Now that we have attached our ISCSI LUN to a ESXi server let’s look at connecting the LUN to a normal physical server. We are going to attach the LUN to a Windows 2003 Server using Microsoft’s ISCSI software initiator. I don’t think they included it by default so if you don’t have it you’ll need to go download it. Check out the link below if you don’t have it installed and need to download it.
What’s neat about adding a disk to a physical server using this method is since it will be NTFS any other server can read it without additional software. So…. Let’s say I have a file server that has an attached LUN holding all of my company shares. I can create a job on my backup server that takes a snapshot of the that LUN and mounts the snapshot to the backup server. Then I can back up the snapshot, have the backup software detach the LUN, and then delete the snapshot. I can’t do this with VMware unless I have something on the backup server that can read VMFS. No need to worry about backing up files that are currently in use since no one will be using the files in the snapshot. Think of backing up Exchange and SQL this way…… I’ll cover the scripting in part 5.
A few things to keep in mind before we start…
-We won’t be able to boot from this LUN, it will only serve as “tack on” storage. You can tell Windows to reattach it at boot but that’s about it. In order to boot from SAN you would need a physical HBA that could be configured to find the LUN during the machines post process
-The ISCSI initiator can be used in XP and Vista as well, it’s not just reserved for server OS
-You can use CHAP Authentication or ISCSI name to attach the LUN. During this walkthrough I’ll be using the same LUN I attached to ESXi in Part 3 so I will be using CHAP Authentication here as well. I’m not going to walkthrough how to configure the LeftHand SAN to see this Windows Server 2003 system. You’ll need to log into the LeftHand CMC and configure an additional server with the correct IP information.
-In a production environment you would probably want a separate NIC that was used just for ISCSI. Since this is a test environment I’m running ISCSI on the data network.
-Keep in mind that a LUN when initially provisioned has no file format. When I added it to ESXi it had to format it VMFS, when I add it to the Windows Server in this walkthrough it will want to format it as NTFS.
OK, first thing to do is to open up the ISCSI initiator in Windows. If it isn’t installed yet, click on the link above and download it. Once it’s installed you should be able to open the initiator by going to the control panel. It will be displayed as “iSCSI Initiator”. Go ahead and double click to open it up.
The first page gives you your Node Name (Useful if you aren’t using CHAP), gives you the option to change it, lets you configure the CHAP secret for target authentication, and has an option for ISCIS and IPSec. If you’ll recall when we configured the Server in the LeftHand CMC it required two passwords.
One for the Target and one for the Initiator. When configuring the Initiator we can use one or both. If we want to use both passwords (which is called Mutual Authentication) we need to configure the Initiator Secret on the General tab of the ISCSI Initiator Properties. What’s confusing here is that it seemed to me that the password I needed to use on the initiator side of things (the server) would be what I defined as the “Initiator Secret” in the LeftHand CMC. In reality you need to use the “Target Secret”. I just think of it as the Server is logging onto the target, so I need to use the “Target Secret”. So click on the “Secret” button and enter in what you configured as the “Initiator Secret” in the LeftHand CMC when you defined the server. Then press OK and click on the “Discovery Tab”
You’ll get a dialog prompting you to enter the IP address or DNS name of your portal. Enter in the IP address of your LeftHand cluster. (Just to beat the dead horse here… Cluster IP, not the Node IP). Then click “Advanced…”
On the Advanced window we want to check the “CHAP logon information” checkbox, enter in our username (It will default to the initiator name, just delete it), enter in the “Target Secret” that we entered in the LeftHand CMC, and check the box for “Perform mutual authentication”. If you don’t check that box it only uses the username and secret from this page to authentication even if you entered a secret on the “General” tab. Since we entered one, we’ll check this box. Then press OK to save the settings on the Advanced Settings window and OK again on the Add Target Portal window.
If all goes well your Target should appear listed underneath “Target Portals”. If it didn’t go well you’ll receive the error below. If you get this error it usually means that there is a discrepancy between the logon information you entered in the LeftHand CMC and the ones you just entered. Verify that you haven’t accidentally transposed the Target and Initiator Secret on either side of the connection. The annoying part here is that I can’t find to seem a way to edit the target settings once you click ok. If you get the error below you have to remove the target and re-add it from scratch.
If you did not receive an error and your target shows up under “Target Portals” you can move on. Click on the “Targets” tab. You should your LUN appearing under “Targets” and it should have a status of “Inactive”. I always hit “Refresh” to make sure that its actually there. Then press the “Log On…” button.
Once you press “Log On…” a “Log On to Target” window appears. You are given two options. One that allows you to reconnect the LUN at OS boot and the other to enable multi-path. You would only use this if you had two pathways to the same LUN for redundancy. If you had two pathways without multi-path the LUN would should up as two disks. You would need some sort of Multi Pathing software that would allow the OS to realize that the LUNs were coming from the same place and present them to the logical disk manager as one logical drive. In windows this is called MPIO(Multi Path In/Out). Also for some reason the initiator doesn’t assume that the credentials you entered in earlier are for the volume you are attaching to as well. So click the “Advanced” button and enter in the same CHAP Authentication information you did previously. After you do that check the box that says “Automatically restore this connection when the system boots” and press OK
After we see the connected status we can go to the server’s logical disk manager (In MS Server 2003 go to Administrative Tools, Computer Management, and select Disk management from the left hand side of the screen) and with any luck we will see the disk attached to the server.
Right click, new partition, follow the wizard and you have your new SAN LUN fully attached and partitioned. Test out rebooting the server and see if its still attached when it comes back online.
Summary – Its pretty easy to attach a ISCSI LUN to a server. Doing it correctly in a production environment would mean taking different hardware then we did today but the same concepts should apply. CHAP Authentication adds an extra layer of frustration but is mandated in some environments. Try connecting the drive without using CHAP. All you need to do is add the Initiator name from the general tab of the ISCSI initiator (Press “Change” to open a textbox so you can copy the name correctly) to the LeftHand CMC server configuration. When you add the name, CHAP gets turned off automatically as you can only either define a name or configure CHAP. Then when you add the LUN in the initiator on the server you just need to specify the cluster IP address. It will see any LUNs you have mapped to that ISCSI name. There are a lot more advanced features in the Microsoft Server ISCSI initiator. We really only scratched the surface. Perhaps in a later post we’ll talk more about MPIO. In the next post in this series we will do a little scripting with LUNs and snapshots.