Mẹo Hướng dẫn Which of the following methods can be used to restrict which servers can connect to an iscsi target? Mới Nhất

Pro đang tìm kiếm từ khóa Which of the following methods can be used to restrict which servers can connect to an iscsi target? được Cập Nhật vào lúc : 2022-10-01 05:25:18 . Với phương châm chia sẻ Bí kíp Hướng dẫn trong nội dung bài viết một cách Chi Tiết 2022. Nếu sau khi đọc Post vẫn ko hiểu thì hoàn toàn có thể lại Comments ở cuối bài để Tác giả lý giải và hướng dẫn lại nha.

Last updated Save as PDF

This article applies to Windows Server 2012, 2012R2, 2022, 2022, 2022

Nội dung chính

    Setup Using Windows Server and FlashArray Management ToolsConfigure MSiSCSI (Part 1 of 2)Configure FlashArray Host and VolumeConfigure MSiSCSI (Part 2 of 2)Using CHAP with iSCSIOptimizing Latency on Windows HostsTest ConnectivityWhat name format is used to specify the iSCSI targets that are permitted to connect to an iSCSI initiator?What is the underlying network protocol used by iSCSI storage network?What protocol can be used in Windows Server 2022 to discover network based iSCSI devices?How does the iSCSI target server make storage available to iSCSI initiators?

OverviewSetup Using Windows Server and FlashArray Management ToolsConfigure MSiSCSI (Part 1 of 2)Configure FlashArray Host and VolumeConfigure MSiSCSI (Part 2 of 2)Using
CHAP with iSCSIConfigure CHAP on the Windows host:Configure CHAP using PowerShellTesting Windows Server iSCSI CHAPOptimizing Latency on Windows HostsTest Connectivity

Overview

The Pure Storage FlashArray supports the Internet Small Computer Systems Interface an Internet Protocol (IP) based storage networking standard for linking data storage facilities. Using iSCSI provides access to the Pure Storage FlashArray by
issuing SCSI commands over the TCP/IP network. 

The screenshot below illustrates four connected Ethernet Ports (CT0.ETH6/ETH7 and CT1.ETH6/ETH7) in a Pure Storage FlashArray. These ports will be configured on the FlashArray and Windows Server for connectivity in Setup iSCSI
Connectivity.

The following steps will configure the MSiSCSI Initiator Service to connect to the Pure Storage FlashArray iSCSI ports using the Windows Server management tools.

Setup Using Windows Server and FlashArray Management Tools

This section walks through the steps for configuring MSiSCSI using the Graphical User Interface (GUI) tools provided by Windows Server and Pure Storage FlashArray management interface.

Configure MSiSCSI (Part 1 of 2)

Open
up Server
Manager
. By default Server Manager starts when logging into Windows Server. Click Tools and select iSCSI Initiator to start the MSiSCSI Initiator Service.The Microsoft iSCSI dialog will open indicating that the service is not running. Click Yes to start the service and also set it to startup automatically when the server reboots.

After the MSiSCSI Initiator Service has started the Properties dialog will be opened. Click the Configuration tab to retrieve the iSCSI Qualified Name (IQN). 

Write down or cut-and-paste the Initiator Name value.

 

This step has started the Microsoft iSCSI Service so the Initiator Name could be retrieved which is required for the next section.

Configure FlashArray Host and Volume

Connecting a volume to a configured iSCSI host on the Pure Storage FlashArray is required before configuring MSiSCSI. if a volume is not connected, you will receive an Authorization Failure.

 

Open the Pure
Storage FlashArray Management 
interface and log into the FlashArray.Click on the Storage tab.Click on the + in the Hosts section and select Create Host.

Select the newly created host, Server01, then click the Ellipsis on the top right, then click Configure IQNs.

The Configure iSCSI IQNs dialog box will open. Enter the IQN from the previous section then click Add.

Click on the + in the Volumes section to create a volume. For this example the
name iSCSI-TestVolume with a size of 500GB is being used. A different name and size can be used.
 After creating the new volume click the elipsys in the Connected Volumes section and then select Connect.

The Connect Volumes to Host dialog will open. Select the checkbox next to the iSCSI-TestVolume (or whatever volume name was created), then click Connect.

Now the new host, Server01, is connected to the new volume,
iSCSI-TestVolume, with the host port IQN set to iqn.1991-05.microsoft:server01.

Configure MSiSCSI (Part 2 of 2)

In
this section the configuration of MSiSCSI will be continued using the iSCSI Initiator tool. 

Open Server Manager. Click Tools and select iSCSI Initiator to open the iSCSI Initiator Properties dialog.Click on the Discover Portal… button which will display the Discover Target Portals dialog.

These are
the iSCSI Services that were configured in the Setup iSCSI on the FlashArray topic. These need to be in place before proceeding. 

4. Enter the IP Address or DNS name for the target ports on the Pure Storage FlashArray. Leave the Port default set to
3260.

Repeat Step 4 for each iSCSI service you have configured on the FlashArray. In this example there are four iSCSI services set up on the FlashArray.

5. Once all of the Target Ports have been configured the Discovery tab Target
portals
 list should look like the below example. This could differ based on the number of iSCSI initiators that are in the FlashArray.

6. Click on the Targets tab select the newly Discovered target and click the Connect button.
This will establish a connection to the Pure Storage FlashArray iSCSI services. 

Before connecting the Status will show as Inactive.

After connecting the Status will
show as Connected.

If a FlashArray volume has not been connected to the host where the iSCSI Initiator Service is being set up you will see the error, Authorization Failure. 

This is the same FlashArray iSCSI Qualified Name (IQN) that can be seen from the FlashArray management interface.

7. Select the newly connected Discovered target and click the Properties… button to add sessions to the connection.

8. The Properties dialog will open. Click Add
session
, this will open up the Connect to Target dialog.

Best Practice: For best performance out of a single host, eight (8) iSCSI sessions are recommended. A session is normally created for every target port where a host is connected. If the host is connected to less than eight (8) paths, additional sessions can be configured going to the same target ports.

9. Click Enable multi-path then click Advanced… button.

10. In the Advanced Settings dialog select the Microsoft
iSCSI Initiator
from the Local adapter dropdown. Select the appropriate IP Address from the Initiator IP dropdown. Select the Target portal IP from the dropdown that will map to the Initiator IP. 

Repeat Step 9 for all of the Initiator IPs and map to their appropriate Target portal IP.

11. After completing the setup of the Initiator IPs and Target Portal IPs, click the Favorite Targets tab and all of the configured paths should be visible. 

12. Open up the FlashArray Management interface, click the System tab, click Connections, click Host Connections, and select the host that was just configured. The Host
Port Connectivity 
should show Redundant connections. 

If the deployed switches in the fabric tư vấn changing the Maximum Transmission Unit (MTU) from 1500 to 9000 (referred to as Jumbo Frames), this can be
accomplished using the FlashArray Management GUI, or by running the Windows PowerShell cmdlets from the Pure Storage PowerShell SDK. 

Using the FlashArray Management GUI

Click on Settings on the left menu.Click on Network on the top menu.Find the iSCSI Network interfaces and click on the Edit icon located the end of the row.Change the
MTU size and click on Apply.

Using the PowerShell SDK

PS >$FlashArray = New-PfaArray -EndPoint 10.21.201.57 -Credentials (Get-Credential) -IgnoreCertificateError
PS >Get-PfaNetworkInterfaces -Array $FlashArray | Format-Table -AutoSize
PS > Get-PfaNetworkInterfaces -Array $FlashArray | Format-Table -AutoSize
subnet name enabled mtu services netmask slaves address hwaddr speed
—— —- ——- — ——– ——- —— ——- —— —–
ct0.eth0 True 1500 management 255.255.255.0 10.21.201.55 24:a9:37:00:38:8f 1000000000
ct0.eth2 False 1500 management 64 2620:125:9004:2022::200 24:a9:37:00:38:8e 1000000000
ct0.eth3 False 1500 management 24:a9:37:00:38:91 10000000000
ct0.eth6 True 9000 iscsi 255.255.255.0 10.21.201.59 90:e2:ba:4d:75:51 10000000000
ct0.eth7 True 9000 iscsi 255.255.255.0 10.21.201.61 90:e2:ba:4d:75:50 10000000000
ct1.eth0 True 1500 management 255.255.255.0 10.21.201.56 24:a9:37:00:39:07 1000000000
ct1.eth2 False 1500 management 64 2620:125:9004:2022::201 24:a9:37:00:39:06 1000000000
ct1.eth3 False 1500 management 24:a9:37:00:39:09 10000000000
ct1.eth6 True 9000 iscsi 255.255.255.0 10.21.201.60 90:e2:ba:53:ba:19 10000000000
ct1.eth7 True 9000 iscsi 255.255.255.0 10.21.201.62 90:e2:ba:53:ba:18 10000000000
replbond True 1500 replication 255.255.255.0 ct1.eth2, ct0.eth2 10.21.201.58 92:76:9c:80:b9:77 0
vir0 True 1500 management 255.255.255.0 10.21.201.57 8e:85:63:ff:fd:dd 1000000000
vir1 False 1500 management 64 2620:125:9004:2022::202 ce:f6:e1:ed:26:ec 1000000000
PS >Set-PfaInterfaceMtu -Array $FlashArray -Name ‘ct0.eth6’ -Mtu 9000
PS >Set-PfaInterfaceMtu -Array $FlashArray -Name ‘ct0.eth7’ -Mtu 9000
PS >Set-PfaInterfaceMtu -Array $FlashArray -Name ‘ct1.eth6’ -Mtu 9000
PS >Set-PfaInterfaceMtu -Array $FlashArray -Name ‘ct1.eth6’ -Mtu 9000

Using CHAP with iSCSI

When using the Challenge Handshake Authentication Protocol (CHAP) with an iSCSI target, it can be a connection that is bi-directional (or
“mutual”), which means that the initiator and target both do authentication. Alternatively, it can be a one-way connection which has only the target authenticating to the initiator.

For more information on using CHAP with FlashArray, please see this article.
For more general information on Windows Server iSCSI, please refer to this
Microsoft documentation.

Configure CHAP on the Windows host:

For Windows Server 2008 R2:

Administrative Tools > iSCSI Initiator > Discovery > Advanced Enter inbound values when adding a target portal. If using a bi-directional (mutual) connection, use the General > Secret area in the iSCSI Initiator Properties dialog to specify a value.

For Windows Server 2012 and later:

Server
Manager
 > Dashboard > Tools > iSCSI Initiator > Targets > Discovery > Advanced Enter inbound values when adding a target portal. If using a bi-directional (mutual) connection, use the Configuration > CHAP area in the iSCSI Initiator Properties
dialog to specify a value.

As a best practice, you should not use a password for CHAP authentication that has hexadecimal characters.

Configure CHAP using PowerShell

Create a iSCSI connection to a target with one-way authentication.

Connect-IscsiTarget -NodeAddress iqn.1991-05.microsoft:rx-7-iscsitarget01-target -AuthenticationType ONEWAYCHAP -ChapUsername “username” -ChapSecret “123456789012345” -IsPersistent $True

Create a iSCSI connection to a target with bi-directional
(mutual) authentication.

Connect-IscsiTarget -NodeAddress iqn.1991-05.microsoft:rx-7-iscsitarget01-target -AuthenticationType MUTUALCHAP -ChapUsername “username” -ChapSecret “123456789012345” -IsPersistent $True

Optimizing Latency on Windows Hosts

The Windows operating system incorporates a setting for TCPIP called the Delayed Acknowledgement feature. By changing the default settings, you could possibly reduce the amount of overall network latency
when using iSCSI connections. This is a recommended practice, however, the setting changes should be tested in your environment before altering a critical production system. 

Please refer to this iSCSI Best
Practices article for settings and scripts to assist you with creating or changing these settings.

Configuring Volumes with Windows Server

Refer to the below article for configuring volumes with Windows Server.

    Working with Volumes on a Windows Server Host

Test Connectivity

To test the connectivity from the host to the FlashArray, you can use DISKSPD for a basic plumbing test. DISKSPD is a storage load generator/performance test tool from the Microsoft Windows,
Windows Server, and Cloud Server Infrastructure Engineering teams.

DISKSPD is not recommended for performance testing. The use case mentioned here is to simply test the connectivity to the FlashArray.

Running diskspd with the below example command line will generate I/O to evaluate connectivity. The  in the command line should be the drive letter of the newly connected volume. To learn how to set up a drive letter for a newly connected
volume see Working with Volumes on a Windows Server Host.

.Diskspd.exe -b8K -d3600 -h -L -o16 -t16 -r -w30 -c400M :io.dat

The results of the plumbing test should generate similar output as below.

The host can also be monitored using the Purity CLI with the below command. 

[email protected]:~# purehost monitor –balance
Name Time Initiator WWN Initiator IQN Target Target WWN Failover I/O Count I/O Relative to Max
Server01 2022-06-07 09:30:06 PDT – iqn.1991-05.microsoft:server01 (primary) – – 500187 99%
iqn.1991-05.microsoft:server01 (secondary) – 506741 100%

What name format is used to specify the iSCSI targets that are permitted to connect to an iSCSI initiator?

IQN: You can specify the IQN of the machine that has an iSCSI initiator. IQN is a qualified name of the iSCSI. The format of the IQN is “. .

What is the underlying network protocol used by iSCSI storage network?

The SNIA dictionary defines Internet Small Computer Systems Interface (iSCSI) as a transport protocol that provides for the SCSI protocol to be carried over a TCP-based IP network, standardized by the Internet Engineering Task Force and described in RFC 3720.

What protocol can be used in Windows Server 2022 to discover network based iSCSI devices?

4. What protocol can be used in Windows Server 2022 to discover network-based iSCSI devices? The iSNS protocol can be used in Windows Server 2022 to discover network-based iSCSI devices? 5.

How does the iSCSI target server make storage available to iSCSI initiators?

How iSCSI works. ISCSI works by transporting block-level data between an iSCSI initiator on a server and an iSCSI target on a storage device. The iSCSI protocol encapsulates SCSI commands and assembles the data in packets for the TCP/IP layer. Packets are sent over the network using a point-to-point connection.
Tải thêm tài liệu liên quan đến nội dung bài viết Which of the following methods can be used to restrict which servers can connect to an iscsi target?

Cryto
Eth

4166

Clip Which of the following methods can be used to restrict which servers can connect to an iscsi target? ?

Bạn vừa Read Post Với Một số hướng dẫn một cách rõ ràng hơn về Review Which of the following methods can be used to restrict which servers can connect to an iscsi target? tiên tiến và phát triển nhất

Share Link Tải Which of the following methods can be used to restrict which servers can connect to an iscsi target? miễn phí

Người Hùng đang tìm một số trong những Share Link Cập nhật Which of the following methods can be used to restrict which servers can connect to an iscsi target? Free.

Thảo Luận vướng mắc về Which of the following methods can be used to restrict which servers can connect to an iscsi target?

Nếu sau khi đọc nội dung bài viết Which of the following methods can be used to restrict which servers can connect to an iscsi target? vẫn chưa hiểu thì hoàn toàn có thể lại phản hồi ở cuối bài để Mình lý giải và hướng dẫn lại nha
#methods #restrict #servers #connect #iscsi #target