en.wikipedia.org/wiki/Iscsi
Storage Area Network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the illusion of locally-attached disks.
Although iSCSI can communicate with arbitrary types of SCSI devices, system administrators almost always use it to allow server computers (such as database servers) to access disk volumes on storage arrays. iSCSI SANs often have one of two objectives: Storage consolidation Organizations move disparate storage resources from servers around their network to central locations, often in data centers; this allows for more efficiency in the allocation of storage. In a SAN environment, a server can be allocated a new disk volume without any change to hardware or cabling. Disaster recovery Organizations mirror storage resources from one data center to a remote data center, which can serve as a hot standby in the event of a prolonged outage. In particular, iSCSI SANs allow entire disk arrays to be migrated across a WAN with minimal configuration changes, in effect making storage "routable" in the same manner as network traffic.
network-attached storage (NAS) device, where computers access resources through a file-based interface rather than through a low-level device interface. A NAS server arbitrates access from multiple clients, thus allowing the arbitrary addition of consumers for its resources. With iSCSI, the burden of synchronizing access to shared resources generally belongs to the initiator (network client) rather than with the target (network server).
SCSI initiator An initiator functions as an iSCSI client. An initiator typically serves the same purpose to a computer as a SCSI bus adapter would, except that instead of physically cabling SCSI devices (like hard drives and tape changers), an iSCSI initiator sends SCSI commands over an IP network. An initiator falls into two broad types: Software initiator A software initiator uses code to implement iSCSI.
network stack to emulate SCSI devices for a computer by speaking the iSCSI protocol. Software initiators are available for most mainstream operating systems, and this type is the most common mode of deploying iSCSI on computers.
edit TCP Offload Engine (TOE) A TCP Offload Engine, or "TOE Card", offers an alternative to a full iSCSI HBA. A TOE "offloads" the TCP/IP operations for this particular network interface from the host processor, freeing up CPU cycles for the main host applications. When a TOE is used rather than an HBA, the host processor still has to perform the processing of the iSCSI protocol layer itself, but the CPU overhead for that task is low. iSCSI HBAs or TOEs are used when the additional performance enhancement justifies the additional expense of using an HBA for iSCSI, rather than using a Software-based iSCSI Client (initiator).
SCSI target iSCSI refers to a storage resource located on an iSCSI server (more generally, one of potentially many instances of iSCSI running on that server) as a "target". As with initiators, software to provide an iSCSI target is available for most mainstream operating systems.
In an iSCSI environment, LUNs are essentially numbered disk drives. An initiator negotiates with a target to establish connectivity to a LUN; the result is an iSCSI session that emulates a SCSI hard disk. Initiators treat iSCSI LUNs the same way as they would a raw SCSI or IDE hard drive;
iSCSI imposes no rules or restrictions on multiple computers sharing individual LUNs; it leaves shared access to a single underlying filesystem as a task for the operating system.
edit Addressing Special names refer to both iSCSI initiators and targets. They are qualified by a date (yyyy-mm) because domain names can expire or be acquired by another entity. The IEEE Registration authority provides EUI in accordance with the EUI-64 standard. NAA is part OUI which is provided by the IEEE Registration Authority.
The iSCSI negotiation protocol is designed to accommodate other authentication schemes, though interoperability issues limit their deployment. To ensure that only valid initiators connect to storage arrays, administrators most commonly run iSCSI only over logically-isolated backchannel networks. In this deployment architecture, only the management ports of storage arrays are exposed to the general-purpose internal network, and the iSCSI protocol itself is run over dedicated network segments or VLANs. unauthorized users aren't physically provisioned for iSCSI, and thus can't talk to storage arrays.
edit Authorization Because iSCSI aims to consolidate storage for many servers into a single storage array, iSCSI deployments require strategies to prevent unrelated initiators from accessing storage resources.
During an audit, storage systems must demonstrate controls to ensure that a server under one regime cannot access the storage assets of a server under another. Typically, iSCSI storage arrays explicitly map initiators to specific target LUNs; an initiator authenticates not to the storage array, but to the specific storage asset it intends to use. However, because the target LUNs for SCSI commands are expressed both in the iSCSI negotiation protocol and in the underlying SCSI protocol, care must be taken to ensure that access control is provided consistently.
edit Confidentiality and integrity For the most part, iSCSI operates as a cleartext protocol that provides no cryptographic protection for data in motion during SCSI transactions. As a result, an attacker who can listen in on iSCSI ethernet traffic can: * reconstruct and copy the files and filesystems being transferred on the wire * alter the contents of files by injecting fake iSCSI frames * corrupt filesystems being accessed by initiators, exposing servers to software flaws in poorly-tested filesystem code.
edit Targets Most iSCSI targets involve disk, though iSCSI tape and medium-changer targets are popular as well. So far, physical devices have not featured native iSCSI interfaces on a component level.
Fibre Channel interfaces are bridged by using iSCSI target software, external bridges, or controllers internal to the device enclosure. Alternatively, one can virtualise disk and tape targets. Rather than representing an actual physical device, an emulated virtual device is presented.
VTLs use disk storage for storing data written to virtual tapes. As with actual physical devices, virtual targets are presented by using iSCSI target software, external bridges, or controllers internal to the device enclosure.
edit Converters and bridges Multiple systems exists which allow Fibre Channel, SCSI and SAS devices to be attached to an IP network for use via iSCSI. They can be used to allow migration from older storage technologies, access to SANs from remote servers and the linking of SANs over IP networks.
Architecture and Dependability of Large-Scale Internet Services David Oppenheimer and David A Patterson, Berkley, IEEE Internet Computing, September-October 2002.
|
http://csua.com/feed/