Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

8/4/2010
10:15 AM
George Crump
George Crump
Commentary
50%
50%

The Truth About iSCSI

Over the next several entries we are going to explore several of the protocols that are available to IT managers as they try to select a protocol for use in their environments. First up is iSCSI. The protocol it seems most will look to first because it is believed to be both cost effective and easier to use then the currently more commonplace fibre channel. The truth about iSCSI though is that it is a real storage protocol and it needs to be treated like one.

Over the next several entries we are going to explore several of the protocols that are available to IT managers as they try to select a protocol for use in their environments. First up is iSCSI. The protocol it seems most will look to first because it is believed to be both cost effective and easier to use then the currently more commonplace fibre channel. The truth about iSCSI though is that it is a real storage protocol and it needs to be treated like one.iSCSI encapsulates SCSI commands into an IP packet and transmits them across an Ethernet network. The encapsulation can be done by a software agent on the server operating system (OS) and most OS's now have that capability. The advantage of the software based version of iSCSI is it keeps costs down. The initiator agent in most cases comes free with the OS. The encapsulation process though, when done in software, does take CPU resources and may impact performance if the server is already CPU constrained. That is not the case for most servers today. We don't see using an iSCSI software driver on a server as a big consumer of CPU resources anymore.

On the storage side, often called the target, there needs to be something that either converts iSCSI to some other protocol like fibre or SCSI, but more commonly today the storage system itself is native iSCSI. When configuring the devices the iSCSI agent will query the iSCSI storage system for a list of available volumes and then you can select which volume should be assigned to that server.

All of this connectivity then happens with Ethernet as the interconnecting infrastructure. Which today, especially in the 1GbE form, can be had for very little investment. Most businesses and data centers will be learning how to interconnect via an Ethernet infrastructure long before they need storage interconnectivity. iSCSI's theoretical advantage then is that when the time comes for shared storage, the IT staff already knows the infrastructure part and half the job is complete. Now they just need to learn storage.

While iSCSI does have its advantages is also has some potential unknowns that need to either be worked around or avoided. The first is that this is a real storage protocol and needs to be treated like one. That means it really should be on its own network either physically or logically. Otherwise storage traffic can congest the standard network and cause performance or reliability issues. Having storage on its own network makes it easier to diagnose problems with either network.

iSCSI may start out simple but as it scales it can become challenging. Fine tuning an IP network for maximum performance requires experience and understanding. Care must be taken when selecting ethernet cards and switches to make sure that they can support the full speed that you are implementing. Many low end switches for example, are not designed to have all or even most of the ports running full speed at the same time. They are counting on bandwidth use being random between ports and only a few needing full speed at any point in time. The problem is though flooding all available ports with traffic is entirely possible in a storage environment. For example when doing a backup from servers with iSCSI attached servers to an iSCSI attached disk backup. Keeping these networks separate and making sure the components will support a fully active data path are critical.

Performance is another scaling concern. Most iSCSI storage environments are still 1GbE based, even newer ones. 1GbE is more readily available and costs, usually a key iSCSI motivator, are significantly less expensive than the 10GbE alternative. For some, especially smaller environments, 1GbE is all the storage I/O they will ever need most of the time. For others they will look at using multiple 1GbE connections from the servers to increase performance or they will look at 10GbE. In the multi-1GbE configurations make sure that your iSCSI initiator will support that configuration and you don't see a big performance drop-off going to the second interface card. Also see if those cards can be used in an active-active fashion not only as a failover. If you decide to invest in 10GbE make sure that everything else in the environment can keep up with the 10GbE connection. Many environments have trouble getting full line speed performance out of a 10GbE connection and end up only being able to use 30 to 40% of available bandwidth.

iSCSI has its roll to play in the enterprise and in the SMB, it can drive down costs but does have some limitations that can be worked around or avoided. Knowing these will help you make the right protocol selection for your shared storage environment.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14174
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5....
CVE-2019-20901
PUBLISHED: 2020-07-13
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
CVE-2019-20898
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
CVE-2019-20899
PUBLISHED: 2020-07-13
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
CVE-2019-20900
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.