t#ernet is a$aila(le (ut is not wi%ely im'lemente%. 5#ere 10 9(it /t#ernet is installe% it ten%s to (e use% as a .ata Center (ack(one, not )or connections to in%i$i%ual #osts an% es'ecially not )or connections to low cost ser$ers; it is )air to assume t#at most I, SANs to%ay will run o$er 100 M(it an% 1 9(it networks. ,atenc! -an%wi%t# is not e$eryt#in"I I23 latency is $ery im'ortant )or some a''lications. .ata(ase lo" )iles are $ery latency sensiti$e )or e1am'le. In (ot# =i(re C#annel SANs an% I, SANs, t#e locality o) tar"ets an% initiators an% t#e loa%in" o) t#e network contri(ute to I23 latency. A )actor in t#e )a$or o) =i(re C#annel SANs is t#at t#ey are %e%icate% to (lock I23, an or"ani*ation8s /t#ernet network will not (e. .e'loyin" a latency sensiti$e an%2or I23 intensi$e a''lication usin" iSCSI o$er an e1istin" network may result in 'er)ormance 'ro(lems. .irect connection o) t#e #osts to t#e iSCSI tar"et or %e%icate% /t#ernet switc#es or /t#ernet se"ments )or t#e I, SAN is an o'tion in t#ese cases.

14 Makin" a C#oice (etween an I, SAN or a =i(re C#annel SAN

Sun Microsystems, Inc.

IP SAN C ec%list
&#e (elow list o) Huestions may (e use)ul w#en consi%erin" an I, SAN;

.oes my iSCSI tar"et su''ort t#e initiators I wis# to connect to itG .oes my a''lication $en%or su''ort t#e c#osen #ar%ware an% so)tware com(ination t#at make u' my 'ro'ose% I, SANG I, SANs can (e %e'loye% o$er e1istin" in)rastructures (ut I23 intensi$e a''lications will "enerate si"ni)icant amounts o) network tra))ic. Is t#ere ca'acity )or t#is in t#e e1istin" networkG .o I nee% a %e%icate% switc#G Network latency is an issue )or some a''lications. Is my a''lication $en%or #a''y wit# my network latenciesG .o I nee% a %e%icate% switc#G 5#at solutions are a$aila(le )or #ost to tar"et iSCSI multi'at#in"G .o I nee% to consi%er iSCSI :-AsG Can I manually mana"e t#e relations#i's (etween my tar"ets an% initiators or %o I nee% an iSNS ser$erG I) I want to (uil% a :A Cluster; is Clusterin" wit# iSCSI attac#e% stora"e su''orte% )or my a''licationG Are t#ere any (enc#mark results, re)erence arc#itectures or cases stu%ies t#at I s#oul% look atG

15 6e)erences

Sun Microsystems, Inc.

3eferences
i. Sun -lue,rints .ocument; !sin" iSCSI Multi'at#in" in t#e Solaris&M 10 3'eratin" System #tt';22www.sun.com2(lue'rints212052A1 +B7B0.'%) ii. SAN =un%amentals; :ow =i(re C#annel SANs Are -uilt, Secure% an% Mana"e% >on -i"A%min?; #tt';22www.sun.com2(i"a%min iii. Internet Stora"e Name Ser$ice >iSNS? + A &ec#nical 3$er$iew #tt';22www.%isk%ri$e.com2iSCSI2rea%in"+room2w#ite+ 'a'ers2Nis#anMiSNSMAM&ec#nicalM3$er$iew.'%) i$. Microso)t Announces A$aila(ility o) 5in%ows Stora"e Ser$er 200B 62 5it# 3/M ,artners #tt';22www.microso)t.com2'ress'ass2'ress2200@2a'r0@204+04SN5,6.ms'1 $. Solaris 6ea%y iSCSI :-As #tt';22www.sun.com2ioMtec#nolo"ies2in%e1.#tml =or more in)ormation, 'lease see t#e Stora"e A%ministration Site on -i"A%min; #tt';22www.sun.com2(i"a%min2#u(s2stora"e2