In computing, iSCSI (for "Internet SCSI") is a protocol that allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers. It is a popular Storage Area Network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the illusion of locally-attached disks. Unlike Fibre Channel, which requires special-purpose cabling, iSCSI can be run over long distances using existing network infrastructure. Scuzzy redirects here. ... For other senses of this word, see protocol. ... In SCSI computer storage, commands are sent in a Command Descriptor Block (CDB). ... In computing, a storage area network (SAN) is an architecture to attach remote computer storage devices such as disk array controllers, tape libraries and CD arrays to servers in such a way that to the operating system the devices appear as locally attached devices. ... Fibre Channel is a gigabit-speed network technology primarily used for storage networking. ...

Functionality

iSCSI (pronounced /аɪskʌzi/) uses TCP/IP (typically TCP ports 860 and 3260). In essence, iSCSI simply allows two hosts to negotiate and then exchange SCSI commands using IP networks. By doing this, iSCSI takes a popular high-performance local storage bus and allows it to be run over wide-area networks, creating a storage area network (SAN). Unlike some SAN protocols, iSCSI requires no dedicated cabling; it can be run over existing switching and IP infrastructure. As a result, iSCSI is often seen as a low-cost alternative to Fibre Channel, which requires dedicated infrastructure. It has been suggested that this article or section be merged into Computer port (software). ... Scuzzy redirects here. ... In computing, a storage area network (SAN) is an architecture to attach remote computer storage devices such as disk array controllers, tape libraries and CD arrays to servers in such a way that to the operating system the devices appear as locally attached devices. ... Fibre Channel is a gigabit-speed network technology primarily used for storage networking. ...

Although iSCSI can be used to communicate with arbitrary types of SCSI devices, it is almost always used to allow server computers (such as database servers) to access disk volumes on storage arrays. iSCSI SANs often have one of two objectives:

Storage consolidation

Organizations move disparate storage resources from servers around their network to central locations, often in data centers; this allows storage to be allocated more efficiently. In a SAN environment, a server can be allocated a new disk volume without any change to hardware or cabling.

Disaster recovery

Organizations mirror storage resources from one data center to a remote data center, where it can serve as a hot standby in the event of a prolonged outage. In particular, iSCSI SANs allow entire disk arrays to be migrated across a WAN with minimal configuration changes, in effect making storage "routable" in the same manner as network traffic.

Storage Area Network (SAN)

In the context of computer storage, a SAN system allows a machine to use a network protocol to connect to remote storage resources such as disks and tape drives on an IP network for block level I/O. From the point of view of the class drivers and application software, the devices appear as locally attached devices. This article does not cite any references or sources. ... Typical hard drives of the mid-1990s. ... DDS tape drive. ... Block storage refers to the direct access to random disk blocks in computer disk storage. ...

A SAN device should not be confused with a network-attached storage (NAS) device, where computers access resources through a file-based interface rather than through a low-level device interface. A NAS server arbitrates access from multiple clients, thus allowing the arbitrary addition of consumers for its resources. With iSCSI, the burden of synchronizing access to shared resources generally belongs to the initiator (network client) rather than with the target (network server). Sharing low-level device interfaces is a requirement of computer clusters which use specialized cluster software to manage the use of shared resources. Network-attached storage (NAS) is a file-level data storage connected to a computer network providing data access to heterogeneous network clients. ... An example of a Computer cluster A computer cluster is a group of tightly coupled computers that work together closely so that in many respects they can be viewed as though they are a single computer. ...

Concepts

Initiator

Further information: SCSI initiator

An initiator is an iSCSI client. An initiator typically serves the same purpose to a computer as a SCSI bus adapter would, except that instead of physically cabling SCSI devices (like hard drives and tape changers), an iSCSI initiator sends SCSI commands over an IP network. An initiator falls into two broad types: In SCSI computer storage, an initiator is the host-side endpoint of a SCSI session. ...

Software initiator

A software initiator uses code to implement iSCSI. Typically, this is found in a kernel-resident device driver that uses the existing NIC and network stack to emulate SCSI devices for a computer by speaking the iSCSI protocol. Software initiators are available for most mainstream operating systems, and this type is the most common mode of deploying iSCSI on computers.

Hardware initiator

A hardware initiator uses dedicated hardware, typically in combination with software (firmware) running on that hardware, to implement iSCSI. A hardware initiator mitigates the overhead of iSCSI and TCP processing and Ethernet interrupts, and therefore may improve the performance of servers that use iSCSI.

A kernel connects the application software to the hardware of a computer. ... A Network Interface Controller (NIC) is a hardware interface that handles and allows a network capable device access to a computer network such as the internet. ... A protocol stack is a particular software implementation of a computer networking protocol suite. ... A microcontroller, like this PIC18F8720 is controlled by firmware stored inside on FLASH memory In computing, firmware is a computer program that is embedded in a hardware device, for example a microcontroller. ... The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ... In computing, an interrupt is an asynchronous signal from hardware or software indicating the need for attention. ...

Host Bus Adapter (HBA)

An iSCSI host bus adapter (more commonly, "HBA") is a product that implements a hardware initiator. A typical HBA is packaged as a combination of a Gigabit (or 10 Gigabit) Ethernet NIC, some kind of TCP/IP offload technology (TOE) and a SCSI bus adapter, which is how it appears to the operating system. In general terms, a Host Bus Adapter (HBA) is any adapter that allows a computer bus to attach to another bus or channel. ... A Network Interface Controller (NIC) is a hardware interface that handles and allows a network capable device access to a computer network such as the internet. ...

An iSCSI HBA can include PCI option ROM to allow booting from an iSCSI target. This article is about the computer bus type. ... An Option ROM typically consists of firmware that is called by the system BIOS. For example, an adapter card that controls a boot device might contain firmware that is used to connect the device to the system once the Option ROM is loaded. ... In computing, booting (booting up) is a bootstrapping process that starts operating systems when the user turns on a computer system. ...

TCP Offload Engine (TOE)

A TCP Offload Engine, or "TOE Card", is an alternative to a full iSCSI HBA. A TOE "offloads" the TCP/IP operations for this particular network interface from the host processor, freeing up CPU cycles for the main host applications. When a TOE is used rather than an HBA, the host processor still has to perform the processing of the iSCSI protocol layer itself, but the CPU overhead for that task is low.

iSCSI HBAs or TOEs are used when the additional performance enhancement justifies the additional expense of using an HBA for iSCSI, rather than using a Software-based iSCSI Client (initiator).

Target

Further information: SCSI target

A target is a storage resource located on an iSCSI server (more generally, a target is one of potentially many instances of iSCSI running on that server). An iSCSI target usually represents hard disk storage. As with initiators, software to provide an iSCSI target is available for most mainstream operating systems. Common deployment scenarios for an iSCSI target include: In SCSI computer storage, a target is the storage-device side endpoint of a SCSI session. ...

Storage array

In a data center or enterprise environment, an iSCSI target often resides in a large storage array, such as a NetApp filer or a EMC Corporation NS-series computer appliance. A storage array usually provides distinct iSCSI targets for numerous clients.^[1]

Software target

In a smaller or more specialized setting, an iSCSI target's functionality can be provided by a mainstream server operating system, like Linux or Windows Server 2003.

EMC Corporation (NYSE: EMC) is an American manufacturer of software and systems for information management and storage. ... Computer appliance are software devices that provide a narrow range of functions that are generally run on a hardware platform of their own. ... This article is about operating systems that use the Linux kernel. ... Windows Server 2003 is a server operating system produced by Microsoft. ...

Logical Unit Number (LUN)

Main article: Logical Unit Number

In SCSI terminology, a LUN is a logical unit number, and represents an individual SCSI device. In an iSCSI environment, LUNs are essentially numbered disk drives. An initiator negotiates with a target to establish connectivity to a LUN; the result is an iSCSI session that emulates a SCSI hard disk. Initiators treat iSCSI LUNs the same way as they would a raw SCSI or IDE hard drive; for instance, rather than mounting remote directories as would be done in NFS or CIFS environments, iSCSI systems format and directly manage filesystems on iSCSI LUNs. In computer storage, a logical unit number or LUN is an address for an individual disk drive and by extension, the disk device itself. ... Scuzzy redirects here. ... In computer storage, a logical unit number or LUN is an address for an individual disk drive and by extension, the disk device itself. ... مگه استاد نگفت این سایت بدرد سرچ نمی خوره؟ برید سراغ یه سایت دیگه . ح.محمدی Link titleNFS may mean: National Financial Switch, the interbank network in India National Fire Service, the Second World War fire service in the United Kingdom Need for Speed series, a series of racing computer games produced by Electronic Arts Network File System (Sun), a protocol for accessing and sharing file... Server message block (SMB) is a network protocol mainly applied to share files, printers, serial ports, and miscellaneous communications between nodes on a network. ...

In enterprise deployments, LUNs usually represent slices of large RAID disk arrays, often allocated one per client. iSCSI imposes no rules or restrictions on multiple computers sharing individual LUNs; shared access to a single underlying filesystem is instead left as a task for the operating system. For other uses, see Raid. ...

Addressing

Both iSCSI initiators and targets are referred to by special names. iSCSI provides three name formats:

iSCSI Qualified Name (IQN)

Format: iqn.yyyy-mm.{reversed domain name} (e.g. iqn.2001-04.com.acme:storage.tape.sys1.xyz)

Extended Unique Identifier (EUI)

Format: eui.{EUI-64 bit address} (e.g. eui.02004567A425678D)

T11 Network Address Authority (NAA)

Format: naa.{NAA 64 or 128 bit identifier} (e.g. naa.52004567BA64678D)

IQN addresses are the most common format. They are qualified by a date (yyyy-mm) because domain names can expire or be acquired by another entity.

EUI is provided by the IEEE Registration authority in accordance with EUI-64 standard. NAA is part OUI which is provided by the IEEE Registration Authority. NAA name formats were added to iSCSI in RFC 3980, to provide compatibility with naming conventions used in Fibre Channel and SAS storage technologies. Fibre Channel is a gigabit-speed network technology primarily used for storage networking. ... 2. ...

An iSCSI participant is usually defined by three or four fields:

1. Hostname or IP Address (e.g., "iscsi.example.com")
2. Port Number (e.g., 3260)
3. iSCSI Name (e.g., the IQN "iqn.2003-01.com.ibm:00.fcd0ab21.shark128")
4. An optional CHAP Secret (e.g., "secretsarefun")

iSNS

Main article: Internet Storage Name Service

iSCSI initiators can locate appropriate storage resources using the Internet Storage Name Service (iSNS) protocol. In theory, iSNS provides iSCSI SANs with the same management model as dedicated Fibre Channel SANs. In practice, many deployment goals for iSCSI can be met without iSNS. In computing, the proposed Internet Storage Name Service (iSNS) protocol allows automated discovery, management and configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network. ... In computing, the proposed Internet Storage Name Service (iSNS) protocol allows automated discovery, management and configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network. ... Fibre Channel is a gigabit-speed network technology primarily used for storage networking. ...

Security

Authentication

iSCSI initiators and targets prove their identity to each other using the CHAP protocol, which includes a mechanism to prevent cleartext passwords from appearing on the wire. By itself, the CHAP protocol is vulnerable to dictionary attacks, spoofing, or reflection attacks. If followed carefully, the rules for using CHAP within iSCSI prevent most of these attacks.^[2] In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user to an Internet access provider. ...

Additionally, as with all IP-based protocols, IPsec can be used at the network layer. The iSCSI negotiation protocol is designed to accommodate other authentication schemes, though interoperability issues limit their deployment. IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ...

The most common means of ensuring that only valid initiators connect to storage arrays is to run iSCSI only over logically-isolated backchannel networks. In this deployment architecture, only the management ports of storage arrays are exposed to the general-purpose internal network, and the iSCSI protocol itself is run over dedicated network segments or VLANs. This mitigates authentication concerns; unauthorized users aren't physically provisioned for iSCSI, and thus can't talk to storage arrays. However, it also creates a transitive trust problem, in that a single compromised host with an iSCSI disk can be used to attack storage resources for other hosts.

Authorization

Because the purpose of iSCSI is to consolidate storage for many servers into a single storage array, iSCSI deployments require strategies to prevent unrelated initiators from accessing storage resources. As a pathological example, a single enterprise storage array could hold data for servers variously regulated by Sarbanes-Oxley for corporate accounting, HIPAA for health benefits information, and PCI DSS for credit card processing. During an audit, storage systems must demonstrate controls to ensure that a server under one regime cannot access the storage assets of a server under another. Before the signing ceremony of the Sarbanes-Oxley Act, President George W. Bush meets with Senator Paul Sarbanes, Secretary of Labor Elaine Chao and other dignitaries in the Blue Room at the White House July 30, 2002. ... The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. ... // PCI DSS stands for Payment Card Industry (PCI) Data Security Standard (DSS). ...

Typically, iSCSI storage arrays explicitly map initiators to specific target LUNs; an initiator is authenticating not to the storage array, but to the specific storage asset they are using. However, because the target LUNs for SCSI commands are expressed both in the iSCSI negotiation protocol and in the underlying SCSI protocol, care must be taken to ensure that access control is provided consistently.

Confidentiality and integrity

For the most part, iSCSI is a cleartext protocol that provides no cryptographic protection for data in motion during SCSI transactions. As a result, an attacker who can listen in on iSCSI ethernet traffic can:

• Reconstruct and copy the files and filesystems being transferred on the wire

• Alter the contents of files by injecting fake iSCSI frames

• Corrupt filesystems being accessed by initiators, exposing servers to software flaws in poorly-tested filesystem code.

These problems are not unique to iSCSI, but rather apply to any IP-based SAN protocol without cryptographic security. Though IPSec is frequently cited as a solution to the IP SAN security problem, performance and compatibility concerns retard its deployment. It has been suggested that this article or section be merged with SAN. (Discuss) Look up san, -san in Wiktionary, the free dictionary. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ...

Industry support

Operating system support

i5/OS is an operating system used on IBMs line of System i (previously called AS/400) computers. ... VMware Inc. ... AIX (Advanced Interactive eXecutive) is a proprietary operating system developed by IBM based on UNIX System V. Before the product was ever marketed, the acronym AIX originally stood for Advanced IBM UNIX. AIX has pioneered numerous network operating system enhancements, introducing new innovations later adopted by Unix-like operating systems... Windows redirects here. ... NetWare is a network operating system developed by Novell, Inc. ... HP-UX (Hewlett Packard UniX) is Hewlett-Packards proprietary implementation of the Unix operating system, based on System V (initially System III). ... Solaris is a computer operating system developed by Sun Microsystems. ... This article is about operating systems that use the Linux kernel. ... iSCSI Extensions for RDMA (iSER) provides zero-copy message transfers for SCSI packets. ... NetBSD is a freely redistributable, open source version of the Unix-like BSD computer operating system. ... FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD) branch through the 386BSD and 4. ... OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative developed at the University of California, Berkeley. ... OpenVMS[1] (Open Virtual Memory System or just VMS) is the name of a high-end computer server operating system that runs on the VAX[2] and Alpha[3] family of computers developed by Digital Equipment Corporation of Maynard, Massachusetts (DIGITAL was then purchased by Compaq, and is now owned... Mac OS X is the latest version of the Mac OS operating system for Macintosh computers. ...

Targets

Most industry focus has been placed on creating iSCSI disk targets, though iSCSI tape and medium changer targets are popular as well. So far, physical devices have not featured native iSCSI interfaces on a component level. Instead, devices with SCSI Parallel Interface or Fibre Channel interfaces are bridged by using iSCSI target software, external bridges, or controllers internal to the device enclosure. SCSI stands for Small Computer System Interface, and is a standard interface for transferring data between devices on a computer bus. ... Fibre Channel is a gigabit-speed network technology primarily used for storage networking. ...

Alternatively, disk and tape targets can be virtualizations. Rather than representing an actual physical device, an emulated virtual device is presented. The underlying implementation can deviate drastically from the presented target as is done with Virtual Tape Library (VTL) solutions. VTLs use disk storage for storing data written to virtual tapes. As with actual physical devices, virtual targets are presented by using iSCSI target software, external bridges, or controllers internal to the device enclosure. Virtual Tape Library (VTL) is a data storage virtualization technology used typically for archival storage purposes. ...

In the security products industry, some manufacturers use an iSCSI RAID as a target, with the initiator being either an IP-enabled encoder or camera.

Converters and bridges

There are multiple systems which allow Fibre Channel, SCSI and SAS devices to be attached to an IP network for use via iSCSI. They can be used to allow migration from older storage technologies, access to SANs from remote servers and the linking of SANs over IP networks.

See also

• Fibre Channel over IP (FCIP)
• Fibre Channel over Ethernet (FCoE)
• Internet Fibre Channel Protocol (iFCP)
• Internet Storage Name Service (iSNS)
• Service Location Protocol
• ATA-over-Ethernet (AoE)
• HyperSCSI SCSI over Ethernet frames instead of IP (as iSCSI is)
• ISCSI Extensions for RDMA (iSER)

Fibre Channel over IP (FCIP or FC/IP, also known as Fibre Channel tunneling or storage tunneling), is an Internet Protocol (IP)-based storage networking technology developed by the Internet Engineering Task Force (IETF). ... Fibre Channel over Ethernet (FCoE) is a proposed mapping of Fibre Channel over selected full duplex IEEE 802. ... Internet Fibre Channel Protocol (iFCP) is a gateway-to-gateway protocol, which provides fibre channel fabric services to fibre channel devices over a TCP/IP network. ... In computing, the proposed Internet Storage Name Service (iSNS) protocol allows automated discovery, management and configuration of iSCSI and Fibre Channel devices (using iFCP gateways) on a TCP/IP network. ... The Service Location Protocol (SLP, srvloc) allows computers and other devices to find services in a local area network without prior configuration. ... ATA over Ethernet (AoE) is a network protocol developed by Coraid, Inc. ... In computer science, HyperSCSI is a network protocol for sending and receiving SCSI commands. ... iSCSI Extensions for RDMA (iSER) provides zero-copy message transfers for SCSI packets. ...

Reference

Year 2004 (MMIV) was a leap year starting on Thursday of the Gregorian calendar. ... is the 92nd day of the year (93rd in leap years) in the Gregorian calendar. ...

External links

RFCs

• RFC 3720 - Internet Small Computer Systems Interface (iSCSI)
• RFC 3721 - Internet Small Computer Systems Interface (iSCSI) Naming and Discovery
• RFC 3722 - String Profile for Internet Small Computer Systems Interface (iSCSI) Names
• RFC 3723 - Securing Block Storage Protocols over IP
• RFC 3347 - Small Computer Systems Interface protocol over the Internet (iSCSI) Requirements and Design Considerations
• RFC 3783 - Small Computer Systems Interface (SCSI) Command Ordering Considerations with iSCSI
• RFC 3980 - T11 Network Address Authority (NAA) Naming Format for iSCSI Node Names
• RFC 4018 - Finding Internet Small Computer Systems Interface (iSCSI) Targets and Name Servers by Using Service Location Protocol version 2 (SLPv2)
• RFC 4173 - Bootstrapping Clients using the Internet Small Computer System Interface (iSCSI) Protocol
• RFC 4544 - Definitions of Managed Objects for Internet Small Computer System Interface (iSCSI)
• RFC 4850 - Declarative Public Extension Key for Internet Small Computer Systems Interface (iSCSI) Node Architecture
• RFC 4939 - Definitions of Managed Objects for iSNS (Internet Storage Name Service)
• RFC 5048 - Internet Small Computer System Interface (iSCSI) Corrections and Clarifications
• RFC 5047 - DA: Datamover Architecture for the Internet Small Computer System Interface (iSCSI)
• RFC 5046 - Internet Small Computer System Interface (iSCSI) Extensions for Remote Direct Memory Access (RDMA)

Other links

• A List of iSCSI Software Targets
• An introduction to the Solaris iSCSI stack
• Linux iSCSI
• Picquelle Report (iSCSI Standards & 10GbE Ratified)
• "iSCSI: Insecure SCSI". A talk on iSCSI security given at the BlackHat Security Conference
• NetBSD iSCSI Target HOWTO
• NetBSD iSCSI Initiator WindowsXP HOWTO
• SAN Magazines Introduction To iSCSI
• Setting up iSCSI Enterprise Target on Ubuntu 6.06LTS Server