HOME

8.1.3 - Configure An Iscsi Target

Article with TOC
Author's profile picture

planetorganic

Nov 12, 2025 · 12 min read

8.1.3 - Configure An Iscsi Target
8.1.3 - Configure An Iscsi Target

Table of Contents

    Let's dive into the intricacies of configuring an iSCSI target, a critical skill for any IT professional managing storage solutions in a modern network environment. iSCSI (Internet Small Computer Systems Interface) allows you to utilize existing IP networks to establish and manage connections between servers and storage devices, effectively turning network-attached storage (NAS) into block-level storage accessible by your servers.

    Understanding iSCSI and Its Benefits

    iSCSI operates by encapsulating SCSI commands within TCP/IP packets. This encapsulation allows data to be transferred across an IP network, making it appear to the operating system as if the storage device is directly attached. Think of it as creating a virtual SCSI cable over your existing network infrastructure.

    The benefits of using iSCSI are numerous:

    • Cost-Effectiveness: Leveraging existing network infrastructure eliminates the need for dedicated fiber channel hardware and cabling, significantly reducing costs.
    • Simplified Management: iSCSI simplifies storage management by centralizing storage resources and allowing for easier provisioning and allocation.
    • Scalability: iSCSI solutions are highly scalable, enabling you to easily expand storage capacity as needed.
    • Disaster Recovery: iSCSI facilitates efficient data replication and disaster recovery strategies by allowing you to replicate data to remote locations over the network.
    • Virtualization Integration: iSCSI seamlessly integrates with virtualization platforms like VMware and Hyper-V, providing storage for virtual machines.

    Key iSCSI Concepts: Target, Initiator, and LUN

    Before we delve into the configuration process, it's crucial to understand the key components involved in iSCSI communication:

    • iSCSI Target: The iSCSI target is the storage server or appliance that provides the storage resources. It accepts iSCSI connections from initiators. In simpler terms, it's the server offering the storage.
    • iSCSI Initiator: The iSCSI initiator is the client server that requests access to the storage resources offered by the target. It's essentially the server requesting the storage. Initiators can be hardware-based (using a dedicated iSCSI HBA - Host Bus Adapter) or software-based (using the operating system's built-in iSCSI initiator).
    • LUN (Logical Unit Number): A LUN is a unique identifier assigned to a logical storage volume on the iSCSI target. It's like a partition on a physical disk, representing a discrete unit of storage that can be accessed by an initiator. A single iSCSI target can host multiple LUNs.

    Step-by-Step Configuration of an iSCSI Target

    The specific steps for configuring an iSCSI target will vary depending on the operating system or storage appliance you are using. However, the general principles remain the same. We'll cover the configuration process using common platforms like Linux (using targetcli) and Windows Server.

    Configuring an iSCSI Target on Linux (using targetcli)

    targetcli is a powerful command-line tool for managing iSCSI targets in Linux. It's commonly used in distributions like CentOS, RHEL, and Ubuntu.

    1. Installation:

    First, ensure that the targetcli package is installed. The package name might vary slightly depending on your distribution. Here are some common installation commands:

    • CentOS/RHEL: sudo yum install targetcli
    • Ubuntu/Debian: sudo apt-get install targetcli

    2. Starting the Targetcli Shell:

    Once installed, start the targetcli shell by running the following command:

    sudo targetcli

    This will open the targetcli prompt, which looks something like this:

    targetcli shell version x.x.x
Copyright 2011-2017 Datera, Inc.
/>

    3. Creating a Backstore:

    A backstore defines the storage resource that will be exposed as an iSCSI LUN. You can use various backstore types, including:

    • fileio: Uses a regular file as the storage backstore. This is useful for testing and development.
    • block: Uses a block device (e.g., a physical disk or partition) as the storage backstore. This is the most common option for production environments.
    • pscsi: Exposes existing SCSI devices as iSCSI targets.
    • rdrd: (RADOS Block Device) Uses Ceph RBD as the storage backstore.

    Let's create a fileio backstore for demonstration purposes. Replace /path/to/your/file.img with the actual path to your file. You'll also need to create the file first.

    cd /backstores
create fileio my_file /path/to/your/file.img size=10GiB

    This command creates a fileio backstore named my_file using the specified file and sets its size to 10 GB. Remember to replace /path/to/your/file.img with a valid path. You might need to create an empty file first using dd if=/dev/zero of=/path/to/your/file.img bs=1M count=10240 (which creates a 10GB file).

    For a block device backstore, you would use:

    cd /backstores
create block my_block /dev/sdb1

    Replace /dev/sdb1 with the actual block device you want to use. Be extremely careful when using block devices, as incorrect configuration can lead to data loss.

    4. Creating an iSCSI Target:

    Next, you need to create an iSCSI target. Targets are identified by their IQN (iSCSI Qualified Name), which is a unique identifier. It's a best practice to use a reversed domain name format for the IQN.

    cd /iscsi
create iqn.2023-10.com.example:storage.target1

    This command creates an iSCSI target with the IQN iqn.2023-10.com.example:storage.target1. Replace com.example with your actual domain name or a suitable alternative if you don't own a domain.

    5. Creating a LUN:

    Now, you need to associate the backstore with the target by creating a LUN.

    cd iqn.2023-10.com.example:storage.target1/tpg1/luns
create /backstores/fileio/my_file

    This command creates a LUN that uses the my_file backstore.

    6. Configuring Access Control (ACLs):

    To control which initiators can access the target, you need to configure access control lists (ACLs). This involves specifying the IQNs of the allowed initiators.

    cd /iscsi/iqn.2023-10.com.example:storage.target1/tpg1/acls
create iqn.2023-10.com.example:client.initiator1

    This command allows the initiator with the IQN iqn.2023-10.com.example:client.initiator1 to connect to the target. Replace iqn.2023-10.com.example:client.initiator1 with the actual IQN of your initiator. You can find the IQN of your initiator using the iscsiadm -m discovery -t st -p <target_ip> command on the initiator host.

    7. Configuring Network Portal:

    You need to specify the network interface and port that the target will listen on for incoming iSCSI connections.

    cd /iscsi/iqn.2023-10.com.example:storage.target1/tpg1/portals
create 0.0.0.0 3260

    This command configures the target to listen on all network interfaces (0.0.0.0) on the standard iSCSI port 3260. If you want to restrict access to a specific interface, replace 0.0.0.0 with the IP address of that interface.

    8. Enabling the Target:

    Finally, enable the target to start accepting connections.

    cd /iscsi/iqn.2023-10.com.example:storage.target1/tpg1
set attribute authentication=0
set attribute generate_node_acls=1
set attribute demo_mode_write_protect=0
enable

    The authentication=0 disables CHAP authentication, which is fine for a test environment but strongly discouraged for production. The generate_node_acls=1 automatically creates ACL entries for newly discovered initiators. demo_mode_write_protect=0 allows write access.

    9. Saving the Configuration:

    To ensure that the configuration is persistent across reboots, save the configuration.

    cd /
saveconfig

    10. Exiting Targetcli:

    Exit the targetcli shell.

    exit

    Example targetcli Script

    Here's a consolidated script that performs all the steps outlined above:

    #!/bin/bash

# Set variables
BACKSTORE_FILE="/path/to/your/file.img"
BACKSTORE_SIZE="10GiB"
TARGET_IQN="iqn.2023-10.com.example:storage.target1"
INITIATOR_IQN="iqn.2023-10.com.example:client.initiator1"

# Ensure the backstore file exists
if [ ! -f "$BACKSTORE_FILE" ]; then
  dd if=/dev/zero of="$BACKSTORE_FILE" bs=1M count=$(( $(echo "$BACKSTORE_SIZE" | sed 's/[^0-9]*//g') * 1024 ))
fi

# Start targetcli
targetcli <

    Remember to replace the placeholder values with your actual settings. Also, it is crucial to set up proper CHAP authentication in production environments.

    Configuring an iSCSI Target on Windows Server

    Windows Server includes a built-in iSCSI Target Server role that you can use to provide iSCSI storage.

    1. Install the iSCSI Target Server Role:

    • Open Server Manager.
    • Click Add roles and features.
    • Select Role-based or feature-based installation.
    • Select the server where you want to install the role.
    • Select the File and Storage Services role, then expand File and iSCSI Services.
    • Select iSCSI Target Server.
    • Follow the on-screen instructions to complete the installation.

    2. Create an iSCSI Virtual Disk:

    • Open Server Manager.
    • Click File and Storage Services.
    • Click iSCSI.
    • Click To create an iSCSI virtual disk, start the New iSCSI Virtual Disk Wizard.

    3. Specify the iSCSI Virtual Disk Location:

    • Choose the server and volume where you want to store the iSCSI virtual disk.

    4. Specify the iSCSI Virtual Disk Name:

    • Enter a name for the iSCSI virtual disk.

    5. Specify the iSCSI Virtual Disk Size:

    • Enter the size of the iSCSI virtual disk. You can choose between fixed size and dynamically expanding. Fixed size allocates all the space upfront, while dynamically expanding grows as needed (but can impact performance if it runs out of space).

    6. Assign the iSCSI Target:

    • You can either assign the virtual disk to an existing iSCSI target or create a new one.
    • To create a new target, select New iSCSI target.

    7. Specify the iSCSI Target Name:

    • Enter a name for the iSCSI target.

    8. Specify Access Servers (Initiators):

    • Add the IQNs or IP addresses of the initiators that will be allowed to access the target.
    • Click Add to add each initiator.
    • It is crucial to restrict access to only authorized initiators for security reasons.

    9. Enable Authentication (CHAP):

    • For enhanced security, configure CHAP authentication.
    • You can choose between one-way CHAP (where the initiator authenticates to the target) and mutual CHAP (where both the initiator and target authenticate each other).
    • Enter a secret for the CHAP authentication. Keep this secret secure.

    10. Confirm and Create:

    • Review the settings and click Create to create the iSCSI virtual disk and target.

    11. Verify the Configuration:

    • In Server Manager, under File and Storage Services, click iSCSI.
    • Verify that the iSCSI virtual disk and target are listed and configured correctly.

    Connecting to the iSCSI Target from an Initiator

    Once the iSCSI target is configured, you need to connect to it from the initiator server. The process is similar on both Linux and Windows.

    Connecting from Linux (using iscsiadm):

    1. Discover the Target:

      sudo iscsiadm -m discovery -t st -p

      Replace <target_ip> with the IP address of the iSCSI target. This command discovers the available iSCSI targets.

    2. Login to the Target:

      sudo iscsiadm -m node -T  -l

      Replace <target_iqn> with the IQN of the target. This command logs in to the target.

    3. Verify the Connection:

      sudo iscsiadm -m session

      This command displays the active iSCSI sessions.

    4. Mount the iSCSI Volume:

      After logging in, the iSCSI volume will appear as a block device (e.g., /dev/sdb). You can then format and mount it like any other block device.

      sudo mkfs.ext4 /dev/sdb
sudo mount /dev/sdb /mnt

      Replace /dev/sdb with the actual block device and /mnt with the desired mount point.

    5. Make the Mount Persistent:

      To make the mount persistent across reboots, add an entry to /etc/fstab.

      /dev/sdb  /mnt  ext4  defaults  0  0

      Replace /dev/sdb and /mnt with the actual values.

    Connecting from Windows:

    1. Open the iSCSI Initiator:

      • Search for "iSCSI Initiator" in the Start menu.

    2. Enter the Target Portal:

      • In the Targets tab, enter the IP address or hostname of the iSCSI target in the Target field and click Quick Connect.

    3. Connect to the Target:

      • Select the target from the list of discovered targets and click Connect.

    4. Configure CHAP Authentication (if enabled):

      • If CHAP authentication is enabled on the target, click the Advanced button in the Connect to Target dialog box.
      • Enter the CHAP username and secret.

    5. Verify the Connection:

      • The target should now be listed as Connected in the iSCSI Initiator.

    6. Format and Mount the iSCSI Volume:

      • Open Disk Management (diskmgmt.msc).
      • The iSCSI volume will appear as a new disk.
      • Initialize the disk, create a new volume, and format it with a file system (e.g., NTFS).
      • Assign a drive letter to the volume.

    Troubleshooting Common iSCSI Issues

    • Connectivity Issues: Ensure that there is network connectivity between the initiator and the target. Check firewalls, routing, and DNS settings.
    • IQN Mismatch: Verify that the IQN configured on the initiator matches the IQN allowed on the target.
    • CHAP Authentication Failures: Double-check the CHAP username and secret.
    • LUN Masking Issues: Ensure that the initiator is allowed to access the LUN.
    • Performance Issues: Network congestion, disk I/O bottlenecks, and incorrect configuration can all contribute to performance issues. Monitor network traffic, disk performance, and CPU utilization. Consider using jumbo frames to improve network throughput.
    • Target Not Found: Check if the iSCSI target service is running on the target server. Also verify if the iSCSI target IP address or hostname is correctly configured on the initiator.
    • Multiple Connections: Ensure that MPIO (Multipath I/O) is properly configured to handle multiple connections to the same iSCSI target for redundancy and performance. Without MPIO, multiple connections can lead to data corruption.

    Security Considerations

    • CHAP Authentication: Always use CHAP authentication to protect against unauthorized access.
    • IPsec: Consider using IPsec to encrypt iSCSI traffic for enhanced security.
    • VLANs: Isolate iSCSI traffic on a dedicated VLAN.
    • Firewall Rules: Restrict access to the iSCSI target to only authorized initiators using firewall rules.
    • Regular Security Audits: Perform regular security audits to identify and address potential vulnerabilities.

    Conclusion

    Configuring an iSCSI target is a fundamental skill for managing storage in modern IT environments. By understanding the core concepts and following the steps outlined in this article, you can successfully set up and manage iSCSI storage solutions that meet your organization's needs. Remember to prioritize security and regularly monitor your iSCSI infrastructure to ensure optimal performance and reliability. While the steps can seem intricate, the benefits in terms of cost savings, scalability, and simplified management make iSCSI a valuable tool in any IT professional's arsenal. Remember to always consult the specific documentation for your operating system or storage appliance for the most accurate and up-to-date instructions.

    Latest Posts

    Latest Posts

    Related Post

    Thank you for visiting our website which covers about 8.1.3 - Configure An Iscsi Target . We hope the information provided has been useful to you. Feel free to contact us if you have any questions or need further assistance. See you next time and don't miss to bookmark.

    Go Home
    Click anywhere to continue