In case you're not familiar with iSCSI, it is a storage networking technology that allows SCSI commands to be sent over an IP network. Prior to the development of iSCSI, most SANs required expensive, special cabling (usually Fibre Channel). With iSCSI, however, the cabling no longer matters because iSCSI commands can be sent over Local Area Networks, Wide Area Networks or even the Internet.
In an iSCSI environment, storage devices are referred to as targets. A target can be a disk, tape drive or any other SCSI-based storage device. In order for a computer to connect to a remote target, it uses the iSCSI Initiator to establish connectivity to the target. As I mentioned earlier, an iSCSI Initiator is included with Windows Vista and with Windows Server 2008.
Using the iSCSI Initiator
You can access the iSCSI Initiator by opening the Control Panel and clicking on the System and Maintenance link, followed by the Administrative Tools and the iSCSI Initiator links. When you do this for the first time, Windows will display a warning message telling you that the iSCSI service is not running and asking if you want to start it. If you choose to start the iSCSI service, then it will launch automatically each time Windows is started from then on.
Next, you should see a prompt asking if you want to unblock the Windows firewall ports associated with the iSCSI Initiator. You will have to answer yes to this prompt. Otherwise, Windows will generate an error message when you attempt to connect to a target.
At this point, Windows opens the iSCSI initiator, as seen in Figure A. The properties sheet's General tab is selected by default. The first option on this tab allows you to change the Initiator's name. Each iSCSI Initiator must be assigned a name, but you can usually get away with using the default name. There are three different naming conventions used by iSCSI, but the Windows implementation uses a naming convention known as IQN, or iSCSI Qualifying Name.
The General tab contains a couple of other options. With one option you can specify a CHAP secret in case you want to use mutual CHAP authentication for verifying targets. The General tab also gives you the option of setting up IPsec tunnel mode addresses for IPsec encryption.
The Discovery tab
As shown in Figure B, the Discovery tab gives you two options for performing iSCSI discovery. One option is to manually specify a static list of target portals using the iscsicli. When you do, the iSCSI Initiator will perform an iSCSI discovery login followed by a Send Targets operation that allows the iSCSI Initiator to acquire a list of available targets.
The other option on this tab provides a list of iSNS servers. iSNS servers provide clients with a list of iSCSI targets. The idea is that the server is configured with the list of targets so that each client does not have to be manually configured with anything but a reference to the iSNS server. If a change needs to be made later on, it can be applied to the iSNS server and the clients will automatically be made aware of the change. Microsoft has made its own iSNS server available for download.
The Targets tab
The next tab you will encounter is the Targets tab, shown in Figure C. Clicking on this tab gives you a list all of the targets that have been detected. You can then select a target and click the Log On button to attach to it.
The Favorite Targets tab
The Favorites tab lists your favorite targets. A target is considered to be a favorite if you have logged into it.
The Volumes and Devices tab
Typically, when you attach to a target, you are going to have to associate that target with some sort of volume mount point (usually a drive letter). The Volumes and Devices tab (Figure E) allows you to associate a volume mount point with a target.
The RADIUS tab
Allowing clients to attach to targets without any kind of authentication taking place presents a major security risk. Typically, authentication is performed by a RADIUS Server or an Internet Authentication Server (IAS, Microsoft's own version of RADIUS). The RADIUS tab, shown in Figure F, allows you to tell the iSCSI Initiator which RADIUS server you want to use for authentication. You have the option of listing multiple RADIUS servers, which will be used in the order that they are listed.
Hopefully the iSCSI Initiator is less intimidating now that you have a basic idea of how it works. If you want more details on using the iSCSI Initiator, check out Microsoft's user guide.
|Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award four times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit his personal Web site at www.brienposey.com.|
This was first published in May 2008