Hubbry Logo
ISCSIISCSIMain
Open search
ISCSI
Community hub
ISCSI
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
ISCSI
ISCSI
ISCSI
View on Wikipedia
from Wikipedia

Internet Small Computer Systems Interface (iSCSI; /ˈskʌzi/ eye-SKUZ-ee) is an Internet Protocol-based storage networking standard for linking data storage facilities. iSCSI provides block-level access to storage devices by carrying SCSI commands over a TCP/IP network. iSCSI facilitates data transfers over intranets and to manage storage over long distances. It can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval.

The protocol allows clients (called initiators) to send SCSI commands (CDBs) to storage devices (targets) on remote servers. It is a storage area network (SAN) protocol, allowing organizations to consolidate storage into storage arrays while providing clients (such as database and web servers) with the illusion of locally attached SCSI disks.[1] It mainly competes with Fibre Channel, but unlike traditional Fibre Channel which usually requires dedicated cabling,[a] iSCSI can be run over long distances using existing network infrastructure.[2] iSCSI was pioneered by IBM and Cisco in 1998 and submitted as a draft standard in March 2000.[3]

Concepts

[edit]

In essence, iSCSI allows two hosts to negotiate and then exchange SCSI commands using Internet Protocol (IP) networks. By doing this, iSCSI takes a popular high-performance local storage bus and emulates it over a wide range of networks, creating a storage area network (SAN). Unlike some SAN protocols, iSCSI requires no dedicated cabling; it can be run over existing IP infrastructure. As a result, iSCSI is often seen as a low-cost alternative to Fibre Channel, which requires dedicated infrastructure except in its FCoE (Fibre Channel over Ethernet) form. However, the performance of an iSCSI SAN deployment can be severely degraded if not operated on a dedicated network or subnet (LAN or VLAN), due to competition for a fixed amount of bandwidth.

Although iSCSI can communicate with arbitrary types of SCSI devices, system administrators almost always use it to allow servers (such as database servers) to access disk volumes on storage arrays. iSCSI SANs often have one of two objectives:

Storage consolidation
Organizations move disparate storage resources from servers around their network to central locations, often in data centers; this allows for more efficiency in the allocation of storage, as the storage itself is no longer tied to a particular server. In a SAN environment, a server can be allocated a new disk volume without any changes to hardware or cabling.
Disaster recovery
Organizations mirror storage resources from one data center to a remote data center, which can serve as a hot / standby in the event of a prolonged outage. In particular, iSCSI SANs allow entire disk arrays to be migrated across a WAN with minimal configuration changes, in effect making storage "routable" in the same manner as network traffic.

Initiator

[edit]
Further information: SCSI initiator

An initiator functions as an iSCSI client. An initiator typically serves the same purpose to a computer as a SCSI bus adapter would, except that, instead of physically cabling SCSI devices (like hard drives and tape changers), an iSCSI initiator sends SCSI commands over an IP network. An initiator falls into two broad types:

A software initiator uses code to implement iSCSI. Typically, this happens in a kernel-resident device driver that uses the existing network card (NIC) and network stack to emulate SCSI devices for a computer by speaking the iSCSI protocol. Software initiators are available for most popular operating systems and are the most common method of deploying iSCSI.

A hardware initiator uses dedicated hardware, typically in combination with firmware running on that hardware, to implement iSCSI. A hardware initiator mitigates the overhead of iSCSI and TCP processing and Ethernet interrupts, and therefore may improve the performance of servers that use iSCSI. An iSCSI host bus adapter (more commonly, HBA) implements a hardware initiator. A typical HBA is packaged as a combination of a Gigabit (or 10 Gigabit) Ethernet network interface controller, some kind of TCP/IP offload engine (TOE) technology and a SCSI bus adapter, which is how it appears to the operating system. An iSCSI HBA can include PCI option ROM to allow booting from an iSCSI SAN.

An iSCSI offload engine, or iSOE card, offers an alternative to a full iSCSI HBA. An iSOE "offloads" the iSCSI initiator operations for this particular network interface from the host processor, freeing up CPU cycles for the main host applications. iSCSI HBAs or iSOEs are used when the additional performance enhancement justifies the additional expense of using an HBA for iSCSI,[4] rather than using a software-based iSCSI client (initiator). iSOE may be implemented with additional services such as TCP offload engine (TOE) to further reduce host server CPU usage.

Target

[edit]
See also: SCSI target

The iSCSI specification refers to a storage resource located on an iSCSI server (more generally, one of potentially many instances of iSCSI storage nodes running on that server) as a target.

An iSCSI target is often a dedicated network-connected hard disk storage device, but may also be a general-purpose computer, since as with initiators, software to provide an iSCSI target is available for most mainstream operating systems.

Common deployment scenarios for an iSCSI target include:

Storage array

[edit]

In a data center or enterprise environment, an iSCSI target often resides in a large storage array. These arrays can be in the form of commodity hardware with free-software-based iSCSI implementations, or as commercial products such as in StorTrends, Pure Storage, HP StorageWorks, EqualLogic, Tegile Systems, Nimble storage, IBM Storwize family, Isilon, NetApp filer, Dell EMC, Kaminario, NS-series, CX4, VNX, VNXe, VMAX, Hitachi Data Systems HNAS, or Pivot3 vSTAC.

A storage array usually provides distinct iSCSI targets for numerous clients.[5]

Software target

[edit]
See also: List of storage area network management systems

Nearly all modern mainstream server operating systems (such as BSD, Linux, Solaris or Windows Server) can provide iSCSI target functionality, either as a built-in feature or with supplemental software. Some specific-purpose operating systems implement iSCSI target support.

Logical unit number

[edit]
Main article: Logical unit number

In SCSI terminology, LU stands for logical unit, which is specified by a unique logical unit number. A LUN represents an individually addressable (logical) SCSI device that is part of a physical SCSI device (target). In an iSCSI environment, LUNs are essentially numbered disk drives. An initiator negotiates with a target to establish connectivity to a LUN; the result is an iSCSI connection that emulates a connection to a SCSI hard disk. Initiators treat iSCSI LUNs the same way as they would a raw SCSI or IDE hard drive; for instance, rather than mounting remote directories as would be done in NFS or CIFS environments, iSCSI systems format and directly manage filesystems on iSCSI LUNs.

In enterprise deployments, LUNs usually represent subsets of large RAID disk arrays, often allocated one per client. iSCSI imposes no rules or restrictions on multiple computers sharing individual LUNs; it leaves shared access to a single underlying filesystem as a task for the operating system.

Network booting

[edit]

For general data storage on an already-booted computer, any type of generic network interface may be used to access iSCSI devices.[citation needed] However, a generic consumer-grade network interface is not able to boot a diskless computer from a remote iSCSI data source.[citation needed] Instead, it is commonplace for a server to load its initial operating system from a TFTP server or local boot device, and then use iSCSI for data storage once booting from the local device has finished.[citation needed]

A separate DHCP server may be configured to assist interfaces equipped with network boot capability to be able to boot over iSCSI. In this case, the network interface looks for a DHCP server offering a PXE or bootp boot image.[6] This is used to kick off the iSCSI remote boot process, using the booting network interface's MAC address to direct the computer to the correct iSCSI boot target[citation needed]. One can then use a software-only approach to load a small boot program which can in turn mount a remote iSCSI target as if it was a local SCSI drive and then fire the boot process from said iSCSI target[citation needed]. This can be achieved using an existing Preboot Execution Environment (PXE) boot ROM, which is available on many wired Ethernet adapters. The boot code can also be loaded from CD/DVD, floppy disk (or floppy disk image) and USB storage, or it can replace existing PXE boot code on adapters that can be re-flashed.[7] The most popular free software to offer iSCSI boot support is iPXE.[8]

Most Intel Ethernet controllers for servers support iSCSI boot.[9]

Addressing

[edit]

iSCSI uses TCP (typically TCP ports 860 and 3260) for the protocols itself, with higher-level names used to address the objects within the protocol. Special names refer to both iSCSI initiators and targets. iSCSI provides three name-formats:

iSCSI Qualified Name (IQN)
Format: The iSCSI Qualified Name is documented in RFC 3720, with further examples of names in RFC 3721. Briefly, the fields are:
  • literal iqn (iSCSI Qualified Name)
  • date (yyyy-mm) that the naming authority took ownership of the domain
  • reversed domain name of the authority (e.g. org.alpinelinux, com.example, to.yp.cr)
  • Optional ":" prefixing a storage target name specified by the naming authority.
From the RFC:[10]
Type . Date . Naming Auth : String defined by example.com Naming Authority
iqn . 1992-01 . com.example : storage:diskarrays-sn-a8675309
iqn . 1992-01 . com.example
iqn . 1992-01 . com.example : storage.tape1.sys1.xyz
iqn . 1992-01 . com.example : storage.disk2.sys1.xyz
Extended Unique Identifier (EUI)
Format: eui.{EUI-64 bit address} (e.g. eui.02004567A425678D)
T11 Network Address Authority (NAA)
Format: naa.{NAA 64 or 128 bit identifier} (e.g. naa.52004567BA64678D)

IQN format addresses occur most commonly. They are qualified by a date (yyyy-mm) because domain names can expire or be acquired by another entity.

The IEEE Registration authority provides EUI in accordance with the EUI-64 standard. NAA is part OUI which is provided by the IEEE Registration Authority. NAA name formats were added to iSCSI in RFC 3980, to provide compatibility with naming conventions used in Fibre Channel and Serial Attached SCSI (SAS) storage technologies.

Usually, an iSCSI participant can be defined by three or four fields:

  1. Hostname or IP Address (e.g., "iscsi.example.com")
  2. Port Number (e.g., 3260)
  3. iSCSI Name (e.g., the IQN "iqn.2003-01.com.ibm:00.fcd0ab21.shark128")
  4. An optional CHAP Secret (e.g., "secretsarefun")

iSNS

[edit]
Main article: Internet Storage Name Service

iSCSI initiators can locate appropriate storage resources using the Internet Storage Name Service (iSNS) protocol. In theory, iSNS provides iSCSI SANs with the same management model as dedicated Fibre Channel SANs. In practice, administrators can satisfy many deployment goals for iSCSI without using iSNS.

Security

[edit]

Authentication

[edit]

iSCSI initiators and targets prove their identity to each other using CHAP, which includes a mechanism to prevent cleartext passwords from appearing on the wire. By itself, CHAP is vulnerable to dictionary attacks, spoofing, and reflection attacks. If followed carefully, the best practices for using CHAP within iSCSI reduce the surface for these attacks and mitigate the risks.[11]

Additionally, as with all IP-based protocols, IPsec can operate at the network layer. The iSCSI negotiation protocol is designed to accommodate other authentication schemes, though interoperability issues limit their deployment.

Logical network isolation

[edit]

To ensure that only valid initiators connect to storage arrays, administrators most commonly run iSCSI only over logically isolated backchannel networks. In this deployment architecture, only the management ports of storage arrays are exposed to the general-purpose internal network, and the iSCSI protocol itself is run over dedicated network segments or VLANs. This mitigates authentication concerns; unauthorized users are not physically provisioned for iSCSI, and thus cannot talk to storage arrays. However, it also creates a transitive trust problem, in that a single compromised host with an iSCSI disk can be used to attack storage resources for other hosts.

Physical network isolation

[edit]

While iSCSI can be logically isolated from the general network using VLANs only, it is still no different from any other network equipment and may use any cable or port as long as there is a completed signal path between source and target. Just a single cabling mistake by a network technician can compromise the barrier of logical separation, and an accidental bridging may not be immediately detected because it does not cause network errors.

In order to further differentiate iSCSI from the regular network and prevent cabling mistakes when changing connections, administrators may implement self-defined color-coding and labeling standards, such as only using yellow-colored cables for the iSCSI connections and only blue cables for the regular network, and clearly labeling ports and switches used only for iSCSI.

While iSCSI could be implemented as just a VLAN cluster of ports on a large multi-port switch that is also used for general network usage, the administrator may instead choose to use physically separate switches dedicated to iSCSI VLANs only, to further prevent the possibility of an incorrectly connected cable plugged into the wrong port bridging the logical barrier.

Authorization

[edit]

Because iSCSI aims to consolidate storage for many servers into a single storage array, iSCSI deployments require strategies to prevent unrelated initiators from accessing storage resources. As a pathological example, a single enterprise storage array could hold data for servers variously regulated by the Sarbanes–Oxley Act for corporate accounting, HIPAA for health benefits information, and PCI DSS for credit card processing. During an audit, storage systems must demonstrate controls to ensure that a server under one regime cannot access the storage assets of a server under another.

Typically, iSCSI storage arrays explicitly map initiators to specific target LUNs; an initiator authenticates not to the storage array, but to the specific storage asset it intends to use. However, because the target LUNs for SCSI commands are expressed both in the iSCSI negotiation protocol and in the underlying SCSI protocol, care must be taken to ensure that access control is provided consistently.

Confidentiality and integrity

[edit]

For the most part, iSCSI operates as a cleartext protocol that provides no cryptographic protection for data in motion during SCSI transactions. As a result, an attacker who can listen in on iSCSI Ethernet traffic can:[12]

  • Reconstruct and copy the files and filesystems being transferred on the wire
  • Alter the contents of files by injecting fake iSCSI frames
  • Corrupt filesystems being accessed by initiators, exposing servers to software flaws in poorly tested filesystem code.

These problems do not occur only with iSCSI, but rather apply to any SAN protocol without cryptographic security. IP-based security protocols, such as IPsec, can provide standards-based cryptographic protection to this traffic.

Implementations

[edit]

Operating systems

[edit]

The dates in the following table denote the first appearance of a native driver in each operating system. Third-party drivers for Windows and Linux were available as early as 2001, specifically for attaching IBM's IP Storage 200i appliance.[13]

OS First release date Version Features
IBM i 2006-10 V5R4M0 (as i5/OS) Target, Multipath
VMware ESX 2006-06 ESX 3.0, ESX 4.0, ESXi 5.x, ESXi 6.x Initiator, Multipath
AIX 2002-10 AIX 5.3 TL10, AIX 6.1 TL3 Initiator, Target
Windows 2003-06 2000, XP Pro, 2003, Vista, 2008, 2008 R2, 7, 8, Server 2012, 8.1, Server 2012 R2, 10, Server 2016, 11, Server 2019 Initiator, Target,[b] Multipath
NetWare 2003-08 NetWare 5.1, 6.5, & OES Initiator, Target
HP-UX 2003-10 HP 11i v1, HP 11i v2, HP 11i v3 Initiator
Solaris 2002-05 Solaris 10, OpenSolaris Initiator, Target, Multipath, iSER
Linux 2005-06 2.6.12, 3.1 Initiator (2.6.12), Target (3.1), Multipath, iSER, VAAI[c]
OpenBSD 2009-10 4.9 Initiator
NetBSD 2002-06 4.0, 5.0 Initiator (5.0), Target (4.0)
FreeBSD 2008-02 7.0 Initiator (7.0), Target (10.0), Multipath, iSER, VAAI[c]
OpenVMS 2002-08 8.3-1H1 Initiator, Multipath
macOS 2008-07 10.4— N/A[d]

Targets

[edit]

Most iSCSI targets involve disk, though iSCSI tape and medium-changer targets are popular as well. So far, physical devices have not featured native iSCSI interfaces on a component level. Instead, devices with Parallel SCSI or Fibre Channel interfaces are bridged by using iSCSI target software, external bridges, or controllers internal to the device enclosure.

Alternatively, it is possible to virtualize disk and tape targets. Rather than representing an actual physical device, an emulated virtual device is presented. The underlying implementation can deviate drastically from the presented target as is done with virtual tape library (VTL) products. VTLs use disk storage for storing data written to virtual tapes. As with actual physical devices, virtual targets are presented by using iSCSI target software, external bridges, or controllers internal to the device enclosure.

In the security products industry, some manufacturers use an iSCSI RAID as a target, with the initiator being either an IP-enabled encoder or camera.

Converters and bridges

[edit]

Multiple systems exist that allow Fibre Channel, SCSI and SAS devices to be attached to an IP network for use via iSCSI. They can be used to allow migration from older storage technologies, access to SANs from remote servers and the linking of SANs over IP networks. An iSCSI gateway bridges IP servers to Fibre Channel SANs. The TCP connection is terminated at the gateway, which is implemented on a Fibre Channel switch or as a standalone appliance.

See also

[edit]

Notes

[edit]

References

[edit]

Further reading

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

ISCSI

View on Grokipedia
from Grokipedia
iSCSI (Internet Small Computer Systems Interface) is a transport protocol for the (SCSI) that enables the encapsulation and transmission of SCSI commands, , and status over TCP/IP networks, allowing block-level access to storage devices using standard IP infrastructure such as Ethernet. Developed to provide an interoperable solution for storage area networks (SANs), iSCSI maps the SCSI architecture model onto TCP, supporting reliable delivery of I/O operations between initiators (client systems) and targets (storage servers or devices). This protocol facilitates cost-effective, scalable storage connectivity over existing networks without requiring specialized hardware like . Standardized by the (IETF), iSCSI was initially defined in RFC 3720 in April 2004 and later consolidated and updated in RFC 7143 in April 2014 to incorporate errata, clarifications, and enhancements while maintaining . Key features include a login phase for parameter negotiation, support for multiple connections per session for performance and redundancy, error detection and recovery mechanisms aligned with standards, and optional security extensions like CHAP authentication and . Widely adopted in enterprise and environments, iSCSI enables , , and remote replication by leveraging high-speed Ethernet advancements up to 100 Gbps and beyond.

Fundamentals

Definition and Purpose

iSCSI, or Internet Small Computer Systems Interface, is a transport protocol for the (SCSI) that operates on top of TCP/IP networks. It was originally defined in RFC 3720 as a proposed standard by the (IETF) in April 2004 and later consolidated and updated in RFC 7143 in April 2014. The protocol encapsulates SCSI commands, data, and status within iSCSI protocol data units (PDUs) for transmission over standard IP networks, ensuring compatibility with the SCSI Architecture Model. The primary purpose of iSCSI is to enable initiators, such as servers, to access remote storage targets as if they were locally attached block devices, thereby facilitating block-level storage networking over Ethernet without requiring dedicated storage area network (SAN) hardware. This approach contrasts with traditional SCSI, which relies on direct physical connections or specialized transports like Fibre Channel, by leveraging ubiquitous TCP/IP for extending storage access across local area networks (LANs) or wide area networks (WANs). Key benefits of iSCSI include its cost-effectiveness, as it utilizes existing Ethernet infrastructure and avoids the expense of switches and host bus adapters, making it suitable for small to medium-sized enterprises. It also offers scalability for large data centers by supporting high-speed Ethernet links and integration with environments, where multiple virtual machines can share remote storage resources efficiently. Historically, iSCSI originated from a proof-of-concept developed by in 1998, with the initial draft submitted to the IETF in 2000 and approved as a proposed standard in February 2003.

Protocol Architecture

The iSCSI protocol employs a layered architecture that maps operations onto TCP/IP networks, enabling access over IP. At the core is the layer, which generates and processes Command Descriptor Blocks (CDBs) for commands and responses in compliance with the architecture model as defined in SAM-2. The iSCSI layer then encapsulates these elements into Protocol Data Units (PDUs) suitable for transmission, handling tasks such as session management, command sequencing, and error recovery. Underlying this is the TCP/IP , which provides reliable, connection-oriented delivery of the PDUs without awareness of their or iSCSI semantics. This layering ensures that iSCSI maintains semantics while leveraging the ubiquity of TCP/IP for network transport. Central to the iSCSI layer are PDUs, which structure all communications between initiators and targets. Each PDU begins with a Basic Header Segment (BHS) of 48 bytes, including key fields such as the opcode (specifying the PDU type, e.g., 0x01 for Command or 0x21 for Response) and the Initiator Task Tag (a for tracking individual tasks across the session). Following the BHS are optional Additional Header Segments (AHS) for extended information and one or more Data Segments, which carry payloads, text parameters, or other data, always padded to 4-byte boundaries for alignment. For login-related PDUs, the structure incorporates specific formats during phases like security negotiation (for parameters) and operational negotiation (for session settings such as maximum connections or error recovery levels). Session establishment in iSCSI occurs through a multi-phase process on TCP connections, distinguishing between normal sessions for full operations and discovery sessions limited to target enumeration. Normal sessions begin with a leading login connection using a Target Session Identifying (TSIH) of 0, progressing through three phases: to authenticate parties and establish security parameters, login operational to agree on session-wide settings, and the full feature phase to enable command execution. Discovery sessions, by contrast, restrict operations to SendTargets commands and similar discovery functions, omitting full data transfer capabilities. Initiators and targets collaboratively negotiate these phases to form a session, which may span multiple TCP connections for enhanced reliability. Error handling in iSCSI emphasizes and recovery at the protocol level, with support for optional digests to verify PDU components. Header and data digests use CRC32C (or none) to detect corruption during transit, applied independently to the BHS/AHS and data segments. Recovery mechanisms address connection failures and through task reassignment (transferring active tasks to a new connection), Selective Negative Acknowledgment () requests for retransmitting lost PDUs, and hierarchical levels including within-command recovery for partial errors and session-wide recovery via logout. These features ensure robust operation over potentially unreliable networks while preserving task .

Core Components

Initiators

iSCSI initiators serve as client-side agents on host servers that originate commands to remote targets, encapsulating them within TCP/IP packets to access storage over IP networks. These components map iSCSI logical units (LUNs) presented by targets as local block devices, such as /dev/sdX in systems, enabling applications to treat remote storage as if it were directly attached. By establishing sessions via a login phase, initiators facilitate reliable data transfer while handling identification through unique iSCSI names and initiator session identifiers (ISIDs). Initiators are available in software and hardware forms, with software variants integrated into operating systems to leverage the host CPU for protocol processing, making them the most common deployment method. Hardware initiators, typically implemented as host bus adapters (HBAs) or TCP offload engines (TOEs), offload iSCSI and TCP/IP tasks from the CPU to dedicated silicon for reduced latency. A prominent example of a software initiator is the iSCSI Initiator service, a built-in Windows component that manages connections to iSCSI without requiring additional hardware. In operation, initiators issue SCSI read and write commands via Command Descriptor Blocks (CDBs) embedded in SCSI-Command Protocol Data Units (PDUs), using initiator task tags and command sequence numbers (CmdSN) to ensure ordered delivery. They manage sessions by negotiating parameters during , such as maximum burst length (default 262144 bytes), and support multiple TCP connections per session for enhanced throughput and redundancy through multi-path I/O (MPIO). Error recovery involves levels from connection-only (level 0) to session-wide (level 2), incorporating mechanisms like selective negative acknowledgments (SNACKs) for retransmissions, task reassignment, and across portal groups to maintain during network disruptions. Performance of initiators varies by type: software implementations introduce CPU overhead for encapsulation and error handling, potentially consuming 10-20% of cycles at high throughput, whereas hardware offloads minimize this to under 10% while providing lower latency for latency-sensitive workloads. To optimize and performance, initiators integrate with multipathing frameworks, such as in , which aggregates multiple paths into a single logical device for load balancing and .

Targets and Logical Units

In iSCSI, a target serves as the server-side endpoint that exposes storage resources to initiators over IP networks using TCP connections. It receives commands encapsulated within iSCSI Protocol Data Units (PDUs), executes the associated I/O operations on underlying storage, and returns responses or status information to the initiator. Targets operate primarily in the Full Feature Phase following successful login negotiation, managing tasks such as command ordering via Command Sequence Numbers (CmdSN) and ensuring connection allegiance where related PDUs stay on the same TCP connection. Each target is uniquely identified by an iSCSI Qualified Name (IQN), a globally unique string formatted according to RFC 3721, such as iqn.2001-04.com.example:storage:diskarrays-sn-a8675309, which combines a , naming , and vendor-specific identifier. Targets support multiple network portals—combinations of IP addresses and TCP ports—grouped into portal groups to enable load balancing, , and multi-connection sessions for improved performance and reliability. iSCSI targets can be implemented in hardware or software configurations. Hardware targets are typically integrated into enterprise (SAN) arrays, where dedicated controllers handle protocol processing and storage exposure at high speeds. Software targets, in contrast, run on general-purpose servers using operating system tools to emulate storage providers; for example, the targetcli administration shell in environments allows configuration of iSCSI targets backed by local block devices or file I/O on commodity hardware. These implementations process incoming SCSI-Command PDUs (opcode 0x01), which include details like the Expected Data Transfer Length for I/O size, and respond with Data-In PDUs for reads or Ready to Transfer (R2T) PDUs to solicit data for writes. Logical units (LUs) represent the fundamental addressable storage entities within an iSCSI target, corresponding to SCSI logical units that appear as block devices to initiators. Each LU is identified by a 64-bit Logical Unit Number (LUN), formatted per the SCSI Architecture Model (SAM) and included in PDUs such as the SCSI Command PDU (bytes 8-15) to specify the target LU for operations. LUNs are mapped to physical or virtual storage volumes on the target, enabling abstraction of underlying hardware like disks or arrays, and access is scoped to the target's IQN combined with the LUN, as in iqn.1993-08.org.[debian](/page/Debian):01:abc123/lun/0. LUN masking restricts visibility and access to authorized initiators based on their IQNs, while mapping associates LUNs with specific backend storage resources to control data placement and availability. Target operations center on handling I/O workflows initiated by commands from iSCSI initiators. Upon receiving a SCSI command, the target processes it in CmdSN order, transferring data bidirectionally—sending output via Data-In PDUs for reads or requesting input via R2T PDUs for writes—before concluding with a SCSI Response PDU containing status, such as GOOD or CHECK CONDITION. Task management functions, like ABORT TASK or CLEAR TASK SET, allow termination of specific LUN operations, with the LUN field specifying the affected unit. Many iSCSI targets support advanced features at the LUN level, including to allocate storage on demand for efficient and snapshots to create point-in-time copies for or recovery. These capabilities enhance in environments like virtualized data centers, where LUNs may represent thinly provisioned volumes over-allocated relative to physical backing store.

Discovery and Connectivity

Addressing Mechanisms

iSCSI employs standardized naming conventions to uniquely identify initiators and targets across IP networks, ensuring persistent and location-independent identification. The primary format is the iSCSI Qualified Name (IQN), structured as iqn.yyyy-mm.reversed-domain:unique-id, where yyyy-mm denotes the year and month of domain registration, the reversed domain follows standard DNS conventions (e.g., com.example), and the unique identifier is vendor-specific (e.g., iqn.2001-04.com.example:storage:diskarrays-sn-a8675309). Alternatively, the EUI-64 format uses eui. followed by a 16-hex-digit IEEE EUI-64 identifier (e.g., eui.02004567A425678D), providing a compact alias for nodes based on hardware or software identifiers. These names are globally unique, permanent, and not tied to specific hardware, with optional aliases for human-readable reference. Portal addressing facilitates endpoint connectivity by specifying targets via and TCP port, with the default port being 3260 for iSCSI sessions. The TargetAddress parameter in login operations supports formats such as (e.g., example.com:3260,1), IPv4 (e.g., 10.0.1.1:3260,1), or (e.g., [2001:db8::1]:3260,1), optionally including a comma-separated portal group tag for session coordination. This addressing scheme enables initiators to establish TCP connections to targets over standard IP networks, abstracting SCSI commands into iSCSI Protocol Data Units (PDUs). Connection management in iSCSI organizes multiple IP/port combinations into portal groups, identified by a 16-bit portal group tag (0-65535), allowing sessions to span several network portals while maintaining consistent SCSI logical unit access. During login, initiators select routes based on discovered or configured target addresses, with targets returning the servicing portal group tag in the initial response to ensure session affinity. Redirection occurs if a target issues a login response with status class 0101h (Redirect), providing an alternative TargetAddress (e.g., omitting the portal group tag in redirects) to guide the initiator to another portal for load balancing or . This mechanism supports multiple connections per session within the same portal group, enhancing reliability without requiring hardware-specific adaptations. Initial addressing security integrates with protocols during , where CHAP provides in-band verification of initiator and target identities using directional secrets, ensuring secure name resolution and connection establishment. For broader protection, IKEv2 enables encapsulation, supporting identification types like ID_IPV6_ADDR to secure addressing in dual-stack environments. iSCSI supports both IPv4 and natively over TCP, with dual-stack compatibility allowing seamless transitions in addressing formats from early specifications. RFC 3720 laid the foundation for IP-agnostic transport, while RFC 7143 refined IPv6 integration, mandating bracketed notation in TargetAddress and IKE identification for modern networks, evolving from IPv4-centric examples to full IPv6 interoperability without protocol changes.

iSNS Protocol

The Internet Storage Name Service (iSNS) is an IETF standard defined in RFC 4171 that serves as a for iSCSI and related storage devices on IP networks, enabling automated discovery and management akin to the (DNS) but tailored for storage resources. It allows initiators to locate available targets dynamically without prior manual configuration of all device details, facilitating integration of iSCSI initiators, targets, and management nodes into a centralized database. As a client-server protocol, iSNS operates over TCP (mandatory) or UDP (optional), using the default port 3205 for communications between iSNS servers and clients. Key functions of iSNS include registration, where targets register their iSCSI Qualified Names (IQNs) and portal addresses (IP and port combinations) with the iSNS server using Device Attributes Registration (DevAttrReg) messages; discovery, where initiators query the server via Device Attributes Query (DevAttrQry) or Device Get Next (DevGetNext) messages to retrieve lists of available and their attributes; and state change notifications (SCNs), which alert registered clients to dynamic events such as target availability changes or scenarios through SCN messages. These notifications support real-time updates, with message types encoded in a Type-Length-Value (TLV) format for attributes like entity identifiers and portal details. For example, an SCN might notify of an object addition or removal, enabling seamless session management in storage networks. iSNS offers benefits such as reduced manual configuration in large-scale environments by centralizing device information and automating target discovery, which simplifies deployment compared to static setups. However, it is optional for iSCSI implementations, with alternatives including the (SLP) per RFC 2608, static configuration of target addresses, or the SendTargets method for direct queries. Security considerations in iSNS, as outlined in RFC 4171, address threats like unauthorized access and message replay through recommended ESP (SHOULD per RFC 4171) for and (with optional ), timestamps in messages, and support for digital signatures or certificates in scenarios. As of 2025, while iSNS remains in use in various storage systems such as ONTAP and fabrics, Microsoft has deprecated support for iSNS in 2025, recommending the (SMB) feature as an alternative for similar functionality.

Deployment Features

Network Booting

Network booting with iSCSI allows diskless clients to load and execute operating systems from remote storage devices over an IP network, treating the remote iSCSI logical unit number (LUN) as a local block device during the boot sequence. This process integrates with standard network boot mechanisms like the (PXE), where the client's —either or —initiates the connection to an iSCSI target. The initiator, embedded in the firmware or loaded via PXE, establishes an iSCSI session to access the bootable LUN containing the operating system image. The boot process begins with the client broadcasting a DHCP request to obtain network configuration, including the of the boot server and details for locating the iSCSI target. In PXE-enabled setups, the DHCP server responds with option 67 specifying the boot file name, which may chainload an enhanced like to handle iSCSI-specific operations. Once network parameters are acquired, the client uses additional DHCP options—such as vendor-specific option 43 or the iSCSI root path in option 17 (format: "iscsi:"servername":"protocol":"port":"LUN":"targetname"")—to identify the iSCSI target. If details are incomplete, the client queries a discovery service like iSNS or SLP to resolve the target name to an and port. Following discovery, the iSCSI initiator in the logs into the target using the obtained credentials, establishing a session over TCP. The then reads the LUN as a block device, loading the and mounting the root filesystem to continue the operating system . For systems, the process aligns with EFI boot services, while uses INT13h extensions to present the remote disk; multiple paths can be handled by prioritizing interfaces or targets based on configuration, allowing if the primary path fails. In advanced setups, chainloading via enables scripting for dynamic target selection or , such as CHAP, before passing control to the OS loader. Key requirements include firmware support for iSCSI, such as iSCSI Remote Boot integrated into the NIC or , and an iSCSI target exporting a bootable LUN formatted with a compatible partition scheme (e.g., GPT for ). The network must provide reliable TCP connectivity, with the target configured to allow initiator access; no local storage is needed on the client, though fallback options may be provisioned. Common use cases include stateless computing environments, where multiple clients boot identical OS images from a central repository for simplified management and rapid deployment, and diskless workstations in educational or lab settings to reduce hardware costs and enable centralized updates. For instance, a single 40 GB master image can boot hundreds of clients using differencing virtual hard disks, saving over 90% on storage compared to local duplicates. Challenges arise in wide area network (WAN) booting due to increased latency from geographic distance and potential , which can prolong the initial session establishment and OS loading. This is mitigated by enabling jumbo frames (MTU up to 9000 bytes) end-to-end to reduce overhead and improve throughput, though all network components must support consistent MTU sizes to avoid fragmentation. (LAN) deployments with 10 GbE or higher typically avoid these issues, emphasizing dedicated iSCSI VLANs for optimal performance.

Configuration Basics

Configuring an iSCSI initiator and target begins with assigning unique iSCSI Qualified Names (IQNs) to each node, defining network portals as and TCP port combinations (typically port 3260), and setting up authentication secrets using the (CHAP). On the target side, administrators create IQNs and associate them with portal groups, which manage access to logical unit numbers (LUNs), while enabling CHAP by specifying usernames and secrets (at least 96 bits recommended for security without , with implementations required to support up to 128 bits and potentially longer) for one-way or mutual authentication. For the initiator, the IQN is defined in a such as /etc/iscsi/initiatorname.iscsi, and CHAP credentials are entered in /etc/iscsi/iscsid.conf to match the target's settings. Practical setup on systems utilizes the iscsiadm utility for discovery and operations. Discovery employs the SendTargets method via commands like iscsiadm --mode discoverydb --type sendtargets --portal <target-ip>:3260, which queries the target for available IQNs and portals without establishing a full session. Subsequent is performed with iscsiadm -m node -T <target-iqn> -p <target-ip>:3260 --login, establishing a persistent session that can be automated at boot by marking nodes as such in the open-iSCSI database. During the login phase, iSCSI negotiates session parameters using text key-value pairs to ensure compatibility and optimal . Key parameters include MaxConnections, which specifies the maximum number of concurrent TCP connections per session (default 1, range 1-65535, negotiated to the minimum value); HeaderDigest and DataDigest, which enable optional CRC32C checksumming for (default None, per-connection ); and ErrorRecoveryLevel, which defines recovery capabilities (0 for none, 1 for within-connection recovery like retransmissions, and 2 for full session-level task reassignment across connections). iSCSI supports multipathing through extensions like Multi-Path I/O (MPIO) to enhance redundancy and performance across multiple network paths. In environments, the Device Mapper Multipath (DM-Multipath) subsystem aggregates paths to an iSCSI LUN into a single device, using policies such as round-robin for load balancing I/O across active paths. Persistent bindings ensure consistent LUN mapping by configuring multipath.conf with device-specific aliases, WWIDs, and path priorities, preventing device name changes on and enabling without data disruption. Monitoring iSCSI sessions involves tools to track performance metrics and diagnose issues. The iscsiadm command provides session statistics with --stats, reporting throughput in bytes per second, , and error counts for active connections. For troubleshooting portal , administrators use iscsiadm -m session to verify connection states and manually trigger failovers with --logout and --login on alternate portals, ensuring quick recovery in multipathed setups.

Security Measures

Authentication and Authorization

In iSCSI, authentication primarily occurs during the login phase to verify the identities of the initiator and target using the (CHAP), which employs hashes for secure challenge-response exchanges. CHAP supports bidirectional verification, where the target challenges the initiator, and the initiator computes a response based on a , a nonce challenge, and the algorithm (mandatory as algorithm 5 per RFC 3720). This process uses keys such as CHAP_N (name), CHAP_I (identifier), CHAP_C (challenge), and CHAP_R (response), all limited to 1024 bytes in binary form, ensuring the parties authenticate each other before proceeding to operational negotiation. Mutual CHAP extends this to full bidirectional authentication, allowing the initiator to challenge the target after initial verification, using separate secrets and identities for each direction to prevent reflection attacks. CHAP secrets must be at least 96 bits long or the TCP connection must be encrypted (e.g., via ), randomly generated, and unique per peer. Advanced authentication options include integration with for centralized management of CHAP secrets, enabling a single across multiple initiators while the RADIUS server verifies responses. Additionally, IKEv2 combined with provides robust and protection for the entire TCP connection, recommended for high-security environments as per RFC 7143, which mandates IPsec support and suggests IKEv2 alongside AES-CBC and HMAC-SHA1-96. Authorization in iSCSI relies on access control lists (ACLs) implemented at the target to initiators by their iSCSI Qualified Name (IQN), restricting attempts to authorized nodes only. LUN masking further enforces granular control by mapping specific logical unit numbers (LUNs) to initiator groups, denying access to unauthorized LUNs even if succeeds, typically aligned with standards like SPC-3. The standards for these mechanisms evolved from the basic CHAP in RFC 3720 (2004), which introduced initial authentication but left vulnerabilities like dictionary attacks exposed over unencrypted channels, to the consolidated RFC 7143 (2014), which enhanced through stronger secret requirements, IKEv2 integration, and removal of obsolete methods like SPKM to address such weaknesses.

Network Isolation Techniques

Network isolation techniques in iSCSI deployments are essential for enhancing by limiting unauthorized access and improving performance by preventing interference from other types. These methods segregate iSCSI storage from general LAN communications, reducing latency and ensuring reliable block-level transfers over Ethernet. Logical and physical isolation approaches, often combined, address vulnerabilities inherent to running iSCSI on IP networks, where storage could otherwise be exposed to broader enterprise . Logical isolation employs VLAN tagging as defined in IEEE 802.1Q to create virtual subnetworks that separate iSCSI traffic from general network flows. This technique allows multiple logical networks to coexist on the same physical infrastructure, with iSCSI assigned to a dedicated —such as VLAN 8—to prevent intermingling with application or management traffic. Additionally, (QoS) mechanisms using (DiffServ) enable prioritization of iSCSI packets by marking them with specific Differentiated Services Code Point (DSCP) values, ensuring higher bandwidth allocation during congestion and minimizing delays for storage I/O operations. Physical isolation involves deploying dedicated Ethernet switches and separate Network Interface Cards (NICs) exclusively for iSCSI traffic, avoiding shared networks that could lead to congestion or bottlenecks. For instance, servers may use distinct 10GbE NICs bonded for iSCSI, connected to specialized switches like those supporting iSCSI offload, while general traffic routes through separate hardware. This approach eliminates contention from non-storage workloads, providing a private pathway that enhances throughput and through configurations like Channel Link Aggregation Groups (LAGs). The Storage Networking Industry Association (SNIA) recommends such segregation to maintain predictable performance in iSCSI environments. Best practices for iSCSI isolation include enabling jumbo frames with an MTU greater than 1500 bytes—typically 9000 bytes—across the entire iSCSI path to reduce overhead and improve efficiency for large block transfers. However, this must be paired with isolation techniques to mitigate risks like broadcast storms, which can propagate rapidly in shared domains and overwhelm the network; in portfast mode is advised on switches to prevent loops. Integration with allows for dynamic segmentation, where policies automatically adjust assignments or traffic flows based on real-time needs, further optimizing isolation in virtualized setups. Authentication methods, such as CHAP, serve as a prerequisite for secure logins within these isolated segments. These techniques primarily address risks such as on shared LANs, where unencrypted iSCSI sessions could be intercepted, and Denial-of-Service (DoS) attacks from non-storage traffic flooding the network. By adhering to SNIA guidelines, organizations can implement access controls, traffic filtering, and separate subnets to minimize these threats, ensuring iSCSI operates as a secure, high-performance storage .

Implementations and Extensions

Operating System Integration

offers comprehensive iSCSI support through the Open-iSCSI project, which provides a high-performance, transport-independent initiator implementation compliant with RFC 3720. The Open-iSCSI package includes user-space utilities for configuration and management, along with essential kernel modules such as iscsi_tcp for TCP/IP transport, libiscsi, and scsi_transport_iscsi. Kernel-level iSCSI initiator functionality has been integrated since Linux 2.6.11, enabling reliable access over IP networks. For iSCSI targets on , the LIO (Linux-IO) framework serves as the standard in-kernel target implementation, introduced in kernel version 2.6.38 and replacing earlier user-space options like STGT. LIO supports multiple protocols including iSCSI and is configured using tools such as targetcli, a for creating and managing storage targets. This setup allows systems to export local block devices as iSCSI targets efficiently within the kernel space. Windows integrates iSCSI support natively through the Microsoft iSCSI Initiator, available as a software download since Windows Server 2003 and built-in starting with Windows Server 2008. The initiator enables clients to connect to remote iSCSI targets for storage access, with features like session management and CHAP authentication handled via the Microsoft iSCSI service. For targets, the Microsoft iSCSI Target role service, introduced in Windows Server 2012, allows servers to expose local volumes over iSCSI, supporting up to multiple terabytes of shared storage. This target integrates seamlessly with Windows Storage Spaces, enabling pooled storage resiliency and tiering for iSCSI-connected volumes. Other operating systems provide varying levels of iSCSI integration. includes a native, kernel-based iSCSI initiator and target since version 10.0, using the iscsid daemon for initiator connections and ctld for target configuration, allowing direct command tunneling over IP. VMware ESXi offers built-in software iSCSI adapter support, enabling vSphere hosts to discover and mount iSCSI LUNs as datastores for storage, with multipathing options via the vSphere client. In contrast, macOS lacks native iSCSI support and relies on third-party solutions, such as the globalSAN iSCSI Initiator for reliable connections to targets or KernSafe iSCSI Initiator X for basic client functionality. As of 2025, recent kernel developments enhance iSCSI reliability in Linux 6.x series through improved integration with device-mapper multipath (DM-Multipath) for load balancing and failover across multiple network paths, building on the Open-iSCSI stack without native support for multiple connections per session (MC/S). Windows Server 2025 advances storage optimizations, including a native NVMe-oF initiator that converges with iSCSI workflows for hybrid environments, delivering up to 60% higher IOPS on NVMe storage compared to prior versions while maintaining iSCSI compatibility.

Target and Bridge Solutions

iSCSI target solutions encompass both hardware appliances and software implementations that expose block storage over Ethernet networks. Hardware appliances, such as the series, provide unified storage with native iSCSI support, allowing seamless integration into existing IP infrastructures for midrange enterprise environments. Similarly, systems function as iSCSI targets, enabling storage provisioning in SAN environments where targets present logical unit numbers (LUNs) to initiators via Ethernet. Open-source and targets offer cost-effective alternatives for smaller deployments. , derived from FreeNAS, includes built-in iSCSI target capabilities that allow users to create and manage targets, extents, and LUNs through its web interface, supporting features like CHAP authentication for secure access. StarWind provides a free version of its iSCSI SAN software, which simplifies target creation and high-availability configurations for hyperconverged setups, leveraging iSCSI for efficient VM storage. Specialized software targets extend beyond native operating system features. QNAP systems incorporate iSCSI target services within their QTS or QuTS hero operating systems, enabling the creation of targets and LUNs for block-level access, often used in hybrid /SAN scenarios. Microsoft's iSCSI Target Server, integrated into as a role service under File and Storage Services, allows servers to export local or clustered storage as iSCSI targets, supporting scalability up to thousands of connections in virtualized environments. Bridge and converter devices facilitate interoperability between iSCSI and legacy or alternative protocols. FC-to-iSCSI gateways enable migration from SANs by converting FC LUNs to iSCSI , preserving investments in existing storage arrays while transitioning to Ethernet-based networks. MDS switches with iSCSI gateway functionality route requests between IP hosts and FC storage, supporting seamless protocol translation for hybrid fabrics. Ethernet-to-FCoE converters, including Marvell QLogic 2670 series adapters, encapsulate FC frames over Ethernet while supporting iSCSI offload, bridging traditional FC workflows to converged networks. As of 2025, modern iSCSI targets increasingly integrate with NVMe/TCP for enhanced performance, where targets expose NVMe namespaces over TCP alongside iSCSI, reducing latency compared to traditional SCSI commands in high-throughput scenarios. Cloud-based targets, such as AWS Storage Gateway's Volume Gateway mode, export iSCSI volumes backed by or EBS, providing hybrid cloud storage with local caching for on-premises initiators.

References

  1. https://www.snia.org/educational-library/what-iscsi-2022
  2. https://www.rfc-editor.org/rfc/rfc3720
  3. https://www.rfc-editor.org/rfc/rfc7143
  4. https://www.snia.org/educational-library/evolution-iscsi-2016
  5. https://datatracker.ietf.org/doc/html/rfc7143
  6. https://datatracker.ietf.org/doc/html/rfc3720
  7. https://www.techtarget.com/searchstorage/definition/iSCSI
  8. https://www.starwindsoftware.com/blog/what-is-iscsi/
  9. https://www.computerworld.com/article/1333812/iscsi-protocol-approved-as-standard.html
  10. https://datatracker.ietf.org/doc/html/rfc3720#section-3.2.1
  11. https://datatracker.ietf.org/doc/html/rfc3720#section-1
  12. https://datatracker.ietf.org/doc/html/rfc3720#section-2
  13. https://datatracker.ietf.org/doc/html/rfc3720#section-3.5
  14. https://datatracker.ietf.org/doc/html/rfc3720#section-10.2.4
  15. https://datatracker.ietf.org/doc/html/rfc3720#section-10.13
  16. https://datatracker.ietf.org/doc/html/rfc3720#section-3.3
  17. https://datatracker.ietf.org/doc/html/rfc3720#section-5.3
  18. https://datatracker.ietf.org/doc/html/rfc3720#section-5.3.4
  19. https://datatracker.ietf.org/doc/html/rfc3720#section-3.2.4
  20. https://datatracker.ietf.org/doc/html/rfc3720#section-6.7
  21. https://datatracker.ietf.org/doc/html/rfc3720#section-6.2.2
  22. https://datatracker.ietf.org/doc/html/rfc3720#section-6.1
  23. https://www.ietf.org/rfc/rfc3720.txt
  24. https://www.snia.org/sites/default/files/ESF/Too_Proud_To_Ask_iSCSI_Final.pdf
  25. https://www.dell.com/community/en/conversations/clariion/software-vs-iscsi-hba-real-world-performance/647e8e99f4ccf8a8de30177f
  26. https://access.redhat.com/solutions/16976
  27. https://datatracker.ietf.org/doc/html/rfc3720#section-3.1
  28. https://datatracker.ietf.org/doc/html/rfc3720#section-3.2.6
  29. https://datatracker.ietf.org/doc/html/rfc3720#section-3.4.1
  30. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/managing_storage_devices/configuring-an-iscsi-target_managing-storage-devices
  31. https://datatracker.ietf.org/doc/html/rfc3720#section-10.3
  32. https://datatracker.ietf.org/doc/html/rfc3720#section-3.1.3
  33. https://www.techtarget.com/searchstorage/definition/LUN-masking
  34. https://datatracker.ietf.org/doc/html/rfc3720#section-10.7
  35. https://datatracker.ietf.org/doc/html/rfc3720#section-10.5
  36. https://datatracker.ietf.org/doc/html/rfc4171
  37. https://datatracker.ietf.org/doc/html/rfc3721
  38. https://learn.microsoft.com/en-us/windows-server/get-started/removed-deprecated-features-windows-server
  39. https://datatracker.ietf.org/doc/html/rfc4173
  40. https://ipxe.org/appnote/ibft
  41. https://public.dhe.ibm.com/systems/support/system_x_pdf/iscsi_boot_san_configuration_guide.pdf
  42. https://www.intel.com/content/www/us/en/support/articles/000006727/ethernet-products/legacy-ethernet-products.html
  43. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh848273(v=ws.11)
  44. https://iwave-global.com/articles/diskless-pc-booting-using-iscsi/
  45. https://www.netapp.com/blog/iscsi-best-practices-solutions-to-real-world-deployment-challenges/
  46. https://docs.oracle.com/en/learn/ol-iscsi/index.html
  47. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/managing_storage_devices/configuring-an-iscsi-initiator_managing-storage-devices
  48. https://www.linuxteck.com/how-to-configure-iscsi-target-initiator-on-rhel-centos-7-6/
  49. https://github.com/open-iscsi/open-iscsi
  50. https://datatracker.ietf.org/doc/html/rfc3720#section-11.1.4
  51. https://datatracker.ietf.org/doc/html/rfc3720#section-9.2.1
  52. https://datatracker.ietf.org/doc/html/rfc3720#section-12.1.3
  53. https://datatracker.ietf.org/doc/html/rfc7143#section-9.2.1
  54. https://datatracker.ietf.org/doc/html/rfc7143#section-9.3
  55. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_storage_devices/configuring-an-iscsi-target_managing-storage-devices
  56. https://datatracker.ietf.org/doc/html/rfc7143#section-9.5
  57. https://datatracker.ietf.org/doc/html/rfc7143#section-2.3
  58. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-209.pdf
  59. https://i.dell.com/sites/content/business/solutions/whitepapers/en/Documents/iscsi-san-best-practices-with-aim.pdf
  60. https://docs.mirantis.com/mke/3.7/ops/deploy-apps-k8s/persistent-storage/configure-iscsi.html
  61. https://serverfault.com/questions/13119/what-are-the-choices-for-iscsi-target-support-for-linux
  62. https://wiki.archlinux.org/title/ISCSI/LIO
  63. https://learn.microsoft.com/en-us/answers/questions/1507956/do-you-know-where-i-can-get-the-first-iscsi-initia
  64. https://legacyupdate.net/download-center/download/18986/microsoft-iscsi-software-initiator-version-2.08
  65. https://learn.microsoft.com/en-us/windows-server/storage/iscsi/iscsi-target-server
  66. https://techcommunity.microsoft.com/blog/filecab/introduction-of-iscsi-target-in-windows-server-2012/424357
  67. https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-storage-8-0/using-esxi-with-iscsi-san.html
  68. https://www.studionetworksolutions.com/globalsan-iscsi-initiator/
  69. https://www.kernsafe.com/download/macos-iscsi-initiator.aspx
  70. https://www.thomas-krenn.com/en/wiki/ISCSI_Multipathing_under_Linux
  71. https://www.microsoft.com/en-us/windows-server/blog/2024/11/04/windows-server-2025-now-generally-available-with-advanced-security-improved-performance-and-cloud-agility
  72. https://4sysops.com/archives/new-storage-features-in-windows-server-2025-nvme-of-initiator-update-for-s2d-deduplication-for-refs/
  73. https://docs.netapp.com/us-en/ontap/san-admin/san-host-provisioning-concept.html
  74. https://www.truenas.com/docs/core/13.0/coretutorials/sharing/iscsi/addingiscsishare/
  75. https://www.starwindsoftware.com/resource-library/protocols-iscsi/
  76. https://www.qnap.com/en/how-to/tutorial/article/how-to-create-and-use-the-iscsi-target-service-on-a-qnap-nas
  77. https://www.elarasys.com/brocade-iscsi-gateway-storage-controller-fibre-channel-iscsi
  78. https://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/fm/configuration/guide/iscsi.pdf
  79. https://www.marvell.com/products/fibre-channel-adapters-and-controllers/2670-series.html
  80. https://www.starwindsoftware.com/blog/what-is-nvme-over-tcp/
  81. https://docs.aws.amazon.com/storagegateway/latest/tgw/initiator-connection-common.html
Add your contribution
Related Hubs
User Avatar
No comments yet.