Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

8/4/2010
10:15 AM
George Crump
George Crump
Commentary
50%
50%

The Truth About iSCSI

Over the next several entries we are going to explore several of the protocols that are available to IT managers as they try to select a protocol for use in their environments. First up is iSCSI. The protocol it seems most will look to first because it is believed to be both cost effective and easier to use then the currently more commonplace fibre channel. The truth about iSCSI though is that it is a real storage protocol and it needs to be treated like one.

Over the next several entries we are going to explore several of the protocols that are available to IT managers as they try to select a protocol for use in their environments. First up is iSCSI. The protocol it seems most will look to first because it is believed to be both cost effective and easier to use then the currently more commonplace fibre channel. The truth about iSCSI though is that it is a real storage protocol and it needs to be treated like one.iSCSI encapsulates SCSI commands into an IP packet and transmits them across an Ethernet network. The encapsulation can be done by a software agent on the server operating system (OS) and most OS's now have that capability. The advantage of the software based version of iSCSI is it keeps costs down. The initiator agent in most cases comes free with the OS. The encapsulation process though, when done in software, does take CPU resources and may impact performance if the server is already CPU constrained. That is not the case for most servers today. We don't see using an iSCSI software driver on a server as a big consumer of CPU resources anymore.

On the storage side, often called the target, there needs to be something that either converts iSCSI to some other protocol like fibre or SCSI, but more commonly today the storage system itself is native iSCSI. When configuring the devices the iSCSI agent will query the iSCSI storage system for a list of available volumes and then you can select which volume should be assigned to that server.

All of this connectivity then happens with Ethernet as the interconnecting infrastructure. Which today, especially in the 1GbE form, can be had for very little investment. Most businesses and data centers will be learning how to interconnect via an Ethernet infrastructure long before they need storage interconnectivity. iSCSI's theoretical advantage then is that when the time comes for shared storage, the IT staff already knows the infrastructure part and half the job is complete. Now they just need to learn storage.

While iSCSI does have its advantages is also has some potential unknowns that need to either be worked around or avoided. The first is that this is a real storage protocol and needs to be treated like one. That means it really should be on its own network either physically or logically. Otherwise storage traffic can congest the standard network and cause performance or reliability issues. Having storage on its own network makes it easier to diagnose problems with either network.

iSCSI may start out simple but as it scales it can become challenging. Fine tuning an IP network for maximum performance requires experience and understanding. Care must be taken when selecting ethernet cards and switches to make sure that they can support the full speed that you are implementing. Many low end switches for example, are not designed to have all or even most of the ports running full speed at the same time. They are counting on bandwidth use being random between ports and only a few needing full speed at any point in time. The problem is though flooding all available ports with traffic is entirely possible in a storage environment. For example when doing a backup from servers with iSCSI attached servers to an iSCSI attached disk backup. Keeping these networks separate and making sure the components will support a fully active data path are critical.

Performance is another scaling concern. Most iSCSI storage environments are still 1GbE based, even newer ones. 1GbE is more readily available and costs, usually a key iSCSI motivator, are significantly less expensive than the 10GbE alternative. For some, especially smaller environments, 1GbE is all the storage I/O they will ever need most of the time. For others they will look at using multiple 1GbE connections from the servers to increase performance or they will look at 10GbE. In the multi-1GbE configurations make sure that your iSCSI initiator will support that configuration and you don't see a big performance drop-off going to the second interface card. Also see if those cards can be used in an active-active fashion not only as a failover. If you decide to invest in 10GbE make sure that everything else in the environment can keep up with the 10GbE connection. Many environments have trouble getting full line speed performance out of a 10GbE connection and end up only being able to use 30 to 40% of available bandwidth.

iSCSI has its roll to play in the enterprise and in the SMB, it can drive down costs but does have some limitations that can be worked around or avoided. Knowing these will help you make the right protocol selection for your shared storage environment.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.