Using the vSAN iSCSI Target Service is an article that explains how to enable and configure the vSAN iSCSI Target Service.
We will show in a basic way how to enable and configure this service. Before starting, I want to share some official links about this service:
https://core.vmware.com/resource/vsan-iscsi-target-usage-guide
About the vSAN iSCSI Target Service
With this service, a remote host with an iSCSI Initiator can transport block-level data to an iSCSI Target in the vSAN cluster. In this context:
- iSCSI Initiator = iSCSI client device
- iSCSI Target = iSCSI server device that provides a lot of shares for the iSCSI Initiator devices
In a vSAN cluster, we can enable this feature and configure one or more vSAN Targets to provide block storage to legacy servers, physical servers, or virtual machines running in the vSAN cluster.
Before enabling this feature, the vSAN cluster needs to be configured. After that, you can go and enable the vSAN iSCSI Target Service.
In the following figure, the “Legacy Server” can be an old server, a physical server, or a virtual machine. However, you cannot use a source hypervisor to map a LUN provided by the vSAN iSCSI Target Service:
vSAN iSCSI Target Service Networking
As we know, the iSCSI traffic uses the TCP/IP network. Based on this, we can create a dedicated VMkernel adapter to handle this traffic or use an existing VMkernel adapter (it is a good practice to use a dedicated VMkernel interface for that).
Each ESXi host in the vSAN cluster needs to have this VMKernel adapter. So, in this case, if you choose to use a dedicated adapter for this traffic, create this VMkernel adapter on all ESXi hosts in the cluster.
In the following figure, we have created the “vmk2” just to handle the iSCSI traffic:
Workflow to enable the vSAN iSCSI Target Service
The following workflow is used to enable and configure the vSAN iSCSI Target Service:
Enable the iSCSI Target Service
Select the vSAN Cluster –> Configure –> vSAN –> Services, under vSAN iSCSI Target Service click on Enable:
We will use the “vmk0” interface to handle the iSCSI traffic. In your case, select the desired VMkernel adaptor. Click on Enable:
After a few seconds, the service shows as enabled, as we can see in the following figure:
Create an iSCSI Target
The next step is to create the iSCSI Target. To do that, select the cluster –> Configure –> vSAN –> iSCSI Target Service, and click on ADD:
Type the “Alias” and click on Apply. In this example, the alias is “iSCSI-Target-Validation”:
After that, we can see the iSCSI Target:
In the above figure, we have several important details of the iSCSI Target:
- IQN: A unique iSCSI-qualified name (IQN) is the name of the iSCSI Target in the iSCSI infrastructure
- Alias: Friendly name to identify this iSCSI Target for the iSCSI Initiators
- LUNs: The number of LUNs associated with this iSCSI Target
- Network: Shows the VMKernel used by the iSCSI Target Service
- I/O Owner Host: Shows what ESXi host is responsible for handling all I/O to the iSCSI Target and consequently for all LUNs provided by this iSCSI Target
- TCP Port: 3260 is the default TCP/IP port for the iSCSI service
- Health: Shows if the configuration is health
- Storage Policy: Shows the vSAN Storage Policy that this iSCSI Target is using
- Compliance Status: Shows the compliance status, based on the Storage Policy
- Authentication: Shows if some authentication method is using
After creating the iSCSI Target, an object is created in the vSAN datastore to store its configuration. We can access the Virtual Objects and see its details, as we can see in the following figures:
The vSAN Default Storage Policy is applied to this object, as we can see its placement details in the following figure:
We also have a “home directory” object for the vSAN iSCSI Target Service configuration:
Add a LUN to an iSCSI Target
The Logical Unit of Storage (LUN) is a volume that will be shared and accessed as a block device.
We need to create a LUN inside the vSAN iSCSI Target. Access the vSAN iSCSI Target Service configuration and click on Add under the vSAN iSCSI LUNs:
Under the Add LUN to Target, we have a lot of options:
- ID: The numerical value to identify the LUN
- Alias: A friendly name to identify the LUN
- Storage Policy: What vSAN Storage Policy will be used for the LUN
- Size: The volume size
After typing all required fields, click on ADD:
Look that in the figure above the LUN state is “Online”.
Create an iSCSI Initiator Group
This is not a required step but you can create an iSCSI Initiator Group just to group clients and associate this group to a specific iSCSI Target.
Select the cluster –> Configure –> vSAN –> iSCSI Target Service –> Click on Initiator Groups –> ADD:
Type the group name and add all members by adding their initiator name. Click on CREATE:
Assign a Target to an iSCSI Initiator Group
To assign an iSCSI Target to an Initiator Group, click on ADD under the Accessible Targets:
Select the Target in the list and click on ADD:
Mapping the iSCSI Volume into an iSCSI Client
Now it’s time to validate our configuration. We will use the Windows OS to access the iSCSI volume. In this case, the Windows OS is running the iSCSI client software and will access the iSCSI target, requesting the volume to mount.
On the Windows, open the “iSCSI Initiator” software, go to the Discovery tab, and the Target portal:
Click on “Discovery Portal” and add the IP address of the I/O owner host (you can get this information under the iSCSI Target configuration):
Select the Inactive target and click on Connect:
Click on OK:
After that, the target status is “Connected”. It means that the connection has been created successfully between the iSCSI Client and the iSCSI Target:
Click on the “Volumes and Devices” tab and click on “Auto Configure”. After this action, the volume discovered by this target should appear here:
Open the Server Manager –> File and Storage Services –> Volumes –> Disks. Look that we can see the iSCSI disk:
Before using it, we need to bring it online:
Next, we need to create a volume (this step includes creating the NTFS file system, assigning a letter, and typing a label for this volume):
Here we are 🙂
Our volume was created and we can access it normally through the “F:” letter:
To Wrap This Up
The vSAN iSCSI Target Service is a great option to share storage with clients through the iSCSI protocol.
vSAN iSCSI LUN objects can appear as unassociated in vSAN storage reports because they are not mounted directly into a VM as a VMDK. vSAN iSCSI objects are mounted through a VM’s guest OS iSCSI initiator software.
Be aware that the vSAN iSCSI LUN object is not directly mounted into VMs and will be listed as unassociated. This designation does not mean that the vSAN iSCSI LUN object is unused or safe to be deleted!
Under vSAN Virtual Objects, we can expand the iSCSI Target object and see all created LUNs:
Selecting the LUN, we can see its component placement details:
Under the hood, each iSCSI LUN is a vmdk created into the vSAN datastore 🙂