vSphere Storage Appliance

Hi,

In our vSphere environment, we have enabled iSCSI storage presentation from our NetApp vFiler directly to virtual machine guests. This is for database virtual machines to take advantage of NetApps SnapManager for SQL. The virtual machine OS VMDK is stored on seperate NFS volumes presented to the ESX hosts.

Do we have to create virtual machine port group on the VM vSwitch and use iscsi initiator inside the guest VM to give it access to iSCSI LUN ? or another step is necessary ?

any help advice would be appreciated

Stephane

No, just create a LUN and present it to ESX. Then add a "physical raw device mapping" in your VM, which is basically the LUN directly connected to your VM.

Duncan

VMware Communities User Moderator | VCP | VCDX

-

Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>

Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB

Thanks Duncan. So what are the pre-requisites to do this in terms of ESX networking and storage configuration ? I'm not familiar with iSCSI...

Stephane

Duncan,

May I dissagree with you there? (Purely for exchanging thoughts and learning about this)

I 9/10 times advise the direct use of iscsi to the VM. Reason for this being the not so great MPIO implementation for iSCSI in vSphere / VI-3. I'm not saying it's bad, but if we look at vendor specific MPIO drivers for the VM, they often perform a lot better then a RDM lun.

My latest experience being the Least Queue Depth MPIO that EqualLogic does.

Jelle

@jkalf

Of course you can disagree. I don't like the administrative overhead InGuest iSCSI initiators give and the overhead on CPU for a guest. I wouldn't want to keep track of InGuest initiators for large environments and even for SMB it is something that gets easily overlooked.

Besides that my experience so far with vSphere and the vSphere multipathing is actually pretty good. It's a huge step forward compared to VI3.

Duncan

VMware Communities User Moderator | VCP | VCDX

-

Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>

Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB

I agree on the performance boost from the VI-3 point of view.

But isn't the largepart of the CPU overhead you're mentioning being caught by the TSO in the "physical" NIC's? I enforce the use of the latest virtual machine hardware version in combination with the VMNEXT3 interfaces.

I'm not saying it's ment for every single virtual machine. Most simple webservers can do with a VMFS. But it's more specific use cases like Exchange, SQL, Oracle, Large Fileservers.

Jelle.

Message was edited by: J.R. Kalf

added the mention of physical nics so there's no mix-up about virtual nics.

There's one key advantage to using the SAN vendor's host tools to connect the LUN guest-side: off-host backup using VSS Hardware Providers. It creates an app-aware snapshot (so Exchange and SQL are quiesced before snap) then the snapshot is directly mounted on the backup server. Your production server doesn't get slowed down by the backup (as long as your SAN isn't being worked to 100% obv.). Backup Exec 12.5 and up support this.

I totally forgot to mention that part indeed. Thanks Patters98 :smileygrin:

Backup Exec and Commvault have nice new integration modules indeed that integrate with VSS for both filesystem and database consistent storage snapshotting and backupping. And ofcourse these host tools also allow for snapshotting of specific items like a database instance or a Exchange mailstore for specific reasons that might include creating a specific backup or creating a point-in-time spinoff to connect to another server for development purposes.

Jelle

VMware VCP since 2006

I use this for Exchange and all my SQL - couldn't go back now, it's such a great feature.

In case we implement InGuest iSCSI initiators, do we need to create an iSCSI dedicated vSwitch (with vmkernel iSCSI + pnic) or does the creation of a virtual machine portgroup (in the VM vswitch) with InGuest iSCSI initiator do the trick ?

Sorry for my english :smileysad:

Hi Stelephan,

It all depends on your security design. I'd advise for having at least CHAP authentication on all machines to prevent any type of hacker on the virtual machine to gain access to other storage luns by merely the use of a forged IQN.

And if customer doesn't require you to have any network seperation between your ESX storage network and Virtual Machine storage network, then you can indeed just simply add two "Virtual Machine Network" on the same vSwitch you are already using for your current iSCSI storage network. (Portgroup is a name of the past if I recall correctly).

note: In case you're running heavilly consolidated machines with very high I/O generating VM's it could be wise to perhaps add two more physical NICs. This is all a matter of monitoring and calculation ofcourse.

Here's a sample picture by Patters98 in his other iSCSI thread:

Here's the link to his thread: http://communities.vmware.com/thread/259695 (I must say this thread is about something else then your issue, but the picture explains more then the words.) Also Patters98 gives some insight into how EqualLogic has set best practice for their iSCSI devices. (I must say this is sort of a general practice I see with different type of vendors)

Jelle

VMware VCP since 2006

If this thread has been any help, give the people some credit stars :smileyhappy:

Message was edited by: J.R. Kalf

redone the picture