Configuring vSAN iSCSI Target (VIT) in vSphere 6.5

vSAN iSCSI Target aka VIT assists us in three use cases mainly:

  • Physical Machines
  • Clusters like MSCS/Oracle RAC/PR Support
  • Other hypervisors and VMs in other hypervisors

I am going to show very basic configuration which is to be done from iSCSI Target (vSAN ) and iSCSI Initiator ( Windows Machine) .

Considering vSAN already enabled on the cluster and configured correctly.

First steps is to Enable vSAN iSCSI target service ( VIT)

Go to Configure ⇒ General ⇒ Click Edit

Check the checkbox and enable VIT service. Choose iSCSI network from vmk ports. It can be vSAN, mgmt. or iSCSI vmk ports.

By default authentication is none and can be enabled unidirectional & bidirectional based on the requirement.

In my case I am choosing None and clicking on OK to finish this task.

Now, you will see the VIT service is enabled and showing healthy. Next task to define iSCSI targets and LUNs. To do the same go to configure ⇒ iSCSI targets .

Add target details – IQN will be generated automatically – Define Alias (Case sensitive). Any storage policy can be defined because LUN behaves as vSAN object backed by vmdk.  LUN can be added later or now

I am choosing the option to add the LUN later to explore other options.

iSCSI Target has been successfully generated. LUN now can be added manually by clicking on + sign. ID is LUN id and can be generated automatically

  • Define Alias ( case sensitive)
  • Define the storage policy & LUN size

VIT can be defined with any policy based on the environment because in the backend LUNs are considered as objects. I would recommend to created custom policy with OSR = 100% ( Thick Provisioned) ( This is my point of view)

Now, we can see that LUN is added as part of iSCSI Target and showing online plus healthy. Multiple LUNs can be added to the same target by clicking on + in LUNs section.

Next step is to create initiator groups and allow initiators.

By default, all the initiators are allowed but for security reason we must create initiator groups and allow that group. You can find initiators IQN from iSCSI initiator tool in windows machine. Just need to check in configuration tab. Once LUN is mapped to target we can add more LUNs by clicking + sign and edit the size.

We can take the LUN offline and make it online from the gray icon

Once target and LUNs are defined. Next, steps is to create initiator group and add initiators in that group. Now, this group can discover the accessible portals ( iSCSI target). By defaut, Any initiator is allowed to access target portal however we can defined our own groups as well.

  • Go to iSCSI initiator groups
  • Create initiator group e.g I have created wingroup
  • Added 2 initiators in wingroup as showing below

Once initiator groups is created, it is mandatory to allow initiators to access target portal. In the screenshot below, click on accessible targets & add target to authorize the portal discovery. If this steps is ignored, you may face authorization failure error while discovery from initiator.

 

On Win machine:

Go to Start ⇒ iSCSI Initiator

Click on Discovery ⇒ Discover Portal ⇒ Enter IP address of IO owner

In my case I have already added 192.168.2.5 with port 3260. Now, Go back to Targets tab and check whether target IQN appears as inactive or not

At this stage you may get authorization error if initiators are not allowed to access target portal in webclient.

Here, IQN appears and shows inactive

When you click connect, you can save it to favorite targets and enable multipath sessions. In order to configure multipath sessions, you need to check Enable multipath and add another target portal to have different session created. Only one session per connection is supported in VIT configuration.

Now, open explorer and find disk management

New Drive will pop-up and ready to use

I have formatted the drive with MBR & created simple volume which can now be used.

 

I hope this has been informative for you. Thank you for reading!!

Be the first to comment

Leave a Reply

Your email address will not be published.


*