ESXi

 View Only
  • 1.  iSCSI initiator on Virtual Machine?

    Posted Aug 28, 2010 04:27 PM

    VMCommunities,

    I'm having an issue initiating iSCSI on a virtual machine so I can connect to the shared storage.

    Usually we do this on physical servers connected to the switch and it works no problem because we are able to ping those private IPs using the servers second NIC. But within the Virtual Machine, we can't ping those IPs therefore, cannot connect to the iSCSI shared storage.

    When I add a new NIC in the VM and give it an IP Address of 192.168.x.x (same as iSCSI network) it does not ping.

    What do I have to do to virtually connect to the iSCSI network so I can use the iSCSI initiator?

    Thanks guys/gals :smileyhappy:



  • 2.  RE: iSCSI initiator on Virtual Machine?

    Posted Aug 28, 2010 04:30 PM

    I dont see any difference here Physical or virtual, Check if you have the the ports open for your virtual machines, Check if you have any security configured for your Virtaul Network like vShield, This is the only thing what I see.

    Regards,

    Jana.

    NOTE: If your problem or questions has been resolved / answered, please mark this thread as answered and award points accordingly.



  • 3.  RE: iSCSI initiator on Virtual Machine?

    Posted Aug 28, 2010 05:02 PM

    Make sure your second NIC has the iSCSI port group selected (within the VM's configuration/settings)... If you're just adding a second NIC, it needs to be using the port group that has been configured for VM use with the iSCSI network... You need to add a VM port group to that vSwitch as well, if one doesn't already exist. Then it should be a simple matter of making sure the iSCSI initiator is installed within the VM, and all your security settings are set to allow it to communicate with that LUN... Typically, this LUN would be isolated for traffic from just that VM, not several (direct connect via the initiator)... You could share it from that VM for other VM's/systems to access (standard Windows/Linux share method)...

    VMware VCP4

    Consider awarding points for "helpful" and/or "correct" answers.



  • 4.  RE: iSCSI initiator on Virtual Machine?

    Posted Aug 28, 2010 06:00 PM

    GoldDiggie,

    Ah I see, so I do have to create a port group on the Vswitch containing the iSCSI? See I didn't know if that was the correct way to do things at first but it makes sense.

    Any special security concerns or configurations I need to do after doing this?

    I will try it out.

    Thanks a million



  • 5.  RE: iSCSI initiator on Virtual Machine?

    Posted Aug 28, 2010 07:20 PM

    GoldDiggie,

    Cool it worked thanks a bunch man.

    By the way, I used Virtual Machine for the new port group for the iSCSI connection. Should I have used VMKernal instead?

    Thanks again.



  • 6.  RE: iSCSI initiator on Virtual Machine?

    Posted Aug 28, 2010 09:06 PM

    With 4.x you shouldn't need to add more port kernel groups beyond what you already configured to get things working initially... Once the iSCSI network was configured, you just needed to add the virtual machine port group to that vSwitch (and the vSwitches on other hosts is advised, use the same port group name on all especially if you're using HA or vMotion VM's betweeen hosts)...

    Sometimes things like this are an easy fix, or easily resolved once you get to think about it a bit. Or once you've had more time on the product...

    VMware VCP4

    Consider awarding points for "helpful" and/or "correct" answers.



  • 7.  RE: iSCSI initiator on Virtual Machine?

    Posted Aug 29, 2010 05:42 AM

    Great point, we are clustered so I do need to add the same port group to the other ESX host incase the VM decides to failover to the other ESX host.

    Ya the iSCSI storage is on a private and connected to a non routable VLAN. So I guess security is not a concern in my setup.

    Thanks again.



  • 8.  RE: iSCSI initiator on Virtual Machine?
    Best Answer

    Posted Aug 28, 2010 09:10 PM

    Security concerns would be the same as if the iSCSI target/LUN you're connecting was local storage... Typically you cannot present an iSCSI target/LUN to a server OS (like Windows) as well as present it to ESX/ESXi hosts... I would assume that you're following (as close as possible) smart security practices... Yes? In production environments, it's not uncommon to have iSCSI arrays (or SAN arrays) on their own IP range/subnet. Restricting traffic to just that subnet would help to eliminate unauthorized access... Even with the one VM (directly) connecting you should be fine... Just make sure you have the guest OS patched for security holes and such...

    VMware VCP4

    Consider awarding points for "helpful" and/or "correct" answers.