Manualshelf

.Part 4 SAN Extension and Bridging HP SAN Design Reference Guide 785354-001

ManualsBrandsHP ManualsStorageHP B-Series Remote Replication Solutions
61626364656667686970
During iSCSI login, the initiator and target negotiate the lowest mutually acceptable value for each
parameter. Negotiable parameters include:
Type of security protocol, if any
Maximum size of the data payload
Support for unsolicited data
Time-out values
During iSCSI login, the initiator and target also exchange nonnegotiable values such as names
and aliases.
During an iSCSI session, unique session IDs are created for the initiator and target:
1. An initiator creates a unique ID by combining its iSCSI name with an ISID.
2. During login, the initiator sends the ISID to the target.
3. The target creates a unique ID by combining its iSCSI name with a TSID. The target sends the
TSID to the initiator.
When login is complete, the iSCSI session enters the full-feature phase with normal iSCSI
transactions.
Security
Because iSCSI must accommodate untrusted IP environments, the specification for the iSCSI protocol
defines multiple security methods:
Encryption solutions that reside below the iSCSI protocol, such as IPsec, require no special
negotiation between iSCSI end devices and are transparent to the upper layers.
The iSCSI protocol has several encryption solutions including:
Kerberos
Public/private key exchanges
Security solutions can include an iSNS server that acts as a repository for public keys.
Text fields mediate the negotiation for the type of security supported by the end devices. If the
negotiation is successful, the devices format their communications to follow the negotiated security
routine.
Software and hardware iSCSI initiators
An IP host can access an iSCSI environment using one of the following initiators:
Software iSCSI initiator—The iSCSI code runs on the host and allows an Ethernet NIC to handle
iSCSI traffic. Software iSCSI offers low cost with a performance penalty and CPU overhead.
Software iSCSI initiators are available from many vendors.
TOE NIC—Shifts processing of the communications protocol stack (TCP/IP) from the server
processor to the NIC, lowering CPU overhead and use.
Hardware iSCSI initiator (iSCSI HBA)—A high-performance HBA integrates both TCP/IP and
iSCSI functions. Although integration adds cost to the HBA, it also provides high-speed iSCSI
transport and minimal CPU overhead. The HBA transfers SCSI commands and data
encapsulated by iSCSI directly to the host.
iSCSI boot
iSCSI allows initiators (IP hosts) to boot from an iSCSI target. An iSCSI HBA typically has boot
capabilities that must be enabled in its firmware.
iSCSI concepts 321