Use iSCSI Target to create centralized security storage (1)

Source: Internet
Author: User

Use iSCSI Target to create centralized security storage (1)

ISCSI is a block-level protocol used to share original storage devices through TCP/IP networks, you can use an existing IP address and ethernet address, such as a nic, vswitch, or vro, to share and access storage through the iSCSI protocol. ISCSI target is a remote hard disk provided by the remote iSCSI server (target.

Install iSCSI Target in Linux

We can provide stable connections and performance for clients without occupying a large amount of resources. The iSCSI server is called the Target, which provides storage sharing on the server. The iSCSI client is called an Initiator, which accesses the storage shared by the target. ISCSI adapters sold in the market for large-scale storage services such as SAN.

Why should we use iSCSI adapters in large storage sectors?

An Ethernet adapter (NIC) is designed to transmit grouped data between systems, servers, and storage devices, such as NAS, and is not suitable for transmitting block-level data over the Internet.

ISCSI Target functions
  • Several iSCSI targets can be run on one machine.
  • One machine can provide multiple iSCSI target devices for iSCSI SAN access
  • A target is a piece of storage, and can be accessed by the initiating Program (client) through the network.
  • The storage is aggregated so that they can access the iSCSI LUN (logical unit number) in the network)
  • ISCSI supports multiple connections in the same session
  • The iSCSI initiator finds the target in the network and then authenticates and logs on with the LUN, so that the remote storage can be accessed locally.
  • We can install any operating system on the locally mounted LUN, just like installing our local operating system.
Why iSCSI?

In virtualization, we need high storage redundancy and stability. iSCSI provides these features at a low cost. Compared with a fiber-channel SAN, we can use existing devices such as NIC and Ethernet switches to build a low-cost SAN.

Now I start to use the iSCSI target to install and configure Secure storage. In this article, we follow the steps below:

  • We need to isolate a system to set the iSCSI target and the initiator (client ).
  • You can add multiple hard disks in a large storage environment, but here we only use one additional drive apart from the basic installation disk.
  • Here we only use two hard disks, one for basic Server installation and the other for storage (LUN), which will be described in the second article in this series.
Master server settings
  • Operating System-CentOS 6.5 (Final)
  • ISCSI Destination IP-
  • Port used: TCP 860,326 0
  • Configuration File:/etc/tgt/targets. conf
Install iSCSI Target

Open the terminal and use the yum command to search for the package name to be installed on the iscsi target.

  1. # Yum search iscsi

Output example

  1. ======================================== N/S matched: iscsi ====================================
  2. Iscsi-initiator-utils.x86_64: iSCSI daemon and utility programs
  3. Iscsi-initiator-utils-devel.x86_64: Development files for iscsi-initiator-utils
  4. Lsscsi. x86_64: List SCSI devices (or hosts) and associated information
  5. Scsi-target-utils.x86_64: The SCSI target daemon and utility programs

You will go to the above results and select the Target package for installation.

  1. # Yum install scsi-target-utils-y

Install the iSCSI Tool

List the content in the installed package to learn about the default configuration, service, and man page location.

  1. # Rpm-ql scsi-target-utils.x86_64.

List all files in the iSCSI package

Let's start the iSCSI service and check the service running status. The iSCSI service name is tgtd.

  1. #/Etc/init. d/tgtd start
  2. #/Etc/init. d/tgtd status

Start the iSCSI service

Now we need to configure automatic start upon startup.

  1. # Chkconfig tgtd on

Verify that the running level of the tgtd service is correctly configured.

  1. # Chkconfig -- list tgtd

Start iSCSI

Now we use tgtadm to list which targets and Luns have been configured on our servers.

  1. # Tgtadm -- mode target -- op show

Tgtd is installed and running, but the above command is not output because we have not defined the LUN on the Target server. To view the manual, run the 'man 'command.

  1. # Man tgtadm

ISCSI Man page

If your target has an iptable, we need to add an iptable rule for iSCSI. First, use the netstat command to find the port number Of The iscsi target. The target always listens to TCP port 3260.

  1. # Netstat-tulnp | grep tgtd

Find the iSCSI Port

Add the following rules to allow the iptable to broadcast the iSCSI target to discover packets.

  1. # Iptables-a input-I eth0-p tcp -- dport 860-m state -- state NEW, ESTABLISHED-j ACCEPT
  2. # Iptables-a input-I eth0-p tcp -- dport 3260-m state -- state NEW, ESTABLISHED-j ACCEPT

Open the iSCSI Port

Add iSCSI port to iptable

Note: rules may vary depending on your default chain policy. Save the iptable and restart the service.

  1. # Iptables-save
  2. #/Etc/init. d/iptables restart

Restart iptable

Now we have deployed a target server to share the LUN with the initiator program that has passed TCP/IP authentication. This is also suitable for small to large scale production environments.

In my next article, I will show you how to use LVM in the target machine to create a LUN and share the LUN in the client. Don't forget to leave valuable comments.

-------------------------------------- Split line --------------------------------------

Web Service shared storage cluster architecture based on RHCS + iSCSI + CLVM

Configure iSCSI storage and multi-path functions in Linux

Build an ip san-based iSCSI Storage System

ISCSI connection failure Solution

Install CentOS 6.0 and configure the iSCSI service in Citrix XenServer

CentOS 5.3 mounts storage cabinets with iSCSI

Takes you three steps to quickly learn how to build iSCSI

-------------------------------------- Split line --------------------------------------

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.