Enabling vSAN iSCSI target service

Home > VMWare platform > vMWare VSAN > Enabling vSAN iSCSI target service

To enable vSAN file services use following steps

1. Login into vCenter
2. Ideally distributed switch, dedicated VLAN for iSCSI target service and kernel ports for all ESXi hosts in this iSCSI target VLAN should already be in place.
3. Click on cluster and go to Configure -> vSAN -> Services
4. Click "Edit" or "Enable" against iSCSI Target services which will open dialog box for enabling iSCSI target services.
5. Choose appropriate port-group which has VMkernel IPs which can be reached for iSCSI target service
6. After that go to cluster -> configure -> vSAN -> iSCSI target service
7. Basically we create a initiator group (Randomly generated target name), Add LUNs and allow a group of initiators (ISCSI Initiator Group) to have access to this iSCSI target
8. From initiator ideally use two different IPs, install multipath and add all VMkernel ports as discovery target. This way even if one ESXi host is down, the iSCSI service can be accessed via other hosts.

Refer:

• https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.virtualsan.doc/GUID-C5ED6982-3496-476A-81F8-3C55DAE2D3FF.html
• https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.virtualsan.doc/GUID-13ADF2FC-9664-448B-A9F3-31059E8FC80E.html

Changing VMkernel portgroup used by iSCSI Target service

If we want to change the iSCSI target kernel port-group used by iSCSI Target service then we need to use below steps:

1. Stop / Disconnect iSCSI initiators from accessing the targets and related LUNs. For this from initiator machines might have to make a disk offline and then disconnect the target using "iSCSI initiator" target tab.
2. If we are planning to change the IPs then it also makes sense to remove favorite targets and discovery portals of old IPs
3. Then once there is no one referring to the old target IPs we can go to Cluster -> Configure -> vSAN -> Services -> "iSCSI Target service" and click edit. Change kernel port group. If required we can disable/enable the service.
4. Then we need to go to Cluster -> Configure -> vSAN -> iSCSI target service and edit all the existing targets and change their kernel port group
5. Now we can configure the initiators to connect to the new updated IPs and hopefully the same old LUNs should get mapped again

Known issues

PSOD due to same initiator name

It is important that if we clone any VM using iSCSI target service (instead of using local vSAN disk directly) then we should change initiator name in the cloned VM. By default cloned VM would have same initiatorname and if two VMs from two different IPs contact vSAN ISCSI target service with same initiator name, it will lead to PSOD.

LUNs are bound to target IQN

We cannot take a LUN from one target IQN and move/migrate it to another IQN. There is no such option from vSAN iSCSI Target service point of view. Manually we can create a new target and a LUN of similar size and map it to server. Then manually at OS /application level we can migrate data and unmap/delete older LUN. But moving LUN from one target IQN to another is not supported.

Home > VMWare platform > vMWare VSAN > Enabling vSAN iSCSI target service