iSCSI Network ESX5i

Here is Your Customized Document
Your Configuration is: Attaching a server in a Block configuration Model - VNX5300 Storage Type - VNX for Block (SAN) Connection Type - iSCSI Network Server Operating System - ESX Server 5i Path Management Software - PowerPath Document ID - 1342540656203
Reporting Problems To send comments or report errors regarding this document, please email: usercustomizeddocs@emc.com. For Issues not related to this document, contact your service provider. Refer to Document ID: 1342540656203 Content Creation Date July 17, 2012
EMC Attaching a VMware ESXi 5 Server with EMC PowerPath to a VNX5300 in an iSCSI Network Configuration
This document explains how to attach a VMware ESXi 5 Server with EMC PowerPath to a VNX5300 in an iSCSI network configuration.
Important: This document uses the term system to refer to your VNX.
If you are an EMC partner, refer to the EMC Services Partner website to download the Unisphere server software mentioned in this guide. The partner site is available from the Navigator drop-down menu on Powerlink. The main topics in this document are:
Before you start.........................................................................................................................................3 Installing NICs or iSCSI HBAs in the server.............................................................................................5 Assigning an IP address to a NIC or iSCSI HBA......................................................................................7 Installing or Updating PowerPath software...............................................................................................9 Installing Unisphere server software.......................................................................................................10 Connecting the VNX to a server in an iSCSI network configuration.......................................................11 Setting system iSCSI port network parameters......................................................................................16 Configuring an ESXi Server for software iSCSI initiators........................................................................19 Configuring an ESXi Server for hardware iSCSI initiators......................................................................20 Registering the ESXi Server with the system.........................................................................................21 Verifying system health...........................................................................................................................22 Setting system failover values for the server initiators using Unisphere.................................................23 Verifying your high-availability iSCSI configuration.................................................................................25 Configuring your VNX system.................................................................................................................27 Rescanning and sending ESXi Server disk information to the system ..................................................35 Making LUNs available to virtual machines............................................................................................37 Configuring optional CHAP security for NIC initiators.............................................................................42 Configuring optional CHAP security for iSCSI HBA initiators (ESX server only)....................................47 Preparing VMware virtual disks to receive data......................................................................................54 Verifying your failover configuration with PowerPath..............................................................................55
Before you start
Before you start
Read the release notes for your system, which are available on the EMC Online Support website. The following network information from the person responsible for your network:
System iSCSI network information, including static IP address, subnet mask, and default gateway for each system iSCSI port that you will use. The network configuration information, including the IP address and network mask, for any NICs or iSCSI HBAs that you are installing.
You must have a supported Windows host on the same network as the system management ports. You can use this host:
As a client in which you launch the Unisphere software. This client was formerly referred to as the Navisphere management station. To generate a high-availability report of your ESXi Server. To run the Unisphere Service Manager, which runs only on a Windows host. As an EMC Secure Remote Support (ESRS) IP Client, which must be a Windows host, but cannot be a server (that is, it cannot send I/O to the system data ports).
You must have a Unisphere Server with a supported Internet browser that is on the same network as the system management ports. The Unisphere Server replaces the Navisphere Management Server. This host can also be the server or a Unisphere management station (formerly referred to as the Navisphere off-array management station). For supported Internet browsers, see the Unisphere release notes on the EMC Online Support website. You must have an , that is or will be a server with iSCSI connections to the system. This server must have a supported server configuration; that is, it must have all required updates, such as hot fixes or patches, installed. The following cables, which may already be connected for a configuration with an existing system or existing server:
A Cat 5e or higher, Ethernet LAN cable (100 meters maximum) for each system 1 GbE iSCSI port that will connect through network routers or switches to the NICs or iSCSI HBAs in the server. We recommend Cat 6 cables for best performance. A fibre optical cable for Ethernet transmisssion or an active twinaxial cable for each system 10 GbE iSCSI port that will connect directly though network routers or switches to the NICs or iSCSI HBAs in the server. We strongly recommend you use OM3 50 m cables.
Before you start
Before you start
Note: We recommend discrete networks dedicated to iSCSI traffic. In a server with multiple NICs or iSCSI HBAs that are connected through network routers or switches to the system, each NIC initiator port can be on a separate subnet or on the same subnet.
For cable specifications, refer to the system's Technical Specifications. You can generate this user customized document from the learn link on the system support website (http://www.emc.com/vnxsupport).
You must have a method for writing data to a LUN on the system that will test the paths from the server to the system.
Attaching a server
Installing NICs or iSCSI HBAs in the server

For the server to communicate with the system iSCSI data ports, it must have one or more supported NICs or iSCSI HBAs installed.
Before you start

To complete this procedure, you will need one or more supported NICs or iSCSI HBAs with the latest supported BIOS and drivers. For information on supported NICs or iSCSI HBAs, BIOS, and drivers, refer to the E-Lab Interoperability Navigator on the EMC Online Support website.
Note: We recommend that you never mix NICs or iSCSI HBAs from different vendors in the same server.
Installing NICs or iSCSI HBAs

CAUTION NICs or iSCSI HBAs are very susceptible to damage caused by static discharge and need to be handled accordingly. Before handling NICs or iSCSI HBAs, observe the following precautions: Store NICs or iSCSI HBAs in antistatic bags. Use a ground (ESD) strap whenever you handle NICs or iSCSI HBAs. Never plug or unplug NICs or iSCSI HBAs with the power on. Severe component damage can result.
1. If the server is powered up: a. Shut down the server's operating system. b. Power down the server. c. Unplug the server's power cord from the power outlet. 2. Put on an ESD wristband, and clip its lead to bare metal on the server's chassis. 3. For each NIC or iSCSI HBA that you are installing: a. Locate an empty PCI bus slot or a slot in the server that is preferred for PCI cards.
b. Install the NIC or iSCSI HBA following the instructions provided by the NIC or iSCSI HBA vendor. c. If you installed a replacement NIC or iSCSI HBA, reconnect the cables that you removed in the exact same way as they were connected to the original NIC or iSCSI HBA. 4. Plug the server's power cord into the power outlet, and power up the server.
Note: For ESXi Servers, the NIC or iSCSI HBA driver software is bundled with the ESX Server operating system software.
Attaching a server
Assigning an IP address to a NIC or iSCSI HBA

Assign an IP address to each NIC or iSCSI HBA in the server that will be connected to the system.
Important: If you configured your system iSCSI connections to your Windows virtual machine with NICs, assign an IP address to the NIC in the Windows virtual machine. If you configured your system connections to your Hyper-V or ESX server, assign an IP address to the NIC in the Hyper-V or ESX server. If you have a non-Windows virtual machine or a Windows virtual machine with iSCSI HBAs, perform this procedure on the Hyper-V or ESX server. For instructions on assigning an IP address on a Windows 2003 virtual machine, generate a new document and select the appropriate Windows operating system.
Assigning an IP address to a NIC for an ESXi Server

To configure an ESXi Server for a NIC, you use the VMkernel to:

Create a virtual switch (Vswitch) if you do not have one. Assign the NIC to the virtual switch.
For failover to work between multiple NICs, make sure that the NICs are on the same virtual switch so they are on the same NIC team using the same IP address. For detailed information on configuring the VMkernel for software-initiated iSCSI storage, see the document, Virtual Infrastructure Server Configuration Guide. 1. Login to the VMware vSphere Client as administrator. 2. From the inventory panel select the server with the iSCSI initiator to add to a virtual switch. 3. Click the Configuration tab and click Networking. 4. Click Add Networking. 5. In Connection Type, select VMkernel and click Next. The Network Access page appears. 6. Either select a virtual switch (Vswitch) or click Create a virtual switch to create a new virtual switch. 7. Check the box next to each adapter that you want to connect to the virtual switch. The adapters that you select appear in the Preview pane.
Note: You can either create a new virtual switch without a network adapter or select a network adapter used by an existing virtual switch. The selected adapter, if currently used by another virtual switch, is removed from that virtual switch and added to the one that you are creating.
8. Click Next. 9. Under Port Group Properties, select or enter a network label and a VLAN ID. The Network Label identifies the port group. The VLAN ID identifies the VLAN that the port group uses. 10. Under IP Settings, enter the adapter IP address and subnet mask for the VMkernel. 11. If necessary, you can set the VMkernel Default Gateway address as follows: a. Click Edit. b. Enter the VMkernel Default Gateway address. c. Click OK. 12. Click Next. 13. Review the summary, and if all of the settings are correct, click Finish.
Assigning an IP address to an iSCSI HBA in an ESXi Server

1. Login to the VMware vSphere Client as administrator. 2. From the inventory panel, select the server with the iSCSI HBA to which you want to assign an IP address. 3. Click the Configuration tab, and click Storage Adapters. 4. Select the iSCSI HBA initiator whose IP address you want to assign, and click Properties. 5. Click Configure. 6. In iSCSI Alias, enter the user-friendly name that you use to identify the iSCSI hardware initiator. 7. Under Hardware Initiator Properties, choose one of the IP settings options. 8. Click OK.
Attaching a server
Installing or Updating PowerPath software

Install PowerPath by referring to the appropriate PowerPath Installation and Administration Guide for your operating system. This guide is available on the EMC Online Support website. Check the PowerPath software download section on the EMC Online Support website for a more recent version of PowerPath or a patch to the version of PowerPath installed on the server. If a more recent version exists, install it, as described in the appropriate PowerPath Installation and Administration Guide for your operating system. This guide is available on the EMC Online Support website. If the server is running the most recent version and a patch exists for this version, install it, as described in the readme file that accompanies the patch.
Installing Unisphere server software
Installing Unisphere server software

You cannot install the host agent or server utility on the ESXi Server because the ESXi Server has no Service Console to install or run this software program. Registration of the EMC system happens automatically when the ESXi Server reboots or when you rescan the host bus adapters. Therefore, manual registration is not necessary. If you configured your system connections to your Windows virtual machine with NICs, you can install the host agent or server utility on the Windows virtual machine when you attach your virtual machine to your system. For instructions on attaching your Windows virtual machine to the system, generate a new document and select the appropriate Windows operating system. If you plan to install Navisphere CLI, Admsnap, or Admhost, you must install them on a virtual machine. For instructions on installing the Navisphere CLI, Admsnap, or Admhost on a virtual machine, generate a new document and select the operating system running on the virtual machine.
10
Attaching a server
Connecting the VNX to a server in an iSCSI network configuration

To connect your VNX to a server in an iSCSI network configuration, you need one Ethernet LAN cable or fibre optical cable for Ethernet transmission for each VNX iSCSI host port that you will connect to the network.
Note: A VNX host port is also called a VNX front-end data port.
For 1 gigabit transmission, you need CAT 5 Ethernet LAN cables for 10/100 transmission or CAT 6 cables. These cables can be up to 100 meters long. For 10 gigabit Ethernet transmission, you need fibre optical cables. We strongly recommend you use OM3 50 m cables for all optical connections. For cable specifications, refer to the Technical Specifications for your system. You can generate an up-to-date version of the these specification using the Learn about VNX link on the VNX support website or the VNX Series Support by Product page on the EMC Online Support website.
11
Identifying VNX iSCSI host ports for server connections

You can connect servers to any ports (0, 1, 2, 3) on the UltraFlex 1 GbE I/O modules or any ports (0, 1) on the UltraFlex 10 GbE iSCSI I/O modules in slots A0 and B0 or A1 and B1. Figure 1 on page 12 shows the location of the I/O module slots.
Figure 1. Slots for I/O modules with host ports in a VNX5300 (FC and iSCSI modules shown)
iSCSI module labels Each 1 GbE I/O module has a 1 GbE iSCSI/TOE label on its handle. Each 10 GbE I/O module has a 10 GbE iSCSI label on its handle. iSCSI FE port connectivity Because the 1 GbE iSCSI and 10 GbE iSCSI connection topologies are not interoperable, these modules cannot operate on the same physical network. The 1 Gb Ethernet iSCSI I/O module can auto-negotiate a 10 Mb/s or 100 Mb/s Ethernet. The 10 GbE iSCSI I/O module runs at a fixed 10 Gb/s rate.
Handling optical cables

Optical cables are susceptible to damage, so take the following precautions when handling them:

Keep the covers on all optical cables until you are ready to insert them. Avoid tight bends. If you need to make a 90 bend, do it over 6 to 12 inches. Do not use optical cables to support weight (including their own unsupported weight if they are long).
12
Attaching a server
Do not pull long runs of cable; instead, lay the cable in place or pull only a few feet at a time. Place the cables where no one can step on them or roll equipment over them.
Cabling the VNX and server iSCSI ports to the network

For high availability:
Connect one or more VNX iSCSI host ports on SP A to ports on the switch or router and connect the same number of VNX iSCSl host ports on SP B to ports on the same switch or router or on another switch or router, if two switches or routers are available. For a multiple-NIC or iSCSI HBA server, connect one or more NIC or iSCSI ports to ports on the switch or router and connect the same number NIC or iSCSI HBA ports to ports on the same switch or router or on another switch or router, if two switches or routers are available.
1. For each iSCSI host port on the VNX that you will use for I/O with the server: a. Locate the iSCSI host port to which you will connect the switch or router. For information on identifying the host ports using Unisphere, refer to the Unisphere online help.
Note: Applications such as MirrorView/A, MirrorView/S, or SAN Copy software may restrict or require the use of certain SP ports. Refer to the application documentation for specific cabling information.
b. Connect one end of either an Ethernet LAN cable, a fibre optical, or an active twinaxial cable to the VNX iSCSI host port on the SP and the other end to a router or switch (Figure 2 on page 14 and Figure 3 on page 14 for Ethernet cables or Figure 4 on page 14 or Figure 5 on page 15 and for fibre optical or active twinaxial cables).
Important: 1 GbE iSCSI ports require a CAT 6 cable 1 for a 1 gigabit LAN and a CAT 5 cable for a 10/100 LAN. 10 gGbE iSCSI ports require a fibre optical cable for Ethernet transmission with a fibre optic infrastructure or an active twinaxial cable with an active twinaxial infrastructure. We strongly recommend you use OM3 50 m cables for a fibre optic infrastructure.
2. For each NIC or iSCSI HBA port on the server that you will use for I/O with the system, connect one end of either an Ethernet LAN cable, a fibre optical cable, or an active twinaxial cable to the iSCSI port on the NIC or iSCSI HBA and the other end to the network switch or router (Figure 2 on page 14 and Figure 3 on page 14 for Ethernet cables or
Cabling the VNX and server iSCSI ports to the network
13
Figure 4 on page 14 or Figure 5 on page 15 and Figure 6 on page 15 for fibre optical or active twinaxial cables).
Figure 2. Connecting an Ethernet cable
Figure 3. Sample cabling for an iSCSI network configuration (1 GbE iSCSI and FC modules shown)
14
Attaching a server
Figure 4. Connecting a fibre optical cable for Ethernet transmission
Figure 5. Connecting an active twinaxial cable
Figure 6. Sample cabling for an iSCSI network configuration (10 GbE iSCSI and FC modules shown)
15
Setting system iSCSI port network parameters

Use Unisphere to set the network parameters for the system iSCSI ports that you will be using.
Setting system iSCSI port network parameters with Unisphere

For a system that was not connected to a server before this installation - Use Unisphere to set the network parameters for the system's iSCSI ports that you connected to the network. For a system that was already connected to the server before this installation - If you will be using storage-system iSCSI ports that were not connected to the network before this installation, you need to use Unisphere to set the network parameters for these iSCSI ports. Starting Unisphere 1. Log in to a host (which can be a server) that is connected through a network to the systems management ports and that has an Internet browser: Microsoft Internet Explorer, Netscape, or Mozilla. 2. Start the browser. 3. In the browser window, enter the IP address of one of the following that is in the same domain as the systems that you want to manage:
A system SP with the most recent version of the VNX Operating Environment (OE) installed
Note: This SP can be in one of the systems that you want to manage.
A Unisphere management station with the most recent Unisphere Server and UIs installed
Note: If you do not have a supported version of the JRE installed, you will be directed to the Sun website where you can select a supported version to download. For information on the supported JRE versions for your version of Unisphere, refer to Environment and System Requirements in the Unisphere release notes on the EMC Online Support website.
4. Enter your user name and password. 5. Select Use LDAP if you are using an LDAP-based directory server to authenticate user credentials. If you select the Use LDAP option, do not include the domain name.
16
Attaching a server
When you select the LDAP option, the username / password entries are mapped to an external LDAP or Active Directory server for authentication. Username / password pairs whose roles are not mapped to the external directory will be denied access. If the user credentials are valid, Unisphere stores them as the default credentials. 6. Select Options to specify the scope of the systems to be managed.
Global (default) indicates that all systems in the domain and any remote domains can be managed. Local indicates that only the targeted system can be managed.
7. Click Login. When the user credentials are successfully authenticated, Unisphere stores them as the default credentials and the specified system is added to the list of managed systems in the Local domain. 8. If you are prompted to add the system to a domain, add it now. The first time that you log in to a system, you are prompted to add the system to a Unisphere domain. If the system is the first one, create a domain for it. If you already have systems in a domain, you can either add the new system to the existing domain or create a new domain for it. For details on adding the system to a domain, use the Unisphere help.
Setting the network parameters for system iSCSI ports using Unisphere 1. From Unisphere, select All Systems System List. 2. In the Setting view, select Network. The Port Management dialog box opens and lists the systems iSCSI ports, and when available, lists each ports IP address. 3. For each system iSCSI port whose network parameters you want to set: a. Select the port whose network parameters you want to set, and click Properties. b. In the iSCSI Port Properties dialog box, click Add. c. In the iSCSI Virtual Port Properties dialog box, enter the IP address, gateway, and subnet mask for the port.
Setting system iSCSI port network parameters with Unisphere
17
Important: Consult with you network manager to determine the correct settings before changing MTU settings. Changing the port properties may disrupt iSCSI traffic to all ports on this SP or result in intermittent operation. Use the Connectivity Status dialog box to identify and check the status of all connections to ports on this SP. Initiator configuration changes may be necessary to regain lost connections. Do not select Require Initiator Authentication until you have set the network parameters for the server initiator iSCSI ports.
d. Click OK to save the settings and return to the iSCSI Port Properties dialog box. e. Click OK to close the iSCSI Port Properties dialog box. 4. For each system iSCSI port whose network parameters you want to set: a. Select the port whose network parameters you want to set, and click Properties. b. In the iSCSI Port dialog box, enter the IP address, gateway, and subnet mask for the port.
Important: Consult with you network manager to determine the correct settings before changing MTU settings. Changing the port properties may disrupt iSCSI traffic to all ports on this SP or result in intermittent operation. Use the Connectivity Status dialog box to identify and check the status of all connections to ports on this SP. Initiator configuration changes may be necessary to regain lost connections. Do not select Require Initiator Authentication until you have set the network parameters for the server initiator iSCSI ports.
c. Click Apply to save the settings and return to the Port Management dialog box. 5. When you have set the network settings for each iSCSI port, click OK to close the Port Management window.
18
Attaching a server
Configuring an ESXi Server for software iSCSI initiators

To configure software iSCSI initiators (NICs) on a virtual machine, generate a new document and select the appropriate operating system for your virtual machine.
Note: If you added virtual ports for a system iSCSI data port, when you set up your host initiators to access the iSCSI data port, the system target is the virtual port and not the physical port. In other words, the target is either the physical iSCSI data port or a virtual port on the physical iSCSI data port.
For each software iSCSI initiator (NIC port) on the ESX Server: 1. Log into VMware vSphere Client as administrator. 2. From the inventory panel, select the server with the initiator that you want to configure. 3. Click the Configuration tab, and click Storage Adapters. 4. Click Add in the Add Storage Adapter dialog box, and then select Add Software iSCSI Adapter. 5. Select the iSCSI initiator that you want to configure, and click Properties. 6. In the iSCSI Initiator Properties page, click the General tab and then click Configure. 7. Select Enabled. 8. Under iSCSI Properties, enter a user-friendly iSCSI name and an iSCSI alias for the software iSCSI initiator, and then click OK. 9. Add target addresses for the software iSCSI initiator: a. Click the Dynamic Discovery tab and then click Add. b. Enter the send targets server information and click OK to add target information from a selected system. c. Click Close to close the iSCSI Initiator Properties page. 10. Rescan for the new NIC: a. From the inventory panel, select the server, and click the Configuration tab. b. Under Hardware, click Storage Adapters. c. Under iSCSI Software Adapters in the list of adapters, select the adapter (NIC), and then click Rescan. d. In the Rescan dialog box, select both Scan for New Storage Devices and Scan for New VMFS Volumes, and click OK. 11. Review the summary, and if all of the settings are correct, click Finish.
19
Configuring an ESXi Server for hardware iSCSI initiators
Configuring an ESXi Server for hardware iSCSI initiators

Note: If you added virtual ports for a system iSCSI data port, when you set up your host initiators to access the iSCSI data port, the system target is the virtual port and not the physical port. In other words, the target is either the physical iSCSI data port or a virtual port on the physical iSCSI data port.
For each hardware initiator (iSCSI HBA port): 1. Log into VMware vSphere Client as administrator. 2. From the inventory panel, select the server with the initiator that you want to configure. 3. Click the Configuration tab, and click Storage Adapters. 4. Select the iSCSI HBA initiator that you want to configure, and click Properties. 5. If you have not already assigned an IP address to the hardware iSCSI initiator: a. Click Configure. b. In iSCSI Alias, enter a user-friendly name to identify the hardware iSCSI initiator. c. Under Hardware Initiator Properties, choose one of the IP settings options. d. Click OK. 6. Add target addresses for the hardware iSCSI HBA initiator: a. Click the Dynamic Discovery tab, and then click Add. b. Enter the send targets server information and click OK to add target information from a selected system. c. Click Close to close the iSCSI Initiator Properties page. 7. Rescan for the new adapter (iSCSI HBA): a. From the inventory panel, select the server, and click the Configuration tab. b. Under Hardware, click Storage Adapters. c. In the list of adapters, select the adapter (iSCSI HBA), and then click Rescan. d. In the Rescan dialog box, select both Scan for New Storage Devices and Scan for New VMFS Volumes, and click OK. 8. Review the summary, and if all of the settings are correct, click Finish.
20
Attaching a server
Registering the ESXi Server with the system

Rescan your adapters to register the server's NICs or iSCSI HBAs with the system. After rescanning your adapters, do the following: 1. Update the virtual machine information in Unisphere (see Updating virtual machine information in Unisphere on page 21). 2. Verify ESX and virtual machine information in Unisphere (see Verifying that the system received the LUN information using Unisphere on page 35).
Updating virtual machine information in Unisphere

1. From Unisphere, select All Systems System List. 2. From the Systems page, select a system that is attached to an ESX server. 3. Select Hosts Hosts List. 4. Select a host and then, in Details, click the Virtual Machines tab. 5. Select a virtual machine and click Update. Depending on how many virtual machines are running, this operation may take a while.
Verifying that the system received the LUN information using Unisphere
1. From Unisphere, select All Systems System List. 2. From the Systems page, select a system that is attached to the host that you want to verify. 3. Select Hosts Hosts List. 4. Select a host and then, on the Details page, click the LUNs tab. 5. Verify that the LUNs tab displays a physical drive and logical drive name for each LUN on the host.
21
Verifying system health
Verifying system health

Use the system verification wizard that is part of the Unisphere Service Manager (USM), which replaces the Navisphere Service Taskbar, to:

Validate the connectivity of the system hardware components Verify back-end functionality Verify the status of all field-replaceable units Analyze system logs
1. If you do not have the Unisphere Service Manager running: a. Download and install the Unisphere Service Manager from the EMC Online Support website to a Windows management station that is connected to the system's management ports. If you do not have a Windows management station, your service provider can run this wizard. b. Start the Unisphere Service Manager by doing one of the following:
Click the Unisphere Service Manager icon on your desktop, or
Select Start All Programs or Start Programs, then select EMC Unisphere
Unisphere Service Manager Unisphere Service Manager
2. Log in to your system. 3. From the System screen, select Diagnostics Verify Storage System and follow the instructions that appear. 4. Review the report that the wizard generates, and if it lists any problems, try to resolve them.
22
Attaching a server
Setting system failover values for the server initiators using Unisphere
Use the Unisphere Failover Setup wizard to set the system failover values for all NIC or iSCSI HBA initiators belonging to the server: 1. From Unisphere, select All Systems System List. 2. From the Systems page, select the system for whose failover values you want to set. 3. Select the Hosts tab. 4. Under Host Management, select the Failover Wizard. 5. In the Start Wizard dialog box, read the introduction, and then click Next. 6. In the Select Host dialog box, select the server you just connected to the system, and click Next. 7. In the Select Storage Systems dialog box, select the system, and click Next. 8. In the Specify Settings dialog box, set the following values for the type of software running on the server.
Important: If you enter incorrect values the system could become unmanageable and unreachable by the server, and the server's failover software could stop operating correctly. If you configured your system iSCSI connections to your Windows virtual machine with NICs, set the system failover values for the virtual machine. If you configured your system iSCSI connections to your Hyper-V or ESX server, set the system failover values for the Hyper-V or ESX server. If you have a non-Windows virtual machine or a Windows virtual machine with iSCSI HBAs, set the system failover values for the Hyper-V or ESX server. If you have a Hyper-V or ESX server, set the system failover values for the Hyper-V or ESX server.
For an ESXi Server, set:

Initiator Type to CLARiiON Open Array CommPath to Enabled Failover Mode to 4 if your failover version supports ALUA. Failover Mode to 1 if your failover version does not support ALUA.
23
Note: For information on which versions of failover support ALUA for your system, refer to the PowerPath release notes on the EMC Online Support website or to EMC Knowledgebase solution emc99467. If you will use vStorage, you must set the failover mode to 4 for ALUA mode.
9. In the Configuration Summary screen, review the configuration and all settings. 10. If the settings are correct, click Next, and if the settings are incorrect, click Back until you return to the dialog box in which you need to re-enter the correct values. If you clicked Next, the wizard displays a confirmation dialog box. 11. In the confirmation dialog box, click Yes. The wizard displays a summary of the values you set for the system. 12. If the operation failed, rerun the wizard. 13. When the operation is successful, click Finish to close the wizard. 14. Reboot the server for the initiator records to take affect.
24
Attaching a server
Verifying your high-availability iSCSI configuration

Use the server high-availability feature in the Unisphere Server Utility to verify your iSCSI configuration is highly available (for example, each NIC has at least one active path to each storage processor) and path management software is installed and running on the server.
Important: If you have a Windows virtual machine with NICs, in order for a virtual machine to see LUNs, your Windows virtual machine with NICs must be connected to the system (either directly or through a network) or the Hyper-V or ESX server has to assign the LUNs to the virtual machine. A virtual machine cannot see LUNs using both of these methods at the same time if the LUNs assigned by the ESX server are physical compatibility mode RDM devices. If you have an non-Windows virtual machine or Windows virtual machine with iSCSI HBAs, perform this procedure on your Hyper-V or ESX server.
Starting the Unisphere Server Utility on a Windows server to generate a report of your ESXi Server
1. Run the Unisphere Server Utility by selecting Start Programs EMC Unisphere Unisphere Server Utility or Start All Programs EMC Unisphere Unisphere Server Utility . 2. Select your language, if prompted for it.
Note: A text-based version of the utility is installed automatically when you install the utility. To start the text-based version, at a command prompt enter cd C:\Program Files\EMC\Unisphere Server Utility or cd C:\Program Files (x86)\EMC\Unisphere Server Utility, then enter ServerUtilCLI.exe.
Using the server utility to verify your high-availability configuration

To generate a report of your ESXi Server on a Windows server: 1. From the Unisphere Server Utility's Welcome screen, select Verify Server High-Availability. 2. Select Valid Server Configuration only. 3. In the Select Host Type screen, select ESXi Server. 4. Under Discovery Settings for ESXi Server, select one of the following:
25
ESX and enter the IPv4 IP address, username, and password for the ESX Server. Virtual Center and enter the IPv4 IP address, username, and password for the virtual
center, then enter the IPv4 IP address for the ESX Server for which you want to generate a report. 5. Click Next. 6. In the Select Report Directory screen, select the location where you want the system to save the high-availability status report. Click Next. 7. Read the summary and if it is accurate, click Next to generate the report. If not, click Back to return to the screen where you need to correct the data. The utility determines if the server is configured for high availability by verifying that the server has at least one connection path to each system SP, and that PowerPath or some other failover software, such as DMP, is running. It does not detect native failover software, such as VMware native failover. 8. Review and resolve any issues reported on the Issues tab of the generated report.
26
Attaching a server
Configuring your VNX system

To configure your VNX system, use either the Unisphere Service Manager wizards or Unisphere.
Starting Unisphere
1. Log in to a host (which can be a server) that is connected through a network to the systems management ports and that has an Internet browser: Microsoft Internet Explorer, Netscape, or Mozilla. 2. Start the browser. 3. In the browser window, enter the IP address of one of the following that is in the same domain as the systems that you want to manage:
A system SP with the most recent version of the VNX Operating Environment (OE) installed
Note: This SP can be in one of the systems that you want to manage.
A Unisphere management station with the most recent Unisphere Server and UIs installed
Note: If you do not have a supported version of the JRE installed, you will be directed to the Sun website where you can select a supported version to download. For information on the supported JRE versions for your version of Unisphere, refer to Environment and System Requirements in the Unisphere release notes on the EMC Online Support website.
4. Enter your user name and password. 5. Select Use LDAP if you are using an LDAP-based directory server to authenticate user credentials. If you select the Use LDAP option, do not include the domain name. When you select the LDAP option, the username / password entries are mapped to an external LDAP or Active Directory server for authentication. Username / password pairs whose roles are not mapped to the external directory will be denied access. If the user credentials are valid, Unisphere stores them as the default credentials. 6. Select Options to specify the scope of the systems to be managed.
27
Global (default) indicates that all systems in the domain and any remote domains can be managed. Local indicates that only the targeted system can be managed.
7. Click Login. When the user credentials are successfully authenticated, Unisphere stores them as the default credentials and the specified system is added to the list of managed systems in the Local domain. 8. If you are prompted to add the system to a domain, add it now. The first time that you log in to a system, you are prompted to add the system to a Unisphere domain. If the system is the first one, create a domain for it. If you already have systems in a domain, you can either add the new system to the existing domain or create a new domain for it. For details on adding the system to a domain, use the Unisphere help.
Configuring the system cache with Unisphere

1. From Unisphere, select All Systems System List. 2. From the Systems page, right-click the entry for the system for which you want configure cache and select Properties. 3. Click the SP Memory tab. 4. Set the write cache memory size.
Note: Refer to the Unisphere online help for recommended write cache sizes.
5. Set the read cache memory size. 6. Click Apply. 7. Click the SP Cache tab, and select SP A Read Cache, SP B Read Cache, Write Cache (Enabled), and Enable Watermarks. 8. Set the low watermark to 60% and the high watermark to 80%. 9. Click Apply.
28
Attaching a server
Enabling storage groups with Unisphere

You must enable storage groups using Unisphere if only one server is connected to the system and you want to connect additional servers to the system. 1. From Unisphere, select All Systems System List. 2. From the Systems page, right-click the icon for the system, and click Properties. 3. Click the General tab, and select Storage Groups. 4. Click OK.
Allocating storage on a new system with the Unisphere Storage Provisioning Wizard
Important: If you have a Windows virtual machine with NICs, in order for a virtual machine to see LUNs, your Windows virtual machine with NICs must be connected to the system (either directly or through a network) or the Hyper-V or ESX server has to assign the LUNs to the virtual machine. A virtual machine cannot see LUNs using both of these methods at the same time if the LUNs assigned by the ESX server are physical compatibility mode RDM devices. If you have an non-Windows virtual machine or Windows virtual machine with iSCSI HBAs, perform this procedure on your Hyper-V or ESX server.
1. From Unisphere, select All Systems System List. 2. From the Systems page, select a system. 3. Select the Storage tab. 4. Under LUNs, select the Storage Provisioning Wizard. 5. On the Select Servers page, select Assign LUNs to the Servers, and select the servers or virtual machines that will have access to the new LUNs. 6. Select the system in which the new LUNs will reside. 7. Create a LUN: a. Select a pool or RAID group in which to create a LUN, or create a new pool for the LUN.
Enabling storage groups with Unisphere
29
We recommend you use an existing pool or create a pool instead of a RAID group because a pool supports options, such as Fully Automated Storage Tiering (FAST) and Thin Provisioning, which a RAID group does not support. b. If you are creating a pool LUN and you want the LUN to be a thin LUN, select Thin LUN. The Thin LUN option is available only if the Thin Provisioning enabler is installed. To learn about pools and thin LUNs, click the ? icon next to Thin LUN. c. Select the properties for the LUN. d. Add the LUNs to a user-defined folder or do not place them in a folder. e. Click Finish to create the LUN. 8. Verify that the server was assigned to the storage group containing the LUNs you created:
If you know the name of the storage group in which the LUNs reside, from Unisphere, select Storage Storage Groups. If you know the name of the server or virtual machine to which the storage group is assigned, from Unisphere, select Storage LUNs and confirm that the new LUNs are listed.
If you do not see any of the LUNs you just created, you may not have selected the Assign LUNs to a server option in the Select Servers page of the Storage Provisioning wizard. You can use the Storage Assignment wizard to assign the LUNs to a server. 9. Create a hot spare (a RAID group with a hot spare RAID Type) as described in the Unisphere online help.
Note: A pool LUN (thick or thin LUN) cannot be a hot spare.
A hot spare is a single disk that serves as a temporary replacement for a failed disk in a RAID 6, 5, 3, 1, or 1/0 storage pool. Data from the failed disk is reconstructed automatically on the hot spare from the parity or mirrored data on the working disks in the LUN, so the data on the LUN is always accessible.
30
Attaching a server
Allocating storage to an existing system with the Storage Provisioning wizard in Unisphere
Important: If you have a Windows virtual machine with NICs, in order for a virtual machine to see LUNs, your Windows virtual machine with NICs must be connected to the system (either directly or through a network) or the Hyper-V or ESX server has to assign the LUNs to the virtual machine. A virtual machine cannot see LUNs using both of these methods at the same time. If you have an non-Windows virtual machine or Windows virtual machine with iSCSI HBAs, perform this procedure on your Hyper-V or ESX server.
Use the Provision wizard in the Unisphere to create system storage and provide server access to this storage: 1. From Unisphere, select All Systems System List. 2. From the Systems page, select a system. 3. Select the Storage tab. 4. If you need additional LUNs for the server, use the Storage Provisioning wizard from the LUNs category to create them. 5. If you want to assign existing LUNs to the server, use the Storage Assignment wizard from the Storage Groups category to assign them.
Note: For high availability, a host can connect to only one storage group per system at a time. If you connect a host that is already connected to another storage group, the host will disconnect from the first storage group. When you disconnect a host from a storage group, and then connect it to a different storage group, the host can no longer perform I/O to the first storage group.
6. Verify that the server was assigned to the storage group containing the LUNs you created.
If you know the name of the storage group in which the LUNs reside From Unisphere, select Storage Storage Groups. If you know the name of the server or virtual machine to which the storage group is assigned From Unisphere, select Storage LUNs and confirm that the new LUNs are listed.
If you do not see any of the LUNs you just created, you may not have selected the Assign LUNs to a server option in the Select Servers page of the Provision wizard. You can use the Storage Assignment wizard to assign the LUNs to a server.
Allocating storage to an existing system with the Storage Provisioning wizard in Unisphere
31
Verifying that each LUN is fully initialized using Unisphere

Although the storage group with a new LUN is assigned to the server, the server cannot see the new LUN until it is fully initialized (completely bound). The time the initialization process takes to complete varies with the size of the LUN and other parameters. While a LUN is initializing, it is in a transitioning state, and when the initialization is complete, its state becomes normal. To determine the state of a LUN: 1. From Unisphere, navigate to the LUN you want to verify (Storage LUNs). 2. Right-click the LUN and click Properties. 3. Verify that the state of the LUN is Normal. If the state is Transitioning, wait for the state to change to Normal before continuing.
Creating a storage groups with Unisphere

If you do not have any storage groups created, create them now. 1. In the systems drop-down list on the menu bar, select a system. 2. Select Storage Storage Groups. 3. From the task list, under Storage Groups, select Create Storage Group. 4. In Storage Group Name, enter a name for the Storage Group to replace the default name. 5. Choose from the following:

Click OK to create the new Storage Group and close the dialog box, or Click Apply to create the new Storage Group without closing the dialog box. This allows you to create additional Storage Groups.
6. Select the storage group you just created and click the Connect hosts. 7. Move the host from Available host to Host to be connected and click OK.
32
Attaching a server
Making virtual disks visible to an ESXi Server

To allow ESXi Server to access the virtual disks you created, must make the virtual disks visible to ESXi: 1. Log in to the VMware vSphere Client as administrator. 2. From the inventory panel, select the server, and click the Configuration tab. 3. Under Hardware, click Storage Adapters. 4. In the list of adapters, select the adapter (NIC or iSCSI HBA), and ciick Rescan above the Storage Adapters panel.
Note: NICs are listed under iSCSI Software Adapters.
5. In the Rescan dialog box, select Scan for New Storage Devices and Scan for New VMFS Volumes, and click OK. 6. Verify that the new virtual disks that you created are in the disk/LUNs list.
Verifying your failover configuration with PowerPath for ESXi Server

1. If you are connected to an existing system, stop all applications that are accessing the system and disable user logins to the server. 2. For each NIC or iSCSI HBA connected to the system: a. View the LUNs available to the server:
rpowermt host=ESX Server IP address display dev=all
b. Choose one available LUN to receive data (I/O) for the test. c. View the paths to the chosen LUN:
rpowermt host=ESX Server IP address display dev=x every=2
where x is a pseudo device that represents the chosen LUN. d. Start sending data to a LUN by writing data to it. e. Identify the NIC or iSCSI HBA sending data to the LUN by viewing the output of the
Making virtual disks visible to an ESXi Server
33
command, and disconnect the cable to that NIC or iSCSI HBA. f. View the output of the
command, and verify that:

The state of the uncabled paths becomes dead. Data continues to be sent on the remaining paths to the LUN, indicating that the failover path was successful and that PowerPath is working properly.
g. Reconnect the cable that you disconnected from the NIC or iSCSI HBA. h. If you caused any LUN to fail over, restore them to their original SP:
rpowermt host=ESX Server IP address restore
3. If you are connected to an existing system, restart any applications that you stopped and re-enable any user logins to the server that you disabled.
34
Attaching a server
Rescanning and sending ESXi Server disk information to the system

Note: The host agent and server utility are not supported on the ESXi Server because the ESXi Server has no Service Console to install or run these software programs. Registration of the system happens automatically when the ESXi Server reboots or when you rescan the host bus adapters.
On your ESXi Server, rescan your host bus adapters. After rescanning your host bus adapters, do the following: 1. Send virtual machine information to Unisphere. Virtual machine information is not displayed in Unisphere until you import it using the Hypervisor Information Configuration wizard (see Importing virtual server information to Unisphere on page 35) 2. Verify ESX and virtual machine information in Unisphere. Verify that the system received the LUN information for the ESX server and virtual machines (see Verifying that the system received the LUN information using Unisphere on page 35)
Importing virtual server information to Unisphere

To display virtual machine information in Unisphere: 1. From Unisphere, select All Systems System List. 2. From the Systems page, select a system in which you want to import ESX server information. 3. Click the Hosts tab, and then in Host Management, select Hypervisor Information Configuration Wizard. 4. Follow the instructions in the wizard to import ESX server information.
Verifying that the system received the LUN information using Unisphere
1. From Unisphere, select All Systems System List.
35
2. From the Systems page, select a system that is attached to the host that you want to verify. 3. Select Hosts Hosts List. 4. Select a host and then, on the Details page, click the LUNs tab. 5. Verify that the LUNs tab displays a physical drive and logical drive name for each LUN on the host.
36
Attaching a server
Making LUNs available to virtual machines

Read this section if you created virtual disks on the system. Once a LUN is visible to ESX Server you can:
Create a datastore (VMFS volume) on the LUN, and assign capacity on the VMFS volume to virtual machines. A VMFS volume is a high-performance file system for storing large files, such as VMware virtual disks for virtual machines. or
Configure the LUN as a raw device mapping volume (RDM) and assign it to a virtual machine.
Consider the following when deciding how to configure your LUN:

Function Snapshots Expanding LUNs Booting virtual machines from LUNs VMotion Adding multiple partitions to a single LUN Supported on raw device mapping volumes? Yes Yes Yes Yes No (see note) Supported on VMFS volumes? No No Yes Yes Yes
Note: You can add the entire LUN to only one virtual machine. At the virtual machine level, you can create multiple partitions.
If you want to create a snapshot of a LUN or if you want to expand a LUN, do not create a format for the LUN with the VMFS file system datastore (VMFS volume) on the LUN. The LUN must remain raw (unformatted). You must then configure the LUN as a raw device mapping volume. You can configure a raw device mapping volume when you assign the LUN to a virtual machine. However, to configure a raw device mapping volume, you must already have a local disk on the ESX Server or a different LUN assigned to the ESX Server that is formatted with the VMFS file system. Use this LUN format to store the mapping file you create during the raw device mapping configuration process. After you create a datastore (VMFS volumes) or raw device mapping volume on a LUN, you can allocate the datastore or volume to virtual machines. You can allocate the whole datastore (VMFS volume) to a single virtual machine, or partition the volume and allocate the partitions to multiple virtual machines. When you create a raw device mapping volume, you allocate the entire volume to a single virtual machine. After you configure a raw device mapping volume, the virtual machine accesses the mapping file as it would an image file in a VMFS volume. The mapping file then accesses the LUN, providing the virtual machine with access to the LUN. The mapping file is stored in an existing
37
VMFS volume and, to a virtual machine, appears as any other image file in a VMFS volume. This VMFS volume cannot exist on the LUN that you want to configure as a raw device mapping volume. It must exist on a different LUN or on your local disk.
Note: If you want to boot a virtual machine from a LUN, install the guest operating system on a LUN allocated to the virtual machine.
Creating an ESXi Server datastore (VMFS volume) on a system LUN

Use the VMware vSphere Client to create a datastore (VMFS volume) on a LUN and thus create a VMFS volume: 1. Log in to the VMware vSphere Client as administrator. 2. From the inventory panel, select the virtual machine, and click the Configuration tab.
Note: Before continuing you should rescan the server to discover any new adapters or LUNs. To rescan, under Hardware, select Storage Adapters, and click Rescan.
3. Under Hardware, click Storage. 4. Click Add Storage. 5. On the Select Storage Type page, select Disk/LUN, and click Next. 6. On the Select Disk/LUN page, select the LUN you want to use for your datastore, and click Next. 7. On the current disk layout page, review the current LUN layout, and click Next. 8. On the Disk/LUN-Properties page, enter a unique name for the datastore, and click Next.
Note: The datastore name must be unique with the current virtual infrastructure instance.
9. On the Disk/LUN-Formatting page, if needed, adjust the file system values and the capacity you use for the datastore, and click Next. 10. On the Ready to Complete page, review the datastore information, and click Finish. The datastore (VMFS volume) is created on the LUN for the ESX Server.
38
Attaching a server
Making datastores visible to an ESXi Server 1. Log in to the VMware vSphere Client as administrator. 2. From the inventory panel, select the server, and click the Configuration tab. 3. Under Hardware, click Storage. 4. Click Rescan above the Storage Adapters panel. 5. In the Rescan dialog box, select Scan for New VMFS Volumes and Scan for New Storage Devices. 6. Verify that the datastores you created are in the datastores list.
Adding VMFS volumes to a virtual machine on an ESXi Server

For each VMFS volume that you want to add to a virtual machine: 1. Log in to the VMware vSphere Client as administrator or as the owner of the virtual machine. 2. From the inventory panel, select the virtual machine, and click the Summary tab. 3. On the Summary tab, under Commands, click Edit Settings. 4. In the Virtual Machine Properties dialog box, click Add. 5. In the Add Hardware Wizard page, select Hard Disk, and click Next. 6. In the Select a Disk window, select a disk. 7. Select Create a new virtual disk and click Next. 8. In the Create a Disk page, under Capacity, enter the size that you want for the VMware virtual disk. 9. Under Location: a. To store the virtual disk on the same datastore as the virtual machine, select Store with Virtual Machine. b. To store the virtual disk on a different datastore than the virtual machine, select Specify a datastore, click Browse, select the datastore on which you want to create the virtual disk, and then click OK. c. Click Next.
Creating an ESXi Server datastore (VMFS volume) on a system LUN
39
10. In the Advanced Options page, under Mode, click Independent, and select either Persistent or Nonpersistent:

Persistent Data written to the disk is permanent. Nonpersistent Data written to the disk is lost if you power down or revert to a snapshot.
Note: For information on using persistent mode, refer to the VMware ESX section of the E-Lab Interoperability Matrix on the EMC Online Support website.
11. Click Next. 12. In the Ready to Complete window, review the settings and if they are correct, click Finish. The datastore space you specified becomes a virtual disk for the virtual machine. This document calls such a virtual disk a VMware virtual disk. 13. After you have added all the VMware virtual disks that you want to a virtual machine, if the virtual machine is not running, power it up.
Adding a raw disk mapping (RDM) volume to a virtual machine on an ESXi Server
1. Log in to the VMware vSphere Client as administrator or as the owner of the virtual machine. 2. From the inventory panel, select the virtual machine, and click the Summary tab. 3. On the Summary tab, click Edit Settings. 4. In the Virtual Machine Properties page, click Add. 5. In the Add Hardware Wizard page, select Hard Disk, and click Next. 6. In the Select a Disk window, select Raw Device Mappings. 7. In the Select and Configure a Raw LUN page, select the disk on which you want to create the raw disk mapping volume, and click Next. 8. In the Select a Datastore page, either select Store With Virtual Machine and click Next or select Specify the datastore, select the datastore, and click Next. 9. In the Select Compatability Mode page, select either Physical or Logical:
40
Attaching a server
Physical If you will use snapshots. Logical For direct access to the SCSI device.
Note: Refer to the VMware virtual infrastructure server configuration documentation for additional information.
10. In the Specify Advanced Options window, select the SCSI identifier, and click Next. 11. In the Ready to Complete window, review the settings and if they are correct, click Finish. The RDM volume becomes a virtual disk for the virtual machine. This document calls such a virtual disk a VMware virtual disk. 12. After you have added all the virtual disks that you want to a virtual machine, if the virtual machine is not running, power it up.
41
Configuring optional CHAP security for NIC initiators

You must configure CHAP for NIC initiators on the before you configure CHAP on the system.
Important: If you configured your system connection to your Windows virtual machine with NICs, configure CHAP on the virtual machine. If you configured your system connection to your Hyper-V or ESX server, configure CHAP on the Hyper-V or ESX server. You cannot configure your system connection to both your virtual machine and Hyper-V or ESX server. If the system connection is to the virtual machine, the parent Hyper-V server will not see any LUNs on the virtual machine. If you have a non-Windows virtual machine, Configure CHAP on the Hyper-V or ESX server.
CHAP security overview

Challenge Handshake Authentication Protocol (CHAP) is a method of authenticating iSCSI users. The iSCSI system can use CHAP to authenticate initiators and initiators can likewise authenticate targets such as the system.
CAUTION If you do not configure CHAP security for the system, any host connected to the same IP network as the system iSCSI ports can read from and write to the system. If the system is on a private network, you can choose not to use CHAP security. If the system is on a public network, we strongly recommend that you use CHAP security. If you want to use CHAP security, you must set up and enable it on both the server and system before preparing LUNs to receive data. If you prepare disks to receive data before you set up and enable CHAP security, you lose access to the LUNs. While you are setting up and enabling CHAP, you may temporarily lose connectivity between the server and the system.
CHAP has the following variants:
Initiator CHAP Sets up accounts that iSCSI initiators use to connect to targets. The target authenticates the initiator. Initiator CHAP is the primary CHAP authentication method. Mutual CHAP Applied in addition to initiator CHAP, mutual CHAP sets up an account that a target uses to connect to an initiator. The initiator authenticates the target.
Note: Mutual CHAP is not currently supported.
42
Attaching a server
CHAP setup process for a VMware ESX server with NICs

Setting up and enabling initiator CHAP is necessary for iSCSI security to work. The setup process is as follows:
On each server that will use the system - Configure initiator CHAP by entering the user data for each initiator that will connect to the target. The initiator sends this data to the target and the target uses this data to authentication the initiator. On the systems - Configure and enable initiator CHAP (basic or advanced) by entering the initiator user data for all initiators that are allowed to access the system. If you are setting up optional mutual CHAP, use the Advanced option to enter the mutual CHAP user data. This is the target user account data that the system sends to initiators.
Configuring initiator CHAP for iSCSI initiators in an ESXi Server

For additional information on CHAP security, see the document, Virtual Infrastructure Server Configuration Guide.
CAUTION You must enable CHAP security for the NIC or iSCSI HBA before you can configure CHAP on the system. While you are setting up and enabling CHAP, you may temporarily lose connectivity between the server and the system.
Use the VMware vSphere Client to configure CHAP parameters for the iSCSI initiators on the server: 1. Login to the VMware vSphere Client as administrator. 2. In the inventory panel, select the server with the initiator that you want to configure. 3. Click the Configuration tab and then click Storage Adapters. 4. Select the iSCSI initiator that you want to configure, and click Properties. 5. In the iSCSI Initiator Properties dialog box, click the CHAP Authentication tab. 6. Click Configure. 7. Select Use the following CHAP credentials. 8. To use the initiator name as the CHAP name, select Use Initiator name. If you are using iSCSI qualified names (iqn names), the initiator name format is:
CHAP setup process for a VMware ESX server with NICs
43
iqn.<year-month>.com.<naming_authority>:<unique_name>
If you are using IEEE qualified names (eui names), the initiator name format is:
eui:<16_character_value_assigned_by_ieee>
If you want to assign a new CHAP name, deselect Use initiator name and enter the new name. 9. In the CHAP Secret box, enter the same secret that you entered on the system. 10. Click OK to save the changes.
CAUTION If you disable CHAP, all sessions that require CHAP authentication terminate immediately.
11. Rescan the iSCSI adapters: a. Click the Configuration tab, and then click Storage Adapters. b. Click Rescan above the storage adapters panel. c. In the Rescan dialog box, select Scan for New Storage Devices.
Configuring initiator CHAP on a system with Unisphere

When you enable and configure initiator CHAP authentication for a system iSCSI data port, the system authenticates all initiators that log in to the port. If you configure target CHAP authentication for a system, a server authenticates the system iSCSI data ports when they log in to the servers initiators. To configure initiator CHAP: 1. From Unisphere, select All Systems System List. 2. From the Systems page, select the system for which you want to configure CHAP. 3. Under iSCSI Management, select CHAP Management. 4. In the CHAP Management dialog box, click Add. The Add CHAP Credentials dialog box opens. 5. In Defined For, select Target. 6. Enter the CHAP username for the system.
44
Attaching a server
To avoid potential confusion, we recommend that you use the default username supplied by the system. 7. Enter the CHAP secret for the system.
Note: If you enter the secret in hexadecimal, you must select CHAP Secret Specified in HEX.
8. Click Apply to save the CHAP credentials. 9. Click Yes, and then OK and click OK again.
Note: If you click Cancel to close the iSCSI CHAP Management dialog box and you did not click Apply after entering new information, the new information is not saved.
10. Click Cancel to close the dialog box and return to the iSCSI Management dialog box.
Configuring mutual CHAP on a system with Unisphere

Mutual CHAP defines a username and secret for a system (a target). Before you begin Before you configure mutual CHAP for a system, you must enable and configure initiator CHAP for the system iSCSI data ports. When you enable and configure initiator CHAP authentication for a system iSCSI data port, the system authenticate all initiators that log in to the port. If you define a secret for a target, a server authenticates the system iSCSI data ports when they log in to the servers initiators. Procedure 1. From Unisphere, select All Systems System List. 2. From the Systems page, select the system for which you want to configure CHAP. 3. Under iSCSI Management, select CHAP Management. 4. In the CHAP Management dialog box, click Add. The Add CHAP Credentials dialog box opens. 5. In Defined For, select Target. 6. Enter the CHAP username for the system.
45
To avoid potential confusion, we recommend that you use the default username supplied by the system. 7. Enter the CHAP secret for the system.
46
Attaching a server
Configuring optional CHAP security for iSCSI HBA initiators (ESX server only)
You must configure CHAP for iSCSI HBA initiators on the VMware ESX Server before you configure CHAP on the system.
CHAP security overview

Challenge Handshake Authentication Protocol (CHAP) is a method of authenticating iSCSI users. The iSCSI system can use CHAP to authenticate initiators and initiators can likewise authenticate targets such as the system.
CAUTION If you do not configure CHAP security for the system, any host connected to the same IP network as the system iSCSI ports can read from and write to the system. If the system is on a private network, you can choose not to use CHAP security. If the system is on a public network, we strongly recommend that you use CHAP security. If you want to use CHAP security, you must set up and enable it on both the server and system before preparing LUNs to receive data. If you prepare disks to receive data before you set up and enable CHAP security, you lose access to the LUNs. While you are setting up and enabling CHAP, you may temporarily lose connectivity between the server and the system.
CHAP has the following variants:
Initiator CHAP Sets up accounts that iSCSI initiators use to connect to targets. The target authenticates the initiator. Initiator CHAP is the primary CHAP authentication method. Mutual CHAP Applied in addition to initiator CHAP, mutual CHAP sets up an account that a target uses to connect to an initiator. The initiator authenticates the target.
Note: Mutual CHAP is not currently supported.
CHAP setup process for iSCSI HBAs

Setting up and enabling initiator CHAP is necessary for iSCSI security to work. The setup process is as follows:
47
On each server that will use the system Configure initiator CHAP by entering the user data for each initiator that will connect to the target. The initiator send this data to the target and the target uses this data to authenticated the initiator. On the system Configure and enable initiator CHAP (basic or advanced) by entering the initiator user data for all initiators that are allowed to access the system. If you are setting up optional mutual CHAP, use the Advanced option to enter the mutual CHAP user data. This is the target user account data that the system sends to initiators.
Configuring initiator CHAP for iSCSI initiators in an ESXi Server

For additional information on CHAP security, see the document, Virtual Infrastructure Server Configuration Guide.
Use the VMware vSphere Client to configure CHAP parameters for the iSCSI initiators on the server: 1. Login to the VMware vSphere Client as administrator. 2. In the inventory panel, select the server with the initiator that you want to configure. 3. Click the Configuration tab and then click Storage Adapters. 4. Select the iSCSI initiator that you want to configure, and click Properties. 5. In the iSCSI Initiator Properties dialog box, click the CHAP Authentication tab. 6. Click Configure. 7. Select Use the following CHAP credentials. 8. To use the initiator name as the CHAP name, select Use Initiator name. If you are using iSCSI qualified names (iqn names), the initiator name format is:
iqn.<year-month>.com.<naming_authority>:<unique_name>
If you are using IEEE qualified names (eui names), the initiator name format is:
eui:<16_character_value_assigned_by_ieee>
If you want to assign a new CHAP name, deselect Use initiator name and enter the new name.
48
Attaching a server
9. In the CHAP Secret box, enter the same secret that you entered on the system. 10. Click OK to save the changes.
CAUTION If you disable CHAP, all sessions that require CHAP authentication terminate immediately.
11. Rescan the iSCSI adapters: a. Click the Configuration tab, and then click Storage Adapters. b. Click Rescan above the storage adapters panel. c. In the Rescan dialog box, select Scan for New Storage Devices.
Configuring initiator CHAP on a ESXi Server with iSCSI HBA initiators

The steps below apply to version 4.01.00 or later of the QLogic SANsurfer software. If you are running an earlier version, refer to the SANsurfer documentation.
Note: The SANsurfer diagnostic read / write buffer test is not supported on EMC systems.
Configure initiator CHAP on each iSCSI HBA that communicates with the server: 1. Open the SANsurfer software. 2. Click Connect and enter the hostname or IP address, and click Connect. 3. Under the iSCSI HBA tab, double-click the HBA and select the HBA port. 4. Select the Target Settings tab. 5. Click Config Authentication on the bottom of the pane.
Note: The default password is config.
6. Select the CHAP tab
Configuring initiator CHAP on a ESXi Server with iSCSI HBA initiators
49
7. Click the green plus sign (+) on the right of the CHAP Entries portion of the CHAP screen. a. Type in the initiator name for your HBA initiator. This name must match the CHAP username you entered on the system. b. Type in the secret for that initiator. The CHAP username secret must match the secret you entered on the system.
8. Under the Targets portion of the CHAP screen, select the Chap Name/Secret row; then from the drop-down menu, select the initiator name and secret you just entered in the CHAP Entries table. 9. Click OK. 10. Save your changes on the Target Settings screen (the default password remains config). You have set up initiator CHAP security on the server.
Configuring mutual (target) CHAP on a ESXi Server with iSCSI HBA initiators
Before you begin
Mutual CHAP is applied in addition to initiator CHAP, so you must set up initiator CHAP before setting up mutual CHAP. Procedure The steps below apply to version 4.01.00 or later of the QLogic SANsurfer software. If you are running an earlier version, refer to the SANsurfer documentation.
Note: The SANsurfer diagnostic read/write buffer test is not supported on EMC systems.
1. Open the SANsurfer software. 2. Click Connect and enter the hostname or IP address, and click Connect. 3. Under the iSCSI HBA tab, double-click the HBA and select the HBA port. 4. Select the Target Settings tab.
50
Attaching a server
5. Select Config Authentication from the bottom of the pane, and in the password prompt, use the password config. 6. Select the CHAP tab. 7. Click the green plus sign (+) on the right of the Target Table portion of the CHAP screen. a. In the blank row under the Target Name column, enter the target CHAP username that you entered on the system. b. In the Target Secret column, enter the target CHAP secret that you entered on the system. 8. Under the Targets portion of the CHAP screen, select Bidi (bi-directional) for the target you want the initiator to authenticate. 9. Click OK. 10. Save your changes on the Target Settings screen (the default password remains config). You have set up mutual CHAP security on the server.

When you enable and configure initiator CHAP authentication for a system iSCSI data port, the system authenticates all initiators that log in to the port. If you configure target CHAP authentication for a system, a server authenticates the system iSCSI data ports when they log in to the servers initiators. To configure initiator CHAP: 1. From Unisphere, select All Systems System List. 2. From the Systems page, select the system for which you want to configure CHAP. 3. Under iSCSI Management, select CHAP Management. 4. In the CHAP Management dialog box, click Add. The Add CHAP Credentials dialog box opens. 5. In Defined For, select Target. 6. Enter the CHAP username for the system. To avoid potential confusion, we recommend that you use the default username supplied by the system.
51
7. Enter the CHAP secret for the system.


Mutual CHAP defines a username and secret for a system (a target). Before you begin Before you configure mutual CHAP for a system, you must enable and configure initiator CHAP for the system iSCSI data ports. When you enable and configure initiator CHAP authentication for a system iSCSI data port, the system authenticate all initiators that log in to the port. If you define a secret for a target, a server authenticates the system iSCSI data ports when they log in to the servers initiators. Procedure 1. From Unisphere, select All Systems System List. 2. From the Systems page, select the system for which you want to configure CHAP. 3. Under iSCSI Management, select CHAP Management. 4. In the CHAP Management dialog box, click Add. The Add CHAP Credentials dialog box opens. 5. In Defined For, select Target. 6. Enter the CHAP username for the system. To avoid potential confusion, we recommend that you use the default username supplied by the system.
52
Attaching a server
7. Enter the CHAP secret for the system.

53
Preparing VMware virtual disks to receive data
Preparing VMware virtual disks to receive data

Before a virtual machine can send data to a virtual disk that is a VMFS volume, you must do the following:
Linux virtual machine 1. Partition the VMware virtual disk. 2. Create and mount a file system on the partition.
Solaris virtual machine 1. Partition the VMware virtual disk. 2. Create and mount a file system on the partition.
Windows virtual machine 1. Write a signature to the VMware virtual disk. 2. Either create partitions on a basic disk or create volumes on a dynamic disk.
54
Attaching a server
Verifying your failover configuration with PowerPath

Perform the following tasks to verify that the server can send data to and receive data from the system and that PowerPath shows the paths from the server to the LUNs that you expect for your configuration.
Note: You can download an I/O simulator (Iometer) for writing data to the system from the following website: http://www.iometer.org/
Verifying your failover configuration with PowerPath for ESXi Server

1. If you are connected to an existing system, stop all applications that are accessing the system and disable user logins to the server. 2. For each NIC or iSCSI HBA connected to the system: a. View the LUNs available to the server:
rpowermt host=ESX Server IP address display dev=all
b. Choose one available LUN to receive data (I/O) for the test. c. View the paths to the chosen LUN:
where x is a pseudo device that represents the chosen LUN. d. Start sending data to a LUN by writing data to it. e. Identify the NIC or iSCSI HBA sending data to the LUN by viewing the output of the
command, and disconnect the cable to that NIC or iSCSI HBA. f. View the output of the
command, and verify that:

The state of the uncabled paths becomes dead. Data continues to be sent on the remaining paths to the LUN, indicating that the failover path was successful and that PowerPath is working properly.
g. Reconnect the cable that you disconnected from the NIC or iSCSI HBA. h. If you caused any LUN to fail over, restore them to their original SP:
55
rpowermt host=ESX Server IP address restore
3. If you are connected to an existing system, restart any applications that you stopped and re-enable any user logins to the server that you disabled.
56
Attaching a server
Copyright 2010 - 2012 EMC Corporation. All rights reserved. Published September 2011 EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date regulatory document for your product line, go to the Technical Documentation and Advisories section on EMC Powerlink. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. All other trademarks used herein are the property of their respective owners. Corporate Headquarters: Hopkinton, MA 01748-9103
Attaching a server
57

iSCSI Network ESX5i

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

iSCSI Network ESX5i

Hochgeladen von

Copyright:

Verfügbare Formate

Here is Your Customized Document

Before you start

Before you start

Before you start

Before you start

Installing NICs or iSCSI HBAs in the server

Installing NICs or iSCSI HBAs in the server

Before you start

Installing NICs or iSCSI HBAs

Installing NICs or iSCSI HBAs in the server

Installing NICs or iSCSI HBAs in the server

Assigning an IP address to a NIC or iSCSI HBA

Assigning an IP address to a NIC or iSCSI HBA

Assigning an IP address to a NIC for an ESXi Server

Assigning an IP address to a NIC or iSCSI HBA

Assigning an IP address to a NIC or iSCSI HBA

Assigning an IP address to an iSCSI HBA in an ESXi Server

Installing or Updating PowerPath software

Installing or Updating PowerPath software

Installing or Updating PowerPath software

Installing Unisphere server software

Installing Unisphere server software

Connecting the VNX to a server in an iSCSI network configuration

Connecting the VNX to a server in an iSCSI network configuration

Connecting the VNX to a server in an iSCSI network configuration

Connecting the VNX to a server in an iSCSI network configuration

Identifying VNX iSCSI host ports for server connections

Handling optical cables

Connecting the VNX to a server in an iSCSI network configuration

Cabling the VNX and server iSCSI ports to the network

Cabling the VNX and server iSCSI ports to the network

Connecting the VNX to a server in an iSCSI network configuration

Figure 2. Connecting an Ethernet cable

Connecting the VNX to a server in an iSCSI network configuration

Figure 4. Connecting a fibre optical cable for Ethernet transmission

Figure 5. Connecting an active twinaxial cable

Connecting the VNX to a server in an iSCSI network configuration

Setting system iSCSI port network parameters

Setting system iSCSI port network parameters

Setting system iSCSI port network parameters with Unisphere

Setting system iSCSI port network parameters

Setting system iSCSI port network parameters with Unisphere

Setting system iSCSI port network parameters

Configuring an ESXi Server for software iSCSI initiators

Configuring an ESXi Server for software iSCSI initiators

Configuring an ESXi Server for software iSCSI initiators

Configuring an ESXi Server for hardware iSCSI initiators

Configuring an ESXi Server for hardware iSCSI initiators

Registering the ESXi Server with the system

Registering the ESXi Server with the system

Updating virtual machine information in Unisphere

Registering the ESXi Server with the system

Verifying system health

Verifying system health

Click the Unisphere Service Manager icon on your desktop, or

For an ESXi Server, set:

Verifying your high-availability iSCSI configuration

Verifying your high-availability iSCSI configuration

Using the server utility to verify your high-availability configuration

Verifying your high-availability iSCSI configuration

Verifying your high-availability iSCSI configuration

Configuring your VNX system

Configuring your VNX system

Configuring your VNX system