Lesson 2 - Working with Configuring iSCSI
Video Activity
Lesson 2. Working with Configuring iSCSI This lesson discusses configuring in iSCSI. iSCSI has a number of components: iSCSI target Storage Processors Host Bust Adaptors iSCSI can be configured with hardware or software initiators and there are advantages and disadvantages to each, they also range in how much they cost to budget friendly to very ex...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
Lesson 2. Working with Configuring iSCSI This lesson discusses configuring in iSCSI. iSCSI has a number of components:
-
iSCSI target
-
Storage Processors
-
Host Bust Adaptors
iSCSI can be configured with hardware or software initiators and there are advantages and disadvantages to each, they also range in how much they cost to budget friendly to very expensive and high performing. Finally, this lesson touches briefly upon multi-pathing with iSCSI.
Video Transcription
00:04
Hello, This is Jean Pompey Leo.
00:06
Welcome to Cyber Eri
00:07
or in the virtual ization installation configuration of management class
00:12
Model Six Lessons, too.
00:14
This last time we were working with configuring I scuzzy.
00:18
So we'll start with describing how I'd be stored. Works.
00:22
We'll go through the different components of I p scuzzy address ing
00:26
and we'll look at the nice cosy initiators,
00:31
so I'd be storage in general is very flexible, as I was starting to talk about in the last module
00:37
because you can use your existing
00:39
D c p I p network
00:41
throughout the traffic through ah, redundant infrastructure. You might have
00:46
fail over switches fail over routers, and this gives a lot of flexibility for where those storage actually physically is located.
00:53
And it gives you the ability to absorb,
00:56
um,
00:57
a different outages. So you don't have single point of failure if you lose a switch or if you lose it network adapter.
01:03
That's one really big advantage versus direct attacks, storage or even fibre channel, where you've got dedicated fiber optic cables going between your storage processor and the host.
01:19
All right, so starting off with some of the components here,
01:23
what we see is
01:25
green box represents the ice cause you target.
01:27
So if you're working with your storage administrator, they would give you this information.
01:32
Or if you do a scan of your adaptors on your host, you would pop up some targets and some, uh, Luns.
01:40
So we've got our physical discs within the target that are mapped to the logical unit numbers.
01:47
This mapping is is arbitrary. It could be a 1 to 1 mapping of physical destro a lung, or you might have a bank of
01:56
perhaps 16 disks that maps to three Luns.
01:59
It just depends on how the storage administrator wants to subdivide the total amount of storage.
02:06
Then we have storage processors
02:07
that are connected to your I. P network
02:12
storage processor is basically a specialized network adapter
02:15
that is optimized for storage commands and has its own built in buffering and so on.
02:24
Since the traffic goals through your I P. Net, where we got multiple physical paths
02:30
to work with
02:30
and then with on the beach of individual host, we have our host busted afters
02:37
HBs,
02:38
and then we'll get a different name. H P A 32 34 just depends on what kind of hardware you have and what?
02:45
Yes, yes, X. I hope software does decide your host plus adapter number should be.
02:53
We can also have different types of adapters.
02:57
This could be hardware or software,
02:59
and there we'll talk about some of the advantages and disadvantages of each of those
03:06
a little bit more detail on
03:09
the components here
03:10
Storage processor
03:14
storage processor has a naming convention. Either it's like U N or you, I prefix, depending on what kind of hardware you have, of course,
03:23
and we'll get some kind of information, you know, a date in a month
03:28
and perhaps a bit of your domain name
03:30
and a colon, and then the name
03:32
that you're choosing for the alias, followed by some other hex type characters.
03:38
And this gets generated wing. The
03:40
the target gets connected
03:43
to your system. When you do a scan of your adaptors and you see targets,
03:47
whatever the Target's configured with will pop up as your ice cosy Target name. It could be in this you lie for Metas. Well, it depends on whose hardware you're using.
03:59
There's also a nice, cosy alias, which we see as part of the ice cosy target name, so you can find that information in two different to different areas.
04:06
And then, of course, there's not P address associated with.
04:11
That's a nice cosy target for the labs that will be doing. This is the actual I P address. You'll see it's 100 to 1 68 1 68 dot too.
04:18
That's the address of the NASDAQ vice, which is used for NFS mounts.
04:24
Ah, and for ice cosy,
04:26
huh?
04:27
Luns,
04:30
the initiator
04:31
that's on your host. Whether it's hard, we're also or Software has its own naming convention, very similar to what we saw for the ice, because the target name
04:41
we've got like U N some information here your domain name, perhaps, and then your alias,
04:47
which, of course, becomes your ice Qazi alias. Whether it's software or hardware initiator
04:54
and another I P address might be defined here,
04:58
you'll notice we've got a DOD three and adopt to the particular sand that's being used has, ah
05:04
to interfaces
05:05
so I can assign an address to each one and take advantage of that multi path incapability.
05:13
As far as the eye scans the initiator, I have different types.
05:16
We start with software, which is already
05:20
included in the functionality of your VM Colonel Port For your bm colonel hyper visor,
05:26
you don't have to buy any additional hardware
05:28
I can use. The standard interface is that the host already has
05:32
all the ice cozy. Traffic
05:34
just goes through the existing network card in the network that's already in place.
05:40
So this is a great option if you don't have the money or the capability to add a hardware ice cosy Initiator,
05:47
uh, you can have a dependent hardware initiator.
05:51
So this is,
05:54
uh, something that does have an added expense and does take up some of the capacity of your host toe add adapter cards.
06:00
In this case,
06:02
the relies upon VM where to do it's networking. So we need to define of'em Colonel Port,
06:09
and we also have to use the configuration management interface is from Vienna, where
06:15
to configuration to configure the dependent hardware adapter.
06:20
If you have an independent ice cozy hard word after
06:24
this is the most expensive option but also have the highest performance. This is a dedicated hardware device
06:31
that will handle all of the processing requirements
06:34
four ice cosy traffic
06:38
and, according to best practices you would want to try Thio.
06:43
Well, for one thing, you want to use a separate
06:45
interface for your ice kind of traffic to begin with.
06:47
If you could use an independent hardware or dependent hard winter face, that's even better. Because now all of the traffic goes through a dedicated piece of hardware that doesn't interfere with the the other network interface cards on the system that are used for things like the motion traffic or mangement network or just regular user,
07:08
uh, client server type traffic.
07:13
So I mentioned
07:14
the guy scares the initiators. Some of the things that we need to think about when we're configuring this and we'll see this in the upcoming lab
07:21
is first. You have to configure the VM Colonel Port.
07:25
You have to designate a port on your switch. Four. I, Scotty traffic. Same same thing we have to do for fault, tolerance, traffic or for high availability traffic.
07:33
You can actually do all three of those capabilities through one VM Colonel Port.
07:38
That is possible, although it's not recommended for performance and redundancy reasons,
07:44
and I have to enable the adapter
07:46
configure the name and when you do that in the lab. You'll you'll pop up with a name there were similar to this,
07:53
and your host name will end up being part of the alias with some other information. And when you see in the lab, you have to actually removal of evidence of that information in order to get the host to connect properly.
08:05
It's just a quirk of the way that the configuration of the ice cosy adapter happens.
08:11
Then you configure your adapter properties,
08:13
and what we see here is a static discovery or dynamic discovery.
08:18
Static discovery means that I know what my I P addresses. You know this case 0.2 or 0.3,
08:24
and I can enter that into the field for the configuration of the adapter.
08:30
And when I, um
08:33
when I do that, the adaptor will go
08:35
and try to contact
08:37
the ice, goes the target on the address that I give it.
08:41
And that's that's based on the fact that I know the address and I can tell it what which one to use
08:48
if I use dynamic discovery on the other hand. Now the adaptor will just send requests
08:54
two to the network to look for I Scott, your targets to see which targets respond
09:00
and the targets that respond
09:01
well, very depending on the zoning and the masking of those targets when they were
09:07
built by the storage administrator.
09:09
So for our purposes, using a static discovery is is just fine. We know the I P address.
09:16
We're not doing anything dynamic, so we could just access that directly.
09:20
And then you can also pick the port binding
09:24
so standard port
09:26
four ice because the traffic is TCP 30 to 60.
09:30
But you can pick a different port if there's a conflict in your environment of that ports already in use, for instance, by another application.
09:37
And then the last thing we have to think about when configuring our ice cosy adapter is the security profile.
09:43
So be aware supports Chap, which is a challenge handshake, authentication protocol
09:50
and chap is very flexible.
09:52
You can have a several different ways of using chap. You can do
09:56
a host to
10:00
to target authentication,
10:01
where you use a
10:03
basically some credentials, a password, the user name and password.
10:07
Um, I'm sorry, just a password, or I can have the target authenticate to the host
10:15
and also using a pre pre determined password. Or you could do mutual authentication where both sides authenticate each other,
10:22
and these air security features that are very useful because you don't want,
10:26
in general,
10:28
any host to be able to connect to your eyes. Close your target without any kind of of
10:33
authentication being done.
10:35
That would mean that a rogue host on your network could potentially connect to your storage and be able to access file that that that host is not authorized to access.
10:43
That's my chapters involved
10:46
or or available, I should say, as an option, to give you the ability to authenticate both directions or either direction, depending on what your requirements are
10:56
for our lab. We're not going to use Chap
10:58
because the storage device that
11:00
that's available doesn't support that. So we'll just kind of talk about it here instead.
11:07
All right, and then last lead.
11:07
We have the concept of multi path thing.
11:11
So multi path thing is very useful. If I if I've got my my host connected to
11:18
the ice cosy storage and I've got multiple storage processors, multiple paths to get to that storage,
11:26
I can designate one is a fail over for the other
11:30
that way.
11:31
If if I've got a problem in the network
11:33
and one of these connections goes away,
11:35
the remaining connection can then take all the traffic.
11:39
This also gives you options for load balancing. You could do a round robin or other techniques to balance the traffic between those two storage processors
11:52
to get the most use of your hardware.
11:54
In any case,
11:56
the traffic ALS over your TCP network
12:00
so I can have independent hardware ice cosy adapters, as you see here. Or I can have
12:05
some software or or ah
12:09
dependent hardware adaptors by going
12:11
through the nick
12:13
on my host
12:15
through one of'em Colonel ports to the actual host itself.
12:20
All right, so to review, we talked about
12:22
some of the configuration options for ice kaze was we see over there.
12:26
How would you look at the different components that are involved?
12:31
We also looked at the naming conventions
12:33
for the different components and what those look like when you're actually using the ice causing adapter.
12:39
And then we learned a little bit about the different types of initiators.
12:43
These basically go from lowest performance to medium performance to highest performance and, of course, no cost some costs and higher costs if you want to drink them that way.
12:54
Okay, that concludes. Lesson number two for module six. Thank you.
Up Next
Similar Content
