One of the cornerstones of modern infrastructure is storage. There are multiple ways you can configure storage for your infrastructure, one of which is using an iSCSI protocol. iSCSI is widely used in virtualization environments, in all business’ sizes and any use cases. In this article we’ll review what iSCSI is, its strengths and weaknesses.
What is iSCSI?
Internet Small Computer System Interface Protocol (iSCSI) – is a protocol that allows SCSI commands to be transmitted over TCP, enabling remote storage to be connected to servers as if it was local disks. Storage that is accessed using iSCSI protocol is presented to a system as block device (the same way, how OS sees physical storage that is attached directly to hardware via SATA/SAS or NVMe). An iSCSI protocol allows businesses to connect external storage from NAS, SAN and any other storage server to a virtualized/application server making this storage available for VMs or any applications businesses may have.
How does iSCSI Work?
iSCSI encapsulates the SCSI commands (write/read/status, etc.) and assembles block-level data in packets (Protocol Data Unit), breaking PDUs into segments, attaching TCP and iSCSI headers to transfers it over TCP/IP layer, which are then used to provide communication and data transfer between storage devices. Block-level data is carried from the iSCSI initiator on the server to an iSCSI target on a storage device. On the receiving side, the iSCSI protocol will then separate the SCSI commands from TCP headers, and the operating system will treat the storage as a locally connected device. So, ultimately, applications on the server where iSCSI is connected will see and deal with the storage as if it is local SATA/SAS/NVMe device and everything else is handled by iSCSI Initiator and Target.
iSCSI Components: Initiator and Target
An iSCSI setup has two main components – the iSCSI initiator and the iSCSI target that communicate with each other to enable data transfer:
What is an iSCSI Initiator?
The iSCSI initiator is a software or hardware component on the client’s machine within the storage network. Software iSCSI initiators can be used with any Ethernet equipment to create the storage network and connect to multiple iSCSI targets via multiple paths in parallel and all TCP/IP calculations related to iSCSI are done on the host CPU. Hardware iSCSI Initiator is often named iSCSI Host Bus Adapter (HBA). It is a dedicated hardware piece specifically used for iSCSI connection, and all iSCSI-related calculations are done on this dedicated HBA. The software iSCSI Initiator is more widely used and embedded in most modern Operating Systems.
What is an iSCSI Target?
The iSCSI target is a service that runs on the server and provides access to its storage resources. iSCSI targets allow exposing local storage as SCSI Logical Unit Number (LUNs) to connected iSCSI initiators. The iSCSI target server supports multiple parallel connections from multiple initiators, meaning that a single storage server can provide storage to multiple connected clients.
iSCSI Performance
The performance of an iSCSI system depends on lots of different factors, including the speed of the network, the configuration of the storage array, and the workload characteristics. In most cases, iSCSI offers decent performance, especially when implemented over high-speed and low-latency network (additionally, iSCSI Extension for RDMA (iSER) can be used on RDMA-enabled high-performance fabrics to further increase performance).
To get the most out of your setup, 10 GbE or faster equipment should be used as the base configuration, especially if you want to compete with the speeds of Fibre Channel storage networks.
Another way to improve the performance of iSCSI is through multipathing. Multipathing is a process that enables iSCSI storage traffic to run over multiple paths between the initiator and targets. This feature enhances performance, allows load balancing, and makes accessing the storage more efficient because total bandwidth can be distributed among multiple paths to balance the workload.
Jumbo frames is another important Ethernet protocol setting that permits iSCSI storage systems to transfer larger amounts of data per single Ethernet frame, which improves performance.
Another thing to keep in mind is that iSCSI is TCP/IP-based, meaning that storage operations are CPU intensive. The more frequency initiator CPU has, the more performance can be achieved. Alternatively, iSCSI HBA can be used to offload iSCSI TCP operations to a dedicated card. However, modern CPU and Network adapters basically made iSCSI HBA mostly irrelevant and outside of the mainstream.
If we compare iSCSI and FCP (Fibre Channel Protocol), FCP usually consumes much less compute resources (because main storage operations are offloaded to FC HBA and FCP is not CPU-intensive TCP/IP based) and usually delivers better performance.
Benefits of Using iSCSI and iSCSI Storage
Implementing iSCSI storage solutions offers several benefits to companies, including:
Cost-Effectiveness: iSCSI operates over standard Ethernet and does not need complex, expensive cards and switches, and existing ethernet infrastructure can be used.
Flexibility and Scalability: Admins can expand the storage to meet the needs of the business. This makes it a scalable option for companies of various sizes.
iSCSI is especially beneficial for small and medium businesses, Enterprise ROBO and Edge who are looking for decent performance with less investment in the hardware.
iSCSI vs Fibre Channel
While both iSCSI and Fibre Channel (or FC) allow connecting and facilitate block-level storage, they were not designed to resolve the same goals, nor are they fierce competitors in all scenarios. Historically, FC emerged and was largely used in large converged (dedicated) storage environments (SANs) while iSCSI is ideal for small environments and HCI, where cost-effectiveness and flexibility are the major factors. Here is comparison between those protocols:
| Feature | iSCSI | Fibre Channel |
|---|---|---|
| Topology | Leveraging existing TCP network | Dedicated Fibre Channel fabric |
| Cost | Low to Moderate | Moderate to High |
| Distance | Can be configured for long-distance between target and initiator. | Can be configured for long distances but would require additional equipment. |
| Performance | Low to Moderate | High |
| Well suited for high input / output apps | Can be used for intensive workload, may require more CPU resources and will depend on network configuration | Designed for High performance applications |
| Labor-intensive and complex to deploy | Low to Moderate | Moderate to High, usually requires special knowledge |
iSCSI vs. File Shares (NFS and CIFS/SMB)
While iSCSI and File Shares are not mutually exclusive technologies and can easily be implemented in parallel within infrastructure and even more file shares can be created on top of iSCSI target, some clustered environments allow to use NFS/SMB as shared storage. In this particular case, iSCSI and File Shares can be compared.
| Feature | File Shares | iSCSI |
|---|---|---|
| Data access level | File-level | Block-level |
| Overall performance | Low | Low to Moderate |
| Complexity of implementation | Low | Low to Moderate |
| Directly accessible by clients | Just enter the path of the shared folder, requires login and password for access. | The iSCSI software needs to be first configured and mapped as a device
|
| Ready for HA clusters | Supported by just a few server cluster technologies that support SMB/NFS storage as a shared volume | Support by almost all clustering technologies |
How to Implement iSCSI Storage
Implementing iSCSI storage involves several steps:
- Infrastructure Assessment- Evaluate the existing network infrastructure, understand storage requirements for your data. Design networking and storage according to your infrastructure needs.
- Selecting Suitable Hardware and Software – Based on requirements, choose appropriate hardware that can sustain desired performance. Choose software to use as iSCSI target: DataCore SANsymphony is a great feature-rich choice for Core IT infrastructure, delivering great performance for all needs. StarWind VSAN is a great simplistic Edge-oriented iSCSI HA storage and others.
- Configuration – Set up the iSCSI initiators and targets and configure the network settings to facilitate optimal performance.
- Testing – Conduct rigorous testing to ensure the setup meets the performance and reliability standards necessary for your operations.
What are iSCSI Limitations?
While iSCSI offers numerous benefits, it is not without limitations:
- Network Dependency: Because iSCSI is dependent on IP networks, the performance of this protocol can be affected by network congestion, latency, and outages.
- Security Concerns: If proper security protocols are not implemented, data transmitted over networks can be vulnerable to unauthorized access and cyber-attacks.
- Potential Complexity: Management can become challenging in complex setups, requiring specialized knowledge and skills. However, it is still less complicated than dealing with large enterprise SAN networks and the corresponding equipment.
What Are the Security Considerations for iSCSI?
As mentioned in the limitations section, there are security concerns which should be expanded since they can be addressed relatively easily:
- Network Isolation: It is recommended to put iSCSI on isolated networking (either direct or separate switch). If you have multiple iSCSI targets to be presented to different clusters/initiators, it is also recommended to separate them using VLANs.
- Authentication: iSCSI comes with special handshake protocol called CHAP. Can be configured only on target or be mutual between initiators and targets to ensure that only a person who knows secrets can connect to targets. Additionally, most iSCSI targets come with ACL (Access Right List) mechanisms that allow to configure iSCSI login based on the rights. Keep in mind that none of these are configured by default and will require you to configure them manually.
- Encryption: iSCSI doesn’t come with built-in encryption. Encryption can be configured on a network-level using IPSec or other tunnel technologies.
- Data integrity: while iSCSI is based on TCP to make sure that all sent packages are received, to ensure it even more, data digest and headers can be optionally enabled, and they must be supported by the target. While they serve data integrity, performance might be impacted.
Alternatives to iSCSI
Before settling on iSCSI, there are other storage solutions that you can check to know if they will suit your business needs:
- Fibre Channel: As discussed, a high-speed network solution for SANs and SDS. If you already have a working FC SAN setup that does its job, you may want to skip on implementing iSCSI SAN. However, if you are looking to update your existing FC storage configuration, consider checking out DataCore SANsymphony offering.
- NVMe-oF (NVMe/TCP and NVMe/RDMA): A relatively modern protocol which is rapidly developed and implemented in modern storage arrays and software-defined storage solutions. Designed to be a low latency and high-performance modern protocol, potentially replacing iSCSI in the future.
Conclusion
Data transfer has always been vital since the advent of computers. However, the amount, speed, and method of the transfer is what has been changing over the years. Choosing the right storage system is crucial for the efficient operation of any business in this data-driven world. As we have seen above, iSCSI presents a cost-effective, scalable, and flexible storage solution, leveraging existing IP networks to facilitate data storage and management. Even though it may have limitations, with proper implementation and management, iSCSI can serve as a vital tool in your company’s data management arsenal, fostering growth and innovation in your business ventures.
