What you need to build an iSCSI SAN

Here are some tips on what to look for in iSCSI target devices, including disk arrays, bridges, and tape libraries.

By Michael Maxey

Building an iSCSI SAN has been billed as a simple task that leverages in-house networking knowledge and standard IP infrastructure. All that is required is an initiator and a target. Put the two together and you're finished managing storage on individual servers. In the end, this is true. However, when it comes to selecting the components of an iSCSI SAN, things can get confusing. There are a variety of vendors and products, each with varying levels of functionality. Understanding the differences and choosing the appropriate solution for your enterprise can be a daunting task. This article breaks down the components of an iSCSI SAN to provide a higher level of understanding of the associated functionality.

In its simplest form, building an iSCSI SAN requires implementing an initiator and a target. Initiators are installed on host servers and can be software- or hardware-based. Software initiators can use any standard network interface card (NIC) and leverage the host CPU for TCP/IP processing.

Hardware initiators offload some or all of the TCP/IP processing, freeing up host CPUs to run applications. Hardware initiators can also perform advanced functions, including data multi-pathing or remote server boot. In the past this publication has presented several articles covering iSCSI initiators, so this article focuses on the target side of the equation.

iSCSI targets fall into three categories: disk arrays, bridges, and tape libraries. iSCSI disk arrays and bridges provide similar functionality, but are implemented differently. iSCSI arrays are an all-in-one system with iSCSI SAN functionality and disks included. Bridges do not include disks. Instead, they rely on external SCSI or Fibre Channel storage.

When you're choosing an array or bridge there are five feature categories to consider: high availability, performance, data services, security, and management.

High-availability features are designed to keep the SAN functioning when a failure occurs. Although the focus of this article is the overall SAN, it is important that the individual devices provide redundant hardware and appropriate RAID levels to safeguard your data. There are many high-availability features to examine when implementing multiple modules. For example, can the targets be clustered to provide maximum bandwidth and availability? If not, can an extra module be purchased to provide a fail-over scenario? If your hosts are clustered, be certain that the iSCSI target will support shared data access. It is also important to consider the availability of the SAN database. Much like conventional databases, iSCSI SANs require pointers or indexes to locate the data blocks. If the primary module fails, is the database still available?

Performance features ensure fast access to data. In some instances, a single server can utilize multiple IP connections to an iSCSI target. This aggregation of bandwidth is called multi-pathing and requires the use of a hardware initiator. When multiple servers frequently access data that is kept on a single array, hosts may contend for system resources. Spreading this data across multiple modules (load balancing) will free up resources and increase performance by providing separate paths for each application.

Data services features enable disaster recovery and simplify backup. To protect mission-critical data, an iSCSI system should be able to create a synchronous copy on additional iSCSI targets. Beyond real-time replication, the ability to perform asynchronous copies of data across a WAN connection provides off-site disaster recovery. The addition of point-in-time copies or snapshots simplifies backup by allowing continuous access to the source volume while an archive is created from the copy. For bridge devices, data migration between different classes of attached storage enables better resource allocation and data life-cycle management.

Security features should not be overlooked. It is well-known that IP is more susceptible than Fibre Channel to security failures. Tools for IP hacking are prevalent and mature. It is recommended that IP SANs be created on separate networks to help combat this vulnerability. Beyond separate networks, the iSCSI target should implement Access Control Lists (ACLs) to manage iSCSI login authentication. Data encryption and checking the security of the management interface or Web GUI are also important.

Management features should be examined. IT staff costs are important to consider when you are choosing a solution. As your SAN scales up to multiple targets, will they be managed as a single entity? Look at the virtualization options. Will all the targets provide storage to a single universal pool that can be divided among the SAN hosts? How do you scale the SAN when new targets are added? Will the solution integrate into the overall management framework via SNMP or agents?

The final category of iSCSI targets is tape libraries. These devices provide multiple servers with IP access to a shared library. When evaluating these products it is important to understand the number of hosts that are supported. This can be determined by looking at the number of initiators per port. Each initiator represents a single host.

Library partitioning is another interesting feature. The ability to devote a portion of the library to iSCSI connections enables administrator flexibility when configuring backup. To help increase performance, drive spanning or data streaming spreads the data flow across multiple tape drives. Similar to multi-pathing, this feature will increase performance and shorten the overall backup window. Also, be sure to verify that the iSCSI tape library supports the backup application in use at your facility.

The iSCSI standard provides SAN protocols that can deliver cost savings and easy management. Today, vendors of these products have begun to deliver on that mission. By carefully evaluating the various options ands functions, you should be able to choose the appropriate solution and make these savings a reality for your enterprise.

Michael Maxey was formerly a senior storage analyst at Progressive Strategies, an independent market research and consulting firm. He is now a product marketing manager at McData. The article was written when he was with Progressive Strategies.

Representative iSCSI vendors

iSCSI bridges/routers/switches (hardware only)

  • ATTO Technology
  • Cisco
  • Crossroads
  • McData
  • StoneFly Networks
iSCSI disk arrays
  • Adaptec
  • American Megatrends Inc. (AMI)
  • Dell (EMC OEM)
  • EMC
  • EqualLogic
  • Intransa
  • LeftHand Networks
  • Network Appliance
  • Nimbus Data Systems
  • Overland Storage
  • Promise Technology
  • Snap Appliance (recently acquired by Adaptec)
iSCSI tape libraries
  • ADIC
  • Overland Storage
  • Spectra Logic
  • Adaptec
  • Alacritech
  • Intel
  • QLogic

This article was originally published on September 01, 2004