You are currently browsing the archive for the Storage category.

Now that we have attached our ISCSI LUN to a ESXi server let’s look at connecting the LUN to a normal physical server.  We are going to attach the LUN to a Windows 2003 Server using Microsoft’s ISCSI software initiator.  I don’t think they included it by default so if you don’t have it you’ll need to go download it.  Check out the link below if you don’t have it installed and need to download it.

What’s neat about adding a disk to a physical server using this method is since it will be NTFS any other server can read it without additional software.  So….  Let’s say I have a file server that has an attached LUN holding all of my company shares.  I can create a job on my backup server that takes a snapshot of the that LUN and mounts the snapshot to the backup server.  Then I can back up the snapshot, have the backup software detach the LUN, and then delete the snapshot. I can’t do this with VMware unless I have something on the backup server that can read VMFS.  No need to worry about backing up files that are currently in use since no one will be using the files in the snapshot.  Think of backing up Exchange and SQL this way……  I’ll cover the scripting in part 5.

A few things to keep in mind before we start…
-We won’t be able to boot from this LUN, it will only serve as “tack on” storage.  You can tell Windows to reattach it at boot but that’s about it.  In order to boot from SAN you would need a physical HBA that could be configured to find the LUN during the machines post process
-The ISCSI initiator can be used in XP and Vista as well, it’s not just reserved for server OS
-You can use CHAP Authentication or ISCSI name to attach the LUN.  During this walkthrough I’ll be using the same LUN I attached to ESXi in Part 3 so I will be using CHAP Authentication here as well.  I’m not going to walkthrough how to configure the LeftHand SAN to see this Windows Server 2003 system.  You’ll need to log into the LeftHand CMC and configure an additional server with the correct IP information.
-In a production environment you would probably want a separate NIC that was used just for ISCSI.  Since this is a test environment I’m running ISCSI on the data network. 
-Keep in mind that a LUN when initially provisioned has no file format.  When I added it to ESXi it had to format it VMFS, when I add it to the Windows Server in this walkthrough it will want to format it as NTFS.

OK, first thing to do is to open up the ISCSI initiator in Windows.  If it isn’t installed yet, click on the link above and download it.  Once it’s installed you should be able to open the initiator by going to the control panel.  It will be displayed as “iSCSI Initiator”.  Go ahead and double click to open it up.image

The first page gives you your Node Name (Useful if you aren’t using CHAP), gives you the option to change it, lets you configure the CHAP secret for target authentication, and has an option for ISCIS and IPSec.  If you’ll recall when we configured the Server in the LeftHand CMC it required two passwords.  image

One for the Target and one for the Initiator.  When configuring the Initiator we can use one or both.  If we want to use both passwords (which is called Mutual Authentication) we need to configure the Initiator Secret on the General tab of the ISCSI Initiator Properties.  What’s confusing here is that it seemed to me that the password I needed to use on the initiator side of things (the server) would be what I defined as the “Initiator Secret” in the LeftHand CMC.  In reality you need to use the “Target Secret”.  I just think of it as the Server is logging onto the target, so I need to use the “Target Secret”.  So click on the “Secret” button and enter in what you configured as the “Initiator Secret” in the LeftHand CMC when you defined the server. Then press OK and click on the “Discovery Tab”image 

On the Discovery Tab we want to add a target, so press the “Add” button.image

You’ll get a dialog prompting you to enter the IP address or DNS name of your portal.  Enter in the IP address of your LeftHand cluster.  (Just to beat the dead horse here… Cluster IP, not the Node IP).  Then click “Advanced…”image 

On the Advanced window we want to check the “CHAP logon information” checkbox, enter in our username (It will default to the initiator name, just delete it), enter in the “Target Secret” that we entered in the LeftHand CMC, and check the box for “Perform mutual authentication”.  If you don’t check that box it only uses the username and secret from this page to authentication even if you entered a secret on the “General” tab.  Since we entered one, we’ll check this box.  Then press OK to save the settings on the Advanced Settings window and OK again on the Add Target Portal window.image

If all goes well your Target should appear listed underneath “Target Portals”.  If it didn’t go well you’ll receive the error below.  If you get this error it usually means that there is a discrepancy between the logon information you entered in the LeftHand CMC and the ones you just entered.  Verify that you haven’t accidentally transposed the Target and Initiator Secret on either side of the connection.  The annoying part here is that I can’t find to seem a way to edit the target settings once you click ok.  If you get the error below you have to remove the target and re-add it from scratch.image

If you did not receive an error and your target shows up under “Target Portals” you can move on.  Click on the “Targets” tab.  You should your LUN appearing under “Targets” and it should have a status of “Inactive”.  I always hit “Refresh” to make sure that its actually there.  Then press the “Log On…” button.image

Once you press “Log On…” a “Log On to Target” window appears.  You are given two options.  One that allows you to reconnect the LUN at OS boot and the other to enable multi-path.  You would only use this if you had two pathways to the same LUN for redundancy.  If you had two pathways without multi-path the LUN would should up as two disks.  You would need some sort of Multi Pathing software that would allow the OS to realize that the LUNs were coming from the same place and present them to the logical disk manager as one logical drive.  In windows this is called MPIO(Multi Path In/Out).  Also for some reason the initiator doesn’t assume that the credentials you entered in earlier are for the volume you are attaching to as well.  So click the “Advanced” button and enter in the same CHAP Authentication information you did previously.  After you do that check the box that says “Automatically restore this connection when the system boots” and press OK image

After you hit OK the status should change to “Connected” as shown below.  If you get the authentication error try the troubleshooting steps mentioned above.image

After we see the connected status we can go to the server’s logical disk manager (In MS Server 2003 go to Administrative Tools, Computer Management, and select Disk management from the left hand side of the screen) and with any luck we will see the disk attached to the server.  image

Right click, new partition, follow the wizard and you have your new SAN LUN fully attached and partitioned.  Test out rebooting the server and see if its still attached when it comes back online.

Summary – Its pretty easy to attach a ISCSI LUN to a server.  Doing it correctly in a production environment would mean taking different hardware then we did today but the same concepts should apply.  CHAP Authentication adds an extra layer of frustration but is mandated in some environments.  Try connecting the drive without using CHAP.  All you need to do is add the Initiator name from the general tab of the ISCSI initiator (Press “Change” to open a textbox so you can copy the name correctly) to the LeftHand CMC server configuration.  When you add the name, CHAP gets turned off automatically as you can only either define a name or configure CHAP.  Then when you add the LUN in the initiator on the server you just need to specify the cluster IP address.  It will see any LUNs you have mapped to that ISCSI name.  There are a lot more advanced features in the Microsoft Server ISCSI initiator.  We really only scratched the surface.  Perhaps in a later post we’ll talk more about MPIO.  In the next post in this series we will do a little scripting with LUNs and snapshots.

Tags: , ,

In the first two articles in this series I discussed the process of configuring the LeftHand VSA and preparing a volume for attachment to a VMWare server.  A few things should be noted here.
-I’m using ESXi 3.5 for this walk through
-The VSA is installed on the same ESXi server that I am attaching the server to
-Since I’m working in a test environment I am keeping the ISCSI traffic on the same subnet as the Virtual Machines.  The VMKernel is the interface in VMWare that needs to see the ISCSI traffic so to keep this simple I will leave everything on the same subnet.  Remember ESXi is different than ESX as far as the network configuration goes.  We really aren’t looking at performance right now, just trying to get the VSA up and running so we can play with it.

Alright let’s get right into it……

Since this is ESXi, I have already configured a VMKernel port for management of the ESXi host.  That being said my current network configuration looks like the image below.  Note the VSA is part of the VM Network already.  The hosts on the VM Network all have the same subnet of 10.20.30.X /24image

So basically all I need to do at this point is enable the ISCSI software initiator in ESXi and give it the information it needs to find the ISCSI LUN we created.  Under configuration in your VI Client click on “Storage Adapters” and then scroll down in the right pane until you see “ISCSI Software Adapter”.  Select it by left clicking on it and then choose properties in the lower pane.  image 

On the properties click the “Configure…” button and check the box under status that says “Enabled”.  Note you cant insert your own ISCSI name at this point.  Once you press OK the system will think for a brief moment and the populate the “ISCSI Properties” section at the top of the Properties page.  Additionally if you click on “Configure…” again you are now able to edit the ISCSI name, however I wouldn’t recommend doing so unless you know what you are doing.

image image

You can now continue configuring the ISCSI connection.  Select the “Dynamic Discovery” tab from the top of the Properties window.  Underneath “Dynamic Discovery” click the “Add…” button from the lower part of the screen.  On the “Add Send Targets Server” window enter the IP of your LeftHand cluster.  Please note here DON’T USE THE IP OF YOUR LEFTHAND NODE.  You have to use the cluster IP.  I know it doesn’t make a lot of sense since we are only working with one node but you have to think of situations where you would have more than one node in a cluster.  Leave the port value at its default setting of 3260.image

Now click on the “CHAP Authentication” tab of the properties window.  If you prefer to not use CHAP you could very easily go back to the “General” tab, copy the ISCSI name, go back to the LeftHand CMC and change the server definition to “CHAP not required” and paste the name you copied in the “Initiator Node Name” text box.  We simply configured CHAP in the previous step because we didn’t know what the ESXi Initiator Name would be at that point of the configuration.  If you choose to do not use CHAP and make the above listed change disregard the next step where we configure the CHAP authentication.

Click the “Configure…” button and enter in the credentials you specified when you configured the server in the LeftHand CMC.  Once done press “OK”, and then close the Properties window.image

After you press CLOSE, VMware will ask you if you want to “Rescan the Host”.  Choose “Yes”, this will rescan all the HBA (Host Bus Adapters) on the ESX server.image 

With any luck after the HBA scan completes you should see the volume you created in the LeftHand CMC appear as an available LUN.  If you don’t see it verify the CHAP username and password you used and make sure you are matching the correct password that you defined in the LeftHand CMC.  You had to define a Target and an Initiator Secret which had to be different.  Ensure you are matching the  correct Secret and then try hitting the “Rescan…” button at the top of the Storage Adapters pane.  The Windows ISCSI Initiator lets you do mutual authentication which would use both the Initiator and Target Secrets.

Now if we select Storage from the “Hardware” area on the left hand side of the screen we can see our existing datastore.  To see the ISCSI datastore we are going to have to add it.  Select the “Add Storage…” link from the right side of the screen.image

This should bring up the “Add Storage Wizard”.  Ensure that Disk/Lun is selected and press NEXT.


On the next screen you should see your ISCSI LUN, ensure its selected and press NEXTimage

The next screen warns you that the current Disk Layout will be destroyed.  Note in the below image that I had used this LUN for a quick test on a MS Server and formatted it as NTFS.  The wizard picks up on that and warns that the disk layout will be destroyed.  Press NEXT.image

On the next screen give the datastore a name and then Press NEXT.image

On the next screen choose how big you want to make the datastore. Most of the time I would just leave the option “Maximize Capacity” checked.  That will use all of the space on the LUN and is the default setting.  The other option on this screen is Maximum Block Size.  There are a couple different schools of thought on this and if you aren’t sure I would recommend the default settings.image

On the last screen just verify your settings and press FINISHimage

After it finishes creating your VFMS Datastore, the new datastore will show up under storage where you can start treating it just like any other datastore.   That’s it!  You’ve successfully implemented a completely virtualized SAN solution!

Tags: , , ,

This is the second post in the series.  In the first post I explained how to get the VSA, install it in VMware, and set its static IP.  In this post we are going to finish the actual configuration of the VSA using the LeftHand CMC.  So if you haven’t installed the CMC from the VSA download do so now.  Then double click the link on your desktop and let’s get started.

Step 1 – Find the storage Node
After the CMC finishes loading it should come up with a status window that says “Searching for Nodes”.  After a few seconds it should go away and you should be prompted with the “Find New Nodes Wizard” as shown below.

Press NEXTimage

On the next screen you are asked if you want to broadcast search or find an individual node.  We’ll select the second option since we hopefully remember what IP we set on the VSA.  Press NEXTimage

On the next screen select the add button and enter the IP that you set in the VMware console for the VSA.  Press FINISH


After you press FINISH the CMC will run a quick search and after the status menu goes away you should notice the status changed to “Newly Found”.  Press close to exit the wizard.image

  You should now be back at the main CMC window.  On the far left your VSA should be displayed and you should be able to hit the plus sign next to it to expand its options.  As you can see on the screen below it found my 10 gig disk.  Now lets get it ready to attach to a ESX machine.

Step 2 – Create Management Group, Cluster, and Volume
Click on the “Tools” menu at the top of the screen, select “Management Group”, and then select “New Management Group”.  The new Management Group Wizard should appear as shown below right.  Click NEXT.

image image

Ensure the “New Management Group” option is selected and press NEXT.


On the next screen give the Management Group a name (I’m pretty generic: MG1) and ensure that your node is selected.image

On the next screen it forces you to create a new admin user to use when you login into the Management Group.  Enter in the required information and press NEXT.image

On the next screen you are requested to set the time.  I always use NTP servers and I set the NTP server as an IP address so that if DNS goes down we still have NTP.  Set a NTP server or do it manually, then press NEXT.image

Ensure “Standard Cluster” is selected on the next page and press NEXT.  We’ll get into Multi-Site configurations later on in a different post.image

Now comes the fun part.  We need to create a cluster.  Clusters are what ISCSI initiators communicate with and with LeftHand a cluster is 1 or more nodes.  For now it will be just one node but we still need to configure the cluster.  Give it a name, ensure your VSA is selected, and press NEXT.image

Now we add the VIP (Virtual IP) for the cluster.  Again this is what ISCSI initiators will use for their connection to the VSA.   Nodes can still be managed with their own IP address, however it’s best practice to use the cluster VIP for ISCSI traffic.  Add a VIP and then press NEXT.image 

The next screen gives you the option to create a volume in the cluster.  If you don’t want to create the volume right now check the box that says “Skip Volume Creation” and just press FINSIH.  I’m going to go ahead and create a 5 gig volume right now.  Give it a name, description, set the volume size, choose thin of full provisioning (I always use Thin), and then press FINISH.image

After you press finish you’ll get to watch the CMC do all the work.  Once the numerous status/progress windows go away you are presented with your summary of what just happened.  Press CLOSEimage

After you press CLOSE you’ll get the registration warning shown below.image  I’ll talk here a little about the VSA licensing.  If you noticed I haven’t had you do anything with a license key yet.  That being said without adding in a license key none of the advanced features are possible.  What you do get without an eval key is a fully functional ISCSI target that can do snapshots.  At first I thought you got 30 days total, but after reading the LeftHand documentation I found the following information…

From the VSA documentation included in the VSA download

When using the demo version, the full suite of features in the
SAN/iQ software is enabled for 30 days. After 30 days, volumes
become unavailable if any licensed features are in use. Licensed
features include:
• Multi-Node Virtualization and Clustering
• Managed Snapshots
• Remote Copy
• Multi-Site SAN
The VSA can be used for free indefinitely as a single node iSCSI
target with snapshots. “

So the bottom line here is that if you only need a single node that can do snapshots and acts as a enterprise level ISCSI target; this is a super good deal.  I need to be very clear here though that the VSA should ONLY be used for testing purposes unless you have purchased an actual VSA license.  If you are interested in the other features or in purchasing, contact your local HP reseller.

Step 3 – Add a Server and assign your volume to it
At this point the VSA is almost fully configured to allow an ISCSI initiator to attach to the volume we just created.  The last part is to assign the volume to a server.  To do this select “Servers” from the left hand side of the screen, on the right side under “Server Tasks” select “New Server…”image 

On the next screen enter your Server information.  This includes either selecting CHAP Authentication OR entering the initiator’s node name.  Since we haven’t setup ESX yet for ISCSI I’ll configure CHAP Authentication.  Enter your information and press OK.image

Now that you have the server created you can assign the volume to the server.  To do this select your newly defined server from the left hand side of the screen and then under “Tasks” select “Assign and Unassign Volumes and SnapShots”


On the next screen the volume you created earlier should appear.  Simply check the “Assigned” box next to the volume name and then press OK.image

That’s it!  The rest needs to be done from the VMware side but at this point you have successfully installed a Enterprise level Virtual ISCSI target, provisioned it, created volumes, and assigned them to servers.  More to come in the next post where we attach to the volume to ESX.

Tags: , , ,

« Older entries § Newer entries »