VMware vSphere

 View Only

 iSCSI Connection Between Guest and NAS

Matt Wlazlowski's profile image
Matt Wlazlowski posted Jun 21, 2024 09:02 AM

I am having difficulty figuring out how to isolate iSCSI traffic from other network traffic between a Windows 2016 vm running Veeam B&R 12 and a TrueNAS server. TrueNAS iSCSI share intended as target for Veeam backups for M365, file, and system state backups.

Components:

  • Guest:  Windows 2016 running Veeam B&R 12
  • Host:  ESXi 6.5 - 1 vswitch configured for primary company network (10.4.10.0/24), x4 1GB NIC, only one is active
  • Network:  Meraki gateway and switches - home to flat company network and the new iSCSI VLAN (VLAN6/10.4.6.0/29)
  • Target:  TrueNAS physical server with an iSCSI share created using an IP on VLAN6

Considerations:

My preference is not to have the ESXI host act as the initiator.  This would have me formatting the volume as vmfs and I believe the recommendation from VMware is to format the volume using ReFS.  I think this has something to do with immutability but I'm baby-stepping through this task and have more reading to do.

Obstacles:

  • No budget for additional equipment
  • No spare switches to use for iSCSI traffic

We are working under less-than-ideal circumstances to try and keep things running without the budget to do so.  The current backup target is an iSCSI NAS with a share created using an IP address on the main company network.  I can't follow best practices because of our financial limitation and lack of spare equipment but I'd like to do better setting up the connection between the guest and the target so I'm looking to isolate iSCSI traffic using what I have available to me.

VLAN6 is meant to isolate iSCSI traffic which is the best I could do in the physical environment

Because iSCSI traffic is supposed to be isolated on its own hardware I don't believe it is OK to just create a port group for VLAN6 on vSwitch0.  I think I need to create a second switch for iSCSI traffic that utilizes one of the 3 spare pNICs and an additional vNIC in the guest.  Am I on the right track?

If so, how do I make this work.  I have created a switch and added it to the iSCSI network (10.4.6.0/29) and when I go to configure the vNIC for the guest I'm not presented with a "network" that I can assign to the NIC.  My question is how do I accomplish my goal?  Am I going about it the right way?

I'm looking forward to your replies, I sure need them.

MohammadHadi Milani's profile image
MohammadHadi Milani posted Jul 19, 2024 12:05 PM

If you prefer not to use the LUN as the vmfs datastore, you can consider using a Raw Device Mapping (RDM Device) . This allows the VM to directly access the iSCSI LUN, bypassing the need for the creation of vmfs datastore. 

But if you have to connet vm as iscsi initiator to target. its a good idea to isolate network with another vswitch or create a portgroup configured with vlan6.Ensure that the network connection between vm and NAS is ok and then configure the iscsi initiator on the vm. every windows os has builtin iscsi initiator software that you can add it in windows apps and features.